Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scalar Cryptography v1.0.0-rc2. Incorrect ZIP/UNZIP insns encoding. #130

Closed
bulat242 opened this issue Sep 21, 2021 · 25 comments
Closed

Scalar Cryptography v1.0.0-rc2. Incorrect ZIP/UNZIP insns encoding. #130

bulat242 opened this issue Sep 21, 2021 · 25 comments
Labels
bug Something isn't working encoding Something about an instruction's encoding. public-review For all comments related to the public review process

Comments

@bulat242
Copy link

bulat242 commented Sep 21, 2021
edited

Chapter 3 -> 3.49 (Page 58):
Operation
foreach (i from 0 to xlen/2-1) {
X(rd)[2i] = X(rs1)[i]
X(rd)[2i+1] = X(rs1)[i+xlen/2]
}
This description is suitable to UNZIP operation.

Correct description of ZIP:
Operation
foreach (i from 0 to xlen/2-1) {
X(rd)[i] = X(rs1)[2i]
X(rd)[i+xlen/2] = X(rs1)[2i+1]
}
@ben-marshall ben-marshall added the public-review For all comments related to the public review process label Sep 22, 2021
@ben-marshall
Copy link
Member

Hi @bulat242

Thanks for spotting this! Just to be clear - it looks like the pseudocode for zip and unzip are the wrong way around, right?

I'll have to do some research on how to handle this, since although it's very simple to swap the descriptions in the spec, because its frozen, there might be other implications.

Cheers,
Ben

@bulat242
Copy link
Author

Yes, the descriptions for zip and unzip have to be swapped in a general sense. (UNZIP operation in spec is described as "inverse zip").

@ben-marshall
Copy link
Member

(UNZIP operation in spec is described as "inverse zip").

Yeah, that's a rubbish description for sure. I'll fix that.

Okay, I'll follow this up at the weekly CETG meeting tomorrow and ask how to handle it.

@bulat242
Copy link
Author

And I would like to clarify about rev8 and brev8 descriptions.
Are these descriptions same?
rev8:
foreach (i from 0 to (xlen - 8) by 8)
brev8:
foreach (i from 0 to sizeof(xlen) by 8)

@ben-marshall
Copy link
Member

And I would like to clarify about rev8 and brev8 descriptions.

The intent is to step through every byte in the register, so yes the foreach statements are supposed to be equivalent. It makes no sense to express the same thing two different ways, so I'll make sure we use something consistent in the final versions.

@bulat242
Copy link
Author

Okey, thank you for explanation!

@ben-marshall
Copy link
Member

@bulat242 - The plan for fixing this is to make the necessary changes in the spec and do a v1.0.0-rc3 release, and publicise this on the isa-dev mailing list. I'm double and triple checking things at the moment, but hopefully it'll be out if not today then early next week.

Out of curiosity - how did you catch the problem?

@bulat242
Copy link
Author

@ben-marshall Okey :)
I compared these descriptions of the instructions with old descriptions from bitmanip spec (v0.93).

ben-marshall added a commit to ben-marshall/riscv-bitmanip that referenced this issue Sep 24, 2021
@ben-marshall
Address riscv/riscv-crypto#130
bdf5d14 
- fix sail code for zip/unzip

- improve descriptions

 On branch dev/ben/zbk
 Your branch is up-to-date with 'ben-marshall/dev/ben/zbk'.

 Changes to be committed:
	modified:   bitmanip/insns/unzip.adoc
	modified:   bitmanip/insns/zip.adoc
ben-marshall added a commit that referenced this issue Sep 24, 2021
@ben-marshall
Bump bitmanip submodule for #130
dce5537 
- Fix zip/unzip sail code and descriptions

 On branch master
 Your branch is up-to-date with 'origin/master'.

 Changes to be committed:
	modified:   ../../extern/riscv-bitmanip

 Changes not staged for commit:
	modified:   ../../extern/riscv-gnu-toolchain (modified content)
	modified:   ../../extern/sail-riscv (new commits, untracked content)
@ben-marshall
Copy link
Member

@bulat242 - Here's the fix, hopefully this is a bit clearer than before!

@ben-marshall
Copy link
Member

I'm going to leave the issue open for now in case other people spot the same problem and try to report it. Thanks again for the catch!

@ben-marshall ben-marshall reopened this Sep 24, 2021
@bulat242
Copy link
Author

Okay, you are welcome.

@bulat242
Copy link
Author

@ben-marshall Hi!
I have a new question about encoding of zip/unzip insns.
In current scalar cryptography spec ZIP and UNZIP insns have different values in 20th bit. I understand the 20th bit in Bitmanip spec (v. 0.93) was included in shamt field of shfli/unshfli insns and was set for ZIP/UNZIP cases.
Was ZIP/UNZIP insns encoding in current crypto spec derived from bitmanip spec (v 0.93) and is it correct?

@ben-marshall
Copy link
Member

Hi @bulat242 - The encodings were not modified from the proposed Bitmanip ones. If they are different that's likely a mistake. Note that we are only standardising the RV32 versions of zip/unzip. I think the RV64 versions indeed had a different length shamt field. Could that be where they difference came from? I think the 0.93 Bitmanip spec in table 2.7 only gave RV64 listings for the SHAMT field.

@marcfedorow
Copy link

marcfedorow commented Sep 29, 2021
edited

Hi @ben-marshall
Actually 0.9.3 bitmanip spec gave RV128 encodings — you can easily assure by checking 7-bit immediate for SLLIU.W (RV32 and RV64 require 5 and 6 bits respectively).
Due to this reason (and explicit placing of inv bit to the generalization table) someone might have mistakenly decided that inv bit is a part of immediate.
This is not true tho — immediate only contains shift amount (shamt), the inv bit is the 14th one.
Thus both zip and unzip have to have 01111 bits in RS2 position (RV32 only! 11111 for RV64).

@bulat242
Copy link
Author

bulat242 commented Sep 29, 2021
edited

Yes, the encoding of zip/unzip (rv32 only) insns should look like below:
0000100 01111 rs 001 rd 0010011 -> zip
0000100 01111 rs 101 rd 0010011 - > unzip

@ben-marshall
Copy link
Member

Ah yes I see now. It looks like bits 24:20 in the scalar crypto spec were taken from the wrong part of the tables in Bitmanip 0.93. I'll fix this in the rc3 release so that for both, bits 24:20 are 01111 as you say.
Thanks again and good catch!
Cheers,
Ben

@bulat242 bulat242 changed the title Scalar Cryptography v1.0.0-rc2. Incorrect ZIP operarion description. Scalar Cryptography v1.0.0-rc2. Incorrect ZIP operarion description and ZIP/UNZIP insns encoding. Sep 29, 2021
@ben-marshall ben-marshall added bug Something isn't working encoding Something about an instruction's encoding. labels Sep 29, 2021
@bulat242
Copy link
Author

Okey, happy to help!

ben-marshall added a commit to ben-marshall/riscv-bitmanip that referenced this issue Oct 1, 2021
@ben-marshall
Fix zip/unzip immediate values
bc3a917 
- See riscv/riscv-crypto#130

 On branch dev/ben/zbk
 Your branch is up-to-date with 'ben-marshall/dev/ben/zbk'.

 Changes to be committed:
	modified:   bitmanip/insns/unzip.adoc
	modified:   bitmanip/insns/zip.adoc
ben-marshall added a commit that referenced this issue Oct 1, 2021
@ben-marshall
Fix zip/unzip immediate encodings
0af5cee 
See #130

 On branch master
 Your branch is up-to-date with 'origin/master'.

 Changes to be committed:
	modified:   ../../extern/riscv-bitmanip
@ben-marshall
Copy link
Member

ben-marshall commented Oct 1, 2021
edited

Hi @bulat242 , @marcfedorow - See here for the fix to the immediates. I've checked to see this is also what GCC emits for zip and unzip on RV32. I'll do a release later today and make sure it gets publicised on isa-dev. Thanks for all your help with this!

@marcfedorow
Copy link

Hi @ben-marshall
Thank you for ping!
Current descriptions seem to be incorrect tho.
shfl (zip) should do 3, 2, 1, 0 stages.
unshfl (unzip) should do 0, 1, 2, 3 stages.
This could be mixed up because B-ext 0.9.3. graphs should be read upwards (from down to up) -- check C code or other graphs for cross-check.

@bulat242
Copy link
Author

bulat242 commented Oct 1, 2021
edited

Yes, the descriptions of zip/unzip operations in crypto spec v1.0.0-rc2 were correct.
I'm sorry.

@bulat242 bulat242 changed the title Scalar Cryptography v1.0.0-rc2. Incorrect ZIP operarion description and ZIP/UNZIP insns encoding. Scalar Cryptography v1.0.0-rc2. Incorrect ZIP/UNZIP insns encoding. Oct 4, 2021
@marcfedorow
Copy link

@ben-marshall please note that this issue is not resolved yet

@ben-marshall
Copy link
Member

Hi @marcfedorow - yes it's on my list to fix (again). I'll get to it tomorrow.

@ben-marshall
Copy link
Member

ben-marshall commented Oct 6, 2021
edited

Hi @marcfedorow , @bulat242
So, I'd like to get this completely fixed today. My understanding of this mess so far is that:

  1. The RC1 encodings for zip and unzip were wrong, but they pseudo code and English descriptions were correct.
  2. It was pointed out that the encodings for zip and unzip were wrong, and that the descriptions & pseudo-code where "swapped" between Zip and Unzip. This wasn't actually the case, but I convinced myself that I'd made a mistake copying things. This was compounded by knowing that these instructions had been the wrong way around before.
  3. In RC3, the encodings became correct, but the pseudo-code and English descriptions became wrong, because I incorrectly swapped them.
  4. Now, in what will be RC4, the encodings and pseudo-code should be correct with respect to the original Bitmanip specs.

Please confirm that the new zip and unzip definitions match your expectations. You can see the diff here. I've compared these with the output of the instructions in Spike, and everything seems to match up.

I'll be asking some others to double check this too, because I am so confused by the whole thing I no longer trust myself!

@bulat242
Copy link
Author

bulat242 commented Oct 6, 2021

Hi, @ben-marshall !
You are right. The encodings now (in spec rc3) are correct, but unfortunately (because of my inattention) the pseudo-code of zip/unzip is incorrect.

@marcfedorow
Copy link

Hi @ben-marshall
Probably the word "respectively" could stay in both descriptions.
Besides this, zip/unzip look good to me now in pre-rc4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working encoding Something about an instruction's encoding. public-review For all comments related to the public review process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ben-marshall @kdockser @marcfedorow @bulat242