Critical issue: aHash's specialized hash is constant value 7161677110969590627 on ARM #166

orlp · 2023-10-17T10:40:55Z

The AES intrinsics are not correctly implemented on ARM. These are the implementations (stripped of compiler directives for posterity):

pub(crate) fn aesenc_x86(value: u128, xor: u128) -> u128 {
    use core::arch::x86_64::*;
    unsafe {
        let value = transmute(value);
        transmute(_mm_aesenc_si128(value, transmute(xor)))
    }
}

pub(crate) fn aesenc_arm(value: u128, xor: u128) -> u128 {
    use core::arch::aarch64::*;
    unsafe {
        let value = transmute(value);
        transmute(vaesmcq_u8(vaeseq_u8(value, transmute(xor))))
    }
}

In detail, we see the following intrinsic for x86:

_mm_aesenc_si128(value, transmute(xor))

This is xor ^ MixColumns(SubBytes(ShiftRows(value))). For ARM on the other hand we have:

vaesmcq_u8(vaeseq_u8(value, transmute(xor)))

This is MixColumns(SubBytes(ShiftRows(xor ^ value))).

This difference goes wrong in a nuclear fashion in the final step of the specialized hash:

#[cfg(feature = "specialize")]
fn short_finish(&self) -> u64 {
    let combined = aesdec(self.sum, self.enc);
    let result: [u64; 2] = aesenc(combined, combined).convert();
    result[0]
}

The first step of aesenc(combined, combined) on ARM is combined ^ combined, which simplifies to... the constant 0. That is, aHash's specialized hash implementation used by hash_one on ARM is always a constant value.

The text was updated successfully, but these errors were encountered:

tkaitchuck/aHash#196 bumped the MSRV of `ahash` in a patch release, which makes it rather difficult for us to have it as a dependency. Further, it seems that `ahash` hasn't been particularly robust in the past, notably tkaitchuck/aHash#163 and tkaitchuck/aHash#166. Luckily, `core` provides `SipHasher` even on no-std (sadly its SipHash-2-4 unlike the SipHash-1-3 used by the `DefaultHasher` in `std`). Thus, we drop the `ahash` dependency entirely here and simply wrap `SipHasher` for our `no-std` HashMaps.

This was referenced Oct 17, 2023

Fix AES intrinsics on ARM #167

Merged

fix: patch broken aHash AES intrinsics on ARM pola-rs/polars#11801

Merged

ritchie46 mentioned this issue Oct 18, 2023

Upgrade pyo3 to 0.20 pola-rs/pyo3-polars#35

Merged

jedisct1 mentioned this issue Oct 18, 2023

ahash shouldn't be the default Hasher rust-lang/hashbrown#473

Open

tkaitchuck closed this as completed Oct 20, 2023

ritchie46 mentioned this issue Oct 21, 2023

higher-ranked lifetime compile error when building parquet.rs pola-rs/polars#11903

Closed

2 tasks

TheBlueMatt mentioned this issue Feb 12, 2024

Drop the ahash dependency lightningdevkit/rust-lightning#2891

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Critical issue: aHash's specialized hash is constant value 7161677110969590627 on ARM #166

Critical issue: aHash's specialized hash is constant value 7161677110969590627 on ARM #166

orlp commented Oct 17, 2023 •

edited

Loading

Critical issue: aHash's specialized hash is constant value 7161677110969590627 on ARM #166

Critical issue: aHash's specialized hash is constant value 7161677110969590627 on ARM #166

Comments

orlp commented Oct 17, 2023 • edited Loading

orlp commented Oct 17, 2023 •

edited

Loading