Implementation notes: amd64, shoe, crypto_aead/romulust

Computer: shoe
Microarchitecture: amd64; Broadwell+AES (306d4)
Architecture: amd64
CPU ID: GenuineIntel-000306d4-bfebfbff
SUPERCOP version: 20240625
Operation: crypto_aead
Primitive: romulust

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
521078	14059 0 0	30592 812 1048	`aadomn/x86`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
534129	13795 0 0	30432 812 1048	`aadomn/x86`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
534396	11851 0 0	25302 804 1016	`aadomn/x86`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
560209	11276 0 0	24446 804 1016	`aadomn/x86`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
564912	11972 0 0	24891 756 1048	`aadomn/x86`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
577057	14008 0 0	30168 780 1080	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
585482	12475 0 0	26864 780 1080	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
650675	12532 0 0	26583 772 1080	`aadomn/x86`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
2030973	27486 640 0	44240 1460 1048	`T!!!aadomn/opt32`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
2034453	27022 640 0	43880 1460 1048	`T!!!aadomn/opt32`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
2084400	27290 640 0	43192 1460 1016	`T!!!aadomn/opt32`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
2905074	16937 640 0	30510 1452 1016	`aadomn/opt32`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
2990498	19237 640 0	33214 1452 1016	`T!!!aadomn/opt32`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
3103350	20128 640 0	34664 1428 1080	`T!!!aadomn/opt32`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
3186889	18384 640 0	31419 1404 1048	`T!!!aadomn/opt32`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
3295854	18950 640 0	33224 1428 1080	`T!!!aadomn/opt32`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
3409261	31121 640 0	47448 1428 1080	`T!!!aadomn/opt32`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
4199622	10149 12 0	27280 824 1048	`T:ref`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
4216124	10908 12 0	27952 824 1048	`T:ref`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
4265026	12189 12 0	28448 792 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
4944818	9393 12 0	25824 824 1016	`T:ref`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
12650190	5310 12 0	18918 816 1016	`T:ref`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
12989370	6333 12 0	20816 792 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
13183120	4832 12 0	17795 768 1048	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
13871085	5419 12 0	19342 816 1016	`T:ref`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625
14097446	5449 12 0	19575 784 1080	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240630	20240625

Compiler output

skinny128.c: skinny128.c:95:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, _mm_set_epi32(0x03040602, 0x05000701, 0x0b0c0e0a, 0x0d080f09));
skinny128.c:            ^
skinny128.c: skinny128.c:97:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:99:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:101:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:103:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:105:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:107:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:109:12: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c:     tk_1 = _mm_shuffle_epi8(tk_1, perm_tk);
skinny128.c:            ^
skinny128.c: skinny128.c:113:5: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'skinny128_384_plus' that is compiled without support for 'ssse3'
skinny128.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

Compiler output

romulus_t_reference.c: romulus_t_reference.c: In function 'romulus_t_encrypt':
romulus_t_reference.c: romulus_t_reference.c:368:16: warning: variable 'i' set but not used [-Wunused-but-set-variable]
romulus_t_reference.c:   368 |   unsigned int i;
romulus_t_reference.c:       |                ^
romulus_t_reference.c: romulus_t_reference.c: In function 'romulus_t_decrypt':
romulus_t_reference.c: romulus_t_reference.c:411:24: warning: variable 'C' set but not used [-Wunused-but-set-variable]
romulus_t_reference.c:   411 |   const unsigned char* C;
romulus_t_reference.c:       |                        ^

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`T:ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`T:ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

Failed TIMECOP

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)
 Uninitialised value was created by a client request
   at 0x...: poison (try-anything.c:281)
   by 0x...: test (try.c:298)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)
 Uninitialised value was created by a client request
   at 0x...: poison (try-anything.c:281)
   by 0x...: test (try.c:329)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 2, namely:

Implementation	Compiler
`aadomn/opt32`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`aadomn/opt32`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

Failed TIMECOP

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)
 Uninitialised value was created by a client request
   at 0x...: poison (try-anything.c:281)
   by 0x...: test (try.c:299)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)
 Uninitialised value was created by a client request
   at 0x...: poison (try-anything.c:281)
   by 0x...: test (try.c:330)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 6, namely:

Implementation	Compiler
`aadomn/opt32`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`aadomn/opt32`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`aadomn/opt32`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`aadomn/opt32`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`aadomn/opt32`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`aadomn/opt32`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 99
9d6eab732a0e94656e2569267d8d3fb43efa6c6b0bac591d9f604deb226225eb 134111072 7698122284 1900000000 crypto_aead/romulust/aadomn/opt32
Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_opt32_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/opt32`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x404AFC
   at 0x...: skinny128_384_plus (skinny128.c:113)
   by 0x...: romulust_kdf (romulus_t.c:239)
   by 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_encrypt (encrypt.c:26)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40494C
   at 0x...: skinny128_384_plus (skinny128.c:113)
   by 0x...: romulust_kdf (romulus_t.c:239)
   by 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_encrypt (encrypt.c:26)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40378C
   at 0x...: skinny128_384_plus (skinny128.c:113)
   by 0x...: romulust_kdf (romulus_t.c:239)
   by 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_encrypt (encrypt.c:26)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x403564
   at 0x...: skinny128_384_plus (skinny128.c:113)
   by 0x...: romulust_kdf (romulus_t.c:239)
   by 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_encrypt (encrypt.c:26)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 99
9d6eab732a0e94656e2569267d8d3fb43efa6c6b0bac591d9f604deb226225eb 18216048 1273447060 1900000000 crypto_aead/romulust/aadomn/x86
Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 99
9d6eab732a0e94656e2569267d8d3fb43efa6c6b0bac591d9f604deb226225eb 17977400 993636604 1900000000 crypto_aead/romulust/aadomn/x86
Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10B91E
   at 0x...: _mm_set_epi64x (emmintrin.h:592)
   by 0x...: _mm_set_epi64 (emmintrin.h:598)
   by 0x...: _mm_loadl_epi64 (emmintrin.h:709)
   by 0x...: skinny128_384_plus (skinny128.c:113)
   by 0x...: romulust_kdf (romulus_t.c:239)
   by 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_encrypt (encrypt.c:26)
   by 0x...: test (try.c:159)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 99
9d6eab732a0e94656e2569267d8d3fb43efa6c6b0bac591d9f604deb226225eb 20987196 1469445120 1900000000 crypto_aead/romulust/aadomn/x86
Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:300)
   by 0x...: main (try-anything.c:345)

Conditional jump or move depends on uninitialised value(s)
   at 0x...: crypto_aead_romulust_aadomn_x86_constbranchindex_decrypt (encrypt.c:52)
   by 0x...: test (try.c:331)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`aadomn/x86`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`