multiprecision: make goldilocks operations constexpr

Author: ioxid

crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/big_mod.hpp

@@ -170,7 +170,7 @@ namespace nil::crypto3::multiprecision {
 
       private:
         template<typename S, std::enable_if_t<is_integral_v<S>, int> = 0>
-        static base_type convert_to_raw_base(const S& s, const modular_ops_t& ops) {
+        static constexpr base_type convert_to_raw_base(const S& s, const modular_ops_t& ops) {
             if (nil::crypto3::multiprecision::is_zero(s)) {
                 return base_type{};
             }

crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/big_uint.hpp

@@ -1425,16 +1425,10 @@ namespace nil::crypto3::multiprecision {
         template<std::size_t Bits1>
         friend class big_uint;
 
-        template<std::size_t Bits1, std::size_t Bits2, std::size_t Bits3>
-        friend constexpr bool detail::add_unsigned_constexpr(
-            big_uint<Bits1>& result, const big_uint<Bits2>& a,
-            const big_uint<Bits3>& b) noexcept;
-#ifdef NIL_CO3_MP_HAS_INTRINSICS
         template<std::size_t Bits1, std::size_t Bits2, std::size_t Bits3>
         friend constexpr bool detail::add_unsigned_intrinsic(
             big_uint<Bits1>& result, const big_uint<Bits2>& a,
             const big_uint<Bits3>& b) noexcept;
-#endif
         template<detail::overflow_policy OverflowPolicy, std::size_t Bits1,
                  std::size_t Bits2, std::size_t Bits3>
         friend constexpr bool detail::add_unsigned(big_uint<Bits1>& result,
@@ -1445,16 +1439,10 @@ namespace nil::crypto3::multiprecision {
         friend constexpr bool detail::add_unsigned(big_uint<Bits1>& result,
                                                    const big_uint<Bits2>& a,
                                                    const limb_type& o);
-        template<detail::overflow_policy OverflowPolicy, std::size_t Bits1,
-                 std::size_t Bits2, std::size_t Bits3>
-        friend constexpr void detail::subtract_unsigned_constexpr(
-            big_uint<Bits1>& result, const big_uint<Bits2>& a, const big_uint<Bits3>& b);
-#ifdef NIL_CO3_MP_HAS_INTRINSICS
         template<detail::overflow_policy OverflowPolicy, std::size_t Bits1,
                  std::size_t Bits2, std::size_t Bits3>
         friend constexpr void detail::subtract_unsigned_intrinsic(
             big_uint<Bits1>& result, const big_uint<Bits2>& a, const big_uint<Bits3>& b);
-#endif
         template<detail::overflow_policy OverflowPolicy, bool GuaranteedGreater,
                  std::size_t Bits1, std::size_t Bits2, std::size_t Bits3>
         friend constexpr void detail::subtract_unsigned(big_uint<Bits1>& result,

crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/detail/addcarry_subborrow.hpp

@@ -0,0 +1,96 @@
+//---------------------------------------------------------------------------//
+// Copyright (c) 2020 Madhur Chauhan
+// Copyright (c) 2020 John Maddock
+// Copyright (c) 2024 Andrey Nefedov <[email protected]>
+//
+// Distributed under the Boost Software License, Version 1.0
+// See accompanying file LICENSE_1_0.txt or copy at
+// http://www.boost.org/LICENSE_1_0.txt
+//---------------------------------------------------------------------------//
+
+#pragma once
+
+#include <climits>
+#include <cstdint>
+#include <type_traits>
+#include "nil/crypto3/multiprecision/detail/force_inline.hpp"
+#include "nil/crypto3/multiprecision/detail/intel_intrinsics.hpp"
+
+namespace nil::crypto3::multiprecision::detail {
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    constexpr std::uint8_t addcarry_constexpr(std::uint8_t carry, T a, T b, T* p_result) {
+        T r = a + b + carry;
+        *p_result = r;
+        return r < a || (r == a && carry);
+    }
+
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    constexpr std::uint8_t subborrow_constexpr(std::uint8_t borrow, T a, T b,
+                                               T* p_result) {
+        T r = a - b - borrow;
+        *p_result = r;
+        return r > a || (r == a && borrow);
+    }
+}  // namespace nil::crypto3::multiprecision::detail
+
+#ifdef NIL_CO3_MP_HAS_INTRINSICS
+
+namespace nil::crypto3::multiprecision::detail {
+    static_assert(std::is_same_v<std::uint8_t, unsigned char>);
+
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    NIL_CO3_MP_FORCEINLINE constexpr std::uint8_t addcarry(std::uint8_t carry, T a, T b,
+                                                           T* p_result) {
+        if (!std::is_constant_evaluated()) {
+            if constexpr (sizeof(T) * CHAR_BIT == 64) {
+                return _addcarry_u64(carry, a, b,
+                                     reinterpret_cast<unsigned long long*>(p_result));
+            } else if constexpr (sizeof(T) * CHAR_BIT == 32) {
+                return _addcarry_u32(carry, a, b,
+                                     reinterpret_cast<unsigned int*>(p_result));
+            } else {
+                return addcarry_constexpr(carry, a, b, p_result);
+            }
+        }
+        return addcarry_constexpr(carry, a, b, p_result);
+    }
+
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    NIL_CO3_MP_FORCEINLINE constexpr std::uint8_t subborrow(std::uint8_t borrow, T a, T b,
+                                                            T* p_result) {
+        if (!std::is_constant_evaluated()) {
+            if constexpr (sizeof(T) * CHAR_BIT == 64) {
+                return _subborrow_u64(borrow, a, b,
+                                      reinterpret_cast<unsigned long long*>(p_result));
+            } else if constexpr (sizeof(T) * CHAR_BIT == 32) {
+                return _subborrow_u32(borrow, a, b,
+                                      reinterpret_cast<unsigned int*>(p_result));
+            } else {
+                return subborrow_constexpr(borrow, a, b, p_result);
+            }
+        }
+        return subborrow_constexpr(borrow, a, b, p_result);
+    }
+}  // namespace nil::crypto3::multiprecision::detail
+
+#else
+
+#ifndef NIL_CO3_MP_DISABLE_INTRINSICS
+#warning "x86 intrinsics are not available, addcarry and subborrow optimizations disabled"
+#endif
+
+namespace nil::crypto3::multiprecision::detail {
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    NIL_CO3_MP_FORCEINLINE constexpr std::uint8_t addcarry(std::uint8_t carry, T a, T b,
+                                                           T* p_result) {
+        return addcarry_constexpr(carry, a, b, p_result);
+    }
+
+    template<typename T, std::enable_if_t<std::is_unsigned_v<T>, int> = 0>
+    NIL_CO3_MP_FORCEINLINE constexpr std::uint8_t subborrow(std::uint8_t borrow, T a, T b,
+                                                            T* p_result) {
+        return subborrow_constexpr(borrow, a, b, p_result);
+    }
+}  // namespace nil::crypto3::multiprecision::detail
+
+#endif

crypto3/libs/multiprecision/include/nil/crypto3/multiprecision/detail/big_mod/modular_ops/goldilocks.hpp

@@ -15,19 +15,19 @@
 
 #include <boost/assert.hpp>
 
+#include "nil/crypto3/multiprecision/detail/addcarry_subborrow.hpp"
 #include "nil/crypto3/multiprecision/detail/big_mod/modular_ops/common.hpp"
 #include "nil/crypto3/multiprecision/detail/int128.hpp"
-#include "nil/crypto3/multiprecision/detail/intel_intrinsics.hpp"
 
-#if !(defined(NIL_CO3_MP_HAS_INTRINSICS) && defined(NIL_CO3_MP_HAS_INT128))
+#if !defined(NIL_CO3_MP_HAS_INT128)
 #include "nil/crypto3/multiprecision/detail/big_mod/modular_ops/montgomery.hpp"
 #endif
 
 namespace nil::crypto3::multiprecision {
     inline constexpr std::uint64_t goldilocks_modulus = 0xffffffff00000001ULL;
 
     namespace detail {
-#if defined(NIL_CO3_MP_HAS_INTRINSICS) && defined(NIL_CO3_MP_HAS_INT128)
+#if defined(NIL_CO3_MP_HAS_INT128)
         class goldilocks_modular_ops : public common_modular_ops<std::uint64_t> {
           public:
             using base_type = std::uint64_t;
@@ -50,6 +50,7 @@ namespace nil::crypto3::multiprecision {
                 BOOST_ASSERT(result < goldilocks_modulus);
             }
 
+          private:
             static constexpr base_type reduce128(const detail::uint128_t &input) {
                 /*
 
@@ -74,13 +75,13 @@ Goldilocks::new(t2)
                 std::uint64_t x_hi_lo = x_hi & NEG_ORDER;
 
                 std::uint64_t t0 = 0u;
-                std::uint8_t borrow = subborrow_limb(0, x_lo, x_hi_hi, &t0);
+                std::uint8_t borrow = subborrow(0, x_lo, x_hi_hi, &t0);
                 if (borrow) {
                     t0 -= NEG_ORDER;
                 }
                 std::uint64_t t1 = x_hi_lo * NEG_ORDER;
                 std::uint64_t t2 = 0;
-                std::uint8_t carry = addcarry_limb(0, t0, t1, &t2);
+                std::uint8_t carry = addcarry(0, t0, t1, &t2);
                 std::uint64_t result = t2 + NEG_ORDER * carry;
                 // TODO(ioxid): store noncanonical and remove this canonicalization
                 if (result >= goldilocks_modulus) {
@@ -89,6 +90,7 @@ Goldilocks::new(t2)
                 return result;
             }
 
+          public:
             static constexpr void mul(base_type &result, const base_type &y) {
                 BOOST_ASSERT(result < goldilocks_modulus && y < goldilocks_modulus);
                 detail::uint128_t prod = static_cast<detail::uint128_t>(result) *