On Thu, 20 Nov 2025 22:55:07 GMT, Volodymyr Paprotski <[email protected]> wrote:
>> - New AVX2 intrinsics are 1.6x-6.9x faster than Java baseline >> - `SignatureBench.MLDSA` is 1.2x-2.2x faster >> - Note: there is no AVX2-SHA3 intrinsics yet (Being reviewed >> https://github.com/vpaprotsk/jdk/pull/7) >> - AVX512 intrinsic improvements are 1.24x-1.5x faster then current version >> - `SignatureBench.MLDSA` is upto 5% faster, never slower >> >> Note on intrinsic: >> - The emitted (existing) AVX512 assembler was not "significantly" changed; >> mostly more efficient instruction selection and tighter register allocation, >> which allowed removal of NTT loop and stack spill. >> - Code was refactored to allow reuse of same assembler (as possible) for >> AVX512 and AVX2 >> >> Tests and benchmarks: >> - Added a fuzz test to ensure Java and intrinsic produces exactly same result >> - Added benchmark to measure the performance of intrinsic itself >> >> make test TEST="test/jdk/sun/security/provider/acvp/Launcher.java >> test/jdk/sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java" >> make test TEST="test/jdk/sun/security/provider/acvp/Launcher.java >> test/jdk/sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java" >> JTREG="JAVA_OPTIONS=-XX:UseAVX=2" >> make test >> TEST="micro:org.openjdk.bench.javax.crypto.full.SignatureBench.MLDSA" >> MICRO="JAVA_OPTIONS=-XX:+UnlockDiagnosticVMOptions >> -XX:+UseDilithiumIntrinsics;FORK=1" >> make test >> TEST="micro:org.openjdk.bench.javax.crypto.full.SignatureBench.MLDSA" >> MICRO="JAVA_OPTIONS=-XX:+UnlockDiagnosticVMOptions >> -XX:-UseDilithiumIntrinsics;FORK=1" > > Volodymyr Paprotski has updated the pull request incrementally with one > additional commit since the last revision: > > next set of comments Always faster and never slower: SignatureBench.MLDSA with `+UseDilithiumIntrinsics` shows an average 1.61% improvement across all algorithms and data sizes. Measuring SignatureBench.MLDSA against a baseline build without the fix, shows an average 2.24% improvement across all algorithms and data sizes. There's nothing special about my benchmark. It's the one in OpenJDK (javax.crypto.full.SignatureBench). Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc cpuid aperfmperf pni pclmulqdq dtes64 monitor ds_cpl smx est tm2 ssse3 sdbg fma cx16 xtpr pdcm pcid dca sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm 3dnowprefetch cpuid_fault epb cat_l3 cdp_l3 invpcid_single ssbd mba ibrs ibpb stibp ibrs_enhanced fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid cqm mpx rdt_a avx512f avx512dq rdseed adx smap clflushopt clwb intel_pt avx512cd avx512bw avx512vl xsaveopt xsavec xgetbv1 xsaves cqm_llc cqm_occup_llc cqm_mbm_total cqm_mbm_local dtherm ida arat pln pts hwp hwp_act_window hwp_epp hwp_pkg_req pku ospke avx512_vnni md_clear flush_l1d arch_capabilities ------------- PR Comment: https://git.openjdk.org/jdk/pull/28136#issuecomment-3571668350
