diff --git a/constantine/math/arithmetic/assembly/limbs_asm_mul_x86.nim b/constantine/math/arithmetic/assembly/limbs_asm_mul_x86.nim index 0d20d18..4cd5177 100644 --- a/constantine/math/arithmetic/assembly/limbs_asm_mul_x86.nim +++ b/constantine/math/arithmetic/assembly/limbs_asm_mul_x86.nim @@ -23,9 +23,6 @@ import # They are nice to let the compiler deals with mov # but too constraining so we move things ourselves. -# TODO: verify that assembly generated works for small arrays -# that are passed by values - static: doAssert UseASM_X86_64 # Need 8 registers just for mul # and 32-bit only has 8 max. diff --git a/constantine/math/arithmetic/assembly/limbs_asm_x86.nim b/constantine/math/arithmetic/assembly/limbs_asm_x86.nim index 091cbb2..b4cb52b 100644 --- a/constantine/math/arithmetic/assembly/limbs_asm_x86.nim +++ b/constantine/math/arithmetic/assembly/limbs_asm_x86.nim @@ -23,9 +23,6 @@ import # They are nice to let the compiler deals with mov # but too constraining so we move things ourselves. -# TODO: verify that assembly generated works for small arrays -# that are passed by values - static: doAssert UseASM_X86_32 # Copy diff --git a/constantine/math/arithmetic/limbs.nim b/constantine/math/arithmetic/limbs.nim index 1064388..664988b 100644 --- a/constantine/math/arithmetic/limbs.nim +++ b/constantine/math/arithmetic/limbs.nim @@ -354,7 +354,6 @@ func cneg*(r: var Limbs, a: Limbs, ctl: CTBool) = func div10*(a: var Limbs): SecretWord = ## Divide `a` by 10 in-place and return the remainder - ## TODO constant-time result = Zero const clz = WordBitWidth - 1 - log2_vartime(10) diff --git a/constantine/math/config/curves_derived.nim b/constantine/math/config/curves_derived.nim index 422f64c..980a38d 100644 --- a/constantine/math/config/curves_derived.nim +++ b/constantine/math/config/curves_derived.nim @@ -95,13 +95,6 @@ macro genDerivedConstants*(mode: static DerivedConstantMode): untyped = M ) ) - # const MyCurve_InvModExponent = primeMinus2_BE(MyCurve_Modulus) - result.add newConstStmt( - used(curve & ff & "_InvModExponent"), newCall( - bindSym"primeMinus2_BE", - M - ) - ) # const MyCurve_PrimePlus1div2 = primePlus1div2(MyCurve_Modulus) result.add newConstStmt( used(curve & ff & "_PrimePlus1div2"), newCall( @@ -109,13 +102,6 @@ macro genDerivedConstants*(mode: static DerivedConstantMode): untyped = M ) ) - # const MyCurve_PrimeMinus1div2_BE = primeMinus1div2_BE(MyCurve_Modulus) - result.add newConstStmt( - used(curve & ff & "_PrimeMinus1div2_BE"), newCall( - bindSym"primeMinus1div2_BE", - M - ) - ) # const MyCurve_PrimeMinus3div4_BE = primeMinus3div4_BE(MyCurve_Modulus) result.add newConstStmt( used(curve & ff & "_PrimeMinus3div4_BE"), newCall( @@ -130,12 +116,5 @@ macro genDerivedConstants*(mode: static DerivedConstantMode): untyped = M ) ) - # const MyCurve_PrimePlus1div4_BE = primePlus1div4_BE(MyCurve_Modulus) - result.add newConstStmt( - used(curve & ff & "_PrimePlus1div4_BE"), newCall( - bindSym"primePlus1div4_BE", - M - ) - ) # echo result.toStrLit() diff --git a/constantine/math/config/curves_prop_field_derived.nim b/constantine/math/config/curves_prop_field_derived.nim index 4cec258..e222fd6 100644 --- a/constantine/math/config/curves_prop_field_derived.nim +++ b/constantine/math/config/curves_prop_field_derived.nim @@ -99,19 +99,11 @@ macro getMontyPrimeMinus1*(ff: type FF): untyped = ## Get (P-1) result = bindConstant(ff, "MontyPrimeMinus1") -macro getInvModExponent*(ff: type FF): untyped = - ## Get modular inversion exponent (Modulus-2 in canonical representation) - result = bindConstant(ff, "InvModExponent") - macro getPrimePlus1div2*(ff: type FF): untyped = ## Get (P+1) / 2 for an odd prime ## Warning ⚠️: Result in canonical domain (not Montgomery) result = bindConstant(ff, "PrimePlus1div2") -macro getPrimeMinus1div2_BE*(ff: type FF): untyped = - ## Get (P-1) / 2 in big-endian serialized format - result = bindConstant(ff, "PrimeMinus1div2_BE") - macro getPrimeMinus3div4_BE*(ff: type FF): untyped = ## Get (P-3) / 4 in big-endian serialized format result = bindConstant(ff, "PrimeMinus3div4_BE") @@ -120,10 +112,6 @@ macro getPrimeMinus5div8_BE*(ff: type FF): untyped = ## Get (P-5) / 8 in big-endian serialized format result = bindConstant(ff, "PrimeMinus5div8_BE") -macro getPrimePlus1div4_BE*(ff: type FF): untyped = - ## Get (P+1) / 4 for an odd prime in big-endian serialized format - result = bindConstant(ff, "PrimePlus1div4_BE") - # ############################################################ # # Debug info printed at compile-time diff --git a/constantine/math/config/precompute.nim b/constantine/math/config/precompute.nim index f2867bf..838afbf 100644 --- a/constantine/math/config/precompute.nim +++ b/constantine/math/config/precompute.nim @@ -371,19 +371,6 @@ func montyPrimeMinus1*(P: BigInt): BigInt = result = P discard result.csub(P.montyOne(), true) -func primeMinus2_BE*[bits: static int]( - P: BigInt[bits] - ): array[(bits+7) div 8, byte] {.noInit.} = - ## Compute an input prime-2 - ## and return the result as a canonical byte array / octet string - ## For use to precompute modular inverse exponent - ## when using inversion by Little Fermat Theorem a^-1 = a^(p-2) mod p - - var tmp = P - discard tmp.sub(2) - - result.marshal(tmp, bigEndian) - func primePlus1div2*(P: BigInt): BigInt = ## Compute (P+1)/2, assumes P is odd ## For use in constant-time modular inversion @@ -400,25 +387,6 @@ func primePlus1div2*(P: BigInt): BigInt = let carry = result.add(1) doAssert not carry -func primeMinus1div2_BE*[bits: static int]( - P: BigInt[bits] - ): array[(bits+7) div 8, byte] {.noInit.} = - ## For an input prime `p`, compute (p-1)/2 - ## and return the result as a canonical byte array / octet string - ## For use to check if a number is a square (quadratic residue) - ## in a field by Euler's criterion - ## - # Output size: - # - (bits + 7) div 8: bits => byte conversion rounded up - # - (bits + 7 - 1): dividing by 2 means 1 bit is unused - # => TODO: reduce the output size (to potentially save a byte and corresponding multiplication/squarings) - - var tmp = P - discard tmp.sub(1) - tmp.shiftRight(1) - - result.marshal(tmp, bigEndian) - func primeMinus3div4_BE*[bits: static int]( P: BigInt[bits] ): array[(bits+7) div 8, byte] {.noInit.} = @@ -457,35 +425,6 @@ func primeMinus5div8_BE*[bits: static int]( result.marshal(tmp, bigEndian) -func primePlus1Div4_BE*[bits: static int]( - P: BigInt[bits] - ): array[(bits+7) div 8, byte] {.noInit.} = - ## For an input prime `p`, compute (p+1)/4 - ## and return the result as a canonical byte array / octet string - ## For use to check if a number is a square (quadratic residue) - ## in a field by Euler's criterion - ## - # Output size: - # - (bits + 7) div 8: bits => byte conversion rounded up - # - (bits + 7 - 1): dividing by 4 means 2 bits are unused - # but we also add 1 to an odd number so using an extra bit - # => TODO: reduce the output size (to potentially save a byte and corresponding multiplication/squarings) - checkOdd(P) - - # First we do P+1/2 in a way that guarantees no overflow - var tmp = primePlus1div2(P) - # then divide by 2 - tmp.shiftRight(1) - - result.marshal(tmp, bigEndian) - -func toCanonicalIntRepr*[bits: static int]( - a: BigInt[bits] - ): array[(bits+7) div 8, byte] {.noInit.} = - ## Export a bigint to its canonical BigEndian representation - ## (octet-string) - result.marshal(a, bigEndian) - # ############################################################ # # Compile-time Conversion to Montgomery domain diff --git a/constantine/math/config/type_ff.nim b/constantine/math/config/type_ff.nim index c2f837f..88d8fdf 100644 --- a/constantine/math/config/type_ff.nim +++ b/constantine/math/config/type_ff.nim @@ -19,7 +19,7 @@ type ## P being the prime modulus of the Curve C ## Internally, data is stored in Montgomery n-residue form ## with the magic constant chosen for convenient division (a power of 2 depending on P bitsize) - # TODO, pseudo mersenne priles like 2²⁵⁵-19 have very fast modular reduction + # TODO, pseudo mersenne primes like 2²⁵⁵-19 have very fast modular reduction # and don't need Montgomery representation mres*: matchingBigInt(C) diff --git a/constantine/math/constants/bls12_377_sqrt.nim b/constantine/math/constants/bls12_377_sqrt.nim index d0fe528..a670644 100644 --- a/constantine/math/constants/bls12_377_sqrt.nim +++ b/constantine/math/constants/bls12_377_sqrt.nim @@ -70,11 +70,6 @@ func precompute_tonelli_shanks_addchain*( x11010111 .prod(x111, x11010000) # 18 operations - # TODO: we can accumulate in a partially reduced - # doubled-size `r` to avoid the final substractions. - # and only reduce at the end. - # This requires the number of op to be less than log2(p) == 381 - # 18 + 18 = 36 operations r.square_repeated(x11010111, 8) r *= x11101 diff --git a/constantine/math/constants/bls12_381_sqrt.nim b/constantine/math/constants/bls12_381_sqrt.nim index e1fda36..b6f50ce 100644 --- a/constantine/math/constants/bls12_381_sqrt.nim +++ b/constantine/math/constants/bls12_381_sqrt.nim @@ -93,11 +93,6 @@ func invsqrt_addchain*(r: var Fp[BLS12_381], a: Fp[BLS12_381]) {.addchain.} = x11111111 .prod(x10100, x11101011) # 36 operations - # TODO: we can accumulate in a partially reduced - # doubled-size `r` to avoid the final substractions. - # and only reduce at the end. - # This requires the number of op to be less than log2(p) == 381 - # 36 + 22 = 58 operations r.prod(x10111111, x11100001) r.square_repeated(8) diff --git a/constantine/math/constants/bw6_761_sqrt.nim b/constantine/math/constants/bw6_761_sqrt.nim index c5aeefd..ea0d44b 100644 --- a/constantine/math/constants/bw6_761_sqrt.nim +++ b/constantine/math/constants/bw6_761_sqrt.nim @@ -91,11 +91,6 @@ func invsqrt_addchain*(r: var Fp[BW6_761], a: Fp[BW6_761]) {.addchain.} = x11111111 .prod(a, x11111110) # 35 operations - # TODO: we can accumulate in a partially reduced - # doubled-size `r` to avoid the final substractions. - # and only reduce at the end. - # This requires the number of op to be less than log2(p) == 381 - # 35 + 8 = 43 operations r.prod(x100001, x11111111) r.square_repeated(3) diff --git a/constantine/math/elliptic/ec_shortweierstrass_projective.nim b/constantine/math/elliptic/ec_shortweierstrass_projective.nim index 36e826d..97c8e6e 100644 --- a/constantine/math/elliptic/ec_shortweierstrass_projective.nim +++ b/constantine/math/elliptic/ec_shortweierstrass_projective.nim @@ -189,8 +189,6 @@ func sum*[F; G: static Subgroup]( # # Cost: 12M + 3 mul(a) + 2 mul(3b) + 23 a - # TODO: static doAssert odd order - when F.C.getCoefA() == 0: var t0 {.noInit.}, t1 {.noInit.}, t2 {.noInit.}, t3 {.noInit.}, t4 {.noInit.}: F var x3 {.noInit.}, y3 {.noInit.}, z3 {.noInit.}: F @@ -263,7 +261,6 @@ func madd*[F; G: static Subgroup]( ## ## ``r`` may alias P - # TODO: static doAssert odd order when F.C.getCoefA() == 0: var t0 {.noInit.}, t1 {.noInit.}, t2 {.noInit.}, t3 {.noInit.}, t4 {.noInit.}: F var x3 {.noInit.}, y3 {.noInit.}, z3 {.noInit.}: F diff --git a/constantine/math/io/io_fields.nim b/constantine/math/io/io_fields.nim index def901c..289b716 100644 --- a/constantine/math/io/io_fields.nim +++ b/constantine/math/io/io_fields.nim @@ -103,7 +103,6 @@ func toDecimal*(f: FF): string = ## You MUST NOT use it for production. ## ## This function is NOT constant-time at the moment. - # TODO constant-time f.toBig().toDecimal() func fromDecimal*(dst: var FF, decimalString: string) = diff --git a/constantine/platforms/abstractions.nim b/constantine/platforms/abstractions.nim index adf07cc..13f13a2 100644 --- a/constantine/platforms/abstractions.nim +++ b/constantine/platforms/abstractions.nim @@ -52,8 +52,6 @@ const One* = SecretWord(1) MaxWord* = SecretWord(high(BaseType)) -# TODO, we restrict assembly to 64-bit words -# We need to support register spills for large limbs const CttASM {.booldefine.} = true const UseASM_X86_32* = CttASM and X86 and GCC_Compatible const UseASM_X86_64* = WordBitWidth == 64 and UseASM_X86_32 \ No newline at end of file diff --git a/constantine/platforms/bithacks.nim b/constantine/platforms/bithacks.nim index 72fbd7e..4f9f764 100644 --- a/constantine/platforms/bithacks.nim +++ b/constantine/platforms/bithacks.nim @@ -48,7 +48,6 @@ func log2impl_vartime(x: uint32): uint32 = ## using De Bruijn multiplication ## Works at compile-time. ## ⚠️ not constant-time, table accesses are not uniform. - ## TODO: at runtime BitScanReverse or CountLeadingZero are more efficient # https://graphics.stanford.edu/%7Eseander/bithacks.html#IntegerLogDeBruijn const lookup: array[32, uint8] = [0'u8, 9, 1, 10, 13, 21, 2, 29, 11, 14, 16, 18, 22, 25, 3, 30, 8, 12, 20, 28, 15, 17, 24, 7, 19, 27, 23, 6, 26, 5, 4, 31] @@ -65,7 +64,6 @@ func log2impl_vartime(x: uint64): uint64 {.inline.} = ## using De Bruijn multiplication ## Works at compile-time. ## ⚠️ not constant-time, table accesses are not uniform. - ## TODO: at runtime BitScanReverse or CountLeadingZero are more efficient # https://graphics.stanford.edu/%7Eseander/bithacks.html#IntegerLogDeBruijn const lookup: array[64, uint8] = [0'u8, 58, 1, 59, 47, 53, 2, 60, 39, 48, 27, 54, 33, 42, 3, 61, 51, 37, 40, 49, 18, 28, 20, 55, 30, 34, 11, 43, 14, 22, 4, 62, diff --git a/constantine/platforms/compilers/extended_precision.nim b/constantine/platforms/compilers/extended_precision.nim index 02bd8de..927a821 100644 --- a/constantine/platforms/compilers/extended_precision.nim +++ b/constantine/platforms/compilers/extended_precision.nim @@ -81,7 +81,6 @@ when sizeof(int) == 8: when defined(vcc): from ./extended_precision_x86_64_msvc import mul, muladd1, muladd2, smul elif GCCCompatible: - # TODO: constant-time div2n1n when X86: from ./extended_precision_64bit_uint128 import mul, muladd1, muladd2, smul else: diff --git a/constantine/platforms/gpu/bindings/llvm_abi.nim b/constantine/platforms/gpu/bindings/llvm_abi.nim index a294fb9..d176ea6 100644 --- a/constantine/platforms/gpu/bindings/llvm_abi.nim +++ b/constantine/platforms/gpu/bindings/llvm_abi.nim @@ -26,7 +26,7 @@ static: echo "[Constantine] Using library " & libLLVM # also link to libLLVM, for example if they implement a virtual machine (for the EVM, for Snarks/zero-knowledge, ...). # Hence Constantine should always use LLVM context to "namespace" its own codegen and avoid collisions in the global context. -{.push used, cdecl, dynlib: libLLVM.} +{.push cdecl, dynlib: libLLVM.} # ############################################################ # @@ -59,14 +59,14 @@ type proc createContext*(): ContextRef {.importc: "LLVMContextCreate".} proc dispose*(ctx: ContextRef) {.importc: "LLVMContextDispose".} -proc dispose(msg: LLVMstring) {.importc: "LLVMDisposeMessage".} +proc dispose(msg: LLVMstring) {.used, importc: "LLVMDisposeMessage".} ## cstring in LLVM are owned by LLVM and must be destroyed with a specific function -proc dispose(buf: MemoryBufferRef){.importc: "LLVMDisposeMemoryBuffer".} -proc getBufferStart(buf: MemoryBufferRef): ptr byte {.importc: "LLVMGetBufferStart".} -proc getBufferSize(buf: MemoryBufferRef): csize_t {.importc: "LLVMGetBufferSize".} +proc dispose(buf: MemoryBufferRef){.used, importc: "LLVMDisposeMemoryBuffer".} +proc getBufferStart(buf: MemoryBufferRef): ptr byte {.used, importc: "LLVMGetBufferStart".} +proc getBufferSize(buf: MemoryBufferRef): csize_t {.used, importc: "LLVMGetBufferSize".} -proc dispose(msg: ErrorMessageString) {.importc: "LLVMDisposeErrorMessage".} -proc getErrorMessage(err: ErrorRef): ErrorMessageString {.importc: "LLVMGetErrorMessage".} +proc dispose(msg: ErrorMessageString) {.used, importc: "LLVMDisposeErrorMessage".} +proc getErrorMessage(err: ErrorRef): ErrorMessageString {.used, importc: "LLVMGetErrorMessage".} # ############################################################ # @@ -76,7 +76,7 @@ proc getErrorMessage(err: ErrorRef): ErrorMessageString {.importc: "LLVMGetError # {.push header: "".} -proc createModule(name: cstring, ctx: ContextRef): ModuleRef {.importc: "LLVMModuleCreateWithNameInContext".} +proc createModule(name: cstring, ctx: ContextRef): ModuleRef {.used, importc: "LLVMModuleCreateWithNameInContext".} proc dispose*(m: ModuleRef) {.importc: "LLVMDisposeModule".} ## Destroys a module ## Note: destroying an Execution Engine will also destroy modules attached to it @@ -126,6 +126,7 @@ proc verify(module: ModuleRef, failureAction: VerifierFailureAction, msg: var LL # proc initializeNativeTarget*(): LlvmBool {.discardable, importc: "LLVMInitializeNativeTarget".} # proc initializeNativeAsmPrinter*(): LlvmBool {.discardable, importc: "LLVMInitializeNativeAsmPrinter".} +{.push used.} proc initializeX86AsmPrinter() {.importc: "LLVMInitializeX86AsmPrinter".} proc initializeX86Target() {.importc: "LLVMInitializeX86Target".} proc initializeX86TargetInfo() {.importc: "LLVMInitializeX86TargetInfo".} @@ -135,6 +136,7 @@ proc initializeNVPTXAsmPrinter() {.importc: "LLVMInitializeNVPTXAsmPrinter".} proc initializeNVPTXTarget() {.importc: "LLVMInitializeNVPTXTarget".} proc initializeNVPTXTargetInfo() {.importc: "LLVMInitializeNVPTXTargetInfo".} proc initializeNVPTXTargetMC() {.importc: "LLVMInitializeNVPTXTargetMC".} +{.pop.} proc getTargetFromName*(name: cstring): TargetRef {.importc: "LLVMGetTargetFromName".} proc getTargetFromTriple*(triple: cstring, target: var TargetRef, errorMessage: var LLVMstring @@ -235,11 +237,12 @@ proc populateModulePassManager*(pmb: PassManagerBuilderRef, legacyPM: PassManage proc createPassBuilderOptions*(): PassBuilderOptionsRef {.importc: "LLVMCreatePassBuilderOptions".} proc dispose*(pbo: PassBuilderOptionsRef) {.importc: "LLVMDisposePassBuilderOptions".} -proc runPasses(module: ModuleRef, passes: cstring, machine: TargetMachineRef, pbo: PassBuilderOptionsRef): ErrorRef {.importc: "LLVMRunPasses".} +proc runPasses(module: ModuleRef, passes: cstring, machine: TargetMachineRef, pbo: PassBuilderOptionsRef): ErrorRef {.used, importc: "LLVMRunPasses".} # https://llvm.org/docs/doxygen/group__LLVMCInitialization.html # header: "" +{.push used.} proc getGlobalPassRegistry(): PassRegistryRef {.importc: "LLVMGetGlobalPassRegistry".} proc initializeCore(registry: PassRegistryRef) {.importc: "LLVMInitializeCore".} @@ -255,6 +258,7 @@ proc initializeAnalysis(registry: PassRegistryRef) {.importc: "LLVMInitializeAna proc initializeIPA(registry: PassRegistryRef) {.importc: "LLVMInitializeIPA".} proc initializeCodeGen(registry: PassRegistryRef) {.importc: "LLVMInitializeCodeGen".} proc initializeTarget(registry: PassRegistryRef) {.importc: "LLVMInitializeTarget".} +{.pop.} # https://llvm.org/doxygen/group__LLVMCTarget.html proc addTargetLibraryInfo*(tli: TargetLibraryInfoRef, pm: PassManagerRef) {.importc: "LLVMAddTargetLibraryInfo".} @@ -356,14 +360,6 @@ proc addFunction*(m: ModuleRef, name: cstring, ty: TypeRef): ValueRef {.importc: ## Declare a function `name` in a module. ## Returns a handle to specify its instructions -# TODO: Function and Parameter attributes: -# - https://www.llvm.org/docs/LangRef.html?highlight=attribute#function-attributes -# - https://www.llvm.org/docs/LangRef.html?highlight=attribute#parameter-attributes -# -# We can use attributes to specify additional guarantees of Constantine code, for instance: -# - "pure" function with: nounwind, readonly -# - pointer particularities: readonly, writeonly, noalias, inalloca, byval - proc getReturnType*(functionTy: TypeRef): TypeRef {.importc: "LLVMGetReturnType".} proc countParamTypes*(functionTy: TypeRef): uint32 {.importc: "LLVMCountParamTypes".} @@ -392,14 +388,11 @@ proc toLLVMstring(v: ValueRef): LLVMstring {.used, importc: "LLVMPrintValueToStr # ------------------------------------------------------------ # https://llvm.org/doxygen/group__LLVMCCoreValueConstant.html -proc constInt(ty: TypeRef, n: culonglong, signExtend: LlvmBool): ValueRef {.importc: "LLVMConstInt".} +proc constInt(ty: TypeRef, n: culonglong, signExtend: LlvmBool): ValueRef {.used, importc: "LLVMConstInt".} proc constReal*(ty: TypeRef, n: cdouble): ValueRef {.importc: "LLVMConstReal".} proc constNull*(ty: TypeRef): ValueRef {.importc: "LLVMConstNull".} proc constAllOnes*(ty: TypeRef): ValueRef {.importc: "LLVMConstAllOnes".} -proc constStruct( - constantVals: openArray[ValueRef], - packed: LlvmBool): ValueRef {.wrapOpenArrayLenType: cuint, importc: "LLVMConstStruct".} proc constArray*( ty: TypeRef, constantVals: openArray[ValueRef], @@ -460,7 +453,7 @@ proc position*(builder: BuilderRef, blck: BasicBlockRef, instr: ValueRef) {.impo proc positionBefore*(builder: BuilderRef, instr: ValueRef) {.importc: "LLVMPositionBuilderBefore".} proc positionAtEnd*(builder: BuilderRef, blck: BasicBlockRef) {.importc: "LLVMPositionBuilderAtEnd".} -proc getInsertBlock(builder: BuilderRef): BasicBlockRef {.importc: "LLVMGetInsertBlock".} +proc getInsertBlock(builder: BuilderRef): BasicBlockRef {.used, importc: "LLVMGetInsertBlock".} ## This function is not documented and probably for special use ## However due to https://github.com/llvm/llvm-project/issues/59875 ## it's our workaround to get the context of a Builder diff --git a/constantine/platforms/gpu/ir.nim b/constantine/platforms/gpu/ir.nim index e311679..51046c6 100644 --- a/constantine/platforms/gpu/ir.nim +++ b/constantine/platforms/gpu/ir.nim @@ -268,7 +268,6 @@ func getNumWords*(cm: CurveMetadata, field: Field): int {.inline.} = return cm.fr.modulus.len func getModulus*(cm: CurveMetadata, field: Field): lent seq[ConstValueRef] {.inline.} = - # TODO: replace static typing, the returned type is incorrect for 64-bit case field of fp: return cm.fp.modulus diff --git a/constantine/platforms/gpu/llvm.nim b/constantine/platforms/gpu/llvm.nim index c9a58a8..4f37557 100644 --- a/constantine/platforms/gpu/llvm.nim +++ b/constantine/platforms/gpu/llvm.nim @@ -144,8 +144,6 @@ template emitToString*(t: TargetMachineRef, m: ModuleRef, codegen: CodeGenFileTy proc initializePasses* = let registry = getGlobalPassRegistry() - # TODO: Some passes in llc aren't exposed - # https://github.com/llvm/llvm-project/blob/main/llvm/tools/llc/llc.cpp registry.initializeCore() registry.initializeTransformUtils() registry.initializeScalarOpts() @@ -206,7 +204,4 @@ proc getName*(v: ValueRef): string = proc constInt*(ty: TypeRef, n: uint64, signExtend = false): ConstValueRef {.inline.} = ConstValueRef constInt(ty, culonglong(n), LlvmBool(signExtend)) -proc constStruct*(constantVals: openArray[ValueRef], packed = false): ConstValueRef {.inline.} = - ConstValueRef constStruct(constantVals, LlvmBool(packed)) - proc getTypeOf*(v: ConstValueRef): TypeRef {.borrow.} diff --git a/constantine/platforms/isa/macro_assembler_x86.nim b/constantine/platforms/isa/macro_assembler_x86.nim index d9061fc..2f3a75c 100644 --- a/constantine/platforms/isa/macro_assembler_x86.nim +++ b/constantine/platforms/isa/macro_assembler_x86.nim @@ -125,8 +125,6 @@ func hash(od: OperandDesc): Hash = except: raise newException(Defect, "Broke Nim") -# TODO: remove the need of OperandArray - func len*(opArray: OperandArray): int = opArray.buf.len @@ -592,7 +590,6 @@ func codeFragment(a: var Assembler_x86, instr: string, op0: Operand, op1: Operan a.operands.incl op0.desc func reuseRegister*(reg: OperandArray): OperandReuse = - # TODO: disable the reg input doAssert reg.buf[0].desc.constraint == InputOutput result.asmId = reg.buf[0].desc.asmId diff --git a/helpers/prng_unsafe.nim b/helpers/prng_unsafe.nim index 7b19267..89c3107 100644 --- a/helpers/prng_unsafe.nim +++ b/helpers/prng_unsafe.nim @@ -383,7 +383,7 @@ func random_unsafe*(rng: var RngState, T: typedesc): T = when T is ECP: rng.random_unsafe(result) elif T is SomeNumber: - cast[T](rng.next()) # TODO: Rely on casting integer actually converting in C (i.e. uint64->uint32 is valid) + cast[T](rng.next()) elif T is BigInt: rng.random_unsafe(result) else: # Fields @@ -400,7 +400,7 @@ func random_highHammingWeight*(rng: var RngState, T: typedesc): T = when T is ECP: rng.random_highHammingWeight(result) elif T is SomeNumber: - cast[T](rng.next()) # TODO: Rely on casting integer actually converting in C (i.e. uint64->uint32 is valid) + cast[T](rng.next()) elif T is BigInt: rng.random_highHammingWeight(result) else: # Fields @@ -417,7 +417,7 @@ func random_long01Seq*(rng: var RngState, T: typedesc): T = when T is ECP: rng.random_long01Seq(result) elif T is SomeNumber: - cast[T](rng.next()) # TODO: Rely on casting integer actually converting in C (i.e. uint64->uint32 is valid) + cast[T](rng.next()) elif T is BigInt: rng.random_long01Seq(result) else: # Fields diff --git a/tests/math/t_ec_shortw_jac_g1_mul_sanity.nim b/tests/math/t_ec_shortw_jac_g1_mul_sanity.nim index 2ef5024..0b2e3f0 100644 --- a/tests/math/t_ec_shortw_jac_g1_mul_sanity.nim +++ b/tests/math/t_ec_shortw_jac_g1_mul_sanity.nim @@ -58,11 +58,6 @@ suite "Order checks on BN254_Snarks": test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) test(ECP_ShortW_Jac[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) - # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder - # with h the curve cofactor - # instead of the full group - # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = false) - # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) test "Not a point on the curve / not a square - #67": var ax, ay: Fp[BN254_Snarks] diff --git a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim index f66d60b..c915196 100644 --- a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim +++ b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_377.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_377 ) - -# TODO: the order on E'(Fp2) for BLS curves is ??? with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_jacobian_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Jac[Fp2[BLS12_377]], bits = BLS12_377.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Jac[Fp2[BLS12_377]], bits = BLS12_377.getCurveOrderBitwidth(), randZ = true) diff --git a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim index 2a124b2..7f3dbfe 100644 --- a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim +++ b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bls12_381.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BLS12_381 ) - -# TODO: the order on E'(Fp2) for BLS curves is ??? with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_jacobian_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Jac[Fp2[BLS12_381]], bits = BLS12_381.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Jac[Fp2[BLS12_381]], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) diff --git a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim index 0e9289c..2a8587e 100644 --- a/tests/math/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim +++ b/tests/math/t_ec_shortw_jac_g2_mul_sanity_bn254_snarks.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_jacobian_g2_mul_sanity_" & $BN254_Snarks ) - -# TODO: the order on E'(Fp2) for BN curve is r∗(2p−r) with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_jacobian_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Jac[Fp2[BN254_Snarks]], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Jac[Fp2[BN254_Snarks]], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) diff --git a/tests/math/t_ec_shortw_prj_g1_mul_sanity.nim b/tests/math/t_ec_shortw_prj_g1_mul_sanity.nim index bab806e..88e9123 100644 --- a/tests/math/t_ec_shortw_prj_g1_mul_sanity.nim +++ b/tests/math/t_ec_shortw_prj_g1_mul_sanity.nim @@ -58,11 +58,6 @@ suite "Order checks on BN254_Snarks": test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) test(ECP_ShortW_Prj[Fp[BN254_Snarks], G1], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true) - # TODO: BLS12 is using a subgroup of order "r" such as r*h = CurveOrder - # with h the curve cofactor - # instead of the full group - # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = G1) - # test(Fp[BLS12_381], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) test "Not a point on the curve / not a square - #67": var ax, ay: Fp[BN254_Snarks] diff --git a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim index 2bed3d0..d1aa0e4 100644 --- a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim +++ b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_377.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_377 ) - -# TODO: the order on E'(Fp2) for BLS curves is ??? with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_projective_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Prj[Fp2[BLS12_377]], bits = BLS12_377.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Prj[Fp2[BLS12_377]], bits = BLS12_377.getCurveOrderBitwidth(), randZ = true) diff --git a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim index 3af1726..7633fed 100644 --- a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim +++ b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bls12_381.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BLS12_381 ) - -# TODO: the order on E'(Fp2) for BLS curves is ??? with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_projective_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Prj[Fp2[BLS12_381]], bits = BLS12_381.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Prj[Fp2[BLS12_381]], bits = BLS12_381.getCurveOrderBitwidth(), randZ = true) diff --git a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim index f5d00dd..2a95664 100644 --- a/tests/math/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim +++ b/tests/math/t_ec_shortw_prj_g2_mul_sanity_bn254_snarks.nim @@ -23,34 +23,3 @@ run_EC_mul_sanity_tests( ItersMul = ItersMul, moduleName = "test_ec_shortweierstrass_projective_g2_mul_sanity_" & $BN254_Snarks ) - -# TODO: the order on E'(Fp2) for BN curve is r∗(2p−r) with r the order on E(Fp) -# -# test "EC mul [Order]P == Inf": -# var rng: RngState -# let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32 -# rng.seed(seed) -# echo "test_ec_shortweierstrass_projective_g1_mul_sanity_extra_curve_order_mul_sanity xoshiro512** seed: ", seed -# -# proc test(EC: typedesc, bits: static int, randZ: static bool) = -# for _ in 0 ..< ItersMul: -# when randZ: -# let a = rng.random_unsafe_with_randZ(EC) -# else: -# let a = rng.random_unsafe(EC) -# -# let exponent = F.C.getCurveOrder() -# -# var -# impl = a -# reference = a -# -# impl.scalarMulGeneric(exponent) -# reference.unsafe_ECmul_double_add(exponent) -# -# check: -# bool(impl.isInf()) -# bool(reference.isInf()) -# -# test(ECP_ShortW_Prj[Fp2[BN254_Snarks]], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = false) -# test(ECP_ShortW_Prj[Fp2[BN254_Snarks]], bits = BN254_Snarks.getCurveOrderBitwidth(), randZ = true)