Tighter verification bounds in mul/sqr #167
Conversation
|
So, the numbers I came up for the verification are to the extent possible, "mechanical", meaning that you only need to look at previous bounds of input variables, and the operations done on them, to obtain the new ones. Those are very likely not the smallest possible ones, but their only purpose is for review/testing to assure that no overflows happen. I'd like to keep the numbers that way, as they are easy to verify locally ("pick a random piece of a lines of code, and verify that - assuming former bounds are correct - the newer ones are correct to"). Is this what you're doing too, or actually trying to find the strictest bounds possible? |
|
I did strict calculations where they were already present. There are at least a couple of larger corrections which should at least be made (relating to products of the top limb(s)), which kind of led me to review the rest. Most of the rest is reasoned like e.g. a quantity is 63 bits because it is the sum of 5 30x30-bit products, which actually "leaves room for" 3 more 60-bit values, the carry-in accounts for only one of them, so this extra add fits too... this sort of reasoning. It depends on more information than just the previous VERIFY_BITS statement, so probably this is what you'd rather not have?. |
peterdettman
force-pushed
the
mul-sqr-verify
branch
from
536fc18
to
82872d9
Compare
I reviewed the VERIFY_BITS bounds-checking for 32bit and 64bit mul/sqr implementations, finding various places where stricter bounds can be specified (I found no cases of over-strictness).