FiloSottile
commented
1 month ago We should give the same treatment to CLMUL (Westmere+), AES-NI (Haswell+), BMI2 (Haswell+), and maybe even ADX (Broadwell+).
P.S. Note that AES-NI and AVX-2 were missing from Pentium and Celeron Haswells, and became universal later, in Goldmont and Tiger Lake respectively.
AVX2 was introduced in 2013 by the Haswell architecture, and was supported by all server models and most desktop models. The previous architectures, Ivy Bridge and Sandy Bridge, were discontinued in 2015.
We carry at least four assembly optimized implementations specifically for pre-AVX2 amd64: crypto/sha1, crypto/sha256, crypto/512, and x/crypto/chacha20poly1305. (In other words, we have both AVX2 and pre-AVX2 assembly for each of those.) I don't think at this point they are worth their maintenance cost. Performance sensitive workloads are almost certainly running on post-2015 processors.
I think we should drop those assembly implementations and replace them with the generic Go ones. To be clear, we'll still support pre-AVX2 machines, they will just be less optimized.
/cc @golang/security @cpu