Skip to content

Commit e7b18a7

Browse files
committed
std.crypto: remove inline from most functions
To quote the language reference, It is generally better to let the compiler decide when to inline a function, except for these scenarios: * To change how many stack frames are in the call stack, for debugging purposes. * To force comptime-ness of the arguments to propagate to the return value of the function, as in the above example. * Real world performance measurements demand it. Don't guess! Note that inline actually restricts what the compiler is allowed to do. This can harm binary size, compilation speed, and even runtime performance. `zig run lib/std/crypto/benchmark.zig -OReleaseFast` [-before-] vs {+after+} md5: [-990-] {+998+} MiB/s sha1: [-1144-] {+1140+} MiB/s sha256: [-2267-] {+2275+} MiB/s sha512: [-762-] {+767+} MiB/s sha3-256: [-680-] {+683+} MiB/s sha3-512: [-362-] {+363+} MiB/s shake-128: [-835-] {+839+} MiB/s shake-256: [-680-] {+681+} MiB/s turboshake-128: [-1567-] {+1570+} MiB/s turboshake-256: [-1276-] {+1282+} MiB/s blake2s: [-778-] {+789+} MiB/s blake2b: [-1071-] {+1086+} MiB/s blake3: [-1148-] {+1137+} MiB/s ghash: [-10044-] {+10033+} MiB/s polyval: [-9726-] {+10033+} MiB/s poly1305: [-2486-] {+2703+} MiB/s hmac-md5: [-991-] {+998+} MiB/s hmac-sha1: [-1134-] {+1137+} MiB/s hmac-sha256: [-2265-] {+2288+} MiB/s hmac-sha512: [-765-] {+764+} MiB/s siphash-2-4: [-4410-] {+4438+} MiB/s siphash-1-3: [-7144-] {+7225+} MiB/s siphash128-2-4: [-4397-] {+4449+} MiB/s siphash128-1-3: [-7281-] {+7374+} MiB/s aegis-128x4 mac: [-73385-] {+74523+} MiB/s aegis-256x4 mac: [-30160-] {+30539+} MiB/s aegis-128x2 mac: [-66662-] {+67267+} MiB/s aegis-256x2 mac: [-16812-] {+16806+} MiB/s aegis-128l mac: [-33876-] {+34055+} MiB/s aegis-256 mac: [-8993-] {+9087+} MiB/s aes-cmac: 2036 MiB/s x25519: [-20670-] {+16844+} exchanges/s ed25519: [-29763-] {+29576+} signatures/s ecdsa-p256: [-4762-] {+4900+} signatures/s ecdsa-p384: [-1465-] {+1500+} signatures/s ecdsa-secp256k1: [-5643-] {+5769+} signatures/s ed25519: [-21926-] {+21721+} verifications/s ed25519: [-51200-] {+50880+} verifications/s (batch) chacha20Poly1305: [-1189-] {+1109+} MiB/s xchacha20Poly1305: [-1196-] {+1107+} MiB/s xchacha8Poly1305: [-1466-] {+1555+} MiB/s xsalsa20Poly1305: [-660-] {+620+} MiB/s aegis-128x4: [-76389-] {+78181+} MiB/s aegis-128x2: [-53946-] {+53495+} MiB/s aegis-128l: [-27219-] {+25621+} MiB/s aegis-256x4: [-49351-] {+49542+} MiB/s aegis-256x2: [-32390-] {+32366+} MiB/s aegis-256: [-8881-] {+8944+} MiB/s aes128-gcm: [-6095-] {+6205+} MiB/s aes256-gcm: [-5306-] {+5427+} MiB/s aes128-ocb: [-8529-] {+13974+} MiB/s aes256-ocb: [-7241-] {+9442+} MiB/s isapa128a: [-204-] {+214+} MiB/s aes128-single: [-133857882-] {+134170944+} ops/s aes256-single: [-96306962-] {+96408639+} ops/s aes128-8: [-1083210101-] {+1073727253+} ops/s aes256-8: [-762042466-] {+767091778+} ops/s bcrypt: 0.009 s/ops scrypt: [-0.018-] {+0.017+} s/ops argon2: [-0.037-] {+0.060+} s/ops kyber512d00: [-206057-] {+205779+} encaps/s kyber768d00: [-156074-] {+150711+} encaps/s kyber1024d00: [-116626-] {+115469+} encaps/s kyber512d00: [-181149-] {+182046+} decaps/s kyber768d00: [-136965-] {+135676+} decaps/s kyber1024d00: [-101307-] {+100643+} decaps/s kyber512d00: [-123624-] {+123375+} keygen/s kyber768d00: [-69465-] {+70828+} keygen/s kyber1024d00: [-43117-] {+43208+} keygen/s
1 parent f97baca commit e7b18a7

26 files changed

+161
-161
lines changed

lib/std/crypto.zig

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -386,7 +386,7 @@ test "issue #4532: no index out of bounds" {
386386

387387
/// Sets a slice to zeroes.
388388
/// Prevents the store from being optimized out.
389-
pub inline fn secureZero(comptime T: type, s: []volatile T) void {
389+
pub fn secureZero(comptime T: type, s: []volatile T) void {
390390
@memset(s, 0);
391391
}
392392

lib/std/crypto/25519/curve25519.zig

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,12 +15,12 @@ pub const Curve25519 = struct {
1515
x: Fe,
1616

1717
/// Decode a Curve25519 point from its compressed (X) coordinates.
18-
pub inline fn fromBytes(s: [32]u8) Curve25519 {
18+
pub fn fromBytes(s: [32]u8) Curve25519 {
1919
return .{ .x = Fe.fromBytes(s) };
2020
}
2121

2222
/// Encode a Curve25519 point.
23-
pub inline fn toBytes(p: Curve25519) [32]u8 {
23+
pub fn toBytes(p: Curve25519) [32]u8 {
2424
return p.x.toBytes();
2525
}
2626

lib/std/crypto/25519/edwards25519.zig

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ pub const Edwards25519 = struct {
138138
}
139139

140140
/// Flip the sign of the X coordinate.
141-
pub inline fn neg(p: Edwards25519) Edwards25519 {
141+
pub fn neg(p: Edwards25519) Edwards25519 {
142142
return .{ .x = p.x.neg(), .y = p.y, .z = p.z, .t = p.t.neg() };
143143
}
144144

@@ -190,14 +190,14 @@ pub const Edwards25519 = struct {
190190
return q;
191191
}
192192

193-
inline fn cMov(p: *Edwards25519, a: Edwards25519, c: u64) void {
193+
fn cMov(p: *Edwards25519, a: Edwards25519, c: u64) void {
194194
p.x.cMov(a.x, c);
195195
p.y.cMov(a.y, c);
196196
p.z.cMov(a.z, c);
197197
p.t.cMov(a.t, c);
198198
}
199199

200-
inline fn pcSelect(comptime n: usize, pc: *const [n]Edwards25519, b: u8) Edwards25519 {
200+
fn pcSelect(comptime n: usize, pc: *const [n]Edwards25519, b: u8) Edwards25519 {
201201
var t = Edwards25519.identityElement;
202202
comptime var i: u8 = 1;
203203
inline while (i < pc.len) : (i += 1) {

lib/std/crypto/25519/field.zig

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -56,15 +56,15 @@ pub const Fe = struct {
5656
pub const edwards25519sqrtam2 = Fe{ .limbs = .{ 1693982333959686, 608509411481997, 2235573344831311, 947681270984193, 266558006233600 } };
5757

5858
/// Return true if the field element is zero
59-
pub inline fn isZero(fe: Fe) bool {
59+
pub fn isZero(fe: Fe) bool {
6060
var reduced = fe;
6161
reduced.reduce();
6262
const limbs = reduced.limbs;
6363
return (limbs[0] | limbs[1] | limbs[2] | limbs[3] | limbs[4]) == 0;
6464
}
6565

6666
/// Return true if both field elements are equivalent
67-
pub inline fn equivalent(a: Fe, b: Fe) bool {
67+
pub fn equivalent(a: Fe, b: Fe) bool {
6868
return a.sub(b).isZero();
6969
}
7070

@@ -168,7 +168,7 @@ pub const Fe = struct {
168168
}
169169

170170
/// Add a field element
171-
pub inline fn add(a: Fe, b: Fe) Fe {
171+
pub fn add(a: Fe, b: Fe) Fe {
172172
var fe: Fe = undefined;
173173
comptime var i = 0;
174174
inline while (i < 5) : (i += 1) {
@@ -178,7 +178,7 @@ pub const Fe = struct {
178178
}
179179

180180
/// Subtract a field element
181-
pub inline fn sub(a: Fe, b: Fe) Fe {
181+
pub fn sub(a: Fe, b: Fe) Fe {
182182
var fe = b;
183183
comptime var i = 0;
184184
inline while (i < 4) : (i += 1) {
@@ -197,17 +197,17 @@ pub const Fe = struct {
197197
}
198198

199199
/// Negate a field element
200-
pub inline fn neg(a: Fe) Fe {
200+
pub fn neg(a: Fe) Fe {
201201
return zero.sub(a);
202202
}
203203

204204
/// Return true if a field element is negative
205-
pub inline fn isNegative(a: Fe) bool {
205+
pub fn isNegative(a: Fe) bool {
206206
return (a.toBytes()[0] & 1) != 0;
207207
}
208208

209209
/// Conditonally replace a field element with `a` if `c` is positive
210-
pub inline fn cMov(fe: *Fe, a: Fe, c: u64) void {
210+
pub fn cMov(fe: *Fe, a: Fe, c: u64) void {
211211
const mask: u64 = 0 -% c;
212212
var x = fe.*;
213213
comptime var i = 0;
@@ -248,7 +248,7 @@ pub const Fe = struct {
248248
}
249249
}
250250

251-
inline fn _carry128(r: *[5]u128) Fe {
251+
fn _carry128(r: *[5]u128) Fe {
252252
var rs: [5]u64 = undefined;
253253
comptime var i = 0;
254254
inline while (i < 4) : (i += 1) {
@@ -321,17 +321,17 @@ pub const Fe = struct {
321321
}
322322

323323
/// Square a field element
324-
pub inline fn sq(a: Fe) Fe {
324+
pub fn sq(a: Fe) Fe {
325325
return _sq(a, false);
326326
}
327327

328328
/// Square and double a field element
329-
pub inline fn sq2(a: Fe) Fe {
329+
pub fn sq2(a: Fe) Fe {
330330
return _sq(a, true);
331331
}
332332

333333
/// Multiply a field element with a small (32-bit) integer
334-
pub inline fn mul32(a: Fe, comptime n: u32) Fe {
334+
pub fn mul32(a: Fe, comptime n: u32) Fe {
335335
const sn = @as(u128, @intCast(n));
336336
var fe: Fe = undefined;
337337
var x: u128 = 0;

lib/std/crypto/25519/ristretto255.zig

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -42,7 +42,7 @@ pub const Ristretto255 = struct {
4242
}
4343

4444
/// Reject the neutral element.
45-
pub inline fn rejectIdentity(p: Ristretto255) IdentityElementError!void {
45+
pub fn rejectIdentity(p: Ristretto255) IdentityElementError!void {
4646
return p.p.rejectIdentity();
4747
}
4848

@@ -141,24 +141,24 @@ pub const Ristretto255 = struct {
141141
}
142142

143143
/// Double a Ristretto255 element.
144-
pub inline fn dbl(p: Ristretto255) Ristretto255 {
144+
pub fn dbl(p: Ristretto255) Ristretto255 {
145145
return .{ .p = p.p.dbl() };
146146
}
147147

148148
/// Add two Ristretto255 elements.
149-
pub inline fn add(p: Ristretto255, q: Ristretto255) Ristretto255 {
149+
pub fn add(p: Ristretto255, q: Ristretto255) Ristretto255 {
150150
return .{ .p = p.p.add(q.p) };
151151
}
152152

153153
/// Subtract two Ristretto255 elements.
154-
pub inline fn sub(p: Ristretto255, q: Ristretto255) Ristretto255 {
154+
pub fn sub(p: Ristretto255, q: Ristretto255) Ristretto255 {
155155
return .{ .p = p.p.sub(q.p) };
156156
}
157157

158158
/// Multiply a Ristretto255 element with a scalar.
159159
/// Return error.WeakPublicKey if the resulting element is
160160
/// the identity element.
161-
pub inline fn mul(p: Ristretto255, s: [encoded_length]u8) (IdentityElementError || WeakPublicKeyError)!Ristretto255 {
161+
pub fn mul(p: Ristretto255, s: [encoded_length]u8) (IdentityElementError || WeakPublicKeyError)!Ristretto255 {
162162
return .{ .p = try p.p.mul(s) };
163163
}
164164

lib/std/crypto/25519/scalar.zig

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -50,7 +50,7 @@ pub fn reduce64(s: [64]u8) CompressedScalar {
5050

5151
/// Perform the X25519 "clamping" operation.
5252
/// The scalar is then guaranteed to be a multiple of the cofactor.
53-
pub inline fn clamp(s: *CompressedScalar) void {
53+
pub fn clamp(s: *CompressedScalar) void {
5454
s[0] &= 248;
5555
s[31] = (s[31] & 127) | 64;
5656
}
@@ -514,7 +514,7 @@ pub const Scalar = struct {
514514
}
515515

516516
/// Square a scalar `n` times
517-
inline fn sqn(x: Scalar, comptime n: comptime_int) Scalar {
517+
fn sqn(x: Scalar, comptime n: comptime_int) Scalar {
518518
var i: usize = 0;
519519
var t = x;
520520
while (i < n) : (i += 1) {

lib/std/crypto/aegis.zig

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ fn State128X(comptime degree: u7) type {
104104
return state;
105105
}
106106

107-
inline fn update(state: *State, d1: AesBlockVec, d2: AesBlockVec) void {
107+
fn update(state: *State, d1: AesBlockVec, d2: AesBlockVec) void {
108108
const blocks = &state.blocks;
109109
const tmp = blocks[7];
110110
comptime var i: usize = 7;
@@ -413,7 +413,7 @@ fn State256X(comptime degree: u7) type {
413413
return state;
414414
}
415415

416-
inline fn update(state: *State, d: AesBlockVec) void {
416+
fn update(state: *State, d: AesBlockVec) void {
417417
const blocks = &state.blocks;
418418
const tmp = blocks[5].encrypt(blocks[0]);
419419
comptime var i: usize = 5;

0 commit comments

Comments
 (0)