8371450: AES performance improvements for key schedule generation

[smemery]

This fix improves performance in the AES key schedule generation by eliminating an unnecessary object and unnecessary mask in the inverse key schedule.

The micro:org.openjdk.bench.javax.crypto.AESReinit benchmark results are improved by 6.96% for arm64 and 7.79% for x86_64.

Thank you @jnimeh for catching the unnecessary byte mask!

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8371450: AES performance improvements for key schedule generation (Enhancement - P4)

Reviewers

• Jamil Nimeh (@jnimeh - Reviewer) 🔄 Re-review required (review applies to 0e9d14f9)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/28188/head:pull/28188
$ git checkout pull/28188

Update a local copy of the PR:
$ git checkout pull/28188
$ git pull https://git.openjdk.org/jdk.git pull/28188/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 28188

View PR using the GUI difftool:
$ git pr show -t 28188

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/28188.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back smemery! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@smemery This change is no longer ready for integration - check the PR body for details.

[openjdk]

@smemery The following label will be automatically applied to this pull request:

• security

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 02: Full - Incremental (55e052f6)
• 01: Full - Incremental (0e9d14f9)
• 00: Full (c462a58e)

[ferakocz]

I think there is no need for any of these bytes. Every index can be computed as "(word >> offset) & 0x0F". Actually, if you define SBOX as a 1-dim array, you can index into it with "(word >> offset) & 0xFF".

[smemery]

Thank you for your review. The byte assignments were to avoid three redundant shift operations.

[jnimeh]

Do you think there would be any benefit to putting w[widx] through w[widx+3] on local int variables? In some cases I've seen where that increases register pressure and can lead to some perf benefits. I'm not sure if this is one of those cases but it seems like you'd only need to reference memory once instead of 4 times per assignment.

[smemery]

I believe my original changes here utilize a "MergeStore" technique that the compiler optimizes. I've asked @minborg to see if I got this right. To verify the optimization here, I used the separate local int variable technique and saw a 0.7% decrease in benchmark performance.

[jnimeh]

Well, your experiment answers my question. Unless @minborg says otherwise I'm fine with what you have. You're already seeing improvements so that's great.