Implementation notes: amd64, hydra4, crypto_kem/kyber90s512

Computer: hydra4
Microarchitecture: amd64; K10 32nm (300f10)
Architecture: amd64
CPU ID: AuthenticAMD-00300f10-178bfbff
SUPERCOP version: 20240625
Operation: crypto_kem
Primitive: kyber90s512

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
783731	51993 0 0	70608 820 1720	`ref`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
786299	61961 0 0	81408 820 1720	`ref`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
786821	41775 0 0	58494 812 1720	`ref`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
796069	62089 0 0	81536 820 1720	`ref`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
863800	58563 0 0	78264 788 1752	`ref`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
880230	42954 0 0	61528 788 1752	`ref`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
904877	41658 0 0	59288 788 1752	`ref`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
936602	42837 0 0	60406 812 1720	`ref`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625
1239539	40054 0 0	56448 780 1720	`ref`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240708	20240625

Compiler output

aes256ctr.c: aes256ctr.c:90:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK1(0x01);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp2, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/__wmmintrin_aes.h:136:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c:   (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c:            ^
aes256ctr.c: aes256ctr.c:91:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK2(0x01);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:81:11: note: expanded from macro 'BLOCK2'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp0, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/__wmmintrin_aes.h:136:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c:   (__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R))
aes256ctr.c:            ^
aes256ctr.c: aes256ctr.c:93:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK1(0x02);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp2, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-11/lib/clang/11.0.1/include/__wmmintrin_aes.h:136:12: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ...

Number of similar (implementation,compiler) pairs: 5, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`avx2`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`avx2`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`avx2`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`avx2`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

Compiler output

aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:35,
aes256ctr.c:                  from aes256ctr.c:8:
aes256ctr.c: aes256ctr.c: In function 'aesni_encrypt4':
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c:   136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c:       | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:23:8: note: called from here
aes256ctr.c:    23 |   f3 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(3,0)),idx);
aes256ctr.c:       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:35,
aes256ctr.c:                  from aes256ctr.c:8:
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c:   136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c:       | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:22:8: note: called from here
aes256ctr.c:    22 |   f2 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(2,0)),idx);
aes256ctr.c:       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/10/include/immintrin.h:35,
aes256ctr.c:                  from aes256ctr.c:8:
aes256ctr.c: /usr/lib/gcc/x86_64-linux-gnu/10/include/tmmintrin.h:136:1: error: inlining failed in call to 'always_inline' '_mm_shuffle_epi8': target specific option mismatch
aes256ctr.c:   136 | _mm_shuffle_epi8 (__m128i __X, __m128i __Y)
aes256ctr.c:       | ^~~~~~~~~~~~~~~~
aes256ctr.c: aes256ctr.c:21:8: note: called from here
aes256ctr.c:    21 |   f1 = _mm_shuffle_epi8(_mm_add_epi64(f,_mm_set_epi64x(1,0)),idx);
aes256ctr.c:       |        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
aes256ctr.c: ...

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`avx2`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`avx2`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`avx2`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40BA5F
   at 0x...: crypto_kem_kyber90s512_ref_constbranchindex_poly_frommsg (poly.c:176)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_indcpa_enc (indcpa.c:271)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_enc (kem.c:68)
   by 0x...: test (try.c:141)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40BFB7
   at 0x...: crypto_kem_kyber90s512_ref_constbranchindex_poly_frommsg (poly.c:176)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_indcpa_enc (indcpa.c:271)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_enc (kem.c:68)
   by 0x...: test (try.c:141)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

TIMECOP error (can be valgrind bug)

error 111

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x40A828
   at 0x...: crypto_kem_kyber90s512_ref_constbranchindex_polyvec_compress (polyvec.c:56)
   by 0x...: pack_ciphertext (indcpa.c:92)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_indcpa_enc (indcpa.c:297)
   by 0x...: crypto_kem_kyber90s512_ref_constbranchindex_enc (kem.c:68)
   by 0x...: test (try.c:141)
   by 0x...: main (try-anything.c:345)

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`

Passed TIMECOP

TIMECOP iterations: 1

Number of similar (implementation,compiler) pairs: 6, namely:

Implementation	Compiler
`ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_11.0.1)`
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (10.2.1_20210110)`