RFR: 8371450: AES performance improvements for key schedule generation

[Shawn M Emery]

On Fri, 7 Nov 2025 17:20:05 GMT, Jamil Nimeh <jnimeh at openjdk.org> wrote:

>> This fix improves performance in the AES key schedule generation by eliminating an unnecessary object and unnecessary mask in the inverse key schedule.
>> 
>> The micro:org.openjdk.bench.javax.crypto.AESReinit benchmark results are improved by 6.96% for arm64 and 7.79% for x86_64.
>> 
>> Thank you @jnimeh for catching the unnecessary byte mask!
>
> src/java.base/share/classes/com/sun/crypto/provider/AES_Crypt.java line 986:
> 
>> 984:             int idx = kLen - widx;
>> 985: 
>> 986:             dw[idx] = TMI0[w[widx] >>> 24] ^ TMI1[(w[widx] >> 16) & 0xFF]
> 
> Do you think there would be any benefit to putting w[widx] through w[widx+3] on local int variables?  In some cases I've seen where that increases register pressure and can lead to some perf benefits.  I'm not sure if this is one of those cases but it seems like you'd only need to reference memory once instead of 4 times per assignment.

I believe my original changes here utilize a "MergeStore" technique that the compiler optimizes.  I've asked @minborg to see if I got this right.  To verify the optimization here, I used the separate local int variable technique and saw a 0.7% decrease in benchmark performance.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/28188#discussion_r2505847151