<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - badly optimized aegis128l crypto algorithm"
href="https://bugs.llvm.org/show_bug.cgi?id=42636">42636</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>badly optimized aegis128l crypto algorithm
</td>
</tr>
<tr>
<th>Product</th>
<td>clang
</td>
</tr>
<tr>
<th>Version</th>
<td>trunk
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>-New Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>arnd@linaro.org
</td>
</tr>
<tr>
<th>CC</th>
<td>htmldeveloper@gmail.com, llvm-bugs@lists.llvm.org, neeilans@live.com, richard-llvm@metafoo.co.uk
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=22250" name="attach_22250" title="aegis128l.c preprocessed for ARM32, gzipped">attachment 22250</a> <a href="attachment.cgi?id=22250&action=edit" title="aegis128l.c preprocessed for ARM32, gzipped">[details]</a></span>
aegis128l.c preprocessed for ARM32, gzipped
Building the Linux kernel, I stumbled over an unusally large stack usage in the
aegis128l Authenticated-Encryption algorithm. Digging a bit deeper, I noticed a
few more things about this file that seem to all have the same root cause:
- compilation takes a whole 8.4 seconds of CPU time, compared with 0.5 seconds
using gcc
- the assembler output is 95288 lines, compared to 2324 lines with gcc
- the largest stack usage is 1664, compared to 256 bytes
- marking the innermost functions (crypto_aegis_block_xor,
crypto_aegis_block_and, crypto_aegis_aesenc) as __attribute__((always_inline))
addresses most of the above issues, the results (build time, stack usage and
amount of generated code) are all still worse than using gcc, but 10x better
than before.
$ time clang-8 --target=arm-linux-gnueabi -O2 -S aegis128l.i -Wall
-Wno-unused-value -Wframe-larger-than=100 -fsanitize=kernel-address -o- | wc
/git/arm-soc/crypto/aegis128l.c:430:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_encrypt'
[-Wframe-larger-than=]
static int crypto_aegis128l_encrypt(struct aead_request *req)
^
/git/arm-soc/crypto/aegis128l.c:449:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_decrypt'
[-Wframe-larger-than=]
static int crypto_aegis128l_decrypt(struct aead_request *req)
^
/git/arm-soc/crypto/aegis128l.c:135:13: warning: stack frame size of 960 bytes
in function 'crypto_aegis128l_encrypt_chunk'
[-Wframe-larger-than=]
static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
^
/git/arm-soc/crypto/aegis128l.c:415:13: warning: stack frame size of 1664 bytes
in function 'crypto_aegis128l_crypt'
[-Wframe-larger-than=]
static void crypto_aegis128l_crypt(struct aead_request *req,
^
/git/arm-soc/crypto/aegis128l.c:218:13: warning: stack frame size of 960 bytes
in function 'crypto_aegis128l_decrypt_chunk'
[-Wframe-larger-than=]
static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
^
5 warnings generated.
95288 378519 2557179
real 0m8.424s
user 0m8.344s
sys 0m0.119s
$ time /home/arnd/cross-gcc/bin/arm-linux-gnueabi-gcc -O2 -S aegis128l.i
-Wframe-larger-than=100 -fsanitize=kernel-address -o - | wc
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_decrypt_chunk':
/git/arm-soc/crypto/aegis128l.c:300:1: warning: the frame size of 168 bytes is
larger than 100 bytes [-Wframe-larger-than=]
}
^
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_encrypt_chunk':
/git/arm-soc/crypto/aegis128l.c:216:1: warning: the frame size of 176 bytes is
larger than 100 bytes [-Wframe-larger-than=]
}
^
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_crypt':
/git/arm-soc/crypto/aegis128l.c:428:1: warning: the frame size of 256 bytes is
larger than 100 bytes [-Wframe-larger-than=]
}
^
2324 8027 44131
real 0m0.572s
user 0m0.534s
sys 0m0.038s
$ time clang-8 --target=arm-linux-gnueabi -O2 -S aegis128l-always-inline.i
-Wall -Wno-unused-value -Wframe-larger-than=100 -fsanitize=kernel-address -o- |
wc
/git/arm-soc/crypto/aegis128l.c:430:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_encrypt'
[-Wframe-larger-than=]
static int crypto_aegis128l_encrypt(struct aead_request *req)
^
/git/arm-soc/crypto/aegis128l.c:449:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_decrypt'
[-Wframe-larger-than=]
static int crypto_aegis128l_decrypt(struct aead_request *req)
^
/git/arm-soc/crypto/aegis128l.c:135:13: warning: stack frame size of 384 bytes
in function 'crypto_aegis128l_encrypt_chunk'
[-Wframe-larger-than=]
static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
^
/git/arm-soc/crypto/aegis128l.c:415:13: warning: stack frame size of 608 bytes
in function 'crypto_aegis128l_crypt'
[-Wframe-larger-than=]
static void crypto_aegis128l_crypt(struct aead_request *req,
^
/git/arm-soc/crypto/aegis128l.c:50:13: warning: stack frame size of 160 bytes
in function 'crypto_aegis128l_update'
[-Wframe-larger-than=]
static void crypto_aegis128l_update(struct aegis_state *state)
^
/git/arm-soc/crypto/aegis128l.c:218:13: warning: stack frame size of 384 bytes
in function 'crypto_aegis128l_decrypt_chunk'
[-Wframe-larger-than=]
static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
^
6 warnings generated.
8078 28788 189043
real 0m1.109s
user 0m1.070s
sys 0m0.042s</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>