Re: RFR: 8288047: Accelerate Poly1305 on x86_64 using AVX512 instructions [v11]

[Sandhya Viswanathan]

On Thu, 10 Nov 2022 01:22:04 GMT, Volodymyr Paprotski <d...@openjdk.org> wrote:

>> Handcrafted x86_64 asm for Poly1305. Main optimization is to process 16 
>> message blocks at a time. For more details, left a lot of comments in 
>> `macroAssembler_x86_poly.cpp`.
>> 
>> - Added new KAT test for Poly1305 and a fuzz test to compare intrinsic and 
>> java.
>>   - Would like to add an `InvalidKeyException` in `Poly1305.java` (see 
>> commented out block in that file), but that conflicts with the KAT. I do 
>> think we should detect (R==0 || S ==0) so would like advice please.
>> - Added a JMH perf test.
>>    - JMH test had to use reflection (instead of existing `MacBench.java`), 
>> since Poly1305 is not 'properly' registered with the provider.
>> 
>> Perf before:
>> 
>> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score  
>>       Error  Units
>> Poly1305DigestBench.digest          64              thrpt    8  2961300.661 
>> ± 110554.162  ops/s
>> Poly1305DigestBench.digest         256              thrpt    8  1791912.962 
>> ±  86696.037  ops/s
>> Poly1305DigestBench.digest        1024              thrpt    8   637413.054 
>> ±  14074.655  ops/s
>> Poly1305DigestBench.digest       16384              thrpt    8    48762.991 
>> ±    390.921  ops/s
>> Poly1305DigestBench.digest     1048576              thrpt    8      769.872 
>> ±      1.402  ops/s
>> 
>> and after:
>> 
>> Benchmark                   (dataSize)  (provider)   Mode  Cnt        Score  
>>       Error  Units
>> Poly1305DigestBench.digest          64              thrpt    8  2841243.668 
>> ± 154528.057  ops/s
>> Poly1305DigestBench.digest         256              thrpt    8  1662003.873 
>> ±  95253.445  ops/s
>> Poly1305DigestBench.digest        1024              thrpt    8  1770028.718 
>> ± 100847.766  ops/s
>> Poly1305DigestBench.digest       16384              thrpt    8   765547.287 
>> ±  25883.825  ops/s
>> Poly1305DigestBench.digest     1048576              thrpt    8    14508.458 
>> ±     56.147  ops/s
>
> Volodymyr Paprotski has updated the pull request incrementally with one 
> additional commit since the last revision:
> 
>   fix windows and 32b linux builds

src/hotspot/share/opto/library_call.cpp line 6981:

> 6979: 
> 6980:   if (!stubAddr) return false;
> 6981:   Node* polyObj = argument(0);

Minor cleanup: This could be removed as it is not used.

src/java.base/share/classes/com/sun/crypto/provider/Poly1305.java line 28:

> 26: package com.sun.crypto.provider;
> 27: 
> 28: import java.lang.reflect.Field;

Minor cleanup: This could be removed.

src/java.base/share/classes/com/sun/crypto/provider/Poly1305.java line 249:

> 247:     @ForceInline
> 248:     @IntrinsicCandidate
> 249:     private void processMultipleBlocks(byte[] input, int offset, int 
> length, long[] aLimbs, long[] rLimbs) {

A comment here to indicate aLimbs and rLimbs are part of a and r and used in 
intrinsic.

src/java.base/share/classes/com/sun/crypto/provider/Poly1305.java line 253:

> 251:             n.setValue(input, offset, BLOCK_LENGTH, (byte)0x01);
> 252:             a.setSum(n);                    // A += (temp | 0x01)
> 253:             a.setProduct(r);                // A =  (A * R) % p

Comment needs update to match code.

-------------

PR: https://git.openjdk.org/jdk/pull/10582