[glangdale]

Pretty much every instruction that doesn't start with the name of some known crypto algorithm (and maybe some that do) are useful for general-purpose stuff. I've had a good deal of success making Intel's GFNI do "weird off-label things" (bit-matrix transpose and a lot of the missing byte shift/rotate operations just scratches the surface). CLMUL is a good one for all sorts of things, as it can be used for XOR-parallel-prefix (we used it to detect quote pairs in simdjson).

I don't know whether I resent crypto because it gets the cool instructions at low latency because it's so important, or whether I love it due to the fact that even the "leavings at the crypto table" are computationally useful.

[nullc]

Stockholm syndrome, CPU makers have been needlessly starving us of highly useful bit manipulation and finite field operations ... so you're very thankful for what you get. :)

Base RISCV even lacks CLZ/popcount -- so it's a step backward from other popular architectures.

That said the stuff in bitmanip and crypto looks pretty good, so if they actually end up in chips that will be nice. On the other hand it's not clear how much awesome code will get written really exploiting them when they aren't everywhere-- which is probably why we're in this situation to begin with.

[glangdale]

Maybe you're right, although 'Stockholm syndrome' feels a bit strong.

Agreed that stuff like CLZ/popcount/rotate etc should not be tucked away in a weird extension. I'm a bit alarmed at RISC-V's tendency to fragment into a gazillion subsets (the argument is that it's better to at least define the subsets rather than have a nightmare of incompatible and overlapping extensions, but still).