x86-64 on Mavericks - An Illustrated History of objc

An Illustrated History of `objc_msgSend`

x86-64: Mavericks

Lion, Mountain Lion	Mavericks
// 47 instruction bytes _objc_msgSend: testq %rdi, %rdi if (self == nil) je NIL return zero testb $1, %dil if (self & 1 != 0) jne TAGGED goto tagged pointer handler movq (%rdi), %r11 class = self->isa pushq %rax save non-volatile register movq 16(%r11), %r10 cache = class->cache movl %esi, %eax _cmd LOOP: andl (%r10), %eax index = cache->mask & _cmd movq 16(%r10, %rax, 8), %r11 method = cache->buckets[index] incl %eax index++ testq %r11, %r11 if (method == nil) je MISS goto cache miss cmpq (%r11), %rsi if (method->sel != _cmd) jne LOOP scan more popq %rax restore saved register jmpq 16(%r11) jump to method->imp*	// 44 instruction bytes _objc_msgSend: testq %rdi, %rdi if (self == nil) je,pn NIL return zero testb $1, %dil if (self & 1 != 0) jne,pn TAGGED goto tagged pointer handler movq (%rdi), %r11 class = self->isa movq %rsi, %r10 _cmd andl 24(%r11), %r10d index = class->cache_mask & _cmd shlq $4, %r10 offset = index 16* addq 16(%r11), %r10 bucket = class->cache_buckets + offset cmpq (%r10), %rsi if (bucket->sel != _cmd) jne LOOP scan more jmpq 8(%r10) jump to bucket->imp*

Lion, Mountain Lion

Mavericks

// 47 instruction bytes                                                   
_objc_msgSend:                                                            
        testq   %rdi, %rdi               if (self == nil)                 
        je      NIL                          return zero                  
        testb   $1, %dil                 if (self & 1 != 0)               
        jne     TAGGED                       goto tagged pointer handler  
        movq    (%rdi), %r11             class = self->isa                
        pushq   %rax                     save non-volatile register       
        movq    16(%r11), %r10           cache = class->cache             
        movl    %esi, %eax               _cmd                             
 LOOP:  andl    (%r10), %eax             index = cache->mask & _cmd       
        movq    16(%r10, %rax, 8), %r11  method = cache->buckets[index]   
        incl    %eax                     index++                          
        testq   %r11, %r11               if (method == nil)               
        je      MISS                         goto cache miss              
        cmpq    (%r11), %rsi             if (method->sel != _cmd)         
        jne     LOOP                         scan more                    
        popq    %rax                     restore saved register           
        jmpq    *16(%r11)                jump to method->imp

// 44 instruction bytes                                                  
_objc_msgSend:                                                           
        testq   %rdi, %rdi       if (self == nil)                        
        je,pn   NIL                  return zero                         
        testb   $1, %dil         if (self & 1 != 0)                      
        jne,pn  TAGGED               goto tagged pointer handler         
        movq    (%rdi), %r11     class = self->isa                       
                                                                         
                                                                         
        movq    %rsi, %r10       _cmd                                    
        andl    24(%r11), %r10d  index = class->cache_mask & _cmd        
        shlq    $4, %r10         offset = index * 16                     
        addq    16(%r11), %r10   bucket = class->cache_buckets + offset  
                                                                         
                                                                         
        cmpq    (%r10), %rsi     if (bucket->sel != _cmd)                
        jne     LOOP                 scan more                           
                                                                         
        jmpq    *8(%r10)         jump to bucket->imp

Changes in Mavericks:

The method cache data structure is rearranged for higher speed and smaller data cache footprint but larger total dirty memory footprint. Previously, the cache header was allocated separately from the cache buckets, and each cache bucket was a pointer to a Method struct containing the SEL and IMP. This required a chain of four pointer dereferences: object->isa->cache->method->imp. Now the cache header is stored in the class itself, and each cache bucket stores a SEL and IMP directly. The pointer dereference chain is now only three: object->isa->cache->imp, resulting in fewer serialized memory accesses and fewer data cache lines touched. The disadvantage is slower cache updates (to preserve thread-safety) and more dirty memory overall (to store SELs and IMPs in both the method list and the method cache).
The new method cache data structure also requires fewer registers, so there are now zero register spills.
One-byte branch hint instruction prefixes are added to the nil check and the tagged pointer check. The CPU's instruction decoder is most efficient if the instructions are not packed too closely together, and these extra two bytes expand the first few instructions to the optimal size for current CPUs. The branch hints themselves are ignored by the CPU because its branch predictors are smarter than compile-time hinting. The only thing they do is take up space.
The cache scanning loop is moved out of the fast path. This loop peeling optimization shortens the fast path on the assumption that the cache usually hits on the first bucket.

<< Lion | index

An Illustrated History of objc_msgSend

x86-64: Mavericks

An Illustrated History of `objc_msgSend`