Resurrecting an old tradition of this blog, let’s take a simple problem, go over a way too long list of alternative solutions, and evaluate their merits.
Our simple problem is this: we want to read data encoded using some variable-bit-length code from a byte stream. Reading individual bytes, machine words etc. is directly supported by most CPUs and many programming languages, but for bit-granularity IO, you generally need to implement it yourself.
This sounds simple enough, and in some sense it is. The first source of problems is that this operation tends to be a hot spot in codecs—-and yes, compute bound, not memory or I/O bound. So we’d like not just an implementation that works; we’d like it to be efficient as well. And along the way we’ll run into many other complications: interactions with IO buffering, end-of-buffer handling, corner cases in the way bit shifts are specified both in C/C++ and in various processor architectures, as well as other bit shift peculiarities.
I’ll mainly focus on many different ways to handle the reader side in this post; essentially all techniques covered in here apply equally to the writer side, but I don’t want to double the number of algorithm variations I’m presenting. There will be plenty as it is.
Degrees of freedom
“Read a variable number of bits” is not a sufficient problem specification. There are lots of plausible ways to pack bits into bytes, and all have their strengths and weaknesses that I’ll go into later. For now, let’s just cover the differences.
The first major decision to make is whether fields are packed MSB-first or LSB-first (“most significant bit” and “least significant bit”, respectively). That is, if we call our to-be-implemented function getbits and run the code sequence
a = getbits(4);
b = getbits(3);
on some bitstream that we just opened, we expect both values to come from the same byte, but how are they arranged in that byte? If bits are packed MSB-first, then “a” occupies 4 bits starting at the MSB, and “b” is below “a”, leading to this arrangement:
![MSB-first bit packing]()
I’m numbering bits with the LSB being bit 0 and increasing towards the MSB, which is the conventional ordering in most contexts. LSB-first packing is the opposite, where the first field occupies bit 0 and later fields proceed upwards:
![LSB-first bit packing]()
Both conventions are used in everyday file formats. For example, JPEG uses MSB-first bit packing for its bitstream, and DEFLATE (zip) uses LSB-first.
The next question we have to settle is what’s supposed to happen when a value ends up spanning multiple bytes. Say we have another value, “c”, that we want to encode in 5 bits. What do we want to end up with? We can postpone the issue slightly be declaring that we’re packing values into 32-bit words or 64-bit words and not bytes, but ultimately we’ll have to settle on something. This is where we suddenly get a whole lot of different variants, and I’m only going to cover the main contenders.
We can think of MSB-first bit packing as iterating over our bitfield “c” from its MSB towards the LSB, inserting one bit at a time. And once we fill up one byte, we start with the next byte. Following these rules for our new bitfield c, this is where the bits end up in our stream:
![MSB-first bit packing across multiple bytes]()
Note that by following these rules, we end up with the same two bytes we would have gotten from MSB-first bit packing into a big integer and then stored it in big-endian byte order. If we had instead decided to split c such that its LSB goes into the first byte and the four higher-order bits into the second byte, this wouldn’t have worked. I’m going to call bit-packing rules that are self-consistent like that “natural” rules.
LSB-first bit-packing of course also has its corresponding natural rule, which is to insert the new value bit by bit starting from the LSB upwards, and if we do that here, we end up with this bit stream:
![LSB-first bit packing across multiple bytes]()
LSB-first natural packing gives us the same bytes as LSB-first packing into a big integer then storing it in little-endian byte order. Also, we’re clearly running into some awkwardness with the drawing here: the logically contiguous packing of c into multiple bytes looks discontinuous when drawing it like this, whereas the drawing for the MSB-first packing looked the way you’d expect. But there’s trouble brewing there too: in the MSB-first drawing, we’re numbering the bits in increasing order from right to left (as is common) and the bytes in increasing order from left to right (as is also common).
Here’s what happens with the LSB-first bit diagram if we draw bit 0 (the LSB) in each byte at the left and bit 7 (the MSB) at the right:
![LSB-first bitpacking across multiple bytes, LSB->MSB from left to right]()
If you draw it this way, it looks the way you’d expect. Putting the MSB on the right feels weird when thinking of a byte as a number and much less weird when you just think about it as an array of 8 bits (which is, effectively, what we’re treating it as when we’re doing bit-wise IO).
Incidentally, some big-endian architectures (e.g. IBM POWER) do number bits this way – bit 0 is the MSB, bit 31 (or 63) is the LSB. Diagramming MSB-first bit packing on such a machine with bit 0=MSB, and also numbering our own bit fields so that their bit 0 corresponds to the MSB, we’d get the exact same diagram (but it would mean something slightly different). This convention makes bit and byte ordering consistent (nice) but breaks the handy convention of bit k corresponding to a value of 2k (less nice).
And if the idea of renumbering bits so bit 0 is the MSB breaks your head, you can also leave the bit numbering as it is but be a rebel and draw byte addresses increasing to the left. Or alternatively keep drawing increasing addresses to the right but be a slightly different kind of rebel and write your byte stream backwards. If you do either of those, you end up with this layout:
![LSB-first bitpacking across multiple bytes, reverse byte order]()
I realize this is getting confusing, and I’ll stop now, but I’m trying to make an actual point here: you should not get too attached to the way this stuff is drawn. It’s easy to fool yourself into thinking that one variant is better than another because it looks prettier, but the conventions of drawing bytes left to right and bits within them right to left are completely arbitrary, and no matter which one you pick, they always end up having that One Weird Thing about them.
It turns out that MSB-first and LSB-first packing conventions both have advantages and disadvantages, and it’s much more useful to think of them as tools with different areas of application than it is to designate one as the “right way” and the other as the “wrong way”. As for byte order, and whether to pack values into bytes, words, or something larger, I highly recommend that you use whatever the natural order for your bit-packing convention is: MSB-first corresponds naturally to big-endian style byte ordering, and LSB-first corresponds naturally to little-endian byte ordering. Unless you’re writing byte streams in reverse—believe it or not, there’s good reasons to do that too—in which case we have reverse-order MSB-first corresponding to little-endian and reverse-order LSB-first corresponding to big-endian.
The reason to prefer “natural” orders is that they tend to give you more freedom for different implementations. A natural-order stream admits a variety of different decoders (and encoders), all with different trade-offs (and good on different targets). “Unnatural” orders are usually designed with exactly one implementation in mind and tend to very awkward to decode any other way.
Our first getbits (bit extract)
Now that we’ve specified the problem sufficiently, we can implement a solution. A particularly simple version is possible if we assume the entire bit stream is sequential in memory (as a byte array) and also completely ignore, for the time being, such pesky issues as running into the end of the array. Let’s just pretend it’s infinite! (Or large enough and zero-padded, anyway.)
In that case, we can base everything on a purely functional “bit extract” function, which I am then going to illustrate a number of issues that come up in all kind of bit-reading functions. Let’s start with LSB-first bit packing:
// Treating buf[] as a giant little-endian integer, grab "width"
// bits starting at bit number "pos" (LSB=bit 0).
uint64_t bit_extract_lsb(const uint8_t *buf, size_t pos, int width) {
assert(width >= 0 && width <= 64 - 7);
// Read a 64-bit little-endian number starting from the byte
// containing bit number "pos" (relative to "buf").
uint64_t bits = read64LE(&buf[pos / 8]);
// Shift out the bits inside the first byte that we've
// already consumed.
// After this, the LSB of our bit field is in the LSB of bits.
bits >>= pos % 8;
// Return the low "width" bits, zeroing the rest via bit mask.
return bits & ((1ull << width) - 1);
}
// State variable, assumed to be local variables, or factored
// into some object; hopefully not actual globals.
const uint8_t *bitstream; // The input bistream
size_t bit_pos; // Current position in the stream, in bits.
uint64_t getbits_extract_lsb(int width) {
// Read the bits
uint64_t result = bit_extract_lsb(bitstream, bit_pos, width);
// Advance the cursor
bit_pos += width;
return result;
}
We’re just using the fact I noted earlier that a LSB-first bit stream is just a big little-endian number. We first grab 64 contiguous byte-aligned bits starting from the first byte containing any bits we care about, do a right shift to get rid of the remaining 0-7 extra bits below the first bit we care about, and then return the result masked to the desired width.
Depending on the value of pos, that right shift can cost us an extra 7 bits. So even though we read a full 64 bits, the maximum number of bits we can read in one go with the code above is 64-7=57 bits.
With bitextract in hand, getbits is straightforward; we just keep track of the current position in the bitstream (in bits), and increment it after reading. Easy.
The corresponding MSB-first variant works out quite similarly, except for one annoying issue I’ll explain after showing the code:
// Treating buf[] as a giant big-endian integer, grab "width"
// bits starting at bit number "pos" (MSB=bit 0).
uint64_t bit_extract_msb(const uint8_t *buf, size_t pos, int width) {
assert(width >= 1 && width <= 64 - 7);
// Read a 64-bit big-endian number starting from the byte
// containing bit number "pos" (relative to "buf").
uint64_t bits = read64BE(&buf[pos / 8]);
// Shift out the bits we've already consumed.
// After this, the MSB of our bit field is in the MSB of bits.
bits <<= pos % 8;
// Return the top "width" bits.
return bits >> (64 - width);
}
uint64_t getbits_extract_msb(int width) {
// Read the bits
uint64_t result = bit_extract_msb(bitstream, bit_pos, width);
// Advance the cursor
bit_pos += width;
return result;
}
This works very similar to the one before: read 64 contiguous byte-aligned bits (big-endian this time), do a left shift to align the top of the bit field we want with the MSB of bits (where before, we did a right shift to align the bottom of our bit field with the LSB of bits), and then do a right shift to place the top width bits at the bottom to return them, because when somebody calls getbits(3), they generally expect to see a value between 0 and 7 inclusive.
Shift boundary cases
So what’s the problem? Well, this version doesn’t allow width to be zero. The issue is that if we allow width == 0, then the final shift will try to right-shift a 64-bit value by 64 bits, and that’s undefined behavior in C/C++! In this case, we may only shift by 0 through 63.
Now, in some cases, C/C++ leave details unspecified for backwards-compatibility with machines essentially nobody cares about at this point. Not requiring that the representation of signed numbers use two’s complement being a famous example; while non-two’s complement architectures exist, they’re all museum pieces at this point.
Sadly, this is not one of these cases. Here’s what happens on different widespread CPU architectures when the shift amount is out of range:
- For 32-bit x86 and x86-64, shift amounts are interpreted mod 32 for operand widths of 32 bits and lower, and mod 64 for 64-bit operands. So right-shifting a 64-bit value by 64 will yield the same as shifting by 0, i.e. a no-op.
- In 32-bit ARM (A32/T32 instruction sets), shift amounts are taken mod 256. Right-shifting a 32-bit value by 32 (or 64) will hence yield 0, as will right-shifting it by 255, but right-shifting it by 256 will leave the value untouched.
- In 64-bit ARM (A64 ISA), shift amounts are taken mod 32 for 32-bit shifts and mod 64 for 64-bit shifts (essentially the same as x86-64).
- RISC-V also follows the same rule: 32-bit shifts distances are mod 32, 64-bit shift distances are mod 64.
- For POWER/PowerPC, 32-bit shifts take the shift amount mod 64 and 64-bit shifts take the shift amount mod 128.
To make matters even more confusing, in most of these instruction sets with SIMD extensions, the SIMD integer instructions have different out-of-range shift behavior
than the non-SIMD instructions. In short, this is one of those cases where there’s actual architectural differences between mainstream platforms; POWER and RISC-V might be a bit obscure for most of you, but say 32-bit vs. 64-bit ARM both have hundreds of millions of devices sold at this point.
Therefore, even if all the compiler does with that right-shift is to emit the corresponding right-shift instruction for the target architecture (which is generally what happens), you will still see different behavior on different architectures, and on both ARM A64 and x86-64, the result of a shift by 64 will be effectively a no-op, and getbits(0) will therefore (generally) return a non-0 value, where one would expect that it’s always zero.
Why does it matter in the first place? Having a hard-coded getbits(0) is indeed not an interesting use case; but sometimes you might want to perform a getbits(x) for some variable x, where x can be zero in some cases, and it’s nice for that case to just work and not require some special-case testing.
If you really need that case to work, one option is to explicitly test for width == 0 and handle that specially; another is to use an branch-less expression that works for zero widths, for example this variant used in Yann Collet‘s FSE:
// Return the top "width" bits, avoiding width==0 edge cases.
return (bits >> 1) >> (63 - width);
This particular case is easier to handle with LSB-first bit streams. And while I’m mentioning them, let’s talk about the masking operation I used to isolate the lowest width bits:
// Return the low "width" bits, zeroing the rest via bit mask.
return bits & ((1ull << width) - 1);
There’s an equivalent form that is slightly cheaper on architectures with a three-operand and-with-complement (AND-NOT) instruction. This includes many RISC CPUs as well as x86s with BMI1. Namely, we can take a mask of all-1 bits, left-shift it to introduce width zeroes at the bottom, then complement the whole thing:
return bits & ~(~0ull << width);
If you’re on an x86 with not just BMI1, but also BMI2 support, you can also use the BZHI instruction that is tailor-made for this use case, if you can figure out how to make your compiler emit it (or use assembly). Yet another option that is advantageous in some cases is to simply prepare a small look-up table of bit masks, which then simplifies the code into
return bits & width_to_mask_table[width];
It may feel ridiculous to prepare a lookup table storing the result of two integer operations, especially since computing the address of the table element to load usually involves both a shift and an addition—the exact two operations we’d be performing if we didn’t have the table!—but there’s a method to this madness: the required address calculation can be done as part of the memory access in a single load instruction on e.g. x86 and ARM machines, and so this shift and add get executed on an Address Generation Unit (AGU) as part of the load pipeline of the CPU, not with integer arithmetic and shift instructions. So counter-intuitive as it may sound, replacing two integer ALU instruction with one integer load instruction like this can result in a noticeable speed-up in bit-IO-intensive code, because it balances the workload better between available execution units.
Another interesting property is that the LSB-first version using the mask table lookup only performs one shift by a variable amount (to shift out the already-consumed bits). This matters because, for a variety of (often banal) reasons, integer shifts by a variable amount are more expensive than shifts by a compile-time constant amount on many micro-architectures. For example, the Cell PPU/Xbox 360 Xenon CPU were infamous for having variable-distance shifts that stalled the CPU core for a whopping 12 cycles, whereas regular shifts were pipelined and would complete in two cycles. Less drastically, on many Intel x86 microarchitectures, “traditional” variable x86 shifts (SHR reg, cl and friends) are about three times as expensive as shifts by a compile-time constant.
This seems like another way in which the MSB-first variant is behind: the variants we’ve seen so far perform either two or three shifts per extract operation, two of which are variable-distance. But there’s a trick to get down to a single shift-type operation, namely by using a bit rotate (cyclical shift) instead of a regular shift:
// Treating buf[] as a giant big-endian integer, grab "width"
// bits starting at bit number "pos" (MSB=bit 0).
uint64_t bit_extract_rot(const uint8_t *buf, size_t pos, int width) {
assert(width >= 0 && width <= 64 - 7);
// Read a 64-bit big-endian number starting from the byte
// containing bit number "pos" (relative to "buf").
uint64_t bits = read64BE(&buf[pos >> 3]);
// Rotate left to align the bottom of our bit field with the LSB.
bits = rotate_left64(bits, (pos & 7) + width);
// Return the bottom "width" bits.
// (Using a table here, but the other ways of masking discussed
// for LSB-first bit IO also work.)
return bits & width_to_mask_table[width];
}
Here, the rotate-left (which you need to figure out how to best access in your C compiler yourself; I want to avoid further digressions) first takes up the work of the original left-shift, and then rotates by an extra “width” bits to make our bit field wrap around from the most-significant bits of the value down to the least-significant, where we can then mask it the same way as in the LSB-first variant.
Oh, and I’ve also started writing the division by 8 as shift-right by 3, and the mod-8 of our unsigned position as a binary AND with 7. These are equivalent substitutions, and you’ll see both forms in real-world code, so I figured I’d mix it up a little.
This rotate-style masking operation was how we (being RAD Game Tools) used to perform bit reading on the Cell PPU and Xbox 360, purely because the variable-distance shifts were so dismal on that particular core. And I’ll note that this version also has no problems whatsoever with width == 0; the only problem is its dependence on rotate instructions, which are available (and fast) in most architectures, but tend to be somewhat inconvenient to access from C code.
At this point, I’ve talked a lot about many, many different ways to do a bit shifting and masking, and I’ll be referring back to these later. What I haven’t shown you yet is any actual practical bit IO logic—the bit extraction form is a useful starting point, and convenient to explain these concepts in without having to worry about state, but you’re unlikely to ever use it as presented in any production code, not least because it assumes that the entire bit stream is in memory and will gleefully read past the end of the buffer during normal operation!
However, this post is already long enough that WordPress editing is starting to get sluggish on me. So what I’ll do is split this up into a multi-part series; you get to take a breather, and we’ll meet back in the next part. Until then!
for the set 
of integers mod N (feel free to ignore the notation if you’re not familiar with it).![[a,b] \mod N := \begin{cases} \{ a, a + 1, \hdots, b \} & \mbox{if } a \le b \\ \{ a, a + 1, \hdots, N - 1 \} \cup \{ 0, 1, \hdots, b \} & \mbox{if } a > b \end{cases}](http://s0.wp.com/latex.php?latex=%5Ba%2Cb%5D+%5Cmod+N+%3A%3D+%5Cbegin%7Bcases%7D++%5C%7B+a%2C+a+%2B+1%2C+%5Chdots%2C+b+%5C%7D+%26+%5Cmbox%7Bif+%7D+a+%5Cle+b+%5C%5C++%5C%7B+a%2C+a+%2B+1%2C+%5Chdots%2C+N+-+1+%5C%7D+%5Ccup+%5C%7B+0%2C+1%2C+%5Chdots%2C+b+%5C%7D+%26+%5Cmbox%7Bif+%7D+a+%3E+b++%5Cend%7Bcases%7D&bg=f9f7f5&fg=444444&s=0 "[a,b] \mod N := \begin{cases} \{ a, a + 1, \hdots, b \} & \mbox{if } a \le b \\ \{ a, a + 1, \hdots, N - 1 \} \cup \{ 0, 1, \hdots, b \} & \mbox{if } a > b \end{cases}")
![Interval [14,1] on the number line](http://fgiesen.files.wordpress.com/2015/09/line1.png?w=497)
![Interval [14,1] on a circle](http://fgiesen.files.wordpress.com/2015/09/circle.png?w=497)
![[a,b] = \{ x \in \mathbb{R} | a \le x \le b \}](http://s0.wp.com/latex.php?latex=%5Ba%2Cb%5D+%3D+%5C%7B+x+%5Cin+%5Cmathbb%7BR%7D+%7C+a+%5Cle+x+%5Cle+b+%5C%7D&bg=f9f7f5&fg=444444&s=0 "[a,b] = \{ x \in \mathbb{R} | a \le x \le b \}")
.
is not in any useful sense “less” or “greater” than the set 
. Viewed in that light, the definition for [a,b] mod N given above is outright weird; the case distinction between “a ≤ b” and “a > b” is testing a condition that doesn’t really make sense in terms of the concepts being expressed.
from the integers mod N to the natural numbers (hence the explicit use of mod as a binary operation). The distances are regular non-negative integers; while points in the integers mod N can’t be meaningfully compared, distances can. That’s why they’re useful to us. Also note that the “mod N” here is the modulus under Euclidean/floor division – that is, a non-negative value smaller than N.![[a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,+}(a,x) \le d^{\,+}(a,b) \}](http://s0.wp.com/latex.php?latex=%5Ba%2Cb%5D+%5Cpmod+N+%3A%3D+%5C%7B+x+%5Cin+%5Cmathbb%7BZ%7D_N+%7C+%5C%3Bd%5E%7B%5C%2C%2B%7D%28a%2Cx%29+%5Cle+d%5E%7B%5C%2C%2B%7D%28a%2Cb%29+%5C%7D&bg=f9f7f5&fg=444444&s=0 "[a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,+}(a,x) \le d^{\,+}(a,b) \}")
![[a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,-}(b,x) \le d^{\,-}(b,a) \}](http://s0.wp.com/latex.php?latex=%5Ba%2Cb%5D+%5Cpmod+N+%3A%3D+%5C%7B+x+%5Cin+%5Cmathbb%7BZ%7D_N+%7C+%5C%3Bd%5E%7B%5C%2C-%7D%28b%2Cx%29+%5Cle+d%5E%7B%5C%2C-%7D%28b%2Ca%29+%5C%7D&bg=f9f7f5&fg=444444&s=0 "[a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,-}(b,x) \le d^{\,-}(b,a) \}")
![(a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,-}(b,x) < d^{\,-}(b,a) \}](http://s0.wp.com/latex.php?latex=%28a%2Cb%5D+%5Cpmod+N+%3A%3D+%5C%7B+x+%5Cin+%5Cmathbb%7BZ%7D_N+%7C+%5C%3Bd%5E%7B%5C%2C-%7D%28b%2Cx%29+%3C+d%5E%7B%5C%2C-%7D%28b%2Ca%29+%5C%7D&bg=f9f7f5&fg=444444&s=0 "(a,b] \pmod N := \{ x \in \mathbb{Z}_N | \;d^{\,-}(b,x) < d^{\,-}(b,a) \}")
![[a,b]](http://s0.wp.com/latex.php?latex=%5Ba%2Cb%5D&bg=f9f7f5&fg=444444&s=0 "[a,b]")
(or the half-open variants) into testing 
against 
. Once we move the start point of the interval to 0, we don’t have to worry about wrap-around happening in inconvenient places anymore; comparing the integers directly works fine. Score one for symmetry.![([a,b] \cap [c,d]) \ne \emptyset](http://s0.wp.com/latex.php?latex=%28%5Ba%2Cb%5D+%5Ccap+%5Bc%2Cd%5D%29+%5Cne+%5Cemptyset&bg=f9f7f5&fg=444444&s=0 "([a,b] \cap [c,d]) \ne \emptyset")
![(c \in [a,b])](http://s0.wp.com/latex.php?latex=%28c+%5Cin+%5Ba%2Cb%5D%29&bg=f9f7f5&fg=444444&s=0 "(c \in [a,b])")
or ![(a \in [c,d])](http://s0.wp.com/latex.php?latex=%28a+%5Cin+%5Bc%2Cd%5D%29&bg=f9f7f5&fg=444444&s=0 "(a \in [c,d])")
. In words, the two (non-empty) intervals overlap if and only if at least one of a or c is inside the respective other interval.
” ![c \in [c,d]](http://s0.wp.com/latex.php?latex=c+%5Cin+%5Bc%2Cd%5D&bg=f9f7f5&fg=444444&s=0 "c \in [c,d]")
, so if we also have ![c \in [a,b]](http://s0.wp.com/latex.php?latex=c+%5Cin+%5Ba%2Cb%5D&bg=f9f7f5&fg=444444&s=0 "c \in [a,b]")
, then that gives us a point in the intersection of [a,b] and [c,d], which therefore can’t be empty. Likewise with a. Therefore, if either of the two conditions on the right-hand side holds, we indeed have a non-empty intersection.
” The intersection isn’t empty, so take ![x \in ([a,b] \cap [c,d])](http://s0.wp.com/latex.php?latex=x+%5Cin+%28%5Ba%2Cb%5D+%5Ccap+%5Bc%2Cd%5D%29&bg=f9f7f5&fg=444444&s=0 "x \in ([a,b] \cap [c,d])")
. x is in both intervals. Informally, we now “slide” x to the “left” (in negative direction) through the intersection until we hit either of the interval end points a or c. Formally, consider the distances from the interval start points to x 
and 
. Suppose that da ≤ dc. Then we have
bits to encode a final state of x. Charles has already 
coding operations, and still has some parallelism while doing so. This is not very exciting for a 2× or 4× interleaved coder, but for GPU applications N is typically on the order of 32 or 64, and at that level it’s definitely interesting.
; for example, this crops up in boundary tag-using memory allocators when the user requests aligned memory. Such allocators put a header before allocated blocks (just before the address returned to the caller). For the user-visible pointer to be aligned by say 32, that header needs to fall at an address that’s off alignment by a specified distance (which brings us to our problem).
. We’re adding a non-negative value to x, so it’s clear that the result is ≥ x (provided there is no overflow). And we’re adding the smallest possible value we can to get to a value that’s congruent to k (mod N); I wrote about similar things before in my post 
