[RFC][PATCH][X86_64] Eliminate PLT stubs for specified external functions via -fno-plt=

Fri May 1 00:31:00 GMT 2015

Hi,

We noticed that one of our benchmarks sped-up by ~1% when we
eliminated PLT stubs for some of the hot external library functions
like memcmp, pow.  The win was from better icache and itlb
performance. The main reason was that the PLT stubs had no spatial
locality with the call-sites. I have started looking at ways to tell
the compiler to eliminate PLT stubs (in-effect inline them) for
specified external functions, for x86_64. I have a proposal and a
patch and I would like to hear what you think.

Here is a  summary of what is happening currently. A call to an
external function is direct but calls into the PLT stub which then
jumps indirectly to the GOT entry.  If I could replace the direct call
to the PLT stub with an indirect call to a GOT entry which will hold
the address of the external function, I have gotten rid of the PLT
stub.  Here is an example:

foo.cc
=====

extern int foo ();  // Truly external library function, defined in a
shared library.

int main() {
  foo();
  ...
}

Currently, this is what is happening.

foo.s looks like this:

main:
.....
callq _Z3foov

but the linker replaces this to call the PLT stub of foo instead.

Function main calls the plt stub directly:

0000000000400766 <main>:
    ….
    40076a:       e8 71 fe ff ff          callq  4005e0 <_Z3foov@plt>

and the PLT stub does this:

00000000004005e0 <_Z3foov@plt>:
  4005e0:       jmpq   *0x15d2(%rip)        # 401bb8
<_GLOBAL_OFFSET_TABLE_+0x28>
  4005e6:       pushq  $0x2
  4005eb:       jmpq   4005b0 <_init+0x28>

The GOT entry at address 0x401bb8 contains the address of foo which
will be lazily bound.

What my proposal plans does is to change foo.s to look like this:

callq *_Z3foov@GOTPCREL(%rip)

which is indirectly calling foo via a GOT entry that contains the
address of foo.  The address in the GOT entry is fixed up at load time
and the linker creates only one GOT entry per function irrespective of
the number of callers.

a.out now looks like this:

0000000000400746 <main>:
...
40074a:       ff 15 20 14 00 00       callq  *0x1420(%rip)        #
401b70 <_DYNAMIC+0x1e8>
...

Function main indirectly calls foo using the contents at location
0x401b70 which is actually a GOT entry containing the address of foo.
Notice that we have in effect inlined the PLT stub.

This comes with  caveats.  This cannot be generally done for all
functions marked extern as it is impossible for the compiler to say if
a function is "truly extern" (defined in a shared library). If a
function is not truly extern(ends up defined in the final executable),
then calling it indirectly is a performance penalty as it could have
been a direct call.  Further, the newly created GOT entries are fixed
up at start-up and do not get lazily bound.

Given this, I propose adding a new option called
-fno-plt=<function-name> to the compiler.  This tells the compiler
that we know that the function is truly extern and we want the
indirect call only for these call-sites.  I have attached a patch that
adds -fno-plt= to GCC.  Any number of "-fno-plt=" can be specified and
all call-sites corresponding to these named functions will be done
indirectly using the mechanism described above without the use of a
PLT stub.

Alternatively, we can do this entirely in the linker.  We can
introduce a new relocation type to tell the linker to convert all
direct calls to truly extern functions into indirect calls via GOT
entries.  The GCC patch just seems simpler.
Also, we could link statically but we do not want that or we could
copy the specific external functions into our executable. This might
work for executable A but a different set of external functions might
be hot for executable B. We want a more general solution.


Please let me know what you think.

Thanks
Sri
-------------- next part --------------
	* common.opt (-fno-plt=): New option.
	* config/i386/i386.c (avoid_plt_to_call): New function.
	(ix86_output_call_insn):  Check if PLT needs to be avoided
	and call or jump indirectly if true.
	* opts-global.c (htab_str_eq): New function.
	(avoid_plt_fnsymbol_names_tab): New htab.
	(handle_common_deferred_options): Handle -fno-plt=

Index: common.opt
===================================================================

--- common.opt	(revision 222641)
+++ common.opt	(working copy)
@@ -1087,6 +1087,11 @@ fdbg-cnt=
 Common RejectNegative Joined Var(common_deferred_options) Defer
 -fdbg-cnt=<counter>:<limit>[,<counter>:<limit>,...]	Set the debug counter limit.   
 
+fno-plt=
+Common RejectNegative Joined Var(common_deferred_options) Defer
+-fno-plt=<symbol1>  Avoid going through the PLT when calling the specified function.
+Allow multiple instances of this option with different function names.
+
 fdebug-prefix-map=
 Common Joined RejectNegative Var(common_deferred_options) Defer
 Map one directory name to another in debug information
Index: config/i386/i386.c
===================================================================
--- config/i386/i386.c	(revision 222641)
+++ config/i386/i386.c	(working copy)
@@ -25282,6 +25282,25 @@ ix86_expand_call (rtx retval, rtx fnaddr, rtx call
   return call;
 }
 
+extern htab_t avoid_plt_fnsymbol_names_tab;
+/* If the function referenced by call_op is to a external function
+   and calls via PLT must be avoided as specified by -fno-plt=, then
+   return true.  */
+
+static int
+avoid_plt_to_call(rtx call_op)
+{
+  const char *name;
+  if (GET_CODE (call_op) != SYMBOL_REF
+      || SYMBOL_REF_LOCAL_P (call_op)
+      || avoid_plt_fnsymbol_names_tab == NULL)
+    return 0;
+  name = XSTR (call_op, 0);
+  if (htab_find_slot (avoid_plt_fnsymbol_names_tab, name, NO_INSERT) != NULL)
+    return 1;
+  return 0;
+}
+
 /* Output the assembly for a call instruction.  */
 
 const char *
@@ -25294,7 +25313,12 @@ ix86_output_call_insn (rtx insn, rtx call_op)
   if (SIBLING_CALL_P (insn))
     {
       if (direct_p)
-	xasm = "jmp\t%P0";
+	{
+	  if (avoid_plt_to_call (call_op))
+	    xasm = "jmp\t*%p0@GOTPCREL(%%rip)";
+	  else
+	    xasm = "jmp\t%P0";
+	}
       /* SEH epilogue detection requires the indirect branch case
 	 to include REX.W.  */
       else if (TARGET_SEH)
@@ -25346,9 +25370,15 @@ ix86_output_call_insn (rtx insn, rtx call_op)
     }
 
   if (direct_p)
-    xasm = "call\t%P0";
+    {
+      if (avoid_plt_to_call (call_op))
+        xasm = "call\t*%p0@GOTPCREL(%%rip)";
+      else
+        xasm = "call\t%P0";
+    }
   else
     xasm = "call\t%A0";
+ 
 
   output_asm_insn (xasm, &call_op);
 
Index: opts-global.c
===================================================================
--- opts-global.c	(revision 222641)
+++ opts-global.c	(working copy)
@@ -47,6 +47,7 @@ along with GCC; see the file COPYING3.  If not see
 #include "xregex.h"
 #include "attribs.h"
 #include "stringpool.h"
+#include "hash-table.h"
 
 typedef const char *const_char_p; /* For DEF_VEC_P.  */
 
@@ -420,6 +421,17 @@ decode_options (struct gcc_options *opts, struct g
   finish_options (opts, opts_set, loc);
 }
 
+/* Helper function for the hash table that compares the
+   existing entry (S1) with the given string (S2).  */
+
+static int
+htab_str_eq (const void *s1, const void *s2)
+{
+  return !strcmp ((const char *)s1, (const char *) s2);
+}
+
+htab_t avoid_plt_fnsymbol_names_tab = NULL;
+
 /* Process common options that have been deferred until after the
    handlers have been called for all options.  */
 
@@ -539,6 +551,15 @@ handle_common_deferred_options (void)
 	  stack_limit_rtx = gen_rtx_SYMBOL_REF (Pmode, ggc_strdup (opt->arg));
 	  break;
 
+        case OPT_fno_plt_:
+	  void **slot;
+	  if (avoid_plt_fnsymbol_names_tab == NULL)
+	    avoid_plt_fnsymbol_names_tab = htab_create (10, htab_hash_string,
+							htab_str_eq, NULL);
+          slot = htab_find_slot (avoid_plt_fnsymbol_names_tab, opt->arg, INSERT);
+          *slot = (void *)opt->arg;
+          break;
+
 	default:
 	  gcc_unreachable ();
 	}
