8373059: Test sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java should pass on Aarch64#28722
8373059: Test sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java should pass on Aarch64#28722ferakocz wants to merge 2 commits intoopenjdk:masterfrom
Conversation
…hould pass on Aarch64
|
👋 Welcome back ferakocz! A progress list of the required criteria for merging this PR into |
|
@ferakocz This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 71 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. As you do not have Committer status in this project an existing Committer must agree to sponsor your change. Possible candidates are the reviewers of this PR (@vpaprotsk, @wangweij) but any other Committer may sponsor as well. ➡️ To flag this PR as ready for integration with the above commit message, type |
openjdk
bot
changed the title
Webrevs
|
vpaprotsk
left a comment
vpaprotsk
left a comment
There was a problem hiding this comment.
Claims:
- "while the java version of
implDilithiumNttMultcan accept full signed INT32 on bothcoeffs1andcoeffs2, in the actual implementation of ML_DSA, calls never exceed-Q-to-+Qon either inputs"- (I believe, it allows aarch64 to rearrange some multiplications, perhaps to relieve some register-alloc pressure? Multiplications are commutative, so this is valid, except range would be exceeded)
- "congruence is sufficient in modular arithmetic for test to pass"
The second claim is self-evident (which allows to relax the Arrays.equals test).
The first.. I was able to convince myself by going through the code:
- All calls to
implDilithiumNttMultoriginate fromnttConstMultiplyandmatrixVectorPointwiseMultiply. - All inputs to
nttConstMultiplyandmatrixVectorPointwiseMultiplyare 'cleansed' bymlDsaVectorNtt,mlDsaNttandgenerateAmlDsaVectorNttitself is 'cleansed' bymlDsaNttgenerateAmasks its outputs to 23-bits (fits within the 2Q in this PR)mlDsaNtt'cleansed' bymontMulmontMulreturns range(-Q,Q)per paper in the comments.
|
|
||
| if (!Arrays.equals(prod1, prod2)) { | ||
| throw new RuntimeException("[Seed "+seed+"@"+i+"] Result mult mismatch: " + formatOf(prod1) + " != " + formatOf(prod2)); | ||
| boolean modQequal = true; |
There was a problem hiding this comment.
I would probably had moved this to its own helper arraysCongruent and replaces the if (!Arrays.equals(prod1, prod2)) with !arraysCongruent(prod1, prod2). But not a deal-breaker..
There was a problem hiding this comment.
Thanks for your thorough review and comments!
| // -XX:+UnlockDiagnosticVMOptions -XX:+UseDilithiumIntrinsics test/jdk/sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java | ||
| // To run manually: | ||
| // java --add-opens java.base/sun.security.provider=ALL-UNNAMED | ||
| // --add-exports java.base/sun.security.provider=ALL-UNNAMED |
There was a problem hiding this comment.
Please indent one space to align with lines below.
| // java --add-opens java.base/sun.security.provider=ALL-UNNAMED | ||
| // --add-exports java.base/sun.security.provider=ALL-UNNAMED | ||
| // -XX:+UnlockDiagnosticVMOptions -XX:+UseDilithiumIntrinsics | ||
| // test/jdk/sun/security/provider/acvp/ML_DSA_Intrinsic_Test.java |
There was a problem hiding this comment.
You've modified the test path above.
There was a problem hiding this comment.
You are right. I have changed it.
|
|
||
| if (!Arrays.equals(prod1, prod2)) { | ||
| throw new RuntimeException("[Seed "+seed+"@"+i+"] Result mult mismatch: " + formatOf(prod1) + " != " + formatOf(prod2)); | ||
| boolean modQequal = true; |
There was a problem hiding this comment.
You can copy the "the result is greater than -MONT_Q and less than MONT_Q" comment here.
There was a problem hiding this comment.
I added some comments.
| coeffs2[j] = rnd.nextInt(); | ||
| for (int j = 0; j < ML_DSA_N; j++) { | ||
| coeffs1[j] = rnd.nextInt(2 * ML_DSA_Q) - ML_DSA_Q; | ||
| coeffs2[j] = rnd.nextInt(2 * ML_DSA_Q) - ML_DSA_Q; |
There was a problem hiding this comment.
Why are both so small? Maybe only one is enough?
There was a problem hiding this comment.
This is purely for performance reasons. The test works for any case that satisfies the montMul() preconditions, but since this particular method that is under test here, these stricter conditions are always satisfied. If we allow a bigger range, the probability that the whole vector fails the equality test is higher, so the for loop will be executed more frequently and that takes time. I added a comment to the code.
|
/integrate |
|
/sponsor |
|
Going to push as commit 6ec36d3.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
3 participants
…hould pass on Aarch64
The test used to fail because it had checked a stronger equivalence of the results of the Java method and its intrinsified version.
Other then fixing that, I did some formatting and corrected a comment.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/28722/head:pull/28722$ git checkout pull/28722Update a local copy of the PR:
$ git checkout pull/28722$ git pull https://git.openjdk.org/jdk.git pull/28722/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 28722View PR using the GUI difftool:
$ git pr show -t 28722Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/28722.diff
Using Webrev
Link to Webrev Comment