Skip to content

cmd/compile: teach prove about incrementing, len, and overflow #36346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
josharian opened this issue Jan 1, 2020 · 3 comments
Open

cmd/compile: teach prove about incrementing, len, and overflow #36346

josharian opened this issue Jan 1, 2020 · 3 comments
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance
Milestone
Unplanned

Comments

@josharian
Copy link
Contributor

I have some hot code that looks approximately like this:

func f(a []int, i int) int {
	for i < len(a) && a[i] != 0 {
		i++
	}
	return i
}

The generated code has a bounds check on every iteration. This is because i might be negative. We can rule that out up front:

func f(a []int, i int) int {
	if i < 0 {
		panic("bad")
	}
	for i < len(a) && a[i] != 0 {
		i++
	}
	return i
}

This could should be able to go without a bounds check. i cannot be negative at the beginning. In order to become negative, it must overflow. However, it cannot overflow: It is being incremented, so it must reach len(a) before overflowing, in which case we exit the loop before evaluating a[i].

(I actually know a priori in my code that i is not negative; I'd be tempted to use #30582 here. I could also switch to i being a uint, which does remove the bounds check, but it makes other things in the real code a bit awkward.)

I don't know how hard it is to teach prove about this case.

cc @zdjones @rasky @randall77
@josharian josharian added this to the Unplanned milestone Jan 1, 2020
@josharian josharian mentioned this issue Jan 1, 2020
Closed
@rasky
Copy link
Member

rasky commented Jan 1, 2020

It should be fixed by the patch serie finishing at CL 196680. I can't test it right now though.

@toothrot toothrot added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Jan 7, 2020
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Jul 13, 2022
@jub0bs
Copy link
Contributor

jub0bs commented Apr 3, 2025
edited
Loading

@rasky Any update on this? CL 196680 was never merged, it seems.

Here is another example (adapted from internal/stringslite) which I believe would benefit from this fix:

func Cut(s, sep string) (before, after string, found bool) {
	if i := strings.Index(s, sep); i >= 0 {
		return s[:i], s[i+len(sep):], true // two bounds checks
	}
	return s, "", false
}

Two bounds checks occur on the highlighted line. The following version aims to eliminate one of the two bounds checks:

func Cut(s, sep string) (before, after string, found bool) {
	if i := strings.Index(s, sep); i >= 0 {
		after = s[i+len(sep):]    // one bounds check
		return s[:i], after, true // one (unnecessary) bounds check
	}
	return s, "", false
}

The if's condition guarantees that i is positive; and under the assumption that i + len(sep) does not overflow int, we have a guarantee that i <= i + len(sep). Therefore, I would expect no bounds check for s[:i].

@rasky
Copy link
Member

rasky commented Apr 3, 2025

I'm not currently working on this anymore, sorry.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Performance
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
5 participants
@toothrot @josharian @rasky @gopherbot @jub0bs