Implementation notes: amd64, gcc14, crypto_aead/aeadaes128ocbtaglen128v1

Computer: gcc14
Architecture: amd64
CPU ID: GenuineIntel-00010676-bfebfbff
SUPERCOP version: 20211108
Operation: crypto_aead
Primitive: aeadaes128ocbtaglen128v1
TimeObject sizeTest sizeImplementationCompilerBenchmark dateSUPERCOP version
909857230 18 029008 928 1008T:optclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
910627929 18 030082 944 1040T:optgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
910708229 18 032347 952 1040T:optgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
912217230 18 028072 928 1008T:optclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
912377446 18 029196 952 1040T:optgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
912477230 18 028072 928 1008T:optclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
912477351 18 029008 928 1008T:optclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
912486532 18 026162 920 1008T:optclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
912976230 18 026358 928 1040T:optgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
28443211407 0 031641 852 1008T:refclang_-march=native_-O2_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
28474111407 0 031641 852 1008T:refclang_-march=native_-O_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
28489513036 0 036620 876 1040T:refgcc_-march=native_-mtune=native_-O3_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
28498311407 0 032577 852 1008T:refclang_-march=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
28516311711 0 032737 852 1008T:refclang_-mcpu=native_-O3_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
2902382432 0 021539 844 1008T:refclang_-march=native_-Os_-fomit-frame-pointer_-fwrapv_-Qunused-arguments_-fPIC_-fPIE2021011420210114
3342442490 0 023603 868 1040T:refgcc_-march=native_-mtune=native_-O_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
3344963268 0 024867 868 1040T:refgcc_-march=native_-mtune=native_-O2_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114
3365182043 0 021647 852 1040T:refgcc_-march=native_-mtune=native_-Os_-fomit-frame-pointer_-fwrapv_-fPIC_-fPIE2021011420210114

Compiler output

Implementation: T:dolbeau/aesenc-int
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
encrypt.c: encrypt.c:74:34: warning: incompatible pointer types passing 'const unsigned int *' to parameter of type 'const __m128i *' [-Wincompatible-pointer-types]
encrypt.c: __m128i key0 = _mm_loadu_si128((const unsigned int *)(key+0));
encrypt.c: ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: /usr/lib/llvm-3.8/bin/../lib/clang/3.8.1/include/emmintrin.h:1112:32: note: passing argument to parameter '__p' here
encrypt.c: _mm_loadu_si128(__m128i const *__p)
encrypt.c: ^
encrypt.c: encrypt.c:91:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: BLOCK1(0x01);
encrypt.c: ^
encrypt.c: encrypt.c:82:11: note: expanded from macro 'BLOCK1'
encrypt.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
encrypt.c: ^
encrypt.c: /usr/lib/llvm-3.8/bin/../lib/clang/3.8.1/include/__wmmintrin_aes.h:62:12: note: expanded from macro '_mm_aeskeygenassist_si128'
encrypt.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
encrypt.c: ^
encrypt.c: encrypt.c:92:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: BLOCK1(0x02);
encrypt.c: ^
encrypt.c: encrypt.c:82:11: note: expanded from macro 'BLOCK1'
encrypt.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
encrypt.c: ^
encrypt.c: /usr/lib/llvm-3.8/bin/../lib/clang/3.8.1/include/__wmmintrin_aes.h:62:12: note: expanded from macro '_mm_aeskeygenassist_si128'
encrypt.c: (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
encrypt.c: ^
encrypt.c: encrypt.c:93:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
encrypt.c: ...

Number of similar (compiler,implementation) pairs: 5, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:dolbeau/aesenc-int

Compiler output

Implementation: T:dolbeau/aesenc-int
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
encrypt.c: encrypt.c: In function 'aes128ni_setkey_encrypt':
encrypt.c: encrypt.c:74:34: warning: passing argument 1 of '_mm_loadu_si128' from incompatible pointer type [-Wincompatible-pointer-types]
encrypt.c: __m128i key0 = _mm_loadu_si128((const unsigned int *)(key+0));
encrypt.c: ^
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/6/include/xmmintrin.h:1249:0,
encrypt.c: from /usr/lib/gcc/x86_64-linux-gnu/6/include/immintrin.h:29,
encrypt.c: from encrypt.c:45:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/6/include/emmintrin.h:696:1: note: expected 'const __vector(2) long long int *' but argument is of type 'const unsigned int *'
encrypt.c: _mm_loadu_si128 (__m128i const *__P)
encrypt.c: ^~~~~~~~~~~~~~~
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/6/include/immintrin.h:39:0,
encrypt.c: from encrypt.c:45:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/6/include/wmmintrin.h:87:1: error: inlining failed in call to always_inline '_mm_aeskeygenassist_si128': target specific option mismatch
encrypt.c: _mm_aeskeygenassist_si128 (__m128i __X, const int __C)
encrypt.c: ^~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: encrypt.c:82:9: note: called from here
encrypt.c: temp1 = _mm_aeskeygenassist_si128(temp0, IMM); \
encrypt.c: ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
encrypt.c: encrypt.c:100:3: note: in expansion of macro 'BLOCK1'
encrypt.c: BLOCK1(0x36);
encrypt.c: ^~~~~~
encrypt.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/6/include/immintrin.h:39:0,
encrypt.c: from encrypt.c:45:
encrypt.c: /usr/lib/gcc/x86_64-linux-gnu/6/include/wmmintrin.h:87:1: error: inlining failed in call to always_inline '_mm_aeskeygenassist_si128': target specific option mismatch
encrypt.c: _mm_aeskeygenassist_si128 (__m128i __X, const int __C)
encrypt.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:dolbeau/aesenc-int

Compiler output

Implementation: T:opt
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
ocb.c: ocb.c:113:36: warning: unknown option after '#pragma GCC diagnostic' kind [-Wpragmas]
ocb.c: #pragma GCC diagnostic ignored "-Wimplicit-fallthrough"
ocb.c: ^~~~~~~~~~~~~~~~~~~~~~~~

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
ocb_vaes.c: ocb_vaes.c:668:19: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: k256[i] = _mm256_broadcastsi128_si256(load128(ctx->encrypt_key.rd_key+i));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:669:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: m[M01] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+1)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:670:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: m[M02] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+2)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:671:14: error: always_inline function '_mm256_broadcastsi128_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: m[M03] = _mm256_broadcastsi128_si256(xor128(load128(ctx->L+0), load128(ctx->L+3)));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:672:16: error: always_inline function '_mm256_set_m128i' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: m[M0_01] = _mm256_set_m128i(xor128(load128(ctx->L+0), load128(ctx->L+1)), load128(ctx->L+0));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:677:20: error: always_inline function '_mm256_setzero_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: checksum = zero256();
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:150:27: note: expanded from macro 'zero256'
ocb_vaes.c: #define zero256 _mm256_setzero_si256
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:685:20: error: always_inline function '_mm256_set_m128i' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: checksum = _mm256_set_m128i(zero128(), load128(&ctx->checksum));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:693:13: error: always_inline function '_mm256_xor_si256' requires target feature 'xsave', but would be inlined into function 'ae_encrypt' that is compiled without support for 'xsave'
ocb_vaes.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
ocb_vaes.c: ocb_vaes.c:476:15: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: tmp_blk = reverse_bytes(load128(&ctx->Lstar));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:478:29: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(&ctx->Ldollar, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:480:24: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(ctx->L+0, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:483:25: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'ae_init' that is compiled without support for 'ssse3'
ocb_vaes.c: store128(ctx->L+i, reverse_bytes(tmp_blk));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:155:5: note: expanded from macro 'reverse_bytes'
ocb_vaes.c: _mm_shuffle_epi8(b,_mm_set_epi8(0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15))
ocb_vaes.c: ^
ocb_vaes.c: 4 errors generated.

Number of similar (compiler,implementation) pairs: 1, namely:
CompilerImplementations
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:vaes

Compiler output

Implementation: T:vaes
Security model: timingleaks
Compiler: gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE
ocb_vaes.c: ocb_vaes.c: In function 'process_ad':
ocb_vaes.c: ocb_vaes.c:554:13: warning: implicit declaration of function '_mm256_set_m128i' [-Wimplicit-function-declaration]
ocb_vaes.c: oa[7] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ^~~~~~~~~~~~~~~~
ocb_vaes.c: ocb_vaes.c:554:11: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: oa[7] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:582:15: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: oa[7] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:622:23: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: ta[i] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c: In function 'ae_encrypt':
ocb_vaes.c: ocb_vaes.c:672:14: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: m[M0_01] = _mm256_set_m128i(xor128(load128(ctx->L+0), load128(ctx->L+1)), load128(ctx->L+0));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:685:18: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: checksum = _mm256_set_m128i(zero128(), load128(&ctx->checksum));
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:702:11: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: oa[7] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ^
ocb_vaes.c: ocb_vaes.c:747:15: error: incompatible types when assigning to type '__m256i {aka __vector(4) long long int}' from type 'int'
ocb_vaes.c: oa[7] = _mm256_set_m128i(hi, lo);
ocb_vaes.c: ...

Number of similar (compiler,implementation) pairs: 4, namely:
CompilerImplementations
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:vaes

Namespace violations

Implementation: T:opt
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
ocb.o ae_allocate T
ocb.o ae_clear T
ocb.o ae_ctx_sizeof T
ocb.o ae_decrypt T
ocb.o ae_encrypt T
ocb.o ae_free T
ocb.o ae_init T
ocb.o infoString D

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:opt
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:opt
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:opt
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:opt
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:opt
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:opt

Namespace violations

Implementation: T:ref
Security model: timingleaks
Compiler: clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE
encrypt.o ocb_decrypt T
encrypt.o ocb_encrypt T

Number of similar (compiler,implementation) pairs: 9, namely:
CompilerImplementations
clang -march=native -O2 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -O -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -march=native -Os -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
clang -mcpu=native -O3 -fomit-frame-pointer -fwrapv -Qunused-arguments -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O2 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O3 -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -O -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref
gcc -march=native -mtune=native -Os -fomit-frame-pointer -fwrapv -fPIC -fPIE T:ref