[llvm-bugs] [Bug 42636] New: badly optimized aegis128l crypto algorithm

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jul 16 06:35:08 PDT 2019 

https://bugs.llvm.org/show_bug.cgi?id=42636

            Bug ID: 42636
           Summary: badly optimized aegis128l crypto algorithm
           Product: clang
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: -New Bugs
          Assignee: unassignedclangbugs at nondot.org
          Reporter: arnd at linaro.org
                CC: htmldeveloper at gmail.com, llvm-bugs at lists.llvm.org,
                    neeilans at live.com, richard-llvm at metafoo.co.uk

Created attachment 22250
  --> https://bugs.llvm.org/attachment.cgi?id=22250&action=edit
aegis128l.c preprocessed for ARM32, gzipped

Building the Linux kernel, I stumbled over an unusally large stack usage in the
aegis128l Authenticated-Encryption algorithm. Digging a bit deeper, I noticed a
few more things about this file that seem to all have the same root cause:

- compilation takes a whole 8.4 seconds of CPU time, compared with 0.5 seconds
using gcc
- the assembler output is 95288 lines, compared to 2324 lines with gcc
- the largest stack usage is 1664, compared to 256 bytes
- marking the innermost functions (crypto_aegis_block_xor,
crypto_aegis_block_and, crypto_aegis_aesenc) as __attribute__((always_inline))
addresses most of the above issues, the results (build time, stack usage and
amount of generated code) are all still worse than using gcc, but 10x better
than before.

$ time clang-8 --target=arm-linux-gnueabi -O2 -S aegis128l.i -Wall
-Wno-unused-value -Wframe-larger-than=100 -fsanitize=kernel-address -o- | wc
/git/arm-soc/crypto/aegis128l.c:430:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_encrypt'
      [-Wframe-larger-than=]
static int crypto_aegis128l_encrypt(struct aead_request *req)
           ^
/git/arm-soc/crypto/aegis128l.c:449:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_decrypt'
      [-Wframe-larger-than=]
static int crypto_aegis128l_decrypt(struct aead_request *req)
           ^
/git/arm-soc/crypto/aegis128l.c:135:13: warning: stack frame size of 960 bytes
in function 'crypto_aegis128l_encrypt_chunk'
      [-Wframe-larger-than=]
static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
            ^
/git/arm-soc/crypto/aegis128l.c:415:13: warning: stack frame size of 1664 bytes
in function 'crypto_aegis128l_crypt'
      [-Wframe-larger-than=]
static void crypto_aegis128l_crypt(struct aead_request *req,
            ^
/git/arm-soc/crypto/aegis128l.c:218:13: warning: stack frame size of 960 bytes
in function 'crypto_aegis128l_decrypt_chunk'
      [-Wframe-larger-than=]
static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
            ^
5 warnings generated.
  95288  378519 2557179

real    0m8.424s
user    0m8.344s
sys     0m0.119s

$ time /home/arnd/cross-gcc/bin/arm-linux-gnueabi-gcc -O2 -S aegis128l.i
-Wframe-larger-than=100 -fsanitize=kernel-address -o - | wc 
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_decrypt_chunk':
/git/arm-soc/crypto/aegis128l.c:300:1: warning: the frame size of 168 bytes is
larger than 100 bytes [-Wframe-larger-than=]
 }
 ^
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_encrypt_chunk':
/git/arm-soc/crypto/aegis128l.c:216:1: warning: the frame size of 176 bytes is
larger than 100 bytes [-Wframe-larger-than=]
 }
 ^
/git/arm-soc/crypto/aegis128l.c: In function 'crypto_aegis128l_crypt':
/git/arm-soc/crypto/aegis128l.c:428:1: warning: the frame size of 256 bytes is
larger than 100 bytes [-Wframe-larger-than=]
 }
 ^
   2324    8027   44131

real    0m0.572s
user    0m0.534s
sys     0m0.038s


$ time clang-8 --target=arm-linux-gnueabi -O2 -S aegis128l-always-inline.i
-Wall -Wno-unused-value -Wframe-larger-than=100 -fsanitize=kernel-address -o- |
wc
/git/arm-soc/crypto/aegis128l.c:430:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_encrypt'
      [-Wframe-larger-than=]
static int crypto_aegis128l_encrypt(struct aead_request *req)
           ^
/git/arm-soc/crypto/aegis128l.c:449:12: warning: stack frame size of 128 bytes
in function 'crypto_aegis128l_decrypt'
      [-Wframe-larger-than=]
static int crypto_aegis128l_decrypt(struct aead_request *req)
           ^
/git/arm-soc/crypto/aegis128l.c:135:13: warning: stack frame size of 384 bytes
in function 'crypto_aegis128l_encrypt_chunk'
      [-Wframe-larger-than=]
static void crypto_aegis128l_encrypt_chunk(struct aegis_state *state, u8 *dst,
            ^
/git/arm-soc/crypto/aegis128l.c:415:13: warning: stack frame size of 608 bytes
in function 'crypto_aegis128l_crypt'
      [-Wframe-larger-than=]
static void crypto_aegis128l_crypt(struct aead_request *req,
            ^
/git/arm-soc/crypto/aegis128l.c:50:13: warning: stack frame size of 160 bytes
in function 'crypto_aegis128l_update'
      [-Wframe-larger-than=]
static void crypto_aegis128l_update(struct aegis_state *state)
            ^
/git/arm-soc/crypto/aegis128l.c:218:13: warning: stack frame size of 384 bytes
in function 'crypto_aegis128l_decrypt_chunk'
      [-Wframe-larger-than=]
static void crypto_aegis128l_decrypt_chunk(struct aegis_state *state, u8 *dst,
            ^
6 warnings generated.
   8078   28788  189043

real    0m1.109s
user    0m1.070s
sys     0m0.042s

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20190716/4b938378/attachment-0001.html>

More information about the llvm-bugs mailing list