Does the carry-less multiplication instruction run in constant time? Said differently, is the time it takes to execute independent of its arguments?
Related Questions in ASSEMBLY
- UIWebView Screen Fitting Issue
- ios responsive design not working (too wide in portrait orientation)
- Setting View orientation to portrait is ignored
- How do I add custom cells to TableView in Swift?
- UIWebView not loading URL in simulator
- What is the limit for number of subscribers to a stream(publisher's) in opentok/tokbox iOS SDK?
- How to generate request format for WCF web service method for Mac and iPhone
- Difference between gethostname() and [NSProcessInfo hostName]?
- How to force close ipad/iphone keypad when input element is not focused using JS?
- iOS app rejected because of in-app purchase
Related Questions in X86
- UIWebView Screen Fitting Issue
- ios responsive design not working (too wide in portrait orientation)
- Setting View orientation to portrait is ignored
- How do I add custom cells to TableView in Swift?
- UIWebView not loading URL in simulator
- What is the limit for number of subscribers to a stream(publisher's) in opentok/tokbox iOS SDK?
- How to generate request format for WCF web service method for Mac and iPhone
- Difference between gethostname() and [NSProcessInfo hostName]?
- How to force close ipad/iphone keypad when input element is not focused using JS?
- iOS app rejected because of in-app purchase
Related Questions in MICRO-OPTIMIZATION
- UIWebView Screen Fitting Issue
- ios responsive design not working (too wide in portrait orientation)
- Setting View orientation to portrait is ignored
- How do I add custom cells to TableView in Swift?
- UIWebView not loading URL in simulator
- What is the limit for number of subscribers to a stream(publisher's) in opentok/tokbox iOS SDK?
- How to generate request format for WCF web service method for Mac and iPhone
- Difference between gethostname() and [NSProcessInfo hostName]?
- How to force close ipad/iphone keypad when input element is not focused using JS?
- iOS app rejected because of in-app purchase
Related Questions in GALOIS-FIELD
- UIWebView Screen Fitting Issue
- ios responsive design not working (too wide in portrait orientation)
- Setting View orientation to portrait is ignored
- How do I add custom cells to TableView in Swift?
- UIWebView not loading URL in simulator
- What is the limit for number of subscribers to a stream(publisher's) in opentok/tokbox iOS SDK?
- How to generate request format for WCF web service method for Mac and iPhone
- Difference between gethostname() and [NSProcessInfo hostName]?
- How to force close ipad/iphone keypad when input element is not focused using JS?
- iOS app rejected because of in-app purchase
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
According to https://agner.org/optimize/ and
PCLMULQDQhas fixed latency on any given CPU. (http://www.uops.info/table.html doesn't list a latency for it, but has good stuff for most instructions).There's no reason to expect it to be data-dependent- typically only division / sqrt has data-dependent performance in modern high-performance CPUs. Regular multiply doesn't: instead they just make it fast for the general case with lots of hardware parallelism inside the execution unit.
Out-of-order instruction scheduling is a lot easier when uops have fixed latency, and so is building fully-pipelined execution units for them. The scheduler (reservation station) can avoid having 2 operations finish at the same time on the same port and create a write-back conflict. Or worse, in the same execution unit and cause stalls within it. This is why fixed-latency is very common.
(A microcoded multi-uop
pclmulqdqwith branching could potentially have variable latency, or more plausibly latency that depends on the immediate operand: maybe an extra shuffle uop or two when the immediate is non-zero. So the fixed-latency of a single uop argument doesn't necessarily apply to a micro-coded instruction, butpclmuqdqis still simple enough that you wouldn't expect it to actually branch internally the wayrep movsbhas to.)As @fuz points out, PCLMUL was made for crypto, so data-dependent performance would make it vulnerable to timing attacks. So there's a very strong reason to make PCLMUL constant time. (Or at worst, dependent on the immediate, but not the register/memory sources. e.g. an immediate other than
0could cost extra shift uops to get the high halves of the sources fed to a 64x64 => 128 carryless-multiply unit.)Numbers from Agner Fog's tables
On Intel since Broadwell,
pclmuludqis 1 uop. On Skylake, it's 7 cycle latency, 1 per clock throughput. (So you need to keep 7 independent PCLMUL operations in flight to saturate the execution unit on port 5). Broadwell has 5 cycle latency. With a memory source operand, it's 1 extra uop.On Haswell, it's 3 uops (2p0 p5) with 7 cycle latency and one per 2 clock throughput.
On Sandybridge/IvyBridge it's 18 uops, 14c latency, one per 8 clock throughput.
On Westmere (2nd Gen Nehalem) it's 12c latency, one per 8c throughput. (Unknown number of uops, neither Agner Fog nor uops.info has it. But we can safely assume it's microcoded.) This was the first generation to support the instruction- one of the very few differences from Nehalem to Westmere.
On Ryzen it's 4 uops, 4c latency, one per 2 clock throughput. http://instlatx64.atw.hu/ shows it 4.5 cycle latency. I'm not sure what the difference is between their testing and Agner's.
On Piledriver it's 5 uops, 12c latency, one per 7 clock throughput.
On Jaguar it's 1 uop, 3c latency, one per 1 clock throughput!
On Silvermont it's 8 uops, 10c latency/throughput. Goldmont = 3 uops, 6c lat / 3c tput.
See also What considerations go into predicting latency for operations on modern superscalar processors and how can I calculate them by hand? and Agner Fog's optimization guide to understand how latency and throughput (and front-end bottlenecks) matter for performance on out-of-order CPUs, depending on the surrounding code.