https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109896
Bug ID: 109896 Summary: Missed optimisation: overflow detection in multiplication instructions for operator new Product: gcc Version: 13.1.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: thiago at kde dot org Target Milestone: --- In the following code: struct S { char buf[47]; // weird size }; void *f(unsigned long paramCount) { return new S[paramCount]; } GCC generates (see https://gcc.godbolt.org/z/o5eocj5n9): movabsq $196241958230952676, %rax cmpq %rdi, %rax jb .L2 imulq $47, %rdi, %rdi jmp operator new[](unsigned long) f(unsigned long) [clone .cold]: .L2: pushq %rax call __cxa_throw_bad_array_new_length That's a slight pessimisation of the typical, non-exceptional case because of the presence of the compare instructions. On modern x86, that's 3 retire slots and 2 uops, in addition to the multiplication's 3 cycles (which may be speculated and start early). But the presence of a 10-byte instruction and the fact that the jump is further than 8-bit displacement range mean those three instructions occupy 18 bytes, meaning the front-end is sub-utilised, requiring 2 cycles to decode the 5 instructions (pre-GLC [I think] CPUs decode 4 instructions in 16 bytes per cycle). Instead, GCC should emit the multiplication and check if the overflow flag was set. I believe the optimal code for GCC would be: imulq $47, %rdi, %rdi jo .L2 jmp operator new[](unsigned long) That's 15 bytes, so 1 cycle for the decoder to decode all 3 instructions. That's 3+1 cycles and 2 retire slots before the JMP. In the Godbolt link above, Clang and MSVC emitted a CMOV: mulq %rcx movq $-1, %rdi cmovnoq %rax, %rdi jmp operator new[](unsigned long)@PLT This is slightly worse (19 bytes, 4 instructions, though also 3+1 cycles). For GCC's -fno-exceptions case, I recommend keeping the IMUL+JO case and only load -1 in the .text.unlikely section. But see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109895