Java 默认情况下启用 AES-NI 内在函数?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23058309/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AES-NI intrinsics enabled by default?
提问by Maarten Bodewes
Oracle has this to say about Java 8 with regards to AES-NI:
关于 AES-NI,Oracle 对 Java 8 有这样的说法:
Hardware intrinsics were added to use Advanced Encryption Standard (AES). The UseAES and UseAESIntrinsics flags are available to enable the hardware-based AES intrinsics for Intel hardware. The hardware must be 2010 or newer Westmere hardware. For example, to enable hardware AES, use the following flags:
-XX:+UseAES -XX:+UseAESIntrinsicsTo disable hardware AES use the following flags:
-XX:-UseAES -XX:-UseAESIntrinsics
添加了硬件内在函数以使用高级加密标准 (AES)。UseAES 和 UseAESIntrinsics 标志可用于为 Intel 硬件启用基于硬件的 AES 内在函数。硬件必须是 2010 或更新的 Westmere 硬件。例如,要启用硬件 AES,请使用以下标志:
-XX:+UseAES -XX:+UseAESIntrinsics要禁用硬件 AES,请使用以下标志:
-XX:-UseAES -XX:-UseAESIntrinsics
But it does not indicate if AES intrinsics are enabled by default (for processors that support it). So the question is simple: if the processor supports AES-NI, are AES intrinsics used?
但它并不表示默认情况下是否启用 AES 内在函数(对于支持它的处理器)。所以问题很简单:如果处理器支持 AES-NI,是否使用了 AES 内在函数?
Bonus question: is there any way to test if AES-NI is being used? I guess you can guess based on performance, but that's not an optimal or sure fire way of testing.
额外问题:有没有办法测试是否正在使用 AES-NI?我想您可以根据性能进行猜测,但这不是最佳或可靠的测试方式。
For readerS that are not familiar with AES-NI intrinsics: it's replacing byte code with pre-compiled machine code, using the AES-NI instruction set. This happens by the JVM, so it does not show up in the API of the Java runtime or bytecode.
对于不熟悉 AES-NI 内在函数的读者:它使用 AES-NI 指令集用预编译的机器代码替换字节码。这是由 JVM 发生的,因此它不会出现在 Java 运行时的 API 或字节码中。
采纳答案by eckes
The flag has a default of true and it will be set to false if the detection fails, so you can simply use +PrintFlagsFinal to see if it is used:
该标志的默认值为 true,如果检测失败,它将被设置为 false,因此您可以简单地使用 +PrintFlagsFinal 来查看它是否被使用:
My Laptop withoutAES-NI:
我的没有AES-NI 的笔记本电脑:
C:\>"C:\Program Files\Java\jdk1.7.0_51\bin\java" -XX:+PrintFlagsFinal -version | find "UseAES"
bool UseAES = false {product}
bool UseAESIntrinsics = false {product}
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
Same on Desktop withAES-NI:
在桌面上使用AES-NI 相同:
C:\>"C:\Program Files\Java\jdk7\bin\java" -XX:+PrintFlagsFinal -version | find "AES"
bool UseAES = true {product}
bool UseAESIntrinsics = true {product}
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.51-b03, mixed mode)
C:\>"C:\Program Files (x86)\Java\jre7\bin\java" -XX:+PrintFlagsFinal -version | find "AES"
bool UseAES = true {product}
bool UseAESIntrinsics = true {product}
java version "1.7.0_51"
Java(TM) SE Runtime Environment (build 1.7.0_51-b13)
Java HotSpot(TM) Client VM (build 24.51-b03, mixed mode, sharing)
So, it works for both x64 and i686 (WOW64) with recent Java 7. The feature was introduced with https://bugs.openjdk.java.net/browse/JDK-7184394and backported to 7u40 and 7u45.
因此,它适用于带有最新 Java 7 的 x64 和 i686 (WOW64)。该功能是通过https://bugs.openjdk.java.net/browse/JDK-7184394引入的,并已向后移植到 7u40 和 7u45。
Important: AES-NI may only be available on the server VM.
重要提示:AES-NI 可能仅在服务器 VM上可用。
This was acknowledged by Oracle after a bug report was filed. This vital piece of information was missing when they created the featues list of Java 8 where it was introduced (it later got backported to 7 as well). The server VM can be explicitly choosen by providing the -serveroption on the javaor javawcommand line.
在提交错误报告后,Oracle 承认了这一点。当他们创建 Java 8 的特性列表时,这条重要的信息丢失了(它后来也被反向移植到了 7)。可以通过-server在java或javaw命令行上提供选项来明确选择服务器 VM 。
回答by user30622
Can't comment (stupid SO rules more than 50 credits required!). This mailthread from openjdksays, all AES intrinsics are enabled by default. Although I'm not certain how much of the Oracle core VM code shares with openjdk. If you read the whole thread, they also discuss about challenges on 32-bit VMs, that probably explains your problem with your second test run.
无法评论(愚蠢的 SO 规定需要超过 50 个学分!)。这个来自 openjdk 的邮件线程说,默认情况下所有 AES 内在函数都是启用的。虽然我不确定有多少 Oracle 核心 VM 代码与 openjdk 共享。如果您阅读整篇文章,他们还会讨论 32 位 VM 上的挑战,这可能解释了您在第二次测试运行时遇到的问题。
- Regarding your test (sorry, can't comment), don't you think the differences in the CPUs make a big difference? Core i7's are quadcore and have better clock speeds in general. Wouldn't that have made a difference ? I guess that shift from 21s (core i5, 32bitVM, AES-NI off) to 8s (core i7, 64bitVM, AES-NI off) is the difference between i5 and i7.
- The improvement from 8s to 3s, although not 7 fold, is indeed worth a 'Yipes'! :)
- Regarding the detection mechanism - there doesn't seem to be a straightforward way. JVM throws a warning "AES intrinsics not available on this CPU" if you enabled the flags, and if it cannot find AES support - as per this bug report.
- 关于你的测试(对不起,不能评论),你不认为 CPU 的差异有很大的不同吗?Core i7 是四核,通常具有更好的时钟速度。那不会有所作为吗?我想从 21s(核心 i5、32bitVM、AES-NI 关闭)到 8s(核心 i7、64bitVM、AES-NI 关闭)的转变是 i5 和 i7 之间的区别。
- 从8s到3s的提升,虽然不是7倍,但确实值得一赞!:)
- 关于检测机制 - 似乎没有直接的方法。如果您启用了这些标志,并且无法找到 AES 支持,JVM 将抛出警告“AES 内在函数在此 CPU 上不可用” -根据此错误报告。
