ia64.S revision 142425
1.explicit 2.text 3.ident "ia64.S, Version 2.1" 4.ident "IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>" 5 6// 7// ==================================================================== 8// Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL 9// project. 10// 11// Rights for redistribution and usage in source and binary forms are 12// granted according to the OpenSSL license. Warranty of any kind is 13// disclaimed. 14// ==================================================================== 15// 16// Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is 17// different from Itanium to this module viewpoint. Most notably, is it 18// "wider" than Itanium? Can you experience loop scalability as 19// discussed in commentary sections? Not really:-( Itanium2 has 6 20// integer ALU ports, i.e. it's 2 ports wider, but it's not enough to 21// spin twice as fast, as I need 8 IALU ports. Amount of floating point 22// ports is the same, i.e. 2, while I need 4. In other words, to this 23// module Itanium2 remains effectively as "wide" as Itanium. Yet it's 24// essentially different in respect to this module, and a re-tune was 25// required. Well, because some intruction latencies has changed. Most 26// noticeably those intensively used: 27// 28// Itanium Itanium2 29// ldf8 9 6 L2 hit 30// ld8 2 1 L1 hit 31// getf 2 5 32// xma[->getf] 7[+1] 4[+0] 33// add[->st8] 1[+1] 1[+0] 34// 35// What does it mean? You might ratiocinate that the original code 36// should run just faster... Because sum of latencies is smaller... 37// Wrong! Note that getf latency increased. This means that if a loop is 38// scheduled for lower latency (as they were), then it will suffer from 39// stall condition and the code will therefore turn anti-scalable, e.g. 40// original bn_mul_words spun at 5*n or 2.5 times slower than expected 41// on Itanium2! What to do? Reschedule loops for Itanium2? But then 42// Itanium would exhibit anti-scalability. So I've chosen to reschedule 43// for worst latency for every instruction aiming for best *all-round* 44// performance. 45 46// Q. How much faster does it get? 47// A. Here is the output from 'openssl speed rsa dsa' for vanilla 48// 0.9.6a compiled with gcc version 2.96 20000731 (Red Hat 49// Linux 7.1 2.96-81): 50// 51// sign verify sign/s verify/s 52// rsa 512 bits 0.0036s 0.0003s 275.3 2999.2 53// rsa 1024 bits 0.0203s 0.0011s 49.3 894.1 54// rsa 2048 bits 0.1331s 0.0040s 7.5 250.9 55// rsa 4096 bits 0.9270s 0.0147s 1.1 68.1 56// sign verify sign/s verify/s 57// dsa 512 bits 0.0035s 0.0043s 288.3 234.8 58// dsa 1024 bits 0.0111s 0.0135s 90.0 74.2 59// 60// And here is similar output but for this assembler 61// implementation:-) 62// 63// sign verify sign/s verify/s 64// rsa 512 bits 0.0021s 0.0001s 549.4 9638.5 65// rsa 1024 bits 0.0055s 0.0002s 183.8 4481.1 66// rsa 2048 bits 0.0244s 0.0006s 41.4 1726.3 67// rsa 4096 bits 0.1295s 0.0018s 7.7 561.5 68// sign verify sign/s verify/s 69// dsa 512 bits 0.0012s 0.0013s 891.9 756.6 70// dsa 1024 bits 0.0023s 0.0028s 440.4 376.2 71// 72// Yes, you may argue that it's not fair comparison as it's 73// possible to craft the C implementation with BN_UMULT_HIGH 74// inline assembler macro. But of course! Here is the output 75// with the macro: 76// 77// sign verify sign/s verify/s 78// rsa 512 bits 0.0020s 0.0002s 495.0 6561.0 79// rsa 1024 bits 0.0086s 0.0004s 116.2 2235.7 80// rsa 2048 bits 0.0519s 0.0015s 19.3 667.3 81// rsa 4096 bits 0.3464s 0.0053s 2.9 187.7 82// sign verify sign/s verify/s 83// dsa 512 bits 0.0016s 0.0020s 613.1 510.5 84// dsa 1024 bits 0.0045s 0.0054s 221.0 183.9 85// 86// My code is still way faster, huh:-) And I believe that even 87// higher performance can be achieved. Note that as keys get 88// longer, performance gain is larger. Why? According to the 89// profiler there is another player in the field, namely 90// BN_from_montgomery consuming larger and larger portion of CPU 91// time as keysize decreases. I therefore consider putting effort 92// to assembler implementation of the following routine: 93// 94// void bn_mul_add_mont (BN_ULONG *rp,BN_ULONG *np,int nl,BN_ULONG n0) 95// { 96// int i,j; 97// BN_ULONG v; 98// 99// for (i=0; i<nl; i++) 100// { 101// v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); 102// nrp++; 103// rp++; 104// if (((nrp[-1]+=v)&BN_MASK2) < v) 105// for (j=0; ((++nrp[j])&BN_MASK2) == 0; j++) ; 106// } 107// } 108// 109// It might as well be beneficial to implement even combaX 110// variants, as it appears as it can literally unleash the 111// performance (see comment section to bn_mul_comba8 below). 112// 113// And finally for your reference the output for 0.9.6a compiled 114// with SGIcc version 0.01.0-12 (keep in mind that for the moment 115// of this writing it's not possible to convince SGIcc to use 116// BN_UMULT_HIGH inline assembler macro, yet the code is fast, 117// i.e. for a compiler generated one:-): 118// 119// sign verify sign/s verify/s 120// rsa 512 bits 0.0022s 0.0002s 452.7 5894.3 121// rsa 1024 bits 0.0097s 0.0005s 102.7 2002.9 122// rsa 2048 bits 0.0578s 0.0017s 17.3 600.2 123// rsa 4096 bits 0.3838s 0.0061s 2.6 164.5 124// sign verify sign/s verify/s 125// dsa 512 bits 0.0018s 0.0022s 547.3 459.6 126// dsa 1024 bits 0.0051s 0.0062s 196.6 161.3 127// 128// Oh! Benchmarks were performed on 733MHz Lion-class Itanium 129// system running Redhat Linux 7.1 (very special thanks to Ray 130// McCaffity of Williams Communications for providing an account). 131// 132// Q. What's the heck with 'rum 1<<5' at the end of every function? 133// A. Well, by clearing the "upper FP registers written" bit of the 134// User Mask I want to excuse the kernel from preserving upper 135// (f32-f128) FP register bank over process context switch, thus 136// minimizing bus bandwidth consumption during the switch (i.e. 137// after PKI opration completes and the program is off doing 138// something else like bulk symmetric encryption). Having said 139// this, I also want to point out that it might be good idea 140// to compile the whole toolkit (as well as majority of the 141// programs for that matter) with -mfixed-range=f32-f127 command 142// line option. No, it doesn't prevent the compiler from writing 143// to upper bank, but at least discourages to do so. If you don't 144// like the idea you have the option to compile the module with 145// -Drum=nop.m in command line. 146// 147 148#if defined(_HPUX_SOURCE) && !defined(_LP64) 149#define ADDP addp4 150#else 151#define ADDP add 152#endif 153 154#if 1 155// 156// bn_[add|sub]_words routines. 157// 158// Loops are spinning in 2*(n+5) ticks on Itanuim (provided that the 159// data reside in L1 cache, i.e. 2 ticks away). It's possible to 160// compress the epilogue and get down to 2*n+6, but at the cost of 161// scalability (the neat feature of this implementation is that it 162// shall automagically spin in n+5 on "wider" IA-64 implementations:-) 163// I consider that the epilogue is short enough as it is to trade tiny 164// performance loss on Itanium for scalability. 165// 166// BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num) 167// 168.global bn_add_words# 169.proc bn_add_words# 170.align 64 171.skip 32 // makes the loop body aligned at 64-byte boundary 172bn_add_words: 173 .prologue 174 .fframe 0 175 .save ar.pfs,r2 176{ .mii; alloc r2=ar.pfs,4,12,0,16 177 cmp4.le p6,p0=r35,r0 };; 178{ .mfb; mov r8=r0 // return value 179(p6) br.ret.spnt.many b0 };; 180 181 .save ar.lc,r3 182{ .mib; sub r10=r35,r0,1 183 mov r3=ar.lc 184 brp.loop.imp .L_bn_add_words_ctop,.L_bn_add_words_cend-16 185 } 186 .body 187{ .mib; ADDP r14=0,r32 // rp 188 mov r9=pr };; 189{ .mii; ADDP r15=0,r33 // ap 190 mov ar.lc=r10 191 mov ar.ec=6 } 192{ .mib; ADDP r16=0,r34 // bp 193 mov pr.rot=1<<16 };; 194 195.L_bn_add_words_ctop: 196{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++) 197 (p18) add r39=r37,r34 198 (p19) cmp.ltu.unc p56,p0=r40,r38 } 199{ .mfb; (p0) nop.m 0x0 200 (p0) nop.f 0x0 201 (p0) nop.b 0x0 } 202{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++) 203 (p58) cmp.eq.or p57,p0=-1,r41 // (p20) 204 (p58) add r41=1,r41 } // (p20) 205{ .mfb; (p21) st8 [r14]=r42,8 // *(rp++)=r 206 (p0) nop.f 0x0 207 br.ctop.sptk .L_bn_add_words_ctop };; 208.L_bn_add_words_cend: 209 210{ .mii; 211(p59) add r8=1,r8 // return value 212 mov pr=r9,0x1ffff 213 mov ar.lc=r3 } 214{ .mbb; nop.b 0x0 215 br.ret.sptk.many b0 };; 216.endp bn_add_words# 217 218// 219// BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num) 220// 221.global bn_sub_words# 222.proc bn_sub_words# 223.align 64 224.skip 32 // makes the loop body aligned at 64-byte boundary 225bn_sub_words: 226 .prologue 227 .fframe 0 228 .save ar.pfs,r2 229{ .mii; alloc r2=ar.pfs,4,12,0,16 230 cmp4.le p6,p0=r35,r0 };; 231{ .mfb; mov r8=r0 // return value 232(p6) br.ret.spnt.many b0 };; 233 234 .save ar.lc,r3 235{ .mib; sub r10=r35,r0,1 236 mov r3=ar.lc 237 brp.loop.imp .L_bn_sub_words_ctop,.L_bn_sub_words_cend-16 238 } 239 .body 240{ .mib; ADDP r14=0,r32 // rp 241 mov r9=pr };; 242{ .mii; ADDP r15=0,r33 // ap 243 mov ar.lc=r10 244 mov ar.ec=6 } 245{ .mib; ADDP r16=0,r34 // bp 246 mov pr.rot=1<<16 };; 247 248.L_bn_sub_words_ctop: 249{ .mii; (p16) ld8 r32=[r16],8 // b=*(bp++) 250 (p18) sub r39=r37,r34 251 (p19) cmp.gtu.unc p56,p0=r40,r38 } 252{ .mfb; (p0) nop.m 0x0 253 (p0) nop.f 0x0 254 (p0) nop.b 0x0 } 255{ .mii; (p16) ld8 r35=[r15],8 // a=*(ap++) 256 (p58) cmp.eq.or p57,p0=0,r41 // (p20) 257 (p58) add r41=-1,r41 } // (p20) 258{ .mbb; (p21) st8 [r14]=r42,8 // *(rp++)=r 259 (p0) nop.b 0x0 260 br.ctop.sptk .L_bn_sub_words_ctop };; 261.L_bn_sub_words_cend: 262 263{ .mii; 264(p59) add r8=1,r8 // return value 265 mov pr=r9,0x1ffff 266 mov ar.lc=r3 } 267{ .mbb; nop.b 0x0 268 br.ret.sptk.many b0 };; 269.endp bn_sub_words# 270#endif 271 272#if 0 273#define XMA_TEMPTATION 274#endif 275 276#if 1 277// 278// BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) 279// 280.global bn_mul_words# 281.proc bn_mul_words# 282.align 64 283.skip 32 // makes the loop body aligned at 64-byte boundary 284bn_mul_words: 285 .prologue 286 .fframe 0 287 .save ar.pfs,r2 288#ifdef XMA_TEMPTATION 289{ .mfi; alloc r2=ar.pfs,4,0,0,0 };; 290#else 291{ .mfi; alloc r2=ar.pfs,4,12,0,16 };; 292#endif 293{ .mib; mov r8=r0 // return value 294 cmp4.le p6,p0=r34,r0 295(p6) br.ret.spnt.many b0 };; 296 297 .save ar.lc,r3 298{ .mii; sub r10=r34,r0,1 299 mov r3=ar.lc 300 mov r9=pr };; 301 302 .body 303{ .mib; setf.sig f8=r35 // w 304 mov pr.rot=0x800001<<16 305 // ------^----- serves as (p50) at first (p27) 306 brp.loop.imp .L_bn_mul_words_ctop,.L_bn_mul_words_cend-16 307 } 308 309#ifndef XMA_TEMPTATION 310 311{ .mmi; ADDP r14=0,r32 // rp 312 ADDP r15=0,r33 // ap 313 mov ar.lc=r10 } 314{ .mmi; mov r40=0 // serves as r35 at first (p27) 315 mov ar.ec=13 };; 316 317// This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium 318// L2 cache (i.e. 9 ticks away) as floating point load/store instructions 319// bypass L1 cache and L2 latency is actually best-case scenario for 320// ldf8. The loop is not scalable and shall run in 2*(n+12) even on 321// "wider" IA-64 implementations. It's a trade-off here. n+24 loop 322// would give us ~5% in *overall* performance improvement on "wider" 323// IA-64, but would hurt Itanium for about same because of longer 324// epilogue. As it's a matter of few percents in either case I've 325// chosen to trade the scalability for development time (you can see 326// this very instruction sequence in bn_mul_add_words loop which in 327// turn is scalable). 328.L_bn_mul_words_ctop: 329{ .mfi; (p25) getf.sig r36=f52 // low 330 (p21) xmpy.lu f48=f37,f8 331 (p28) cmp.ltu p54,p50=r41,r39 } 332{ .mfi; (p16) ldf8 f32=[r15],8 333 (p21) xmpy.hu f40=f37,f8 334 (p0) nop.i 0x0 };; 335{ .mii; (p25) getf.sig r32=f44 // high 336 .pred.rel "mutex",p50,p54 337 (p50) add r40=r38,r35 // (p27) 338 (p54) add r40=r38,r35,1 } // (p27) 339{ .mfb; (p28) st8 [r14]=r41,8 340 (p0) nop.f 0x0 341 br.ctop.sptk .L_bn_mul_words_ctop };; 342.L_bn_mul_words_cend: 343 344{ .mii; nop.m 0x0 345.pred.rel "mutex",p51,p55 346(p51) add r8=r36,r0 347(p55) add r8=r36,r0,1 } 348{ .mfb; nop.m 0x0 349 nop.f 0x0 350 nop.b 0x0 } 351 352#else // XMA_TEMPTATION 353 354 setf.sig f37=r0 // serves as carry at (p18) tick 355 mov ar.lc=r10 356 mov ar.ec=5;; 357 358// Most of you examining this code very likely wonder why in the name 359// of Intel the following loop is commented out? Indeed, it looks so 360// neat that you find it hard to believe that it's something wrong 361// with it, right? The catch is that every iteration depends on the 362// result from previous one and the latter isn't available instantly. 363// The loop therefore spins at the latency of xma minus 1, or in other 364// words at 6*(n+4) ticks:-( Compare to the "production" loop above 365// that runs in 2*(n+11) where the low latency problem is worked around 366// by moving the dependency to one-tick latent interger ALU. Note that 367// "distance" between ldf8 and xma is not latency of ldf8, but the 368// *difference* between xma and ldf8 latencies. 369.L_bn_mul_words_ctop: 370{ .mfi; (p16) ldf8 f32=[r33],8 371 (p18) xma.hu f38=f34,f8,f39 } 372{ .mfb; (p20) stf8 [r32]=f37,8 373 (p18) xma.lu f35=f34,f8,f39 374 br.ctop.sptk .L_bn_mul_words_ctop };; 375.L_bn_mul_words_cend: 376 377 getf.sig r8=f41 // the return value 378 379#endif // XMA_TEMPTATION 380 381{ .mii; nop.m 0x0 382 mov pr=r9,0x1ffff 383 mov ar.lc=r3 } 384{ .mfb; rum 1<<5 // clear um.mfh 385 nop.f 0x0 386 br.ret.sptk.many b0 };; 387.endp bn_mul_words# 388#endif 389 390#if 1 391// 392// BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) 393// 394.global bn_mul_add_words# 395.proc bn_mul_add_words# 396.align 64 397.skip 48 // makes the loop body aligned at 64-byte boundary 398bn_mul_add_words: 399 .prologue 400 .fframe 0 401 .save ar.pfs,r2 402 .save ar.lc,r3 403 .save pr,r9 404{ .mmi; alloc r2=ar.pfs,4,4,0,8 405 cmp4.le p6,p0=r34,r0 406 mov r3=ar.lc };; 407{ .mib; mov r8=r0 // return value 408 sub r10=r34,r0,1 409(p6) br.ret.spnt.many b0 };; 410 411 .body 412{ .mib; setf.sig f8=r35 // w 413 mov r9=pr 414 brp.loop.imp .L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16 415 } 416{ .mmi; ADDP r14=0,r32 // rp 417 ADDP r15=0,r33 // ap 418 mov ar.lc=r10 } 419{ .mii; ADDP r16=0,r32 // rp copy 420 mov pr.rot=0x2001<<16 421 // ------^----- serves as (p40) at first (p27) 422 mov ar.ec=11 };; 423 424// This loop spins in 3*(n+10) ticks on Itanium and in 2*(n+10) on 425// Itanium 2. Yes, unlike previous versions it scales:-) Previous 426// version was peforming *all* additions in IALU and was starving 427// for those even on Itanium 2. In this version one addition is 428// moved to FPU and is folded with multiplication. This is at cost 429// of propogating the result from previous call to this subroutine 430// to L2 cache... In other words negligible even for shorter keys. 431// *Overall* performance improvement [over previous version] varies 432// from 11 to 22 percent depending on key length. 433.L_bn_mul_add_words_ctop: 434.pred.rel "mutex",p40,p42 435{ .mfi; (p23) getf.sig r36=f45 // low 436 (p20) xma.lu f42=f36,f8,f50 // low 437 (p40) add r39=r39,r35 } // (p27) 438{ .mfi; (p16) ldf8 f32=[r15],8 // *(ap++) 439 (p20) xma.hu f36=f36,f8,f50 // high 440 (p42) add r39=r39,r35,1 };; // (p27) 441{ .mmi; (p24) getf.sig r32=f40 // high 442 (p16) ldf8 f46=[r16],8 // *(rp1++) 443 (p40) cmp.ltu p41,p39=r39,r35 } // (p27) 444{ .mib; (p26) st8 [r14]=r39,8 // *(rp2++) 445 (p42) cmp.leu p41,p39=r39,r35 // (p27) 446 br.ctop.sptk .L_bn_mul_add_words_ctop};; 447.L_bn_mul_add_words_cend: 448 449{ .mmi; .pred.rel "mutex",p40,p42 450(p40) add r8=r35,r0 451(p42) add r8=r35,r0,1 452 mov pr=r9,0x1ffff } 453{ .mib; rum 1<<5 // clear um.mfh 454 mov ar.lc=r3 455 br.ret.sptk.many b0 };; 456.endp bn_mul_add_words# 457#endif 458 459#if 1 460// 461// void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num) 462// 463.global bn_sqr_words# 464.proc bn_sqr_words# 465.align 64 466.skip 32 // makes the loop body aligned at 64-byte boundary 467bn_sqr_words: 468 .prologue 469 .fframe 0 470 .save ar.pfs,r2 471{ .mii; alloc r2=ar.pfs,3,0,0,0 472 sxt4 r34=r34 };; 473{ .mii; cmp.le p6,p0=r34,r0 474 mov r8=r0 } // return value 475{ .mfb; ADDP r32=0,r32 476 nop.f 0x0 477(p6) br.ret.spnt.many b0 };; 478 479 .save ar.lc,r3 480{ .mii; sub r10=r34,r0,1 481 mov r3=ar.lc 482 mov r9=pr };; 483 484 .body 485{ .mib; ADDP r33=0,r33 486 mov pr.rot=1<<16 487 brp.loop.imp .L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16 488 } 489{ .mii; add r34=8,r32 490 mov ar.lc=r10 491 mov ar.ec=18 };; 492 493// 2*(n+17) on Itanium, (n+17) on "wider" IA-64 implementations. It's 494// possible to compress the epilogue (I'm getting tired to write this 495// comment over and over) and get down to 2*n+16 at the cost of 496// scalability. The decision will very likely be reconsidered after the 497// benchmark program is profiled. I.e. if perfomance gain on Itanium 498// will appear larger than loss on "wider" IA-64, then the loop should 499// be explicitely split and the epilogue compressed. 500.L_bn_sqr_words_ctop: 501{ .mfi; (p16) ldf8 f32=[r33],8 502 (p25) xmpy.lu f42=f41,f41 503 (p0) nop.i 0x0 } 504{ .mib; (p33) stf8 [r32]=f50,16 505 (p0) nop.i 0x0 506 (p0) nop.b 0x0 } 507{ .mfi; (p0) nop.m 0x0 508 (p25) xmpy.hu f52=f41,f41 509 (p0) nop.i 0x0 } 510{ .mib; (p33) stf8 [r34]=f60,16 511 (p0) nop.i 0x0 512 br.ctop.sptk .L_bn_sqr_words_ctop };; 513.L_bn_sqr_words_cend: 514 515{ .mii; nop.m 0x0 516 mov pr=r9,0x1ffff 517 mov ar.lc=r3 } 518{ .mfb; rum 1<<5 // clear um.mfh 519 nop.f 0x0 520 br.ret.sptk.many b0 };; 521.endp bn_sqr_words# 522#endif 523 524#if 1 525// Apparently we win nothing by implementing special bn_sqr_comba8. 526// Yes, it is possible to reduce the number of multiplications by 527// almost factor of two, but then the amount of additions would 528// increase by factor of two (as we would have to perform those 529// otherwise performed by xma ourselves). Normally we would trade 530// anyway as multiplications are way more expensive, but not this 531// time... Multiplication kernel is fully pipelined and as we drain 532// one 128-bit multiplication result per clock cycle multiplications 533// are effectively as inexpensive as additions. Special implementation 534// might become of interest for "wider" IA-64 implementation as you'll 535// be able to get through the multiplication phase faster (there won't 536// be any stall issues as discussed in the commentary section below and 537// you therefore will be able to employ all 4 FP units)... But these 538// Itanium days it's simply too hard to justify the effort so I just 539// drop down to bn_mul_comba8 code:-) 540// 541// void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) 542// 543.global bn_sqr_comba8# 544.proc bn_sqr_comba8# 545.align 64 546bn_sqr_comba8: 547 .prologue 548 .fframe 0 549 .save ar.pfs,r2 550#if defined(_HPUX_SOURCE) && !defined(_LP64) 551{ .mii; alloc r2=ar.pfs,2,1,0,0 552 addp4 r33=0,r33 553 addp4 r32=0,r32 };; 554{ .mii; 555#else 556{ .mii; alloc r2=ar.pfs,2,1,0,0 557#endif 558 mov r34=r33 559 add r14=8,r33 };; 560 .body 561{ .mii; add r17=8,r34 562 add r15=16,r33 563 add r18=16,r34 } 564{ .mfb; add r16=24,r33 565 br .L_cheat_entry_point8 };; 566.endp bn_sqr_comba8# 567#endif 568 569#if 1 570// I've estimated this routine to run in ~120 ticks, but in reality 571// (i.e. according to ar.itc) it takes ~160 ticks. Are those extra 572// cycles consumed for instructions fetch? Or did I misinterpret some 573// clause in Itanium �-architecture manual? Comments are welcomed and 574// highly appreciated. 575// 576// On Itanium 2 it takes ~190 ticks. This is because of stalls on 577// result from getf.sig. I do nothing about it at this point for 578// reasons depicted below. 579// 580// However! It should be noted that even 160 ticks is darn good result 581// as it's over 10 (yes, ten, spelled as t-e-n) times faster than the 582// C version (compiled with gcc with inline assembler). I really 583// kicked compiler's butt here, didn't I? Yeah! This brings us to the 584// following statement. It's damn shame that this routine isn't called 585// very often nowadays! According to the profiler most CPU time is 586// consumed by bn_mul_add_words called from BN_from_montgomery. In 587// order to estimate what we're missing, I've compared the performance 588// of this routine against "traditional" implementation, i.e. against 589// following routine: 590// 591// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 592// { r[ 8]=bn_mul_words( &(r[0]),a,8,b[0]); 593// r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]); 594// r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]); 595// r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]); 596// r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]); 597// r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]); 598// r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]); 599// r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); 600// } 601// 602// The one below is over 8 times faster than the one above:-( Even 603// more reasons to "combafy" bn_mul_add_mont... 604// 605// And yes, this routine really made me wish there were an optimizing 606// assembler! It also feels like it deserves a dedication. 607// 608// To my wife for being there and to my kids... 609// 610// void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 611// 612#define carry1 r14 613#define carry2 r15 614#define carry3 r34 615.global bn_mul_comba8# 616.proc bn_mul_comba8# 617.align 64 618bn_mul_comba8: 619 .prologue 620 .fframe 0 621 .save ar.pfs,r2 622#if defined(_HPUX_SOURCE) && !defined(_LP64) 623{ .mii; alloc r2=ar.pfs,3,0,0,0 624 addp4 r33=0,r33 625 addp4 r34=0,r34 };; 626{ .mii; addp4 r32=0,r32 627#else 628{ .mii; alloc r2=ar.pfs,3,0,0,0 629#endif 630 add r14=8,r33 631 add r17=8,r34 } 632 .body 633{ .mii; add r15=16,r33 634 add r18=16,r34 635 add r16=24,r33 } 636.L_cheat_entry_point8: 637{ .mmi; add r19=24,r34 638 639 ldf8 f32=[r33],32 };; 640 641{ .mmi; ldf8 f120=[r34],32 642 ldf8 f121=[r17],32 } 643{ .mmi; ldf8 f122=[r18],32 644 ldf8 f123=[r19],32 };; 645{ .mmi; ldf8 f124=[r34] 646 ldf8 f125=[r17] } 647{ .mmi; ldf8 f126=[r18] 648 ldf8 f127=[r19] } 649 650{ .mmi; ldf8 f33=[r14],32 651 ldf8 f34=[r15],32 } 652{ .mmi; ldf8 f35=[r16],32;; 653 ldf8 f36=[r33] } 654{ .mmi; ldf8 f37=[r14] 655 ldf8 f38=[r15] } 656{ .mfi; ldf8 f39=[r16] 657// -------\ Entering multiplier's heaven /------- 658// ------------\ /------------ 659// -----------------\ /----------------- 660// ----------------------\/---------------------- 661 xma.hu f41=f32,f120,f0 } 662{ .mfi; xma.lu f40=f32,f120,f0 };; // (*) 663{ .mfi; xma.hu f51=f32,f121,f0 } 664{ .mfi; xma.lu f50=f32,f121,f0 };; 665{ .mfi; xma.hu f61=f32,f122,f0 } 666{ .mfi; xma.lu f60=f32,f122,f0 };; 667{ .mfi; xma.hu f71=f32,f123,f0 } 668{ .mfi; xma.lu f70=f32,f123,f0 };; 669{ .mfi; xma.hu f81=f32,f124,f0 } 670{ .mfi; xma.lu f80=f32,f124,f0 };; 671{ .mfi; xma.hu f91=f32,f125,f0 } 672{ .mfi; xma.lu f90=f32,f125,f0 };; 673{ .mfi; xma.hu f101=f32,f126,f0 } 674{ .mfi; xma.lu f100=f32,f126,f0 };; 675{ .mfi; xma.hu f111=f32,f127,f0 } 676{ .mfi; xma.lu f110=f32,f127,f0 };;// 677// (*) You can argue that splitting at every second bundle would 678// prevent "wider" IA-64 implementations from achieving the peak 679// performance. Well, not really... The catch is that if you 680// intend to keep 4 FP units busy by splitting at every fourth 681// bundle and thus perform these 16 multiplications in 4 ticks, 682// the first bundle *below* would stall because the result from 683// the first xma bundle *above* won't be available for another 3 684// ticks (if not more, being an optimist, I assume that "wider" 685// implementation will have same latency:-). This stall will hold 686// you back and the performance would be as if every second bundle 687// were split *anyway*... 688{ .mfi; getf.sig r16=f40 689 xma.hu f42=f33,f120,f41 690 add r33=8,r32 } 691{ .mfi; xma.lu f41=f33,f120,f41 };; 692{ .mfi; getf.sig r24=f50 693 xma.hu f52=f33,f121,f51 } 694{ .mfi; xma.lu f51=f33,f121,f51 };; 695{ .mfi; st8 [r32]=r16,16 696 xma.hu f62=f33,f122,f61 } 697{ .mfi; xma.lu f61=f33,f122,f61 };; 698{ .mfi; xma.hu f72=f33,f123,f71 } 699{ .mfi; xma.lu f71=f33,f123,f71 };; 700{ .mfi; xma.hu f82=f33,f124,f81 } 701{ .mfi; xma.lu f81=f33,f124,f81 };; 702{ .mfi; xma.hu f92=f33,f125,f91 } 703{ .mfi; xma.lu f91=f33,f125,f91 };; 704{ .mfi; xma.hu f102=f33,f126,f101 } 705{ .mfi; xma.lu f101=f33,f126,f101 };; 706{ .mfi; xma.hu f112=f33,f127,f111 } 707{ .mfi; xma.lu f111=f33,f127,f111 };;// 708//-------------------------------------------------// 709{ .mfi; getf.sig r25=f41 710 xma.hu f43=f34,f120,f42 } 711{ .mfi; xma.lu f42=f34,f120,f42 };; 712{ .mfi; getf.sig r16=f60 713 xma.hu f53=f34,f121,f52 } 714{ .mfi; xma.lu f52=f34,f121,f52 };; 715{ .mfi; getf.sig r17=f51 716 xma.hu f63=f34,f122,f62 717 add r25=r25,r24 } 718{ .mfi; xma.lu f62=f34,f122,f62 719 mov carry1=0 };; 720{ .mfi; cmp.ltu p6,p0=r25,r24 721 xma.hu f73=f34,f123,f72 } 722{ .mfi; xma.lu f72=f34,f123,f72 };; 723{ .mfi; st8 [r33]=r25,16 724 xma.hu f83=f34,f124,f82 725(p6) add carry1=1,carry1 } 726{ .mfi; xma.lu f82=f34,f124,f82 };; 727{ .mfi; xma.hu f93=f34,f125,f92 } 728{ .mfi; xma.lu f92=f34,f125,f92 };; 729{ .mfi; xma.hu f103=f34,f126,f102 } 730{ .mfi; xma.lu f102=f34,f126,f102 };; 731{ .mfi; xma.hu f113=f34,f127,f112 } 732{ .mfi; xma.lu f112=f34,f127,f112 };;// 733//-------------------------------------------------// 734{ .mfi; getf.sig r18=f42 735 xma.hu f44=f35,f120,f43 736 add r17=r17,r16 } 737{ .mfi; xma.lu f43=f35,f120,f43 };; 738{ .mfi; getf.sig r24=f70 739 xma.hu f54=f35,f121,f53 } 740{ .mfi; mov carry2=0 741 xma.lu f53=f35,f121,f53 };; 742{ .mfi; getf.sig r25=f61 743 xma.hu f64=f35,f122,f63 744 cmp.ltu p7,p0=r17,r16 } 745{ .mfi; add r18=r18,r17 746 xma.lu f63=f35,f122,f63 };; 747{ .mfi; getf.sig r26=f52 748 xma.hu f74=f35,f123,f73 749(p7) add carry2=1,carry2 } 750{ .mfi; cmp.ltu p7,p0=r18,r17 751 xma.lu f73=f35,f123,f73 752 add r18=r18,carry1 };; 753{ .mfi; 754 xma.hu f84=f35,f124,f83 755(p7) add carry2=1,carry2 } 756{ .mfi; cmp.ltu p7,p0=r18,carry1 757 xma.lu f83=f35,f124,f83 };; 758{ .mfi; st8 [r32]=r18,16 759 xma.hu f94=f35,f125,f93 760(p7) add carry2=1,carry2 } 761{ .mfi; xma.lu f93=f35,f125,f93 };; 762{ .mfi; xma.hu f104=f35,f126,f103 } 763{ .mfi; xma.lu f103=f35,f126,f103 };; 764{ .mfi; xma.hu f114=f35,f127,f113 } 765{ .mfi; mov carry1=0 766 xma.lu f113=f35,f127,f113 767 add r25=r25,r24 };;// 768//-------------------------------------------------// 769{ .mfi; getf.sig r27=f43 770 xma.hu f45=f36,f120,f44 771 cmp.ltu p6,p0=r25,r24 } 772{ .mfi; xma.lu f44=f36,f120,f44 773 add r26=r26,r25 };; 774{ .mfi; getf.sig r16=f80 775 xma.hu f55=f36,f121,f54 776(p6) add carry1=1,carry1 } 777{ .mfi; xma.lu f54=f36,f121,f54 };; 778{ .mfi; getf.sig r17=f71 779 xma.hu f65=f36,f122,f64 780 cmp.ltu p6,p0=r26,r25 } 781{ .mfi; xma.lu f64=f36,f122,f64 782 add r27=r27,r26 };; 783{ .mfi; getf.sig r18=f62 784 xma.hu f75=f36,f123,f74 785(p6) add carry1=1,carry1 } 786{ .mfi; cmp.ltu p6,p0=r27,r26 787 xma.lu f74=f36,f123,f74 788 add r27=r27,carry2 };; 789{ .mfi; getf.sig r19=f53 790 xma.hu f85=f36,f124,f84 791(p6) add carry1=1,carry1 } 792{ .mfi; xma.lu f84=f36,f124,f84 793 cmp.ltu p6,p0=r27,carry2 };; 794{ .mfi; st8 [r33]=r27,16 795 xma.hu f95=f36,f125,f94 796(p6) add carry1=1,carry1 } 797{ .mfi; xma.lu f94=f36,f125,f94 };; 798{ .mfi; xma.hu f105=f36,f126,f104 } 799{ .mfi; mov carry2=0 800 xma.lu f104=f36,f126,f104 801 add r17=r17,r16 };; 802{ .mfi; xma.hu f115=f36,f127,f114 803 cmp.ltu p7,p0=r17,r16 } 804{ .mfi; xma.lu f114=f36,f127,f114 805 add r18=r18,r17 };;// 806//-------------------------------------------------// 807{ .mfi; getf.sig r20=f44 808 xma.hu f46=f37,f120,f45 809(p7) add carry2=1,carry2 } 810{ .mfi; cmp.ltu p7,p0=r18,r17 811 xma.lu f45=f37,f120,f45 812 add r19=r19,r18 };; 813{ .mfi; getf.sig r24=f90 814 xma.hu f56=f37,f121,f55 } 815{ .mfi; xma.lu f55=f37,f121,f55 };; 816{ .mfi; getf.sig r25=f81 817 xma.hu f66=f37,f122,f65 818(p7) add carry2=1,carry2 } 819{ .mfi; cmp.ltu p7,p0=r19,r18 820 xma.lu f65=f37,f122,f65 821 add r20=r20,r19 };; 822{ .mfi; getf.sig r26=f72 823 xma.hu f76=f37,f123,f75 824(p7) add carry2=1,carry2 } 825{ .mfi; cmp.ltu p7,p0=r20,r19 826 xma.lu f75=f37,f123,f75 827 add r20=r20,carry1 };; 828{ .mfi; getf.sig r27=f63 829 xma.hu f86=f37,f124,f85 830(p7) add carry2=1,carry2 } 831{ .mfi; xma.lu f85=f37,f124,f85 832 cmp.ltu p7,p0=r20,carry1 };; 833{ .mfi; getf.sig r28=f54 834 xma.hu f96=f37,f125,f95 835(p7) add carry2=1,carry2 } 836{ .mfi; st8 [r32]=r20,16 837 xma.lu f95=f37,f125,f95 };; 838{ .mfi; xma.hu f106=f37,f126,f105 } 839{ .mfi; mov carry1=0 840 xma.lu f105=f37,f126,f105 841 add r25=r25,r24 };; 842{ .mfi; xma.hu f116=f37,f127,f115 843 cmp.ltu p6,p0=r25,r24 } 844{ .mfi; xma.lu f115=f37,f127,f115 845 add r26=r26,r25 };;// 846//-------------------------------------------------// 847{ .mfi; getf.sig r29=f45 848 xma.hu f47=f38,f120,f46 849(p6) add carry1=1,carry1 } 850{ .mfi; cmp.ltu p6,p0=r26,r25 851 xma.lu f46=f38,f120,f46 852 add r27=r27,r26 };; 853{ .mfi; getf.sig r16=f100 854 xma.hu f57=f38,f121,f56 855(p6) add carry1=1,carry1 } 856{ .mfi; cmp.ltu p6,p0=r27,r26 857 xma.lu f56=f38,f121,f56 858 add r28=r28,r27 };; 859{ .mfi; getf.sig r17=f91 860 xma.hu f67=f38,f122,f66 861(p6) add carry1=1,carry1 } 862{ .mfi; cmp.ltu p6,p0=r28,r27 863 xma.lu f66=f38,f122,f66 864 add r29=r29,r28 };; 865{ .mfi; getf.sig r18=f82 866 xma.hu f77=f38,f123,f76 867(p6) add carry1=1,carry1 } 868{ .mfi; cmp.ltu p6,p0=r29,r28 869 xma.lu f76=f38,f123,f76 870 add r29=r29,carry2 };; 871{ .mfi; getf.sig r19=f73 872 xma.hu f87=f38,f124,f86 873(p6) add carry1=1,carry1 } 874{ .mfi; xma.lu f86=f38,f124,f86 875 cmp.ltu p6,p0=r29,carry2 };; 876{ .mfi; getf.sig r20=f64 877 xma.hu f97=f38,f125,f96 878(p6) add carry1=1,carry1 } 879{ .mfi; st8 [r33]=r29,16 880 xma.lu f96=f38,f125,f96 };; 881{ .mfi; getf.sig r21=f55 882 xma.hu f107=f38,f126,f106 } 883{ .mfi; mov carry2=0 884 xma.lu f106=f38,f126,f106 885 add r17=r17,r16 };; 886{ .mfi; xma.hu f117=f38,f127,f116 887 cmp.ltu p7,p0=r17,r16 } 888{ .mfi; xma.lu f116=f38,f127,f116 889 add r18=r18,r17 };;// 890//-------------------------------------------------// 891{ .mfi; getf.sig r22=f46 892 xma.hu f48=f39,f120,f47 893(p7) add carry2=1,carry2 } 894{ .mfi; cmp.ltu p7,p0=r18,r17 895 xma.lu f47=f39,f120,f47 896 add r19=r19,r18 };; 897{ .mfi; getf.sig r24=f110 898 xma.hu f58=f39,f121,f57 899(p7) add carry2=1,carry2 } 900{ .mfi; cmp.ltu p7,p0=r19,r18 901 xma.lu f57=f39,f121,f57 902 add r20=r20,r19 };; 903{ .mfi; getf.sig r25=f101 904 xma.hu f68=f39,f122,f67 905(p7) add carry2=1,carry2 } 906{ .mfi; cmp.ltu p7,p0=r20,r19 907 xma.lu f67=f39,f122,f67 908 add r21=r21,r20 };; 909{ .mfi; getf.sig r26=f92 910 xma.hu f78=f39,f123,f77 911(p7) add carry2=1,carry2 } 912{ .mfi; cmp.ltu p7,p0=r21,r20 913 xma.lu f77=f39,f123,f77 914 add r22=r22,r21 };; 915{ .mfi; getf.sig r27=f83 916 xma.hu f88=f39,f124,f87 917(p7) add carry2=1,carry2 } 918{ .mfi; cmp.ltu p7,p0=r22,r21 919 xma.lu f87=f39,f124,f87 920 add r22=r22,carry1 };; 921{ .mfi; getf.sig r28=f74 922 xma.hu f98=f39,f125,f97 923(p7) add carry2=1,carry2 } 924{ .mfi; xma.lu f97=f39,f125,f97 925 cmp.ltu p7,p0=r22,carry1 };; 926{ .mfi; getf.sig r29=f65 927 xma.hu f108=f39,f126,f107 928(p7) add carry2=1,carry2 } 929{ .mfi; st8 [r32]=r22,16 930 xma.lu f107=f39,f126,f107 };; 931{ .mfi; getf.sig r30=f56 932 xma.hu f118=f39,f127,f117 } 933{ .mfi; xma.lu f117=f39,f127,f117 };;// 934//-------------------------------------------------// 935// Leaving muliplier's heaven... Quite a ride, huh? 936 937{ .mii; getf.sig r31=f47 938 add r25=r25,r24 939 mov carry1=0 };; 940{ .mii; getf.sig r16=f111 941 cmp.ltu p6,p0=r25,r24 942 add r26=r26,r25 };; 943{ .mfb; getf.sig r17=f102 } 944{ .mii; 945(p6) add carry1=1,carry1 946 cmp.ltu p6,p0=r26,r25 947 add r27=r27,r26 };; 948{ .mfb; nop.m 0x0 } 949{ .mii; 950(p6) add carry1=1,carry1 951 cmp.ltu p6,p0=r27,r26 952 add r28=r28,r27 };; 953{ .mii; getf.sig r18=f93 954 add r17=r17,r16 955 mov carry3=0 } 956{ .mii; 957(p6) add carry1=1,carry1 958 cmp.ltu p6,p0=r28,r27 959 add r29=r29,r28 };; 960{ .mii; getf.sig r19=f84 961 cmp.ltu p7,p0=r17,r16 } 962{ .mii; 963(p6) add carry1=1,carry1 964 cmp.ltu p6,p0=r29,r28 965 add r30=r30,r29 };; 966{ .mii; getf.sig r20=f75 967 add r18=r18,r17 } 968{ .mii; 969(p6) add carry1=1,carry1 970 cmp.ltu p6,p0=r30,r29 971 add r31=r31,r30 };; 972{ .mfb; getf.sig r21=f66 } 973{ .mii; (p7) add carry3=1,carry3 974 cmp.ltu p7,p0=r18,r17 975 add r19=r19,r18 } 976{ .mfb; nop.m 0x0 } 977{ .mii; 978(p6) add carry1=1,carry1 979 cmp.ltu p6,p0=r31,r30 980 add r31=r31,carry2 };; 981{ .mfb; getf.sig r22=f57 } 982{ .mii; (p7) add carry3=1,carry3 983 cmp.ltu p7,p0=r19,r18 984 add r20=r20,r19 } 985{ .mfb; nop.m 0x0 } 986{ .mii; 987(p6) add carry1=1,carry1 988 cmp.ltu p6,p0=r31,carry2 };; 989{ .mfb; getf.sig r23=f48 } 990{ .mii; (p7) add carry3=1,carry3 991 cmp.ltu p7,p0=r20,r19 992 add r21=r21,r20 } 993{ .mii; 994(p6) add carry1=1,carry1 } 995{ .mfb; st8 [r33]=r31,16 };; 996 997{ .mfb; getf.sig r24=f112 } 998{ .mii; (p7) add carry3=1,carry3 999 cmp.ltu p7,p0=r21,r20 1000 add r22=r22,r21 };; 1001{ .mfb; getf.sig r25=f103 } 1002{ .mii; (p7) add carry3=1,carry3 1003 cmp.ltu p7,p0=r22,r21 1004 add r23=r23,r22 };; 1005{ .mfb; getf.sig r26=f94 } 1006{ .mii; (p7) add carry3=1,carry3 1007 cmp.ltu p7,p0=r23,r22 1008 add r23=r23,carry1 };; 1009{ .mfb; getf.sig r27=f85 } 1010{ .mii; (p7) add carry3=1,carry3 1011 cmp.ltu p7,p8=r23,carry1};; 1012{ .mii; getf.sig r28=f76 1013 add r25=r25,r24 1014 mov carry1=0 } 1015{ .mii; st8 [r32]=r23,16 1016 (p7) add carry2=1,carry3 1017 (p8) add carry2=0,carry3 };; 1018 1019{ .mfb; nop.m 0x0 } 1020{ .mii; getf.sig r29=f67 1021 cmp.ltu p6,p0=r25,r24 1022 add r26=r26,r25 };; 1023{ .mfb; getf.sig r30=f58 } 1024{ .mii; 1025(p6) add carry1=1,carry1 1026 cmp.ltu p6,p0=r26,r25 1027 add r27=r27,r26 };; 1028{ .mfb; getf.sig r16=f113 } 1029{ .mii; 1030(p6) add carry1=1,carry1 1031 cmp.ltu p6,p0=r27,r26 1032 add r28=r28,r27 };; 1033{ .mfb; getf.sig r17=f104 } 1034{ .mii; 1035(p6) add carry1=1,carry1 1036 cmp.ltu p6,p0=r28,r27 1037 add r29=r29,r28 };; 1038{ .mfb; getf.sig r18=f95 } 1039{ .mii; 1040(p6) add carry1=1,carry1 1041 cmp.ltu p6,p0=r29,r28 1042 add r30=r30,r29 };; 1043{ .mii; getf.sig r19=f86 1044 add r17=r17,r16 1045 mov carry3=0 } 1046{ .mii; 1047(p6) add carry1=1,carry1 1048 cmp.ltu p6,p0=r30,r29 1049 add r30=r30,carry2 };; 1050{ .mii; getf.sig r20=f77 1051 cmp.ltu p7,p0=r17,r16 1052 add r18=r18,r17 } 1053{ .mii; 1054(p6) add carry1=1,carry1 1055 cmp.ltu p6,p0=r30,carry2 };; 1056{ .mfb; getf.sig r21=f68 } 1057{ .mii; st8 [r33]=r30,16 1058(p6) add carry1=1,carry1 };; 1059 1060{ .mfb; getf.sig r24=f114 } 1061{ .mii; (p7) add carry3=1,carry3 1062 cmp.ltu p7,p0=r18,r17 1063 add r19=r19,r18 };; 1064{ .mfb; getf.sig r25=f105 } 1065{ .mii; (p7) add carry3=1,carry3 1066 cmp.ltu p7,p0=r19,r18 1067 add r20=r20,r19 };; 1068{ .mfb; getf.sig r26=f96 } 1069{ .mii; (p7) add carry3=1,carry3 1070 cmp.ltu p7,p0=r20,r19 1071 add r21=r21,r20 };; 1072{ .mfb; getf.sig r27=f87 } 1073{ .mii; (p7) add carry3=1,carry3 1074 cmp.ltu p7,p0=r21,r20 1075 add r21=r21,carry1 };; 1076{ .mib; getf.sig r28=f78 1077 add r25=r25,r24 } 1078{ .mib; (p7) add carry3=1,carry3 1079 cmp.ltu p7,p8=r21,carry1};; 1080{ .mii; st8 [r32]=r21,16 1081 (p7) add carry2=1,carry3 1082 (p8) add carry2=0,carry3 } 1083 1084{ .mii; mov carry1=0 1085 cmp.ltu p6,p0=r25,r24 1086 add r26=r26,r25 };; 1087{ .mfb; getf.sig r16=f115 } 1088{ .mii; 1089(p6) add carry1=1,carry1 1090 cmp.ltu p6,p0=r26,r25 1091 add r27=r27,r26 };; 1092{ .mfb; getf.sig r17=f106 } 1093{ .mii; 1094(p6) add carry1=1,carry1 1095 cmp.ltu p6,p0=r27,r26 1096 add r28=r28,r27 };; 1097{ .mfb; getf.sig r18=f97 } 1098{ .mii; 1099(p6) add carry1=1,carry1 1100 cmp.ltu p6,p0=r28,r27 1101 add r28=r28,carry2 };; 1102{ .mib; getf.sig r19=f88 1103 add r17=r17,r16 } 1104{ .mib; 1105(p6) add carry1=1,carry1 1106 cmp.ltu p6,p0=r28,carry2 };; 1107{ .mii; st8 [r33]=r28,16 1108(p6) add carry1=1,carry1 } 1109 1110{ .mii; mov carry2=0 1111 cmp.ltu p7,p0=r17,r16 1112 add r18=r18,r17 };; 1113{ .mfb; getf.sig r24=f116 } 1114{ .mii; (p7) add carry2=1,carry2 1115 cmp.ltu p7,p0=r18,r17 1116 add r19=r19,r18 };; 1117{ .mfb; getf.sig r25=f107 } 1118{ .mii; (p7) add carry2=1,carry2 1119 cmp.ltu p7,p0=r19,r18 1120 add r19=r19,carry1 };; 1121{ .mfb; getf.sig r26=f98 } 1122{ .mii; (p7) add carry2=1,carry2 1123 cmp.ltu p7,p0=r19,carry1};; 1124{ .mii; st8 [r32]=r19,16 1125 (p7) add carry2=1,carry2 } 1126 1127{ .mfb; add r25=r25,r24 };; 1128 1129{ .mfb; getf.sig r16=f117 } 1130{ .mii; mov carry1=0 1131 cmp.ltu p6,p0=r25,r24 1132 add r26=r26,r25 };; 1133{ .mfb; getf.sig r17=f108 } 1134{ .mii; 1135(p6) add carry1=1,carry1 1136 cmp.ltu p6,p0=r26,r25 1137 add r26=r26,carry2 };; 1138{ .mfb; nop.m 0x0 } 1139{ .mii; 1140(p6) add carry1=1,carry1 1141 cmp.ltu p6,p0=r26,carry2 };; 1142{ .mii; st8 [r33]=r26,16 1143(p6) add carry1=1,carry1 } 1144 1145{ .mfb; add r17=r17,r16 };; 1146{ .mfb; getf.sig r24=f118 } 1147{ .mii; mov carry2=0 1148 cmp.ltu p7,p0=r17,r16 1149 add r17=r17,carry1 };; 1150{ .mii; (p7) add carry2=1,carry2 1151 cmp.ltu p7,p0=r17,carry1};; 1152{ .mii; st8 [r32]=r17 1153 (p7) add carry2=1,carry2 };; 1154{ .mfb; add r24=r24,carry2 };; 1155{ .mib; st8 [r33]=r24 } 1156 1157{ .mib; rum 1<<5 // clear um.mfh 1158 br.ret.sptk.many b0 };; 1159.endp bn_mul_comba8# 1160#undef carry3 1161#undef carry2 1162#undef carry1 1163#endif 1164 1165#if 1 1166// It's possible to make it faster (see comment to bn_sqr_comba8), but 1167// I reckon it doesn't worth the effort. Basically because the routine 1168// (actually both of them) practically never called... So I just play 1169// same trick as with bn_sqr_comba8. 1170// 1171// void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) 1172// 1173.global bn_sqr_comba4# 1174.proc bn_sqr_comba4# 1175.align 64 1176bn_sqr_comba4: 1177 .prologue 1178 .fframe 0 1179 .save ar.pfs,r2 1180#if defined(_HPUX_SOURCE) && !defined(_LP64) 1181{ .mii; alloc r2=ar.pfs,2,1,0,0 1182 addp4 r32=0,r32 1183 addp4 r33=0,r33 };; 1184{ .mii; 1185#else 1186{ .mii; alloc r2=ar.pfs,2,1,0,0 1187#endif 1188 mov r34=r33 1189 add r14=8,r33 };; 1190 .body 1191{ .mii; add r17=8,r34 1192 add r15=16,r33 1193 add r18=16,r34 } 1194{ .mfb; add r16=24,r33 1195 br .L_cheat_entry_point4 };; 1196.endp bn_sqr_comba4# 1197#endif 1198 1199#if 1 1200// Runs in ~115 cycles and ~4.5 times faster than C. Well, whatever... 1201// 1202// void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) 1203// 1204#define carry1 r14 1205#define carry2 r15 1206.global bn_mul_comba4# 1207.proc bn_mul_comba4# 1208.align 64 1209bn_mul_comba4: 1210 .prologue 1211 .fframe 0 1212 .save ar.pfs,r2 1213#if defined(_HPUX_SOURCE) && !defined(_LP64) 1214{ .mii; alloc r2=ar.pfs,3,0,0,0 1215 addp4 r33=0,r33 1216 addp4 r34=0,r34 };; 1217{ .mii; addp4 r32=0,r32 1218#else 1219{ .mii; alloc r2=ar.pfs,3,0,0,0 1220#endif 1221 add r14=8,r33 1222 add r17=8,r34 } 1223 .body 1224{ .mii; add r15=16,r33 1225 add r18=16,r34 1226 add r16=24,r33 };; 1227.L_cheat_entry_point4: 1228{ .mmi; add r19=24,r34 1229 1230 ldf8 f32=[r33] } 1231 1232{ .mmi; ldf8 f120=[r34] 1233 ldf8 f121=[r17] };; 1234{ .mmi; ldf8 f122=[r18] 1235 ldf8 f123=[r19] } 1236 1237{ .mmi; ldf8 f33=[r14] 1238 ldf8 f34=[r15] } 1239{ .mfi; ldf8 f35=[r16] 1240 1241 xma.hu f41=f32,f120,f0 } 1242{ .mfi; xma.lu f40=f32,f120,f0 };; 1243{ .mfi; xma.hu f51=f32,f121,f0 } 1244{ .mfi; xma.lu f50=f32,f121,f0 };; 1245{ .mfi; xma.hu f61=f32,f122,f0 } 1246{ .mfi; xma.lu f60=f32,f122,f0 };; 1247{ .mfi; xma.hu f71=f32,f123,f0 } 1248{ .mfi; xma.lu f70=f32,f123,f0 };;// 1249// Major stall takes place here, and 3 more places below. Result from 1250// first xma is not available for another 3 ticks. 1251{ .mfi; getf.sig r16=f40 1252 xma.hu f42=f33,f120,f41 1253 add r33=8,r32 } 1254{ .mfi; xma.lu f41=f33,f120,f41 };; 1255{ .mfi; getf.sig r24=f50 1256 xma.hu f52=f33,f121,f51 } 1257{ .mfi; xma.lu f51=f33,f121,f51 };; 1258{ .mfi; st8 [r32]=r16,16 1259 xma.hu f62=f33,f122,f61 } 1260{ .mfi; xma.lu f61=f33,f122,f61 };; 1261{ .mfi; xma.hu f72=f33,f123,f71 } 1262{ .mfi; xma.lu f71=f33,f123,f71 };;// 1263//-------------------------------------------------// 1264{ .mfi; getf.sig r25=f41 1265 xma.hu f43=f34,f120,f42 } 1266{ .mfi; xma.lu f42=f34,f120,f42 };; 1267{ .mfi; getf.sig r16=f60 1268 xma.hu f53=f34,f121,f52 } 1269{ .mfi; xma.lu f52=f34,f121,f52 };; 1270{ .mfi; getf.sig r17=f51 1271 xma.hu f63=f34,f122,f62 1272 add r25=r25,r24 } 1273{ .mfi; mov carry1=0 1274 xma.lu f62=f34,f122,f62 };; 1275{ .mfi; st8 [r33]=r25,16 1276 xma.hu f73=f34,f123,f72 1277 cmp.ltu p6,p0=r25,r24 } 1278{ .mfi; xma.lu f72=f34,f123,f72 };;// 1279//-------------------------------------------------// 1280{ .mfi; getf.sig r18=f42 1281 xma.hu f44=f35,f120,f43 1282(p6) add carry1=1,carry1 } 1283{ .mfi; add r17=r17,r16 1284 xma.lu f43=f35,f120,f43 1285 mov carry2=0 };; 1286{ .mfi; getf.sig r24=f70 1287 xma.hu f54=f35,f121,f53 1288 cmp.ltu p7,p0=r17,r16 } 1289{ .mfi; xma.lu f53=f35,f121,f53 };; 1290{ .mfi; getf.sig r25=f61 1291 xma.hu f64=f35,f122,f63 1292 add r18=r18,r17 } 1293{ .mfi; xma.lu f63=f35,f122,f63 1294(p7) add carry2=1,carry2 };; 1295{ .mfi; getf.sig r26=f52 1296 xma.hu f74=f35,f123,f73 1297 cmp.ltu p7,p0=r18,r17 } 1298{ .mfi; xma.lu f73=f35,f123,f73 1299 add r18=r18,carry1 };; 1300//-------------------------------------------------// 1301{ .mii; st8 [r32]=r18,16 1302(p7) add carry2=1,carry2 1303 cmp.ltu p7,p0=r18,carry1 };; 1304 1305{ .mfi; getf.sig r27=f43 // last major stall 1306(p7) add carry2=1,carry2 };; 1307{ .mii; getf.sig r16=f71 1308 add r25=r25,r24 1309 mov carry1=0 };; 1310{ .mii; getf.sig r17=f62 1311 cmp.ltu p6,p0=r25,r24 1312 add r26=r26,r25 };; 1313{ .mii; 1314(p6) add carry1=1,carry1 1315 cmp.ltu p6,p0=r26,r25 1316 add r27=r27,r26 };; 1317{ .mii; 1318(p6) add carry1=1,carry1 1319 cmp.ltu p6,p0=r27,r26 1320 add r27=r27,carry2 };; 1321{ .mii; getf.sig r18=f53 1322(p6) add carry1=1,carry1 1323 cmp.ltu p6,p0=r27,carry2 };; 1324{ .mfi; st8 [r33]=r27,16 1325(p6) add carry1=1,carry1 } 1326 1327{ .mii; getf.sig r19=f44 1328 add r17=r17,r16 1329 mov carry2=0 };; 1330{ .mii; getf.sig r24=f72 1331 cmp.ltu p7,p0=r17,r16 1332 add r18=r18,r17 };; 1333{ .mii; (p7) add carry2=1,carry2 1334 cmp.ltu p7,p0=r18,r17 1335 add r19=r19,r18 };; 1336{ .mii; (p7) add carry2=1,carry2 1337 cmp.ltu p7,p0=r19,r18 1338 add r19=r19,carry1 };; 1339{ .mii; getf.sig r25=f63 1340 (p7) add carry2=1,carry2 1341 cmp.ltu p7,p0=r19,carry1};; 1342{ .mii; st8 [r32]=r19,16 1343 (p7) add carry2=1,carry2 } 1344 1345{ .mii; getf.sig r26=f54 1346 add r25=r25,r24 1347 mov carry1=0 };; 1348{ .mii; getf.sig r16=f73 1349 cmp.ltu p6,p0=r25,r24 1350 add r26=r26,r25 };; 1351{ .mii; 1352(p6) add carry1=1,carry1 1353 cmp.ltu p6,p0=r26,r25 1354 add r26=r26,carry2 };; 1355{ .mii; getf.sig r17=f64 1356(p6) add carry1=1,carry1 1357 cmp.ltu p6,p0=r26,carry2 };; 1358{ .mii; st8 [r33]=r26,16 1359(p6) add carry1=1,carry1 } 1360 1361{ .mii; getf.sig r24=f74 1362 add r17=r17,r16 1363 mov carry2=0 };; 1364{ .mii; cmp.ltu p7,p0=r17,r16 1365 add r17=r17,carry1 };; 1366 1367{ .mii; (p7) add carry2=1,carry2 1368 cmp.ltu p7,p0=r17,carry1};; 1369{ .mii; st8 [r32]=r17,16 1370 (p7) add carry2=1,carry2 };; 1371 1372{ .mii; add r24=r24,carry2 };; 1373{ .mii; st8 [r33]=r24 } 1374 1375{ .mib; rum 1<<5 // clear um.mfh 1376 br.ret.sptk.many b0 };; 1377.endp bn_mul_comba4# 1378#undef carry2 1379#undef carry1 1380#endif 1381 1382#if 1 1383// 1384// BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) 1385// 1386// In the nutshell it's a port of my MIPS III/IV implementation. 1387// 1388#define AT r14 1389#define H r16 1390#define HH r20 1391#define L r17 1392#define D r18 1393#define DH r22 1394#define I r21 1395 1396#if 0 1397// Some preprocessors (most notably HP-UX) appear to be allergic to 1398// macros enclosed to parenthesis [as these three were]. 1399#define cont p16 1400#define break p0 // p20 1401#define equ p24 1402#else 1403cont=p16 1404break=p0 1405equ=p24 1406#endif 1407 1408.global abort# 1409.global bn_div_words# 1410.proc bn_div_words# 1411.align 64 1412bn_div_words: 1413 .prologue 1414 .fframe 0 1415 .save ar.pfs,r2 1416 .save b0,r3 1417{ .mii; alloc r2=ar.pfs,3,5,0,8 1418 mov r3=b0 1419 mov r10=pr };; 1420{ .mmb; cmp.eq p6,p0=r34,r0 1421 mov r8=-1 1422(p6) br.ret.spnt.many b0 };; 1423 1424 .body 1425{ .mii; mov H=r32 // save h 1426 mov ar.ec=0 // don't rotate at exit 1427 mov pr.rot=0 } 1428{ .mii; mov L=r33 // save l 1429 mov r36=r0 };; 1430 1431.L_divw_shift: // -vv- note signed comparison 1432{ .mfi; (p0) cmp.lt p16,p0=r0,r34 // d 1433 (p0) shladd r33=r34,1,r0 } 1434{ .mfb; (p0) add r35=1,r36 1435 (p0) nop.f 0x0 1436(p16) br.wtop.dpnt .L_divw_shift };; 1437 1438{ .mii; mov D=r34 1439 shr.u DH=r34,32 1440 sub r35=64,r36 };; 1441{ .mii; setf.sig f7=DH 1442 shr.u AT=H,r35 1443 mov I=r36 };; 1444{ .mib; cmp.ne p6,p0=r0,AT 1445 shl H=H,r36 1446(p6) br.call.spnt.clr b0=abort };; // overflow, die... 1447 1448{ .mfi; fcvt.xuf.s1 f7=f7 1449 shr.u AT=L,r35 };; 1450{ .mii; shl L=L,r36 1451 or H=H,AT };; 1452 1453{ .mii; nop.m 0x0 1454 cmp.leu p6,p0=D,H;; 1455(p6) sub H=H,D } 1456 1457{ .mlx; setf.sig f14=D 1458 movl AT=0xffffffff };; 1459/////////////////////////////////////////////////////////// 1460{ .mii; setf.sig f6=H 1461 shr.u HH=H,32;; 1462 cmp.eq p6,p7=HH,DH };; 1463{ .mfb; 1464(p6) setf.sig f8=AT 1465(p7) fcvt.xuf.s1 f6=f6 1466(p7) br.call.sptk b6=.L_udiv64_32_b6 };; 1467 1468{ .mfi; getf.sig r33=f8 // q 1469 xmpy.lu f9=f8,f14 } 1470{ .mfi; xmpy.hu f10=f8,f14 1471 shrp H=H,L,32 };; 1472 1473{ .mmi; getf.sig r35=f9 // tl 1474 getf.sig r31=f10 };; // th 1475 1476.L_divw_1st_iter: 1477{ .mii; (p0) add r32=-1,r33 1478 (p0) cmp.eq equ,cont=HH,r31 };; 1479{ .mii; (p0) cmp.ltu p8,p0=r35,D 1480 (p0) sub r34=r35,D 1481 (equ) cmp.leu break,cont=r35,H };; 1482{ .mib; (cont) cmp.leu cont,break=HH,r31 1483 (p8) add r31=-1,r31 1484(cont) br.wtop.spnt .L_divw_1st_iter };; 1485/////////////////////////////////////////////////////////// 1486{ .mii; sub H=H,r35 1487 shl r8=r33,32 1488 shl L=L,32 };; 1489/////////////////////////////////////////////////////////// 1490{ .mii; setf.sig f6=H 1491 shr.u HH=H,32;; 1492 cmp.eq p6,p7=HH,DH };; 1493{ .mfb; 1494(p6) setf.sig f8=AT 1495(p7) fcvt.xuf.s1 f6=f6 1496(p7) br.call.sptk b6=.L_udiv64_32_b6 };; 1497 1498{ .mfi; getf.sig r33=f8 // q 1499 xmpy.lu f9=f8,f14 } 1500{ .mfi; xmpy.hu f10=f8,f14 1501 shrp H=H,L,32 };; 1502 1503{ .mmi; getf.sig r35=f9 // tl 1504 getf.sig r31=f10 };; // th 1505 1506.L_divw_2nd_iter: 1507{ .mii; (p0) add r32=-1,r33 1508 (p0) cmp.eq equ,cont=HH,r31 };; 1509{ .mii; (p0) cmp.ltu p8,p0=r35,D 1510 (p0) sub r34=r35,D 1511 (equ) cmp.leu break,cont=r35,H };; 1512{ .mib; (cont) cmp.leu cont,break=HH,r31 1513 (p8) add r31=-1,r31 1514(cont) br.wtop.spnt .L_divw_2nd_iter };; 1515/////////////////////////////////////////////////////////// 1516{ .mii; sub H=H,r35 1517 or r8=r8,r33 1518 mov ar.pfs=r2 };; 1519{ .mii; shr.u r9=H,I // remainder if anybody wants it 1520 mov pr=r10,0x1ffff } 1521{ .mfb; br.ret.sptk.many b0 };; 1522 1523// Unsigned 64 by 32 (well, by 64 for the moment) bit integer division 1524// procedure. 1525// 1526// inputs: f6 = (double)a, f7 = (double)b 1527// output: f8 = (int)(a/b) 1528// clobbered: f8,f9,f10,f11,pred 1529pred=p15 1530// One can argue that this snippet is copyrighted to Intel 1531// Corporation, as it's essentially identical to one of those 1532// found in "Divide, Square Root and Remainder" section at 1533// http://www.intel.com/software/products/opensource/libraries/num.htm. 1534// Yes, I admit that the referred code was used as template, 1535// but after I realized that there hardly is any other instruction 1536// sequence which would perform this operation. I mean I figure that 1537// any independent attempt to implement high-performance division 1538// will result in code virtually identical to the Intel code. It 1539// should be noted though that below division kernel is 1 cycle 1540// faster than Intel one (note commented splits:-), not to mention 1541// original prologue (rather lack of one) and epilogue. 1542.align 32 1543.skip 16 1544.L_udiv64_32_b6: 1545 frcpa.s1 f8,pred=f6,f7;; // [0] y0 = 1 / b 1546 1547(pred) fnma.s1 f9=f7,f8,f1 // [5] e0 = 1 - b * y0 1548(pred) fmpy.s1 f10=f6,f8;; // [5] q0 = a * y0 1549(pred) fmpy.s1 f11=f9,f9 // [10] e1 = e0 * e0 1550(pred) fma.s1 f10=f9,f10,f10;; // [10] q1 = q0 + e0 * q0 1551(pred) fma.s1 f8=f9,f8,f8 //;; // [15] y1 = y0 + e0 * y0 1552(pred) fma.s1 f9=f11,f10,f10;; // [15] q2 = q1 + e1 * q1 1553(pred) fma.s1 f8=f11,f8,f8 //;; // [20] y2 = y1 + e1 * y1 1554(pred) fnma.s1 f10=f7,f9,f6;; // [20] r2 = a - b * q2 1555(pred) fma.s1 f8=f10,f8,f9;; // [25] q3 = q2 + r2 * y2 1556 1557 fcvt.fxu.trunc.s1 f8=f8 // [30] q = trunc(q3) 1558 br.ret.sptk.many b6;; 1559.endp bn_div_words# 1560#endif 1561