RFR: 8288047: Accelerate Poly1305 on x86_64 using AVX512 instructions

Jatin Bhateja jbhateja at openjdk.org
Wed Oct 19 16:30:04 UTC 2022 

On Wed, 5 Oct 2022 21:28:26 GMT, vpaprotsk <duke at openjdk.org> wrote:

> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16 message blocks at a time. For more details, left a lot of comments in `macroAssembler_x86_poly.cpp`.
> 
> - Added new KAT test for Poly1305 and a fuzz test to compare intrinsic and java.
>   - Would like to add an `InvalidKeyException` in `Poly1305.java` (see commented out block in that file), but that conflicts with the KAT. I do think we should detect (R==0 || S ==0) so would like advice please.
> - Added a JMH perf test.
>    - JMH test had to use reflection (instead of existing `MacBench.java`), since Poly1305 is not 'properly' registered with the provider.
> 
> Perf before:
> 
> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score        Error  Units
> Poly1305DigestBench.digest          64              thrpt    8  2961300.661 ± 110554.162  ops/s
> Poly1305DigestBench.digest         256              thrpt    8  1791912.962 ±  86696.037  ops/s
> Poly1305DigestBench.digest        1024              thrpt    8   637413.054 ±  14074.655  ops/s
> Poly1305DigestBench.digest       16384              thrpt    8    48762.991 ±    390.921  ops/s
> Poly1305DigestBench.digest     1048576              thrpt    8      769.872 ±      1.402  ops/s
> 
> and after:
> 
> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score        Error  Units
> Poly1305DigestBench.digest          64              thrpt    8  2841243.668 ± 154528.057  ops/s
> Poly1305DigestBench.digest         256              thrpt    8  1662003.873 ±  95253.445  ops/s
> Poly1305DigestBench.digest        1024              thrpt    8  1770028.718 ± 100847.766  ops/s
> Poly1305DigestBench.digest       16384              thrpt    8   765547.287 ±  25883.825  ops/s
> Poly1305DigestBench.digest     1048576              thrpt    8    14508.458 ±     56.147  ops/s

Some initial assembler level comments.

src/hotspot/cpu/x86/assembler_x86.cpp line 5484:

> 5482: 
> 5483: void Assembler::evpunpckhqdq(XMMRegister dst, KRegister mask, XMMRegister src1, XMMRegister src2, bool merge, int vector_len) {
> 5484:   assert(UseAVX > 2, "requires AVX512F");

Please replace flag with feature EVEX check.

src/hotspot/cpu/x86/assembler_x86.cpp line 7831:

> 7829: 
> 7830: void Assembler::vpandq(XMMRegister dst, XMMRegister nds, Address src, int vector_len) {
> 7831:   assert(VM_Version::supports_evex(), "");

Assertion should check existence of AVX512VL for non 512 but vectors.

src/hotspot/cpu/x86/assembler_x86.cpp line 7958:

> 7956: 
> 7957: void Assembler::vporq(XMMRegister dst, XMMRegister nds, Address src, int vector_len) {
> 7958:   assert(VM_Version::supports_evex(), "");

Same as above

src/hotspot/cpu/x86/stubGenerator_x86_64.cpp line 1960:

> 1958: address StubGenerator::generate_poly1305_masksCP() {
> 1959:   StubCodeMark mark(this, "StubRoutines", "generate_poly1305_masksCP");
> 1960:   address start = __ pc();

You may use [align64](https://github.com/openjdk/jdk/blob/master/src/hotspot/cpu/x86/stubGenerator_x86_64.cpp#L777) here, like

-------------

PR: https://git.openjdk.org/jdk/pull/10582

More information about the security-dev mailing list