<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Hey Peter,</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">I've now had multiple opportunities to evaluate the benefit of virtual-memory-based null checks versus explicit branches. Here are some of the papers where we did this. In all cases, we found that explicit null check branches are just as fast as using a virtual memory trap.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">http://www.filpizlo.com/papers/baker-ccpe09-accurate.pdf (Tomas stumbled on this observation while comparing OpenVM's C backend to its C++ backend.)</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><div id="bloop_customfont" style="margin: 0px;">http://www.filpizlo.com/papers/pizlo-eurosys2010-fijivm.pdf (I designed Fiji VM around never using virtual-memory-based optimizations and then I evaluated the cost of null check branches. They were free.)</div><div><br></div></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">I've also done this experiment in WebKit. In JavaScript the equivalent thing is a cell check, and we turn them into explicit branches. We of course emit a minimal set of such branches through GVN, LICM, etc. After that, these branches are essentially free.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">In all cases, I've found that on modern hardware, the explicit null check branches have essentially zero cost. Redundant null checks are trivial to eliminate using any serious compiler infrastructure, LLVM included. The remaining null checks are trivially predicted by the hardware.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">To me it feels like you're proposing to add new instructions to the IR to support something that isn't a worthwhile optimization.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><div id="bloop_customfont" style="margin: 0px;">(Also, this is specific to languages where the only non-pointer value that we might attempt to load from is null. It wouldn't work for languages like JavaScript/Ruby/Python/etc where we may attempt to load from an integer or double that uses a high-bit type tag for instance. So this is an optimization that really only applies to Java and Go, and in Java it's not clear that your IR gives you what you want - Java is basically always JITed and you'd want to deoptimize on null.)</div></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div> <div id="bloop_sign_1396842953265399808" class="bloop_sign"><div style="font-family:helvetica,arial;font-size:13px">-Phil</div><div style="font-family:helvetica,arial;font-size:13px"><br></div></div> <br><p style="color:#000;">On April 6, 2014 at 8:54:39 PM, Peter Collingbourne (<a href="mailto:peter@pcc.me.uk">peter@pcc.me.uk</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>On Sat, Apr 05, 2014 at 12:21:17AM -0700, Andrew Trick wrote:<br>> <br>> On Mar 31, 2014, at 6:58 PM, Peter Collingbourne <peter@pcc.me.uk> wrote:<br>> <br>> > Hi,<br>> > <br>> > I wanted to propose an IR extension that would allow us to support zero-cost<br>> > exception handling for non-call operations that may trap. I wanted to start<br>> > with loads and stores through a null pointer, and later we might extend this to<br>> > div/rem/mod zero. This feature is obviously useful for implementing languages<br>> > such as Java and Go which deterministically translate such operations into<br>> > exceptions which may be caught by the user.<br>> > <br>> > There are a couple of somewhat orthogonal features that this would entail:<br>> > <br>> > 1) Deterministic handling for loads and stores through a null pointer.<br>> > 2) Ability to unwind a load/store to a specific basic block, like invoke.<br>> > <br>> > At the moment, we do not exactly have 1), as the optimizer considers<br>> > non-volatile loads/stores through a null pointer to have undefined<br>> > behavior. Volatile loads/stores are closer, but they come with their own<br>> > set of baggage that can inhibit optimization. (For example, if we can prove<br>> > that a load would always succeed, 'volatile' prevents us from reordering<br>> > the load or deleting it if it is dead.) So I propose to add an attribute to<br>> > 'load' and 'store', which we can call, say, 'nullcheck', with the following<br>> > additional semantics:<br>> > <br>> > - If the memory address is between zero and a target-defined value (i.e. the<br>> > size of the zero page) the instruction is guaranteed to trap in a<br>> > target-defined manner.<br>> > <br>> > - The optimizer may only delete or reorder nullcheck instructions if the<br>> > program cannot observe such a transformation by installing a signal handler<br>> > for the trap. Therefore, the optimizer would be able to drop the attribute<br>> > if it can prove that the address will always be non-null.<br>> > <br>> > To support 2), I propose a couple of new instructions. I haven't come up with<br>> > great names for these instructions, but:<br>> > <br>> > - 'iload' is to 'load' as 'invoke' is to 'call'. That is, the instruction is<br>> > a terminator and has normal and unwind destinations. e.g.<br>> > <br>> > %v = iload i8* %ptr to label %try.cont unwind label %lpad<br>> > <br>> > - Similarly, 'istore' is to 'store' as 'invoke' is to 'call'.<br>> > <br>> > istore i8 %v, i8* %ptr to label %try.cont unwind label %lpad<br>> > <br>> > These instructions always have 'nullcheck' semantics, plus:<br>> > <br>> > - If the instruction traps and the program has installed a signal handler<br>> > for the trap which unwinds, the unwind is guaranteed to land at the<br>> > landing pad.<br>> > <br>> > I've been working on an implementation of 'iload' and 'istore' which are<br>> > in the attached patches, if you are interested. (They aren't ready to go<br>> > in yet.) I have asm parsing/printing for both, and code generation for<br>> > 'iload'. Would be interested in getting feedback on code generation as this<br>> > is my first serious foray into the backend -- I haven't tried running the<br>> > generated code yet and the DAG builder is a mashup of the DAG builders for<br>> > 'invoke' and 'load', but I've eyeballed the asm it generates (e.g. llc produces<br>> > iload-exception.s for the attached iload-exception.ll) and it looks reasonable.<br>> <br>> Hi Peter. All due respect, I don’t think it’s right to introduce new load/store instructions with equivalent semantics to and+icmp+br+load/store.<br><br>I don't think the new instructions have equivalent semantics. If the null check<br>fails with the iload/istore instructions, we need to throw the appropriate<br>language-specific exception and evaluate it against the landing pad. There<br>may also need to be an active exception that can be resumed.<br><br>As far as I can tell, the frontend would need to emit IR that calls the<br>language runtime to manually throw the exception. This IR would need to be<br>recognized by the IR optimization that converts the icmp+br+load/store to<br>a checked load/store. It seems to me that it would be simpler to just start<br>with the checked load/store.<br><br>> ‘invoke’ is different. It is needed because there is no way for the caller to explicitly check for an exception.<br>> <br>> We do introduce intrinsics that encapsulate things like overflow checks. This is done to eliminate control flow edges that tend to inhibit LLVM’s optimizer and instruction selection. But you’re not removing the control flow, so this technique does not apply. Null checks should actually be exposed in IR so general optimizations can remove redundant checks.<br><br>My idea for removing redundant checks is to teach the IR optimizer to<br>treat iloads/istores as if they were null checks. Is there any reason<br>why this wouldn't work?<br><br>> Ideally this would just be a machine code pass that can hoist a load/store above a branch and nuke the compare. However, I can see how it’s easier to relate the compare operand to the address arithmetic at IR level.<br>> <br>> To do this at IR level, you could introduce a pre-CodeGen pass that converts cmp+br+load/store into a checked load intrinsic. Since this intrinsic only exists for instruction selection, the optimizer doesn’t need to know about it.<br><br>I did initially consider implementing the checked load/store as an<br>intrinsic. But there are relatively boring reasons why this won't work at<br>present. For example, there is no current way to represent a struct load<br>using an intrinsic, as there is no mangling for struct types. Also, named<br>structs would need a mangling that is resistant to renames. Rather than<br>solve these problems, I decided to avoid intrinsics entirely.<br><br>> The intrinsic would need to be lowered to an MI pseudo-instruction that feels like a load/store to the backend, but is a terminator. During code emission you could grab the address of that pseudo load/store and its resulting branch target to inform the runtime.<br><br>As far as I know, a load can lower to multiple machine instructions. This<br>will definitely be the case for the Go frontend that I'm working with, as<br>its IR tends to use struct loads/stores quite frequently. So I'm not sure<br>if this will work. I think it needs to look a lot like how the lowering for<br>invokes currently looks, with a pair of EH_LABELs around a set of ordinary<br>load/store MIs -- which is how I implemented it.<br><br>Thanks,<br>-- <br>Peter<br>_______________________________________________<br>LLVM Developers mailing list<br>LLVMdev@cs.uiuc.edu http://llvm.cs.uiuc.edu<br>http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev<br></div></div></span></blockquote></body></html>