Simplicity

src/simplicity/dag.c

@@ -367,7 +367,7 @@ void simplicity_computeAnnotatedMerkleRoot(analyses* analysis, const dag_node* d
 }
 
 /* Verifies that the 'dag' is in canonical order, meaning that nodes under the left branches have lower indices than nodes under
- * right branches, with the exception that nodes under right braches may (cross-)reference identical nodes that already occur under
+ * right branches, with the exception that nodes under right branches may (cross-)reference identical nodes that already occur under
  * left branches.
  *
  * Returns 'SIMPLICITY_NO_ERROR' if the 'dag' is in canonical order, and returns 'SIMPLICITY_ERR_DATA_OUT_OF_ORDER' if it is not.
@@ -389,7 +389,7 @@ simplicity_err simplicity_verifyCanonicalOrder(dag_node* dag, const uint_fast32_
   /* We use dag[i].aux as a "stack" to manage the traversal of the DAG. */
   dag[top].aux = len; /* We will set top to 'len' to indicate we are finished. */
 
-  /* Each time any particular 'top' value is revisted in this loop, bottom has increased to be strictly larger than the last 'child'
+  /* Each time any particular 'top' value is revisited in this loop, bottom has increased to be strictly larger than the last 'child'
      value examined.  Therefore we will make further progress in the loop the next time around.
      By this reasoning any given 'top' value will be visited no more than numChildren(dag[top].tag) + 1 <= 3 times.
      Thus this loop iterates at most O('len') times.

src/simplicity/dag.h

@@ -350,7 +350,7 @@ void simplicity_computeCommitmentMerkleRoot(dag_node* dag, uint_fast32_t i);
 void simplicity_computeAnnotatedMerkleRoot(analyses* analysis, const dag_node* dag, const type* type_dag, uint_fast32_t len);
 
 /* Verifies that the 'dag' is in canonical order, meaning that nodes under the left branches have lower indices than nodes under
- * right branches, with the exception that nodes under right braches may (cross-)reference identical nodes that already occur under
+ * right branches, with the exception that nodes under right branches may (cross-)reference identical nodes that already occur under
  * left branches.
  *
  * Returns 'SIMPLICITY_NO_ERROR' if the 'dag' is in canonical order, and returns 'SIMPLICITY_ERR_DATA_OUT_OF_ORDER' if it is not.

src/simplicity/jets-secp256k1.c

@@ -714,7 +714,7 @@ bool simplicity_hash_to_curve(frameItem* dst, frameItem src, const txEnv* env) {
   return true;
 }
 
-/* THIS IS NOT A JET.  It doesn't have the type signatue of a jet
+/* THIS IS NOT A JET.  It doesn't have the type signature of a jet
  * This is a generic taptweak jet implementation parameterized by the tag used in the hash.
  * It is designed to be specialized to implement slightly different taptweak operations for Bitcoin and Elements.
  *

src/simplicity/jets.c

@@ -591,7 +591,7 @@ RIGHT_EXTEND_(32,64)
 
 #define LEFT_SHIFT_(log, bits)                                                            \
 static inline void left_shift_helper_##bits(bool with, frameItem* dst, frameItem *src) {  \
-  static_assert(log <= 8, "Only log parameter upto 8 is supported.");                     \
+  static_assert(log <= 8, "Only log parameter up to 8 is supported.");                    \
   uint_fast8_t amt = simplicity_read##log(src);                                           \
   uint_fast##bits##_t output = simplicity_read##bits(src);                                \
   if (with) output = UINT##bits##_MAX ^ output;                                           \
@@ -625,7 +625,7 @@ LEFT_SHIFT_(8,64)
 
 #define RIGHT_SHIFT_(log, bits)                                                            \
 static inline void right_shift_helper_##bits(bool with, frameItem* dst, frameItem *src) {  \
-  static_assert(log <= 8, "Only log parameter upto 8 is supported.");                      \
+  static_assert(log <= 8, "Only log parameter up to 8 is supported.");                     \
   uint_fast8_t amt = simplicity_read##log(src);                                            \
   uint_fast##bits##_t output = simplicity_read##bits(src);                                 \
   if (with) output = UINT##bits##_MAX ^ output;                                            \
@@ -1046,7 +1046,7 @@ DIVIDES_(64)
 /* Implements the 3n/2n division algorithm for n=32 bits.
  * For more details see "Fast Recursive Division" by Christoph Burnikel and Joachim Ziegler, MPI-I-98-1-022, Oct. 1998.
  *
- * Given a 96 bit (unsigned) value A and a 64 bit value B, set *q and *r to the quotent and remainder of A divided by B.
+ * Given a 96 bit (unsigned) value A and a 64 bit value B, set *q and *r to the quotient and remainder of A divided by B.
  *
  * ah is passed the high 64 bits of A, and al is passed the low 32 bits of A.
  * We say that A = [ah;al] where [ah;al] denotes ah * 2^32 + al.
@@ -1067,7 +1067,7 @@ DIVIDES_(64)
  *
  * Preconditon 2 ensures that this estimate is close to the true value of Q.  In fact Q <= estQ <= Q + 2 (see proof below)
  *
- * There is a corresponding estR value satifying the equation estR = A - estQ * B.
+ * There is a corresponding estR value satisfying the equation estR = A - estQ * B.
  * This estR is one of {R, R - B, R - 2B}.
  * Therefore if estR is non-negative, then estR is equal to the true R value, and hence estQ is equal to the true Q value.
  *
@@ -1085,7 +1085,7 @@ DIVIDES_(64)
  *
  * Lemma 2: estQ < [1;2] (== 2^32 + 2).
  * First note that ah - [bh;0] < [1;0] because
- * ah < B (by precondtion 1)
+ * ah < B (by precondition 1)
  *    < [bh+1;0]
  *    == [bh;0] + [1;0]
  *
@@ -1116,7 +1116,7 @@ static void div_mod_96_64(uint_fast32_t *q, uint_fast64_t *r,
   /* B == b == [bh;bl] */
   uint_fast64_t estQ = ah / bh;
 
-  /* Precondition 1 guarentees Q is 32-bits, if estQ is greater than UINT32_MAX, then reduce our initial estimated quotient to UINT32_MAX. */
+  /* Precondition 1 guarantees Q is 32-bits, if estQ is greater than UINT32_MAX, then reduce our initial estimated quotient to UINT32_MAX. */
   *q = estQ <= UINT32_MAX ? (uint_fast32_t)estQ : UINT32_MAX;
 
   /* *q * bh <= estQ * bh <= ah */
@@ -1131,7 +1131,7 @@ static void div_mod_96_64(uint_fast32_t *q, uint_fast64_t *r,
    * This value is negative when [rh;al] < d.
    * Note that d is 64 bit and thus if rh is greater than UINT32_MAX, then this value cannot be negative.
    */
-  /* This loop is exectued at most twice. */
+  /* This loop is executed at most twice. */
   while (rh <= UINT32_MAX && 0x100000000u*rh + al < d) {
     /* Our estimated remainder, A - *q * B is negative. */
     /* 0 < d == *q * bl and hence 0 < *q, so this decrement does not underflow. */
@@ -1173,7 +1173,7 @@ bool simplicity_div_mod_128_64(frameItem* dst, frameItem src, const txEnv* env)
      *         RR
      *
      * First divide the high 3 "digit"s (96-bits) of A by the two "digit"s (64-bits) of B,
-     * returning the first "digit" (high 32-bits) of the quotient, and an intermediate remainer consisiting of 2 "digit"s (64-bits).
+     * returning the first "digit" (high 32-bits) of the quotient, and an intermediate remainder consisiting of 2 "digit"s (64-bits).
      */
     div_mod_96_64(&qh, &r, ah, am, b);
     simplicity_debug_assert(r < b);
@@ -1187,8 +1187,8 @@ bool simplicity_div_mod_128_64(frameItem* dst, frameItem src, const txEnv* env)
      *         ---
      *          RR
      *
-     * Then append the last "digit" of A to the intermidiate remainder and divide that value (96_bits) by the two "digit"s (64-bits) of B,
-     * returning the second "digit" (low 32-bits) of the quotient, and the final remainer consisiting of 2 "digit"s (64-bits).
+     * Then append the last "digit" of A to the intermediate remainder and divide that value (96_bits) by the two "digit"s (64-bits) of B,
+     * returning the second "digit" (low 32-bits) of the quotient, and the final remainder consisiting of 2 "digit"s (64-bits).
      */
     div_mod_96_64(&ql, &r, r, al, b);
     simplicity_write32(dst, qh);

src/simplicity/primitive/elements/env.c

@@ -260,11 +260,11 @@ static void copyOutput(sigOutput* result, opcode** allocation, size_t* allocatio
 
 /* Tally a sorted list of feeOutputs
  *
- * Given a sorted array of feeOutput pointers, tally all the (explict) amounts of the entries with the same asset id,
+ * Given a sorted array of feeOutput pointers, tally all the (explicit) amounts of the entries with the same asset id,
  * which are all necessarily next to each other, into the assetFee field of the first entry of the bunch.
  *
  * Discard all entries other than the first one of each bunch.
- * Return 'ret_value', the number of remaning entries in the array after these discards.
+ * Return 'ret_value', the number of remaining entries in the array after these discards.
  *
  * Note: the array is not re-allocated, so there will be "junk" values in the array past the end of 'ret_value'.
  *
@@ -497,7 +497,7 @@ extern transaction* simplicity_elements_mallocTransaction(const rawTransaction*
     uint_fast32_t ix_fee = 0;
 
     /* perm is a temporary array the same length (numFees) and size as feeOutputs.
-     * perm is used to initalize feeOutputs and is not used afterward.
+     * perm is used to initialize feeOutputs and is not used afterward.
      * This makes it safe for perm to use the same memory allocation as feeOutputs.
      */
     static_assert(sizeof(const sha256_midstate*) == sizeof(sigOutput*), "Pointers (to structures) ought to have the same size.");
@@ -528,8 +528,8 @@ extern transaction* simplicity_elements_mallocTransaction(const rawTransaction*
     /* Initialize the feeOutputs array from the perm array.
      * Because the perm array entries are the same size as the feeOutputs array entries, it is safe to initialize one by one.
      *
-     * In practical C implementations, the feeOutputs array entires are initalized to the same value as the perm array entries.
-     * In practical C implementations, this is a no-op, and generally compiliers are able to see this fact and eliminate this loop.
+     * In practical C implementations, the feeOutputs array entries are initialized to the same value as the perm array entries.
+     * In practical C implementations, this is a no-op, and generally compilers are able to see this fact and eliminate this loop.
      *
      * We keep the loop in the code just to be pedantic.
      */
@@ -652,7 +652,7 @@ extern void simplicity_elements_freeTapEnv(tapEnv* env) {
   simplicity_free(env);
 }
 
-/* Contstruct a txEnv structure from its components.
+/* Construct a txEnv structure from its components.
  * This function will precompute any cached values.
  *
  * Precondition: NULL != tx

src/simplicity/primitive/elements/primitive.h

@@ -248,7 +248,7 @@ typedef struct tapEnv {
   unsigned char leafVersion;
 } tapEnv;
 
-/* The 'txEnv' structure used by the Elements application of Simplcity.
+/* The 'txEnv' structure used by the Elements application of Simplicity.
  *
  * It includes
  * + the transaction data, which may be shared when Simplicity expressions are used for multiple inputs in the same transaction),
@@ -263,7 +263,7 @@ typedef struct txEnv {
   uint_fast32_t ix;
 } txEnv;
 
-/* Contstruct a txEnv structure from its components.
+/* Construct a txEnv structure from its components.
  * This function will precompute any cached values.
  *
  * Precondition: NULL != tx

src/simplicity/rsort.c

@@ -11,10 +11,10 @@ static_assert(UCHAR_MAX < SIZE_MAX, "UCHAR_MAX >= SIZE_MAX");
 /* Return the 'i'th char of the object representation of the midstate pointed to by a.
  *
  * In C, values are represented as 'unsigned char [sizeof(v)]' array.  However the exact
- * specification of how this represenation works is implementation defined.
+ * specification of how this representation works is implementation defined.
  *
  * For the 'uint32_t' values of 'sha256_midstate', the object representation of these values will differ
- * between big endian and little endian archtectures.
+ * between big endian and little endian architectures.
  *
  * Precondition: NULL != a
  *               i < sizeof(a->s);
@@ -138,7 +138,7 @@ static void rsort_ex(const sha256_midstate** a, uint_fast32_t len, const sha256_
      We will decrease len as we go as we find out that items at the end of the array are in their proper, sorted position.
 
      The 'i'th bucket is the subarray a[stack[i]:stack[i+1]),
-     excecpt for the last bucket which is the subarray a[stack[totalBucketCount-1]:len).
+     except for the last bucket which is the subarray a[stack[totalBucketCount-1]:len).
 
      The depth to which various buckets are sorted increases the further down the stack you go.
      The 'bucketCount' stores how many buckets are sorted to various depths.
@@ -169,7 +169,7 @@ static void rsort_ex(const sha256_midstate** a, uint_fast32_t len, const sha256_
      Note: there is an added optimization where by if there is only one non-empty bucket found when attempting to sort,
      i.e. it happens that every bucket item already has identical 'depth' characters,
      we skip the subdivision and move onto the next depth immediately.
-     (This is equivalent to pushing the one non-empty bucket onto the stack and immediately poping it back off.)
+     (This is equivalent to pushing the one non-empty bucket onto the stack and immediately popping it back off.)
 
      If the last bucket is of size 0 or 1, it must be already be sorted.
      Since this bucket is at the end of the array we decrease 'len'.

src/simplicity/secp256k1/README.md

@@ -49,4 +49,4 @@ Lastly, all active uses of normalize are replaced with the variable-time impleme
 
 [^1]: More specifically, the when a point has a very low and odd order, the `ai` values in the `secp256k1_ecmult_odd_multiples_table` can reach infinity, violating libsecp256k1's assumption that `secp256k1_gej_add_ge_var`'s `a` parameter is never infinity.
 The value we set to the `rzr` in this case does not matter since it ends up only being multiplied with zero in `secp256k1_ge_table_set_globalz`.
-It just needs to be set to some value to avoid reading uninitalized memory.
+It just needs to be set to some value to avoid reading uninitialized memory.

src/simplicity/secp256k1/scalar_impl.h

@@ -44,11 +44,11 @@ static void secp256k1_scalar_split_lambda_verify(const secp256k1_scalar *r1, con
 #endif
 
 /*
- * Both lambda and beta are primitive cube roots of unity.  That is lamba^3 == 1 mod n and
+ * Both lambda and beta are primitive cube roots of unity.  That is lambda^3 == 1 mod n and
  * beta^3 == 1 mod p, where n is the curve order and p is the field order.
  *
  * Furthermore, because (X^3 - 1) = (X - 1)(X^2 + X + 1), the primitive cube roots of unity are
- * roots of X^2 + X + 1.  Therefore lambda^2 + lamba == -1 mod n and beta^2 + beta == -1 mod p.
+ * roots of X^2 + X + 1.  Therefore lambda^2 + lambda == -1 mod n and beta^2 + beta == -1 mod p.
  * (The other primitive cube roots of unity are lambda^2 and beta^2 respectively.)
  *
  * Let l = -1/2 + i*sqrt(3)/2, the complex root of X^2 + X + 1. We can define a ring

src/simplicity/secp256k1/util.h

@@ -96,7 +96,7 @@ static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2,
 # define SECP256K1_INT128_NATIVE 1
 #elif defined(USE_FORCE_WIDEMUL_INT64)
 /* If USE_FORCE_WIDEMUL_INT64 is set, use int64. */
-# error WIDEMUL_INT64 not suported in Simplicity.
+# error WIDEMUL_INT64 not supported in Simplicity.
 #elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__)
 /* If a native 128-bit integer type exists, use int128. */
 # define SECP256K1_WIDEMUL_INT128 1

src/simplicity/sha256.c

@@ -123,7 +123,7 @@ static void sha256_compression_portable(uint32_t* s, const uint32_t* chunk) {
 void (*simplicity_sha256_compression)(uint32_t* midstate, const uint32_t* block) = sha256_compression_portable;
 
 /* For information purposes only.
- * Returns true if the sha256_compression implemenation has been optimized for the CPU.
+ * Returns true if the sha256_compression implementation has been optimized for the CPU.
  * Otherwise returns false.
  */
 bool simplicity_sha256_compression_is_optimized(void) {

src/simplicity/sha256.h

@@ -75,7 +75,7 @@ static inline void WriteLE32(unsigned char* ptr, uint_fast32_t x) {
   ptr[0] = 0xff & x;
 }
 
-/* Coverts a given 'midstate' value to a 'hash' value as 32 bytes stored in an unsigned char array.
+/* Converts a given 'midstate' value to a 'hash' value as 32 bytes stored in an unsigned char array.
  *
  * Precondition: unsigned char hash[32];
  *               uint32_t midstate[8]
@@ -91,7 +91,7 @@ static inline void sha256_fromMidstate(unsigned char* hash, const uint32_t* mids
   WriteBE32(hash + 7*4, midstate[7]);
 }
 
-/* Coverts a given 'hash' value as 32 bytes stored in an unsigned char array to a 'midstate' value.
+/* Converts a given 'hash' value as 32 bytes stored in an unsigned char array to a 'midstate' value.
  *
  * Precondition: uint32_t midstate[8];
  *               unsigned char hash[32]
@@ -130,7 +130,7 @@ static inline void sha256_iv(uint32_t* iv) {
 extern void (*simplicity_sha256_compression)(uint32_t* midstate, const uint32_t* block);
 
 /* For information purposes only.
- * Returns true if the sha256_compression implemenation has been optimized for the CPU.
+ * Returns true if the sha256_compression implementation has been optimized for the CPU.
  * Otherwise returns false.
  */
 bool simplicity_sha256_compression_is_optimized(void);
@@ -188,7 +188,7 @@ typedef struct sha256_context {
 
 /* SHA-256 is limited to strictly less than 2^64 bits or 2^56 bytes of data.
  * This limit cannot be reached in practice under proper use of the SHA-256 interface.
- * However some jets in simplicity load and store this context and it is easy to syntesize contexts with absurdly large counter values.
+ * However some jets in simplicity load and store this context and it is easy to synthesize contexts with absurdly large counter values.
  */
 static const uint_fast64_t sha256_max_counter = 0x2000000000000000;
 

src/simplicity/type.h

@@ -85,12 +85,12 @@ static inline size_t typeSkip(size_t i, const type* type_dag) {
 }
 
 /* Precondition: type type_dag[i] and 'type_dag' is well-formed.
- *               if type_dag[i] is a non-trival 'PRODUCT', then both of its two type arguements are non-trival.
+ *               if type_dag[i] is a non-trival 'PRODUCT', then both of its two type arguments are non-trival.
  * Postconditon: value == type_dag[i]
  */
 static inline void setTypeBack(size_t i, type* type_dag, size_t value) {
   /* .back cannot be used if .skip is in use.
-     Specifically it cannot be a non-trivial 'PRODUCT' type where one of its two type arguements is a trivial type.
+     Specifically it cannot be a non-trivial 'PRODUCT' type where one of its two type arguments is a trivial type.
    */
   simplicity_assert((PRODUCT != type_dag[i].kind ||
                      0 == type_dag[i].bitSize ||