diff options
| author |  jadep <jade.philipoom@gmail.com> | 2017-06-29 19:56:36 -0400 |
|---|---|---|
| committer | jadep <jade.philipoom@gmail.com> | 2017-06-29 19:56:36 -0400 |
| commit | 90ba013fb9ea849e5a6a87ebf69d306cfc66ebfc (patch) | |
| tree | ff74fc6681bca606d85f082716cdcdeef6307a77 | |
| parent | 6312b9ac8f252dabc190b568c7716d1d3e492b6e (diff) | |
| parent | 300199619d87204a2bd4ea87a98aae2e64668a18 (diff) | |
Merge branch 'addsubchains'
13 files changed, 119 insertions, 104 deletions
diff --git a/src/Arithmetic/MontgomeryReduction/WordByWord/Definition.v b/src/Arithmetic/MontgomeryReduction/WordByWord/Definition.v index d1221d006..f344cb7de 100644 --- a/src/Arithmetic/MontgomeryReduction/WordByWord/Definition.v +++ b/src/Arithmetic/MontgomeryReduction/WordByWord/Definition.v @@ -22,8 +22,8 @@ Section WordByWordMontgomery. (N : T R_numlimbs). Local Notation scmul := (@scmul (Z.pos r)). - Local Notation addT' := (fun n => @Saturated.add (Z.pos r) (S n) n (S n)). - Local Notation addT := (fun n => @Saturated.add (Z.pos r) n n n). + Local Notation addT' := (@Saturated.add_S1 (Z.pos r)). + Local Notation addT := (@Saturated.add (Z.pos r)). Local Notation conditional_sub_cps := (fun V => @conditional_sub_cps (Z.pos r) _ V N _). Local Notation conditional_sub := (fun V => @conditional_sub (Z.pos r) _ V N). Local Notation sub_then_maybe_add_cps := @@ -32,23 +32,23 @@ Section WordByWordMontgomery. Definition redc_body_no_cps (B : T R_numlimbs) (k : Z) {pred_A_numlimbs} (A_S : T (S pred_A_numlimbs) * T (S R_numlimbs)) : T pred_A_numlimbs * T (S R_numlimbs) - := @redc_body T (@divmod) r R_numlimbs (@scmul) addT addT' (@drop_high (S R_numlimbs)) N B k _ A_S. + := @redc_body T (@divmod) r R_numlimbs (@scmul) (@addT) (@addT') (@drop_high (S R_numlimbs)) N B k _ A_S. Definition redc_loop_no_cps (B : T R_numlimbs) (k : Z) (count : nat) (A_S : T count * T (S R_numlimbs)) : T 0 * T (S R_numlimbs) - := @redc_loop T (@divmod) r R_numlimbs (@scmul) addT addT' (@drop_high (S R_numlimbs)) N B k count A_S. + := @redc_loop T (@divmod) r R_numlimbs (@scmul) (@addT) (@addT') (@drop_high (S R_numlimbs)) N B k count A_S. Definition pre_redc_no_cps {A_numlimbs} (A : T A_numlimbs) (B : T R_numlimbs) (k : Z) : T (S R_numlimbs) - := @pre_redc T (@zero) (@divmod) r R_numlimbs (@scmul) addT addT' (@drop_high (S R_numlimbs)) N _ A B k. + := @pre_redc T (@zero) (@divmod) r R_numlimbs (@scmul) (@addT) (@addT') (@drop_high (S R_numlimbs)) N _ A B k. Definition redc_no_cps {A_numlimbs} (A : T A_numlimbs) (B : T R_numlimbs) (k : Z) : T R_numlimbs - := @redc T (@zero) (@divmod) r R_numlimbs (@scmul) addT addT' (@drop_high (S R_numlimbs)) conditional_sub N _ A B k. + := @redc T (@zero) (@divmod) r R_numlimbs (@scmul) (@addT) (@addT') (@drop_high (S R_numlimbs)) conditional_sub N _ A B k. Definition redc_body_cps {pred_A_numlimbs} (A : T (S pred_A_numlimbs)) (B : T R_numlimbs) (k : Z) (S' : T (S R_numlimbs)) {cpsT} (rest : T pred_A_numlimbs * T (S R_numlimbs) -> cpsT) : cpsT := divmod_cps A (fun '(A, a) => - @scmul_cps r _ a B _ (fun aB => @add_cps r _ _ (S R_numlimbs) S' aB _ (fun S1 => + @scmul_cps r _ a B _ (fun aB => @add_cps r _ S' aB _ (fun S1 => divmod_cps S1 (fun '(_, s) => dlet q := fst (Z.mul_split r s k) in - @scmul_cps r _ q N _ (fun qN => @add_cps r _ _ _ S1 qN _ (fun S2 => + @scmul_cps r _ q N _ (fun qN => @add_S1_cps r _ S1 qN _ (fun S2 => divmod_cps S2 (fun '(S3, _) => @drop_high_cps (S R_numlimbs) S3 _ (fun S4 => rest (A, S4))))))))). @@ -85,7 +85,7 @@ Section WordByWordMontgomery. := @opp T (@zero) R_numlimbs (@sub_then_maybe_add) A. Definition add_cps (A B : T R_numlimbs) {cpsT} (rest : T R_numlimbs -> cpsT) : cpsT - := @add_cps r _ _ R_numlimbs A B + := @add_cps r _ A B _ (fun v => conditional_sub_cps v rest). Definition add (A B : T R_numlimbs) : T R_numlimbs := add_cps A B id. diff --git a/src/Arithmetic/MontgomeryReduction/WordByWord/Proofs.v b/src/Arithmetic/MontgomeryReduction/WordByWord/Proofs.v index a55f9cffe..747280fe6 100644 --- a/src/Arithmetic/MontgomeryReduction/WordByWord/Proofs.v +++ b/src/Arithmetic/MontgomeryReduction/WordByWord/Proofs.v @@ -16,8 +16,8 @@ Section WordByWordMontgomery. (R_numlimbs : nat). Local Notation small := (@small (Z.pos r)). Local Notation eval := (@eval (Z.pos r)). - Local Notation addT' := (fun n => @Saturated.add (Z.pos r) (S n) n (S n)). - Local Notation addT := (fun n => @Saturated.add (Z.pos r) n n n). + Local Notation addT' := (@Saturated.add_S1 (Z.pos r)). + Local Notation addT := (@Saturated.add (Z.pos r)). Local Notation scmul := (@scmul (Z.pos r)). Local Notation eval_zero := (@eval_zero (Z.pos r)). Local Notation small_zero := (@small_zero r (Zorder.Zgt_pos_0 _)). @@ -65,7 +65,7 @@ Section WordByWordMontgomery. Qed. Local Lemma small_addT' : forall n a b, small a -> small b -> small (@addT' n a b). Proof. - intros; apply Saturated.small_add; auto; lia. + intros; apply Saturated.small_add_S1; auto; lia. Qed. Local Notation conditional_sub_cps := (fun V : T (S R_numlimbs) => @conditional_sub_cps (Z.pos r) _ V N _). @@ -225,7 +225,7 @@ Section WordByWordMontgomery. Local Notation eval_sub_then_maybe_add := (fun p q smp smq => @eval_sub_then_maybe_add (Z.pos r) (Zorder.Zgt_pos_0 _) _ (Z.pos r - 1) p q N smp smq small_N N_mask). Local Notation small_sub_then_maybe_add := - (fun p q => @small_sub_then_maybe_add (Z.pos r) (Zorder.Zgt_pos_0 _) _ (Z.pos r - 1) p q N). + (fun p q => @small_sub_then_maybe_add (Z.pos r) (*(Zorder.Zgt_pos_0 _)*) _ (Z.pos r - 1) p q N). Definition add_no_cps_bound : 0 <= eval add_no_cps < eval N := @add_bound T (@eval) r R R_numlimbs (@small) (@addT) (@eval_addT) (@small_addT) N N_lt_R (@conditional_sub) (@eval_conditional_sub) Av Bv small_Av small_Bv Av_bound Bv_bound. diff --git a/src/Arithmetic/Saturated.v b/src/Arithmetic/Saturated.v index a7b9e6484..0c059b93d 100644 --- a/src/Arithmetic/Saturated.v +++ b/src/Arithmetic/Saturated.v @@ -674,7 +674,7 @@ Section UniformWeight. B.Positional.eval wt p = B.Positional.eval_from uweight offset p. Proof. cbv [B.Positional.eval_from]. auto using B.Positional.eval_wt_equiv. Qed. - Lemma uweight_eval_from {n} (p:Z^n): forall offset, + Lemma uweight_eval_from {n} (p:Z^n): forall offset, B.Positional.eval_from uweight offset p = uweight offset * B.Positional.eval uweight p. Proof. induction n; intros; cbv [B.Positional.eval_from]; @@ -683,7 +683,7 @@ Section UniformWeight. | _ => destruct p | _ => rewrite B.Positional.eval_unit; [ ] | _ => rewrite B.Positional.eval_step; [ ] - | _ => rewrite IHn; [ ] + | _ => rewrite IHn; [ ] | _ => rewrite eval_from_eq with (offset0:=S offset) by (intros; f_equal; omega) | _ => rewrite eval_from_eq with @@ -735,10 +735,10 @@ Module Positional. | None => op_get_carry | Some x => op_with_carry x end in dlet carry_result := op' (hd p) (hd q) in - chain_op'_cps (Some (fst carry_result)) (tl p) (tl q) _ + chain_op'_cps (Some (snd carry_result)) (tl p) (tl q) _ (fun carry_pq => f (fst carry_pq, - append (snd carry_result) (snd carry_pq))) + append (fst carry_result) (snd carry_pq))) end. Definition chain_op' {n} c p q := @chain_op'_cps n c p q _ id. Definition chain_op_cps {n} p q {T} f := @chain_op'_cps n None p q T f. @@ -760,7 +760,7 @@ Module Positional. Section AddSub. Let eval {n} := B.Positional.eval (n:=n) (uweight s). - + Definition sat_add_cps {n} p q T (f:Z*Z^n->T) := chain_op_cps (op_get_carry := Z.add_get_carry_full s) (op_with_carry := Z.add_with_get_carry_full s) @@ -781,7 +781,7 @@ Module Positional. Lemma small_sat_add n p q : small (snd (@sat_add n p q)). Admitted. - + Definition sat_sub_cps {n} p q T (f:Z*Z^n->T) := chain_op_cps (op_get_carry := Z.sub_get_borrow_full s) (op_with_carry := Z.sub_with_get_borrow_full s) @@ -802,7 +802,7 @@ Module Positional. Lemma small_sat_sub n p q : small (snd (@sat_sub n p q)). Admitted. - + End AddSub. End Positional. End Positional. @@ -847,19 +847,20 @@ Section API. (fun carry_result =>f (snd carry_result)). Definition scmul {n} c p : T (S n) := @scmul_cps n c p _ id. - Definition add_cps {n} (p q: T n) {R} (f:T n->R) := + Definition add_cps {n} (p q: T n) {R} (f:T (S n)->R) := Positional.sat_add_cps (s:=bound) p q _ - (* drops last carry, this relies on bounds *) - (fun carry_result => f (snd carry_result)). - Definition add {n} p q : T n := @add_cps n p q _ id. + (* join the last carry *) + (fun carry_result => Tuple.left_append_cps (fst carry_result) (snd carry_result) f). + Definition add {n} p q : T (S n) := @add_cps n p q _ id. (* Wrappers for additions with slightly uneven limb counts *) - Definition add_S1_cps {n} (p: T (S n)) (q: T n) {R} (f:T (S n)->R) := + Definition add_S1_cps {n} (p: T (S n)) (q: T n) {R} (f:T (S (S n))->R) := join0_cps q (fun Q => add_cps p Q f). - Definition add_S1 {n} p q := @add_S1_cps n p q _ id. - Definition add_S2_cps {n} (p: T n) (q: T (S n)) {R} (f:T (S n)->R) := + Definition add_S1 {n} p q := @add_S1_cps n p q _ id. + Definition add_S2_cps {n} (p: T n) (q: T (S n)) {R} (f:T (S (S n))->R) := join0_cps p (fun P => add_cps P q f). - Definition add_S2 {n} p q := @add_S2_cps n p q _ id. + Definition add_S2 {n} p q := @add_S2_cps n p q _ id. +>>>>>>> addsubchains Definition sub_then_maybe_add_cps {n} mask (p q r : T n) {R} (f:T n -> R) := @@ -923,11 +924,11 @@ Section API. @add_cps n p q R f = f (add p q). Proof. cbv [add_cps add Let_In]. prove_id. Qed. Hint Rewrite add_id : uncps. - + Lemma add_S1_id n p q R f : @add_S1_cps n p q R f = f (add_S1 p q). Proof. cbv [add_S1_cps add_S1 join0_cps]. prove_id. Qed. - + Lemma add_S2_id n p q R f : @add_S2_cps n p q R f = f (add_S2 p q). Proof. cbv [add_S2_cps add_S2 join0_cps]. prove_id. Qed. @@ -1040,7 +1041,7 @@ Section API. pose proof div_correct; pose proof modulo_correct. Lemma eval_add_nz n p q : - n <> 0%nat -> (0 <= eval p + eval q < uweight bound n) -> + n <> 0%nat -> eval (@add n p q) = eval p + eval q. Proof. intros. pose_all. @@ -1053,35 +1054,36 @@ Section API. (rewrite <-!from_list_default_eq with (d:=0); erewrite !length_to_list, !from_list_default_eq, from_list_to_list) - | _ => apply Z.mod_small; omega + | _ => apply Z.mod_small; omega end. - Qed. + Admitted. Lemma eval_add_z n p q : n = 0%nat -> eval (@add n p q) = eval p + eval q. Proof. intros; subst; reflexivity. Qed. - Lemma eval_add n p q (H:0 <= eval p + eval q < uweight bound n) + Lemma eval_add n p q : eval (@add n p q) = eval p + eval q. Proof. destruct (Nat.eq_dec n 0%nat); intuition auto using eval_add_z, eval_add_nz. Qed. - Lemma eval_add_same n p q (H:0 <= eval p + eval q < uweight bound n) + Lemma eval_add_same n p q : eval (@add n p q) = eval p + eval q. Proof. apply eval_add; omega. Qed. - Lemma eval_add_S1 n p q (H:0 <= eval p + eval q < uweight bound (S n)) + Lemma eval_add_S1 n p q : eval (@add_S1 n p q) = eval p + eval q. Proof. cbv [add_S1 add_S1_cps]. autorewrite with uncps push_id. - rewrite eval_add; rewrite eval_join0; [reflexivity|assumption]. - Qed. - Lemma eval_add_S2 n p q (H:0 <= eval p + eval q < uweight bound (S n)) + (*rewrite eval_add; rewrite eval_join0; [reflexivity|assumption].*) + Admitted. + Lemma eval_add_S2 n p q : eval (@add_S2 n p q) = eval p + eval q. Proof. cbv [add_S2 add_S2_cps]. autorewrite with uncps push_id. - rewrite eval_add; rewrite eval_join0; [reflexivity|assumption]. - Qed. + (*rewrite eval_add; rewrite eval_join0; [reflexivity|assumption].*) + Admitted. +>>>>>>> addsubchains Hint Rewrite eval_add_same eval_add_S1 eval_add_S2 using (omega || assumption): push_basesystem_eval. Lemma uweight_le_mono n m : (n <= m)%nat -> @@ -1142,13 +1144,35 @@ Section API. Qed. Lemma small_add n a b : - (2 <= bound) -> + (2 <= bound) -> small a -> small b -> small (@add n a b). Proof. intros. pose_all. cbv [add_cps add Let_In]. autorewrite with uncps push_id. apply Positional.small_sat_add. + (*apply Positional.small_sat_add.*) + Admitted. + + Lemma small_add_S1 n a b : + (2 <= bound) -> + small a -> small b -> small (@add_S1 n a b). + Proof. + intros. pose_all. + cbv [add_cps add add_S1 Let_In]. + autorewrite with uncps push_id. + (*apply Positional.small_sat_add.*) + Admitted. + + Lemma small_add_S2 n a b : + (2 <= bound) -> + small a -> small b -> small (@add_S2 n a b). + Proof. + intros. pose_all. + cbv [add_cps add add_S2 Let_In]. + autorewrite with uncps push_id. + (*apply Positional.small_sat_add.*) +>>>>>>> addsubchains Admitted. Lemma small_left_tl n (v:T (S n)) : small v -> small (left_tl v). @@ -1370,7 +1394,7 @@ Section API. End Proofs. End API. -Hint Rewrite nonzero_id join0_id divmod_id drop_high_id scmul_id add_id sub_then_maybe_add_id conditional_sub_id : uncps. +Hint Rewrite nonzero_id join0_id divmod_id drop_high_id scmul_id add_id add_S1_id add_S2_id sub_then_maybe_add_id conditional_sub_id : uncps. (* (* Just some pretty-printing *) diff --git a/src/Specific/IntegrationTestMontgomeryP256_128Display.log b/src/Specific/IntegrationTestMontgomeryP256_128Display.log index ff714ff16..5a9182d47 100644 --- a/src/Specific/IntegrationTestMontgomeryP256_128Display.log +++ b/src/Specific/IntegrationTestMontgomeryP256_128Display.log @@ -32,10 +32,9 @@ Interp-η uint8_t x89 = x88 + x64; uint128_t x91, uint8_t x92 = subborrow_u128(0x0, x84, 0xffffffffffffffffffffffffL); uint128_t x94, uint8_t x95 = subborrow_u128(x92, x87, 0xffffffff000000010000000000000000L); - ℤ x96 = Op (Syntax.Opp (Syntax.TWord 3) Syntax.TZ) (Return x95); - uint128_t _, ℤ x99 = addcarryx_u128ℤ(0x0, x96, x89); - uint128_t x100 = x99 == 0 ? x94 : x87; - uint128_t x101 = x99 == 0 ? x91 : x84; - return (x100, x101)) + uint128_t _, uint8_t x98 = subborrow_u128(x95, x89, 0x0); + uint128_t x99 = x98 == 0 ? x94 : x87; + uint128_t x100 = x98 == 0 ? x91 : x84; + return (x99, x100)) (x, x0)%core : word128 * word128 → word128 * word128 → ReturnType (uint128_t * uint128_t) diff --git a/src/Specific/IntegrationTestMontgomeryP256_128_AddDisplay.log b/src/Specific/IntegrationTestMontgomeryP256_128_AddDisplay.log index ea170fc85..3c1716a73 100644 --- a/src/Specific/IntegrationTestMontgomeryP256_128_AddDisplay.log +++ b/src/Specific/IntegrationTestMontgomeryP256_128_AddDisplay.log @@ -6,10 +6,9 @@ Interp-η uint128_t x12, uint8_t x13 = addcarryx_u128(x10, x4, x6); uint128_t x15, uint8_t x16 = subborrow_u128(0x0, x9, 0xffffffffffffffffffffffffL); uint128_t x18, uint8_t x19 = subborrow_u128(x16, x12, 0xffffffff000000010000000000000000L); - ℤ x20 = Op (Syntax.Opp (Syntax.TWord 3) Syntax.TZ) (Return x19); - uint128_t _, ℤ x23 = addcarryx_u128ℤ(0x0, x20, x13); - uint128_t x24 = x23 == 0 ? x18 : x12; - uint128_t x25 = x23 == 0 ? x15 : x9; - return (x24, x25)) + uint128_t _, uint8_t x22 = subborrow_u128(x19, x13, 0x0); + uint128_t x23 = x22 == 0 ? x18 : x12; + uint128_t x24 = x22 == 0 ? x15 : x9; + return (x23, x24)) (x, x0)%core : word128 * word128 → word128 * word128 → ReturnType (uint128_t * uint128_t) diff --git a/src/Specific/IntegrationTestMontgomeryP256_128_OppDisplay.log b/src/Specific/IntegrationTestMontgomeryP256_128_OppDisplay.log index 4e8fe5a50..50c41e1af 100644 --- a/src/Specific/IntegrationTestMontgomeryP256_128_OppDisplay.log +++ b/src/Specific/IntegrationTestMontgomeryP256_128_OppDisplay.log @@ -6,12 +6,9 @@ Interp-η uint128_t x7, uint8_t x8 = subborrow_u128(x5, 0x0, x1); uint128_t x9 = (uint128_t) (x8 == 0 ? 0x0 : 0xffffffffffffffffffffffffffffffffL); uint128_t x10 = x9 & 0xffffffffffffffffffffffffL; - uint128_t x12, uint8_t x13 = addcarryx_u128(0x0, x4, x10); + uint128_t x12, uint8_t x13 = subborrow_u128(0x0, x4, x10); uint128_t x14 = x9 & 0xffffffff000000010000000000000000L; - uint256_t x15 = 0x100000000000000000000000000000000L * x8; - ℤ x16 = Op (Syntax.Opp (Syntax.TWord 8) Syntax.TZ) (Return x15); - uint128_t x18, ℤ _ = addcarryx_u128ℤ(x7, x16, x14); - uint128_t x21, uint8_t _ = addcarryx_u128(0x0, x13, x18); - (Return x21, Return x12)) + uint128_t x16, uint8_t _ = subborrow_u128(x13, x7, x14); + (Return x16, Return x12)) x : word128 * word128 → ReturnType (uint128_t * uint128_t) diff --git a/src/Specific/IntegrationTestMontgomeryP256_128_SubDisplay.log b/src/Specific/IntegrationTestMontgomeryP256_128_SubDisplay.log index 576f0c6be..07579501c 100644 --- a/src/Specific/IntegrationTestMontgomeryP256_128_SubDisplay.log +++ b/src/Specific/IntegrationTestMontgomeryP256_128_SubDisplay.log @@ -6,12 +6,9 @@ Interp-η uint128_t x12, uint8_t x13 = subborrow_u128(x10, x4, x6); uint128_t x14 = (uint128_t) (x13 == 0 ? 0x0 : 0xffffffffffffffffffffffffffffffffL); uint128_t x15 = x14 & 0xffffffffffffffffffffffffL; - uint128_t x17, uint8_t x18 = addcarryx_u128(0x0, x9, x15); + uint128_t x17, uint8_t x18 = subborrow_u128(0x0, x9, x15); uint128_t x19 = x14 & 0xffffffff000000010000000000000000L; - uint256_t x20 = 0x100000000000000000000000000000000L * x13; - ℤ x21 = Op (Syntax.Opp (Syntax.TWord 8) Syntax.TZ) (Return x20); - uint128_t x23, ℤ _ = addcarryx_u128ℤ(x12, x21, x19); - uint128_t x26, uint8_t _ = addcarryx_u128(0x0, x18, x23); - (Return x26, Return x17)) + uint128_t x21, uint8_t _ = subborrow_u128(x18, x12, x19); + (Return x21, Return x17)) (x, x0)%core : word128 * word128 → word128 * word128 → ReturnType (uint128_t * uint128_t) diff --git a/src/Specific/MontgomeryP256_128.v b/src/Specific/MontgomeryP256_128.v index 086a454e8..323be5533 100644 --- a/src/Specific/MontgomeryP256_128.v +++ b/src/Specific/MontgomeryP256_128.v @@ -34,7 +34,7 @@ Definition mulmod_256' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. (* cbv [ r wt sz p256 @@ -42,9 +42,10 @@ Proof. CPSUtil.to_list_cps CPSUtil.to_list'_cps CPSUtil.to_list_cps' CPSUtil.flat_map_cps CPSUtil.fold_right_cps CPSUtil.map_cps CPSUtil.Tuple.left_append_cps CPSUtil.firstn_cps CPSUtil.combine_cps CPSUtil.on_tuple_cps CPSUtil.update_nth_cps CPSUtil.from_list_default_cps CPSUtil.from_list_default'_cps fst snd length List.seq List.hd List.app - redc redc_cps redc_loop_cps redc_body_cps + redc pre_redc_cps redc_cps redc_loop_cps redc_body_cps Positional.to_associational_cps Saturated.divmod_cps + Saturated.conditional_sub_cps Saturated.scmul_cps Saturated.uweight Saturated.Columns.mul_cps @@ -52,13 +53,19 @@ Proof. (*Z.of_nat Pos.of_succ_nat Nat.pred Z.pow Z.pow_pos Z.mul Pos.iter Pos.mul Pos.succ*) Tuple.hd Tuple.append Tuple.tl Tuple.hd' Tuple.tl' CPSUtil.Tuple.left_tl_cps CPSUtil.Tuple.left_hd_cps CPSUtil.Tuple.hd_cps CPSUtil.Tuple.tl_cps + CPSUtil.Tuple.map2_cps Saturated.Columns.from_associational_cps Saturated.Associational.multerm_cps + Saturated.Positional.sat_add_cps + Saturated.Positional.sat_sub_cps + Saturated.Positional.chain_op_cps + Saturated.Positional.chain_op'_cps Saturated.Columns.compact_cps Saturated.Columns.compact_step_cps Saturated.Columns.compact_digit_cps Saturated.drop_high_cps Saturated.add_cps + Saturated.add_S1_cps Saturated.Columns.add_cps Saturated.Columns.cons_to_nth_cps Nat.pred @@ -138,7 +145,7 @@ Definition add' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. @@ -149,7 +156,7 @@ Definition sub' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. @@ -160,7 +167,7 @@ Definition opp' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift1_sig (fun A c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. diff --git a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256Display.log b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256Display.log index 3c47f3fc9..1dc1b7ba3 100644 --- a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256Display.log +++ b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256Display.log @@ -104,12 +104,11 @@ Interp-η uint64_t x308, uint8_t x309 = subborrow_u64(x306, x295, 0xffffffff); uint64_t x311, uint8_t x312 = subborrow_u64(x309, x298, 0x0); uint64_t x314, uint8_t x315 = subborrow_u64(x312, x301, 0xffffffff00000001L); - ℤ x316 = Op (Syntax.Opp (Syntax.TWord 3) Syntax.TZ) (Return x315); - uint64_t _, ℤ x319 = addcarryx_u64ℤ(0x0, x316, x303); - uint64_t x320 = x319 == 0 ? x314 : x301; - uint64_t x321 = x319 == 0 ? x311 : x298; - uint64_t x322 = x319 == 0 ? x308 : x295; - uint64_t x323 = x319 == 0 ? x305 : x292; - return (x320, x321, x322, x323)) + uint64_t _, uint8_t x318 = subborrow_u64(x315, x303, 0x0); + uint64_t x319 = x318 == 0 ? x314 : x301; + uint64_t x320 = x318 == 0 ? x311 : x298; + uint64_t x321 = x318 == 0 ? x308 : x295; + uint64_t x322 = x318 == 0 ? x305 : x292; + return (x319, x320, x321, x322)) (x, x0)%core : word64 * word64 * word64 * word64 → word64 * word64 * word64 * word64 → ReturnType (uint64_t * uint64_t * uint64_t * uint64_t) diff --git a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_AddDisplay.log b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_AddDisplay.log index 0f46e27f6..e6498cf83 100644 --- a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_AddDisplay.log +++ b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_AddDisplay.log @@ -10,12 +10,11 @@ Interp-η uint64_t x32, uint8_t x33 = subborrow_u64(x30, x20, 0xffffffff); uint64_t x35, uint8_t x36 = subborrow_u64(x33, x23, 0x0); uint64_t x38, uint8_t x39 = subborrow_u64(x36, x26, 0xffffffff00000001L); - ℤ x40 = Op (Syntax.Opp (Syntax.TWord 3) Syntax.TZ) (Return x39); - uint64_t _, ℤ x43 = addcarryx_u64ℤ(0x0, x40, x27); - uint64_t x44 = x43 == 0 ? x38 : x26; - uint64_t x45 = x43 == 0 ? x35 : x23; - uint64_t x46 = x43 == 0 ? x32 : x20; - uint64_t x47 = x43 == 0 ? x29 : x17; - return (x44, x45, x46, x47)) + uint64_t _, uint8_t x42 = subborrow_u64(x39, x27, 0x0); + uint64_t x43 = x42 == 0 ? x38 : x26; + uint64_t x44 = x42 == 0 ? x35 : x23; + uint64_t x45 = x42 == 0 ? x32 : x20; + uint64_t x46 = x42 == 0 ? x29 : x17; + return (x43, x44, x45, x46)) (x, x0)%core : word64 * word64 * word64 * word64 → word64 * word64 * word64 * word64 → ReturnType (uint64_t * uint64_t * uint64_t * uint64_t) diff --git a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_OppDisplay.log b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_OppDisplay.log index 0b94a81ce..b76a34a56 100644 --- a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_OppDisplay.log +++ b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_OppDisplay.log @@ -8,15 +8,12 @@ Interp-η uint64_t x17, uint8_t x18 = subborrow_u64(x15, 0x0, x5); uint64_t x19 = (uint64_t) (x18 == 0 ? 0x0 : 0xffffffffffffffffL); uint64_t x20 = x19 & 0xffffffffffffffffL; - uint64_t x22, uint8_t x23 = addcarryx_u64(0x0, x8, x20); + uint64_t x22, uint8_t x23 = subborrow_u64(0x0, x8, x20); uint64_t x24 = x19 & 0xffffffff; - uint64_t x26, uint8_t x27 = addcarryx_u64(x23, x11, x24); - uint64_t x29, uint8_t x30 = addcarryx_u64(x27, x14, 0x0); + uint64_t x26, uint8_t x27 = subborrow_u64(x23, x11, x24); + uint64_t x29, uint8_t x30 = subborrow_u64(x27, x14, 0x0); uint64_t x31 = x19 & 0xffffffff00000001L; - uint128_t x32 = 0x10000000000000000L * x18; - ℤ x33 = Op (Syntax.Opp (Syntax.TWord 7) Syntax.TZ) (Return x32); - uint64_t x35, ℤ _ = addcarryx_u64ℤ(x17, x33, x31); - uint64_t x38, uint8_t _ = addcarryx_u64(0x0, x30, x35); - (Return x38, Return x29, Return x26, Return x22)) + uint64_t x33, uint8_t _ = subborrow_u64(x30, x17, x31); + (Return x33, Return x29, Return x26, Return x22)) x : word64 * word64 * word64 * word64 → ReturnType (uint64_t * uint64_t * uint64_t * uint64_t) diff --git a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_SubDisplay.log b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_SubDisplay.log index 9b301c678..de068350b 100644 --- a/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_SubDisplay.log +++ b/src/Specific/NISTP256/AMD64/IntegrationTestMontgomeryP256_SubDisplay.log @@ -8,15 +8,12 @@ Interp-η uint64_t x26, uint8_t x27 = subborrow_u64(x24, x8, x14); uint64_t x28 = (uint64_t) (x27 == 0 ? 0x0 : 0xffffffffffffffffL); uint64_t x29 = x28 & 0xffffffffffffffffL; - uint64_t x31, uint8_t x32 = addcarryx_u64(0x0, x17, x29); + uint64_t x31, uint8_t x32 = subborrow_u64(0x0, x17, x29); uint64_t x33 = x28 & 0xffffffff; - uint64_t x35, uint8_t x36 = addcarryx_u64(x32, x20, x33); - uint64_t x38, uint8_t x39 = addcarryx_u64(x36, x23, 0x0); + uint64_t x35, uint8_t x36 = subborrow_u64(x32, x20, x33); + uint64_t x38, uint8_t x39 = subborrow_u64(x36, x23, 0x0); uint64_t x40 = x28 & 0xffffffff00000001L; - uint128_t x41 = 0x10000000000000000L * x27; - ℤ x42 = Op (Syntax.Opp (Syntax.TWord 7) Syntax.TZ) (Return x41); - uint64_t x44, ℤ _ = addcarryx_u64ℤ(x26, x42, x40); - uint64_t x47, uint8_t _ = addcarryx_u64(0x0, x39, x44); - (Return x47, Return x38, Return x35, Return x31)) + uint64_t x42, uint8_t _ = subborrow_u64(x39, x26, x40); + (Return x42, Return x38, Return x35, Return x31)) (x, x0)%core : word64 * word64 * word64 * word64 → word64 * word64 * word64 * word64 → ReturnType (uint64_t * uint64_t * uint64_t * uint64_t) diff --git a/src/Specific/NISTP256/AMD64/MontgomeryP256.v b/src/Specific/NISTP256/AMD64/MontgomeryP256.v index d90a63bfb..ae5a3cb43 100644 --- a/src/Specific/NISTP256/AMD64/MontgomeryP256.v +++ b/src/Specific/NISTP256/AMD64/MontgomeryP256.v @@ -34,7 +34,7 @@ Definition mulmod_256' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. (* cbv [ r wt sz p256 @@ -139,7 +139,7 @@ Definition add' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. @@ -150,7 +150,7 @@ Definition sub' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift2_sig (fun A B c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. @@ -161,7 +161,7 @@ Definition opp' : { f:Tuple.tuple Z sz -> Tuple.tuple Z sz }. Proof. eapply (lift1_sig (fun A c => c = _)); eexists. - cbv -[Definitions.Z.add_get_carry Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. + cbv -[Definitions.Z.add_with_get_carry Definitions.Z.add_with_carry Definitions.Z.sub_with_get_borrow Definitions.Z.sub_with_borrow Definitions.Z.mul_split_at_bitwidth Definitions.Z.zselect runtime_add runtime_mul runtime_and runtime_opp Let_In]. reflexivity. Defined. |