Discussion:
Problems with Aarch64 vmull_p64 and vmull_high_p64
Jim Wilson
2017-07-30 23:30:21 UTC
Permalink
hikey$ g++ -march=armv8-a test.cxx -c
pmull is part of the crypto extension, which is not enabled by
default. You need to use -march=armv8-a+crypto. Or else specify a
-mcpu= option for a cpu that has the crypto support. However, not all
cortex-a53 processors support the crypto extension, so
-mcpu=cortex-a53 is not safe, though this will work accidentally in
some older gcc versions, possibly including your compiler, depending
on which patches have been backported to it. -mcpu=cortex-a53 will
definitely not work in current compiler versions.

If you use a compiler version that supports the crypto intrinsics,
then you will get slightly less confusing error message complaining
about a target specific option mismatch, as the intrinsics are defined
to require crypto support.

There may also be other issues here, but this seems to be the immediate one.

Jim
Jeffrey Walton
2017-07-30 23:47:24 UTC
Permalink
Post by Jim Wilson
hikey$ g++ -march=armv8-a test.cxx -c
pmull is part of the crypto extension, which is not enabled by
default. You need to use -march=armv8-a+crypto. Or else specify a
Thanks Jim.

The odd thing is, ARM's ACLE [1], Section 6.5.4 (p.24), states Crypto
applies to
AES{E, D} and SHA1{C, P, M}. It does not mention PMULL. Later it goes
on to state PMULL gear is available on Aarch32 and Aarch64.

Jeff

[1] http://infocenter.arm.com/help/topic/com.arm.doc.ihi0053c/IHI0053C_acle_2_0.pdf
Jim Wilson
2017-07-31 01:18:23 UTC
Permalink
Post by Jeffrey Walton
The odd thing is, ARM's ACLE [1], Section 6.5.4 (p.24), states Crypto
applies to
AES{E, D} and SHA1{C, P, M}. It does not mention PMULL. Later it goes
on to state PMULL gear is available on Aarch32 and Aarch64.
If you look at the ARMv8 Architecture Reference Manual, section A1.6
Cryptographic Extension, it says
"Large polynomial multiplies are included as part of the Cryptographic
Extension, see PMULL, PMULL2 on
page C6-1096."

If you look at section C6.3.190 PMULL, PMULL2, it says
"The '1Q' arrangement is only allocated in an implementation that
includes the Crypto extensions,
and is otherwise RESERVED."

So pmull.8b is always valid, but pmull.1q is only valid on targets
that support the Crypto extensions.

Looking at the ACLE docs, section 6.5.7 says AES, SHA1, etc. The etc
would include things like pmull and sha256.

I see in section 12.3.14 Crypto Intrinsics, it mentions vmull_p64 and
vmull_high_p64, but this being part of the crypto intrinsics section,
it seems clear that they are part of the crypto extension. It does
also mention that they are available for AArch32 and AArch64; this
part is odd. All of the crypto instructions appear to be available
for both AArch32 and AArch64, so it isn't clear why this is explicitly
mentioned for pmull. This statement appears unnecessary, and
potentially confusing.

Jim

Loading...