Use macro rather than manually setting thumb bit in debugger.cpp

[platform/upstream/coreclr.git] / Documentation / design-docs / inline-size-estimates.md

# Inline Size Estimates 

Note this is work in progress....

Inlining is a heuristic-based optimization. There are some cases where
it's obvious that a particular inline is good or bad for performance,
but more typically, things are not that clear. In those cases where
the benfit is in doubt, the compiler will rely on heurstics, typically
based on various estimates of an inline's size impact, speed impact,
or other important factors.

In this writeup we consider approaches to what should be the simplest
of these estimates: the size impact of an inline.

## Background

There are a number of interesting facets to the inline size estimate
problem, but let's start with some generalities. Suppose we have some
size estimate for the caller `C` (ignoring for the moment exactly what
we are measuring), say `CallerSize`, and some size estimate for the
callee `E`, say `CalleeSize`. Now suppose we are contemplating what
would happen if `E` is inlined into `C` to create `C'`. We'd like some
sort of size estimate `CallerSize'`.  The simplest estimate is that
`CallerSize'` = `CallerSize + CalleeSize`.

```
(1)  `CallerSize'` = `CallerSize + CalleeSize`
```

However, calling conventions impose some addtional code overhead on
both the caller and callee. The caller must set up arguments in
registers or on the stack, and if there is a return value, might need
to move it or store it somewhere. It also might need to spill values
that are stored in caller-saved registers around the call.

The callee must set up a stack frame and possibly spill callee-save
registers it intends to use, and then ultimately must undo all this.

When we inline `E` into `C`, none of this calling convention setup is
necessary. So one can imagine that there is some additional size
savings from inlining, one that depends on the calling convention and
the number and kind of arguments passed from caller to callee.

```
(2)  CallerSize' = CallerSize + CalleeSize - Overhead
```

Note that it's entirely possible that `Overhead > CalleeSize`, so
that `CallerSize' < CallerSize`, that is the inline not only results
in faster code but also in smaller code. Indeed this state of affars
is increasingly common with that advent of modern programming styles
that emphasize building functionality out of lots of small procedures.

Alternatively, we can compute the size impact as the size change of C
because of the inline of E:

```
(2)  SizeImpact = CallerSize - CallerSize'
```

or with a bit of math,

```
(2)  SizeImpact = Overhead - CalleeSize
```

Now let's look at some actual data to see how well this simple model
for `SizeImpact` holds up. The data below shows the measured size
impact of a single inline into various calling methods in mscorlib.
This data was obtained by first compiling all the methods without
inlining to obtain a baseline size as measured by the encoded
instruction size in bytes.  The inliner was then modified so it would
only do a single inline per caller, with the candidate chosen by a
parameter `k` that could be varied externally. mscorlib was then
repeatedly compiled with varying values of `k`, and the inlines
performed and the subsequent modified caller sizes recorded. This data
was then permuted and histogrammed to show the variety of `SizeImpact`
values for a fixed `E`.  Since the calling convention and number and
kind of parameters is fixed across all observations for a fixed `E`,
the better model would predict `SizeImpact` is the same in every
case.

In this first example, case `E` is `System.Object:.ctor()`, which is
close to the simplest possible callee -- it takes one argument and has
no return value. In all the observed cases the `SizeImpact` is
negative, but it's far from the same in every case.


```
Inlining for System.Object:.ctor():this (size 6)
Instances 1160 Mean SizeImpact -12.53 Min -52 Max -5
Distribution
  less than -50:   1
      [-50,-41]:   0    1    1    0    0    1    0    0    1    1
      [-40,-31]:   0    1    0    0    1    0    0    3    1    2
      [-30,-21]:   1    3    2    2    1    8   76    5   22   18
      [-20,-11]:  38   23   98    7   29    4    8   27   14   21
      [-10, -1]:   1  362  373    0    0    3    0    0    0    0
      [  0,  9]:   0    0    0    0    0    0    0    0    0    0
      [ 10, 19]:   0    0    0    0    0    0    0    0    0    0
      [ 20, 29]:   0    0    0    0    0    0    0    0    0    0
      [ 30, 39]:   0    0    0    0    0    0    0    0    0    0
      [ 40, 49]:   0    0    0    0    0    0    0    0    0    0
greater than 49:   0
```

It should be evident from this set of observations that `SizeImpact`
cannot be completely characterized by a simple formula like `(2)`. For
this inlinee, inlining always saves at least 5 bytes, roughly half the time 
it saves 8 or 9 bytes, on average it saves about 12.5 bytes, but it often
saves considerably more.

Other inlinees show similar spreads in `SizeImpact`. Here we see a case
where sometimes the `SizeImpact` is negative and other times it's
positive.

```
Inlining for System.Threading.CancellationToken:get_IsCancellationRequested():bool:this (size 29) 
Instances 42 SizeImpact Mean 11.33 Min -20 Max 28
Distribution
  less than -50:   0
      [-50,-41]:   0    0    0    0    0    0    0    0    0    0 
      [-40,-31]:   0    0    0    0    0    0    0    0    0    0 
      [-30,-21]:   0    0    0    0    0    0    0    0    0    0 
      [-20,-11]:   1    0    0    0    0    0    0    1    0    0 
      [-10, -1]:   0    2    0    0    0    0    0    0    1    2 
      [  0,  9]:   0    0    1    1    0    2    0    1    4    1 
      [ 10, 19]:   1    0    1    0    4    1    2    1    2    6 
      [ 20, 29]:   0    0    2    0    2    0    0    0    3    0 
      [ 30, 39]:   0    0    0    0    0    0    0    0    0    0 
      [ 40, 49]:   0    0    0    0    0    0    0    0    0    0 
greater than 49:   0
```

Not all inlinee `SizeImpacts` exhibit such wide distributions. Some spread
just a little:

```
Inlining for System.Environment:GetResourceString(ref):ref (size 15) 
Instances 2238 SizeImpact Mean 0.01 Min -3 Max 6
Distribution
  less than -50:   0 
      [-50,-41]:   0    0    0    0    0    0    0    0    0    0 
      [-40,-31]:   0    0    0    0    0    0    0    0    0    0 
      [-30,-21]:   0    0    0    0    0    0    0    0    0    0 
      [-20,-11]:   0    0    0    0    0    0    0    0    0    0 
      [-10, -1]:   0    0    0    0    0    0    0    7    0    7 
      [  0,  9]:2212    3    0    5    0    0    4    0    0    0 
      [ 10, 19]:   0    0    0    0    0    0    0    0    0    0 
      [ 20, 29]:   0    0    0    0    0    0    0    0    0    0 
      [ 30, 39]:   0    0    0    0    0    0    0    0    0    0 
      [ 40, 49]:   0    0    0    0    0    0    0    0    0    0 
greater than 49:   0
```

and some not at all:

```
Inlining for System.DateTime:get_Ticks():long:this (size 15)
Instances 129 SizeImpact Mean 0.00 Min 0 Max 0
Distribution
  less than -50:   0 
      [-50,-41]:   0    0    0    0    0    0    0    0    0    0 
      [-40,-31]:   0    0    0    0    0    0    0    0    0    0 
      [-30,-21]:   0    0    0    0    0    0    0    0    0    0 
      [-20,-11]:   0    0    0    0    0    0    0    0    0    0 
      [-10, -1]:   0    0    0    0    0    0    0    0    0    0 
      [  0,  9]: 129    0    0    0    0    0    0    0    0    0 
      [ 10, 19]:   0    0    0    0    0    0    0    0    0    0 
      [ 20, 29]:   0    0    0    0    0    0    0    0    0    0 
      [ 30, 39]:   0    0    0    0    0    0    0    0    0    0 
      [ 40, 49]:   0    0    0    0    0    0    0    0    0    0 
greater than 49:   0
```

So it appears there must be other -- perhaps many -- factors that
influence the `SizeImpact` of a particular inline. The question is,
what factors are important, how do we measure them, and how do they
they combine to influence the overall result? The remainder of this
document will look into some of the ways we can answer this question.

## Some Ground Rules

Before we move on, however, we should address what kind of information
will actually be available to observe and use in building a heuristic
model.

It's not realistic to feed the heuristic on the actual encoded size of
methods. While compiling a method `C` obtaining the encoded size of
`C` is problematic. It's also quite likely that the encoded size of
the inlinee `E` is unknown, except possibly in some AOT scenarios
where one could generally arrange for methods to be compiled in
bottom-up order (that is, callees before callers). While one could
imagine spending compile time doing experimental compilations of `C`'s
and `E`'s to see what code size results, this is probably too costly
to be practical.

Second, even if we could obtain the actual size of prospective inline
candidates, we might not want to use this data. The final code
sequence emitted by the compiler depends intimately on details of the
target archtecture, runtime conventions (ABIs), and capabilites of the
compiler phases that run after inlining. If we allow feedback into hey
heuristics by incorporating data from these "downstream" sources, we
introduce various forms of coupling that have important
consequences. For example, it would be challenging to work on a
downstream phase (say, register allocation) if some trivial change to
allocation in an inlinee `E` perturbs inlining decisions for other
methods like `C`. Likewise we may or may not want to allow runtime
conventions to influence inlining -- if our application can run cross
platform (say in both Windows and Linux) we might not want the various
versions to exhibit vastly different inlining patterns.

For that reason, we intend to restrict the information we can use in
forming heuristics to things that are generally true of the caller and
callee, and the general capabilities of the downstream phases. For the
caller and callee this largely means information that can be obtained
by inspecting either the input to the compiler, or the compiler's IR
in the stages leading up to inlining, and perhaps (if available) some
carefully chosen information obtained from actual compilation of the
callee.

At the same time, we still intend for the predictions made by the
heuristics to be indicative of the final binary size. We have no other
reliable source of truth to guide us.

Given all this, we can restate the central question as: how best can
the compiler estimate the ultimate size impact of an inline while
restricting itself to considering features that are generally true of
caller, callee, and the capabilities of the compiler?

## Building a Heuristic Manually

The tried-and-true approach is to build the heuristic manually. There
are two prongs to the approach: the first is case analysis of actual
behavior, and the second is modelling based on the compiler writer's
experience and intution.

### Some Case Analysis

#### Case 1: Maximal Savings

It's always instructive to look at actual behavior, so let's consider
some of the cases. From the table above for `System.Object:.ctor()` we
see a number of cases where there were large savings in byte size. The
most significant of these is the following:

```
Inline System.Object:.ctor():this
into   System.IO.UnmanagedMemoryAccessor:.ctor(ref,long,long,int):this
CalleeSize  = 6
CallerSize  = 72
CallerSize' = 24 
SizeImpact  = -48
```

where `System.Object:.ctor():this` is simply:

```Assembly
; System.Object:.ctor():this
; Total bytes of code 6, prolog size 5
       0F1F440000           nop      
       C3                   ret      
```

As an aside, one might wonder why there are 5 bytes of nops here --
they are put there to support the *rejit* feature used by the
application insights framework.

The caller's source code shows it simply delegates immediately to
another method to initialize the object:

```C#
 UnmanagedMemoryAccessor(
     SafeBuffer buffer, Int64 offset, 
     Int64 capacity, FileAccess access) {
   Initialize(buffer, offset, capacity, access);
 }
```

Here's the code before the inline:

```Assembly
; BEFORE
; System.IO.UnmanagedMemoryAccessor:.ctor(ref,long,long,int):this
; Total bytes of code 72, prolog size 10
       4156                 push     r14
       57                   push     rdi
       56                   push     rsi
       55                   push     rbp
       53                   push     rbx
       4883EC20             sub      rsp, 32
       488BF1               mov      rsi, rcx
       488BFA               mov      rdi, rdx
       498BD8               mov      rbx, r8
       498BE9               mov      rbp, r9
       488BCE               mov      rcx, rsi
       E800000000           call     System.Object:.ctor():this
       448B742470           mov      r14d, dword ptr [rsp+70H]
       4489742470           mov      dword ptr [rsp+70H], r14d
       488BCE               mov      rcx, rsi
       488BD7               mov      rdx, rdi
       4C8BC3               mov      r8, rbx
       4C8BCD               mov      r9, rbp
       488D0500000000       lea      rax, [(reloc)]
       4883C420             add      rsp, 32
       5B                   pop      rbx
       5D                   pop      rbp
       5E                   pop      rsi
       5F                   pop      rdi
       415E                 pop      r14
       48FFE0               rex.jmp  rax
```

and here's the code after the inline:

```Assembly
; AFTER
; System.IO.UnmanagedMemoryAccessor:.ctor(ref,long,long,int):this
; Total bytes of code 24, prolog size 5
       0F1F440000           nop      
       90                   nop      
       8B442428             mov      eax, dword ptr [rsp+28H]
       89442428             mov      dword ptr [rsp+28H], eax
       488D0500000000       lea      rax, [(reloc)]
       48FFE0               rex.jmp  rax
```

In both cases this method ends up tail calling to `Initialize` (via the
`rex.jmp`), passing it the exact set of arguments that
was passed to the method.

In the before case, the un-inlined call changes the method from a leaf
to a non-leaf.  Leaf functions don't need to set up their own frame,
while non-leaves do. So some of the extra code in the prolog and
epilog is the frame setup. Beyond that, however, the un-inlined callee
forces the compiler to move the arguments that will be ultimately be
passed to the tail-called method out of the volatile registers and
into preserved registers before the call, then back again to again to
the proper argument registers after the call.  And in order to use the
callee saves these registers must be pushed in the prolog and popped
in the epilog.

In the after case, no frame setup is required, no registers need to be
preserved across the call, so no registers need saving and
restoring. The two `mov`s that remain appear to be gratuitous. The
first `nop' is there for rejit padding. Not sure why the second one is
there.

So we can now see why this particular case has such extreme
`SizeImpact`: the un-inlined call triggers frame creation and a fair
amount of shuffling to accomodate the potential side effects of the
call.

#### Case 2: Typical Savings

In the data above, the inline of `System.Object:.ctor()` typically
saves either 8 or 9 bytes of code. Let's look at one such case.

```
Inline System.Object:.ctor():this
into   System.Security.SecurityElement:.ctor():this
CalleeSize = 6
CallerSize = 15
CallerSize' = 6 
SizeImpact = -9
```

Here are before and after listings for the caller:

```Assembly
; BEFORE
; System.Security.SecurityElement:.ctor():this
; Total bytes of code 15, prolog size 5
       0F1F440000           nop      
       488D0500000000       lea      rax, [(reloc)]
       48FFE0               rex.jmp  rax
```

```Assembly
; AFTER
; System.Security.SecurityElement:.ctor():this
; Total bytes of code 6, prolog size 5
       0F1F440000           nop      
       C3                   ret      
```

In this case the call site was initially handled via a tail call that
required a 7 byte `lea` and a 3 byte `rex.jmp`. With the inline all
that's left is a single byte `ret`. This case covers 154 of the 187
instances where inlining `System.Object:.ctor()` saved 9 bytes.

### Cases 3, 4: Size May Decrease or Increase

Now let's look at a set of examples where an inline can either
decrease or increase the caller size. Here's the good case:

```
Inline System.IntPtr:op_Explicit(long):long 
into   System.Runtime.InteropServices.Marshal:WriteIntPtr(ref,int,long)
CalleeSize  = 35
CallerSize  = 50
CallerSize' = 22
SizeImpact  = -28
```

Here's the callee code: 

SIGH -- turns out the above has the wrong callee size -- there are
several overloaded versions and my script picks up the wrong one.
true callee is only 9 bytes long:

```Assembly
; System.IntPtr:op_Explicit(long):long
; Total bytes of code 9, prolog size 5
       0F1F440000           nop      
       488BC1               mov      rax, rcx
       C3                   ret      
```

At any rate the `SizeImpact` is still correct.

Here's the before caller code:

```Assembly
; BEFORE
; System.Runtime.InteropServices.Marshal:WriteIntPtr(ref,int,long)
; Total bytes of code 50, prolog size 12
       55                   push     rbp
       57                   push     rdi
       56                   push     rsi
       4883EC20             sub      rsp, 32
       488D6C2430           lea      rbp, [rsp+30H]
       488BF1               mov      rsi, rcx
       8BFA                 mov      edi, edx
       498BC8               mov      rcx, r8
       E800000000           call     System.IntPtr:op_Explicit(long):long
       4C8BC0               mov      r8, rax
       8BD7                 mov      edx, edi
       488BCE               mov      rcx, rsi
       488D0500000000       lea      rax, [(reloc)]
       488D65F0             lea      rsp, [rbp-10H]
       5E                   pop      rsi
       5F                   pop      rdi
       5D                   pop      rbp
       48FFE0               rex.jmp  rax   // tail call WriteInt64
```

and the after caller code:

```Assembly
; AFTER
; System.Runtime.InteropServices.Marshal:WriteIntPtr(ref,int,long)
; Total bytes of code 22, prolog size 10
       55                   push     rbp
       4883EC20             sub      rsp, 32
       488D6C2420           lea      rbp, [rsp+20H]
       E800000000           call     System.Runtime.InteropServices.Marshal:WriteInt64(ref,int,long)
       90                   nop      
       488D6500             lea      rsp, [rbp]
       5D                   pop      rbp
       C3                   ret      
```

Somewhat confusingly, the inline has stopped the jit from making a
tail call, and the size savings should be even greater than they
are. There appears to be some kind of code generation issue within the
jit. The IL for the callee is

```
IL_0000  0f 00             ldarga.s     0x0
IL_0002  7b 8f 02 00 04    ldfld        0x400028F
IL_0007  6e                conv.u8     
IL_0008  2a                ret         

```
and the JIT rejects the tail call because

```
Rejecting tail call late for call [000008]: Local address taken
```

so presumably the `ldarga.s` in the inlinee is causing trouble.

Now let's see if that same inlinee can cause a size increase. Here's a
case:

(NOTE this is calling a different overload..., need to get this
straghtened out)

```
Inline System.IntPtr:op_Explicit(long):long [35] 
into   EventData:get_DataPointer():long:this [18] size 35 delta 17
CalleeSize  = 35
CallerSize  = 18
CallerSize' = 35
SizeImpact  = 17
```

```Assembly
; BEFORE
; EventData:get_DataPointer():long:this
; Total bytes of code 18, prolog size
       0F1F440000           nop      
       488B09               mov      rcx, qword ptr [rcx]
       488D0500000000       lea      rax, [(reloc)]
       48FFE0               rex.jmp  rax
```

```Assembly
; AFTER
; EventData:get_DataPointer():long:this
; Total bytes of code 35, prolog size 5
       4883EC28             sub      rsp, 40
       488B11               mov      rdx, qword ptr [rcx]
       33C9                 xor      rcx, rcx
       48894C2420           mov      qword ptr [rsp+20H], rcx
       488D4C2420           lea      rcx, bword ptr [rsp+20H]
       E800000000           call     System.IntPtr:.ctor(long):this
       488B442420           mov      rax, qword ptr [rsp+20H]
       4883C428             add      rsp, 40
       C3                   ret      
```

Here the un-inlined case made a tail call. The inlined case was unable
to do the same optimization for some reason, though it looks like it
should have been able to do so as well.