Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Better x86 Assembly Generation with Go (Gophercon 2019)

Michael McLoughlin
July 25, 2019
Programming
3
1.8k

Better x86 Assembly Generation with Go (Gophercon 2019)

In the Go standard library and beyond, assembly language is used to provide access to architecture and OS-specific features, to accelerate hot loops in scientific code, and provide high-performance cryptographic routines. For these applications correctness is paramount, yet assembly functions can be painstaking to write and nearly impossible to review. This talk demonstrates how to leverage code generation tools to make high-performance Go assembly functions safe and easy to write and maintain.

Michael McLoughlin

July 25, 2019
Tweet

More Decks by Michael McLoughlin

See All by Michael McLoughlin
The fuzzy tale of an x/crypto vulnerability
mmcloughlin
1
920
Better x86 Assembly Generation with Go
mmcloughlin
2
5.7k
Geohash in Golang Assembly
mmcloughlin
3
690

Other Decks in Programming

See All in Programming
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
330
TYPO3 v13 – The road to LTS: What's new and new APIs
luisasofie_xoxo
0
180
StreamlitとTerraformでデータカタログを作った話
gussan0223
0
300
From Spring Boot 2 to Spring Boot 3 with Java 22 and Jakarta EE
ivargrimstad
0
880
大規模Reactアプリのリアーキテクチャ~8万行のTanStack Query移行の軌跡~
kj455
3
640
SpringBoot+MyBatisで例外が出たときどこを見るか
syukai
0
110
OpenAPIを中心に考えるAPI開発入門 / Introduction to API Development with a Focus on OpenAPI
seike460
PRO
2
110
Elm Form Validation
bkuhlmann
0
500
本格ローグライク制作にEbitengineを選んでみた
nagainaganawa
0
290
Blue/Greenデプロイの導入による 運用フローの改善
kudoas
1
350
Changed Rules: Architectures with Lightweight Stores
manfredsteyer
PRO
0
230
Milestoner
bkuhlmann
1
400

Featured

See All Featured
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
124
32k
Web development in the modern age
philhawksworth
202
10k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
20
1.6k
Robots, Beer and Maslow
schacon
PRO
155
7.9k
Navigating Team Friction
lara
177
13k
The Art of Programming - Codeland 2020
erikaheidi
41
12k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
19
1.9k
It's Worth the Effort
3n
180
27k
Rails Girls Zürich Keynote
gr2m
91
13k
In The Pink: A Labor of Love
frogandcode
138
21k
Six Lessons from altMBA
skipperchong
20
3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
115
18k

Transcript

  1. Better x86 Assembly Generation with Go Michael McLoughlin Gophercon 2019

    Uber Advanced Technologies Group

  2. Assembly Language Go provides the ability to write functions in

    assembly language. Assembly language is a general term for low-level languages that allow programming at the architecture instruction level.
  3. None

  4. Should I write Go functions in Assembly?

  5. No

  6. None

  7. Go Proverbs which Might Have Been Cgo Assembly is not

    Go. My Inner Rob Pike With the unsafe package assembly there are no guarantees. Made-up Go Proverb

  8. Go Proverbs which Might Have Been Cgo Assembly is not

    Go. My Inner Rob Pike With the unsafe package assembly there are no guarantees. Made-up Go Proverb
  9. None

  10. We should forget about small efficiencies, say about 97% of

    the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%. Donald Knuth, 1974

  11. We should forget about small efficiencies, say about 97% of

    the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%. Donald Knuth, 1974

  12. The Critical 3%? To take advantage of: • Missed optimizations

    by the compiler • Special hardware instructions Common use cases: • Math compute kernels • System Calls • Low-level Runtime Details • Cryptography
  13. None

  14. Outline Go Assembly Primer Problem Statement Code Generation The avo

    Library Examples Dot Product SHA-1 Future

  15. Go Assembly Primer

  16. Hello, World! package add // Add x and y. func

    Add(x, y uint64) uint64 { return x + y }

  17. Go Disassembler The Go disassembler may be used to inspect

    generated machine code. go build -o add.a go tool objdump add.a

  18. TEXT %22%22.Add(SB) gofile../Users/michaelmcloughlin/Dev... add.go:5 0x2e7 488b442410 MOVQ 0x10(SP), AX add.go:5

    0x2ec 488b4c2408 MOVQ 0x8(SP), CX add.go:5 0x2f1 4801c8 ADDQ CX, AX add.go:5 0x2f4 4889442418 MOVQ AX, 0x18(SP) add.go:5 0x2f9 c3 RET

  19. TEXT %22%22.Add(SB) gofile../Users/michaelmcloughlin/Dev... add.go:5 0x2e7 488b442410 MOVQ 0x10(SP), AX add.go:5

    0x2ec 488b4c2408 MOVQ 0x8(SP), CX add.go:5 0x2f1 4801c8 ADDQ CX, AX add.go:5 0x2f4 4889442418 MOVQ AX, 0x18(SP) add.go:5 0x2f9 c3 RET

  20. Function Stubs package add // Add x and y. func

    Add(x, y uint64) uint64 Missing function body will be implemented in assembly.

  21. Implementation provided in add_amd64.s. #include "textflag.h" // func Add(x, y

    uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ CX, AX MOVQ AX, ret+16(FP) RET

  22. Implementation provided in add_amd64.s. #include "textflag.h" // func Add(x, y

    uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 ‹ Declaration MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ CX, AX MOVQ AX, ret+16(FP) RET

  23. Implementation provided in add_amd64.s. #include "textflag.h" // func Add(x, y

    uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX ‹ Read x from stack frame MOVQ y+8(FP), CX ‹ Read y ADDQ CX, AX MOVQ AX, ret+16(FP) RET

  24. Implementation provided in add_amd64.s. #include "textflag.h" // func Add(x, y

    uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ CX, AX MOVQ AX, ret+16(FP) RET

  25. Implementation provided in add_amd64.s. #include "textflag.h" // func Add(x, y

    uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ CX, AX MOVQ AX, ret+16(FP) ‹ Write return value RET

  26. Problem Statement

  27. 24,962

  28. Table 1: Assembly Lines by Top-Level Packages Lines Package 8140

    crypto 8069 runtime 5686 internal 1173 math 1005 syscall 574 cmd 279 hash 36 reflect

  29. Table 1: Assembly Lines by Top-Level Packages Lines Package 8140

    crypto 8069 runtime 5686 internal 1173 math 1005 syscall 574 cmd 279 hash 36 reflect

  30. Table 2: Top 10 Assembly Files by Lines Lines File

    2695 internal/x/crypto/.../chacha20poly1305_amd64.s 2348 crypto/elliptic/p256_asm_amd64.s 1632 runtime/asm_amd64.s 1500 crypto/sha1/sha1block_amd64.s 1468 crypto/sha512/sha512block_amd64.s 1377 internal/x/crypto/curve25519/ladderstep_amd64.s 1286 crypto/aes/gcm_amd64.s 1031 crypto/sha256/sha256block_amd64.s 743 runtime/sys_darwin_amd64.s 727 runtime/sys_linux_amd64.s

  31. Table 2: Top 10 Assembly Files by Lines Lines File

    2695 internal/x/crypto/.../chacha20poly1305_amd64.s 2348 crypto/elliptic/p256_asm_amd64.s 1632 runtime/asm_amd64.s 1500 crypto/sha1/sha1block_amd64.s 1468 crypto/sha512/sha512block_amd64.s 1377 internal/x/crypto/curve25519/ladderstep_amd64.s 1286 crypto/aes/gcm_amd64.s 1031 crypto/sha256/sha256block_amd64.s 743 runtime/sys_darwin_amd64.s 727 runtime/sys_linux_amd64.s

  32. openAVX2InternalLoop: // Lets just say this spaghetti loop interleaves 2

    quarter rounds with 3 poly multiplications // Effectively per 512 bytes of stream we hash 480 bytes of ciphertext polyAdd(0*8(inp)(itr1*1)) VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 polyMulStage1_AVX2 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(S polyMulStage2_AVX2 VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 polyMulStage3_AVX2 VMOVDQA CC3, tmpStoreAVX2 VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 VMOVDQA tmpStoreAVX2, CC3 polyMulReduceStage VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), polyAdd(2*8(inp)(itr1*1)) VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 internal/x/.../chacha20poly1305_amd64.s lines 856-879 (go1.12)

  33. // Special optimization for buffers smaller than 321 bytes openAVX2320:

    // For up to 320 bytes of ciphertext and 64 bytes for the poly key, we process six blocks VMOVDQA AA0, AA1; VMOVDQA BB0, BB1; VMOVDQA CC0, CC1; VPADDD ·avx2IncMask<>(SB), DD0, DD1 VMOVDQA AA0, AA2; VMOVDQA BB0, BB2; VMOVDQA CC0, CC2; VPADDD ·avx2IncMask<>(SB), DD1, DD2 VMOVDQA BB0, TT1; VMOVDQA CC0, TT2; VMOVDQA DD0, TT3 MOVQ $10, itr2 openAVX2320InnerCipherLoop: chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, T VPALIGNR $4, BB0, BB0, BB0; VPALIGNR $4, BB1, BB1, BB1; VPALIGNR $4, BB2, BB2, BB2 VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 VPALIGNR $12, DD0, DD0, DD0; VPALIGNR $12, DD1, DD1, DD1; VPALIGNR $12, DD2, DD2, DD2 chachaQR_AVX2(AA0, BB0, CC0, DD0, TT0); chachaQR_AVX2(AA1, BB1, CC1, DD1, TT0); chachaQR_AVX2(AA2, BB2, CC2, DD2, T VPALIGNR $12, BB0, BB0, BB0; VPALIGNR $12, BB1, BB1, BB1; VPALIGNR $12, BB2, BB2, BB2 VPALIGNR $8, CC0, CC0, CC0; VPALIGNR $8, CC1, CC1, CC1; VPALIGNR $8, CC2, CC2, CC2 VPALIGNR $4, DD0, DD0, DD0; VPALIGNR $4, DD1, DD1, DD1; VPALIGNR $4, DD2, DD2, DD2 DECQ itr2 JNE openAVX2320InnerCipherLoop VMOVDQA ·chacha20Constants<>(SB), TT0 VPADDD TT0, AA0, AA0; VPADDD TT0, AA1, AA1; VPADDD TT0, AA2, AA2 VPADDD TT1, BB0, BB0; VPADDD TT1, BB1, BB1; VPADDD TT1, BB2, BB2 VPADDD TT2, CC0, CC0; VPADDD TT2, CC1, CC1; VPADDD TT2, CC2, CC2 internal/x/.../chacha20poly1305_amd64.s lines 1072-1095 (go1.12)

  34. openAVX2Tail512LoopA: VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD

    BB2, AA2, AA2; VPADDD BB3, AA3, AA3 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(S VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 VMOVDQA CC3, tmpStoreAVX2 VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 VMOVDQA tmpStoreAVX2, CC3 polyAdd(0*8(itr2)) polyMulAVX2 VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 VMOVDQA CC3, tmpStoreAVX2 VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 internal/x/.../chacha20poly1305_amd64.s lines 1374-1397 (go1.12)

  35. sealAVX2Tail512LoopB: VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD

    BB2, AA2, AA2; VPADDD BB3, AA3, AA3 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol16<>(SB), DD0, DD0; VPSHUFB ·rol16<>(SB), DD1, DD1; VPSHUFB ·rol16<>(SB), DD2, DD2; VPSHUFB ·rol16<>(S VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 VMOVDQA CC3, tmpStoreAVX2 VPSLLD $12, BB0, CC3; VPSRLD $20, BB0, BB0; VPXOR CC3, BB0, BB0 VPSLLD $12, BB1, CC3; VPSRLD $20, BB1, BB1; VPXOR CC3, BB1, BB1 VPSLLD $12, BB2, CC3; VPSRLD $20, BB2, BB2; VPXOR CC3, BB2, BB2 VPSLLD $12, BB3, CC3; VPSRLD $20, BB3, BB3; VPXOR CC3, BB3, BB3 VMOVDQA tmpStoreAVX2, CC3 polyAdd(0*8(oup)) polyMulAVX2 VPADDD BB0, AA0, AA0; VPADDD BB1, AA1, AA1; VPADDD BB2, AA2, AA2; VPADDD BB3, AA3, AA3 VPXOR AA0, DD0, DD0; VPXOR AA1, DD1, DD1; VPXOR AA2, DD2, DD2; VPXOR AA3, DD3, DD3 VPSHUFB ·rol8<>(SB), DD0, DD0; VPSHUFB ·rol8<>(SB), DD1, DD1; VPSHUFB ·rol8<>(SB), DD2, DD2; VPSHUFB ·rol8<>(SB), VPADDD DD0, CC0, CC0; VPADDD DD1, CC1, CC1; VPADDD DD2, CC2, CC2; VPADDD DD3, CC3, CC3 VPXOR CC0, BB0, BB0; VPXOR CC1, BB1, BB1; VPXOR CC2, BB2, BB2; VPXOR CC3, BB3, BB3 VMOVDQA CC3, tmpStoreAVX2 VPSLLD $7, BB0, CC3; VPSRLD $25, BB0, BB0; VPXOR CC3, BB0, BB0 VPSLLD $7, BB1, CC3; VPSRLD $25, BB1, BB1; VPXOR CC3, BB1, BB1 VPSLLD $7, BB2, CC3; VPSRLD $25, BB2, BB2; VPXOR CC3, BB2, BB2 VPSLLD $7, BB3, CC3; VPSRLD $25, BB3, BB3; VPXOR CC3, BB3, BB3 internal/x/.../chacha20poly1305_amd64.s lines 2593-2616 (go1.12)

  36. Is this fine?

  37. TEXT p256SubInternal(SB),NOSPLIT,$0 XORQ mul0, mul0 SUBQ t0, acc4 SBBQ t1,

    acc5 SBBQ t2, acc6 SBBQ t3, acc7 SBBQ $0, mul0 MOVQ acc4, acc0 MOVQ acc5, acc1 MOVQ acc6, acc2 MOVQ acc7, acc3 ADDQ $-1, acc4 ADCQ p256const0<>(SB), acc5 ADCQ $0, acc6 ADCQ p256const1<>(SB), acc7 ADCQ $0, mul0 CMOVQNE acc0, acc4 CMOVQNE acc1, acc5 CMOVQNE acc2, acc6 CMOVQNE acc3, acc7 RET crypto/elliptic/p256_asm_amd64.s lines 1300-1324 (94e44a9c8e)
  38. None
  39. None
  40. None
  41. None

  42. Go Assembly Policy 1. Prefer Go, not assembly 2. Minimize

    use of assembly 3. Explain root causes 4. Test it well 5. Make assembly easy to review

  43. Make your assembly easy to review; ideally, auto-generate it using

    a simpler Go program. Comment it well. Go Assembly Policy, Rule IV

  44. Code Generation

  45. There’s a reason people use compilers.

  46. Intrinsics __m256d latq = _mm256_loadu_pd(lat); latq = _mm256_mul_pd(latq, _mm256_set1_pd(1 /

    180.0)); latq = _mm256_add_pd(latq, _mm256_set1_pd(1.5)); __m256i lati = _mm256_srli_epi64(_mm256_castpd_si256(latq), __m256d lngq = _mm256_loadu_pd(lng); lngq = _mm256_mul_pd(lngq, _mm256_set1_pd(1 / 360.0)); lngq = _mm256_add_pd(lngq, _mm256_set1_pd(1.5)); __m256i lngi = _mm256_srli_epi64(_mm256_castpd_si256(lngq),

  47. High-level Assembler Assembly language plus high-level language features. Macro assemblers:

    Microsoft Macro Assembler (MASM), Netwide Assembler (NASM), ...

  48. High-level Assembler Assembly language plus high-level language features. Macro assemblers:

    Microsoft Macro Assembler (MASM), Netwide Assembler (NASM), ...
  49. None
  50. None

  51. PeachPy Python-based High-Level Assembler

  52. What about Go?

  53. The avo Library

  54. https://github.com/mmcloughlin/avo

  55. Go framework that presents an assembly-like DSL.

  56. Not a compiler. Not an assembler.

  57. Programmer retains complete control, but without tedium.

  58. Use Go control structures for assembly generation; avo programs are

    Go programs

  59. Register allocation: write functions with virtual registers and avo assigns

    physical registers for you

  60. Automatically load arguments and store return values: ensure memory offsets

    are correct for complex structures

  61. Generation of stub files to interface with your Go package

  62. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) Store(y, ReturnIndex(0)) RET() Generate() }

  63. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) Store(y, ReturnIndex(0)) RET() Generate() }

  64. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) Store(y, ReturnIndex(0)) RET() Generate() }

  65. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) ‹ Param references y := Load(Param("y"), GP64()) ‹ Allocates register ADDQ(x, y) Store(y, ReturnIndex(0)) RET() Generate() }

  66. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) ‹ ADD can take virtual registers Store(y, ReturnIndex(0)) RET() Generate() }

  67. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) Store(y, ReturnIndex(0)) ‹ Store return value RET() Generate() }

  68. import . "github.com/mmcloughlin/avo/build" func main() { TEXT("Add", NOSPLIT, "func(x, y

    uint64) uint64") Doc("Add adds x and y.") x := Load(Param("x"), GP64()) y := Load(Param("y"), GP64()) ADDQ(x, y) Store(y, ReturnIndex(0)) RET() Generate() ‹ Generate compiles and outputs assembly }

  69. Build go run asm.go -out add.s -stubs stubs.go

  70. Generated Assembly // Code generated by command: go run asm.go

    -out add.s -stubs stu #include "textflag.h" // func Add(x uint64, y uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ AX, CX MOVQ CX, ret+16(FP) RET

  71. Generated Assembly // Code generated by command: go run asm.go

    -out add.s -stubs stu #include "textflag.h" // func Add(x uint64, y uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 ‹ Computed stack sizes MOVQ x+0(FP), AX MOVQ y+8(FP), CX ADDQ AX, CX MOVQ CX, ret+16(FP) RET

  72. Generated Assembly // Code generated by command: go run asm.go

    -out add.s -stubs stu #include "textflag.h" // func Add(x uint64, y uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX ‹ Computed offsets MOVQ y+8(FP), CX ADDQ AX, CX MOVQ CX, ret+16(FP) RET

  73. Generated Assembly // Code generated by command: go run asm.go

    -out add.s -stubs stu #include "textflag.h" // func Add(x uint64, y uint64) uint64 TEXT ·Add(SB), NOSPLIT, $0-24 MOVQ x+0(FP), AX ‹ Registers allocated MOVQ y+8(FP), CX ADDQ AX, CX MOVQ CX, ret+16(FP) RET

  74. Auto-generated Stubs // Code generated by command: go run asm.go

    -out add.s -stubs stu package addavo // Add adds x and y. func Add(x uint64, y uint64) uint64

  75. Go Control Structures TEXT("Mul5", NOSPLIT, "func(x uint64) uint64") Doc("Mul5 adds

    x to itself five times.") x := Load(Param("x"), GP64()) p := GP64() MOVQ(x, p) for i := 0; i < 4; i++ { ADDQ(x, p) } Store(p, ReturnIndex(0)) RET()

  76. Go Control Structures TEXT("Mul5", NOSPLIT, "func(x uint64) uint64") Doc("Mul5 adds

    x to itself five times.") x := Load(Param("x"), GP64()) p := GP64() MOVQ(x, p) for i := 0; i < 4; i++ { ADDQ(x, p) ‹ Generate four ADDQ instructions } Store(p, ReturnIndex(0)) RET()

  77. Generated Assembly // func Mul5(x uint64) uint64 TEXT ·Mul5(SB), NOSPLIT,

    $0-16 MOVQ x+0(FP), AX MOVQ AX, CX ADDQ AX, CX ADDQ AX, CX ADDQ AX, CX ADDQ AX, CX MOVQ CX, ret+8(FP) RET

  78. Generated Assembly // func Mul5(x uint64) uint64 TEXT ·Mul5(SB), NOSPLIT,

    $0-16 MOVQ x+0(FP), AX MOVQ AX, CX ADDQ AX, CX ‹ Look, there's four of them! ADDQ AX, CX ADDQ AX, CX ADDQ AX, CX MOVQ CX, ret+8(FP) RET

  79. Complex Parameter Loading type Struct struct { A byte B

    uint32 Sub [7]complex64 C uint16 }

  80. Complex Parameter Loading Package("github.com/mmcloughlin/params") TEXT("Sub5Imag", NOSPLIT, "func(s Struct) float32") Doc("Returns

    the imaginary part of s.Sub[5]") x := Load(Param("s").Field("Sub").Index(5).Imag(), XMM()) Store(x, ReturnIndex(0)) RET()

  81. Complex Parameter Loading Package("github.com/mmcloughlin/params") ‹ Types TEXT("Sub5Imag", NOSPLIT, "func(s Struct)

    float32") Doc("Returns the imaginary part of s.Sub[5]") x := Load(Param("s").Field("Sub").Index(5).Imag(), XMM()) Store(x, ReturnIndex(0)) RET()

  82. Complex Parameter Loading Package("github.com/mmcloughlin/params") TEXT("Sub5Imag", NOSPLIT, "func(s Struct) float32") Doc("Returns

    the imaginary part of s.Sub[5]") x := Load(Param("s").Field("Sub").Index(5).Imag(), XMM()) Store(x, ReturnIndex(0)) RET()

  83. Generated Assembly // func Sub5Imag(s Struct) float32 TEXT ·Sub5Imag(SB), NOSPLIT,

    $0-76 MOVSS s_Sub_5_imag+52(FP), X0 MOVSS X0, ret+72(FP) RET

  84. Generated Assembly // func Sub5Imag(s Struct) float32 TEXT ·Sub5Imag(SB), NOSPLIT,

    $0-76 MOVSS s_Sub_5_imag+52(FP), X0 ‹ Of course it was 52 bytes MOVSS X0, ret+72(FP) RET

  85. Examples

  86. Vector Dot Product Maps two equal-length vectors x = (xi),

    y = (yi) to a single number. x · y = ∑ i xi × yi

  87. x 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5

    4.5 3.6 3.0 2.4 2.0 1.4 2.4 y 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0

  88. x 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5

    4.5 3.6 3.0 2.4 2.0 1.4 2.4 y 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 × × × × × × × × × × × × × × × × = (xi × yi) 2.4 6.8 7.6 6.2 9.5 8.2 3.6 9.4 9.0 7.2 7.2 9.3 4.8 4.0 5.6 4.8

  89. x 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5

    4.5 3.6 3.0 2.4 2.0 1.4 2.4 y 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 × × × × × × × × × × × × × × × × = (xi × yi) 2.4 6.8 7.6 6.2 9.5 8.2 3.6 9.4 9.0 7.2 7.2 9.3 4.8 4.0 5.6 4.8 ∑ = 105.6

  90. Pure Go Implementation package dot // DotGeneric implements vector dot

    product in pure Go. func DotGeneric(x, y []float32) float32 { var d float32 for i := range x { d += x[i] * y[i] } return d }

  91. Pure Go Implementation package dot // DotGeneric implements vector dot

    product in pure Go. func DotGeneric(x, y []float32) float32 { var d float32 for i := range x { d += x[i] * y[i] ‹ Multiply and accumulate } return d }

  92. Pure Go 970 M/s 1.0x (Vector size 4096, Intel Core

    i7-7567U at 3.5GHz)

  93. Preamble TEXT("DotAsm", NOSPLIT, "func(x, y []float32) float32") Doc("DotAsm computes the

    dot product of x and y.") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  94. Preamble TEXT("DotAsm", NOSPLIT, "func(x, y []float32) float32") Doc("DotAsm computes the

    dot product of x and y.") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  95. Preamble TEXT("DotAsm", NOSPLIT, "func(x, y []float32) float32") Doc("DotAsm computes the

    dot product of x and y.") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64()) ‹ Slice length

  96. Initialization Comment("Initialize dot product and index to zero.") d :=

    XMM() XORPS(d, d) idx := GP64() XORQ(idx, idx)

  97. Initialization Comment("Initialize dot product and index to zero.") d :=

    XMM() ‹ Dot product XORPS(d, d) idx := GP64() XORQ(idx, idx)

  98. Initialization Comment("Initialize dot product and index to zero.") d :=

    XMM() XORPS(d, d) idx := GP64() ‹ Index register XORQ(idx, idx)

  99. Main Loop Label("loop") CMPQ(idx, n) JGE(LabelRef("done")) xy := XMM() MOVSS(x.Idx(idx,

    4), xy) MULSS(y.Idx(idx, 4), xy) ADDSS(xy, d) INCQ(idx) JMP(LabelRef("loop"))

  100. Main Loop Label("loop") CMPQ(idx, n) JGE(LabelRef("done")) xy := XMM() MOVSS(x.Idx(idx,

    4), xy) MULSS(y.Idx(idx, 4), xy) ADDSS(xy, d) INCQ(idx) JMP(LabelRef("loop"))

  101. Main Loop Label("loop") CMPQ(idx, n) ‹ if idx < n

    JGE(LabelRef("done")) ‹ goto done xy := XMM() MOVSS(x.Idx(idx, 4), xy) MULSS(y.Idx(idx, 4), xy) ADDSS(xy, d) INCQ(idx) JMP(LabelRef("loop"))

  102. Main Loop Label("loop") CMPQ(idx, n) JGE(LabelRef("done")) xy := XMM() ‹

    Temporary register for product MOVSS(x.Idx(idx, 4), xy) ‹ Load x MULSS(y.Idx(idx, 4), xy) ‹ Multiply by y ADDSS(xy, d) ‹ Add into result INCQ(idx) JMP(LabelRef("loop"))

  103. Main Loop Label("loop") CMPQ(idx, n) JGE(LabelRef("done")) xy := XMM() MOVSS(x.Idx(idx,

    4), xy) MULSS(y.Idx(idx, 4), xy) ADDSS(xy, d) INCQ(idx) ‹ idx++ JMP(LabelRef("loop"))

  104. Return Label("done") Comment("Store dot product to return value.") Store(d, ReturnIndex(0))

    RET() Generate()

  105. Assembly 976 M/s 1.0x (Vector size 4096, Intel Core i7-7567U

    at 3.5GHz)
  106. None

  107. Special Fused-Multiply-Add (FMA) instructions combine the multiply and accumulate.

  108. Vectorized VFMADD231PS instruction does 8 single-precision FMAs.

  109. None

  110. 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 × ×

    × × × × × × × × × × × × × × × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 · · ·

  111. × × × × × × × × += 2.4

    6.8 7.6 6.2 9.5 8.2 3.6 9.4 × × × × × × × × × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 · · ·

  112. × × × × × × × × × ×

    × × × × × × += 11.4 14.0 14.8 15.5 14.3 12.2 9.2 14.2 × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 · · ·

  113. × × × × × × × × × ×

    × × × × × × × × × × × × × × += 21.0 19.2 22.4 21.3 20.5 20.2 11.0 22.7 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 · · ·

  114. Loop unrolling and pipelining.

  115. 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0

    0.0 0.0 0.0 0.0 0.0 0.0 × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 9.5 3.4 2.0 1.4 5.0 1.5 2.1 4.0 5.0 7.0 1.5 5.0 4.3 2.5 2.8 5.0 2.6 5.8 2.0 6.5 1.1 1.4 0.8 3.0 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 0.6 2.5 4.0 7.0 1.3 3.0 4.0 2.4 1.4 1.2 1.2 1.7 2.0 3.0 3.5 1.7 0.5 0.5 1.1 1.4 5.0 2.0 0.5 3.3 · · ·

  116. × × × × × × × × += 2.4

    6.8 7.6 6.2 9.5 8.2 3.6 9.4 × × × × × × × × += 9.0 7.2 7.2 9.3 4.8 4.0 5.6 4.8 × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 9.5 3.4 2.0 1.4 5.0 1.5 2.1 4.0 5.0 7.0 1.5 5.0 4.3 2.5 2.8 5.0 2.6 5.8 2.0 6.5 1.1 1.4 0.8 3.0 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 0.6 2.5 4.0 7.0 1.3 3.0 4.0 2.4 1.4 1.2 1.2 1.7 2.0 3.0 3.5 1.7 0.5 0.5 1.1 1.4 5.0 2.0 0.5 3.3 · · ·

  117. × × × × × × × × × ×

    × × × × × × × × × × × × × × += 12.0 12.0 15.2 12.0 15.7 16.2 5.4 17.9 × × × × × × × × += 14.7 15.7 15.2 19.1 11.3 8.5 14.0 14.4 × × × × × × × × × × × × × × × × 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 9.5 3.4 2.0 1.4 5.0 1.5 2.1 4.0 5.0 7.0 1.5 5.0 4.3 2.5 2.8 5.0 2.6 5.8 2.0 6.5 1.1 1.4 0.8 3.0 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 0.6 2.5 4.0 7.0 1.3 3.0 4.0 2.4 1.4 1.2 1.2 1.7 2.0 3.0 3.5 1.7 0.5 0.5 1.1 1.4 5.0 2.0 0.5 3.3 · · ·

  118. × × × × × × × × × ×

    × × × × × × × × × × × × × × × × × × × × × × × × × × × × × × += 19.0 20.4 17.0 20.5 24.3 23.7 15.2 26.4 × × × × × × × × += 16.0 18.6 17.4 28.2 16.8 11.3 14.4 24.3 + + 0.8 2.0 2.0 3.1 1.9 4.1 1.5 4.7 4.5 4.5 3.6 3.0 2.4 2.0 1.4 2.4 3.2 2.0 1.9 2.9 2.0 2.0 0.6 3.4 9.5 3.4 2.0 1.4 5.0 1.5 2.1 4.0 5.0 7.0 1.5 5.0 4.3 2.5 2.8 5.0 2.6 5.8 2.0 6.5 1.1 1.4 0.8 3.0 · · · 3.0 3.4 3.8 2.0 5.0 2.0 2.4 2.0 2.0 1.6 2.0 3.1 2.0 2.0 4.0 2.0 3.0 2.6 4.0 2.0 3.1 4.0 3.0 2.5 0.6 2.5 4.0 7.0 1.3 3.0 4.0 2.4 1.4 1.2 1.2 1.7 2.0 3.0 3.5 1.7 0.5 0.5 1.1 1.4 5.0 2.0 0.5 3.3 · · ·

  119. Preamble func dot(unroll int) { name := fmt.Sprintf("DotVecUnroll%d", unroll) TEXT(name,

    NOSPLIT, "func(x, y []float32) float32") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  120. Preamble func dot(unroll int) { ‹ Parameterized code generation name

    := fmt.Sprintf("DotVecUnroll%d", unroll) TEXT(name, NOSPLIT, "func(x, y []float32) float32") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  121. Preamble func dot(unroll int) { name := fmt.Sprintf("DotVecUnroll%d", unroll) TEXT(name,

    NOSPLIT, "func(x, y []float32) float32") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  122. Preamble func dot(unroll int) { name := fmt.Sprintf("DotVecUnroll%d", unroll) TEXT(name,

    NOSPLIT, "func(x, y []float32) float32") x := Mem{Base: Load(Param("x").Base(), GP64())} y := Mem{Base: Load(Param("y").Base(), GP64())} n := Load(Param("x").Len(), GP64())

  123. Initialization // Allocate and zero accumulation registers. acc := make([]VecVirtual,

    unroll) for i := 0; i < unroll; i++ { acc[i] = YMM() VXORPS(acc[i], acc[i], acc[i]) }

  124. Initialization // Allocate and zero accumulation registers. acc := make([]VecVirtual,

    unroll) for i := 0; i < unroll; i++ { acc[i] = YMM() ‹ 256-bit registers VXORPS(acc[i], acc[i], acc[i]) ‹ XOR to zero }

  125. Loop Check blockitems := 8 * unroll blocksize := 4

    * blockitems Label("blockloop") CMPQ(n, U32(blockitems)) JL(LabelRef("tail"))

  126. Loop Check blockitems := 8 * unroll blocksize := 4

    * blockitems Label("blockloop") ‹ start loop over blocks CMPQ(n, U32(blockitems)) ‹ if have full block JL(LabelRef("tail"))

  127. Loop Body // Load x. xs := make([]VecVirtual, unroll) for

    i := 0; i < unroll; i++ { xs[i] = YMM() VMOVUPS(x.Offset(32*i), xs[i]) } // The actual FMA. for i := 0; i < unroll; i++ { VFMADD231PS(y.Offset(32*i), xs[i], acc[i]) }

  128. Loop Body // Load x. xs := make([]VecVirtual, unroll) for

    i := 0; i < unroll; i++ { xs[i] = YMM() VMOVUPS(x.Offset(32*i), xs[i]) ‹ Move x to registers } // The actual FMA. for i := 0; i < unroll; i++ { VFMADD231PS(y.Offset(32*i), xs[i], acc[i]) }

  129. Loop Body // Load x. xs := make([]VecVirtual, unroll) for

    i := 0; i < unroll; i++ { xs[i] = YMM() VMOVUPS(x.Offset(32*i), xs[i]) } // The actual FMA. for i := 0; i < unroll; i++ { VFMADD231PS(y.Offset(32*i), xs[i], acc[i]) ‹ += x*y }

  130. Tail Loop Process last non-full block. Label("tail") tail := XMM()

    VXORPS(tail, tail, tail) Label("tailloop") CMPQ(n, U32(0)) JE(LabelRef("reduce")) xt := XMM() VMOVSS(x, xt) VFMADD231SS(y, xt, tail) ADDQ(U32(4), x.Base) ADDQ(U32(4), y.Base) DECQ(n) JMP(LabelRef("tailloop"))

  131. Final Reduce Label("reduce") for i := 1; i < unroll;

    i++ { VADDPS(acc[0], acc[i], acc[0]) } result := acc[0].AsX() top := XMM() VEXTRACTF128(U8(1), acc[0], top) VADDPS(result, top, result) VADDPS(result, tail, result) VHADDPS(result, result, result) VHADDPS(result, result, result)

  132. main() var unrolls = flag.String("unroll", "4", "unroll factors") func main()

    { flag.Parse() for _, s := range strings.Split(*unrolls, ",") { unroll, _ := strconv.Atoi(s) dot(unroll) } Generate() }

  133. Unrolled ×2 15,193 M/s 15.7x (Vector size 4096, Intel Core

    i7-7567U at 3.5GHz)

  134. Unrolled ×4 25,786 M/s 26.6x (Vector size 4096, Intel Core

    i7-7567U at 3.5GHz)

  135. Unrolled ×6 24,456 M/s 25.2x (Vector size 4096, Intel Core

    i7-7567U at 3.5GHz)

  136. SHA-1 Cryptographic hash function. • 80 rounds • Constants and

    bitwise functions vary • Message update rule • State update rule avo can be used to create a completely unrolled implementation.

  137. SHA-1 Subroutines func majority(b, c, d Register) Register { t,

    r := GP32(), GP32() MOVL(b, t) ORL(c, t) ANDL(d, t) MOVL(b, r) ANDL(c, r) ORL(t, r) return r }

  138. SHA-1 Subroutines func xor(b, c, d Register) Register { r

    := GP32() MOVL(b, r) XORL(c, r) XORL(d, r) return r }

  139. SHA-1 Loops Comment("Load initial hash.") hash := [5]Register{GP32(), GP32(), GP32(),

    GP32(), GP32()} for i, r := range hash { MOVL(h.Offset(4*i), r) } Comment("Initialize registers.") a, b, c, d, e := GP32(), GP32(), GP32(), GP32(), GP32() for i, r := range []Register{a, b, c, d, e} { MOVL(hash[i], r) }

  140. for r := 0; r < 80; r++ { Commentf("Round

    %d.", r) ... q := quarter[r/20] t := GP32() MOVL(a, t) ROLL(U8(5), t) ADDL(q.F(b, c, d), t) ADDL(e, t) ADDL(U32(q.K), t) ADDL(u, t) ROLL(Imm(30), b) a, b, c, d, e = t, a, b, c, d }

  141. for r := 0; r < 80; r++ { ‹

    Loop over rounds Commentf("Round %d.", r) ... q := quarter[r/20] t := GP32() MOVL(a, t) ROLL(U8(5), t) ADDL(q.F(b, c, d), t) ADDL(e, t) ADDL(U32(q.K), t) ADDL(u, t) ROLL(Imm(30), b) a, b, c, d, e = t, a, b, c, d }

  142. for r := 0; r < 80; r++ { Commentf("Round

    %d.", r) ... q := quarter[r/20] t := GP32() ‹ State update MOVL(a, t) ROLL(U8(5), t) ADDL(q.F(b, c, d), t) ADDL(e, t) ADDL(U32(q.K), t) ADDL(u, t) ROLL(Imm(30), b) a, b, c, d, e = t, a, b, c, d }

  143. SHA-1 Conditionals u := GP32() if r < 16 {

    MOVL(m.Offset(4*r), u) BSWAPL(u) } else { MOVL(W(r-3), u) XORL(W(r-8), u) XORL(W(r-14), u) XORL(W(r-16), u) ROLL(U8(1), u) }

  144. SHA-1 Conditionals u := GP32() if r < 16 {

    ‹ Early rounds MOVL(m.Offset(4*r), u) ‹ Read from memory BSWAPL(u) } else { MOVL(W(r-3), u) XORL(W(r-8), u) XORL(W(r-14), u) XORL(W(r-16), u) ROLL(U8(1), u) }

  145. SHA-1 Conditionals u := GP32() if r < 16 {

    MOVL(m.Offset(4*r), u) BSWAPL(u) } else { MOVL(W(r-3), u) ‹ Formula in later rounds XORL(W(r-8), u) XORL(W(r-14), u) XORL(W(r-16), u) ROLL(U8(1), u) }

  146. 116 avo lines to 1507 assembly lines

  147. Future

  148. Use avo!

  149. Real avo Examples • Farmhash32/64 • BLS12-381 Curve • Bitmap

    Indexes • Bloom Index • Marvin32 • Sip13 • SPECK • Chaskey MAC • SHA-1 • FNV-1a • Vector Dot Product With thanks to Damian Gryski, Marko Kevac and Julian Meyer (Phore Project).

  150. More architectures

  151. Make avo an assembler? JIT compilation?

  152. avo-based libraries? avo/std/math/big avo/std/crypto avo/std/hash …

  153. None

  154. Optimal code generation based on parameter sweeps.

  155. Thank You https://github.com/mmcloughlin/avo @mbmcloughlin