Test results for amd64, saber214, crypto_sign/dilithium3aes

[Page version: 20250427 16:08:48]

Measurements for amd64, saber214, crypto_sign Test results for amd64, saber214, crypto_sign Test results for crypto_sign/dilithium3aes

Computer: saber214
Microarchitecture: amd64; Bulldozer (600f20)
Architecture: amd64
CPU ID: AuthenticAMD-00600f20-1789c3f5
SUPERCOP version: 20250415
Operation: crypto_sign
Primitive: dilithium3aes

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
4592927	43089 0 0	62252 824 1568	`ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
4756496	48213 0 0	67006 784 1632	`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5005290	35283 0 0	53180 824 1568	`ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5111392	43149 0 0	63468 824 1600	`ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5156668	25915 0 0	43406 784 1632	`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5228722	25627 0 0	42292 824 1568	`ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5330433	22521 0 0	38742 816 1568	`ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
5534625	24536 0 0	41710 784 1632	`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415
8727044	23057 0 0	39070 776 1600	`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall`	20250419	20250415

Compiler output

poly.c: poly.c:52:9: error: always_inline function '_mm256_add_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_sign_dilithium3aes_avx2_constbranchindex_poly_reduce' that is compiled without support for 'avx2'
poly.c:     g = _mm256_add_epi32(f,off);
poly.c:         ^
poly.c: poly.c:53:9: error: always_inline function '_mm256_srai_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_sign_dilithium3aes_avx2_constbranchindex_poly_reduce' that is compiled without support for 'avx2'
poly.c:     g = _mm256_srai_epi32(g,23);
poly.c:         ^
poly.c: poly.c:54:9: error: always_inline function '_mm256_mullo_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_sign_dilithium3aes_avx2_constbranchindex_poly_reduce' that is compiled without support for 'avx2'
poly.c:     g = _mm256_mullo_epi32(g,q);
poly.c:         ^
poly.c: poly.c:55:9: error: always_inline function '_mm256_sub_epi32' requires target feature 'avx2', but would be inlined into function 'crypto_sign_dilithium3aes_avx2_constbranchindex_poly_reduce' that is compiled without support for 'avx2'
poly.c:     f = _mm256_sub_epi32(f,g);
poly.c:         ^
poly.c: 4 errors generated.

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`avx2`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`
`avx2`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`
`avx2`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`
`avx2`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

Compiler output

aes256ctr.c: aes256ctr.c:90:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK1(0x01);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp2, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c:   ((__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R)))
aes256ctr.c:             ^
aes256ctr.c: aes256ctr.c:91:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK2(0x01);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:81:11: note: expanded from macro 'BLOCK2'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp0, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c:   ((__m128i)__builtin_ia32_aeskeygenassist128((__v2di)(__m128i)(C), (int)(R)))
aes256ctr.c:             ^
aes256ctr.c: aes256ctr.c:93:3: error: '__builtin_ia32_aeskeygenassist128' needs target feature aes
aes256ctr.c:   BLOCK1(0x02);
aes256ctr.c:   ^
aes256ctr.c: aes256ctr.c:71:11: note: expanded from macro 'BLOCK1'
aes256ctr.c:   temp1 = _mm_aeskeygenassist_si128(temp2, IMM);                        \
aes256ctr.c:           ^
aes256ctr.c: /usr/lib/llvm-14/lib/clang/14.0.0/include/__wmmintrin_aes.h:136:13: note: expanded from macro '_mm_aeskeygenassist_si128'
aes256ctr.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`avx2`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

Compiler output

poly.c: poly.c:1055:52: warning: argument 2 of type 'const uint8_t[652]' {aka 'const unsigned char[652]'} with mismatched bound [-Warray-parameter=]
poly.c:  1055 | void polyz_unpack(poly * restrict r, const uint8_t a[POLYZ_PACKEDBYTES+12]) {
poly.c:       |                                      ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
poly.c: In file included from poly.c:7:
poly.c: poly.h:111:42: note: previously declared as 'const uint8_t[654]' {aka 'const unsigned char[654]'}
poly.c:   111 | void polyz_unpack(poly *r, const uint8_t a[POLYZ_PACKEDBYTES+14]);
poly.c:       |                            ~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
poly.c: poly.c:1121:26: warning: argument 1 of type 'uint8_t[128]' {aka 'unsigned char[128]'} with mismatched bound [-Warray-parameter=]
poly.c:  1121 | void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES], const poly * restrict a) {
poly.c:       |                  ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
poly.c: In file included from poly.c:7:
poly.c: poly.h:114:26: note: previously declared as 'uint8_t[136]' {aka 'unsigned char[136]'}
poly.c:   114 | void polyw1_pack(uint8_t r[POLYW1_PACKEDBYTES+8], const poly *a);
poly.c:       |                  ~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~
poly.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:47,
poly.c:                  from poly.c:3:
poly.c: poly.c: In function 'crypto_sign_dilithium3aes_avx2_constbranchindex_poly_reduce':
poly.c: /usr/lib/gcc/x86_64-linux-gnu/11/include/avx2intrin.h:815:1: error: inlining failed in call to 'always_inline' '_mm256_sub_epi32': target specific option mismatch
poly.c:   815 | _mm256_sub_epi32 (__m256i __A, __m256i __B)
poly.c:       | ^~~~~~~~~~~~~~~~
poly.c: poly.c:55:9: note: called from here
poly.c:    55 |     f = _mm256_sub_epi32(f,g);
poly.c:       |         ^~~~~~~~~~~~~~~~~~~~~
poly.c: In file included from /usr/lib/gcc/x86_64-linux-gnu/11/include/immintrin.h:47,
poly.c:                  from poly.c:3:
poly.c: ...

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`avx2`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`avx2`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`avx2`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`avx2`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`

Compiler output

aes256ctr.c: aes256ctr.c:557:64: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c:   557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c:       |                                                 ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:21:34: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c:    21 |                    const uint8_t key[32],
aes256ctr.c:       |                    ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:557:84: warning: argument 4 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c:   557 | void aes256ctr_prf(uint8_t *out, size_t outlen, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c:       |                                                                     ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:22:34: note: previously declared as an array 'const uint8_t[12]' {aka 'const unsigned char[12]'}
aes256ctr.c:    22 |                    const uint8_t nonce[12]);
aes256ctr.c:       |                    ~~~~~~~~~~~~~~^~~~~~~~~
aes256ctr.c: aes256ctr.c:565:54: warning: argument 2 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c:   565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c:       |                                       ~~~~~~~~~~~~~~~^~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: aes256ctr.h:26:35: note: previously declared as an array 'const uint8_t[32]' {aka 'const unsigned char[32]'}
aes256ctr.c:    26 |                     const uint8_t key[32],
aes256ctr.c:       |                     ~~~~~~~~~~~~~~^~~~~~~
aes256ctr.c: aes256ctr.c:565:74: warning: argument 3 of type 'const uint8_t *' {aka 'const unsigned char *'} declared as a pointer [-Warray-parameter=]
aes256ctr.c:   565 | void aes256ctr_init(aes256ctr_ctx *s, const uint8_t *key, const uint8_t *nonce)
aes256ctr.c:       |                                                           ~~~~~~~~~~~~~~~^~~~~
aes256ctr.c: In file included from aes256ctr.c:27:
aes256ctr.c: ...
polyvec.c: polyvec.c: In function 'crypto_sign_dilithium3aes_ref_constbranchindex_polyvecl_uniform_gamma1':
polyvec.c: <command-line>: warning: 'crypto_sign_dilithium3aes_ref_constbranchindex_poly_uniform_gamma1' reading 48 bytes from a region of size 32 [-Wstringop-overread]
polyvec.c: <command-line>: note: in definition of macro 'CRYPTO_NAMESPACE'
polyvec.c: poly.h:51:29: note: in expansion of macro 'DILITHIUM_NAMESPACE'
polyvec.c:    51 | #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1)
polyvec.c:       |                             ^~~~~~~~~~~~~~~~~~~
polyvec.c: polyvec.c:47:5: note: in expansion of macro 'poly_uniform_gamma1'
polyvec.c:    47 |     poly_uniform_gamma1(&v->vec[i], seed, L*nonce + i);
polyvec.c:       |     ^~~~~~~~~~~~~~~~~~~
polyvec.c: <command-line>: note: referencing argument 2 of type 'const uint8_t *' {aka 'const unsigned char *'}
polyvec.c: <command-line>: note: in definition of macro 'CRYPTO_NAMESPACE'
polyvec.c: poly.h:51:29: note: in expansion of macro 'DILITHIUM_NAMESPACE'
polyvec.c:    51 | #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1)
polyvec.c:       |                             ^~~~~~~~~~~~~~~~~~~
polyvec.c: polyvec.c:47:5: note: in expansion of macro 'poly_uniform_gamma1'
polyvec.c:    47 |     poly_uniform_gamma1(&v->vec[i], seed, L*nonce + i);
polyvec.c:       |     ^~~~~~~~~~~~~~~~~~~
polyvec.c: <command-line>: note: in a call to function 'crypto_sign_dilithium3aes_ref_constbranchindex_poly_uniform_gamma1'
polyvec.c: <command-line>: note: in definition of macro 'CRYPTO_NAMESPACE'
polyvec.c: poly.h:51:29: note: in expansion of macro 'DILITHIUM_NAMESPACE'
polyvec.c:    51 | #define poly_uniform_gamma1 DILITHIUM_NAMESPACE(poly_uniform_gamma1)
polyvec.c:       |                             ^~~~~~~~~~~~~~~~~~~
polyvec.c: poly.h:52:6: note: in expansion of macro 'poly_uniform_gamma1'
polyvec.c:    52 | void poly_uniform_gamma1(poly *a,
polyvec.c:       |      ^~~~~~~~~~~~~~~~~~~

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x112261
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x1141A1
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10FAE1
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10EA21
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x1145A1
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Ubuntu_Clang_14.0.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A61D
   at 0x...: salsa20.part.0 (try-anything.c:102)
   by 0x...: salsa20 (try-anything.c:85)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10A26A
   at 0x...: core (try-anything.c:53)
   by 0x...: salsa20 (try-anything.c:101)
   by 0x...: salsa20 (try-anything.c:81)
   by 0x...: testvector (try-anything.c:124)
   by 0x...: myrandom (try-anything.c:132)
   by 0x...: test (try.c:124)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10F521
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`

TIMECOP error (can be valgrind bug)

error 132

Process terminating with default action of signal 4 (SIGILL)
 Illegal opcode at address 0x10EAE1
   at 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex_blocks_xop (chacha.S:101)
   by 0x...: ??? (in /home/djb/supercop-data/saber214/amd64/try/c/gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall/constbranchindex/crypto_sign/dilithium3aes/ref/work/try-timecop)
   by 0x...: crypto_stream_chacha20_moon_xop_64_constbranchindex (crypto_stream.c:14)
   by 0x...: crypto_rng_chacha20_ref_constbranchindex (rng.c:23)
   by 0x...: randombytes_internal (knownrandombytes.c:37)
   by 0x...: randombytes (knownrandombytes.c:56)
   by 0x...: crypto_sign_dilithium3aes_ref_constbranchindex_keypair (sign.c:32)
   by 0x...: test (try.c:128)
   by 0x...: main (try-anything.c:345)
timeout: the monitored command dumped core
Illegal instruction

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (11.4.0)`