Re: RFR: 8384353: SHA3 AVX2 and AVX512 intrinsics and improvements [v3]

[Volodymyr Paprotski]

On Wed, 20 May 2026 07:17:07 GMT, Shawn Emery <sem...@openjdk.org> wrote:

>> ooh.. this one. this really tripped me up, because the way this intrinsic 
>> loops over user data is very non-intuitive (though its probably more 
>> intrinsic-friendly). Best I can describe: "limit is the start of the last 
>> block". From DigestBase.java
>> 
>> 
>>         // compress complete blocks
>>         if (len >= blockSize) {
>>             int limit = ofs + len;
>>             ofs = implCompressMultiBlock(b, ofs, limit - blockSize); // 
>> <<<<< HERE!!!
>>             len = limit - ofs;
>>         }
>>         // copy remainder to buffer
>>         if (len > 0) {
>>             System.arraycopy(b, ofs, buffer, 0, len);
>>             bufOfs = len;
>>         }
>>     }
>>     // compress complete blocks
>>     private int implCompressMultiBlock(byte[] b, int ofs, int limit) {
>>         implCompressMultiBlockCheck(b, ofs, limit);
>>         return implCompressMultiBlock0(b, ofs, limit);
>>     }
>> 
>>     @IntrinsicCandidate
>>     private int implCompressMultiBlock0(byte[] b, int ofs, int limit) {
>>         for (; ofs <= limit; ofs += blockSize) {
>>             implCompress(b, ofs);
>>         }
>>         return ofs;
>>     }
>> 
>>     private void implCompressMultiBlockCheck(byte[] b, int ofs, int limit) {
>>         if (limit < 0) {
>>             return;  // not an error because implCompressMultiBlockImpl 
>> won't execute if limit < 0
>>                      // and an exception is thrown if ofs < 0.
>>         }
>> 
>>         Objects.requireNonNull(b);
>>         Preconditions.checkIndex(ofs, b.length, 
>> Preconditions.AIOOBE_FORMATTER);
>> 
>>         int endIndex = (limit / blockSize) * blockSize  + blockSize - 1; // 
>> <<<<< HERE
>>         if (endIndex >= b.length) {
>>             throw new ArrayIndexOutOfBoundsException(endIndex);
>>         }
>>     }
>
> But `SHA3::implCompressCheck` et al. only checks up to `ofs + blockSize - 1` 
> which is why I believe the old code had an array of masks to round out the 
> various blocks sizes in order to prevent accessing memory outside of the 
> array in Java.

I did indeed have a problem here; with the mask! wow.. I looked at that number 
a hundred times. `__ movl(rax, 0x1F);` is wrong (i.e. the value of `k1`). It 
should be `0x1` (we are reading one 64bit value at a time for the non-parallel 
keccaks). (I just kept on seeing an `L` instead of `F`.. thanks. that was close)

Reran my fuzz tests.. works.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/31125#discussion_r3277833165