Implementation notes: amd64, speed2supercop, crypto_aead/twine80n6t4clocv3

Computer: speed2supercop
Microarchitecture: amd64; Haswell+AES (306c3)
Architecture: amd64
CPU ID: GenuineIntel-000306c3-1fc9cbf5
SUPERCOP version: 20240625
Operation: crypto_aead
Primitive: twine80n6t4clocv3

Time	Object size	Test size	Implementation	Compiler	Benchmark date	SUPERCOP version
90740	6736 0 896	23590 792 1776	`T:vperm`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
90948	6909 0 896	19758 792 1760	`T:vperm`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
99764	4054 0 896	18087 784 1824	`T:vperm`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
100488	4438 0 896	17965 752 1824	`T:vperm`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
100580	3747 0 896	15984 728 1792	`T:vperm`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
101044	5305 0 896	21021 752 1824	`T:vperm`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
101500	4951 0 896	22326 792 1776	`T:vperm`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
102632	4641 0 896	18381 752 1824	`T:vperm`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
778404	7668 0 304	23864 800 1168	`T:ref`	`clang_-mcpu=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
935212	8499 0 292	24253 752 1224	`T:ref`	`gcc_-march=native_-mtune=native_-O3_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
935328	7316 0 292	21101 752 1224	`T:ref`	`gcc_-march=native_-mtune=native_-O2_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1018308	6582 0 292	20068 744 1224	`T:ref`	`gcc_-march=native_-mtune=native_-O_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1064056	7773 0 304	25352 800 1184	`T:ref`	`clang_-march=native_-O3_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1064700	7605 0 304	24968 800 1184	`T:ref`	`clang_-march=native_-O2_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1202408	6918 0 304	20336 800 1168	`T:ref`	`clang_-march=native_-O_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1217964	6185 0 304	20375 784 1232	`T:ref`	`clang_-march=native_-Os_-fwrapv_-Qunused-arguments_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625
1382448	5898 0 292	18144 728 1192	`T:ref`	`gcc_-march=native_-mtune=native_-Os_-fwrapv_-fPIC_-fPIE_-gdwarf-4_-Wall`	20240703	20240625

Compiler output

encrypt.c: encrypt.c:68:2: warning: misleading indentation; statement is not part of the previous 'for' [-Wmisleading-indentation]
encrypt.c:         return RETURN_SUCCESS;
encrypt.c:         ^
encrypt.c: encrypt.c:63:5: note: previous statement is here
encrypt.c:     for(i = 0; i < CRYPTO_ABYTES; i++)
encrypt.c:     ^
encrypt.c: 1 warning generated.

Number of similar (implementation,compiler) pairs: 5, namely:

Implementation	Compiler
`T:ref`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:ref`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:ref`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:ref`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:ref`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`

Compiler output

encrypt.c: encrypt.c: In function 'crypto_aead_twine80n6t4clocv3_ref_timingleaks_decrypt':
encrypt.c: encrypt.c:63:5: warning: this 'for' clause does not guard... [-Wmisleading-indentation]
encrypt.c:    63 |     for(i = 0; i < CRYPTO_ABYTES; i++)
encrypt.c:       |     ^~~
encrypt.c: encrypt.c:68:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'for'
encrypt.c:    68 |         return RETURN_SUCCESS;
encrypt.c:       |         ^~~~~~
twine.c: twine.c: In function 'Keyschedule':
twine.c: twine.c:493:17: warning: 'Keyschedule128' reading 32 bytes from a region of size 16 [-Wstringop-overread]
twine.c:   493 |                 Keyschedule128(sk);
twine.c:       |                 ^~~~~~~~~~~~~~~~~~
twine.c: twine.c:493:17: note: referencing argument 1 of type 'const uint8[32]' {aka 'const unsigned char[32]'}
twine.c: twine.c:359:6: note: in a call to function 'Keyschedule128'
twine.c:   359 | void Keyschedule128(const uint8 sk[128/4])
twine.c:       |      ^~~~~~~~~~~~~~

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`T:ref`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:ref`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:ref`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:ref`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`

Compiler output

cloc.c: cloc.c:193:26: warning: implicit conversion from 'int' to 'char' changes value from 128 to -128 [-Wconstant-conversion]
cloc.c:                 state = XORDQW(state, SHR(state, 8));
cloc.c:                         ~~~~~~~~~~~~~~^~~~~~~~~~~~~~
cloc.c: ./common.h:30:126: note: expanded from macro 'SHR'
cloc.c: #define SHR(x,n)        _mm_shuffle_epi8((x), _mm_set_epi8(127+(n), 126+(n), 125+(n), 124+(n), 123+(n), 122+(n), 121+(n), 120+(n), 119+(n), 118+(n), 117+(n), 116+(n), 115+(n), 114+(n), 113+(n), 112+(n))) // shift to the right
cloc.c:                                               ~~~~~~~~~~~~                                                                   ^
cloc.c: ./common.h:18:43: note: expanded from macro 'XORDQW'
cloc.c: #define XORDQW(x, y)            _mm_xor_si128((x), (y))
cloc.c:                                                     ^
cloc.c: cloc.c:193:26: warning: implicit conversion from 'int' to 'char' changes value from 129 to -127 [-Wconstant-conversion]
cloc.c:                 state = XORDQW(state, SHR(state, 8));
cloc.c:                         ~~~~~~~~~~~~~~^~~~~~~~~~~~~~
cloc.c: ./common.h:30:117: note: expanded from macro 'SHR'
cloc.c: #define SHR(x,n)        _mm_shuffle_epi8((x), _mm_set_epi8(127+(n), 126+(n), 125+(n), 124+(n), 123+(n), 122+(n), 121+(n), 120+(n), 119+(n), 118+(n), 117+(n), 116+(n), 115+(n), 114+(n), 113+(n), 112+(n))) // shift to the right
cloc.c:                                               ~~~~~~~~~~~~                                                          ^
cloc.c: ./common.h:18:43: note: expanded from macro 'XORDQW'
cloc.c: #define XORDQW(x, y)            _mm_xor_si128((x), (y))
cloc.c:                                                     ^
cloc.c: cloc.c:193:26: warning: implicit conversion from 'int' to 'char' changes value from 130 to -126 [-Wconstant-conversion]
cloc.c:                 state = XORDQW(state, SHR(state, 8));
cloc.c:                         ~~~~~~~~~~~~~~^~~~~~~~~~~~~~
cloc.c: ./common.h:30:108: note: expanded from macro 'SHR'
cloc.c: #define SHR(x,n)        _mm_shuffle_epi8((x), _mm_set_epi8(127+(n), 126+(n), 125+(n), 124+(n), 123+(n), 122+(n), 121+(n), 120+(n), 119+(n), 118+(n), 117+(n), 116+(n), 115+(n), 114+(n), 113+(n), 112+(n))) // shift to the right
cloc.c:                                               ~~~~~~~~~~~~                                                 ^
cloc.c: ./common.h:18:43: note: expanded from macro 'XORDQW'
cloc.c: ...
encrypt.c: encrypt.c:69:2: warning: misleading indentation; statement is not part of the previous 'for' [-Wmisleading-indentation]
encrypt.c:         return RETURN_SUCCESS;
encrypt.c:         ^
encrypt.c: encrypt.c:64:5: note: previous statement is here
encrypt.c:     for(i = 0; i < CRYPTO_ABYTES; i++)
encrypt.c:     ^
encrypt.c: 1 warning generated.

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`T:vperm`	`clang -march=native -O2 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:vperm`	`clang -march=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:vperm`	`clang -march=native -O -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`
`T:vperm`	`clang -march=native -Os -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`

Compiler output

cloc.c: In file included from cloc.c:7:
cloc.c: ./twine.h:48:9: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'TWINE80_enc' that is compiled without support for 'ssse3'
cloc.c:                 tmp = PSHUFB(lsbox, tmp);
cloc.c:                       ^
cloc.c: ./common.h:42:22: note: expanded from macro 'PSHUFB'
cloc.c: #define PSHUFB(s, x)    _mm_shuffle_epi8((s), (x)) /*return s(x)*/
cloc.c:                         ^
cloc.c: In file included from cloc.c:7:
cloc.c: ./twine.h:51:10: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'TWINE80_enc' that is compiled without support for 'ssse3'
cloc.c:                 left = PSHUFB(left, tmp);
cloc.c:                        ^
cloc.c: ./common.h:42:22: note: expanded from macro 'PSHUFB'
cloc.c: #define PSHUFB(s, x)    _mm_shuffle_epi8((s), (x)) /*return s(x)*/
cloc.c:                         ^
cloc.c: In file included from cloc.c:7:
cloc.c: ./twine.h:54:9: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'TWINE80_enc' that is compiled without support for 'ssse3'
cloc.c:                 tmp = PSHUFB(lsbox, tmp);
cloc.c:                       ^
cloc.c: ./common.h:42:22: note: expanded from macro 'PSHUFB'
cloc.c: #define PSHUFB(s, x)    _mm_shuffle_epi8((s), (x)) /*return s(x)*/
cloc.c:                         ^
cloc.c: In file included from cloc.c:7:
cloc.c: ./twine.h:57:11: error: always_inline function '_mm_shuffle_epi8' requires target feature 'ssse3', but would be inlined into function 'TWINE80_enc' that is compiled without support for 'ssse3'
cloc.c:                 right = PSHUFB(right, tmp);
cloc.c:                         ^
cloc.c: ...

Number of similar (implementation,compiler) pairs: 1, namely:

Implementation	Compiler
`T:vperm`	`clang -mcpu=native -O3 -fwrapv -Qunused-arguments -fPIC -fPIE -gdwarf-4 -Wall (Debian_Clang_16.0.6_(27+b1))`

Compiler output

cloc.c: cloc.c: In function 'ae_decrypt':
cloc.c: cloc.c:227:16: warning: unused variable 'tmpState' [-Wunused-variable]
cloc.c:   227 |         dqword tmpState;
cloc.c:       |                ^~~~~~~~
encrypt.c: encrypt.c: In function 'crypto_aead_twine80n6t4clocv3_vperm_timingleaks_decrypt':
encrypt.c: encrypt.c:64:5: warning: this 'for' clause does not guard... [-Wmisleading-indentation]
encrypt.c:    64 |     for(i = 0; i < CRYPTO_ABYTES; i++)
encrypt.c:       |     ^~~
encrypt.c: encrypt.c:69:9: note: ...this statement, but the latter is misleadingly indented as if it were guarded by the 'for'
encrypt.c:    69 |         return RETURN_SUCCESS;
encrypt.c:       |         ^~~~~~

Number of similar (implementation,compiler) pairs: 4, namely:

Implementation	Compiler
`T:vperm`	`gcc -march=native -mtune=native -O2 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:vperm`	`gcc -march=native -mtune=native -O3 -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:vperm`	`gcc -march=native -mtune=native -O -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`
`T:vperm`	`gcc -march=native -mtune=native -Os -fwrapv -fPIC -fPIE -gdwarf-4 -Wall (13.3.0)`