Does the carry-less multiplication instruction run in constant time? Said differently, is the time it takes to execute independent of its arguments?
Related Questions in ASSEMBLY
- Can I reference multiple versions of a Chef cookbook?
- chef bootstrap a node on google cloud
- Support multiple notifies in definitions
- Chef cleanup - nodes, environments, cookbooks, roles etc.,
- Chef remote_file from https site with self signed certificate
- test-kitchen: how to read platform specific attributes in kitchen.yml
- Accessing Ubuntu chef server using hostname in my windows machine won't work
- Bootstrapping Chef to Windows Node failing
- wait until the end of Chefs compile phase before running code block?
- Chef knife configuration
Related Questions in X86
- Can I reference multiple versions of a Chef cookbook?
- chef bootstrap a node on google cloud
- Support multiple notifies in definitions
- Chef cleanup - nodes, environments, cookbooks, roles etc.,
- Chef remote_file from https site with self signed certificate
- test-kitchen: how to read platform specific attributes in kitchen.yml
- Accessing Ubuntu chef server using hostname in my windows machine won't work
- Bootstrapping Chef to Windows Node failing
- wait until the end of Chefs compile phase before running code block?
- Chef knife configuration
Related Questions in MICRO-OPTIMIZATION
- Can I reference multiple versions of a Chef cookbook?
- chef bootstrap a node on google cloud
- Support multiple notifies in definitions
- Chef cleanup - nodes, environments, cookbooks, roles etc.,
- Chef remote_file from https site with self signed certificate
- test-kitchen: how to read platform specific attributes in kitchen.yml
- Accessing Ubuntu chef server using hostname in my windows machine won't work
- Bootstrapping Chef to Windows Node failing
- wait until the end of Chefs compile phase before running code block?
- Chef knife configuration
Related Questions in GALOIS-FIELD
- Can I reference multiple versions of a Chef cookbook?
- chef bootstrap a node on google cloud
- Support multiple notifies in definitions
- Chef cleanup - nodes, environments, cookbooks, roles etc.,
- Chef remote_file from https site with self signed certificate
- test-kitchen: how to read platform specific attributes in kitchen.yml
- Accessing Ubuntu chef server using hostname in my windows machine won't work
- Bootstrapping Chef to Windows Node failing
- wait until the end of Chefs compile phase before running code block?
- Chef knife configuration
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
According to https://agner.org/optimize/ and
PCLMULQDQhas fixed latency on any given CPU. (http://www.uops.info/table.html doesn't list a latency for it, but has good stuff for most instructions).There's no reason to expect it to be data-dependent- typically only division / sqrt has data-dependent performance in modern high-performance CPUs. Regular multiply doesn't: instead they just make it fast for the general case with lots of hardware parallelism inside the execution unit.
Out-of-order instruction scheduling is a lot easier when uops have fixed latency, and so is building fully-pipelined execution units for them. The scheduler (reservation station) can avoid having 2 operations finish at the same time on the same port and create a write-back conflict. Or worse, in the same execution unit and cause stalls within it. This is why fixed-latency is very common.
(A microcoded multi-uop
pclmulqdqwith branching could potentially have variable latency, or more plausibly latency that depends on the immediate operand: maybe an extra shuffle uop or two when the immediate is non-zero. So the fixed-latency of a single uop argument doesn't necessarily apply to a micro-coded instruction, butpclmuqdqis still simple enough that you wouldn't expect it to actually branch internally the wayrep movsbhas to.)As @fuz points out, PCLMUL was made for crypto, so data-dependent performance would make it vulnerable to timing attacks. So there's a very strong reason to make PCLMUL constant time. (Or at worst, dependent on the immediate, but not the register/memory sources. e.g. an immediate other than
0could cost extra shift uops to get the high halves of the sources fed to a 64x64 => 128 carryless-multiply unit.)Numbers from Agner Fog's tables
On Intel since Broadwell,
pclmuludqis 1 uop. On Skylake, it's 7 cycle latency, 1 per clock throughput. (So you need to keep 7 independent PCLMUL operations in flight to saturate the execution unit on port 5). Broadwell has 5 cycle latency. With a memory source operand, it's 1 extra uop.On Haswell, it's 3 uops (2p0 p5) with 7 cycle latency and one per 2 clock throughput.
On Sandybridge/IvyBridge it's 18 uops, 14c latency, one per 8 clock throughput.
On Westmere (2nd Gen Nehalem) it's 12c latency, one per 8c throughput. (Unknown number of uops, neither Agner Fog nor uops.info has it. But we can safely assume it's microcoded.) This was the first generation to support the instruction- one of the very few differences from Nehalem to Westmere.
On Ryzen it's 4 uops, 4c latency, one per 2 clock throughput. http://instlatx64.atw.hu/ shows it 4.5 cycle latency. I'm not sure what the difference is between their testing and Agner's.
On Piledriver it's 5 uops, 12c latency, one per 7 clock throughput.
On Jaguar it's 1 uop, 3c latency, one per 1 clock throughput!
On Silvermont it's 8 uops, 10c latency/throughput. Goldmont = 3 uops, 6c lat / 3c tput.
See also What considerations go into predicting latency for operations on modern superscalar processors and how can I calculate them by hand? and Agner Fog's optimization guide to understand how latency and throughput (and front-end bottlenecks) matter for performance on out-of-order CPUs, depending on the surrounding code.