crypto/elliptic: reduce allocations in s390x P256 code

The Go compiler assumes that pointers escape when passed into assembly functions. To override this behavior we can annotate assembly functions with go:noescape, telling the compiler that we know pointers do not escape from it. By annotating the assembly functions in the s390x P256 code in this way we enable more variables to be allocated on the stack rather than the heap, reducing the number of heap allocations required to execute this code: name old alloc/op new alloc/op delta SignP256 3.66kB ± 0% 2.64kB ± 0% -27.95% (p=0.008 n=5+5) VerifyP256 4.46kB ± 0% 1.23kB ± 0% -72.40% (p=0.008 n=5+5) name old allocs/op new allocs/op delta SignP256 40.0 ± 0% 31.0 ± 0% -22.50% (p=0.008 n=5+5) VerifyP256 41.0 ± 0% 24.0 ± 0% -41.46% (p=0.008 n=5+5) Change-Id: Id526c30c9b04b2ad79a55d76cab0e30cc8d60402 Reviewed-on: https://go-review.googlesource.com/66230 Run-TryBot: Michael Munday <mike.munday@ibm.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>

crypto/elliptic: reduce allocations in s390x P256 code
The Go compiler assumes that pointers escape when passed into assembly functions. To override this behavior we can annotate assembly functions with go:noescape, telling the compiler that we know pointers do not escape from it. By annotating the assembly functions in the s390x P256 code in this way we enable more variables to be allocated on the stack rather than the heap, reducing the number of heap allocations required to execute this code: name old alloc/op new alloc/op delta SignP256 3.66kB ± 0% 2.64kB ± 0% -27.95% (p=0.008 n=5+5) VerifyP256 4.46kB ± 0% 1.23kB ± 0% -72.40% (p=0.008 n=5+5) name old allocs/op new allocs/op delta SignP256 40.0 ± 0% 31.0 ± 0% -22.50% (p=0.008 n=5+5) VerifyP256 41.0 ± 0% 24.0 ± 0% -41.46% (p=0.008 n=5+5) Change-Id: Id526c30c9b04b2ad79a55d76cab0e30cc8d60402 Reviewed-on: https://go-review.googlesource.com/66230 Run-TryBot: Michael Munday <mike.munday@ibm.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
e8905d2a · Michael Munday · 7f88d3c1 · e8905d2a
Commit e8905d2a authored Sep 26, 2017 by Michael Munday
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 0 deletions

p256_s390x.go src/crypto/elliptic/p256_s390x.go +20 -0

No files found.
--- a/src/crypto/elliptic/p256_s390x.go
+++ b/src/crypto/elliptic/p256_s390x.go
@@ -50,6 +50,8 @@ func (curve p256CurveFast) Params() *CurveParams {

 // Functions implemented in p256_asm_s390x.s
 // Montgomery multiplication modulo P256
+//
+//go:noescape
 func p256MulAsm(res, in1, in2 []byte)

 // Montgomery square modulo P256
@@ -58,19 +60,31 @@ func p256Sqr(res, in []byte) {
 }

 // Montgomery multiplication by 1
+//
+//go:noescape
 func p256FromMont(res, in []byte)

 // iff cond == 1  val <- -val
+//
+//go:noescape
 func p256NegCond(val *p256Point, cond int)

 // if cond == 0 res <- b; else res <- a
+//
+//go:noescape
 func p256MovCond(res, a, b *p256Point, cond int)

 // Constant time table access
+//
+//go:noescape
 func p256Select(point *p256Point, table []p256Point, idx int)
+
+//go:noescape
 func p256SelectBase(point *p256Point, table []p256Point, idx int)

 // Montgomery multiplication modulo Ord(G)
+//
+//go:noescape
 func p256OrdMul(res, in1, in2 []byte)

 // Montgomery square modulo Ord(G), repeated n times
@@ -85,10 +99,16 @@ func p256OrdSqr(res, in []byte, n int) {
 // If sign == 1 -> P2 = -P2
 // If sel == 0 -> P3 = P1
 // if zero == 0 -> P3 = P2
+//
+//go:noescape
 func p256PointAddAffineAsm(P3, P1, P2 *p256Point, sign, sel, zero int)

 // Point add
+//
+//go:noescape
 func p256PointAddAsm(P3, P1, P2 *p256Point) int
+
+//go:noescape
 func p256PointDoubleAsm(P3, P1 *p256Point)

 func (curve p256CurveFast) Inverse(k *big.Int) *big.Int {