Problems with AES-GCM native acceleration
Andrew Haley
aph at redhat.com
Fri Nov 30 16:10:09 UTC 2018
On 11/21/18 5:37 PM, Andrew Haley wrote:
> On 11/15/18 10:42 AM, Gidon Gershinsky wrote:
>> Having the decryption optimized in the HotSpot engine would be ideal.
>
> I agree with you. I did a few experiments, and it can take a very
> long time for C2 compilation to kick in, especially because GCM is
> glacially slow until the intrinsics are used.
>
> I think this would be a generally useful enhancement to HotSpot,
> and I'm kicking around an experimental patch which adds the
> intrinsics to c1 and the interpreter.
There's a proof-of-concept patch at http://cr.openjdk.java.net/~aph/gctr/
It's all rather hacky but it works.
The patch is rather more complicated than I would have liked. We
could simplify it somewhat by getting rid of the C1 intrinsic, and
instead making C1 call the interpreter implementation.
There also a jmh benchmark in that directory. Test results for 1Mb
look like this:
Interp:
Benchmark Mode Cnt Score Error Units
AESGCMUpdateAAD2.test avgt 5 1426.275 ± 8.778 us/op
C1:
Benchmark Mode Cnt Score Error Units
AESGCMUpdateAAD2.test avgt 5 1359.367 ± 8.196 us/op
C2:
Benchmark Mode Cnt Score Error Units
AESGCMUpdateAAD2.test avgt 5 1333.863 ± 18.385 us/op
--
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the hotspot-dev
mailing list