FEXCore: Support x64 -> arm64ec calls

The frontend will provide the return logic via ExitFunctionEC, which
will be jumped to whenever there is an indirect branch/return to an addr
such that RtlIsEcCode(addr) returns true.

FEXCore/Source/Interface/Core/Dispatcher/Dispatcher.cpp

@@ -61,6 +61,9 @@ void Dispatcher::EmitDispatcher() {
 
   ARMEmitter::ForwardLabel l_CTX;
   ARMEmitter::SingleUseForwardLabel l_Sleep;
+#ifdef _M_ARM_64EC
+  ARMEmitter::SingleUseForwardLabel ExitEC;
+#endif
   ARMEmitter::SingleUseForwardLabel l_CompileBlock;
 
   // Push all the register we need to save
@@ -91,7 +94,8 @@ void Dispatcher::EmitDispatcher() {
 
   // Load in our RIP
   // Don't modify TMP3 since it contains our RIP once the block doesn't exist
-
+  // IMPORTANT: Pointers.Common.ExitFunctionEC callsites/implementations need to be
+  // adjusted accordingly if this changes.
   auto RipReg = TMP3;
   ldr(RipReg, STATE_PTR(CpuStateFrame, State.rip));
 
@@ -134,6 +138,10 @@ void Dispatcher::EmitDispatcher() {
 
     // If page pointer is zero then we have no block
     cbz(ARMEmitter::Size::i64Bit, TMP1, &NoBlock);
+#ifdef _M_ARM_64EC
+    // The LSB of an L2 page entry indicates if this page contains EC code
+    tbnz(TMP1, 0, &ExitEC);
+#endif
 
     // Steal the page offset
     and_(ARMEmitter::Size::i64Bit, TMP2, TMP4, 0x0FFF);
@@ -167,6 +175,15 @@ void Dispatcher::EmitDispatcher() {
     }
   }
 
+#ifdef _M_ARM_64EC
+  {
+    Bind(&ExitEC);
+    // Target PC is already loaded into TMP3 at the start of the dispatcher
+    ldr(TMP2, STATE_PTR(CpuStateFrame, Pointers.Common.ExitFunctionEC));
+    br(TMP2);
+  }
+#endif
+
   {
     ThreadStopHandlerAddressSpillSRA = GetCursorAddress<uint64_t>();
     SpillStaticRegs(TMP1);

FEXCore/Source/Interface/Core/JIT/Arm64/BranchOps.cpp

@@ -53,14 +53,23 @@ DEF_OP(ExitFunction) {
   uint64_t NewRIP;
 
   if (IsInlineConstant(Op->NewRIP, &NewRIP) || IsInlineEntrypointOffset(Op->NewRIP, &NewRIP)) {
-    ARMEmitter::SingleUseForwardLabel l_BranchHost;
-
-    ldr(TMP1, &l_BranchHost);
-    blr(TMP1);
-
-    Bind(&l_BranchHost);
-    dc64(ThreadState->CurrentFrame->Pointers.Common.ExitFunctionLinker);
-    dc64(NewRIP);
+#ifdef _M_ARM_64EC
+    if (RtlIsEcCode(NewRIP)) {
+      LoadConstant(ARMEmitter::Size::i64Bit, TMP3, NewRIP);
+      ldr(TMP2, STATE_PTR(CpuStateFrame, Pointers.Common.ExitFunctionEC));
+      br(TMP2);
+    } else {
+#endif
+      ARMEmitter::SingleUseForwardLabel l_BranchHost;
+      ldr(TMP1, &l_BranchHost);
+      blr(TMP1);
+
+      Bind(&l_BranchHost);
+      dc64(ThreadState->CurrentFrame->Pointers.Common.ExitFunctionLinker);
+      dc64(NewRIP);
+#ifdef _M_ARM_64EC
+    }
+#endif
   } else {
 
     ARMEmitter::SingleUseForwardLabel FullLookup;

FEXCore/include/FEXCore/Core/CoreState.h

@@ -243,6 +243,9 @@ namespace FEXCore::Core {
       uint64_t SyscallHandlerFunc{};
       uint64_t ExitFunctionLink{};
 
+      // Handles returning/calling ARM64EC code from the JIT, expects the target PC in TMP3
+      uint64_t ExitFunctionEC{};
+
       uint64_t FallbackHandlerPointers[FallbackHandlerIndex::OPINDEX_MAX];
       uint64_t NamedVectorConstantPointers[FEXCore::IR::NamedVectorConstant::NAMED_VECTOR_CONST_POOL_MAX];
       uint64_t IndexedNamedVectorConstantPointers[FEXCore::IR::IndexNamedVectorConstant::INDEXED_NAMED_VECTOR_MAX];