Coverage Report

Created: 2026-06-08 06:48

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/gmp/mpn/powlo.c
Line
Count
Source
1
/* mpn_powlo -- Compute R = U^E mod B^n, where B is the limb base.
2
3
Copyright 2007-2009, 2012, 2015, 2016, 2018, 2020 Free Software
4
Foundation, Inc.
5
6
This file is part of the GNU MP Library.
7
8
The GNU MP Library is free software; you can redistribute it and/or modify
9
it under the terms of either:
10
11
  * the GNU Lesser General Public License as published by the Free
12
    Software Foundation; either version 3 of the License, or (at your
13
    option) any later version.
14
15
or
16
17
  * the GNU General Public License as published by the Free Software
18
    Foundation; either version 2 of the License, or (at your option) any
19
    later version.
20
21
or both in parallel, as here.
22
23
The GNU MP Library is distributed in the hope that it will be useful, but
24
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
25
or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
26
for more details.
27
28
You should have received copies of the GNU General Public License and the
29
GNU Lesser General Public License along with the GNU MP Library.  If not,
30
see https://www.gnu.org/licenses/.  */
31
32
33
#include "gmp-impl.h"
34
#include "longlong.h"
35
36
37
#define getbit(p,bi) \
38
445k
  ((p[(bi - 1) / GMP_LIMB_BITS] >> (bi - 1) % GMP_LIMB_BITS) & 1)
39
40
static inline mp_limb_t
41
getbits (const mp_limb_t *p, mp_bitcnt_t bi, unsigned nbits)
42
144k
{
43
144k
  unsigned nbits_in_r;
44
144k
  mp_limb_t r;
45
144k
  mp_size_t i;
46
47
144k
  if (bi <= nbits)
48
1.42k
    {
49
1.42k
      return p[0] & (((mp_limb_t) 1 << bi) - 1);
50
1.42k
    }
51
143k
  else
52
143k
    {
53
143k
      bi -= nbits;      /* bit index of low bit to extract */
54
143k
      i = bi / GMP_NUMB_BITS;   /* word index of low bit to extract */
55
143k
      bi %= GMP_NUMB_BITS;   /* bit index in low word */
56
143k
      r = p[i] >> bi;     /* extract (low) bits */
57
143k
      nbits_in_r = GMP_NUMB_BITS - bi;  /* number of bits now in r */
58
143k
      if (nbits_in_r < nbits)    /* did we get enough bits? */
59
7.60k
  r += p[i + 1] << nbits_in_r; /* prepend bits from higher word */
60
143k
      return r & (((mp_limb_t) 1 << nbits) - 1);
61
143k
    }
62
144k
}
63
64
static inline unsigned
65
win_size (mp_bitcnt_t eb)
66
2.50k
{
67
2.50k
  unsigned k;
68
2.50k
  static mp_bitcnt_t x[] = {7,25,81,241,673,1793,4609,11521,28161,~(mp_bitcnt_t)0};
69
2.50k
  ASSERT (eb > 1);
70
11.1k
  for (k = 0; eb > x[k++];)
71
8.60k
    ;
72
2.50k
  return k;
73
2.50k
}
74
75
/* rp[n-1..0] = bp[n-1..0] ^ ep[en-1..0] mod B^n, B is the limb base.
76
   Requires that ep[en-1] is non-zero.
77
   Uses scratch space tp[3n-1..0], i.e., 3n words.  */
78
/* We only use n words in the scratch space, we should pass tp + n to
79
   mullo/sqrlo as a temporary area, it is needed. */
80
void
81
mpn_powlo (mp_ptr rp, mp_srcptr bp,
82
     mp_srcptr ep, mp_size_t en,
83
     mp_size_t n, mp_ptr tp)
84
2.50k
{
85
2.50k
  unsigned cnt;
86
2.50k
  mp_bitcnt_t ebi;
87
2.50k
  unsigned windowsize, this_windowsize;
88
2.50k
  mp_limb_t expbits;
89
2.50k
  mp_limb_t *pp;
90
2.50k
  long i;
91
2.50k
  int flipflop;
92
2.50k
  TMP_DECL;
93
94
2.50k
  ASSERT (en > 1 || (en == 1 && ep[0] > 1));
95
96
2.50k
  TMP_MARK;
97
98
2.50k
  MPN_SIZEINBASE_2EXP(ebi, ep, en, 1);
99
100
2.50k
  windowsize = win_size (ebi);
101
2.50k
  if (windowsize > 1)
102
2.43k
    {
103
2.43k
      mp_limb_t *this_pp, *last_pp;
104
2.43k
      ASSERT (windowsize < ebi);
105
106
2.43k
      pp = TMP_ALLOC_LIMBS ((n << (windowsize - 1)));
107
108
2.43k
      this_pp = pp;
109
110
2.43k
      MPN_COPY (this_pp, bp, n);
111
112
      /* Store b^2 in tp.  */
113
2.43k
      mpn_sqrlo (tp, bp, n);
114
115
      /* Precompute odd powers of b and put them in the temporary area at pp.  */
116
2.43k
      i = (1 << (windowsize - 1)) - 1;
117
2.43k
      do
118
34.2k
  {
119
34.2k
    last_pp = this_pp;
120
34.2k
    this_pp += n;
121
34.2k
    mpn_mullo_n (this_pp, last_pp, tp, n);
122
34.2k
  } while (--i != 0);
123
124
2.43k
      expbits = getbits (ep, ebi, windowsize);
125
2.43k
      ebi -= windowsize;
126
127
      /* THINK: Should we initialise the case expbits % 4 == 0 with a mullo? */
128
2.43k
      count_trailing_zeros (cnt, expbits);
129
2.43k
      ebi += cnt;
130
2.43k
      expbits >>= cnt;
131
132
2.43k
      MPN_COPY (rp, pp + n * (expbits >> 1), n);
133
2.43k
    }
134
72
  else
135
72
    {
136
72
      pp = tp + n;
137
72
      MPN_COPY (pp, bp, n);
138
72
      MPN_COPY (rp, bp, n);
139
72
      --ebi;
140
72
    }
141
142
2.50k
  flipflop = 0;
143
144
2.50k
  do
145
144k
    {
146
445k
      while (getbit (ep, ebi) == 0)
147
303k
  {
148
303k
    mpn_sqrlo (tp, rp, n);
149
303k
    MP_PTR_SWAP (rp, tp);
150
303k
    flipflop = ! flipflop;
151
303k
    if (--ebi == 0)
152
2.04k
      goto done;
153
303k
  }
154
155
      /* The next bit of the exponent is 1.  Now extract the largest block of
156
   bits <= windowsize, and such that the least significant bit is 1.  */
157
158
142k
      expbits = getbits (ep, ebi, windowsize);
159
142k
      this_windowsize = MIN (windowsize, ebi);
160
161
142k
      count_trailing_zeros (cnt, expbits);
162
142k
      this_windowsize -= cnt;
163
142k
      ebi -= this_windowsize;
164
142k
      expbits >>= cnt;
165
166
408k
      while (this_windowsize > 1)
167
265k
  {
168
265k
    mpn_sqrlo (tp, rp, n);
169
265k
    mpn_sqrlo (rp, tp, n);
170
265k
    this_windowsize -= 2;
171
265k
  }
172
173
142k
      if (this_windowsize != 0)
174
71.7k
  mpn_sqrlo (tp, rp, n);
175
70.4k
      else
176
70.4k
  {
177
70.4k
    MP_PTR_SWAP (rp, tp);
178
70.4k
    flipflop = ! flipflop;
179
70.4k
  }
180
181
142k
      mpn_mullo_n (rp, tp, pp + n * (expbits >> 1), n);
182
142k
    } while (ebi != 0);
183
184
2.50k
 done:
185
2.50k
  if (flipflop)
186
1.55k
    MPN_COPY (tp, rp, n);
187
2.50k
  TMP_FREE;
188
2.50k
}