www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - runtime vs compile-time ref safety: 20% overhead in my example

reply Timothee Cour <thelastmammoth gmail.com> writes:
--001a11c209d2e73bcb04dd973edc
Content-Type: text/plain; charset=ISO-8859-1

It has been proposed to introduce runtime bounds checking to insure ref
safety (avoiding escaping references to local variables), enabled with a
-checkboundsref flag (or similar).

I was wondering what would be the cost of doing this, so ran a simple test,
please see:
https://github.com/timotheecour/dtools/blob/master/dtools/scratch/test1.d

(note, I'm not claiming the code is correct (stack could go up or down)
just that any mechanism for runtime ref safety check should bear the same
cost at least).

After running:
ldc2 -release -O2 -run dtools/scratch/test1.d
I get:
reltime=20.7386(%); time(base)=2333 time(t2)=2817

Which means that the extra check to make sure the output reference doesn't
escape a local incurs a 20% cost in my example.

Is there a better implementation (i have a single pointer comparison though
so I'm not sure how that would be optimized) ?

If not, it will mean user will have to choose between enabling runtime
safety checks (20% in my simple example), or throwing away ref safety by
disabling checkboundsref flag.

As an alternative, I have proposed a simple mechanism for safe references
without runtime chesks (http://wiki.dlang.org/DIP38), which will statically
enforce ref safety.

--001a11c209d2e73bcb04dd973edc
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div>It has been proposed to introduce runtime bounds checking to insure re=
f safety (avoiding escaping references to local variables), enabled with a =
-checkboundsref flag (or similar).</div><div><br></div><div>I was wondering=
 what would be the cost of doing this, so ran a simple test, please see:</d=
iv>
<a href=3D"https://github.com/timotheecour/dtools/blob/master/dtools/scratc=
h/test1.d">https://github.com/timotheecour/dtools/blob/master/dtools/scratc=
h/test1.d</a><div><br></div><div>(note, I&#39;m not claiming the code is co=
rrect (stack could go up or down) just that any mechanism for runtime ref s=
afety check should bear the same cost at least).</div>
<div><br></div><div>After running:<br><div>ldc2 -release -O2 -run dtools/sc=
ratch/test1.d</div><div><div>I get:</div><div>reltime=3D20.7386(%); time(ba=
se)=3D2333 time(t2)=3D2817</div><div><br></div></div></div><div>Which means=
 that the extra check to make sure the output reference doesn&#39;t escape =
a local incurs a 20% cost in my example.</div>
<div><br></div><div>Is there a better implementation (i have a single point=
er comparison though so I&#39;m not sure how that would be optimized) ?</di=
v><div><br></div><div>If not, it will mean user will have to choose between=
 enabling runtime safety checks (20% in my simple example), or throwing awa=
y ref safety by disabling checkboundsref flag.</div>
<div><br></div><div>As an alternative, I have proposed a simple mechanism f=
or safe references without runtime chesks (<a href=3D"http://wiki.dlang.org=
/DIP38">http://wiki.dlang.org/DIP38</a>), which will statically enforce ref=
 safety.</div>
<div><br></div><div><br></div><div><br></div>

--001a11c209d2e73bcb04dd973edc--
May 25 2013
next sibling parent Martin Nowak <code dawg.eu> writes:
On 05/26/2013 06:12 AM, Timothee Cour wrote:
 Which means that the extra check to make sure the output reference
 doesn't escape a local incurs a 20% cost in my example.

 Is there a better implementation (i have a single pointer comparison
 though so I'm not sure how that would be optimized) ?

 If not, it will mean user will have to choose between enabling runtime
 safety checks (20% in my simple example), or throwing away ref safety by
 disabling checkboundsref flag.

that you bench llvm's inliner rather than the cost of the runtime check. Also the version that doesn't perform the bounds check doesn't use the ptr parameter, so the variable can be optimized away. In a real implementation computing the frame pointer doesn't incur much cost, it is already available in a register or it is a constant offset from the stack pointer. The branch is easily predictable, as the condition is always the same.
May 26 2013
prev sibling parent "Mr. Anonymous" <mailnew4ster gmail.com> writes:
On Sunday, 26 May 2013 at 20:23:45 UTC, Martin Nowak wrote:
 On 05/26/2013 06:12 AM, Timothee Cour wrote:
 Which means that the extra check to make sure the output

 doesn't escape a local incurs a 20% cost in my example.

 Is there a better implementation (i have a single pointer

 though so I'm not sure how that would be optimized) ?

 If not, it will mean user will have to choose between

 safety checks (20% in my simple example), or throwing away

 disabling checkboundsref flag.

you'll see that you bench llvm's inliner rather than the cost of the runtime check. Also the version that doesn't perform the bounds check doesn't use the ptr parameter, so the variable can be optimized away. In a real implementation computing the frame pointer doesn't incur much cost, it is already available in a register or it is a constant offset from the stack pointer. The branch is easily predictable, as the condition is always the same.

I think the solution proposed in the DIP is worth checking, not solely due to performance reasons, but mainly for better safety. A runtime check cannot check all possible code paths when testing, and an undetected bug can surprise you when you don't expect it.
May 26 2013