An IEEE 754 single-precision 32-bit binary float (henceforth FP32) can store:

• (-1)s × 2e × m0.m1m2m3m4m5m6m7m8m9m10m11m12⋯m21m22m23 with either:
• m0 = 1, other mi either 0 or 1, and -126 ≤ e ≤ 127 (normalised)
• m0 = 0, other mi either 0 or 1, and -126 = e (denormal or zero)
• (-1)s × ∞ (± infinity)
• NaN (with a sign bit, and 23 bits of almost-arbitrary payload)

An IEEE 754 half-precision 16-bit binary float (henceforth FP16) can store:

• (-1)s × 2e × m0.m1m2m3m4m5m6m7m8m9m10 with either:
• m0 = 1, other mi either 0 or 1, and -14 ≤ e ≤ 15 (normalised)
• m0 = 0, other mi either 0 or 1, and -14 = e (denormal or zero)
• (-1)s × ∞ (± infinity)
• NaN (with a sign bit, and 10 bits of almost-arbitrary payload)

Converting from FP32 to FP16 thus involves getting rid of m11 through m23, and dealing with the reduced range of e. If e starts in the range -14 ≤ e ≤ 15 and m11 through m23 are all 0, then this conversion is trivial. If any of m11 through m23 are 1 then a rounding decision has to be made, typical options for which include:

• Round toward zero (i.e. discard all of m11 through m23)
• Round toward +∞ or toward -∞ (i.e. add one or not based on s)
• Round to nearest with ties away from zero (i.e. add one if m11 is 1)
• Round to nearest with ties toward even (i.e. add one if m11 is 1 and at least one other of m10 through m23 is 1)

If e starts in the range e < -14 (i.e. underflow), then the resultant FP16 has to end up with e = -14, as it cannot go any smaller. Some number of mi will be discarded, and so a rounding decision again has to be made. A fun bonus decision crops up when rounding toward ±∞ and the starting FP32 is denormal: should denormals be treated as zero? (for other rounding modes, denormal inputs will naturally round to zero) Regardless of rounding mode, if the resultant FP16 is denormal, then there's the decision of whether to flush to zero.

If e starts in the range 15 < e (i.e. overflow), then there's no particularly great FP16 to convert to, with the options being:

• Infinity (with an appropriate sign)
• e = 15, all mi = 1 (i.e. a value of +65504 or -65504)
• Throw an exception

Choosing between infinity and 65504 is yet again a rounding decision, with the unintuitive quirk that 65520 is considered to be nearer to infinity than to 65504.

If the starting FP32 is NaN, then there's choice about what to do with the sign bit (either preserve it, or force it to a particular value), and again a choice about what to do with the payload bits (either preserve some of them, or force them to a particular canonical pattern).

All said, there are clearly lots of decision points in the conversion process, so it is no surprise that different implementations make different choices. We'll look at a bunch of software and hardware implementations, and the choices that they make (as they don't always advertise their decisions).

The summary of implementations and most important choices is:

ImplementationRoundingNaNs
numpyToward nearest, ties toward evenPreserve (1)
CPythonToward nearest, ties toward even (†)±Canonical
James Tursa (Matlab)Toward nearest, ties away from zero-Canonical
Fabian "ryg" GiesenToward nearest, details vary±Canonical
MaratyszczaToward nearest, ties toward even±Canonical
VCVTPS2PH (x86)ConfigurablePreserve (2)
FCVT / FCVTN (ARM)ConfigurableConfigurable
(†) Except that overflows throw an exception
(1) Top 10 bits of payload preserved, then LSB set to 1 if required
(2) Top bit of payload set to 1, then next 9 bits preserved

Jumping into the details, we start with numpy, which consists of very well-commented bit manipulations:

uint16_t numpy_floatbits_to_halfbits(uint32_t f) {
uint16_t h_sgn = (uint16_t)((f & 0x80000000u) >> 16);
uint32_t f_exp = f & 0x7f800000u;
uint32_t f_sig = f & 0x007fffffu;

// Exponent overflow/NaN converts to signed inf/NaN
if (f_exp >= 0x47800000u) {
if ((f_exp == 0x7f800000u) && (f_sig != 0)) {
// NaN - propagate the flag in the significand...
uint16_t ret = (uint16_t)(0x7c00u + (f_sig >> 13));
ret += (ret == 0x7c00u); // ...but make sure it stays a NaN
return h_sgn + ret;
} else {
// (overflow to) signed inf
return (uint16_t)(h_sgn + 0x7c00u);
}
}

// Exponent underflow converts to a subnormal half or signed zero
if (f_exp <= 0x38000000u) {
// Signed zeros, subnormal floats, and floats with small
// exponents all convert to signed zero half-floats.
if (f_exp < 0x33000000u) {
return h_sgn;
}
// Make the subnormal significand
f_exp >>= 23;
f_sig += 0x00800000u;
f_sig >>= (113 - f_exp);
// Handle rounding by adding 1 to the bit beyond half precision
//
// If the last bit in the half significand is 0 (already even),
// and the remaining bit pattern is 1000...0, then we do not add
// one to the bit after the half significand. However, the
// (113 - f_exp) shift can lose up to 11 bits, so the || checks
// them in the original. In all other cases, we can just add one.
if (((f_sig & 0x3fffu) != 0x1000u) || (f & 0x07ffu)) {
f_sig += 0x1000u;
}
uint16_t h_sig = (uint16_t)(f_sig >> 13);
// If the rounding causes a bit to spill into h_exp, it will
// increment h_exp from zero to one and h_sig will be zero.
// This is the correct result.
return (uint16_t)(h_sgn + h_sig);
}

// Regular case with no overflow or underflow
uint16_t h_exp = (uint16_t)((f_exp - 0x38000000u) >> 13);
// Handle rounding by adding 1 to the bit beyond half precision
//
// If the last bit in the half significand is 0 (already even), and
// the remaining bit pattern is 1000...0, then we do not add one to
// the bit after the half significand. In all other cases, we do.
if ((f_sig & 0x3fffu) != 0x1000u) {
f_sig += 0x1000u;
}
uint16_t h_sig = (uint16_t)(f_sig >> 13);
// If the rounding causes a bit to spill into h_exp, it will
// increment h_exp by one and h_sig will be zero. This is the
// correct result. h_exp may increment to 15, at greatest, in
// which case the result overflows to a signed inf.
return (uint16_t)(h_sgn + h_exp + h_sig);
}

CPython takes a very different approach, involving copysign and frexp:

int PyFloat_Pack2(double x) {
uint16_t sign, bits;
int e;

if (x == 0.0) {
sign = (copysign(1.0, x) == -1.0);
e = 0;
bits = 0;
} else if (isinf(x)) {
sign = (x < 0.0);
e = 0x1f;
bits = 0;
} else if (isnan(x)) {
// There are 2046 distinct half-precision NaNs (1022 signaling
// and 1024 quiet), but there are only two quiet NaNs that don't
// arise by quieting a signaling NaN; we get those by setting
// the topmost bit of the fraction field and clearing all other
// fraction bits. We choose the one with the appropriate sign.
sign = (copysign(1.0, x) == -1.0);
e = 0x1f;
bits = 0x200;
} else {
sign = (x < 0.0);
if (sign) {
x = -x;
}

double f = frexp(x, &e);
// Normalize f to be in the range [1.0, 2.0)
f *= 2.0;
e--;

if (e >= 16) {
goto Overflow;
} else if (e < -25) {
// |x| < 2**-25. Underflow to zero.
f = 0.0;
e = 0;
} else if (e < -14) {
// |x| < 2**-14. Gradual underflow
f = ldexp(f, 14 + e);
e = 0;
} else /* if (!(e == 0 && f == 0.0)) */ {
e += 15;
f -= 1.0; // Get rid of leading 1
}

f *= 1024.0; // 2**10
// Round to even
bits = (uint16_t)f; // Note the truncation
assert(bits < 1024);
assert(e < 31);
if ((f - bits > 0.5) || ((f - bits == 0.5) && (bits % 2 == 1))) {
if (++bits == 1024) {
// The carry propagated out of a string of 10 1 bits.
bits = 0;
if (++e == 31) {
goto Overflow;
}
}
}
}

return (sign << 15) | (e << 10) | bits;
Overflow:
PyErr_SetString(PyExc_OverflowError,
"float too large to pack with e format");
return -1;
}

The "Round to even" part of this CPython code was explicitly put in to match the numpy behaviour, however it diverges in its treatment of finite inputs that can't plausibly be represented by a finite FP16 - numpy will round them to infinity, whereas CPython will throw. This can be seen in the following example:

import numpy
import struct

def np_f2h(x):
return int(numpy.array(x, 'u4').view('f4').astype('f2').view('u2'))

def py_f2h(x):
f, = struct.unpack('f', struct.pack('I', x))
return struct.unpack('H', struct.pack('e', f))[0]

print(hex(np_f2h(0x49800000))) # 0x7c00
print(hex(py_f2h(0x49800000))) # OverflowError

The other difference is in treatment of NaN values, where numpy tries to preserve them as much as possible, whereas CPython only preserves the sign bit and otherwise turns all NaN values into a canonical quiet NaN:

print(hex(np_f2h(0xffffffff))) # 0xffff
print(hex(py_f2h(0xffffffff))) # 0xfe00

A different lineage of code comes from James Tursa. It was originally written for Matlab and requires a MathWorks account to download, but the interesting part found its way to GitHub regardless, and is transcribed with slight modifications here:

uint16_t tursa_floatbits_to_halfbits(uint32_t x) {
uint32_t xs = x & 0x80000000u; // Pick off sign bit
uint32_t xe = x & 0x7f800000u; // Pick off exponent bits
uint32_t xm = x & 0x007fffffu; // Pick off mantissa bits
uint16_t hs = (uint16_t)(xs >> 16); // Sign bit
if (xe == 0) { // Denormal will underflow, return a signed zero
return hs;
}
if (xe == 0x7f800000u) { // Inf or NaN
if (xm == 0) { // If mantissa is zero ...
return (uint16_t)(hs | 0x7c00u); // Signed Inf
} else {
return (uint16_t)0xfe00u; // NaN, only 1st mantissa bit set
}
}
// Normalized number
int hes = ((int)(xe >> 23)) - 127 + 15; // Exponent unbias the single, then bias the halfp
if (hes >= 0x1f) { // Overflow
return (uint16_t)(hs | 0x7c00u); // Signed Inf
} else if (hes <= 0) { // Underflow
uint16_t hm;
if ((14 - hes) > 24) { // Mantissa shifted all the way off & no rounding possibility
hm = (uint16_t)0u; // Set mantissa to zero
} else {
hm = (uint16_t)(xm >> (14 - hes)); // Mantissa
if ((xm >> (13 - hes)) & 1u) { // Check for rounding
hm += (uint16_t)1u; // Round, might overflow into exp bit, but this is OK
}
}
return (hs | hm); // Combine sign bit and mantissa bits, biased exponent is zero
} else {
uint16_t he = (uint16_t)(hes << 10); // Exponent
uint16_t hm = (uint16_t)(xm >> 13); // Mantissa
if (xm & 0x1000u) { // Check for rounding
return (hs | he | hm) + (uint16_t)1u; // Round, might overflow to inf, this is OK
} else {
return (hs | he | hm); // No rounding
}
}
}

Though it shares a lot in spirit with the numpy code, this code has different rounding behaviour to what we've seen before; ties are rounded away from zero rather than towards even. It also has yet another take on NaNs: all input NaNs get turned into a single output NaN, with not even the sign bit preserved.

The code from James Tursa was adopted into ISPC, meaning that ISPC had the same rounding and NaN behaviours. Then came along Fabian "ryg" Giesen, deploying his usual optimisation skills, and also fixing the rounding behaviour (back to ties toward even) and the NaN behaviour (preserve sign bit) at the same time. Several variants were written along that journey (and then adopted back by ISPC), but I'll choose this one to showcase:

uint16_t float_to_half_fast3_rtne(uint32_t x) {
uint32_t x_sgn = x & 0x80000000u;
x ^= x_sgn;

uint16_t o;
if (x >= 0x47800000u) { // result is Inf or NaN
o = (x > 0x7f800000u) ? 0x7e00  // NaN->qNaN
: 0x7c00; // and Inf->Inf
} else { // (De)normalized number or zero
if (x < 0x38800000u) { // resulting FP16 is subnormal or zero
// use a magic value to align our 10 mantissa bits at
// the bottom of the float. as long as FP addition
// is round-to-nearest-even this just works.
union { uint32_t u; float f; } f, denorm_magic;
f.u = x;
denorm_magic.u = ((127 - 14) + (23 - 10)) << 23;

f.f += denorm_magic.f;

// and one integer subtract of the bias later, we have our
// final float!
o = f.u - denorm_magic.u;
} else {
uint32_t mant_odd = (x >> 13) & 1; // resulting mantissa is odd

// update exponent, rounding bias part 1
x += ((15 - 127) << 23) + 0xfff;
// rounding bias part 2
x += mant_odd;
// take the bits!
o = x >> 13;
}
}
return (x_sgn >> 16) | o;
}

The interesting part of the above is how it handles the e < -14 case. Both the numpy code and the code from James Tursa handled this case with a variable distance bitshift and then some fiddly rounding logic, whereas the above makes the observation that there's existing hardware in a contemporary CPU for doing shifting and fiddly rounding: the floating point addition circuit. The first step of a floating point addition circuit is a variable distance bitshift of the smaller operand, with the aim of making its exponent equal to that of the larger operand. The above engineers the larger operand to have e = -1, which is what we want, as FP16 bottoms out at e = -14 and there are 13 (23 - 10) extra mantissa bits in FP32 compared to FP16. Any bits that get shifted out as part of exponent equalisation will contribute to rounding, which is exactly what we want.

Taking the idea further, we have this gem from Maratyszcza:

uint16_t fp16_ieee_from_fp32_value(uint32_t x) {
uint32_t x_sgn = x & 0x80000000u;
uint32_t x_exp = x & 0x7f800000u;
x_exp = (x_exp < 0x38800000u) ? 0x38800000u : x_exp; // max(e, -14)
x_exp += 15u << 23; // e += 15
x &= 0x7fffffffu; // Discard sign

union { uint32_t u; float f; } f, magic;
f.u = x;
magic.u = x_exp;

// If 15 < e then inf, otherwise e += 2
f.f = (f.f * 0x1.0p+112f) * 0x1.0p-110f;

// If we were in the x_exp >= 0x38800000u case:
// Replace f's exponent with that of x_exp, and discard 13 bits of
// f's significand, leaving the remaining bits in the low bits of
// f, relying on FP addition being round-to-nearest-even. If f's
// significand was previously `a.bcdefghijk`, then it'll become
// `1.000000000000abcdefghijk`, from which `bcdefghijk` will become
// the FP16 mantissa, and `a` will add onto the exponent. Note that
// rounding might add one to all this.
// If we were in the x_exp < 0x38800000u case:
// Replace f's exponent with the minimum FP16 exponent, discarding
// however many bits are required to make that happen, leaving
// whatever is left in the low bits.
f.f += magic.f;

uint32_t h_exp = (f.u >> 13) & 0x7c00u; // low 5 bits of exponent
uint32_t h_sig = f.u & 0x0fffu; // low 12 bits (10 are mantissa)
h_sig = (x > 0x7f800000u) ? 0x0200u : h_sig; // any NaN -> qNaN
return (x_sgn >> 16) + h_exp + h_sig;
}

The 15 < e case is elegantly folded into the infinity case by using the floating point multiply circuit and the constant 0x1.0p+112f. After that, the x_exp < 0x38800000u case plays out similarly to ryg's code: add a fixed constant to cause the result to appear in the low bits. The x_exp >= 0x38800000u case uses a dynamic magic number rather than a constant magic number, with the aim of shifting off exactly 13 bits, getting the rounding done by the floating point addition circuit, and again having the result appear in the low bits. The final trickery is in computing the FP16 exponent bits; starting with the 8 bits of FP32 exponent, the top 3 bits are discarded, and modulo-32 arithmetic is done on the low 5 bits. Modulo 32, the bias adjustment is +16 ((15-127) % 32), which gets done in two parts: a fixed +15, and then either +0 or +1 depending on whether the result is denormal or not.

Sadly, at some point, new hardware makes software tricks obsolete. On x86, said new hardware was the F16C instruction set, which (amongst other things) adds a VCVTPS2PH instruction for converting (a vector of) FP32 to FP16. Four different rounding modes are available: round to nearest with ties toward even, round toward +∞, round toward -∞, round toward zero. Note that round to nearest with ties away from zero isn't an option. An immediate operand specifies the rounding mode, or it can come from MXCSR.RC. NaN signs are preserved, and NaN payloads are mostly preserved: the MSB of the input payload is forced to 1, and then the top 10 bits of the input payload become the output payload. When rounding toward +∞ or -∞, MXCSR.DAZ causes input denormals to be treated as zero. On the other hand, MXCSR.FTZ is ignored, so denormal results are never flushed to zero. Code to exercise this instruction looks incredibly boring:

uint16_t cvtps2ph(uint32_t x) {
__m128 xmm = _mm_castsi128_ps(_mm_cvtsi32_si128(x));
return _mm_extract_epi16(_mm_cvtps_ph(xmm, 0), 0);
}

On ARMv8, we have FCVT (scalar) and FCVTN / FCVTN2 (vector), which are capable of performing FP32 to FP16 conversion. FPCR controls the rounding mode, with the same options as on x86. FPCR also controls denormal flushing, of both inputs and outputs. Finally, FPCR.DN controls whether NaNs are canonicalised (without even the sign bit preserved), or whether they have the same preservation behaviour as x86.

Yesterday, we looked at optimising an SDI CRC computation. After a bunch of mathematical optimisations, we reached this point:

uint64_t pack60(const uint16_t* data) {
return (((uint64_t)data[ 0]) <<  4) ^
(((uint64_t)data[ 2]) << 14) ^
(((uint64_t)data[ 4]) << 24) ^
(((uint64_t)data[ 6]) << 34) ^
(((uint64_t)data[ 8]) << 44) ^
(((uint64_t)data[10]) << 54);
}

__m128i pack120(const uint16_t* data) {
return _mm_set_epi64x(pack60(data + 12) >> 4, pack60(data));
}

__m128i xor_clmul(__m128i a, __m128i b) {
return _mm_xor_si128(_mm_clmulepi64_si128(a, b, 0x00),
_mm_clmulepi64_si128(a, b, 0x11));
}

void crc_sdi(uint32_t* crcs, const uint16_t* data, size_t n) {
__m128i c = _mm_cvtsi32_si128(crcs[0]);
__m128i y = _mm_cvtsi32_si128(crcs[1]);
{ // *= x^-14 semi-mod P
__m128i k = _mm_cvtsi32_si128(
0x9f380000 /* x^-14-(64-18)-32-1 mod P */);
c = _mm_clmulepi64_si128(c, k, 0x00);
y = _mm_clmulepi64_si128(y, k, 0x00);
}
for (size_t i = 0; i < n; i += 24) {
{ // *= x^120 semi-mod P
__m128i k = _mm_setr_epi32(
0, 0x4b334000 /* x^120+64-1 mod P */,
0, 0x96d30000 /* x^120-1    mod P */);
c = xor_clmul(c, k);
y = xor_clmul(y, k);
}
{ // +=
c = _mm_xor_si128(c, pack120(data + i));
y = _mm_xor_si128(y, pack120(data + i + 1));
}
}
{ // *= x^14 semi-mod P
__m128i k = _mm_setr_epi32(
0, 0x14980000 /* x^14+64-1 mod P */,
0, 0x00040000 /* x^14-1    mod P */);
c = xor_clmul(c, k);
y = xor_clmul(y, k);
}
{ // mod P
__m128i k = _mm_setr_epi32( /* x^128-1 div P */
0x14980559, 0x4c9bb5d5,
0x80040000, 0x5e405011);
c = _mm_xor_si128(_mm_srli_si128(xor_clmul(c, k), 8),
_mm_clmulepi64_si128(c, k, 0x01));
y = _mm_xor_si128(_mm_srli_si128(xor_clmul(y, k), 8),
_mm_clmulepi64_si128(y, k, 0x01));
__m128i P = _mm_cvtsi32_si128(0x46001 /* P */);
c = _mm_clmulepi64_si128(c, P, 0x00);
y = _mm_clmulepi64_si128(y, P, 0x00);
}
crcs[0] = _mm_cvtsi128_si32(c);
crcs[1] = _mm_cvtsi128_si32(y);
}

This ran at approximately 11 bits per cycle:

_mm_clmulepi64_si12810.811.012.8

From here, the question is how to best implement pack120. Compared to yesterday, there is a very different approach based around _mm_shuffle_epi8:

void crc_sdi_pack(uint32_t* crcs, const uint16_t* data, size_t n) {
...
{ // +=
__m128i d1 = _mm_loadu_si128((__m128i*)(data + i));
__m128i d2 = _mm_loadu_si128((__m128i*)(data + i + 8));
__m128i d3 = _mm_loadu_si128((__m128i*)(data + i + 16));
__m128i k1 = _mm_setr_epi16(16, 16, 64, 64, 1, 1, 4, 4);
__m128i k2 = _mm_setr_epi16(16,  0, 64,  0, 1, 0, 4, 0);
__m128i k3 = _mm_setr_epi16( 0, 16,  0, 64, 0, 1, 0, 4);
d1 = _mm_mullo_epi16(k1, d1);
__m128i k4=_mm_setr_epi8( 0, 1, -1,  8,  9, -1, -1, -1,
2, 3, -1, 10, 11, -1, -1, -1);
__m128i k5=_mm_setr_epi8(-1, 4,  5, -1, 12, 13, -1, -1,
-1, 6,  7, -1, 14, 15, -1, -1);
d1 = _mm_shuffle_epi8(d1, k4) ^ _mm_shuffle_epi8(d1, k5);
__m128i d1m; // Force a store to memory
asm("vmovdqa %1, %0" : "=m"(d1m) : "x"(d1) : "memory");
__m128i k6=_mm_setr_epi8(-1, -1, -1, -1, -1,  0,  1, -1,
4,  5,  8,  9, -1, 12, 13, -1);
__m128i k7=_mm_setr_epi8(-1, -1, -1, -1, -1, -1,  2,  3,
-1,  6,  7, 10, 11, -1, 14, 15);
cd = _mm_shuffle_epi8(cd, k6) ^ _mm_shuffle_epi8(cd, k7)
yd = _mm_shuffle_epi8(yd, k6) ^ _mm_shuffle_epi8(yd, k7)
c = _mm_xor_si128(c, cd);
y = _mm_xor_si128(y, yd);
}
...
}

This is very impressive, getting us to the region of 20 bits per cycle:

_mm_shuffle_epi820.219.723.4

If targetting AVX2, then some pairs of operations can be collapsed:

__m256i result;
asm("vbroadcasti128 %1, %0" : "=x"(result) :
"m"(*(const __m128i*)data));
return result;
}

void crc_sdi_pack(uint32_t* crcs, const uint16_t* data, size_t n) {
...
{ // +=
__m128i d1 = _mm_loadu_si128((__m128i*)(data + i));
__m256i d2 = broadcast128(data + i + 8);
__m256i d3 = broadcast128(data + i + 16);
__m128i k1 = _mm_setr_epi16(
16, 16, 64, 64, 1, 1, 4, 4);
__m256i k23 = _mm256_setr_epi16(
16,  0, 64,  0, 1, 0, 4, 0,
0, 16,  0, 64, 0, 1, 0, 4);
d1 = _mm_mullo_epi16(k1, d1);
__m128i k4 = _mm_setr_epi8(
0,  1, -1,  8,  9, -1, -1, -1,
2,  3, -1, 10, 11, -1, -1, -1);
__m128i k5 = _mm_setr_epi8(
-1, 4,  5, -1, 12, 13, -1, -1,
-1, 6,  7, -1, 14, 15, -1, -1);
d1 = _mm_shuffle_epi8(d1, k4) ^ _mm_shuffle_epi8(d1, k5);
__m128i d1m; // Force a store to memory
asm("vmovdqa %1, %0" : "=m"(d1m) : "x"(d1) : "memory");
__m256i cdyd = _mm256_packus_epi32(
__m256i k6 = _mm256_setr_epi8(
-1, -1, -1, -1, -1,  0,  1, -1,
4,  5,  8,  9, -1, 12, 13, -1,
-1, -1, -1, -1, -1,  0,  1, -1,
4,  5,  8,  9, -1, 12, 13, -1);
__m256i k7 = _mm256_setr_epi8(
-1, -1, -1, -1, -1, -1,  2,  3,
-1,  6,  7, 10, 11, -1, 14, 15,
-1, -1, -1, -1, -1, -1,  2,  3,
-1,  6,  7, 10, 11, -1, 14, 15);
cdyd = _mm256_shuffle_epi8(cdyd, k6)
^ _mm256_shuffle_epi8(cdyd, k7);
__m256i m; // Force a store to memory
asm("vmovdqa %1, %0" : "=m"(m) : "x"(cdyd) : "memory");
__m128i cd = _mm256_castsi256_si128(cdyd)
__m128i yd = _mm_loadu_si128(1 + (__m128i*)&m)
c = _mm_xor_si128(c, cd);
y = _mm_xor_si128(y, yd);
}
...
}

This gains us a few bits per cycle on all three processors:

AVX222.323.225.4

If targetting AVX512, then the xor3 trick from yesterday can be applied on top:

__m128i xor3(__m128i a, __m128i b, __m128i c) {
return _mm_ternarylogic_epi64(a, b, c, 0x96);
}

void crc_sdi_pack(uint32_t* crcs, const uint16_t* data, size_t n) {
...
for (size_t i = 0; i < n; i += 24) {
// *= x^120 semi-mod P
// +=
__m128i k = _mm_setr_epi32(
0, 0x4b334000 /* x^120+64-1 mod P */,
0, 0x96d30000 /* x^120-1    mod P */);
__m128i d1 = _mm_loadu_si128((__m128i*)(data + i));
__m256i d2 = broadcast128(data + i + 8);
__m256i d3 = broadcast128(data + i + 16);
__m128i k1 = _mm_setr_epi16(
16, 16, 64, 64, 1, 1, 4, 4);
__m256i k23 = _mm256_setr_epi16(
16,  0, 64,  0, 1, 0, 4, 0,
0, 16,  0, 64, 0, 1, 0, 4);
d1 = _mm_mullo_epi16(k1, d1);
__m128i k4 = _mm_setr_epi8(
0,  1, -1,  8,  9, -1, -1, -1,
2,  3, -1, 10, 11, -1, -1, -1);
__m128i k5 = _mm_setr_epi8(
-1, 4,  5, -1, 12, 13, -1, -1,
-1, 6,  7, -1, 14, 15, -1, -1);
d1 = _mm_shuffle_epi8(d1, k4) ^ _mm_shuffle_epi8(d1, k5);
__m128i d1m; // Force a store to memory
asm("vmovdqa %1, %0" : "=m"(d1m) : "x"(d1) : "memory");
__m256i cdyd = _mm256_packus_epi32(
__m256i k6 = _mm256_setr_epi8(
-1, -1, -1, -1, -1,  0,  1, -1,
4,  5,  8,  9, -1, 12, 13, -1,
-1, -1, -1, -1, -1,  0,  1, -1,
4,  5,  8,  9, -1, 12, 13, -1);
__m256i k7 = _mm256_setr_epi8(
-1, -1, -1, -1, -1, -1,  2,  3,
-1,  6,  7, 10, 11, -1, 14, 15,
-1, -1, -1, -1, -1, -1,  2,  3,
-1,  6,  7, 10, 11, -1, 14, 15);
cdyd = _mm256_shuffle_epi8(cdyd, k6)
^ _mm256_shuffle_epi8(cdyd, k7);
__m256i m; // Force a store to memory
asm("vmovdqa %1, %0" : "=m"(m) : "x"(cdyd) : "memory");
__m128i cd = _mm256_castsi256_si128(cdyd)
__m128i yd = _mm_loadu_si128(1 + (__m128i*)&m)
c = xor3(_mm_clmulepi64_si128(c, k, 0x00),
_mm_clmulepi64_si128(c, k, 0x11), cd);
y = xor3(_mm_clmulepi64_si128(y, k, 0x00),
_mm_clmulepi64_si128(y, k, 0x11), yd);
}
...
}

On applicable processors, this gains another few bits per cycle:

AVX512N/A25.828.9

An SDI data stream consists of 10-bit data. In hardware, this is not a problem. In contemporary software, 10-bit values are slightly awkward, and are generally represented in the low 10 bits of a uint16_t. SDI has two separate streams of 10-bit data (called c and y), which software might choose to represent in an interleaved fashion. Finally, each stream has an 18-bit CRC computed over it (polynomial x18 + x5 + x4 + x0), where the 18-bit value might be represented in the low 18 bits of a uint32_t. Given all this, the CRCs could be computed using the following code:

void crc_sdi(uint32_t* crcs, const uint16_t* data, size_t n) {
uint32_t c = crcs[0];
uint32_t y = crcs[1];
for (size_t i = 0; i < n; i += 2) {
c ^= data[i];
y ^= data[i+1];
for (int k = 0; k < 10; k++) {
c = c & 1 ? (c >> 1) ^ 0x23000 : c >> 1;
y = y & 1 ? (y >> 1) ^ 0x23000 : y >> 1;
}
}
crcs[0] = c;
crcs[1] = y;
}

The above code is short, but it isn't fast: on my three test systems, it manages approximately 0.5 bits per cycle. Expressed differently, that is 40 cycles per iteration of the outer loop (which is ingesting 20 bits per iteration).

Starting point0.5360.5280.477

At the cost of a 2KiB table, this can be improved to approximately 2.1 bits per cycle, which is better, but still not great:

uint16_t table[1u << 10];

void make_table() {
for (uint32_t idx = 0; idx < (1u << 10); idx++) {
uint32_t c = idx;
for (int k = 0; k < 10; k++) {
c = c & 1 ? (c >> 1) ^ 0x23000 : c >> 1;
}
table[idx] = (c >> 2);
}
}

void crc_sdi(uint32_t* crcs, const uint16_t* data, size_t n) {
uint32_t c = crcs[0];
uint32_t y = crcs[1];
for (size_t i = 0; i < n; i += 2) {
c ^= data[i];
y ^= data[i+1];
c = (table[c & 0x3ff] << 2) ^ (c >> 10);
y = (table[y & 0x3ff] << 2) ^ (y >> 10);
}
crcs[0] = c;
crcs[1] = y;
}
2KiB table2.102.152.05

To do better, some mathematical tricks need to be pulled. The polynomial ring ℤ2[x] is relevant, along with an isomorphism between bit strings and said polynomials. The original code can be re-expressed, but borrowing some notation from polynomials:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = crcs[0];
polynomial y = crcs[1];
for (size_t i = 0; i < n; i += 2) {
c += data[i]   * x8;
y += data[i+1] * x8;
for (int k = 0; k < 10; k++) {
c = (c * x1) mod P; // P is x18 + x5 + x4 + x0
y = (y * x1) mod P;
}
}
crcs[0] = c;
crcs[1] = y;
}

The first mathematical trick is eliminating the inner loop:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = crcs[0];
polynomial y = crcs[1];
for (size_t i = 0; i < n; i += 2) {
c = (c * x10 + data[i]   * x18) mod P;
y = (y * x10 + data[i+1] * x18) mod P;
}
crcs[0] = c;
crcs[1] = y;
}

The next mathematical trick is pulling * x18 and mod P out of the loop:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = crcs[0] * x-18;
polynomial y = crcs[1] * x-18;
for (size_t i = 0; i < n; i += 2) {
c = c * x10 + data[i];
y = y * x10 + data[i+1];
}
crcs[0] = (c * x18) mod P;
crcs[1] = (y * x18) mod P;
}

At this point, a step back towards practical implementation is required, which takes the form of unrolling the loop 12 times:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = crcs[0] * x-18;
polynomial y = crcs[1] * x-18;
for (size_t i = 0; i < n; i += 24) {
c = c * x120 + pack120(data + i);
y = y * x120 + pack120(data + i + 1);
}
crcs[0] = (c * x18) mod P;
crcs[1] = (y * x18) mod P;
}

polynomial pack120(const polynomial* data) { return pack60(data) * x60 + pack60(data + 12); }

polynomial pack60(const polynomial* data) { polynomial result = 0; for (size_t i = 0; i < 12; i += 2) { result = result * x10 + data[i]; } return result; }

The * x60 in the middle of pack120 is slightly awkward, and would be more convenient as * x64. This can be achieved by shuffling a few things around:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = crcs[0] * x-14;
polynomial y = crcs[1] * x-14;
for (size_t i = 0; i < n; i += 24) {
c = c * x120 + pack120(data + i);
y = y * x120 + pack120(data + i + 1);
}
crcs[0] = (c * x14) mod P;
crcs[1] = (y * x14) mod P;
}

polynomial pack120(const polynomial* data) { return pack60(data) * x64 + pack60(data + 12) * x4; }

polynomial pack60(const polynomial* data) { polynomial result = 0; for (size_t i = 0; i < 12; i += 2) { result = result * x10 + data[i]; } return result; }

To continue back towards a practical implementation, the size of each polynomial variable needs to be bounded. For that, I'll introduce the semi-mod operator, where for a polynomial F, (F * xn) semi-mod P is defined as (F mod x64) * (xn mod P) + (F div x64) * (xn+64 mod P). This is then tactically deployed in a few places:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = (crcs[0] * x-14) semi-mod P;
polynomial y = (crcs[1] * x-14) semi-mod P;
for (size_t i = 0; i < n; i += 24) {
c = (c * x120) semi-mod P;
y = (y * x120) semi-mod P;
c = c + pack120(data + i);
y = y + pack120(data + i + 1);
}
c = (c * x14) semi-mod P;
y = (y * x14) semi-mod P;
crcs[0] = c mod P;
crcs[1] = y mod P;
}

polynomial pack120(const polynomial* data) { return pack60(data) * x64 + pack60(data + 12) * x4; }

polynomial pack60(const polynomial* data) { polynomial result = 0; for (size_t i = 0; i < 12; i += 2) { result = result * x10 + data[i]; } return result; }

The next transformation is unrolling pack60:

void crc_sdi(polynomial* crcs, const polynomial* data, size_t n) {
polynomial c = (crcs[0] * x-14) semi-mod P;
polynomial y = (crcs[1] * x-14) semi-mod P;
for (size_t i = 0; i < n; i += 24) {
c = (c * x120) semi-mod P;
y = (y * x120) semi-mod P;
c = c + pack120(data + i);
y = y + pack120(data + i + 1);
}
c = (c * x14) semi-mod P;
y = (y * x14) semi-mod P;
crcs[0] = c mod P;
crcs[1] = y mod P;
}

polynomial pack120(const polynomial* data) { return pack60(data) * x64 + pack60(data + 12) * x4; }

polynomial pack60(const polynomial* data) { return data[ 0] * x50 + data[ 2] * x40 + data[ 4] * x30 + data[ 6] * x20 + data[ 8] * x10 + data[10]; }

Moving back toward the practical realm, pack60 can return a 64-bit value. This value will be a polynomial in reversed bit order, meaning that the MSB represents x0 and the LSB represents x63. pack60 thus becomes:

uint64_t pack60(const uint16_t* data) {
return (((uint64_t)data[ 0]) <<  4) ^
(((uint64_t)data[ 2]) << 14) ^
(((uint64_t)data[ 4]) << 24) ^
(((uint64_t)data[ 6]) << 34) ^
(((uint64_t)data[ 8]) << 44) ^
(((uint64_t)data[10]) << 54);
}

Next up is pack120, which can return a 128-bit value. Again, this value will be a polynomial in reversed bit order, so the MSB represents x0 and the LSB represents x127. pack120 thus becomes:

__m128i pack120(const uint16_t* data) {
return _mm_set_epi64x(pack60(data + 12) >> 4, pack60(data));
}

The c and y polynomials within the main function can also be 128-bit values, in the same reversed bit order. At this point, _mm_clmulepi64_si128 needs to be introduced, which can perform multiplication of two 64-bit polynomials, either in regular bit order or in reversed bit order. For polynomials F and G in regular bit order, it performs F * G with the result in regular order. For polynomials F and G in reversed bit order, it performs F * G * x1 with the result in reversed order. Accordingly, _mm_clmulepi64_si128 can be used to implement the semi-mod operator. It can also be used to implement mod P. It is neither short nor readable, but the resultant code is:

__m128i xor_clmul(__m128i a, __m128i b) {
return _mm_xor_si128(_mm_clmulepi64_si128(a, b, 0x00),
_mm_clmulepi64_si128(a, b, 0x11));
}

void crc_sdi(uint32_t* crcs, const uint16_t* data, size_t n) {
__m128i c = _mm_cvtsi32_si128(crcs[0]);
__m128i y = _mm_cvtsi32_si128(crcs[1]);
{ // *= x^-14 semi-mod P
__m128i k = _mm_cvtsi32_si128(
0x9f380000 /* x^-14-(64-18)-32-1 mod P */);
c = _mm_clmulepi64_si128(c, k, 0x00);
y = _mm_clmulepi64_si128(y, k, 0x00);
}
for (size_t i = 0; i < n; i += 24) {
{ // *= x^120 semi-mod P
__m128i k = _mm_setr_epi32(
0, 0x4b334000 /* x^120+64-1 mod P */,
0, 0x96d30000 /* x^120-1    mod P */);
c = xor_clmul(c, k);
y = xor_clmul(y, k);
}
{ // +=
c = _mm_xor_si128(c, pack120(data + i));
y = _mm_xor_si128(y, pack120(data + i + 1));
}
}
{ // *= x^14 semi-mod P
__m128i k = _mm_setr_epi32(
0, 0x14980000 /* x^14+64-1 mod P */,
0, 0x00040000 /* x^14-1    mod P */);
c = xor_clmul(c, k);
y = xor_clmul(y, k);
}
{ // mod P
__m128i k = _mm_setr_epi32( /* x^128-1 div P */
0x14980559, 0x4c9bb5d5,
0x80040000, 0x5e405011);
c = _mm_xor_si128(_mm_srli_si128(xor_clmul(c, k), 8),
_mm_clmulepi64_si128(c, k, 0x01));
y = _mm_xor_si128(_mm_srli_si128(xor_clmul(y, k), 8),
_mm_clmulepi64_si128(y, k, 0x01));
__m128i P = _mm_cvtsi32_si128(0x46001 /* P */);
c = _mm_clmulepi64_si128(c, P, 0x00);
y = _mm_clmulepi64_si128(y, P, 0x00);
}
crcs[0] = _mm_cvtsi128_si32(c);
crcs[1] = _mm_cvtsi128_si32(y);
}

This version comes in at approximately 11 bits per cycle:

_mm_clmulepi64_si12810.811.012.8

This is good, but we can do better still. At this point, all the mathematical tricks have been pulled, so the next avenue of exploration is vectorisation. In particular, there are four pack60 calls per iteration, and it should be possible to perform two calls at once by operating at 128-bit vector width:

__m128i pmovzxwq(const uint16_t* data) {
__m128i out;
asm("vpmovzxwq %1, %0" : "=x"(out) :
"m"(*(const uint32_t*)data));
return out;
}

__m128i pack60x2(const uint16_t* data) {
__m128i result;
result  = _mm_slli_epi64(pmovzxwq(data     ),  4);
result ^= _mm_slli_epi64(pmovzxwq(data +  2), 14);
result ^= _mm_slli_epi64(pmovzxwq(data +  4), 24);
result ^= _mm_slli_epi64(pmovzxwq(data +  6), 34);
result ^= _mm_slli_epi64(pmovzxwq(data +  8), 44);
result ^= _mm_slli_epi64(pmovzxwq(data + 10), 54);
return result;
}

void crc_sdi_pack(uint32_t* crcs, const uint16_t* data, size_t n) {
...
{ // +=
__m128i lo = pack60x2(data + i);
__m128i hi = _mm_srli_epi64(pack60x2(data + i + 12), 4);
c = _mm_xor_si128(c, _mm_unpacklo_epi64(lo, hi));
y = _mm_xor_si128(y, _mm_unpackhi_epi64(lo, hi));
}
...
}

This gives an extra 0.7 bits per cycle on Broadwell. On Skylake and Ice Lake, it improves things by more than 2 bits per cycle:

pack60x211.513.215.2

From here, a few shift instructions can be eliminated by having two variants of pack60x2:

__m128i pack60x2_4(const uint16_t* data) {
__m128i result;
result  = _mm_slli_epi64(pmovzxwq(data     ),  4);
result ^= _mm_slli_epi64(pmovzxwq(data +  2), 14);
result ^= _mm_slli_epi64(pmovzxwq(data +  4), 24);
result ^= _mm_slli_epi64(pmovzxwq(data +  6), 34);
result ^= _mm_slli_epi64(pmovzxwq(data +  8), 44);
result ^= _mm_slli_epi64(pmovzxwq(data + 10), 54);
return result;
}

__m128i pack60x2_0(const uint16_t* data) {
__m128i result;
result  =                pmovzxwq(data     );
result ^= _mm_slli_epi64(pmovzxwq(data +  2), 10);
result ^= _mm_slli_epi64(pmovzxwq(data +  4), 20);
result ^= _mm_slli_epi64(pmovzxwq(data +  6), 30);
result ^= _mm_slli_epi64(pmovzxwq(data +  8), 40);
result ^= _mm_slli_epi64(pmovzxwq(data + 10), 50);
return result;
}

void crc_sdi_pack(uint32_t* crcs, const uint16_t* data, size_t n) {
...
{ // +=
__m128i lo = pack60x2_4(data + i);
__m128i hi = pack60x2_0(data + i + 12);
c = _mm_xor_si128(c, _mm_unpacklo_epi64(lo, hi));
y = _mm_xor_si128(y, _mm_unpackhi_epi64(lo, hi));
}
...
}

This makes basically no difference on Skylake, but gives a minor improvement on both Broadwell and Ice Lake:

pack60x2_4 and pack60x2_012.613.215.9

At this point it is worth reviewing exactly which micro-ops are being executed per iteration of the loop (which is now ingesting 240 bits per iteration):

InstructionCountBDW μopsSKL μopsICL μops
_mm_clmulepi64_si128 x, x, i4p0p5p5
pmovzxwq x, m12p5 + p23p5 + p23p15 + p23
_mm_slli_epi64 x, i11p0p01p01
_mm_xor_si128 x, x14p015p015p015
_mm_unpack(lo|hi)_epi64 x, x2p5p5p15

On Skylake, we're bound by port 5 (which is why eliminating the shifts didn't help): 240 bits require 18 μops executed by port 5, and 240 bits divided by 18 cycles is 13.3 bits per cycle, which is pretty much the measured 13.2 bits per cycle. Things are slightly less neat on Broadwell and Ice Lake, as we're hitting suboptimal dispatch of μops to execution ports, causing us to be bound on a port even though clairvoyant dispatch could do slightly better. Broadwell could be described as being bound on port 0 (due to some xor μops being dispatched to port 0, even though it would be better to dispatch them all to port 1), and Ice Lake could be described as being bound on a mix of port 1 and port 5 (due to some xor μops not being dispatched to port 0).

To get past this bound, some work needs to be removed from port 5. Each pair of pmovzxwq and _mm_slli_epi64 causes a memory μop on port 2 or 3, a shuffle μop on port 5 (or port 1 on Ice Lake), and an arithmetic μop on port 0 (or port 1 on Skylake / Ice Lake). The shuffle μop can be removed by using a different pair of instructions: broadcastss (one memory μop) followed by _mm_madd_epi16 against a constant (one arithmetic μop). This different pair can only be used when the shift amount, modulo 32, is between 0 and 14 (inclusive), as the constant values in question are int16_t values. Half of the cases satisfy this constraint on the shift amount, and can thus be replaced:

__m128i result;
asm("vbroadcastss %1, %0" : "=x"(result) :
"m"(*(const uint32_t*)data));
return result;
}

__m128i pack60x2_4(const uint16_t* data) {
__m128i shift4  = _mm_setr_epi32(1u <<  4, 0, 1u << ( 4+16), 0);
__m128i shift14 = _mm_setr_epi32(1u << 14, 0, 1u << (14+16), 0);
__m128i shift34 = _mm_setr_epi32(0, 1u <<  2, 0, 1u << ( 2+16));
__m128i shift44 = _mm_setr_epi32(0, 1u << 12, 0, 1u << (12+16));
__m128i result;
result ^= _mm_slli_epi64(   pmovzxwq(data +  4), 24);
result ^= _mm_slli_epi64(   pmovzxwq(data + 10), 54);
return result;
}

__m128i pack60x2_0(const uint16_t* data) {
__m128i shift10 = _mm_setr_epi32(1u << 10, 0, 1u << (10+16), 0);
__m128i shift40 = _mm_setr_epi32(0, 1u << 8, 0, 1u << (8+16));
__m128i result;
result  =                   pmovzxwq(data     );
result ^= _mm_slli_epi64(   pmovzxwq(data +  4), 20);
result ^= _mm_slli_epi64(   pmovzxwq(data +  6), 30);
result ^= _mm_slli_epi64(   pmovzxwq(data + 10), 50);
return result;
}

This gives a nice improvement across the board, getting us to at least 18 bits per cycle on Skylake and Ice Lake:

A few more pairs of pmovzxwq and _mm_slli_epi64 can be replaced with broadcastss and _mm_madd_epi16, albeit at the cost of one extra arithmetic μop for every two removed shuffle μops:

__m128i pack60x2_4(const uint16_t* data) {
__m128i shift4  = _mm_setr_epi32(1u <<  4, 0, 1u << ( 4+16), 0);
__m128i shift14 = _mm_setr_epi32(1u << 14, 0, 1u << (14+16), 0);
__m128i shift34 = _mm_setr_epi32(0, 1u <<  2, 0, 1u << ( 2+16));
__m128i shift44 = _mm_setr_epi32(0, 1u << 12, 0, 1u << (12+16));
__m128i result, hi;
result ^= _mm_slli_epi64(hi, 20);
return result;
}

__m128i pack60x2_0(const uint16_t* data) {
__m128i shift10 = _mm_setr_epi32(1u << 10, 0, 1u << (10+16), 0);
__m128i shift40 = _mm_setr_epi32(0, 1u << 8, 0, 1u << (8+16));
__m128i result, hi;
result  =                   pmovzxwq(data     );
hi      =                   pmovzxwq(data +  4);
result ^= _mm_slli_epi64(hi, 20);
result ^= _mm_slli_epi64(   pmovzxwq(data + 10), 50);
return result;
}

This is a minor regression on Broadwell (because at this point we're bound by port 0, and that is where the extra arithmetic μop goes), and a small improvement on Skylake and Ice Lake (where the bound is shuffle rather than arithmetic):

To break through the barrier of 20 bits per cycle, AVX512's ternary bitwise instruction can be used to merge together pairs of xor instructions:

__m128i xor3(__m128i a, __m128i b, __m128i c) {
return _mm_ternarylogic_epi64(a, b, c, 0x96);
}

__m128i pack60x2_4(const uint16_t* data) {
__m128i shift4  = _mm_setr_epi32(1u <<  4, 0, 1u << ( 4+16), 0);
__m128i shift14 = _mm_setr_epi32(1u << 14, 0, 1u << (14+16), 0);
__m128i shift34 = _mm_setr_epi32(0, 1u <<  2, 0, 1u << ( 2+16));
__m128i shift44 = _mm_setr_epi32(0, 1u << 12, 0, 1u << (12+16));
__m128i result, hi;
result = xor3(result,
_mm_slli_epi64(hi, 20));
return result;
}

__m128i pack60x2_0(const uint16_t* data) {
__m128i shift10 = _mm_setr_epi32(1u << 10, 0, 1u << (10+16), 0);
__m128i shift40 = _mm_setr_epi32(0, 1u << 8, 0, 1u << (8+16));
__m128i result, hi;
hi     =                        pmovzxwq(data +  4)
result = xor3(                  pmovzxwq(data     ),
_mm_slli_epi64(hi, 20));
result = xor3(result,
_mm_slli_epi64(   pmovzxwq(data + 10), 50));
return result;
}

void crc_sdi(uint32_t* crcs, const uint16_t* data, size_t n) {
__m128i c = _mm_cvtsi32_si128(crcs[0]);
__m128i y = _mm_cvtsi32_si128(crcs[1]);
{ // *= x^-14 semi-mod P
__m128i k = _mm_cvtsi32_si128(
0x9f380000 /* x^-14-(64-18)-32-1 mod P */);
c = _mm_clmulepi64_si128(c, k, 0x00);
y = _mm_clmulepi64_si128(y, k, 0x00);
}
for (size_t i = 0; i < n; i += 24) {
// *= x^120 semi-mod P
// +=
__m128i lo = pack60x2_4(data + i);
__m128i hi = pack60x2_0(data + i + 12);
__m128i k = _mm_setr_epi32(
0, 0x4b334000 /* x^120+64-1 mod P */,
0, 0x96d30000 /* x^120-1    mod P */);
c = xor3(_mm_clmulepi64_si128(c, k, 0x00),
_mm_clmulepi64_si128(c, k, 0x11),
_mm_unpacklo_epi64(lo, hi));
y = xor3(_mm_clmulepi64_si128(y, k, 0x00),
_mm_clmulepi64_si128(y, k, 0x11),
_mm_unpackhi_epi64(lo, hi));
}
{ // *= x^14 semi-mod P
__m128i k = _mm_setr_epi32(
0, 0x14980000 /* x^14+64-1 mod P */,
0, 0x00040000 /* x^14-1    mod P */);
c = xor_clmul(c, k);
y = xor_clmul(y, k);
}
{ // mod P
__m128i k = _mm_setr_epi32( /* x^128-1 div P */
0x14980559, 0x4c9bb5d5,
0x80040000, 0x5e405011);
c = _mm_xor_si128(_mm_srli_si128(xor_clmul(c, k), 8),
_mm_clmulepi64_si128(c, k, 0x01));
y = _mm_xor_si128(_mm_srli_si128(xor_clmul(y, k), 8),
_mm_clmulepi64_si128(y, k, 0x01));
__m128i P = _mm_cvtsi32_si128(0x46001 /* P */);
c = _mm_clmulepi64_si128(c, P, 0x00);
y = _mm_clmulepi64_si128(y, P, 0x00);
}
crcs[0] = _mm_cvtsi128_si32(c);
crcs[1] = _mm_cvtsi128_si32(y);
}

AVX512 isn't available on Broadwell, nor on the client variant of Skylake, but where it is available it pushes us well above 20 bits per cycle:

_mm_ternarylogic_epi64N/A21.923.5

To recap the journey, when measuring bits per cycle, we've got a 25x overall improvement on Broadwell, more than 40x overall improvement on Skylake, and nearly a 50x overall improvement on Ice Lake:

Starting point0.5360.5280.477
2KiB table2.102.152.05
_mm_clmulepi64_si12810.811.012.8
pack60x211.513.215.2
pack60x2_4 and pack60x2_012.613.215.9
_mm_ternarylogic_epi64N/A21.923.5

Intel has an x64 instruction set extension called AMX, meanwhile Apple has a totally different aarch64 instruction set extension also called AMX.

Register file

Intel AMX: 8 tmm registers, each a 16 by 16 matrix of 32-bit elements (technically, each can be configured to be any size - square or rectangular - between 1 by 1 and 16 by 16, though element size is fixed at 32-bits regardless). Total architectural state 8 kilobytes.

Apple AMX: Total architectural state 5 kilobytes, broken down as:

• 8 x registers, each a 64-byte (row) vector
• 8 y registers, each a 64-byte (row or column) vector
• Then z, which can be variously viewed as any of:
• 1 register, a 64 by 64 matrix of 8-bit elements
• 1 register, a 32 by 32 matrix of 32-bit elements
• 2 registers, each a 32 by 32 matrix of 16-bit elements
• 4 registers, each a 16 by 16 matrix of 32-bit elements
• 8 registers, each an 8 by 8 matrix of 64-bit elements
• 64 registers, each a 64-byte row vector

The vectors have 8/16/32/64-bit elements, like regular SIMD registers. Note that Intel AMX does not need vector registers, as Intel already has AVX512 with 64-byte vectors (32 of which are in the AVX512 architectural register file).

Data types

Intel AMX: Multiplicands are always 32-bit, either i8[4] or u8[4] or bf16[2], combined via dot product. Accumulators are always 32-bit, either i32 or u32 or f32.

Apple AMX: Multiplicands are scalars, any of i8 / u8 / i16 / u16 / f16 / f32 / f64. Accumulators are any of i16 / u16 / i32 / u32 / f16 / f32 / f64. Note f16 (i.e. IEEE 754 half-precision with 5-bit exponent and 10-bit fraction) rather than bf16 (8-bit exponent, 7-bit fraction), though bf16 support is added on M2 and later.

Computational operations

Intel AMX: Matrix multiplication of any two tmm registers, accumulating onto a third tmm register. For the multiplication, matrix elements are themselves (very small) vectors, combined via dot product. This is the only operation. Viewed differently, this is doing 16×64 by 64×16 (int8) or 16×32 by 32×16 (bf16) matmul, then adding onto a 16×16 matrix.

Apple AMX: Outer product of any x register with any y register (viewed as a column vector), accumulating onto any (matrix view) z register). For the multiplication, x / y elements are scalars (depending on the data type, this might be viewed as doing 16×1 by 1×16 matmul then adding onto a 16×16 matrix). Alternatively, pointwise product of any x register with any y register (viewed as a row vector), accumulating onto any (vector view) z register. Many more operations as well, though the general theme is {outer or pointwise} {multiplication or addition or subtraction}, possibly followed by right-shift, possibly followed by integer saturation. The most exotic exceptions to the theme are min / max / popcnt.

Memory operations

Intel AMX: Matrix load or store (up to 1 kilobyte), configurable with a base address (register + immediate offset) and a row stride (register or zero, optionally shifted left by 1-3 bits).

Apple AMX: Vector load or store (64 bytes), configurable with a base address (register). Also load or store pair (128 bytes), though the two registers must be consecutive, and the row stride is fixed at 64 bytes, and the base address must be 128-byte aligned. Loads or stores with y effectively give a free vector transpose, as y registers can be viewed as column vectors.

Intel AMX: Each tmm register can be configured to any size - square or rectangular - between 1 by 1 and 16 by 16. This is (mostly) equivalent to saying that a tmm register is always 16 by 16, but has an associated mask on each dimension to only enable some number of leading rows and columns. These per-register masks are architectural state.

Apple AMX: Per-dimension masking is available on a per-instruction basis (though notably not for loads / stores). Available masking modes are: all rows (columns), even/odd rows (columns) only, first N rows (columns) only, last N rows (columns) only, row (column) N only.

Note that both of these approaches are different to Intel's AVX512 approach, which is a separate register file containing 8 mask registers (k0 through k7) and every operation optionally taking a mask register as an input.

Other

Apple AMX contains a very interesting instruction called genlut. In the forward direction ("lookup"), it is somewhere between AVX512's vpshufb and vgatherps. In the backward direction ("generate") it is something like an inverse vpshufb, performing arbitrary 2/3/4/5-bit quantisation. When used in both directions, it can be useful for piecewise linear interpolation, or as an alternative to AVX512's vfpclassps / vfixupimmps.

It is a party trick rather than anything practically useful, but the following four functions all compute the same thing:

uint8_t parity_b(const uint64_t* data, size_t n) {
uint8_t acc = 0;
for (size_t i = 0; i < n; ++i) {
for (size_t j = 0; j < 64; ++j) {
if (data[i] & (1ull << j)) acc ^= 1;
}
}
return acc;
}
uint8_t parity_p(const uint64_t* data, size_t n) {
uint8_t acc = 0;
for (size_t i = 0; i < n; ++i) {
acc += _mm_popcnt_u64(data[i]);
}
return acc & 1;
}
uint8_t parity_x(const uint64_t* data, size_t n) {
uint64_t acc = 0;
for (size_t i = 0; i < n; ++i) {
acc ^= data[i];
}
return _mm_popcnt_u64(acc) & 1;
}
uint8_t parity_c(const uint64_t* data, size_t n) {
uint32_t acc = 0;
for (size_t i = 0; i < n; ++i) {
acc = _mm_crc32_u64(acc, data[i]);
}
return _mm_popcnt_u64(acc) & 1;
}

Going from parity_b to parity_p is an easy step: replace the inner loop with a popcnt. Going from parity_p to parity_x is also an easy step: lift the popcnt out of the loop. Hence it is not too surprising that parity_b and parity_p and parity_x all compute the same thing. The parity_c function is like parity_x, except replacing ^= with crc, and the surprising thing is that parity_c computes the same thing as all the other functions. To understand why, we need to look at the polynomial used by the crc instruction (the CRC32-C polynomial):

This polynomial can be expressed as the product of two separate polynomials:

Accordingly, CRC32-C isn't really a 32-bit checksum, it is really two separate things packed into 32 bits: a 1-bit checksum and a 31-bit checksum. The method of packing is slightly funky, and thus the method of unpacking is also slightly funky: from a mathematical point of view, to get the 1-bit checksum out of the 32-bit value, we need to view the 32-bit value as a Z2 polynomial and then compute the remainder modulo x + 1. This is equivalent to iteratively applying the reduction rule x = 1 until nothing more can be reduced. If we were to start with the 4-bit polynomial b3 * x3 + b2 * x2 + b1 * x + b0 and iteratively apply x = 1, we'd get b3 * 1*1*1 + b2 * 1*1 + b1 * 1 + b0, which is just b3 + b2 + b1 + b0, which is just another way of saying popcnt (mod 2). The same thing is true starting with a 32-bit polynomial: the remainder modulo x + 1 is just popcnt (mod 2). In other words, we can use popcnt to unpack the 1-bit checksum out of the 32-bit value, and a 1-bit checksum is just parity. Hence why parity_c computes the same thing as all the other functions.

This combination of a 1-bit checksum and a 31-bit checksum can be seen as a good thing for checksumming purposes, as the two parts protect against different problems. Notably, every bit-flip in the data being checksummed will invert the 1-bit checksum, and hence any odd number of bit-flips will cause the 1-bit checksum to mismatch. The (ahem) flip-side is that the 1-bit checksum will match for any even number of bit-flips, which is where the 31-bit checksum comes in: it needs to protect against as many even number of bit-flips as possible.

page: 2 3 4 5 6