Add a secp256k1_i128_to_u64 function. #1158

pull roconnor-blockstream wants to merge 2 commits into bitcoin-core:master from roconnor-blockstream:20221117_i128_to_u64 changing 5 files +61 −43
  1. roconnor-blockstream commented at 6:56 pm on November 17, 2022: contributor

    I wanted to experiment with what would be required to split up secp256k1_i128_to_i64 between those cases when a signed 64 bit value is being demoted, versus an unsigned 64 bit value is being extracted from the lower bits, and this is the result.

    I’m not sure this is a useful PR, so feel free to close it. However, since it is already written, I figured it is worth at least discussing.

  2. roconnor-blockstream force-pushed on Nov 17, 2022
  3. sipa commented at 11:55 pm on November 17, 2022: contributor

    Concept ACK. I think that much more closely matches the semantics we want: extracting the bottom 64 bits of a 128 bits number as a signed integer, when the value is not in $[-2^{63},2^{63})$, is mathematically nonsense.

    Also happy to rebase #1156 on top of this (it’ll simplify things a bit there too).

  4. roconnor-blockstream commented at 0:23 am on November 18, 2022: contributor
    As far as C-semantics is goes, these two functions correspond to the (uint64_t)(...) and (int64_t)(...) cast operations, which are distinct.
  5. sipa commented at 1:20 am on November 18, 2022: contributor
    @roconnor-blockstream I understand. What I mean is that casting an int128_t to int64_t is nonsensical when the represented value exceeds the bounds of an int64_t. An int128_t value is really equal to $2^{64}h + l$, with int64_t $h$ and uint64_t $l$
  6. roconnor-blockstream commented at 1:31 am on November 18, 2022: contributor
    Yep I agree with you. I only meant to add on top of what you were saying.
  7. peterdettman commented at 1:46 am on November 18, 2022: contributor
    I have to object to calling the centered modulo (cmod 2^64) mathematical nonsense.
  8. roconnor-blockstream force-pushed on Nov 18, 2022
  9. in src/int128_native_impl.h:63 in 67b0d9b79a outdated 
    58@@ -59,7 +59,12 @@ static SECP256K1_INLINE void secp256k1_i128_rshift(secp256k1_int128 *r, unsigned
59    *r >>= n;
60 }
61 
62+static SECP256K1_INLINE uint64_t secp256k1_i128_to_u64(const secp256k1_int128 *a) {
63+   return *a;
    real-or-random commented at 3:28 am on November 18, 2022:

    nit, just for clarity:

    0   return (uint64_t)*a;
  10. in src/int128_struct_impl.h:164 in 67b0d9b79a outdated 
    160+}
161+
162 static SECP256K1_INLINE int64_t secp256k1_i128_to_i64(const secp256k1_int128 *a) {
163-   return (int64_t)a->lo;
164+   /* Verify that a represents a 64 bit signed value by checking that the high bits are a sign extension of the low bits. */
165+   VERIFY_CHECK(a->hi == -(uint64_t)(0x8000000000000000u == (0x8000000000000000u & a->lo)));
    real-or-random commented at 3:35 am on November 18, 2022: 
    0   VERIFY_CHECK(a->hi == -(a->lo >> 63));

    I find this easier to read (but it may just be me)

    roconnor-blockstream commented at 4:01 pm on November 18, 2022:
    Thank you. I was fishing around for a good way to write this.
  11. real-or-random commented at 3:41 am on November 18, 2022: contributor
    Concept ACK
  12. roconnor-blockstream force-pushed on Nov 18, 2022
  13. real-or-random commented at 7:46 pm on November 18, 2022: contributor
    I think it would make sense to change the M62 to unsigned also in secp256k1_modinv64_normalize_62, and then let the VERIFY part of that function deal with the consequences of this. (It feels cleaner to optimize the cleanness of the real code instead of the test code.)
  14. roconnor-blockstream commented at 10:10 pm on November 18, 2022: contributor
    @real-or-random M62 is also used in r0 &= M62. Are you sure you want to get into the logic of mixing signed and unsigned bitwise operations?
  15. real-or-random commented at 10:58 pm on November 18, 2022: contributor
    Ok, you’re right, that’s not a good idea. I didn’t think that through entirely.
  16. sipa commented at 10:24 pm on November 19, 2022: contributor
    Rebased version: https://github.com/sipa/secp256k1/commits/202211_int128
  17. Add a secp256k1_i128_to_u64 function. 4bc429019d
  18. roconnor-blockstream force-pushed on Nov 21, 2022
  19. roconnor-blockstream commented at 4:07 pm on November 21, 2022: contributor
    I still need to add a /* test secp256k1_i128_to_i64 */ section to tests.c.
  20. test secp256k1_i128_to_i64 d216475205
  21. roconnor-blockstream commented at 4:18 pm on November 21, 2022: contributor
    I added a test.
  22. sipa commented at 6:11 pm on November 21, 2022: contributor
    utACK d21647520532957a78027be1ab606b814a2ec720
  23. real-or-random approved
  24. real-or-random commented at 4:13 pm on December 21, 2022: contributor
    ACK d21647520532957a78027be1ab606b814a2ec720
  25. real-or-random merged this on Dec 21, 2022
  26. real-or-random closed this on Dec 21, 2022
  27. roconnor-blockstream referenced this in commit b92fe86c45 on Jan 10, 2023
  28. roconnor-blockstream deleted the branch on Jan 10, 2023
  29. roconnor-blockstream commented at 7:57 pm on January 10, 2023: contributor
    I’ve updated my proofs to cover the updates in this PR and the previous PR #1156. You can “browse” the proof at https://htmlpreview.github.io/?https://github.com/ElementsProject/simplicity/blob/a3c5213a81ee4cdd51b6b39080258d51f987f199/alectryon/verif_int128_impl.v.html.
  30. dhruv referenced this in commit 78b5ddf28b on Jan 11, 2023
  31. dhruv referenced this in commit 215394a1d5 on Jan 11, 2023
  32. dhruv referenced this in commit 6aeec7c530 on Jan 13, 2023
  33. dhruv referenced this in commit 863cf15b37 on Jan 13, 2023
  34. dhruv referenced this in commit 61f942a096 on Jan 23, 2023
  35. dhruv referenced this in commit 4d33046ce3 on Feb 1, 2023
  36. dhruv referenced this in commit 55e7f2cf2b on Feb 2, 2023
  37. stratospher referenced this in commit 647f63669e on Feb 6, 2023
  38. dhruv referenced this in commit a4351c0df6 on Feb 20, 2023
  39. stratospher referenced this in commit 23f825fc8b on Feb 21, 2023
  40. hebasto referenced this in commit 7c0cc5d976 on Mar 7, 2023
  41. dhruv referenced this in commit a5df79db12 on Mar 7, 2023
  42. dhruv referenced this in commit 77b510d84c on Mar 7, 2023
  43. sipa referenced this in commit 763079a3f1 on Mar 8, 2023
  44. div72 referenced this in commit 945b094575 on Mar 14, 2023
  45. vmta referenced this in commit e1120c94a1 on Jun 4, 2023
  46. vmta referenced this in commit 8f03457eed on Jul 1, 2023
  47. jonasnick cross-referenced this on Jul 19, 2023 from issue Upstream PRs 1174, 1154, 1178, 1177, 1171, 1158, 1183, 1185, 1186, 1188, 1187 by jonasnick


roconnor-blockstream sipa peterdettman real-or-random

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 19:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me