a340d9500a9c45e5c261174f48b3eb18b3b3647d ci: add int128_struct tests (Jonas Nick)
dceaa1f57963d1a88b24974eab4b49baac6d04cd int128: Tidy #includes of int128.h and int128_impl.h (Tim Ruffing)
2914bccbc0913806ee64425a27d38cdc27b288e8 Simulated int128 type. (Russell O'Connor)
Pull request description:
Abstracts the int128 type and provides an native version, if available, or a implements it using a pair of int64_t's.
This is activated by setting the configuration flag `--with-test-override-wide-multiply=int128_struct`.
The primary purpose of this PR is to take advantage of MSVC's [umulh](https://docs.microsoft.com/en-us/cpp/intrinsics/umulh?view=msvc-170) intrinsic that we can use to simulate an int128 type which MSVC does not have (AFAIU). This PR lays out the groundwork for this level of MSVC support, but doesn't include the configuration logic to enable it yet.
For completeness, and implementation of `umulh` and `mulh` are also provided for compilers that support neither the intrinsic nor the int128 type (such as CompCert?). This also opens up the possibility of removing the 32-bit field and scalar implementations should that ever be desired.
ACKs for top commit:
sipa:
ACK a340d9500a9c45e5c261174f48b3eb18b3b3647d
jonasnick:
ACK a340d9500a9c45e5c261174f48b3eb18b3b3647d
Tree-SHA512: b4f2853fa3ab60ce9d77b4eaee1fd20c4b612850e19fcb3179d7e36986f420c6c4589ff72f0cf844f989584ace49a1cd23cca3f4e405dabefc8da647a0df679d
After this commit, int128.h and int128_impl.h are included as follows:
- .c files which use int128 include int128_impl.h (after util.h)
- .h files which use int128 include int128.h (after util.h)
This list is exhaustive. util.h needs to included first because it sets
up necessary #defines.
Currently CHECK is used only in test and bench mark files except for one
usage in `ecmult_impl.h`.
We would like to move the definition of CHECK out of `util.h` so that
`util.h` no longer has a hard dependency on `stdio.h`.
Done in preparation for moving the definition of `CHECK` as part of an
effort to allow secp256k1 to be compiled to WASM as part of
`rust-secp256k1`.
Provides a method that will give an upper bound on the size of a rangeproof,
given an upper bound on the value to be passed in and an upper bound on the
min_bits parameter.
There is a lot of design freedom here since the actual size of the rangeproof
depends on every parameter passed to rangeproof_sign, including the value to
be proven, often in quite intricate ways. For the sake of simplicity we assume
a nonzero `min_value` and that `exp` will be 0 (the default, and size-maximizing,
choice), and provide an exact value for a proof of the given value and min_bits.
5ac8fb035e8f0ad012d9f54b49e77b5d1f5e713a surjectionproof: make sure that n_used_pubkeys > 0 in generate (Jonas Nick)
Pull request description:
ACKs for top commit:
apoelstra:
utACK 5ac8fb035e8f0ad012d9f54b49e77b5d1f5e713a
Tree-SHA512: 915f7181e69e2c4e1f830d6c2620a2d9b0af4d2ae8a63709b489b01ed9e13ccfeeaedebd4680cf2d927cd473a6ae88602cf29e2fdd116cb597fba6c0ab77720d
If the proof was generated with surjectionproof_initialize (as mandated by the
API docs), then n_used_pubkeys can never be 0. Without this commit, compilers
will (rightfully) warn that borromean_s[ring_input_index] is not initialized in
surjectionproof_generate. Therefore, this commit makes sure that n_used_pubkeys
is greater than 0 which ensures that the array is initialized at
ring_input_index.
17065f48ae261c6949dab74a7c197ac13b52eb1b tests: Randomize the context with probability 15/16 instead of 1/4 (Tim Ruffing)
Pull request description:
ACKs for top commit:
sipa:
ACK 17065f48ae261c6949dab74a7c197ac13b52eb1b
jonasnick:
ACK 17065f48ae261c6949dab74a7c197ac13b52eb1b
Tree-SHA512: 3b7005770007b922a294be610f23da60b0dde74dfd7585d64a2cb04eaa6ec879de8d21a0ade31c1857019a8dd97260fa3aa167ae16fc55027ef280a3e3feaa6d
Whenever I read this code, I first think that rescaling ctx->initial is
a dead store because we overwrite it later with gb. But that's wrong.
The rescaling blinds the computation of gb and affects its result.
Running the RNG is pointless if no seed is available because the key
will be fixed. The computation just wastes time.
Previously, users could avoid this computation at least by asking for
a context without signing capabilities. But since 3b0c218 we always
build an ecmult_gen context, ignoring the context flags. Moreover,
users could never avoid this pointless computation when asking for
the creation of a signing context.
This simplifies building without a build system.
This is in line with #925; the paths fixed here were either forgotten
there or only introduced later. This commit also makes the Makefile
stricter so that further "wrong" #include paths will lead to build
errors even in autotools builds.
This belongs to #929.
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
49e2acd927ce9eb806cc10f3a1fd89a9ddd081e2 configure: Improve rationale for WERROR_CFLAGS (Tim Ruffing)
8dc4b03341c85a3be91e559d05771c51e60b0eba ci: Add a C++ job that compiles the public headers without -fpermissive (Tim Ruffing)
51f296a46c0b318b8dd572ef9ac3bb3a4140ae63 ci: Run persistent wineserver to speed up wine (Tim Ruffing)
3fb3269c22c25de3b720ad139dcf4e3cff9eda1a ci: Add 32-bit MinGW64 build (Tim Ruffing)
9efc2e5221560d19dd750e0ba32c03d4ee091227 ci: Add MSVC builds (Tim Ruffing)
2be6ba0fedd0d2d62ba6f346d7ced7abde0d66e4 configure: Convince autotools to work with MSVC's archiver lib.exe (Tim Ruffing)
bd81f4140a4228b1df3a9f631e2d207a197ae614 schnorrsig bench: Suppress a stupid warning in MSVC (Tim Ruffing)
09f3d71c51a9621653d766e2fe7e657534e57bd6 configure: Add a few CFLAGS for MSVC (Tim Ruffing)
3b4f3d0d46dd278fbe4ffa68b1b6e14e3ea3b17f build: Reject C++ compilers in the preprocessor (Tim Ruffing)
1cc09414149d0c0c6a4a500d83efc3bd66f3ebcd configure: Don't abort if the compiler does not define __STDC__ (Tim Ruffing)
cca8cbbac84624fd350efc4086af25a06dcf8090 configure: Output message when checking for valgrind (Tim Ruffing)
1a6be5745fcf9f90e4218b73712b71ea06361792 bench: Make benchmarks compile on MSVC (Tim Ruffing)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 49e2acd927ce9eb806cc10f3a1fd89a9ddd081e2
Tree-SHA512: 986c498fb218231fff3519167d34a92e11dea6a4383788a9723be105c20578cd483c6b06ba5686c6669e3a02cfeebc29b8e5f1428552ebf4ec67fa7a86957548
2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d Save negations in var-time group addition (Peter Dettman)
Pull request description:
- Updated _gej_add_var, _gej_add_ge_var, _gej_add_zinv_var
- 2 fewer _fe_negate in each method
- Updated operation counts and standardize layout
- Added internal benchmark for _gej_add_zinv_var
benchmark_internal shows about 2% speedup in each method as a result (64bit).
ACKs for top commit:
real-or-random:
ACK 2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d
jonasnick:
ACK 2f984ffc45eba89faa9e79da3d5d5bd50a6c1c3d
Tree-SHA512: 01366fa23c83a8dd37c9a0a24e0acc53ce38a201607fe4da6672ea5618d82c62d1299f0e0aa50317883821539af739ea52b6561faff230c148e6fdc5bc5af30b
