Skip to content

Use a faster safe bitwise rotate implementation.#13

Open
nmathewson wants to merge 3 commits intowahern:masterfrom
nmathewson:faster_rotate
Open

Use a faster safe bitwise rotate implementation.#13
nmathewson wants to merge 3 commits intowahern:masterfrom
nmathewson:faster_rotate

Conversation

@nmathewson
Copy link

@nmathewson nmathewson commented Mar 5, 2016

This branch replaces the rotation operation with one that compiles down to a single branchless rotate instruction (on my gcc and clang compilers). The magic trick here is the fact that :

  (v >> (c&mask)) | (v << (-c&mask))

works even when c==0, is conformant c, doesn't require a branch, and many compilers can recognize it and replace it with a rotate instruction.

I have tested this, but I haven't benchmarked it yet or tested with super-old or super-weird compilers. I would assume that eliminating these branch instructions is always a good idea, though, and it doesn't make the timeout.c code uglier.

@nmathewson
Move rotr,rotl into timeout-bitops
052a609 
This is in preparation for using faster versions.
@nmathewson
Use a branchless implementation of rotr/rotl.
585cf18 
On modern compilers, under my tests, this turns all of the rotate
functions into a single rotl/rotr instruction.  (For some links, see
BLAKE2/BLAKE2#14 . The cryptopp library
uses similar tricks.)

The previous definitions, on the other hand, include a conditional
branch instruction, which was probably slowing things down a bit.

Also add a comment to explain why we don't just do
"(v>>c)|(v<<(bits-c))" (because c can be 0).

Also add a comment to assert that we don't need to actually handle
c >= bits.

Removing all of these branch instructions ought to improve
performance a bit.
@nmathewson
Add MSVC versions of the bitwise rotation intrinsics.
b51a3aa
@nmathewson
Copy link
Author

nmathewson commented Mar 6, 2016

Hm, we'd better be careful here. I just ran the benchmarks over master and all 3 of these branches, and to my surprise they don't show a very large improvement. (I wasn't very careful in my setup, though, so maybe better benchmark run would show results better.)

@wahern
Copy link
Owner

wahern commented Mar 11, 2016

Yikes. That's alot of code for something simple. I'd rather hold off on this. I was thinking it was a small diff that reduced the overall SLoC.

Regarding branching, I recently stumbled upon the very enlightening paper, Branch Prediction and the Performance of Interpreters - Don't Trust Folklore. The takeaway is that predictors have been getting much better across the board. Haswell is so good at it that often times it's wasted effort to even think about branch optimization.

Regardless of performance, I do prefer removing conditionals as removing them them tends to make code easier to follow and manage overall, even if the details of why a condition is unneeded isn't obvious. But this patch adds more (preprocessor) conditionals and other code.

Is it okay if I cherry pick (e.g. moving rotr and rotl to timeout-bitops) so I can merge the Makefile and regression test patches?

@nmathewson
Copy link
Author

nmathewson commented Mar 11, 2016

Of course it's okay to cherry-pick. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nmathewson @wahern