The Cheap Test

It sometimes happens that code that must run fast is burdened with a very unlikely possibility that must be tested for. Often this circumstance is already tested for in the hardware and conventional hardware and compiler architectures seem unable to exploit the necessary hardware test to support the required program function. Here are some examples in C:

d==0?1000:20/d
assert(j>0);
*p = x

Case 3 is in context of a kernel and p is an address that putatively refers to a user mode address. The pointer p has thus been vetted to point to an address that will not damage the kernel, but has not been vetted to assure that p is a user mode program address to which the user has write access, as this vetting would require many extra instructions.

I will describe the solution we arrived at in assembly language for that is where it arose in the 370 Keykos kernel. I will then note that for many machines compilers could use the same mechanism.

The 370 assembly language kernel used ‘structured programming’ macros that might appear as:

  L 2,X
  CLR 2,4
  IF E
    LR 2,3
  ENDIF

The IF E would compile to a conditional branch on equal to the LR instruction which would be placed out of line with the rest of the instructions with the strategic help of assembler and loader features. The macro system would compile a branch back to the inline code after the LR 2,3. IBM's H assembler had a LOCTR pseudo op missing from many assemblers and our macros made critical use of this.

For case 1 we might write:

  DIV 2,4(R5)
  IF ZD
    LA 2,1000
  ENDIF

The assembler macro logic would generate an out of line list of the program counter values where the IF ZD had been compiled and an associated list of the addresses of the commands designed to respond to a possible zero division as detected by the hardware. The IF ZD would itself generate no inline commands. When the divisor is 0 the hardware diagnoses this and generates a trap with an instruction counter address value that appears in the first list and the interrupt routine simply searches the first list and replaces that value with the value in the corresponding list and returns.

Two costs were avoided in the typical case, the test and the conditional branch that might include arrangement for the addressability of the target command. In the untypical case the cost was much higher.

For case two we exploited the fact that a successful branch to an odd address was invalid and case 2 would be merely coded

  LTR 2,2
  CRASH LE

Case 3 would be coded:

  ST 4,6
  IF FAULT
    verify that register 6 is indeed in range reserved for user addresses to be sensitive to kernel bugs.
    transfer control to code that responds to user mode memory traps.
  ENDIF