Commit 4c22909e authored by Andy Polyakov's avatar Andy Polyakov
Browse files

Extra i386+gcc bn_div.c tune-up featuring inline division and saving 

the remainder left in %edx. Here is the resulting performance improvement
matrix (improvement as a result of this *and* previous tune-up committed
two days ago). The results were obtained by profiling the "div" part of
the crypto/bn/bnspeed.c.

CPU	BN_div	bn_div_words	overall	comment
------------------------------------------------------------------------
PII	+16%	accumulated by	+2-3%	PII multiplies damn fast! Taking
		inlining		multiplication out of the loop
					didn't make too much difference.
					Eliminating of the multiplication
					involved in remainder calculation
					is the major factor.

Pentium	+45%	accumulated by	+7-9%	mull isn't that fast and replacing
		inlining		multiplications with additions in
					the loop has more visible effect:-)

MIPS	+75%	+12%		+20-25%	In addition to the taking mults
R10000					out of the loop (giving 12% in the
					asm/mips3.s) three mults were
					eliminated in BN_div.

Alpha	+30%	+50%		+10-15%	Same as above. But remember that
EV4					bn_div_words is a C implementation.
					It takes 4 Alpha mults in C to do
					the same thing as 1 MIPS mult in
					assembler does. So the effect (50%)
					is more impressive. But not the
					overall one... Well, if Alpha
					bn_mul_add would be implemented
					in assembler overall improvement
					would be closer to MIPS...
parent 8d85b33e

crypto/bn/bn_div.c

+35 −6
Original line number Diff line number Diff line
@@ -204,15 +204,41 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 
#ifdef BN_DIV3W

		q=bn_div_3_words(wnump,d0,d1);

#else

		BN_ULONG n0,n1,rem;



#if !defined(NO_ASM)

# if defined(__GNUC__) && __GNUC__>=2

#  if defined(__i386)

   /*

    * There were two reasons for implementing this template:

    * - GNU C generates a call to a function (__udivdi3 to be exact)

    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to

    *   understand why...);

    * - divl doesn't only calculate quotient, but also leaves

    *   remainder in %edx which we can definitely use here:-)

    *

    *					<appro@fy.chalmers.se>

    */

#  define bn_div_words(n0,n1,d0)		\

	({  asm volatile (			\

		"divl	%4"			\

		: "=a"(q), "=d"(rem)		\

		: "a"(n1), "d"(n0), "g"(d0)	\

		: "cc");			\

	    q;					\

	})

#  define REMINDER_IS_ALREADY_CALCULATED

#  endif /* __<cpu> */

# endif /* __GNUC__ */

#endif /* NO_ASM */

		BN_ULONG n0,n1,rem=0;



		n0=wnump[0];

		n1=wnump[-1];

		if (n0 == d0)

			q=BN_MASK2;

		else

#if defined(BN_LLONG) && defined(BN_DIV2W)

			q=((((BN_ULLONG)n0)<<BN_BITS2)|n1)/((BN_ULLONG)d0);

#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)

			q=((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0;

#else

			q=bn_div_words(n0,n1,d0);

#endif
@@ -220,13 +246,15 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 
#ifdef BN_LLONG

		BN_ULLONG t2;



#ifndef REMINDER_IS_ALREADY_CALCULATED

		/*

		 * rem doesn't have to be BN_ULLONG. The least we

		 * know it's less that d0, isn't it?

		 */

		rem=(n1-q*d0)&BN_MASK2;



#endif

		t2=(BN_ULLONG)d1*q;



		for (;;)

			{

                        if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
@@ -239,12 +267,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 
#else

		BN_ULONG t2l,t2h,ql,qh;



#ifndef REMINDER_IS_ALREADY_CALCULATED

		/*

		 * It's more than enough with the only multiplication.

		 * See the comment above in BN_LLONG section...

		 */

		rem=(n1-q*d0)&BN_MASK2;



#endif

		t2l=LBITS(d1); t2h=HBITS(d1);

		ql =LBITS(q);  qh =HBITS(q);

		mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
@@ -261,7 +290,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, 
			}

#endif

		}

#endif /* BN_DIV3W */

#endif /* !BN_DIV3W */

		wnum.d--; wnum.top++;

		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);

		tmp->d[div_n]=l0;