A fairly common pattern in the binary., with varied magic numbers, appears as follows:
uint64_t tsc_mult = __readtsc64() * 0xa7c0d228df246425
uint64_t operand = (0x5ee3610225d96522 + tsc_mult) u>> 45
uint64_t shift = (0x5ee3610225d96522 + tsc_mult) u>> 59
if (
ror.d(
((0x5ee3610225d96522 + tsc_mult) >> 27).d ^ operand.d,
shift.b
) <= 0x16041cf
)
{ ... }
With a simple simulation, pursuant to:
#include <stdio.h>
#include <stdint.h>
#include <inttypes.h>
#include <math.h>
#include <limits.h>
static const uint64_t multiplicand = 0xa7c0d228df246425;
static const uint64_t addend = 0x5ee3610225d96522;
/* defns. omitted for brevity */
static inline uint32_t rotl32 (uint32_t n, unsigned int c);
static inline uint32_t rotr32 (uint32_t n, unsigned int c);
int
main (void)
{
uint64_t cnt_branch_taken = 0;
for (uint64_t i = 0; i < pow(2, 64) - 1; ++i)
{
uint64_t mult = i * multiplicand;
uint64_t operand = (addend + mult) >> 45;
uint64_t shift = (addend + mult) >> 59;
if (rotr32 ( (uint32_t)((addend + mult) >> 27) ^ (uint32_t)operand, (uint8_t)shift) <= 0x16041cf)
cnt_branch_taken++;
}
printf ("probability of branch being taken: %f\n", cnt_branch_taken / (pow (2,64)-1));
return 0;
}
We gather that there's about a 0.54% (around 1 in 185) chance of the branch evaluating true: this may be a way to probabilistically guarantee that the positive branch will evaluate at least every now and then, as opposed to a fixed interval.
Further testing could conclude how this probability is concretely affected by the parameters, such as the magic-number multiplicands and the threshold (0x16041cf in the sample,) although assuming that ((addend + mult) >> 27) ^ operand is uniformly distributed over the [0, 2**37) range, then it should follow that the threshold is proportionate to the probability of a positive branch hit.