How to exchange top of stack with register without implicit lock on latest 64 bit Intel CPUs?

Question

The x64 calling convention uses registers up to the first 4 parameters (rcx, rdx, r8, r9) and passes the rest of the parameters on the stack. In this case the obvious way for dealing with the supplementary parameters in an asm procedure would be the following:

procedure example(
  param1, //rcx
  param2, //rdx
  param3, //r8
  param4, //r9
  param5,
  param6
);
asm
  xchg param5, r14 // non-volatile registers, should be preserved
  xchg param6, r15 // non-volatile registers, should be preserved

  // ... procedure body, use r14–r15 for param5–param6

  mov r15, param6
  mov r14, param5  
end;

But there is a huge problem here: if memory operations are involved, XCHG instructions in Intel CPUs have an implicit LOCK which also means a huge performance penalty; that is, the bus would be locked for hundreds of clock cycles in the worst case. (BTW, I cannot really understand this implicit LOCK as having really usable and smart interlocking instructions like XADD, CMPXCHG, BTS/BTR etc.; the naked XCHG would be the last option for me if I needed thread synchronization.) So what should I do here if I want something short and elegant for using/saving/restoring params5 and params6 in/from registers? Is there perhaps a hack for preventing bus locking for XCHG instructions? Generally, what is the standard, widely used way for this situation?

Answer 1

As Ross's answer explains, the standard widely-used way is to spill (and later reload) something else to free up a tmp reg.

You're shooting yourself in the foot by loading everything into registers first, instead of loading as needed. Sometimes you can even use an arg as a memory source operand without a separate mov load at all.

---

But to answer the title question:

Despite the question title, my answer on swapping 2 registers in 8086 assembly language(16 bits) does exactly address swapping a register with memory efficiently, avoiding xchg because of the implicit lock prefix. Spill (and later reload) a tmp reg, or in the worst case, XOR-swap between reg and mem. That's horrible, and basically serves to illustrate why your whole approach will lead to an inefficient implementation.

(As Ross says, you probably aren't (yet) capable of writing asm more efficient than compilers will make. Once you understand how to create efficient asm (Agner Fog's optimization guide and microarch guide: https://agner.org/optimize/, and other links in https://stackoverflow.com/tags/x86/info) and can spot actual inefficiencies in optimized compiler output, then you could sometimes write better asm by hand if you wanted to. (Usually with compiler output as a starting point). But normally you'd just use that experience to tweak your C source to get better asm from your compiler if possible, because that's more useful/portable long-term. And it rarely matters enough to be worth hand-writing asm.

At this point you're more likely to learn techniques for making more efficient asm from looking at gcc -O3 output. But missed optimizations are not rare, and if you spot some you might report them on GCC's bugzilla.)

---

The implicit-lock semantics of xchg come from 386. The lock prefix existed since 8086 back then, for use with instructions like add/or/and/etc [mem], reg or immediate. Including lock xchg, which apparently didn't have implicit lock behaviour (even without the prefix) until 386. Or maybe not documented until then? IDK why Intel made that change. Perhaps for primitive SMP 386 systems.

The other instructions you mention were added later: bts/btr/btc in 386 (but weren't intended only for shared memory, thus an implicit lock wouldn't have made sense).

xadd in 486, and cmpxchg not until Pentium. (486 had an undocumented opcode for cmpxchg, see an old version of the NASM appendix A for commentary on it). These CPUs were designed later than 386, presumably after some initial experience with primitive SMP systems.

As you say, Intel wisely chose to not make lock implicit for those new instructions, even though the primary use-case was for atomic operations in multi-threaded code. SMP x86 machines started to become a thing with 486 and Pentium, but sync between threads on a UP machine didn't need lock. This is sort of the opposite question of Is x86 CMPXCHG atomic, if so why does it need LOCK?

8086 was a uniprocessor machine, so for synchronization between software threads, plain add [mem], reg is already atomic with respect to interrupts and thus to context swithces. (And it's impossible to have multiple threads executing at once). The legacy #LOCK external signal the docs still mention only mattered wrt. DMA observers, or for MMIO to I/O registers on devices (rather than to plain DRAM).

(On modern CPUs, xchg [mem], reg on cacheable memory that isn't split across a cache-line boundary only takes a cache-lock, making sure the line stays in MESI Exclusive or Modified state from the load reading L1d to the store committing to L1d.)

I don't know why the 8086 architect(s) (primarily Stephen Morse designed the instruction set) chose not to make non-atomic xchg with memory available. (Correction, I think he did, and it was only 386 that changed it; this answer was originally written before I knew that it was a 386 change.) Maybe on 8086 it wasn't much slower to have the CPU assert #LOCK while doing the store + load transaction? But then we were stuck with those semantics for the rest of x86. x86 design has rarely been very forward-thinking, and if the main use-case for xchg was for atomic I/O then it saved code-size to make lock implicit.

---

There is no way to disable the implicit lock in xchg [mem], reg

You need to use multiple different instructions. An xor-swap is possible but very inefficient. Still maybe not as bad as xchg, depending on the microarchitecture and the surrounding code (how much it sucks to wait for all previous stores to execute and commit to L1d cache before doing any later loads). e.g. some in flight cache-miss stores could make it very expensive vs. memory-destination xor which can leave data in the store buffer.

Compilers basically never use xchg even between registers (because it's not cheaper than 3 mov instructions on Intel, so it's not generally a useful peephole optimization to look for). They use it only to implement std::atomic stores with seq_cst memory order (because it's more efficient than mov + mfence on most uarches: Why does a std::atomic store with sequential consistency use XCHG?), and to implement std::atomic::exchange. But not std::swap with reg or memory.

It would occasionally be useful if x86 had a non-atomic 2 or 3 uop swap reg,mem, but it doesn't. There is no such instruction.

But especially with x86-64 having 16 registers, you're only having this problem because you created it for yourself. Leave yourself some scratch regs for computation.

Answer 2

Just do what compilers do. Load the arguments from the stack into registers as you need them, spilling registers to their own locations on the stack as necessary to free up registers to do so. This is the standard and widely used, if not very elegant, method for dealing with the problem of needing more registers than are available.

Also note that the Windows x64 calling convention requires that "non-volatile" (callee-saved) registers must be saved only in the prologue. (Although you can use chained unwind info to have multiple "prologues" in a function.)

So assuming you need use all the callee-saved registers and are following the Windows x64 calling convention strictly, you'd need to something like this:

example PROC    FRAME

_stack_alloc =  8   ; total stack allocation for local variables
                    ; must be MOD 16 = 8, so the stack is aligned properly;
_push_regs =    32  ; total size in bytes of the callee-saved registers
                    ; pushed on the stack

_param_adj =    _stack_alloc + _push_regs

; location of the parameters relative to RSP, including the incoming
; slots reserved for spilling parameters passed in registers

param1  =   _param_adj + 8h
param2  =   _param_adj + 10h
param3  =   _param_adj + 18h
param4  =   _param_adj + 20h
param5  =   _param_adj + 28h
param6  =   _param_adj + 30h

; location of local variables relative to RSP

temp1   =   0

    ; Save some of the callee-preserved registers
    push    rbp
    .PUSHREG rbp
    push    rbx
    .PUSHREG rbx
    push    rsi
    .PUSHREG rsi
    push    rdi
    .PUSHREG rdi

    ; Align stack and allocate space for temporary variables
    sub rsp, _stack_alloc
    .ALLOCSTACK 8

    ; Save what callee-preserved registers we can in the incoming
    ; stack slots reserved for arguments passed in registers under the
    ; assumption there's no need to save the later registers

    mov [rsp + param1], r12
    .SAVEREG r12, param1
    mov [rsp + param2], r13
    .SAVEREG r13, param2
    mov [rsp + param3], r14
    .SAVEREG r14, param3
    mov [rsp + param4], r15
    .SAVEREG r15, param4

    .ENDPROLOG

    ; ...

    ; lets say we need to access param5 and param6, but R14 
    ; is the only register available at the moment.  

    mov r14, [rsp + param5]
    mov [rsp + temp1], rax  ; spill RAX 
    mov rax, [rsp + param6]

    ; ...

    mov rax, [rsp + temp1]  ; restore RAX

    ; ...

    ; start of the "unofficial" prologue

    ; restore called-preserved registers that weren't pushed

    mov r12, [rsp + param1]
    mov r13, [rsp + param2]
    mov r14, [rsp + param3]
    mov r15, [rsp + param4]

    ; start of the "official" prologue
    ; instructions in this part are very constrained. 

    add rsp, _stack_alloc
    pop rdi
    pop rsi
    pop rbx
    pop rbp
    ret

example ENDP

Now hopefully you're asking yourself if you really need to do all this, and the answer is yes and no. There's not much you can do to simplify the assembly code. If you don't care about exception handling you don't need the unwind info directives, but you still need pretty everything else if you want your code to be as efficient as what a compiler can generate while still keeping relatively easy to maintain.

But there is a way to avoid having to do all this, just use a C/C++ compiler. There's really not much need for assembly for these days. It's unlikely you can write faster code than the compiler and you can use intrinsics to access pretty much any special assembly instruction you want to use. The compiler can worry about where stuff lives on the stack, and it can do a very good job at register allocation, minimizing the amount register saving and spilling necessary.

(Microsoft's C/C++ compiler can even generate that chained unwind info I mentioned earlier so that callee-saved registers can be saved only when necessary.)