Changeset 72569 in vbox

Timestamp:

Jun 15, 2018 7:04:01 PM (6 years ago)

Author:

vboxsync

Message:

EM,IEM,NEM: Started working on optimizing adjacent exits using IEM. Keep track of frequent exits, after 256 hits do a trial run in IEM to look for adjacent exits. Proof of concept using CPUID in NEMR3/win. bugref:9044

Location:

trunk

Files:

• include/VBox/vmm/em.h (modified) (3 diffs)
• include/VBox/vmm/iem.h (modified) (1 diff)
• include/VBox/vmm/vm.h (modified) (1 diff)
• include/VBox/vmm/vm.mac (modified) (1 diff)
• src/VBox/VMM/VMMAll/EMAll.cpp (modified) (10 diffs)
• src/VBox/VMM/VMMAll/IEMAll.cpp (modified) (1 diff)
• src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h (modified) (1 diff)
• src/VBox/VMM/VMMAll/NEMAllNativeTemplate-win.cpp.h (modified) (2 diffs)
• src/VBox/VMM/include/EMInternal.h (modified) (2 diffs)
• src/VBox/VMM/include/NEMInternal.h (modified) (1 diff)
• src/VBox/VMM/testcase/tstVMStructSize.cpp (modified) (1 diff)

trunk/include/VBox/vmm/em.h

@@ -238 +238 @@
 #define EMEXIT_F_KIND_XCPT      UINT32_C(0x00004000)    /**< Exception numbers (raw-mode). */
 #define EMEXIT_F_KIND_MASK      UINT32_C(0x00007000)
-#define EMEXIT_F_CS_EIP         UINT32_C(0x00008000)    /**< The PC is EIP in the low dword and CS in the high. */
-#define EMEXIT_F_UNFLATTENED_PC UINT32_C(0x00010000)    /**< The PC hasn't had CS.BASE added to it. */
+#define EMEXIT_F_CS_EIP         UINT32_C(0x00010000)    /**< The PC is EIP in the low dword and CS in the high. */
+#define EMEXIT_F_UNFLATTENED_PC UINT32_C(0x00020000)    /**< The PC hasn't had CS.BASE added to it. */
 /** Combines flags and exit type into EMHistoryAddExit() input. */
 #define EMEXIT_MAKE_FLAGS_AND_TYPE(a_fFlags, a_uType)   ((a_fFlags) | (uint32_t)(a_uType))
@@ -246 +246 @@
 typedef enum EMEXITACTION
 {
+    /** The record is free. */
+    EMEXITACTION_FREE_RECORD = 0,
     /** Take normal action on the exit. */
-    EMEXITACTION_NORMAL = 0,
-    EMEXITACTION_TODO
+    EMEXITACTION_NORMAL,
+    /** Take normal action on the exit, already probed and found nothing. */
+    EMEXITACTION_NORMAL_PROBED,
+    /** Do a probe execution. */
+    EMEXITACTION_EXEC_PROBE,
+    /** Execute using EMEXITREC::cMaxInstructionsWithoutExit. */
+    EMEXITACTION_EXEC_WITH_MAX
 } EMEXITACTION;
 AssertCompileSize(EMEXITACTION, 4);
 
-VMM_INT_DECL(EMEXITACTION)      EMHistoryAddExit(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC, uint64_t uTimestamp);
+/**
+ * Accumulative exit record.
+ *
+ * This could perhaps be squeezed down a bit, but there isn't too much point.
+ * We'll probably need more data as time goes by.
+ */
+typedef struct EMEXITREC
+{
+    /** The flat PC of the exit. */
+    uint64_t            uFlatPC;
+    /** Flags and type, see EMEXIT_MAKE_FLAGS_AND_TYPE. */
+    uint32_t            uFlagsAndType;
+    /** The action to take (EMEXITACTION). */
+    uint8_t             enmAction;
+    uint8_t             bUnused;
+    /** Maximum number of instructions to execute without hitting an exit. */
+    uint16_t            cMaxInstructionsWithoutExit;
+    /** The exit number (EMCPU::iNextExit) at which it was last updated. */
+    uint64_t            uLastExitNo;
+    /** Number of hits. */
+    uint64_t            cHits;
+} EMEXITREC;
+AssertCompileSize(EMEXITREC, 32);
+/** Pointer to an accumulative exit record. */
+typedef EMEXITREC *PEMEXITREC;
+/** Pointer to a const accumulative exit record. */
+typedef EMEXITREC const *PCEMEXITREC;
+
+VMM_INT_DECL(PCEMEXITREC)       EMHistoryAddExit(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC, uint64_t uTimestamp);
 #ifdef IN_RC
 VMMRC_INT_DECL(void)            EMRCHistoryAddExitCsEip(PVMCPU pVCpu, uint32_t uFlagsAndType, uint16_t uCs, uint32_t uEip,
@@ -260 +295 @@
 VMMR0_INT_DECL(void)            EMR0HistoryUpdatePC(PVMCPU pVCpu, uint64_t uFlatPC, bool fFlattened);
 #endif
-VMM_INT_DECL(EMEXITACTION)      EMHistoryUpdateFlagsAndType(PVMCPU pVCpu, uint32_t uFlagsAndType);
-VMM_INT_DECL(EMEXITACTION)      EMHistoryUpdateFlagsAndTypeAndPC(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC);
+VMM_INT_DECL(PCEMEXITREC)       EMHistoryUpdateFlagsAndType(PVMCPU pVCpu, uint32_t uFlagsAndType);
+VMM_INT_DECL(PCEMEXITREC)       EMHistoryUpdateFlagsAndTypeAndPC(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC);
+VMM_INT_DECL(VBOXSTRICTRC)      EMHistoryExec(PVMCPU pVCpu, PCEMEXITREC pExitRec, uint32_t fWillExit);
 
 

trunk/include/VBox/vmm/iem.h

@@ -210 +210 @@
                                                                       uint32_t *pcbWritten);
 VMMDECL(VBOXSTRICTRC)       IEMExecLots(PVMCPU pVCpu, uint32_t *pcInstructions);
+/** Statistics returned by IEMExecForExits. */
+typedef struct IEMEXECFOREXITSTATS
+{
+    uint32_t cInstructions;
+    uint32_t cExits;
+    uint32_t cMaxExitDistance;
+    uint32_t cReserved;
+} IEMEXECFOREXITSTATS;
+/** Pointer to statistics returned by IEMExecForExits. */
+typedef IEMEXECFOREXITSTATS *PIEMEXECFOREXITSTATS;
+VMMDECL(VBOXSTRICTRC)       IEMExecForExits(PVMCPU pVCpu, uint32_t fWillExit, uint32_t cMinInstructions, uint32_t cMaxInstructions,
+                                            uint32_t cMaxInstructionsWithoutExits, PIEMEXECFOREXITSTATS pStats);
 VMMDECL(VBOXSTRICTRC)       IEMInjectTrpmEvent(PVMCPU pVCpu);
 VMM_INT_DECL(VBOXSTRICTRC)  IEMInjectTrap(PVMCPU pVCpu, uint8_t u8TrapNo, TRPMEVENT enmType, uint16_t uErrCode, RTGCPTR uCr2,

trunk/include/VBox/vmm/vm.h

@@ -290 +290 @@
         struct EMCPU        s;
 #endif
-        uint8_t             padding[8192];      /* multiple of 4096 */
+        uint8_t             padding[40960];      /* multiple of 4096 */
     } em;
 } VMCPU;

trunk/include/VBox/vmm/vm.mac

@@ -83 +83 @@
     .cpum                   resb 4096
     alignb 4096
-    .em                     resb 8192
+    .em                     resb 40960
     alignb 4096
 endstruc

trunk/src/VBox/VMM/VMMAll/EMAll.cpp

@@ -404 +404 @@
 
 /**
+ * Execute using history.
+ *
+ * This function will be called when EMHistoryAddExit() and friends returns a
+ * non-NULL result.  This happens in response to probing or when probing has
+ * uncovered adjacent exits which can more effectively be reached by using IEM
+ * than restarting execution using the main execution engine and fielding an
+ * regular exit.
+ *
+ * @returns VBox strict status code, see IEMExecForExits.
+ * @param   pVCpu           The cross context virtual CPU structure.
+ * @param   pExitRec        The exit record return by a previous history add
+ *                          or update call.
+ * @param   fWillExit       Flags indicating to IEM what will cause exits, TBD.
+ */
+VMM_INT_DECL(VBOXSTRICTRC) EMHistoryExec(PVMCPU pVCpu, PCEMEXITREC pExitRec, uint32_t fWillExit)
+{
+    Assert(pExitRec);
+    VMCPU_ASSERT_EMT(pVCpu);
+    IEMEXECFOREXITSTATS ExecStats;
+    switch (pExitRec->enmAction)
+    {
+        /*
+         * Executes multiple instruction stopping only when we've gone a given
+         * number without perceived exits.
+         */
+        case EMEXITACTION_EXEC_WITH_MAX:
+        {
+            LogFlow(("EMHistoryExec/EXEC_WITH_MAX: %RX64, max %u\n", pExitRec->uFlatPC, pExitRec->cMaxInstructionsWithoutExit));
+            VBOXSTRICTRC rcStrict = IEMExecForExits(pVCpu, fWillExit,
+                                                    pExitRec->cMaxInstructionsWithoutExit /* cMinInstructions*/,
+                                                    4096 /*cMaxInstructions*/,
+                                                    pExitRec->cMaxInstructionsWithoutExit,
+                                                    &ExecStats);
+            LogFlow(("EMHistoryExec/EXEC_WITH_MAX: %Rrc cExits=%u cMaxExitDistance=%u cInstructions=%u\n",
+                     VBOXSTRICTRC_VAL(rcStrict), ExecStats.cExits, ExecStats.cMaxExitDistance, ExecStats.cInstructions));
+            return rcStrict;
+        }
+
+        /*
+         * Probe a exit for close by exits.
+         */
+        case EMEXITACTION_EXEC_PROBE:
+        {
+            LogFlow(("EMHistoryExec/EXEC_PROBE: %RX64, max %u\n", pExitRec->uFlatPC));
+            PEMEXITREC   pExitRecUnconst = (PEMEXITREC)pExitRec;
+            VBOXSTRICTRC rcStrict = IEMExecForExits(pVCpu, fWillExit,
+                                                    64 /*cMinInstructions*/,
+                                                    4096 /*cMaxInstructions*/,
+                                                    32 /*cMaxInstructionsWithoutExit*/,
+                                                    &ExecStats);
+            LogFlow(("EMHistoryExec/EXEC_PROBE: %Rrc cExits=%u cMaxExitDistance=%u cInstructions=%u\n",
+                     VBOXSTRICTRC_VAL(rcStrict), ExecStats.cExits, ExecStats.cMaxExitDistance, ExecStats.cInstructions));
+            if (ExecStats.cExits >= 2)
+            {
+                Assert(ExecStats.cMaxExitDistance > 0 && ExecStats.cMaxExitDistance <= 32);
+                pExitRecUnconst->cMaxInstructionsWithoutExit = ExecStats.cMaxExitDistance;
+                pExitRecUnconst->enmAction = EMEXITACTION_EXEC_WITH_MAX;
+                LogFlow(("EMHistoryExec/EXEC_PROBE: -> EXEC_WITH_MAX %u\n", ExecStats.cMaxExitDistance));
+            }
+            else
+            {
+                pExitRecUnconst->enmAction = EMEXITACTION_NORMAL_PROBED;
+                LogFlow(("EMHistoryExec/EXEC_PROBE: -> PROBED\n"));
+                /** @todo check for return to ring-3 and such and optimize/reprobe. */
+            }
+            return rcStrict;
+        }
+
+        /* We shouldn't ever see these here! */
+        case EMEXITACTION_FREE_RECORD:
+        case EMEXITACTION_NORMAL:
+        case EMEXITACTION_NORMAL_PROBED:
+            break;
+
+        /* No default case, want compiler warnings. */
+    }
+    AssertLogRelFailedReturn(VERR_EM_INTERNAL_ERROR);
+}
+
+
+DECL_FORCE_INLINE(PCEMEXITREC) emHistoryRecordInit(PEMEXITREC pExitRec, uint64_t uFlatPC, uint32_t uFlagsAndType, uint64_t uExitNo)
+{
+    pExitRec->uFlatPC                     = uFlatPC;
+    pExitRec->uFlagsAndType               = uFlagsAndType;
+    pExitRec->enmAction                   = EMEXITACTION_NORMAL;
+    pExitRec->bUnused                     = 0;
+    pExitRec->cMaxInstructionsWithoutExit = 64;
+    pExitRec->uLastExitNo                 = uExitNo;
+    pExitRec->cHits                       = 1;
+    return NULL;
+}
+
+
+DECL_FORCE_INLINE(PCEMEXITREC) emHistoryRecordInitNew(PVMCPU pVCpu, PEMEXITENTRY pHistEntry, uintptr_t idxSlot,
+                                                      PEMEXITREC pExitRec, uint64_t uFlatPC,
+                                                      uint32_t uFlagsAndType, uint64_t uExitNo)
+{
+    pHistEntry->idxSlot = (uint32_t)idxSlot;
+    pVCpu->em.s.cExitRecordUsed++;
+    LogFlow(("emHistoryRecordInitNew: [%#x] = %#07x %016RX64; (%u of %u used)\n", idxSlot, uFlagsAndType, uFlatPC,
+             pVCpu->em.s.cExitRecordUsed, RT_ELEMENTS(pVCpu->em.s.aExitRecords) ));
+    return emHistoryRecordInit(pExitRec, uFlatPC, uFlagsAndType, uExitNo);
+}
+
+
+/**
+ * Adds or updates the EMEXITREC for this PC/type and decide on an action.
+ *
+ * @returns Pointer to an exit record if special action should be taken using
+ *          EMHistoryExec().  Take normal exit action when NULL.
+ *
+ * @param   pVCpu           The cross context virtual CPU structure.
+ * @param   uFlagsAndType   Combined flags and type, EMEXIT_F_KIND_EM set and
+ *                          both EMEXIT_F_CS_EIP and EMEXIT_F_UNFLATTENED_PC are clear.
+ * @param   uFlatPC         The flattened program counter.
+ * @param   pHistEntry      The exit history entry.
+ * @param   uExitNo         The current exit number.
+ */
+static PCEMEXITREC emHistoryAddOrUpdateRecord(PVMCPU pVCpu, uint64_t uFlagsAndType, uint64_t uFlatPC,
+                                              PEMEXITENTRY pHistEntry, uint64_t uExitNo)
+{
+    /*
+     * Work the hash table.
+     */
+    AssertCompile(RT_ELEMENTS(pVCpu->em.s.aExitRecords) == 1024);
+#define EM_EXIT_RECORDS_IDX_MASK 1023
+    uintptr_t  idxSlot  = ((uintptr_t)uFlatPC >> 1) & EM_EXIT_RECORDS_IDX_MASK;
+    PEMEXITREC pExitRec = &pVCpu->em.s.aExitRecords[idxSlot];
+    if (pExitRec->uFlatPC == uFlatPC)
+    {
+        Assert(pExitRec->enmAction != EMEXITACTION_FREE_RECORD);
+        pHistEntry->idxSlot = (uint32_t)idxSlot;
+        if (pExitRec->uFlagsAndType == uFlagsAndType)
+            pExitRec->uLastExitNo = uExitNo;
+        else
+            return emHistoryRecordInit(pExitRec, uFlatPC, uFlagsAndType, uExitNo);
+    }
+    else if (pExitRec->enmAction == EMEXITACTION_FREE_RECORD)
+        return emHistoryRecordInitNew(pVCpu, pHistEntry, idxSlot, pExitRec, uFlatPC, uFlagsAndType, uExitNo);
+    else
+    {
+        /*
+         * Collision. Figure out later.
+         */
+        return NULL;
+    }
+
+
+    /*
+     * Found an existing record.
+     */
+    switch (pExitRec->enmAction)
+    {
+        case EMEXITACTION_NORMAL:
+        {
+            uint64_t const cHits = ++pExitRec->cHits;
+            if (cHits < 256)
+                return NULL;
+            LogFlow(("emHistoryAddOrUpdateRecord: [%#x] %#07x %16RX64: -> EXEC_PROBE\n", idxSlot, uFlagsAndType, uFlatPC));
+            pExitRec->enmAction = EMEXITACTION_EXEC_PROBE;
+            return pExitRec;
+        }
+
+        case EMEXITACTION_NORMAL_PROBED:
+            pExitRec->cHits += 1;
+            return NULL;
+
+        default:
+            pExitRec->cHits += 1;
+            return pExitRec;
+
+        /* This will happen if the caller ignores or cannot serve the probe
+           request (forced to ring-3, whatever).  We retry this 256 times. */
+        case EMEXITACTION_EXEC_PROBE:
+        {
+            uint64_t const cHits = ++pExitRec->cHits;
+            if (cHits < 512)
+                return pExitRec;
+            pExitRec->enmAction = EMEXITACTION_NORMAL_PROBED;
+            LogFlow(("emHistoryAddOrUpdateRecord: [%#x] %#07x %16RX64: -> PROBED\n", idxSlot, uFlagsAndType, uFlatPC));
+            return NULL;
+        }
+    }
+}
+
+
+/**
  * Adds an exit to the history for this CPU.
  *
- * @returns Suggested action to take.
+ * @returns Pointer to an exit record if special action should be taken using
+ *          EMHistoryExec().  Take normal exit action when NULL.
+ *
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   uFlagsAndType   Combined flags and type (see EMEXIT_MAKE_FLAGS_AND_TYPE).
@@ -413 +602 @@
  * @thread  EMT(pVCpu)
  */
-VMM_INT_DECL(EMEXITACTION) EMHistoryAddExit(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC, uint64_t uTimestamp)
+VMM_INT_DECL(PCEMEXITREC) EMHistoryAddExit(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC, uint64_t uTimestamp)
 {
     VMCPU_ASSERT_EMT(pVCpu);
@@ -421 +610 @@
      */
     AssertCompile(RT_ELEMENTS(pVCpu->em.s.aExitHistory) == 256);
-    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[(uintptr_t)(pVCpu->em.s.iNextExit++) & 0xff];
+    uint64_t uExitNo = pVCpu->em.s.iNextExit++;
+    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[(uintptr_t)uExitNo & 0xff];
     pHistEntry->uFlatPC       = uFlatPC;
     pHistEntry->uTimestamp    = uTimestamp;
@@ -428 +618 @@
 
     /*
-     * If common exit type, we will insert/update the exit into the shared hash table.
+     * If common exit type, we will insert/update the exit into the exit record hash table.
      */
-    if ((uFlagsAndType & EMEXIT_F_KIND_MASK) == EMEXIT_F_KIND_EM)
-    {
-        /** @todo later */
-    }
-
-    return EMEXITACTION_NORMAL;
+    if (   (uFlagsAndType & (EMEXIT_F_KIND_MASK | EMEXIT_F_CS_EIP | EMEXIT_F_UNFLATTENED_PC)) == EMEXIT_F_KIND_EM
+        && uFlatPC != UINT64_MAX)
+        return emHistoryAddOrUpdateRecord(pVCpu, uFlagsAndType, uFlatPC, pHistEntry, uExitNo);
+    return NULL;
 }
 
@@ -476 +664 @@
 {
     AssertCompile(RT_ELEMENTS(pVCpu->em.s.aExitHistory) == 256);
-    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[((uintptr_t)pVCpu->em.s.iNextExit - 1) & 0xff];
+    uint64_t     uExitNo    = pVCpu->em.s.iNextExit - 1;
+    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[(uintptr_t)uExitNo & 0xff];
     pHistEntry->uFlatPC = uFlatPC;
     if (fFlattened)
@@ -489 +678 @@
  * Interface for convering a engine specific exit to a generic one and get guidance.
  *
+ * @returns Pointer to an exit record if special action should be taken using
+ *          EMHistoryExec().  Take normal exit action when NULL.
+ *
  * @param   pVCpu           The cross context virtual CPU structure.
  * @param   uFlagsAndType   Combined flags and type (see EMEXIT_MAKE_FLAGS_AND_TYPE).
  * @thread  EMT(pVCpu)
  */
-VMM_INT_DECL(EMEXITACTION) EMHistoryUpdateFlagsAndType(PVMCPU pVCpu, uint32_t uFlagsAndType)
+VMM_INT_DECL(PCEMEXITREC) EMHistoryUpdateFlagsAndType(PVMCPU pVCpu, uint32_t uFlagsAndType)
 {
     VMCPU_ASSERT_EMT(pVCpu);
@@ -501 +693 @@
      */
     AssertCompile(RT_ELEMENTS(pVCpu->em.s.aExitHistory) == 256);
-    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[((uintptr_t)pVCpu->em.s.iNextExit - 1) & 0xff];
+    uint64_t     uExitNo    = pVCpu->em.s.iNextExit - 1;
+    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[(uintptr_t)uExitNo & 0xff];
     pHistEntry->uFlagsAndType = uFlagsAndType | (pHistEntry->uFlagsAndType & (EMEXIT_F_CS_EIP | EMEXIT_F_UNFLATTENED_PC));
 
     /*
-     * If common exit type, we will insert/update the exit into the shared hash table.
+     * If common exit type, we will insert/update the exit into the exit record hash table.
      */
-    if ((uFlagsAndType & EMEXIT_F_KIND_MASK) == EMEXIT_F_KIND_EM)
-    {
-        /** @todo later */
-    }
-
-    return EMEXITACTION_NORMAL;
+    if (   (uFlagsAndType & (EMEXIT_F_KIND_MASK | EMEXIT_F_CS_EIP | EMEXIT_F_UNFLATTENED_PC)) == EMEXIT_F_KIND_EM
+        && pHistEntry->uFlatPC != UINT64_MAX)
+        return emHistoryAddOrUpdateRecord(pVCpu, uFlagsAndType, pHistEntry->uFlatPC, pHistEntry, uExitNo);
+    return NULL;
 }
 
@@ -519 +710 @@
  * Interface for convering a engine specific exit to a generic one and get
  * guidance, supplying flattened PC too.
+ *
+ * @returns Pointer to an exit record if special action should be taken using
+ *          EMHistoryExec().  Take normal exit action when NULL.
  *
  * @param   pVCpu           The cross context virtual CPU structure.
@@ -525 +719 @@
  * @thread  EMT(pVCpu)
  */
-VMM_INT_DECL(EMEXITACTION) EMHistoryUpdateFlagsAndTypeAndPC(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC)
+VMM_INT_DECL(PCEMEXITREC) EMHistoryUpdateFlagsAndTypeAndPC(PVMCPU pVCpu, uint32_t uFlagsAndType, uint64_t uFlatPC)
 {
     VMCPU_ASSERT_EMT(pVCpu);
+    Assert(uFlatPC != UINT64_MAX);
 
     /*
@@ -533 +728 @@
      */
     AssertCompile(RT_ELEMENTS(pVCpu->em.s.aExitHistory) == 256);
-    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[((uintptr_t)pVCpu->em.s.iNextExit - 1) & 0xff];
+    uint64_t     uExitNo    = pVCpu->em.s.iNextExit - 1;
+    PEMEXITENTRY pHistEntry = &pVCpu->em.s.aExitHistory[(uintptr_t)uExitNo & 0xff];
     pHistEntry->uFlagsAndType = uFlagsAndType;
     pHistEntry->uFlatPC       = uFlatPC;
 
     /*
-     * If common exit type, we will insert/update the exit into the shared hash table.
+     * If common exit type, we will insert/update the exit into the exit record hash table.
      */
-    if ((uFlagsAndType & EMEXIT_F_KIND_MASK) == EMEXIT_F_KIND_EM)
-    {
-        /** @todo later */
-    }
-
-    return EMEXITACTION_NORMAL;
+    if ((uFlagsAndType & (EMEXIT_F_KIND_MASK | EMEXIT_F_CS_EIP | EMEXIT_F_UNFLATTENED_PC)) == EMEXIT_F_KIND_EM)
+        return emHistoryAddOrUpdateRecord(pVCpu, uFlagsAndType, uFlatPC, pHistEntry, uExitNo);
+    return NULL;
 }
 

trunk/src/VBox/VMM/VMMAll/IEMAll.cpp

@@ -14152 +14152 @@
 
 
+/**
+ * Interface used by EMExecuteExec, does exit statistics and limits.
+ *
+ * @returns Strict VBox status code.
+ * @param   pVCpu               The cross context virtual CPU structure.
+ * @param   fWillExit           To be defined.
+ * @param   cMinInstructions    Minimum number of instructions to execute before checking for FFs.
+ * @param   cMaxInstructions    Maximum number of instructions to execute.
+ * @param   cMaxInstructionsWithoutExits
+ *                              The max number of instructions without exits.
+ * @param   pStats              Where to return statistics.
+ */
+VMMDECL(VBOXSTRICTRC) IEMExecForExits(PVMCPU pVCpu, uint32_t fWillExit, uint32_t cMinInstructions, uint32_t cMaxInstructions,
+                                      uint32_t cMaxInstructionsWithoutExits, PIEMEXECFOREXITSTATS pStats)
+{
+    NOREF(fWillExit); /** @todo define flexible exit crits */
+
+    /*
+     * Initialize return stats.
+     */
+    pStats->cInstructions    = 0;
+    pStats->cExits           = 0;
+    pStats->cMaxExitDistance = 0;
+    pStats->cReserved        = 0;
+
+    /*
+     * Initial decoder init w/ prefetch, then setup setjmp.
+     */
+    VBOXSTRICTRC rcStrict = iemInitDecoderAndPrefetchOpcodes(pVCpu, false);
+    if (rcStrict == VINF_SUCCESS)
+    {
+        uint32_t cInstructionSinceLastExit = 0;
+
+#ifdef IEM_WITH_SETJMP
+        jmp_buf         JmpBuf;
+        jmp_buf        *pSavedJmpBuf = pVCpu->iem.s.CTX_SUFF(pJmpBuf);
+        pVCpu->iem.s.CTX_SUFF(pJmpBuf)   = &JmpBuf;
+        pVCpu->iem.s.cActiveMappings     = 0;
+        if ((rcStrict = setjmp(JmpBuf)) == 0)
+#endif
+        {
+            /*
+             * The run loop.  We limit ourselves to 4096 instructions right now.
+             */
+            PVM pVM = pVCpu->CTX_SUFF(pVM);
+            for (;;)
+            {
+                /*
+                 * Log the state.
+                 */
+#ifdef LOG_ENABLED
+                iemLogCurInstr(pVCpu, true);
+#endif
+
+                /*
+                 * Do the decoding and emulation.
+                 */
+                uint32_t const cPotentialExits = pVCpu->iem.s.cPotentialExits;
+
+                uint8_t b; IEM_OPCODE_GET_NEXT_U8(&b);
+                rcStrict = FNIEMOP_CALL(g_apfnOneByteMap[b]);
+
+                if (   cPotentialExits != pVCpu->iem.s.cPotentialExits
+                    && cInstructionSinceLastExit > 0 /* don't count the first */ )
+                {
+                    pStats->cExits += 1;
+                    if (cInstructionSinceLastExit > pStats->cMaxExitDistance)
+                        pStats->cMaxExitDistance = cInstructionSinceLastExit;
+                    cInstructionSinceLastExit = 0;
+                }
+
+                if (RT_LIKELY(rcStrict == VINF_SUCCESS))
+                {
+                    Assert(pVCpu->iem.s.cActiveMappings == 0);
+                    pVCpu->iem.s.cInstructions++;
+                    pStats->cInstructions++;
+                    cInstructionSinceLastExit++;
+                    if (RT_LIKELY(pVCpu->iem.s.rcPassUp == VINF_SUCCESS))
+                    {
+                        uint32_t fCpu = pVCpu->fLocalForcedActions
+                                      & ( VMCPU_FF_ALL_MASK & ~(  VMCPU_FF_PGM_SYNC_CR3
+                                                                | VMCPU_FF_PGM_SYNC_CR3_NON_GLOBAL
+                                                                | VMCPU_FF_TLB_FLUSH
+#ifdef VBOX_WITH_RAW_MODE
+                                                                | VMCPU_FF_TRPM_SYNC_IDT
+                                                                | VMCPU_FF_SELM_SYNC_TSS
+                                                                | VMCPU_FF_SELM_SYNC_GDT
+                                                                | VMCPU_FF_SELM_SYNC_LDT
+#endif
+                                                                | VMCPU_FF_INHIBIT_INTERRUPTS
+                                                                | VMCPU_FF_BLOCK_NMIS
+                                                                | VMCPU_FF_UNHALT ));
+
+                        if (RT_LIKELY(   (   (   !fCpu
+                                              || (   !(fCpu & ~(VMCPU_FF_INTERRUPT_APIC | VMCPU_FF_INTERRUPT_PIC))
+                                                  && !pVCpu->cpum.GstCtx.rflags.Bits.u1IF))
+                                          && !VM_FF_IS_PENDING(pVM, VM_FF_ALL_MASK) )
+                                      || pStats->cInstructions < cMinInstructions))
+                        {
+                            if (cMaxInstructions-- > 0)
+                            {
+                                if (cInstructionSinceLastExit <= cMaxInstructionsWithoutExits)
+                                {
+                                    Assert(pVCpu->iem.s.cActiveMappings == 0);
+                                    iemReInitDecoder(pVCpu);
+                                    continue;
+                                }
+                            }
+                        }
+                    }
+                    Assert(pVCpu->iem.s.cActiveMappings == 0);
+                }
+                else if (pVCpu->iem.s.cActiveMappings > 0)
+                        iemMemRollback(pVCpu);
+                rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
+                break;
+            }
+        }
+#ifdef IEM_WITH_SETJMP
+        else
+        {
+            if (pVCpu->iem.s.cActiveMappings > 0)
+                iemMemRollback(pVCpu);
+            pVCpu->iem.s.cLongJumps++;
+        }
+        pVCpu->iem.s.CTX_SUFF(pJmpBuf) = pSavedJmpBuf;
+#endif
+
+        /*
+         * Assert hidden register sanity (also done in iemInitDecoder and iemReInitDecoder).
+         */
+        Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.cs));
+        Assert(CPUMSELREG_ARE_HIDDEN_PARTS_VALID(pVCpu, &pVCpu->cpum.GstCtx.ss));
+    }
+    else
+    {
+        if (pVCpu->iem.s.cActiveMappings > 0)
+            iemMemRollback(pVCpu);
+
+#ifdef VBOX_WITH_NESTED_HWVIRT_SVM
+        /*
+         * When a nested-guest causes an exception intercept (e.g. #PF) when fetching
+         * code as part of instruction execution, we need this to fix-up VINF_SVM_VMEXIT.
+         */
+        rcStrict = iemExecStatusCodeFiddling(pVCpu, rcStrict);
+#endif
+    }
+
+    /*
+     * Maybe re-enter raw-mode and log.
+     */
+#ifdef IN_RC
+    rcStrict = iemRCRawMaybeReenter(pVCpu, rcStrict);
+#endif
+    if (rcStrict != VINF_SUCCESS)
+        LogFlow(("IEMExecForExits: cs:rip=%04x:%08RX64 ss:rsp=%04x:%08RX64 EFL=%06x - rcStrict=%Rrc; ins=%u exits=%u maxdist=%u\n",
+                 pVCpu->cpum.GstCtx.cs.Sel, pVCpu->cpum.GstCtx.rip, pVCpu->cpum.GstCtx.ss.Sel, pVCpu->cpum.GstCtx.rsp,
+                 pVCpu->cpum.GstCtx.eflags.u, VBOXSTRICTRC_VAL(rcStrict), pStats->cInstructions, pStats->cExits, pStats->cMaxExitDistance));
+    return rcStrict;
+}
+
 
 /**

trunk/src/VBox/VMM/VMMAll/IEMAllCImpl.cpp.h

@@ -6801 +6801 @@
 
     iemRegAddToRipAndClearRF(pVCpu, cbInstr);
+    pVCpu->iem.s.cPotentialExits++;
     return VINF_SUCCESS;
 }

trunk/src/VBox/VMM/VMMAll/NEMAllNativeTemplate-win.cpp.h

@@ -2293 +2293 @@
         pCtx->rdi = pExit->IoPortAccess.Rdi;
         pCtx->rsi = pExit->IoPortAccess.Rsi;
-# ifdef IN_RING0
-        rcStrict = nemR0WinImportStateStrict(pGVCpu->pGVM, pGVCpu, pCtx, NEM_WIN_CPUMCTX_EXTRN_MASK_FOR_IEM, "IOExit");
-        if (rcStrict != VINF_SUCCESS)
-            return rcStrict;
-# else
         int rc = nemHCWinCopyStateFromHyperV(pVM, pVCpu, pCtx, NEM_WIN_CPUMCTX_EXTRN_MASK_FOR_IEM);
         AssertRCReturn(rc, rc);
-# endif
 
         Log4(("IOExit/%u: %04x:%08RX64/%s: %s%s %#x LB %u (emulating)\n",
@@ -2477 +2471 @@
      *       function and make everyone use it.
      */
-    EMHistoryAddExit(pVCpu, EMEXIT_MAKE_FLAGS_AND_TYPE(EMEXIT_F_KIND_EM, EMEXITTYPE_CPUID),
-                     pExit->VpContext.Rip + pExit->VpContext.Cs.Base, ASMReadTSC());
-
-    /** @todo Combine implementations into IEMExecDecodedCpuId as this will
-     *        only get weirder with nested VT-x and AMD-V support. */
+    PCEMEXITREC pExitRec = EMHistoryAddExit(pVCpu, EMEXIT_MAKE_FLAGS_AND_TYPE(EMEXIT_F_KIND_EM, EMEXITTYPE_CPUID),
+                                            pExit->VpContext.Rip + pExit->VpContext.Cs.Base, ASMReadTSC());
     nemR3WinCopyStateFromX64Header(pVCpu, pCtx, &pExit->VpContext);
-
-    /* Copy in the low register values (top is always cleared). */
-    pCtx->rax = (uint32_t)pExit->CpuidAccess.Rax;
-    pCtx->rcx = (uint32_t)pExit->CpuidAccess.Rcx;
-    pCtx->rdx = (uint32_t)pExit->CpuidAccess.Rdx;
-    pCtx->rbx = (uint32_t)pExit->CpuidAccess.Rbx;
+    if (!pExitRec)
+    {
+        /** @todo Combine implementations into IEMExecDecodedCpuId as this will
+         *        only get weirder with nested VT-x and AMD-V support. */
+
+        /* Copy in the low register values (top is always cleared). */
+        pCtx->rax = (uint32_t)pExit->CpuidAccess.Rax;
+        pCtx->rcx = (uint32_t)pExit->CpuidAccess.Rcx;
+        pCtx->rdx = (uint32_t)pExit->CpuidAccess.Rdx;
+        pCtx->rbx = (uint32_t)pExit->CpuidAccess.Rbx;
+        pCtx->fExtrn &= ~(CPUMCTX_EXTRN_RAX | CPUMCTX_EXTRN_RCX | CPUMCTX_EXTRN_RDX | CPUMCTX_EXTRN_RBX);
+
+        /* Get the correct values. */
+        CPUMGetGuestCpuId(pVCpu, pCtx->eax, pCtx->ecx, &pCtx->eax, &pCtx->ebx, &pCtx->ecx, &pCtx->edx);
+
+        Log4(("CpuIdExit/%u: %04x:%08RX64/%s: rax=%08RX64 / rcx=%08RX64 / rdx=%08RX64 / rbx=%08RX64 -> %08RX32 / %08RX32 / %08RX32 / %08RX32 (hv: %08RX64 / %08RX64 / %08RX64 / %08RX64)\n",
+              pVCpu->idCpu, pExit->VpContext.Cs.Selector, pExit->VpContext.Rip, nemR3WinExecStateToLogStr(&pExit->VpContext),
+              pExit->CpuidAccess.Rax,                           pExit->CpuidAccess.Rcx,              pExit->CpuidAccess.Rdx,              pExit->CpuidAccess.Rbx,
+              pCtx->eax,                                                     pCtx->ecx,                           pCtx->edx,                           pCtx->ebx,
+              pExit->CpuidAccess.DefaultResultRax, pExit->CpuidAccess.DefaultResultRcx, pExit->CpuidAccess.DefaultResultRdx, pExit->CpuidAccess.DefaultResultRbx));
+
+        /* Move RIP and we're done. */
+        nemR3WinAdvanceGuestRipAndClearRF(pVCpu, pCtx, &pExit->VpContext);
+
+        RT_NOREF_PV(pVM);
+        return VINF_SUCCESS;
+    }
+
+    /* Get state and call EMHistoryExec. */
+    pCtx->rax = pExit->CpuidAccess.Rax;
+    pCtx->rcx = pExit->CpuidAccess.Rcx;
+    pCtx->rdx = pExit->CpuidAccess.Rdx;
+    pCtx->rbx = pExit->CpuidAccess.Rbx;
     pCtx->fExtrn &= ~(CPUMCTX_EXTRN_RAX | CPUMCTX_EXTRN_RCX | CPUMCTX_EXTRN_RDX | CPUMCTX_EXTRN_RBX);
-
-    /* Get the correct values. */
-    CPUMGetGuestCpuId(pVCpu, pCtx->eax, pCtx->ecx, &pCtx->eax, &pCtx->ebx, &pCtx->ecx, &pCtx->edx);
-
-    Log4(("CpuIdExit/%u: %04x:%08RX64/%s: rax=%08RX64 / rcx=%08RX64 / rdx=%08RX64 / rbx=%08RX64 -> %08RX32 / %08RX32 / %08RX32 / %08RX32 (hv: %08RX64 / %08RX64 / %08RX64 / %08RX64)\n",
+    Log4(("CpuIdExit/%u: %04x:%08RX64/%s: rax=%08RX64 / rcx=%08RX64 / rdx=%08RX64 / rbx=%08RX64 (hv: %08RX64 / %08RX64 / %08RX64 / %08RX64) ==> EMHistoryExec\n",
           pVCpu->idCpu, pExit->VpContext.Cs.Selector, pExit->VpContext.Rip, nemR3WinExecStateToLogStr(&pExit->VpContext),
           pExit->CpuidAccess.Rax,                           pExit->CpuidAccess.Rcx,              pExit->CpuidAccess.Rdx,              pExit->CpuidAccess.Rbx,
-          pCtx->eax,                                                     pCtx->ecx,                           pCtx->edx,                           pCtx->ebx,
           pExit->CpuidAccess.DefaultResultRax, pExit->CpuidAccess.DefaultResultRcx, pExit->CpuidAccess.DefaultResultRdx, pExit->CpuidAccess.DefaultResultRbx));
 
-    /* Move RIP and we're done. */
-    nemR3WinAdvanceGuestRipAndClearRF(pVCpu, pCtx, &pExit->VpContext);
-
-    RT_NOREF_PV(pVM);
-    return VINF_SUCCESS;
+    int rc = nemHCWinCopyStateFromHyperV(pVM, pVCpu, pCtx, NEM_WIN_CPUMCTX_EXTRN_MASK_FOR_IEM);
+    AssertRCReturn(rc, rc);
+
+    VBOXSTRICTRC rcStrict = EMHistoryExec(pVCpu, pExitRec, 0);
+    return rcStrict;
 }
 #endif /* IN_RING3 && !NEM_WIN_USE_OUR_OWN_RUN_API */

trunk/src/VBox/VMM/include/EMInternal.h

@@ -493 +493 @@
     R3PTRTYPE(PAVLGCPTRNODECORE) pCliStatTree;
     STAMCOUNTER             StatTotalClis;
-#if 0
-    /** 64-bit Visual C++ rounds the struct size up to 16 byte. */
+#if HC_ARCH_BITS == 32
     uint64_t                padding1;
 #endif
@@ -505 +504 @@
     /** Exit history table (6KB). */
     EMEXITENTRY             aExitHistory[256];
+    /** Number of exit records in use. */
+    uint32_t                cExitRecordUsed;
+    /** Number of exit records collisions. */
+    uint32_t                cExitRecordCollisions;
+    /** Exit records (32KB). (Aligned on 32 byte boundrary.) */
+    EMEXITREC               aExitRecords[1024];
 } EMCPU;
 /** Pointer to EM VM instance data. */

trunk/src/VBox/VMM/include/NEMInternal.h

@@ -45 +45 @@
  */
 # define NEM_WIN_USE_HYPERCALLS_FOR_PAGES
-# define NEM_WIN_USE_HYPERCALLS_FOR_REGISTERS
-# define NEM_WIN_USE_OUR_OWN_RUN_API
+//# define NEM_WIN_USE_HYPERCALLS_FOR_REGISTERS
+//# define NEM_WIN_USE_OUR_OWN_RUN_API
 # if defined(NEM_WIN_USE_OUR_OWN_RUN_API) && !defined(NEM_WIN_USE_HYPERCALLS_FOR_REGISTERS)
 #  error "NEM_WIN_USE_OUR_OWN_RUN_API requires NEM_WIN_USE_HYPERCALLS_FOR_REGISTERS"

trunk/src/VBox/VMM/testcase/tstVMStructSize.cpp

@@ -415 +415 @@
     CHECK_MEMBER_ALIGNMENT(EM, CritSectREM, sizeof(uintptr_t));
 #endif
+    CHECK_MEMBER_ALIGNMENT(EMCPU, aExitRecords, sizeof(EMEXITREC));
     CHECK_MEMBER_ALIGNMENT(PGM, CritSectX, sizeof(uintptr_t));
     CHECK_MEMBER_ALIGNMENT(PDM, CritSect, sizeof(uintptr_t));