By qiubit

2016-12-16 11:59:45 8 Comments

I've been reading about div and mul assembly operations, and I decided to see them in action by writing a simple program in C:

File division.c

#include <stdlib.h>
#include <stdio.h>

int main()
    size_t i = 9;
    size_t j = i / 5;
    return 0;

And then generating assembly language code with:

gcc -S division.c -O0 -masm=intel

But looking at generated division.s file, it doesn't contain any div operations! Instead, it does some kind of black magic with bit shifting and magic numbers. Here's a code snippet that computes i/5:

mov     rax, QWORD PTR [rbp-16]   ; Move i (=9) to RAX
movabs  rdx, -3689348814741910323 ; Move some magic number to RDX (?)
mul     rdx                       ; Multiply 9 by magic number
mov     rax, rdx                  ; Take only the upper 64 bits of the result
shr     rax, 2                    ; Shift these bits 2 places to the right (?)
mov     QWORD PTR [rbp-8], rax    ; Magically, RAX contains 9/5=1 now, 
                                  ; so we can assign it to j

What's going on here? Why doesn't GCC use div at all? How does it generate this magic number and why does everything work?


@dmeister 2020-06-10 18:22:40

I will answer from a slightly different angle: Because it is allowed to do it.

C and C++ are defined against an abstract machine. The compiler transforms this program in terms of the abstract machine to concrete machine following the as-if rule.

  • The compiler is allowed to make ANY changes as long as it doesn't change the observable behaviour as specified by the abstract machine. There is no reasonable expectation that the compiler will transform your code in the most straightforward way possible (even when a lot of C programmer assume that). Usually, it does this because the compiler wants to optimize the performance compared to the straightforward approach (as discussed in the other answers at length).
  • If under any circumstances the compiler "optimizes" a correct program to something that has a different observable behaviour, that is a compiler bug.
  • Any undefined behaviour in our code (signed integer overflow is a classical example) and this contract is void.

@abligh 2016-12-16 13:44:21

Dividing by 5 is the same as multiplying 1/5, which is again the same as multiplying by 4/5 and shifting right 2 bits. The value concerned is CCCCCCCCCCCCCCCD in hex, which is the binary representation of 4/5 if put after a hexadecimal point (i.e. the binary for four fifths is 0.110011001100 recurring - see below for why). I think you can take it from here! You might want to check out fixed point arithmetic (though note it's rounded to an integer at the end.

As to why, multiplication is faster than division, and when the divisor is fixed, this is a faster route.

See Reciprocal Multiplication, a tutorial for a detailed writeup about how it works, explaining in terms of fixed-point. It shows how the algorithm for finding the reciprocal works, and how to handle signed division and modulo.

Let's consider for a minute why 0.CCCCCCCC... (hex) or 0.110011001100... binary is 4/5. Divide the binary representation by 4 (shift right 2 places), and we'll get 0.001100110011... which by trivial inspection can be added the original to get 0.111111111111..., which is obviously equal to 1, the same way 0.9999999... in decimal is equal to one. Therefore, we know that x + x/4 = 1, so 5x/4 = 1, x=4/5. This is then represented as CCCCCCCCCCCCD in hex for rounding (as the binary digit beyond the last one present would be a 1).

@abligh 2016-12-16 18:36:20

@user2357112 feel free to post your own answer, but I don't agree. You can think of the multiply as a 64.0 bit by 0.64 bit multiply giving a 128 bit fixed point answer, of which the lowest 64 bits are discarded, then a division by 4 (as I point out in the first para). You may well be able to come up with an alternative modular arithmetic answer which explains the bit movements equally well, but I'm pretty sure this works as an explanation.

@plugwash 2016-12-16 18:44:32

The value is actually "CCCCCCCCCCCCCCCD" The last D is important, it makes sure that when the result is truncated exact divisions come out with the right answer.

@user2357112 supports Monica 2016-12-16 18:46:09

Never mind. I didn't see that they're taking the upper 64 bits of the 128-bit multiplication result; it's not something you can do in most languages, so I didn't initially realize it was happening. This answer would be much improved by an explicit mention of how taking the upper 64 bits of the 128-bit result is equivalent to multiplying by a fixed-point number and rounding down. (Also, it'd be good to explain why it has to be 4/5 instead of 1/5, and why we have to round 4/5 up instead of down.)

@abligh 2016-12-16 18:46:36

@plugwash thanks fixed - I was being lazy in typing, but have now made the rounding point.

@John Dvorak 2016-12-16 18:47:50

@plugwash I'm still not entirely sure how this correct truncation is ensured. Do you happen to have a reference handy?

@plugwash 2016-12-16 18:54:29

If the number you multiply by is slightly less than 4/5 you WILL get wrong results after truncation of the final answer for any number that is exactly divisible by 5.

@plugwash 2016-12-16 18:55:31

If it's slightly more than 4/5 then things get messier, you would have to work out the worst case error and then check if that error was large enough to cause incorrect rounding.

@abligh 2016-12-16 18:57:30

@plugwash: IE the error is less than 2^-63 in the multiplicand, so even multiplying it by 2^64, it's lost if shifted right 2?

@plugwash 2016-12-16 19:12:29

Afaict you would have to work out how big an error is needed to throw a division by 5 upwards across a rounding boundry, then compare that to the worst case error in your caclulation. Presumablly the gcc developers have done so and concluded that it will always give the correct results.

@plugwash 2016-12-16 19:15:01

Actually you probablly only need to check the 5 highest possible input values, if those round correctly everything else should too.

@rcgldr 2016-12-19 13:52:12

Here is link to a document of an algorithm that produces the values and code I see with Visual Studio (in most cases) and that I assume is still used in GCC for division of a variable integer by a constant integer.

In the article, a uword has N bits, a udword has 2N bits, n = numerator = dividend, d = denominator = divisor, ℓ is initially set to ceil(log2(d)), shpre is pre-shift (used before multiply) = e = number of trailing zero bits in d, shpost is post-shift (used after multiply), prec is precision = N - e = N - shpre. The goal is to optimize calculation of n/d using a pre-shift, multiply, and post-shift.

Scroll down to figure 6.2, which defines how a udword multiplier (max size is N+1 bits), is generated, but doesn't clearly explain the process. I'll explain this below.

Figure 4.2 and figure 6.2 show how the multiplier can be reduced to a N bit or less multiplier for most divisors. Equation 4.5 explains how the formula used to deal with N+1 bit multipliers in figure 4.1 and 4.2 was derived.

In the case of modern X86 and other processors, multiply time is fixed, so pre-shift doesn't help on these processors, but it still helps to reduce the multiplier from N+1 bits to N bits. I don't know if GCC or Visual Studio have eliminated pre-shift for X86 targets.

Going back to Figure 6.2. The numerator (dividend) for mlow and mhigh can be larger than a udword only when denominator (divisor) > 2^(N-1) (when ℓ == N => mlow = 2^(2N)), in this case the optimized replacement for n/d is a compare (if n>=d, q = 1, else q = 0), so no multiplier is generated. The initial values of mlow and mhigh will be N+1 bits, and two udword/uword divides can be used to produce each N+1 bit value (mlow or mhigh). Using X86 in 64 bit mode as an example:

; upper 8 bytes of dividend = 2^(ℓ) = (upper part of 2^(N+ℓ))
; lower 8 bytes of dividend for mlow  = 0
; lower 8 bytes of dividend for mhigh = 2^(N+ℓ-prec) = 2^(ℓ+shpre) = 2^(ℓ+e)
dividend  dq    2 dup(?)        ;16 byte dividend
divisor   dq    1 dup(?)        ; 8 byte divisor

; ...
        mov     rcx,divisor
        mov     rdx,0
        mov     rax,dividend+8     ;upper 8 bytes of dividend
        div     rcx                ;after div, rax == 1
        mov     rax,dividend       ;lower 8 bytes of dividend
        div     rcx
        mov     rdx,1              ;rdx:rax = N+1 bit value = 65 bit value

You can test this with GCC. You're already seen how j = i/5 is handled. Take a look at how j = i/7 is handled (which should be the N+1 bit multiplier case).

On most current processors, multiply has a fixed timing, so a pre-shift is not needed. For X86, the end result is a two instruction sequence for most divisors, and a five instruction sequence for divisors like 7 (in order to emulate a N+1 bit multiplier as shown in equation 4.5 and figure 4.2 of the pdf file). Example X86-64 code:

;       rax = dividend, rbx = 64 bit (or less) multiplier, rcx = post shift count
;       two instruction sequence for most divisors:

        mul     rbx                     ;rdx = upper 64 bits of product
        shr     rdx,cl                  ;rdx = quotient
;       five instruction sequence for divisors like 7
;       to emulate 65 bit multiplier (rbx = lower 64 bits of multiplier)

        mul     rbx                     ;rdx = upper 64 bits of product
        sub     rbx,rdx                 ;rbx -= rdx
        shr     rbx,1                   ;rbx >>= 1
        add     rdx,rbx                 ;rdx = upper 64 bits of corrected product
        shr     rdx,cl                  ;rdx = quotient
;       ...

@Peter Cordes 2016-12-20 04:07:36

That paper describes implementing it in gcc, so I think it's a safe assumption that the same algo is still used.

@Ed Grimm 2019-01-29 05:45:06

That paper dated 1994 describes implementing it in gcc, so there's been time for gcc to update its algorithm. Just in case others don't have the time to check to see what the 94 in that URL means.

@Sneftel 2016-12-16 12:09:40

Integer division is one of the slowest arithmetic operations you can perform on a modern processor, with latency up to the dozens of cycles and bad throughput. (For x86, see Agner Fog's instruction tables and microarch guide).

If you know the divisor ahead of time, you can avoid the division by replacing it with a set of other operations (multiplications, additions, and shifts) which have the equivalent effect. Even if several operations are needed, it's often still a heck of a lot faster than the integer division itself.

Implementing the C / operator this way instead of with a multi-instruction sequence involving div is just GCC's default way of doing division by constants. It doesn't require optimizing across operations and doesn't change anything even for debugging. (Using -Os for small code size does get GCC to use div, though.) Using a multiplicative inverse instead of division is like using lea instead of mul and add

As a result, you only tend to see div or idiv in the output if the divisor isn't known at compile-time.

For information on how the compiler generates these sequences, as well as code to let you generate them for yourself (almost certainly unnecessary unless you're working with a braindead compiler), see libdivide.

@fuz 2016-12-16 12:40:42

Actually not. If I recall correctly, the slowest arithmetic operation on modern intel processors are fbstp and fbld if I recall correctly.

@fuz 2016-12-16 14:52:29

Huch? When I first read your answer I was pretty sure it read "Integer division is the slowest operation..."

@Cody Gray 2016-12-16 15:00:16

I'm not sure it's fair to lump together FP and integer operations in a speed comparison, @fuz. Perhaps Sneftel should be saying that division is the slowest integer operation you can perform on a modern processor? Also, some links to further explanations of this "magic" have been provided in comments. Do you think they'd be appropriate to collect in your answer for visibility? 1, 2, 3

@Peter Cordes 2016-12-16 15:55:11

Because the sequence of operations is functionally identical ... this is always a requirement, even at -O3. The compiler has to make code that gives correct results for all possible input values. This only changes for floating point with -ffast-math, and AFAIK there are no "dangerous" integer optimizations. (With optimization enabled, the compiler might be able to prove something about the possible range of values which lets it use something that only works for non-negative signed integers for example.)

@Peter Cordes 2016-12-16 16:00:11

The real answer is that gcc -O0 still transforms code through internal representations as part of turning C into machine code. It just happens that modular multiplicative inverses are enabled by default even at -O0 (but not with -Os). Other compilers (like clang) will use DIV for non-power-of-2 constants at -O0. related: I think I included a paragraph about this in my Collatz-conjecture hand-written asm answer

@Sneftel 2016-12-16 16:06:42

@PeterCordes My point about "functionally identical" was WRT the grouped instructions themselves. No reordering or hoisting or anything involved; just a set of instructions that are identical to the div.

@Peter Cordes 2016-12-16 16:21:03

Right yeah, I figured that out while replying to the OP's comments on the question. It's just another way to implement the C / operator, and doesn't need to optimize between C statements or do anything that would affect debugging. But note that neither the C standard nor the gcc documentation guarantees that there's a mode that maps C statements to target asm in any kind of simple way.

@Peter Cordes 2016-12-16 16:41:52

I made an edit which removes the "functionally identical" wording which I think different people might interpret different ways. It's your answer, so please review my edit. (I changed first para to "integer operation", because interrupts and main-memory round trips are even slower).

@Peter Cordes 2016-12-16 16:44:25

Also, are you sure about using IDIV for signed division by constants? I don't think gcc -O2 or -O3 would ever do that, unless there are divisors for which no inverse exists. gcc6.2 -O0 uses IDIV even when it takes a ton of instructions: I think you should just say that you get DIV and IDIV for non-constant divisors.

@Sneftel 2016-12-16 20:14:59

@PeterCordes No, that's my mistake. I vaguely remembered that there were some numbers which created problems for the multiplicative inverse method, but I was mistaken.

@Sneftel 2016-12-16 20:19:45

@PeterCordes And yeah, I think GCC (and lots of other compilers) have forgotten to come up with a good rationale for "what sorts of optimizations apply when optimization is disabled". Having spent the better part of a day tracking down an obscure codegen bug, I'm a bit annoyed about that just at the moment.

@dan04 2016-12-16 23:37:55

@Sneftel: That's probably just because the number of application developers who actively complain to the compiler developers about their code running faster than expected is relatively small.

@Justin Time - Reinstate Monica 2016-12-17 22:01:03

@Sneftel MSVC is more cautious about doing some micro-optimisations when you don't explicitly tell it to optimise code; for at least some versions, this appears to be one of them.

@plugwash 2016-12-16 21:04:04

In general multiplication is much faster than division. So if we can get away with multiplying by the reciprocal instead we can significantly speed up division by a constant

A wrinkle is that we cannot represent the reciprocal exactly (unless the division was by a power of two but in that case we can usually just convert the division to a bit shift). So to ensure correct answers we have to be careful that the error in our reciprocal does not cause errors in our final result.

-3689348814741910323 is 0xCCCCCCCCCCCCCCCD which is a value of just over 4/5 expressed in 0.64 fixed point.

When we multiply a 64 bit integer by a 0.64 fixed point number we get a 64.64 result. We truncate the value to a 64-bit integer (effectively rounding it towards zero) and then perform a further shift which divides by four and again truncates By looking at the bit level it is clear that we can treat both truncations as a single truncation.

This clearly gives us at least an approximation of division by 5 but does it give us an exact answer correctly rounded towards zero?

To get an exact answer the error needs to be small enough not to push the answer over a rounding boundary.

The exact answer to a division by 5 will always have a fractional part of 0, 1/5, 2/5, 3/5 or 4/5 . Therefore a positive error of less than 1/5 in the multiplied and shifted result will never push the result over a rounding boundary.

The error in our constant is (1/5) * 2-64. The value of i is less than 264 so the error after multiplying is less than 1/5. After the division by 4 the error is less than (1/5) * 2−2.

(1/5) * 2−2 < 1/5 so the answer will always be equal to doing an exact division and rounding towards zero.

Unfortunately this doesn't work for all divisors.

If we try to represent 4/7 as a 0.64 fixed point number with rounding away from zero we end up with an error of (6/7) * 2-64. After multiplying by an i value of just under 264 we end up with an error just under 6/7 and after dividing by four we end up with an error of just under 1.5/7 which is greater than 1/7.

So to implement divison by 7 correctly we need to multiply by a 0.65 fixed point number. We can implement that by multiplying by the lower 64 bits of our fixed point number, then adding the original number (this may overflow into the carry bit) then doing a rotate through carry.

@Peter Cordes 2016-12-17 04:08:51

This answer turned modular multiplicative inverses from "math that looks more complicated than I want to take the time for" into something that makes sense. +1 for the easy-to-understand version. I've never needed to do anything other than just use compiler-generated constants, so I've only skimmed other articles explaining the math.

@plugwash 2016-12-17 13:05:56

I don't see anything to do with modular arithmetic in the code at all. Dunno where some other commenters are getting that from.

@Peter Cordes 2016-12-17 16:49:07

It's modulo 2^n, like all integer math in a register.…

@plugwash 2016-12-17 18:24:32

No operation in the sequence can possiblly wrap since the output of the multiplication is double the size of the inputs. So modulo behaviour is irrelevent.

@plugwash 2016-12-17 18:35:51

If he was taking the lower 64 bits of the muliply rather than the upper 64 bits we would be talking about modular arithmetic but he isn't, so we aren't.

@Peter Cordes 2016-12-17 18:40:26

Maybe I'm misusing the terminology, but I thought this was the proper name for the technique. Further googling shows that other discussion of the technique usually just calls it "multiplicative inverses". However, Granlund & Montgomery's paper about the technique and implementing it in gcc does say "The multiplicative inverse dinv of dodd modulo 2^N can be found...". I think the "modular" comes in because it only has to work for inputs from 0 to 2^n - 1, rather than for any mathematical integer. I agree there's no modulo when using it.

@harold 2016-12-17 23:16:02

@PeterCordes modular multiplicative inverses are used for exact division, afaik they're not useful for general division

@Peter Cordes 2016-12-18 21:01:04

@harold: So is there a specific name for this technique of doing fixed-width-integer division by multiplying with a "magic" number and using the high half of the result? Is it just "multiplicative inverse"? I was hoping for something more specific, which wouldn't apply to the similar floating-point optimization.

@harold 2016-12-18 21:06:15

@PeterCordes multiplication by fixed-point reciprocal? I don't know what everyone calls it but I'd probably call it that, it's fairly descriptive

@rcgldr 2016-12-19 13:30:35

In the case of some divisors, such as j = i / 7, a 65 bit multiplier is needed. The code that deals with this case is a bit more complicated.

Related Questions

Sponsored Content

15 Answered Questions

[SOLVED] Integer division with remainder in JavaScript?

5 Answered Questions

[SOLVED] Why does the C preprocessor interpret the word "linux" as the constant "1"?

6 Answered Questions

2 Answered Questions

[SOLVED] Fast Division on GCC/ARM

12 Answered Questions

9 Answered Questions

[SOLVED] Why does the order in which libraries are linked sometimes cause errors in GCC?

  • 2008-09-05 02:24:19
  • Landon
  • 177861 View
  • 451 Score
  • 9 Answer
  • Tags:   gcc linker

4 Answered Questions

[SOLVED] How do I achieve the theoretical maximum of 4 FLOPs per cycle?

1 Answered Questions

[SOLVED] Memory allocation and addressing in Assembly

  • 2019-01-17 05:01:39
  • D Kar
  • 587 View
  • 0 Score
  • 1 Answer
  • Tags:   c assembly x86-64

Sponsored Content