make NO_CARRY a const param now, instantiate fns for each # $limbs

jon-chuang · jon-chuang · commit 295dc5f387d8 · 2021-01-21T16:55:51.000+08:00
diff --git a/ff/Cargo.toml b/ff/Cargo.toml
@@ -23,6 +23,7 @@ num-traits = { version = "0.2", default-features = false }
 rand = { version = "0.7", default-features = false }
 rayon = { version = "1", optional = true }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }
+paste = "1.0.4"
 
 [build-dependencies]
 rustc_version = "0.3"
diff --git a/ff/src/biginteger/mod.rs b/ff/src/biginteger/mod.rs
@@ -23,13 +23,13 @@ pub struct BigInt<const N: usize>(pub [u64; N]);
 
 impl<const N: usize> Default for BigInt<N> {
     fn default() -> Self {
-        BigInt::<N>([0u64; N])
+        Self([0u64; N])
     }
 }
 
 impl<const N: usize> BigInt<N> {
     pub const fn new(value: [u64; N]) -> Self {
-        BigInt::<N>(value)
+        Self(value)
     }
 }
 
diff --git a/ff/src/fields/arithmetic.rs b/ff/src/fields/arithmetic.rs
@@ -6,52 +6,28 @@
 /// zero bit in the rest of the modulus.
 macro_rules! impl_field_mul_assign {
     ($limbs:expr) => {
-        #[inline]
-        #[ark_ff_asm::unroll_for_loops]
-        fn mul_assign(&mut self, other: &Self) {
-            // Checking the modulus at compile time
-            let first_bit_set = P::MODULUS.0[$limbs - 1] >> 63 != 0;
-            // $limbs can be 1, hence we can run into a case with an unused mut.
-            #[allow(unused_mut)]
-            let mut all_bits_set = P::MODULUS.0[$limbs - 1] == !0 - (1 << 63);
-            for i in 1..$limbs {
-                all_bits_set &= P::MODULUS.0[$limbs - i - 1] == !0u64;
-            }
-            let _no_carry: bool = !(first_bit_set || all_bits_set);
-
-            // No-carry optimisation applied to CIOS
-            if _no_carry {
-                #[cfg(use_asm)]
-                #[allow(unsafe_code, unused_mut)]
-                {
-                    // Tentatively avoid using assembly for `$limbs == 1`.
-                    if $limbs <= 6 && $limbs > 1 {
-                        assert!($limbs <= 6);
-                        ark_ff_asm::x86_64_asm_mul!($limbs, (self.0).0, (other.0).0);
-                        self.reduce();
-                        return;
-                    }
-                }
+        paste::paste! {
+            #[inline]
+            #[ark_ff_asm::unroll_for_loops]
+            fn [<mul_assign _id $limbs>]<P: FpParams<N>, const N: usize>(
+                input: &mut [u64; N],
+                other: [u64; N],
+            ) {
                 let mut r = [0u64; $limbs];
                 let mut carry1 = 0u64;
                 let mut carry2 = 0u64;
 
                 for i in 0..$limbs {
-                    r[0] = fa::mac(r[0], (self.0).0[0], (other.0).0[i], &mut carry1);
+                    r[0] = fa::mac(r[0], input[0], other[i], &mut carry1);
                     let k = r[0].wrapping_mul(P::INV);
                     fa::mac_discard(r[0], k, P::MODULUS.0[0], &mut carry2);
                     for j in 1..$limbs {
-                        r[j] = mac_with_carry!(r[j], (self.0).0[j], (other.0).0[i], &mut carry1);
+                        r[j] = mac_with_carry!(r[j], input[j], other[i], &mut carry1);
                         r[j - 1] = mac_with_carry!(r[j], k, P::MODULUS.0[j], &mut carry2);
                     }
                     r[$limbs - 1] = carry1 + carry2;
                 }
-                (self.0).0 = r;
-                self.reduce();
-            // Alternative implementation
-            } else {
-                *self = self.mul_without_reduce(other, P::MODULUS, P::INV);
-                self.reduce();
+                input.copy_from_slice(&r[..]);
             }
         }
     };
@@ -84,88 +60,67 @@ macro_rules! impl_field_into_repr {
 
 macro_rules! impl_field_square_in_place {
     ($limbs: expr) => {
-        #[inline]
-        // #[ark_ff_asm::unroll_for_loops]
-        #[allow(unused_braces, clippy::absurd_extreme_comparisons)]
-        fn square_in_place(&mut self) -> &mut Self {
-            if $limbs == 1 {
-                *self = *self * *self;
-                return self;
-            }
-            #[cfg(use_asm)]
-            #[allow(unsafe_code, unused_mut)]
-            {
-                // Checking the modulus at compile time
-                let first_bit_set = P::MODULUS.0[$limbs - 1] >> 63 != 0;
-                let mut all_bits_set = P::MODULUS.0[$limbs - 1] == !0 - (1 << 63);
-                for i in 1..$limbs {
-                    all_bits_set &= P::MODULUS.0[$limbs - i - 1] == core::u64::MAX;
-                }
-                let _no_carry: bool = !(first_bit_set || all_bits_set);
-
-                if $limbs <= 6 && _no_carry {
-                    assert!($limbs <= 6);
-                    ark_ff_asm::x86_64_asm_square!($limbs, (self.0).0);
-                    self.reduce();
-                    return self;
-                }
-            }
-            let mut r = [[0u64; $limbs]; 2].concat();
-
-            let mut carry = 0;
-            for i in 0..$limbs {
-                if i < $limbs - 1 {
-                    for j in 0..$limbs {
-                        if j > i {
-                            r[i + j] =
-                                mac_with_carry!(r[i + j], (self.0).0[i], (self.0).0[j], &mut carry);
+        paste::paste! {
+            #[inline(always)]
+            #[ark_ff_asm::unroll_for_loops]
+            #[allow(unused_braces, clippy::absurd_extreme_comparisons)]
+            fn [<square_in_place _id $limbs>]<P: FpParams<N>, const N: usize>(
+                input: &mut [u64; N],
+            ) {
+                let mut r = [0u64; $limbs * 2];
+                let mut carry = 0;
+                for i in 0..$limbs {
+                    if i < $limbs - 1 {
+                        for j in 0..$limbs {
+                            if j > i {
+                                r[i + j] =
+                                    mac_with_carry!(r[i + j], input[i], input[j], &mut carry);
+                            }
                         }
+                        r[$limbs + i] = carry;
+                        carry = 0;
                     }
-                    r[$limbs + i] = carry;
-                    carry = 0;
                 }
-            }
-            r[$limbs * 2 - 1] = r[$limbs * 2 - 2] >> 63;
-            for i in 0..$limbs {
-                // This computes `r[2 * ($limbs - 1) - (i + 1)]`, but additionally
-                // handles the case where the index underflows.
-                // Note that we should never hit this case because it only occurs
-                // when `$limbs == 1`, but we handle that separately above.
-                let subtractor = (2 * ($limbs - 1usize))
-                    .checked_sub(i + 1)
-                    .map(|index| r[index])
-                    .unwrap_or(0);
-                r[2 * ($limbs - 1) - i] = (r[2 * ($limbs - 1) - i] << 1) | (subtractor >> 63);
-            }
-            for i in 3..$limbs {
-                r[$limbs + 1 - i] = (r[$limbs + 1 - i] << 1) | (r[$limbs - i] >> 63);
-            }
-            r[1] <<= 1;
+                r[$limbs * 2 - 1] = r[$limbs * 2 - 2] >> 63;
+                for i in 0..$limbs {
+                    // This computes `r[2 * ($limbs - 1) - (i + 1)]`, but additionally
+                    // handles the case where the index underflows.
+                    // Note that we should never hit this case because it only occurs
+                    // when `$limbs == 1`, but we handle that separately above.
+                    let subtractor = (2 * ($limbs - 1usize))
+                        .checked_sub(i + 1)
+                        .map(|index| r[index])
+                        .unwrap_or(0);
+                    r[2 * ($limbs - 1) - i] = (r[2 * ($limbs - 1) - i] << 1) | (subtractor >> 63);
+                }
+                for i in 3..$limbs {
+                    r[$limbs + 1 - i] = (r[$limbs + 1 - i] << 1) | (r[$limbs - i] >> 63);
+                }
+                r[1] <<= 1;
 
-            for i in 0..$limbs {
-                r[2 * i] = mac_with_carry!(r[2 * i], (self.0).0[i], (self.0).0[i], &mut carry);
-                // need unused assignment because the last iteration of the loop produces an
-                // assignment to `carry` that is unused.
-                #[allow(unused_assignments)]
-                {
-                    r[2 * i + 1] = adc!(r[2 * i + 1], 0, &mut carry);
+                for i in 0..$limbs {
+                    r[2 * i] = mac_with_carry!(r[2 * i], input[i], input[i], &mut carry);
+                    // need unused assignment because the last iteration of the loop produces an
+                    // assignment to `carry` that is unused.
+                    #[allow(unused_assignments)]
+                    {
+                        r[2 * i + 1] = adc!(r[2 * i + 1], 0, &mut carry);
+                    }
                 }
-            }
-            // Montgomery reduction
-            let mut _carry2 = 0;
-            for i in 0..$limbs {
-                let k = r[i].wrapping_mul(P::INV);
-                let mut carry = 0;
-                mac_with_carry!(r[i], k, P::MODULUS.0[0], &mut carry);
-                for j in 1..$limbs {
-                    r[j + i] = mac_with_carry!(r[j + i], k, P::MODULUS.0[j], &mut carry);
+                // Montgomery reduction
+                let mut _carry2 = 0;
+                for i in 0..$limbs {
+                    let k = r[i].wrapping_mul(P::INV);
+                    let mut carry = 0;
+                    mac_with_carry!(r[i], k, P::MODULUS.0[0], &mut carry);
+                    for j in 1..$limbs {
+                        r[j + i] = mac_with_carry!(r[j + i], k, P::MODULUS.0[j], &mut carry);
+                    }
+                    r[$limbs + i] = adc!(r[$limbs + i], _carry2, &mut carry);
+                    _carry2 = carry;
                 }
-                r[$limbs + i] = adc!(r[$limbs + i], _carry2, &mut carry);
-                _carry2 = carry;
+                input.copy_from_slice(&r[N..]);
             }
-            (self.0).0.copy_from_slice(&r[$limbs..]);
-            self.reduce();
-            self
         }
     };
 }
diff --git a/ff/src/fields/models/fp.rs b/ff/src/fields/models/fp.rs
@@ -15,7 +15,24 @@ use crate::{
 };
 use ark_serialize::*;
 
-pub trait FpParams<const N: usize>: FpParameters<BigInt = BigInt<N>> {}
+invoke_16!(impl_field_square_in_place);
+invoke_16!(impl_field_mul_assign);
+
+pub trait FpParams<const N: usize>: FpParameters<N, BigInt = BigInt<N>> {
+    // Checking the modulus at compile time
+    const NO_CARRY: bool = {
+        let first_bit_set = Self::MODULUS.0[N - 1] >> 63 != 0;
+        // $limbs can be 1, hence we can run into a case with an unused mut.
+        #[allow(unused_mut)]
+        let mut all_bits_set = Self::MODULUS.0[N - 1] == !0 - (1 << 63);
+        let mut i = 1;
+        while i < N {
+            all_bits_set &= Self::MODULUS.0[N - i - 1] == !0u64;
+            i += 1;
+        }
+        !(first_bit_set || all_bits_set)
+    };
+}
 
 #[derive(Derivative)]
 #[derivative(
@@ -70,7 +87,7 @@ impl<P, const N: usize> Fp<P, N> {
         modulus: BigInt<N>,
         inv: u64,
     ) -> Self {
-        let mut repr = BigInt::<N>([0; N]);
+        let mut repr = P::BigInt([0; N]);
         let mut i = 0;
         while i < limbs.len() {
             repr.0[i] = limbs[i];
@@ -319,7 +336,29 @@ impl<P: FpParams<N>, const N: usize> Field for Fp<P, N> {
         temp
     }
 
-    impl_field_square_in_place!(N);
+    #[inline]
+    #[ark_ff_asm::unroll_for_loops]
+    #[allow(unused_braces, clippy::absurd_extreme_comparisons)]
+    fn square_in_place(&mut self) -> &mut Self {
+        if N == 1 {
+            *self = *self * *self;
+            return self;
+        }
+        #[cfg(use_asm)]
+        #[allow(unsafe_code, unused_mut)]
+        {
+            if N <= 6 && P::NO_CARRY {
+                ark_ff_asm::x86_64_asm_square!($limbs, (self.0).0);
+                self.reduce();
+                return self;
+            }
+        }
+
+        let input = &mut (self.0).0;
+        match_const!(square_in_place, N, input);
+        self.reduce();
+        self
+    }
 
     #[inline]
     fn inverse(&self) -> Option<Self> {
@@ -611,7 +650,7 @@ impl<P: FpParams<N>, const N: usize> ToBytes for Fp<P, N> {
 impl<P: FpParams<N>, const N: usize> FromBytes for Fp<P, N> {
     #[inline]
     fn read<R: Read>(reader: R) -> IoResult<Self> {
-        BigInt::<N>::read(reader).and_then(|b| match Fp::<P, N>::from_repr(b) {
+        P::BigInt::read(reader).and_then(|b| match Fp::<P, N>::from_repr(b) {
             Some(f) => Ok(f),
             None => Err(crate::error("FromBytes::read failed")),
         })
@@ -932,7 +971,30 @@ impl<'a, P: FpParams<N>, const N: usize> SubAssign<&'a Self> for Fp<P, N> {
 }
 
 impl<'a, P: FpParams<N>, const N: usize> MulAssign<&'a Self> for Fp<P, N> {
-    impl_field_mul_assign!(N);
+    #[inline]
+    #[ark_ff_asm::unroll_for_loops]
+    fn mul_assign(&mut self, other: &Self) {
+        // No-carry optimisation applied to CIOS
+        if P::NO_CARRY {
+            #[cfg(use_asm)]
+            #[allow(unsafe_code, unused_mut)]
+            {
+                // Tentatively avoid using assembly for `$limbs == 1`.
+                if N <= 6 && N > 1 {
+                    ark_ff_asm::x86_64_asm_mul!($limbs, input, other);
+                    self.reduce();
+                    return;
+                }
+            }
+            let input = &mut (self.0).0;
+            let other_ = (other.0).0;
+            match_const!(mul_assign, N, input, other_);
+            self.reduce();
+        } else {
+            *self = self.mul_without_reduce(other, P::MODULUS, P::INV);
+            self.reduce();
+        }
+    }
 }
 
 impl<'a, P: FpParams<N>, const N: usize> DivAssign<&'a Self> for Fp<P, N> {
diff --git a/ff/src/fields/models/mod.rs b/ff/src/fields/models/mod.rs

Original file line number	Diff line number	Diff line change
`@@ -23,13 +23,13 @@ pub struct BigInt<const N: usize>(pub [u64; N]);`
`23`	`23`
`24`	`24`	`impl<const N: usize> Default for BigInt<N> {`
`25`	`25`	`fn default() -> Self {`
`26`		`- BigInt::<N>([0u64; N])`
	`26`	`+ Self([0u64; N])`
`27`	`27`	`}`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`impl<const N: usize> BigInt<N> {`
`31`	`31`	`pub const fn new(value: [u64; N]) -> Self {`
`32`		`- BigInt::<N>(value)`
	`32`	`+ Self(value)`
`33`	`33`	`}`
`34`	`34`	`}`
`35`	`35`