-
Notifications
You must be signed in to change notification settings - Fork 13
/
shishua-half-sse2.h
194 lines (168 loc) · 7.1 KB
/
shishua-half-sse2.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
// An SSE2/SSSE3 version of shishua half. Slower than AVX2, but more compatible.
// Also compatible with 32-bit x86.
//
// SSSE3 is recommended, as it has the useful _mm_alignr_epi8 intrinsic.
// We can still emulate it on SSE2, but it is slower.
#ifndef SHISHUA_HALF_SSE2_H
#define SHISHUA_HALF_SSE2_H
#include <stdint.h>
#include <stddef.h>
#include <assert.h>
// Note: cl.exe doesn't define __SSSE3__
#if defined(__SSSE3__) || defined(__AVX__)
# include <tmmintrin.h> // SSSE3
# define SHISHUA_ALIGNR_EPI8(hi, lo, amt) \
_mm_alignr_epi8(hi, lo, amt)
#else
# include <emmintrin.h> // SSE2
// Emulate _mm_alignr_epi8 for SSE2. It's a little slow.
// The compiler may convert it to a sequence of shufps instructions, which is
// perfectly fine.
# define SHISHUA_ALIGNR_EPI8(hi, lo, amt) \
_mm_or_si128( \
_mm_slli_si128(hi, 16 - (amt)), \
_mm_srli_si128(lo, amt) \
)
#endif
typedef struct prng_state {
__m128i state[4];
__m128i output[2];
__m128i counter[2];
} prng_state;
// Wrappers for x86 targets which usually lack these intrinsics.
// Don't call these with side effects.
#if defined(__x86_64__) || defined(_M_X64)
# define SHISHUA_SET_EPI64X(b, a) _mm_set_epi64x(b, a)
# define SHISHUA_CVTSI64_SI128(x) _mm_cvtsi64_si128(x)
#else
# define SHISHUA_SET_EPI64X(b, a) \
_mm_set_epi32( \
(int)(((uint64_t)(b)) >> 32), \
(int)(b), \
(int)(((uint64_t)(a)) >> 32), \
(int)(a) \
)
# define SHISHUA_CVTSI64_SI128(x) SHISHUA_SET_EPI64X(0, x)
#endif
// buf could technically alias with prng_state, according to the compiler.
#if defined(__GNUC__) || defined(_MSC_VER)
# define SHISHUA_RESTRICT __restrict
#else
# define SHISHUA_RESTRICT
#endif
// buf's size must be a multiple of 32 bytes.
static inline void prng_gen(prng_state *SHISHUA_RESTRICT s, uint8_t *SHISHUA_RESTRICT buf, size_t size) {
// We need a lot of variables...
__m128i s0_lo = s->state[0], s0_hi = s->state[1],
s1_lo = s->state[2], s1_hi = s->state[3],
t0_lo, t0_hi, t1_lo, t1_hi,
u_lo, u_hi,
counter_lo = s->counter[0], counter_hi = s->counter[1];
// The counter is not necessary to beat PractRand.
// It sets a lower bound of 2^71 bytes = 2 ZiB to the period,
// or about 7 millenia at 10 GiB/s.
// The increments are picked as odd numbers,
// since only coprimes of the base cover the full cycle,
// and all odd numbers are coprime of 2.
// I use different odd numbers for each 64-bit chunk
// for a tiny amount of variation stirring.
// I used the smallest odd numbers to avoid having a magic number.
// increment = { 7, 5, 3, 1 };
const __m128i increment_lo = SHISHUA_SET_EPI64X(5, 7);
const __m128i increment_hi = SHISHUA_SET_EPI64X(1, 3);
// TODO: consider adding proper uneven write handling
assert((size % 32 == 0) && "buf's size must be a multiple of 32 bytes.");
for (size_t i = 0; i < size; i += 32) {
// Split to try to reduce register pressure
if (buf != NULL) {
_mm_storeu_si128((__m128i*)&buf[i+ 0], s->output[0]);
_mm_storeu_si128((__m128i*)&buf[i+16], s->output[1]);
}
// Lane 0
// The following shuffles move weak (low-diffusion) 32-bit parts of 64-bit
// additions to strong positions for enrichment. The low 32-bit part of a
// 64-bit chunk never moves to the same 64-bit chunk as its high part.
// They do not remain in the same chunk. Each part eventually reaches all
// positions ringwise: A to B, B to C, …, H to A.
// You may notice that they are simply 256-bit rotations (96 and 160).
// Note: This:
// x = (y << 96) | (y >> 160)
// can be rewritten as this
// x_lo = (y_lo << 96) | (y_hi >> 32)
// x_hi = (y_hi << 96) | (y_lo >> 32)
// which we can do with 2 _mm_alignr_epi8 instructions.
t0_lo = SHISHUA_ALIGNR_EPI8(s0_lo, s0_hi, 4);
t0_hi = SHISHUA_ALIGNR_EPI8(s0_hi, s0_lo, 4);
// SIMD does not support rotations. Shift is the next best thing to entangle
// bits with other 64-bit positions. We must shift by an odd number so that
// each bit reaches all 64-bit positions, not just half. We must lose bits
// of information, so we minimize it: 1 and 3. We use different shift values
// to increase divergence between the two sides. We use rightward shift
// because the rightmost bits have the least diffusion in addition (the low
// bit is just a XOR of the low bits).
u_lo = _mm_srli_epi64(s0_lo, 1);
u_hi = _mm_srli_epi64(s0_hi, 1);
// Addition is the main source of diffusion.
// Storing the output in the state keeps that diffusion permanently.
s0_lo = _mm_add_epi64(u_lo, t0_lo);
s0_hi = _mm_add_epi64(u_hi, t0_hi);
// Lane 1
// I apply the counter to s1,
// since it is the one whose shift loses most entropy.
s1_lo = _mm_add_epi64(s1_lo, counter_lo);
s1_hi = _mm_add_epi64(s1_hi, counter_hi);
// Increment the counter
counter_lo = _mm_add_epi64(counter_lo, increment_lo);
counter_hi = _mm_add_epi64(counter_hi, increment_hi);
// Same as above, but with different shift amounts.
t1_lo = SHISHUA_ALIGNR_EPI8(s1_hi, s1_lo, 12);
t1_hi = SHISHUA_ALIGNR_EPI8(s1_lo, s1_hi, 12);
s1_lo = _mm_srli_epi64(s1_lo, 3);
s1_hi = _mm_srli_epi64(s1_hi, 3);
s1_lo = _mm_add_epi64(s1_lo, t1_lo);
s1_hi = _mm_add_epi64(s1_hi, t1_hi);
// Two orthogonally grown pieces evolving independently, XORed.
s->output[0] = _mm_xor_si128(u_lo, t1_lo);
s->output[1] = _mm_xor_si128(u_hi, t1_hi);
}
s->state[0] = s0_lo; s->state[1] = s0_hi;
s->state[2] = s1_lo; s->state[3] = s1_hi;
s->counter[0] = counter_lo;
s->counter[1] = counter_hi;
}
// Nothing up my sleeve: those are the hex digits of Φ,
// the least approximable irrational number.
// $ echo 'scale=310;obase=16;(sqrt(5)-1)/2' | bc
static uint64_t phi[8] = {
0x9E3779B97F4A7C15, 0xF39CC0605CEDC834, 0x1082276BF3A27251, 0xF86C6A11D0C18E95,
0x2767F0B153D27B7F, 0x0347045B5BF1827F, 0x01886F0928403002, 0xC1D64BA40F335E36,
};
void prng_init(prng_state *s, uint64_t seed[4]) {
s->counter[0] = _mm_setzero_si128();
s->counter[1] = _mm_setzero_si128();
# define STEPS 5
# define ROUNDS 4
// Diffuse first two seed elements in s0, then the last two. Same for s1.
// We must keep half of the state unchanged so users cannot set a bad state.
// XXX: better way to do this?
__m128i seed_0 = SHISHUA_CVTSI64_SI128(seed[0]);
__m128i seed_1 = SHISHUA_CVTSI64_SI128(seed[1]);
__m128i seed_2 = SHISHUA_CVTSI64_SI128(seed[2]);
__m128i seed_3 = SHISHUA_CVTSI64_SI128(seed[3]);
s->state[0] = _mm_xor_si128(seed_0, _mm_loadu_si128((__m128i *)&phi[0]));
s->state[1] = _mm_xor_si128(seed_1, _mm_loadu_si128((__m128i *)&phi[2]));
s->state[2] = _mm_xor_si128(seed_2, _mm_loadu_si128((__m128i *)&phi[4]));
s->state[3] = _mm_xor_si128(seed_3, _mm_loadu_si128((__m128i *)&phi[6]));
for (int i = 0; i < ROUNDS; i++) {
prng_gen(s, NULL, 32 * STEPS);
s->state[0] = s->state[2]; s->state[1] = s->state[3];
s->state[2] = s->output[0]; s->state[3] = s->output[1];
}
# undef STEPS
# undef ROUNDS
}
#undef SHISHUA_ALIGNR_EPI8
#undef SHISHUA_CVTSI64_SI128
#undef SHISHUA_SET_EPI64X
#undef SHISHUA_RESTRICT
#endif