From cadf21380ea45283baf61c6a625707151f7653c3 Mon Sep 17 00:00:00 2001 From: Jason Gross Date: Tue, 15 Jan 2019 15:53:34 -0500 Subject: [PATCH 1/2] Add a rewrite rule to collapse constant casts If, e.g., we know from bounds analysis that the result of an operation fits in the range r[0~>0], we now just replace it with the literal constant. Fixes #493 After | File Name | Before || Change | % Change -------------------------------------------------------------------------------------------- 21m22.14s | Total | 21m22.79s || -0m00.65s | -0.05% -------------------------------------------------------------------------------------------- 4m09.97s | PushButtonSynthesis.vo | 4m10.56s || -0m00.59s | -0.23% 3m09.12s | p384_32.c | 3m08.91s || +0m00.21s | +0.11% 2m05.94s | Rewriter.vo | 2m06.30s || -0m00.35s | -0.28% 1m56.58s | RewriterWf2.vo | 1m56.09s || +0m00.48s | +0.42% 1m52.39s | RewriterRulesGood.vo | 1m52.04s || +0m00.35s | +0.31% 1m46.01s | RewriterRulesInterpGood.vo | 1m45.79s || +0m00.21s | +0.20% 0m46.44s | RewriterInterpProofs1.vo | 0m46.47s || -0m00.03s | -0.06% 0m44.96s | ExtractionHaskell/word_by_word_montgomery | 0m45.59s || -0m00.63s | -1.38% 0m39.18s | p521_32.c | 0m39.33s || -0m00.14s | -0.38% 0m32.41s | p521_64.c | 0m32.54s || -0m00.13s | -0.39% 0m30.87s | ExtractionHaskell/unsaturated_solinas | 0m30.67s || +0m00.19s | +0.65% 0m24.32s | ExtractionHaskell/saturated_solinas | 0m24.44s || -0m00.12s | -0.49% 0m23.59s | RewriterWf1.vo | 0m24.10s || -0m00.51s | -2.11% 0m17.01s | ExtractionOCaml/word_by_word_montgomery | 0m17.14s || -0m00.12s | -0.75% 0m13.48s | secp256k1_32.c | 0m13.30s || +0m00.17s | +1.35% 0m13.11s | p256_32.c | 0m13.37s || -0m00.25s | -1.94% 0m11.34s | p484_64.c | 0m11.34s || +0m00.00s | +0.00% 0m10.78s | ExtractionOCaml/unsaturated_solinas | 0m10.79s || -0m00.00s | -0.09% 0m10.27s | ExtractionOCaml/word_by_word_montgomery.ml | 0m10.06s || +0m00.20s | +2.08% 0m08.11s | ExtractionOCaml/saturated_solinas | 0m07.92s || +0m00.18s | +2.39% 0m06.92s | ExtractionOCaml/unsaturated_solinas.ml | 0m07.02s || -0m00.09s | -1.42% 0m06.18s | ExtractionHaskell/word_by_word_montgomery.hs | 0m06.28s || -0m00.10s | -1.59% 0m06.13s | BoundsPipeline.vo | 0m05.98s || +0m00.14s | +2.50% 0m05.90s | p224_32.c | 0m05.92s || -0m00.01s | -0.33% 0m05.29s | p384_64.c | 0m05.33s || -0m00.04s | -0.75% 0m05.17s | ExtractionOCaml/saturated_solinas.ml | 0m05.20s || -0m00.03s | -0.57% 0m04.91s | ExtractionHaskell/unsaturated_solinas.hs | 0m04.93s || -0m00.01s | -0.40% 0m04.06s | ExtractionHaskell/saturated_solinas.hs | 0m04.00s || +0m00.05s | +1.49% 0m02.21s | curve25519_32.c | 0m02.22s || -0m00.01s | -0.45% 0m01.52s | curve25519_64.c | 0m01.50s || +0m00.02s | +1.33% 0m01.38s | CLI.vo | 0m01.42s || -0m00.04s | -2.81% 0m01.14s | RewriterProofs.vo | 0m01.13s || +0m00.01s | +0.88% 0m01.14s | StandaloneOCamlMain.vo | 0m00.96s || +0m00.17s | +18.74% 0m01.12s | StandaloneHaskellMain.vo | 0m01.03s || +0m00.09s | +8.73% 0m01.12s | secp256k1_64.c | 0m01.00s || +0m00.12s | +12.00% 0m01.05s | p256_64.c | 0m00.98s || +0m00.07s | +7.14% 0m01.03s | p224_64.c | 0m01.15s || -0m00.11s | -10.43% --- curve25519_32.c | 148 +- p224_32.c | 593 +++--- p224_64.c | 414 ++-- p256_32.c | 2490 +++++++++++------------ p256_64.c | 909 ++++----- p384_32.c | 1906 +++++++++--------- p384_64.c | 582 +++--- p484_64.c | 1025 +++++----- p521_32.c | 342 ++-- p521_64.c | 254 ++- secp256k1_32.c | 794 ++++---- secp256k1_64.c | 306 ++- src/PushButtonSynthesis.v | 30 +- src/Rewriter.v | 2 + src/RewriterRulesInterpGood.v | 6 +- src/arith_with_casts_rewrite_head.out | 2634 +++++++++++++------------ 16 files changed, 6006 insertions(+), 6429 deletions(-) diff --git a/curve25519_32.c b/curve25519_32.c index 5366ec40c0..5081417867 100644 --- a/curve25519_32.c +++ b/curve25519_32.c @@ -748,43 +748,42 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); uint8_t x82 = (uint8_t)(x80 >> 8); uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); - fiat_25519_uint1 x84 = (fiat_25519_uint1)(x82 >> 8); - uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff)); - uint32_t x86 = (x84 + x32); - uint32_t x87 = (x86 >> 8); - uint8_t x88 = (uint8_t)(x86 & UINT8_C(0xff)); - uint32_t x89 = (x87 >> 8); - uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); - fiat_25519_uint1 x91 = (fiat_25519_uint1)(x89 >> 8); - uint8_t x92 = (uint8_t)(x89 & UINT8_C(0xff)); - uint32_t x93 = (x91 + x45); - uint32_t x94 = (x93 >> 8); - uint8_t x95 = (uint8_t)(x93 & UINT8_C(0xff)); - uint32_t x96 = (x94 >> 8); - uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); - uint8_t x98 = (uint8_t)(x96 >> 8); - uint8_t x99 = (uint8_t)(x96 & UINT8_C(0xff)); - uint32_t x100 = (x98 + x44); - uint32_t x101 = (x100 >> 8); - uint8_t x102 = (uint8_t)(x100 & UINT8_C(0xff)); - uint32_t x103 = (x101 >> 8); - uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); - uint8_t x105 = (uint8_t)(x103 >> 8); - uint8_t x106 = (uint8_t)(x103 & UINT8_C(0xff)); - uint32_t x107 = (x105 + x43); - uint32_t x108 = (x107 >> 8); - uint8_t x109 = (uint8_t)(x107 & UINT8_C(0xff)); - uint32_t x110 = (x108 >> 8); - uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); - uint8_t x112 = (uint8_t)(x110 >> 8); - uint8_t x113 = (uint8_t)(x110 & UINT8_C(0xff)); - uint32_t x114 = (x112 + x42); - uint32_t x115 = (x114 >> 8); - uint8_t x116 = (uint8_t)(x114 & UINT8_C(0xff)); - uint32_t x117 = (x115 >> 8); - uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff)); - uint8_t x119 = (uint8_t)(x117 >> 8); - uint8_t x120 = (uint8_t)(x117 & UINT8_C(0xff)); + uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff)); + uint32_t x85 = (0x0 + x32); + uint32_t x86 = (x85 >> 8); + uint8_t x87 = (uint8_t)(x85 & UINT8_C(0xff)); + uint32_t x88 = (x86 >> 8); + uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); + fiat_25519_uint1 x90 = (fiat_25519_uint1)(x88 >> 8); + uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); + uint32_t x92 = (x90 + x45); + uint32_t x93 = (x92 >> 8); + uint8_t x94 = (uint8_t)(x92 & UINT8_C(0xff)); + uint32_t x95 = (x93 >> 8); + uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); + uint8_t x97 = (uint8_t)(x95 >> 8); + uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); + uint32_t x99 = (x97 + x44); + uint32_t x100 = (x99 >> 8); + uint8_t x101 = (uint8_t)(x99 & UINT8_C(0xff)); + uint32_t x102 = (x100 >> 8); + uint8_t x103 = (uint8_t)(x100 & UINT8_C(0xff)); + uint8_t x104 = (uint8_t)(x102 >> 8); + uint8_t x105 = (uint8_t)(x102 & UINT8_C(0xff)); + uint32_t x106 = (x104 + x43); + uint32_t x107 = (x106 >> 8); + uint8_t x108 = (uint8_t)(x106 & UINT8_C(0xff)); + uint32_t x109 = (x107 >> 8); + uint8_t x110 = (uint8_t)(x107 & UINT8_C(0xff)); + uint8_t x111 = (uint8_t)(x109 >> 8); + uint8_t x112 = (uint8_t)(x109 & UINT8_C(0xff)); + uint32_t x113 = (x111 + x42); + uint32_t x114 = (x113 >> 8); + uint8_t x115 = (uint8_t)(x113 & UINT8_C(0xff)); + uint32_t x116 = (x114 >> 8); + uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); + uint8_t x118 = (uint8_t)(x116 >> 8); + uint8_t x119 = (uint8_t)(x116 & UINT8_C(0xff)); out1[0] = x51; out1[1] = x53; out1[2] = x55; @@ -800,23 +799,23 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { out1[12] = x79; out1[13] = x81; out1[14] = x83; - out1[15] = x85; - out1[16] = x88; - out1[17] = x90; - out1[18] = x92; - out1[19] = x95; - out1[20] = x97; - out1[21] = x99; - out1[22] = x102; - out1[23] = x104; - out1[24] = x106; - out1[25] = x109; - out1[26] = x111; - out1[27] = x113; - out1[28] = x116; - out1[29] = x118; - out1[30] = x120; - out1[31] = x119; + out1[15] = x84; + out1[16] = x87; + out1[17] = x89; + out1[18] = x91; + out1[19] = x94; + out1[20] = x96; + out1[21] = x98; + out1[22] = x101; + out1[23] = x103; + out1[24] = x105; + out1[25] = x108; + out1[26] = x110; + out1[27] = x112; + out1[28] = x115; + out1[29] = x117; + out1[30] = x119; + out1[31] = x118; } /* @@ -880,30 +879,29 @@ static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) { uint8_t x52 = (uint8_t)(x51 >> 25); uint32_t x53 = (x51 & UINT32_C(0x1ffffff)); uint32_t x54 = (x52 + x41); - fiat_25519_uint1 x55 = (fiat_25519_uint1)(x54 >> 26); - uint32_t x56 = (x54 & UINT32_C(0x3ffffff)); - uint32_t x57 = (x55 + x40); - uint8_t x58 = (uint8_t)(x57 >> 25); - uint32_t x59 = (x57 & UINT32_C(0x1ffffff)); - uint32_t x60 = (x58 + x39); - uint8_t x61 = (uint8_t)(x60 >> 26); - uint32_t x62 = (x60 & UINT32_C(0x3ffffff)); - uint32_t x63 = (x61 + x38); - uint8_t x64 = (uint8_t)(x63 >> 25); - uint32_t x65 = (x63 & UINT32_C(0x1ffffff)); - uint32_t x66 = (x64 + x37); - uint8_t x67 = (uint8_t)(x66 >> 26); - uint32_t x68 = (x66 & UINT32_C(0x3ffffff)); - uint32_t x69 = (x67 + x36); + uint32_t x55 = (x54 & UINT32_C(0x3ffffff)); + uint32_t x56 = (0x0 + x40); + uint8_t x57 = (uint8_t)(x56 >> 25); + uint32_t x58 = (x56 & UINT32_C(0x1ffffff)); + uint32_t x59 = (x57 + x39); + uint8_t x60 = (uint8_t)(x59 >> 26); + uint32_t x61 = (x59 & UINT32_C(0x3ffffff)); + uint32_t x62 = (x60 + x38); + uint8_t x63 = (uint8_t)(x62 >> 25); + uint32_t x64 = (x62 & UINT32_C(0x1ffffff)); + uint32_t x65 = (x63 + x37); + uint8_t x66 = (uint8_t)(x65 >> 26); + uint32_t x67 = (x65 & UINT32_C(0x3ffffff)); + uint32_t x68 = (x66 + x36); out1[0] = x35; out1[1] = x47; out1[2] = x50; out1[3] = x53; - out1[4] = x56; - out1[5] = x59; - out1[6] = x62; - out1[7] = x65; - out1[8] = x68; - out1[9] = x69; + out1[4] = x55; + out1[5] = x58; + out1[6] = x61; + out1[7] = x64; + out1[8] = x67; + out1[9] = x68; } diff --git a/p224_32.c b/p224_32.c index 65d26dff1e..eda2b7e5fa 100644 --- a/p224_32.c +++ b/p224_32.c @@ -2100,475 +2100,472 @@ static void fiat_p224_from_montgomery(uint32_t out1[7], const uint32_t arg1[7]) fiat_p224_addcarryx_u32(&x38, &x39, x37, x26, x29); uint32_t x40; fiat_p224_uint1 x41; - fiat_p224_addcarryx_u32(&x40, &x41, x23, 0x0, 0x0); + fiat_p224_addcarryx_u32(&x40, &x41, 0x0, x32, x12); uint32_t x42; fiat_p224_uint1 x43; - fiat_p224_addcarryx_u32(&x42, &x43, 0x0, x24, x22); + fiat_p224_addcarryx_u32(&x42, &x43, x41, x34, x14); uint32_t x44; fiat_p224_uint1 x45; - fiat_p224_addcarryx_u32(&x44, &x45, x43, 0x0, (fiat_p224_uint1)x40); + fiat_p224_addcarryx_u32(&x44, &x45, x43, x36, x16); uint32_t x46; fiat_p224_uint1 x47; - fiat_p224_addcarryx_u32(&x46, &x47, x45, 0x0, x10); + fiat_p224_addcarryx_u32(&x46, &x47, x17, 0x0, x5); uint32_t x48; fiat_p224_uint1 x49; - fiat_p224_addcarryx_u32(&x48, &x49, x47, x32, x12); + fiat_p224_addcarryx_u32(&x48, &x49, x45, x38, x46); uint32_t x50; fiat_p224_uint1 x51; - fiat_p224_addcarryx_u32(&x50, &x51, x49, x34, x14); + fiat_p224_addcarryx_u32(&x50, &x51, x39, 0x0, x27); uint32_t x52; fiat_p224_uint1 x53; - fiat_p224_addcarryx_u32(&x52, &x53, x51, x36, x16); + fiat_p224_addcarryx_u32(&x52, &x53, x49, x50, 0x0); uint32_t x54; fiat_p224_uint1 x55; - fiat_p224_addcarryx_u32(&x54, &x55, x17, 0x0, x5); + fiat_p224_addcarryx_u32(&x54, &x55, x23, 0x0, 0x0); uint32_t x56; fiat_p224_uint1 x57; - fiat_p224_addcarryx_u32(&x56, &x57, x53, x38, x54); + fiat_p224_addcarryx_u32(&x56, &x57, 0x0, x24, x22); uint32_t x58; fiat_p224_uint1 x59; - fiat_p224_addcarryx_u32(&x58, &x59, x39, 0x0, x27); + fiat_p224_addcarryx_u32(&x58, &x59, x57, 0x0, (fiat_p224_uint1)x54); uint32_t x60; fiat_p224_uint1 x61; - fiat_p224_addcarryx_u32(&x60, &x61, x57, x58, 0x0); + fiat_p224_addcarryx_u32(&x60, &x61, 0x0, (arg1[2]), x58); uint32_t x62; fiat_p224_uint1 x63; - fiat_p224_addcarryx_u32(&x62, &x63, 0x0, (arg1[2]), x44); + fiat_p224_addcarryx_u32(&x62, &x63, x61, 0x0, x10); uint32_t x64; fiat_p224_uint1 x65; - fiat_p224_addcarryx_u32(&x64, &x65, x63, 0x0, x46); + fiat_p224_addcarryx_u32(&x64, &x65, x63, 0x0, x40); uint32_t x66; fiat_p224_uint1 x67; - fiat_p224_addcarryx_u32(&x66, &x67, x65, 0x0, x48); + fiat_p224_addcarryx_u32(&x66, &x67, x65, 0x0, x42); uint32_t x68; fiat_p224_uint1 x69; - fiat_p224_addcarryx_u32(&x68, &x69, x67, 0x0, x50); + fiat_p224_addcarryx_u32(&x68, &x69, x67, 0x0, x44); uint32_t x70; fiat_p224_uint1 x71; - fiat_p224_addcarryx_u32(&x70, &x71, x69, 0x0, x52); + fiat_p224_addcarryx_u32(&x70, &x71, x69, 0x0, x48); uint32_t x72; fiat_p224_uint1 x73; - fiat_p224_addcarryx_u32(&x72, &x73, x71, 0x0, x56); + fiat_p224_addcarryx_u32(&x72, &x73, x71, 0x0, x52); uint32_t x74; - fiat_p224_uint1 x75; - fiat_p224_addcarryx_u32(&x74, &x75, x73, 0x0, x60); + uint32_t x75; + fiat_p224_mulx_u32(&x74, &x75, x60, UINT32_C(0xffffffff)); uint32_t x76; - fiat_p224_uint1 x77; - fiat_p224_addcarryx_u32(&x76, &x77, x61, 0x0, 0x0); + uint32_t x77; + fiat_p224_mulx_u32(&x76, &x77, x74, UINT32_C(0xffffffff)); uint32_t x78; - fiat_p224_uint1 x79; - fiat_p224_addcarryx_u32(&x78, &x79, x75, 0x0, (fiat_p224_uint1)x76); + uint32_t x79; + fiat_p224_mulx_u32(&x78, &x79, x74, UINT32_C(0xffffffff)); uint32_t x80; uint32_t x81; - fiat_p224_mulx_u32(&x80, &x81, x62, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x80, &x81, x74, UINT32_C(0xffffffff)); uint32_t x82; uint32_t x83; - fiat_p224_mulx_u32(&x82, &x83, x80, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x82, &x83, x74, UINT32_C(0xffffffff)); uint32_t x84; - uint32_t x85; - fiat_p224_mulx_u32(&x84, &x85, x80, UINT32_C(0xffffffff)); + fiat_p224_uint1 x85; + fiat_p224_addcarryx_u32(&x84, &x85, 0x0, x80, x83); uint32_t x86; - uint32_t x87; - fiat_p224_mulx_u32(&x86, &x87, x80, UINT32_C(0xffffffff)); + fiat_p224_uint1 x87; + fiat_p224_addcarryx_u32(&x86, &x87, x85, x78, x81); uint32_t x88; - uint32_t x89; - fiat_p224_mulx_u32(&x88, &x89, x80, UINT32_C(0xffffffff)); + fiat_p224_uint1 x89; + fiat_p224_addcarryx_u32(&x88, &x89, x87, x76, x79); uint32_t x90; fiat_p224_uint1 x91; - fiat_p224_addcarryx_u32(&x90, &x91, 0x0, x86, x89); + fiat_p224_addcarryx_u32(&x90, &x91, 0x0, x74, x60); uint32_t x92; fiat_p224_uint1 x93; - fiat_p224_addcarryx_u32(&x92, &x93, x91, x84, x87); + fiat_p224_addcarryx_u32(&x92, &x93, x91, 0x0, x62); uint32_t x94; fiat_p224_uint1 x95; - fiat_p224_addcarryx_u32(&x94, &x95, x93, x82, x85); + fiat_p224_addcarryx_u32(&x94, &x95, x93, 0x0, x64); uint32_t x96; fiat_p224_uint1 x97; - fiat_p224_addcarryx_u32(&x96, &x97, 0x0, x80, x62); + fiat_p224_addcarryx_u32(&x96, &x97, x95, x82, x66); uint32_t x98; fiat_p224_uint1 x99; - fiat_p224_addcarryx_u32(&x98, &x99, x97, 0x0, x64); + fiat_p224_addcarryx_u32(&x98, &x99, x97, x84, x68); uint32_t x100; fiat_p224_uint1 x101; - fiat_p224_addcarryx_u32(&x100, &x101, x99, 0x0, x66); + fiat_p224_addcarryx_u32(&x100, &x101, x99, x86, x70); uint32_t x102; fiat_p224_uint1 x103; - fiat_p224_addcarryx_u32(&x102, &x103, x101, x88, x68); + fiat_p224_addcarryx_u32(&x102, &x103, x101, x88, x72); uint32_t x104; fiat_p224_uint1 x105; - fiat_p224_addcarryx_u32(&x104, &x105, x103, x90, x70); + fiat_p224_addcarryx_u32(&x104, &x105, x53, 0x0, 0x0); uint32_t x106; fiat_p224_uint1 x107; - fiat_p224_addcarryx_u32(&x106, &x107, x105, x92, x72); + fiat_p224_addcarryx_u32(&x106, &x107, x73, 0x0, (fiat_p224_uint1)x104); uint32_t x108; fiat_p224_uint1 x109; - fiat_p224_addcarryx_u32(&x108, &x109, x107, x94, x74); + fiat_p224_addcarryx_u32(&x108, &x109, x89, 0x0, x77); uint32_t x110; fiat_p224_uint1 x111; - fiat_p224_addcarryx_u32(&x110, &x111, x95, 0x0, x83); + fiat_p224_addcarryx_u32(&x110, &x111, x103, x108, x106); uint32_t x112; fiat_p224_uint1 x113; - fiat_p224_addcarryx_u32(&x112, &x113, x109, x110, x78); + fiat_p224_addcarryx_u32(&x112, &x113, 0x0, (arg1[3]), x92); uint32_t x114; fiat_p224_uint1 x115; - fiat_p224_addcarryx_u32(&x114, &x115, 0x0, (arg1[3]), x98); + fiat_p224_addcarryx_u32(&x114, &x115, x113, 0x0, x94); uint32_t x116; fiat_p224_uint1 x117; - fiat_p224_addcarryx_u32(&x116, &x117, x115, 0x0, x100); + fiat_p224_addcarryx_u32(&x116, &x117, x115, 0x0, x96); uint32_t x118; fiat_p224_uint1 x119; - fiat_p224_addcarryx_u32(&x118, &x119, x117, 0x0, x102); + fiat_p224_addcarryx_u32(&x118, &x119, x117, 0x0, x98); uint32_t x120; fiat_p224_uint1 x121; - fiat_p224_addcarryx_u32(&x120, &x121, x119, 0x0, x104); + fiat_p224_addcarryx_u32(&x120, &x121, x119, 0x0, x100); uint32_t x122; fiat_p224_uint1 x123; - fiat_p224_addcarryx_u32(&x122, &x123, x121, 0x0, x106); + fiat_p224_addcarryx_u32(&x122, &x123, x121, 0x0, x102); uint32_t x124; fiat_p224_uint1 x125; - fiat_p224_addcarryx_u32(&x124, &x125, x123, 0x0, x108); + fiat_p224_addcarryx_u32(&x124, &x125, x123, 0x0, x110); uint32_t x126; - fiat_p224_uint1 x127; - fiat_p224_addcarryx_u32(&x126, &x127, x125, 0x0, x112); + uint32_t x127; + fiat_p224_mulx_u32(&x126, &x127, x112, UINT32_C(0xffffffff)); uint32_t x128; - fiat_p224_uint1 x129; - fiat_p224_addcarryx_u32(&x128, &x129, x113, 0x0, x79); + uint32_t x129; + fiat_p224_mulx_u32(&x128, &x129, x126, UINT32_C(0xffffffff)); uint32_t x130; - fiat_p224_uint1 x131; - fiat_p224_addcarryx_u32(&x130, &x131, x127, 0x0, (fiat_p224_uint1)x128); + uint32_t x131; + fiat_p224_mulx_u32(&x130, &x131, x126, UINT32_C(0xffffffff)); uint32_t x132; uint32_t x133; - fiat_p224_mulx_u32(&x132, &x133, x114, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x132, &x133, x126, UINT32_C(0xffffffff)); uint32_t x134; uint32_t x135; - fiat_p224_mulx_u32(&x134, &x135, x132, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x134, &x135, x126, UINT32_C(0xffffffff)); uint32_t x136; - uint32_t x137; - fiat_p224_mulx_u32(&x136, &x137, x132, UINT32_C(0xffffffff)); + fiat_p224_uint1 x137; + fiat_p224_addcarryx_u32(&x136, &x137, 0x0, x132, x135); uint32_t x138; - uint32_t x139; - fiat_p224_mulx_u32(&x138, &x139, x132, UINT32_C(0xffffffff)); + fiat_p224_uint1 x139; + fiat_p224_addcarryx_u32(&x138, &x139, x137, x130, x133); uint32_t x140; - uint32_t x141; - fiat_p224_mulx_u32(&x140, &x141, x132, UINT32_C(0xffffffff)); + fiat_p224_uint1 x141; + fiat_p224_addcarryx_u32(&x140, &x141, x139, x128, x131); uint32_t x142; fiat_p224_uint1 x143; - fiat_p224_addcarryx_u32(&x142, &x143, 0x0, x138, x141); + fiat_p224_addcarryx_u32(&x142, &x143, 0x0, x126, x112); uint32_t x144; fiat_p224_uint1 x145; - fiat_p224_addcarryx_u32(&x144, &x145, x143, x136, x139); + fiat_p224_addcarryx_u32(&x144, &x145, x143, 0x0, x114); uint32_t x146; fiat_p224_uint1 x147; - fiat_p224_addcarryx_u32(&x146, &x147, x145, x134, x137); + fiat_p224_addcarryx_u32(&x146, &x147, x145, 0x0, x116); uint32_t x148; fiat_p224_uint1 x149; - fiat_p224_addcarryx_u32(&x148, &x149, 0x0, x132, x114); + fiat_p224_addcarryx_u32(&x148, &x149, x147, x134, x118); uint32_t x150; fiat_p224_uint1 x151; - fiat_p224_addcarryx_u32(&x150, &x151, x149, 0x0, x116); + fiat_p224_addcarryx_u32(&x150, &x151, x149, x136, x120); uint32_t x152; fiat_p224_uint1 x153; - fiat_p224_addcarryx_u32(&x152, &x153, x151, 0x0, x118); + fiat_p224_addcarryx_u32(&x152, &x153, x151, x138, x122); uint32_t x154; fiat_p224_uint1 x155; - fiat_p224_addcarryx_u32(&x154, &x155, x153, x140, x120); + fiat_p224_addcarryx_u32(&x154, &x155, x153, x140, x124); uint32_t x156; fiat_p224_uint1 x157; - fiat_p224_addcarryx_u32(&x156, &x157, x155, x142, x122); + fiat_p224_addcarryx_u32(&x156, &x157, x111, 0x0, 0x0); uint32_t x158; fiat_p224_uint1 x159; - fiat_p224_addcarryx_u32(&x158, &x159, x157, x144, x124); + fiat_p224_addcarryx_u32(&x158, &x159, x125, 0x0, (fiat_p224_uint1)x156); uint32_t x160; fiat_p224_uint1 x161; - fiat_p224_addcarryx_u32(&x160, &x161, x159, x146, x126); + fiat_p224_addcarryx_u32(&x160, &x161, x141, 0x0, x129); uint32_t x162; fiat_p224_uint1 x163; - fiat_p224_addcarryx_u32(&x162, &x163, x147, 0x0, x135); + fiat_p224_addcarryx_u32(&x162, &x163, x155, x160, x158); uint32_t x164; fiat_p224_uint1 x165; - fiat_p224_addcarryx_u32(&x164, &x165, x161, x162, x130); + fiat_p224_addcarryx_u32(&x164, &x165, 0x0, (arg1[4]), x144); uint32_t x166; fiat_p224_uint1 x167; - fiat_p224_addcarryx_u32(&x166, &x167, 0x0, (arg1[4]), x150); + fiat_p224_addcarryx_u32(&x166, &x167, x165, 0x0, x146); uint32_t x168; fiat_p224_uint1 x169; - fiat_p224_addcarryx_u32(&x168, &x169, x167, 0x0, x152); + fiat_p224_addcarryx_u32(&x168, &x169, x167, 0x0, x148); uint32_t x170; fiat_p224_uint1 x171; - fiat_p224_addcarryx_u32(&x170, &x171, x169, 0x0, x154); + fiat_p224_addcarryx_u32(&x170, &x171, x169, 0x0, x150); uint32_t x172; fiat_p224_uint1 x173; - fiat_p224_addcarryx_u32(&x172, &x173, x171, 0x0, x156); + fiat_p224_addcarryx_u32(&x172, &x173, x171, 0x0, x152); uint32_t x174; fiat_p224_uint1 x175; - fiat_p224_addcarryx_u32(&x174, &x175, x173, 0x0, x158); + fiat_p224_addcarryx_u32(&x174, &x175, x173, 0x0, x154); uint32_t x176; fiat_p224_uint1 x177; - fiat_p224_addcarryx_u32(&x176, &x177, x175, 0x0, x160); + fiat_p224_addcarryx_u32(&x176, &x177, x175, 0x0, x162); uint32_t x178; - fiat_p224_uint1 x179; - fiat_p224_addcarryx_u32(&x178, &x179, x177, 0x0, x164); + uint32_t x179; + fiat_p224_mulx_u32(&x178, &x179, x164, UINT32_C(0xffffffff)); uint32_t x180; - fiat_p224_uint1 x181; - fiat_p224_addcarryx_u32(&x180, &x181, x165, 0x0, x131); + uint32_t x181; + fiat_p224_mulx_u32(&x180, &x181, x178, UINT32_C(0xffffffff)); uint32_t x182; - fiat_p224_uint1 x183; - fiat_p224_addcarryx_u32(&x182, &x183, x179, 0x0, (fiat_p224_uint1)x180); + uint32_t x183; + fiat_p224_mulx_u32(&x182, &x183, x178, UINT32_C(0xffffffff)); uint32_t x184; uint32_t x185; - fiat_p224_mulx_u32(&x184, &x185, x166, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x184, &x185, x178, UINT32_C(0xffffffff)); uint32_t x186; uint32_t x187; - fiat_p224_mulx_u32(&x186, &x187, x184, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x186, &x187, x178, UINT32_C(0xffffffff)); uint32_t x188; - uint32_t x189; - fiat_p224_mulx_u32(&x188, &x189, x184, UINT32_C(0xffffffff)); + fiat_p224_uint1 x189; + fiat_p224_addcarryx_u32(&x188, &x189, 0x0, x184, x187); uint32_t x190; - uint32_t x191; - fiat_p224_mulx_u32(&x190, &x191, x184, UINT32_C(0xffffffff)); + fiat_p224_uint1 x191; + fiat_p224_addcarryx_u32(&x190, &x191, x189, x182, x185); uint32_t x192; - uint32_t x193; - fiat_p224_mulx_u32(&x192, &x193, x184, UINT32_C(0xffffffff)); + fiat_p224_uint1 x193; + fiat_p224_addcarryx_u32(&x192, &x193, x191, x180, x183); uint32_t x194; fiat_p224_uint1 x195; - fiat_p224_addcarryx_u32(&x194, &x195, 0x0, x190, x193); + fiat_p224_addcarryx_u32(&x194, &x195, 0x0, x178, x164); uint32_t x196; fiat_p224_uint1 x197; - fiat_p224_addcarryx_u32(&x196, &x197, x195, x188, x191); + fiat_p224_addcarryx_u32(&x196, &x197, x195, 0x0, x166); uint32_t x198; fiat_p224_uint1 x199; - fiat_p224_addcarryx_u32(&x198, &x199, x197, x186, x189); + fiat_p224_addcarryx_u32(&x198, &x199, x197, 0x0, x168); uint32_t x200; fiat_p224_uint1 x201; - fiat_p224_addcarryx_u32(&x200, &x201, 0x0, x184, x166); + fiat_p224_addcarryx_u32(&x200, &x201, x199, x186, x170); uint32_t x202; fiat_p224_uint1 x203; - fiat_p224_addcarryx_u32(&x202, &x203, x201, 0x0, x168); + fiat_p224_addcarryx_u32(&x202, &x203, x201, x188, x172); uint32_t x204; fiat_p224_uint1 x205; - fiat_p224_addcarryx_u32(&x204, &x205, x203, 0x0, x170); + fiat_p224_addcarryx_u32(&x204, &x205, x203, x190, x174); uint32_t x206; fiat_p224_uint1 x207; - fiat_p224_addcarryx_u32(&x206, &x207, x205, x192, x172); + fiat_p224_addcarryx_u32(&x206, &x207, x205, x192, x176); uint32_t x208; fiat_p224_uint1 x209; - fiat_p224_addcarryx_u32(&x208, &x209, x207, x194, x174); + fiat_p224_addcarryx_u32(&x208, &x209, x163, 0x0, 0x0); uint32_t x210; fiat_p224_uint1 x211; - fiat_p224_addcarryx_u32(&x210, &x211, x209, x196, x176); + fiat_p224_addcarryx_u32(&x210, &x211, x177, 0x0, (fiat_p224_uint1)x208); uint32_t x212; fiat_p224_uint1 x213; - fiat_p224_addcarryx_u32(&x212, &x213, x211, x198, x178); + fiat_p224_addcarryx_u32(&x212, &x213, x193, 0x0, x181); uint32_t x214; fiat_p224_uint1 x215; - fiat_p224_addcarryx_u32(&x214, &x215, x199, 0x0, x187); + fiat_p224_addcarryx_u32(&x214, &x215, x207, x212, x210); uint32_t x216; fiat_p224_uint1 x217; - fiat_p224_addcarryx_u32(&x216, &x217, x213, x214, x182); + fiat_p224_addcarryx_u32(&x216, &x217, 0x0, (arg1[5]), x196); uint32_t x218; fiat_p224_uint1 x219; - fiat_p224_addcarryx_u32(&x218, &x219, 0x0, (arg1[5]), x202); + fiat_p224_addcarryx_u32(&x218, &x219, x217, 0x0, x198); uint32_t x220; fiat_p224_uint1 x221; - fiat_p224_addcarryx_u32(&x220, &x221, x219, 0x0, x204); + fiat_p224_addcarryx_u32(&x220, &x221, x219, 0x0, x200); uint32_t x222; fiat_p224_uint1 x223; - fiat_p224_addcarryx_u32(&x222, &x223, x221, 0x0, x206); + fiat_p224_addcarryx_u32(&x222, &x223, x221, 0x0, x202); uint32_t x224; fiat_p224_uint1 x225; - fiat_p224_addcarryx_u32(&x224, &x225, x223, 0x0, x208); + fiat_p224_addcarryx_u32(&x224, &x225, x223, 0x0, x204); uint32_t x226; fiat_p224_uint1 x227; - fiat_p224_addcarryx_u32(&x226, &x227, x225, 0x0, x210); + fiat_p224_addcarryx_u32(&x226, &x227, x225, 0x0, x206); uint32_t x228; fiat_p224_uint1 x229; - fiat_p224_addcarryx_u32(&x228, &x229, x227, 0x0, x212); + fiat_p224_addcarryx_u32(&x228, &x229, x227, 0x0, x214); uint32_t x230; - fiat_p224_uint1 x231; - fiat_p224_addcarryx_u32(&x230, &x231, x229, 0x0, x216); + uint32_t x231; + fiat_p224_mulx_u32(&x230, &x231, x216, UINT32_C(0xffffffff)); uint32_t x232; - fiat_p224_uint1 x233; - fiat_p224_addcarryx_u32(&x232, &x233, x217, 0x0, x183); + uint32_t x233; + fiat_p224_mulx_u32(&x232, &x233, x230, UINT32_C(0xffffffff)); uint32_t x234; - fiat_p224_uint1 x235; - fiat_p224_addcarryx_u32(&x234, &x235, x231, 0x0, (fiat_p224_uint1)x232); + uint32_t x235; + fiat_p224_mulx_u32(&x234, &x235, x230, UINT32_C(0xffffffff)); uint32_t x236; uint32_t x237; - fiat_p224_mulx_u32(&x236, &x237, x218, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x236, &x237, x230, UINT32_C(0xffffffff)); uint32_t x238; uint32_t x239; - fiat_p224_mulx_u32(&x238, &x239, x236, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x238, &x239, x230, UINT32_C(0xffffffff)); uint32_t x240; - uint32_t x241; - fiat_p224_mulx_u32(&x240, &x241, x236, UINT32_C(0xffffffff)); + fiat_p224_uint1 x241; + fiat_p224_addcarryx_u32(&x240, &x241, 0x0, x236, x239); uint32_t x242; - uint32_t x243; - fiat_p224_mulx_u32(&x242, &x243, x236, UINT32_C(0xffffffff)); + fiat_p224_uint1 x243; + fiat_p224_addcarryx_u32(&x242, &x243, x241, x234, x237); uint32_t x244; - uint32_t x245; - fiat_p224_mulx_u32(&x244, &x245, x236, UINT32_C(0xffffffff)); + fiat_p224_uint1 x245; + fiat_p224_addcarryx_u32(&x244, &x245, x243, x232, x235); uint32_t x246; fiat_p224_uint1 x247; - fiat_p224_addcarryx_u32(&x246, &x247, 0x0, x242, x245); + fiat_p224_addcarryx_u32(&x246, &x247, 0x0, x230, x216); uint32_t x248; fiat_p224_uint1 x249; - fiat_p224_addcarryx_u32(&x248, &x249, x247, x240, x243); + fiat_p224_addcarryx_u32(&x248, &x249, x247, 0x0, x218); uint32_t x250; fiat_p224_uint1 x251; - fiat_p224_addcarryx_u32(&x250, &x251, x249, x238, x241); + fiat_p224_addcarryx_u32(&x250, &x251, x249, 0x0, x220); uint32_t x252; fiat_p224_uint1 x253; - fiat_p224_addcarryx_u32(&x252, &x253, 0x0, x236, x218); + fiat_p224_addcarryx_u32(&x252, &x253, x251, x238, x222); uint32_t x254; fiat_p224_uint1 x255; - fiat_p224_addcarryx_u32(&x254, &x255, x253, 0x0, x220); + fiat_p224_addcarryx_u32(&x254, &x255, x253, x240, x224); uint32_t x256; fiat_p224_uint1 x257; - fiat_p224_addcarryx_u32(&x256, &x257, x255, 0x0, x222); + fiat_p224_addcarryx_u32(&x256, &x257, x255, x242, x226); uint32_t x258; fiat_p224_uint1 x259; - fiat_p224_addcarryx_u32(&x258, &x259, x257, x244, x224); + fiat_p224_addcarryx_u32(&x258, &x259, x257, x244, x228); uint32_t x260; fiat_p224_uint1 x261; - fiat_p224_addcarryx_u32(&x260, &x261, x259, x246, x226); + fiat_p224_addcarryx_u32(&x260, &x261, x215, 0x0, 0x0); uint32_t x262; fiat_p224_uint1 x263; - fiat_p224_addcarryx_u32(&x262, &x263, x261, x248, x228); + fiat_p224_addcarryx_u32(&x262, &x263, x229, 0x0, (fiat_p224_uint1)x260); uint32_t x264; fiat_p224_uint1 x265; - fiat_p224_addcarryx_u32(&x264, &x265, x263, x250, x230); + fiat_p224_addcarryx_u32(&x264, &x265, x245, 0x0, x233); uint32_t x266; fiat_p224_uint1 x267; - fiat_p224_addcarryx_u32(&x266, &x267, x251, 0x0, x239); + fiat_p224_addcarryx_u32(&x266, &x267, x259, x264, x262); uint32_t x268; fiat_p224_uint1 x269; - fiat_p224_addcarryx_u32(&x268, &x269, x265, x266, x234); + fiat_p224_addcarryx_u32(&x268, &x269, 0x0, (arg1[6]), x248); uint32_t x270; fiat_p224_uint1 x271; - fiat_p224_addcarryx_u32(&x270, &x271, 0x0, (arg1[6]), x254); + fiat_p224_addcarryx_u32(&x270, &x271, x269, 0x0, x250); uint32_t x272; fiat_p224_uint1 x273; - fiat_p224_addcarryx_u32(&x272, &x273, x271, 0x0, x256); + fiat_p224_addcarryx_u32(&x272, &x273, x271, 0x0, x252); uint32_t x274; fiat_p224_uint1 x275; - fiat_p224_addcarryx_u32(&x274, &x275, x273, 0x0, x258); + fiat_p224_addcarryx_u32(&x274, &x275, x273, 0x0, x254); uint32_t x276; fiat_p224_uint1 x277; - fiat_p224_addcarryx_u32(&x276, &x277, x275, 0x0, x260); + fiat_p224_addcarryx_u32(&x276, &x277, x275, 0x0, x256); uint32_t x278; fiat_p224_uint1 x279; - fiat_p224_addcarryx_u32(&x278, &x279, x277, 0x0, x262); + fiat_p224_addcarryx_u32(&x278, &x279, x277, 0x0, x258); uint32_t x280; fiat_p224_uint1 x281; - fiat_p224_addcarryx_u32(&x280, &x281, x279, 0x0, x264); + fiat_p224_addcarryx_u32(&x280, &x281, x279, 0x0, x266); uint32_t x282; - fiat_p224_uint1 x283; - fiat_p224_addcarryx_u32(&x282, &x283, x281, 0x0, x268); + uint32_t x283; + fiat_p224_mulx_u32(&x282, &x283, x268, UINT32_C(0xffffffff)); uint32_t x284; - fiat_p224_uint1 x285; - fiat_p224_addcarryx_u32(&x284, &x285, x269, 0x0, x235); + uint32_t x285; + fiat_p224_mulx_u32(&x284, &x285, x282, UINT32_C(0xffffffff)); uint32_t x286; - fiat_p224_uint1 x287; - fiat_p224_addcarryx_u32(&x286, &x287, x283, 0x0, (fiat_p224_uint1)x284); + uint32_t x287; + fiat_p224_mulx_u32(&x286, &x287, x282, UINT32_C(0xffffffff)); uint32_t x288; uint32_t x289; - fiat_p224_mulx_u32(&x288, &x289, x270, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x288, &x289, x282, UINT32_C(0xffffffff)); uint32_t x290; uint32_t x291; - fiat_p224_mulx_u32(&x290, &x291, x288, UINT32_C(0xffffffff)); + fiat_p224_mulx_u32(&x290, &x291, x282, UINT32_C(0xffffffff)); uint32_t x292; - uint32_t x293; - fiat_p224_mulx_u32(&x292, &x293, x288, UINT32_C(0xffffffff)); + fiat_p224_uint1 x293; + fiat_p224_addcarryx_u32(&x292, &x293, 0x0, x288, x291); uint32_t x294; - uint32_t x295; - fiat_p224_mulx_u32(&x294, &x295, x288, UINT32_C(0xffffffff)); + fiat_p224_uint1 x295; + fiat_p224_addcarryx_u32(&x294, &x295, x293, x286, x289); uint32_t x296; - uint32_t x297; - fiat_p224_mulx_u32(&x296, &x297, x288, UINT32_C(0xffffffff)); + fiat_p224_uint1 x297; + fiat_p224_addcarryx_u32(&x296, &x297, x295, x284, x287); uint32_t x298; fiat_p224_uint1 x299; - fiat_p224_addcarryx_u32(&x298, &x299, 0x0, x294, x297); + fiat_p224_addcarryx_u32(&x298, &x299, 0x0, x282, x268); uint32_t x300; fiat_p224_uint1 x301; - fiat_p224_addcarryx_u32(&x300, &x301, x299, x292, x295); + fiat_p224_addcarryx_u32(&x300, &x301, x299, 0x0, x270); uint32_t x302; fiat_p224_uint1 x303; - fiat_p224_addcarryx_u32(&x302, &x303, x301, x290, x293); + fiat_p224_addcarryx_u32(&x302, &x303, x301, 0x0, x272); uint32_t x304; fiat_p224_uint1 x305; - fiat_p224_addcarryx_u32(&x304, &x305, 0x0, x288, x270); + fiat_p224_addcarryx_u32(&x304, &x305, x303, x290, x274); uint32_t x306; fiat_p224_uint1 x307; - fiat_p224_addcarryx_u32(&x306, &x307, x305, 0x0, x272); + fiat_p224_addcarryx_u32(&x306, &x307, x305, x292, x276); uint32_t x308; fiat_p224_uint1 x309; - fiat_p224_addcarryx_u32(&x308, &x309, x307, 0x0, x274); + fiat_p224_addcarryx_u32(&x308, &x309, x307, x294, x278); uint32_t x310; fiat_p224_uint1 x311; - fiat_p224_addcarryx_u32(&x310, &x311, x309, x296, x276); + fiat_p224_addcarryx_u32(&x310, &x311, x309, x296, x280); uint32_t x312; fiat_p224_uint1 x313; - fiat_p224_addcarryx_u32(&x312, &x313, x311, x298, x278); + fiat_p224_addcarryx_u32(&x312, &x313, x267, 0x0, 0x0); uint32_t x314; fiat_p224_uint1 x315; - fiat_p224_addcarryx_u32(&x314, &x315, x313, x300, x280); + fiat_p224_addcarryx_u32(&x314, &x315, x281, 0x0, (fiat_p224_uint1)x312); uint32_t x316; fiat_p224_uint1 x317; - fiat_p224_addcarryx_u32(&x316, &x317, x315, x302, x282); + fiat_p224_addcarryx_u32(&x316, &x317, x297, 0x0, x285); uint32_t x318; fiat_p224_uint1 x319; - fiat_p224_addcarryx_u32(&x318, &x319, x303, 0x0, x291); + fiat_p224_addcarryx_u32(&x318, &x319, x311, x316, x314); uint32_t x320; fiat_p224_uint1 x321; - fiat_p224_addcarryx_u32(&x320, &x321, x317, x318, x286); + fiat_p224_subborrowx_u32(&x320, &x321, 0x0, x300, 0x1); uint32_t x322; fiat_p224_uint1 x323; - fiat_p224_subborrowx_u32(&x322, &x323, 0x0, x306, 0x1); + fiat_p224_subborrowx_u32(&x322, &x323, x321, x302, 0x0); uint32_t x324; fiat_p224_uint1 x325; - fiat_p224_subborrowx_u32(&x324, &x325, x323, x308, 0x0); + fiat_p224_subborrowx_u32(&x324, &x325, x323, x304, 0x0); uint32_t x326; fiat_p224_uint1 x327; - fiat_p224_subborrowx_u32(&x326, &x327, x325, x310, 0x0); + fiat_p224_subborrowx_u32(&x326, &x327, x325, x306, UINT32_C(0xffffffff)); uint32_t x328; fiat_p224_uint1 x329; - fiat_p224_subborrowx_u32(&x328, &x329, x327, x312, UINT32_C(0xffffffff)); + fiat_p224_subborrowx_u32(&x328, &x329, x327, x308, UINT32_C(0xffffffff)); uint32_t x330; fiat_p224_uint1 x331; - fiat_p224_subborrowx_u32(&x330, &x331, x329, x314, UINT32_C(0xffffffff)); + fiat_p224_subborrowx_u32(&x330, &x331, x329, x310, UINT32_C(0xffffffff)); uint32_t x332; fiat_p224_uint1 x333; - fiat_p224_subborrowx_u32(&x332, &x333, x331, x316, UINT32_C(0xffffffff)); + fiat_p224_subborrowx_u32(&x332, &x333, x331, x318, UINT32_C(0xffffffff)); uint32_t x334; fiat_p224_uint1 x335; - fiat_p224_subborrowx_u32(&x334, &x335, x333, x320, UINT32_C(0xffffffff)); + fiat_p224_addcarryx_u32(&x334, &x335, x319, 0x0, 0x0); uint32_t x336; fiat_p224_uint1 x337; - fiat_p224_addcarryx_u32(&x336, &x337, x321, 0x0, x287); + fiat_p224_subborrowx_u32(&x336, &x337, x333, (fiat_p224_uint1)x334, 0x0); uint32_t x338; - fiat_p224_uint1 x339; - fiat_p224_subborrowx_u32(&x338, &x339, x335, (fiat_p224_uint1)x336, 0x0); + fiat_p224_cmovznz_u32(&x338, x337, x320, x300); + uint32_t x339; + fiat_p224_cmovznz_u32(&x339, x337, x322, x302); uint32_t x340; - fiat_p224_cmovznz_u32(&x340, x339, x322, x306); + fiat_p224_cmovznz_u32(&x340, x337, x324, x304); uint32_t x341; - fiat_p224_cmovznz_u32(&x341, x339, x324, x308); + fiat_p224_cmovznz_u32(&x341, x337, x326, x306); uint32_t x342; - fiat_p224_cmovznz_u32(&x342, x339, x326, x310); + fiat_p224_cmovznz_u32(&x342, x337, x328, x308); uint32_t x343; - fiat_p224_cmovznz_u32(&x343, x339, x328, x312); + fiat_p224_cmovznz_u32(&x343, x337, x330, x310); uint32_t x344; - fiat_p224_cmovznz_u32(&x344, x339, x330, x314); - uint32_t x345; - fiat_p224_cmovznz_u32(&x345, x339, x332, x316); - uint32_t x346; - fiat_p224_cmovznz_u32(&x346, x339, x334, x320); - out1[0] = x340; - out1[1] = x341; - out1[2] = x342; - out1[3] = x343; - out1[4] = x344; - out1[5] = x345; - out1[6] = x346; + fiat_p224_cmovznz_u32(&x344, x337, x332, x318); + out1[0] = x338; + out1[1] = x339; + out1[2] = x340; + out1[3] = x341; + out1[4] = x342; + out1[5] = x343; + out1[6] = x344; } /* @@ -2634,88 +2631,82 @@ static void fiat_p224_to_bytes(uint8_t out1[28], const uint32_t arg1[7]) { uint8_t x11 = (uint8_t)(x8 & UINT8_C(0xff)); uint8_t x12 = (uint8_t)(x10 >> 8); uint8_t x13 = (uint8_t)(x10 & UINT8_C(0xff)); - fiat_p224_uint1 x14 = (fiat_p224_uint1)(x12 >> 8); - uint8_t x15 = (uint8_t)(x12 & UINT8_C(0xff)); - uint32_t x16 = (x14 + x6); - uint32_t x17 = (x16 >> 8); - uint8_t x18 = (uint8_t)(x16 & UINT8_C(0xff)); - uint32_t x19 = (x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint8_t x21 = (uint8_t)(x19 >> 8); - uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); - fiat_p224_uint1 x23 = (fiat_p224_uint1)(x21 >> 8); - uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); - uint32_t x25 = (x23 + x5); - uint32_t x26 = (x25 >> 8); - uint8_t x27 = (uint8_t)(x25 & UINT8_C(0xff)); - uint32_t x28 = (x26 >> 8); + uint8_t x14 = (uint8_t)(x12 & UINT8_C(0xff)); + uint32_t x15 = (0x0 + x6); + uint32_t x16 = (x15 >> 8); + uint8_t x17 = (uint8_t)(x15 & UINT8_C(0xff)); + uint32_t x18 = (x16 >> 8); + uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); + uint8_t x20 = (uint8_t)(x18 >> 8); + uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint32_t x23 = (0x0 + x5); + uint32_t x24 = (x23 >> 8); + uint8_t x25 = (uint8_t)(x23 & UINT8_C(0xff)); + uint32_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint8_t x28 = (uint8_t)(x26 >> 8); uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint8_t x30 = (uint8_t)(x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - fiat_p224_uint1 x32 = (fiat_p224_uint1)(x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint32_t x34 = (x32 + x4); - uint32_t x35 = (x34 >> 8); - uint8_t x36 = (uint8_t)(x34 & UINT8_C(0xff)); - uint32_t x37 = (x35 >> 8); - uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); - uint8_t x39 = (uint8_t)(x37 >> 8); - uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); - fiat_p224_uint1 x41 = (fiat_p224_uint1)(x39 >> 8); - uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); - uint32_t x43 = (x41 + x3); - uint32_t x44 = (x43 >> 8); - uint8_t x45 = (uint8_t)(x43 & UINT8_C(0xff)); - uint32_t x46 = (x44 >> 8); - uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); - uint8_t x48 = (uint8_t)(x46 >> 8); - uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); - fiat_p224_uint1 x50 = (fiat_p224_uint1)(x48 >> 8); + uint8_t x30 = (uint8_t)(x28 & UINT8_C(0xff)); + uint32_t x31 = (0x0 + x4); + uint32_t x32 = (x31 >> 8); + uint8_t x33 = (uint8_t)(x31 & UINT8_C(0xff)); + uint32_t x34 = (x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 >> 8); + uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint32_t x39 = (0x0 + x3); + uint32_t x40 = (x39 >> 8); + uint8_t x41 = (uint8_t)(x39 & UINT8_C(0xff)); + uint32_t x42 = (x40 >> 8); + uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); + uint8_t x44 = (uint8_t)(x42 >> 8); + uint8_t x45 = (uint8_t)(x42 & UINT8_C(0xff)); + uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); + uint32_t x47 = (0x0 + x2); + uint32_t x48 = (x47 >> 8); + uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); + uint32_t x50 = (x48 >> 8); uint8_t x51 = (uint8_t)(x48 & UINT8_C(0xff)); - uint32_t x52 = (x50 + x2); - uint32_t x53 = (x52 >> 8); + uint8_t x52 = (uint8_t)(x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint32_t x55 = (x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint8_t x57 = (uint8_t)(x55 >> 8); - uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - fiat_p224_uint1 x59 = (fiat_p224_uint1)(x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint32_t x61 = (x59 + x1); - uint32_t x62 = (x61 >> 8); - uint8_t x63 = (uint8_t)(x61 & UINT8_C(0xff)); - uint32_t x64 = (x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint8_t x66 = (uint8_t)(x64 >> 8); - uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); + uint32_t x55 = (0x0 + x1); + uint32_t x56 = (x55 >> 8); + uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); + uint32_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint8_t x60 = (uint8_t)(x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); out1[0] = x9; out1[1] = x11; out1[2] = x13; - out1[3] = x15; - out1[4] = x18; - out1[5] = x20; - out1[6] = x22; - out1[7] = x24; - out1[8] = x27; - out1[9] = x29; - out1[10] = x31; - out1[11] = x33; - out1[12] = x36; - out1[13] = x38; - out1[14] = x40; - out1[15] = x42; - out1[16] = x45; - out1[17] = x47; - out1[18] = x49; - out1[19] = x51; - out1[20] = x54; - out1[21] = x56; - out1[22] = x58; - out1[23] = x60; - out1[24] = x63; - out1[25] = x65; - out1[26] = x67; - out1[27] = x66; + out1[3] = x14; + out1[4] = x17; + out1[5] = x19; + out1[6] = x21; + out1[7] = x22; + out1[8] = x25; + out1[9] = x27; + out1[10] = x29; + out1[11] = x30; + out1[12] = x33; + out1[13] = x35; + out1[14] = x37; + out1[15] = x38; + out1[16] = x41; + out1[17] = x43; + out1[18] = x45; + out1[19] = x46; + out1[20] = x49; + out1[21] = x51; + out1[22] = x53; + out1[23] = x54; + out1[24] = x57; + out1[25] = x59; + out1[26] = x61; + out1[27] = x60; } /* @@ -2754,36 +2745,30 @@ static void fiat_p224_from_bytes(uint32_t out1[7], const uint8_t arg1[28]) { uint32_t x27 = ((uint32_t)(arg1[1]) << 8); uint8_t x28 = (arg1[0]); uint32_t x29 = (x28 + (x27 + (x26 + x25))); - fiat_p224_uint1 x30 = (fiat_p224_uint1)((uint64_t)x29 >> 32); - uint32_t x31 = (x29 & UINT32_C(0xffffffff)); - uint32_t x32 = (x4 + (x3 + (x2 + x1))); - uint32_t x33 = (x8 + (x7 + (x6 + x5))); - uint32_t x34 = (x12 + (x11 + (x10 + x9))); - uint32_t x35 = (x16 + (x15 + (x14 + x13))); - uint32_t x36 = (x20 + (x19 + (x18 + x17))); - uint32_t x37 = (x24 + (x23 + (x22 + x21))); - uint32_t x38 = (x30 + x37); - fiat_p224_uint1 x39 = (fiat_p224_uint1)((uint64_t)x38 >> 32); - uint32_t x40 = (x38 & UINT32_C(0xffffffff)); - uint32_t x41 = (x39 + x36); - fiat_p224_uint1 x42 = (fiat_p224_uint1)((uint64_t)x41 >> 32); - uint32_t x43 = (x41 & UINT32_C(0xffffffff)); - uint32_t x44 = (x42 + x35); - fiat_p224_uint1 x45 = (fiat_p224_uint1)((uint64_t)x44 >> 32); - uint32_t x46 = (x44 & UINT32_C(0xffffffff)); - uint32_t x47 = (x45 + x34); - fiat_p224_uint1 x48 = (fiat_p224_uint1)((uint64_t)x47 >> 32); - uint32_t x49 = (x47 & UINT32_C(0xffffffff)); - uint32_t x50 = (x48 + x33); - fiat_p224_uint1 x51 = (fiat_p224_uint1)((uint64_t)x50 >> 32); - uint32_t x52 = (x50 & UINT32_C(0xffffffff)); - uint32_t x53 = (x51 + x32); - out1[0] = x31; - out1[1] = x40; - out1[2] = x43; - out1[3] = x46; - out1[4] = x49; - out1[5] = x52; - out1[6] = x53; + uint32_t x30 = (x29 & UINT32_C(0xffffffff)); + uint32_t x31 = (x4 + (x3 + (x2 + x1))); + uint32_t x32 = (x8 + (x7 + (x6 + x5))); + uint32_t x33 = (x12 + (x11 + (x10 + x9))); + uint32_t x34 = (x16 + (x15 + (x14 + x13))); + uint32_t x35 = (x20 + (x19 + (x18 + x17))); + uint32_t x36 = (x24 + (x23 + (x22 + x21))); + uint32_t x37 = (0x0 + x36); + uint32_t x38 = (x37 & UINT32_C(0xffffffff)); + uint32_t x39 = (0x0 + x35); + uint32_t x40 = (x39 & UINT32_C(0xffffffff)); + uint32_t x41 = (0x0 + x34); + uint32_t x42 = (x41 & UINT32_C(0xffffffff)); + uint32_t x43 = (0x0 + x33); + uint32_t x44 = (x43 & UINT32_C(0xffffffff)); + uint32_t x45 = (0x0 + x32); + uint32_t x46 = (x45 & UINT32_C(0xffffffff)); + uint32_t x47 = (0x0 + x31); + out1[0] = x30; + out1[1] = x38; + out1[2] = x40; + out1[3] = x42; + out1[4] = x44; + out1[5] = x46; + out1[6] = x47; } diff --git a/p224_64.c b/p224_64.c index d67ee56ca3..05e0e02af3 100644 --- a/p224_64.c +++ b/p224_64.c @@ -926,202 +926,181 @@ static void fiat_p224_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p224_addcarryx_u64(&x20, &x21, x19, x12, 0x0); uint64_t x22; fiat_p224_uint1 x23; - fiat_p224_addcarryx_u64(&x22, &x23, x13, 0x0, x5); + fiat_p224_addcarryx_u64(&x22, &x23, 0x0, (arg1[1]), x16); uint64_t x24; fiat_p224_uint1 x25; - fiat_p224_addcarryx_u64(&x24, &x25, x21, x22, 0x0); + fiat_p224_addcarryx_u64(&x24, &x25, x23, 0x0, x18); uint64_t x26; fiat_p224_uint1 x27; - fiat_p224_addcarryx_u64(&x26, &x27, 0x0, (arg1[1]), x16); + fiat_p224_addcarryx_u64(&x26, &x27, x25, 0x0, x20); uint64_t x28; - fiat_p224_uint1 x29; - fiat_p224_addcarryx_u64(&x28, &x29, x27, 0x0, x18); + uint64_t x29; + fiat_p224_mulx_u64(&x28, &x29, x22, UINT64_C(0xffffffffffffffff)); uint64_t x30; - fiat_p224_uint1 x31; - fiat_p224_addcarryx_u64(&x30, &x31, x29, 0x0, x20); + uint64_t x31; + fiat_p224_mulx_u64(&x30, &x31, x28, UINT32_C(0xffffffff)); uint64_t x32; - fiat_p224_uint1 x33; - fiat_p224_addcarryx_u64(&x32, &x33, x31, 0x0, x24); + uint64_t x33; + fiat_p224_mulx_u64(&x32, &x33, x28, UINT64_C(0xffffffffffffffff)); uint64_t x34; - fiat_p224_uint1 x35; - fiat_p224_addcarryx_u64(&x34, &x35, x25, 0x0, 0x0); + uint64_t x35; + fiat_p224_mulx_u64(&x34, &x35, x28, UINT64_C(0xffffffff00000000)); uint64_t x36; fiat_p224_uint1 x37; - fiat_p224_addcarryx_u64(&x36, &x37, x33, 0x0, (fiat_p224_uint1)x34); + fiat_p224_addcarryx_u64(&x36, &x37, 0x0, x32, x35); uint64_t x38; - uint64_t x39; - fiat_p224_mulx_u64(&x38, &x39, x26, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x39; + fiat_p224_addcarryx_u64(&x38, &x39, x37, x30, x33); uint64_t x40; - uint64_t x41; - fiat_p224_mulx_u64(&x40, &x41, x38, UINT32_C(0xffffffff)); + fiat_p224_uint1 x41; + fiat_p224_addcarryx_u64(&x40, &x41, 0x0, x28, x22); uint64_t x42; - uint64_t x43; - fiat_p224_mulx_u64(&x42, &x43, x38, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x43; + fiat_p224_addcarryx_u64(&x42, &x43, x41, x34, x24); uint64_t x44; - uint64_t x45; - fiat_p224_mulx_u64(&x44, &x45, x38, UINT64_C(0xffffffff00000000)); + fiat_p224_uint1 x45; + fiat_p224_addcarryx_u64(&x44, &x45, x43, x36, x26); uint64_t x46; fiat_p224_uint1 x47; - fiat_p224_addcarryx_u64(&x46, &x47, 0x0, x42, x45); + fiat_p224_addcarryx_u64(&x46, &x47, x13, 0x0, x5); uint64_t x48; fiat_p224_uint1 x49; - fiat_p224_addcarryx_u64(&x48, &x49, x47, x40, x43); + fiat_p224_addcarryx_u64(&x48, &x49, x21, x46, 0x0); uint64_t x50; fiat_p224_uint1 x51; - fiat_p224_addcarryx_u64(&x50, &x51, 0x0, x38, x26); + fiat_p224_addcarryx_u64(&x50, &x51, x27, 0x0, x48); uint64_t x52; fiat_p224_uint1 x53; - fiat_p224_addcarryx_u64(&x52, &x53, x51, x44, x28); + fiat_p224_addcarryx_u64(&x52, &x53, x45, x38, x50); uint64_t x54; fiat_p224_uint1 x55; - fiat_p224_addcarryx_u64(&x54, &x55, x53, x46, x30); + fiat_p224_addcarryx_u64(&x54, &x55, 0x0, (arg1[2]), x42); uint64_t x56; fiat_p224_uint1 x57; - fiat_p224_addcarryx_u64(&x56, &x57, x55, x48, x32); + fiat_p224_addcarryx_u64(&x56, &x57, x55, 0x0, x44); uint64_t x58; fiat_p224_uint1 x59; - fiat_p224_addcarryx_u64(&x58, &x59, x49, 0x0, x41); + fiat_p224_addcarryx_u64(&x58, &x59, x57, 0x0, x52); uint64_t x60; - fiat_p224_uint1 x61; - fiat_p224_addcarryx_u64(&x60, &x61, x57, x58, (fiat_p224_uint1)x36); + uint64_t x61; + fiat_p224_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffffffffffff)); uint64_t x62; - fiat_p224_uint1 x63; - fiat_p224_addcarryx_u64(&x62, &x63, 0x0, (arg1[2]), x52); + uint64_t x63; + fiat_p224_mulx_u64(&x62, &x63, x60, UINT32_C(0xffffffff)); uint64_t x64; - fiat_p224_uint1 x65; - fiat_p224_addcarryx_u64(&x64, &x65, x63, 0x0, x54); + uint64_t x65; + fiat_p224_mulx_u64(&x64, &x65, x60, UINT64_C(0xffffffffffffffff)); uint64_t x66; - fiat_p224_uint1 x67; - fiat_p224_addcarryx_u64(&x66, &x67, x65, 0x0, x56); + uint64_t x67; + fiat_p224_mulx_u64(&x66, &x67, x60, UINT64_C(0xffffffff00000000)); uint64_t x68; fiat_p224_uint1 x69; - fiat_p224_addcarryx_u64(&x68, &x69, x67, 0x0, x60); + fiat_p224_addcarryx_u64(&x68, &x69, 0x0, x64, x67); uint64_t x70; fiat_p224_uint1 x71; - fiat_p224_addcarryx_u64(&x70, &x71, x61, 0x0, x37); + fiat_p224_addcarryx_u64(&x70, &x71, x69, x62, x65); uint64_t x72; fiat_p224_uint1 x73; - fiat_p224_addcarryx_u64(&x72, &x73, x69, 0x0, (fiat_p224_uint1)x70); + fiat_p224_addcarryx_u64(&x72, &x73, 0x0, x60, x54); uint64_t x74; - uint64_t x75; - fiat_p224_mulx_u64(&x74, &x75, x62, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x75; + fiat_p224_addcarryx_u64(&x74, &x75, x73, x66, x56); uint64_t x76; - uint64_t x77; - fiat_p224_mulx_u64(&x76, &x77, x74, UINT32_C(0xffffffff)); + fiat_p224_uint1 x77; + fiat_p224_addcarryx_u64(&x76, &x77, x75, x68, x58); uint64_t x78; - uint64_t x79; - fiat_p224_mulx_u64(&x78, &x79, x74, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x79; + fiat_p224_addcarryx_u64(&x78, &x79, x39, 0x0, x31); uint64_t x80; - uint64_t x81; - fiat_p224_mulx_u64(&x80, &x81, x74, UINT64_C(0xffffffff00000000)); + fiat_p224_uint1 x81; + fiat_p224_addcarryx_u64(&x80, &x81, x53, x78, 0x0); uint64_t x82; fiat_p224_uint1 x83; - fiat_p224_addcarryx_u64(&x82, &x83, 0x0, x78, x81); + fiat_p224_addcarryx_u64(&x82, &x83, x59, 0x0, x80); uint64_t x84; fiat_p224_uint1 x85; - fiat_p224_addcarryx_u64(&x84, &x85, x83, x76, x79); + fiat_p224_addcarryx_u64(&x84, &x85, x77, x70, x82); uint64_t x86; fiat_p224_uint1 x87; - fiat_p224_addcarryx_u64(&x86, &x87, 0x0, x74, x62); + fiat_p224_addcarryx_u64(&x86, &x87, 0x0, (arg1[3]), x74); uint64_t x88; fiat_p224_uint1 x89; - fiat_p224_addcarryx_u64(&x88, &x89, x87, x80, x64); + fiat_p224_addcarryx_u64(&x88, &x89, x87, 0x0, x76); uint64_t x90; fiat_p224_uint1 x91; - fiat_p224_addcarryx_u64(&x90, &x91, x89, x82, x66); + fiat_p224_addcarryx_u64(&x90, &x91, x89, 0x0, x84); uint64_t x92; - fiat_p224_uint1 x93; - fiat_p224_addcarryx_u64(&x92, &x93, x91, x84, x68); + uint64_t x93; + fiat_p224_mulx_u64(&x92, &x93, x86, UINT64_C(0xffffffffffffffff)); uint64_t x94; - fiat_p224_uint1 x95; - fiat_p224_addcarryx_u64(&x94, &x95, x85, 0x0, x77); + uint64_t x95; + fiat_p224_mulx_u64(&x94, &x95, x92, UINT32_C(0xffffffff)); uint64_t x96; - fiat_p224_uint1 x97; - fiat_p224_addcarryx_u64(&x96, &x97, x93, x94, (fiat_p224_uint1)x72); + uint64_t x97; + fiat_p224_mulx_u64(&x96, &x97, x92, UINT64_C(0xffffffffffffffff)); uint64_t x98; - fiat_p224_uint1 x99; - fiat_p224_addcarryx_u64(&x98, &x99, 0x0, (arg1[3]), x88); + uint64_t x99; + fiat_p224_mulx_u64(&x98, &x99, x92, UINT64_C(0xffffffff00000000)); uint64_t x100; fiat_p224_uint1 x101; - fiat_p224_addcarryx_u64(&x100, &x101, x99, 0x0, x90); + fiat_p224_addcarryx_u64(&x100, &x101, 0x0, x96, x99); uint64_t x102; fiat_p224_uint1 x103; - fiat_p224_addcarryx_u64(&x102, &x103, x101, 0x0, x92); + fiat_p224_addcarryx_u64(&x102, &x103, x101, x94, x97); uint64_t x104; fiat_p224_uint1 x105; - fiat_p224_addcarryx_u64(&x104, &x105, x103, 0x0, x96); + fiat_p224_addcarryx_u64(&x104, &x105, 0x0, x92, x86); uint64_t x106; fiat_p224_uint1 x107; - fiat_p224_addcarryx_u64(&x106, &x107, x97, 0x0, x73); + fiat_p224_addcarryx_u64(&x106, &x107, x105, x98, x88); uint64_t x108; fiat_p224_uint1 x109; - fiat_p224_addcarryx_u64(&x108, &x109, x105, 0x0, (fiat_p224_uint1)x106); + fiat_p224_addcarryx_u64(&x108, &x109, x107, x100, x90); uint64_t x110; - uint64_t x111; - fiat_p224_mulx_u64(&x110, &x111, x98, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x111; + fiat_p224_addcarryx_u64(&x110, &x111, x71, 0x0, x63); uint64_t x112; - uint64_t x113; - fiat_p224_mulx_u64(&x112, &x113, x110, UINT32_C(0xffffffff)); + fiat_p224_uint1 x113; + fiat_p224_addcarryx_u64(&x112, &x113, x85, x110, 0x0); uint64_t x114; - uint64_t x115; - fiat_p224_mulx_u64(&x114, &x115, x110, UINT64_C(0xffffffffffffffff)); + fiat_p224_uint1 x115; + fiat_p224_addcarryx_u64(&x114, &x115, x91, 0x0, x112); uint64_t x116; - uint64_t x117; - fiat_p224_mulx_u64(&x116, &x117, x110, UINT64_C(0xffffffff00000000)); + fiat_p224_uint1 x117; + fiat_p224_addcarryx_u64(&x116, &x117, x109, x102, x114); uint64_t x118; fiat_p224_uint1 x119; - fiat_p224_addcarryx_u64(&x118, &x119, 0x0, x114, x117); + fiat_p224_addcarryx_u64(&x118, &x119, x103, 0x0, x95); uint64_t x120; fiat_p224_uint1 x121; - fiat_p224_addcarryx_u64(&x120, &x121, x119, x112, x115); + fiat_p224_addcarryx_u64(&x120, &x121, x117, x118, 0x0); uint64_t x122; fiat_p224_uint1 x123; - fiat_p224_addcarryx_u64(&x122, &x123, 0x0, x110, x98); + fiat_p224_subborrowx_u64(&x122, &x123, 0x0, x106, 0x1); uint64_t x124; fiat_p224_uint1 x125; - fiat_p224_addcarryx_u64(&x124, &x125, x123, x116, x100); + fiat_p224_subborrowx_u64(&x124, &x125, x123, x108, UINT64_C(0xffffffff00000000)); uint64_t x126; fiat_p224_uint1 x127; - fiat_p224_addcarryx_u64(&x126, &x127, x125, x118, x102); + fiat_p224_subborrowx_u64(&x126, &x127, x125, x116, UINT64_C(0xffffffffffffffff)); uint64_t x128; fiat_p224_uint1 x129; - fiat_p224_addcarryx_u64(&x128, &x129, x127, x120, x104); + fiat_p224_subborrowx_u64(&x128, &x129, x127, x120, UINT32_C(0xffffffff)); uint64_t x130; fiat_p224_uint1 x131; - fiat_p224_addcarryx_u64(&x130, &x131, x121, 0x0, x113); + fiat_p224_subborrowx_u64(&x130, &x131, x129, 0x0, 0x0); uint64_t x132; - fiat_p224_uint1 x133; - fiat_p224_addcarryx_u64(&x132, &x133, x129, x130, (fiat_p224_uint1)x108); + fiat_p224_cmovznz_u64(&x132, x131, x122, x106); + uint64_t x133; + fiat_p224_cmovznz_u64(&x133, x131, x124, x108); uint64_t x134; - fiat_p224_uint1 x135; - fiat_p224_subborrowx_u64(&x134, &x135, 0x0, x124, 0x1); - uint64_t x136; - fiat_p224_uint1 x137; - fiat_p224_subborrowx_u64(&x136, &x137, x135, x126, UINT64_C(0xffffffff00000000)); - uint64_t x138; - fiat_p224_uint1 x139; - fiat_p224_subborrowx_u64(&x138, &x139, x137, x128, UINT64_C(0xffffffffffffffff)); - uint64_t x140; - fiat_p224_uint1 x141; - fiat_p224_subborrowx_u64(&x140, &x141, x139, x132, UINT32_C(0xffffffff)); - uint64_t x142; - fiat_p224_uint1 x143; - fiat_p224_addcarryx_u64(&x142, &x143, x133, 0x0, x109); - uint64_t x144; - fiat_p224_uint1 x145; - fiat_p224_subborrowx_u64(&x144, &x145, x141, (fiat_p224_uint1)x142, 0x0); - uint64_t x146; - fiat_p224_cmovznz_u64(&x146, x145, x134, x124); - uint64_t x147; - fiat_p224_cmovznz_u64(&x147, x145, x136, x126); - uint64_t x148; - fiat_p224_cmovznz_u64(&x148, x145, x138, x128); - uint64_t x149; - fiat_p224_cmovznz_u64(&x149, x145, x140, x132); - out1[0] = x146; - out1[1] = x147; - out1[2] = x148; - out1[3] = x149; + fiat_p224_cmovznz_u64(&x134, x131, x126, x116); + uint64_t x135; + fiat_p224_cmovznz_u64(&x135, x131, x128, x120); + out1[0] = x132; + out1[1] = x133; + out1[2] = x134; + out1[3] = x135; } /* @@ -1183,28 +1162,28 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); - fiat_p224_uint1 x19 = (fiat_p224_uint1)(x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x21 = (x19 + x3); - uint64_t x22 = (x21 >> 8); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x24 = (x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint64_t x26 = (x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x28 = (x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint64_t x30 = (x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - uint64_t x32 = (x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint8_t x34 = (uint8_t)(x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - fiat_p224_uint1 x36 = (fiat_p224_uint1)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - uint64_t x38 = (x36 + x2); - uint64_t x39 = (x38 >> 8); - uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); + uint64_t x20 = (0x0 + x3); + uint64_t x21 = (x20 >> 8); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x23 = (x21 >> 8); + uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); + uint64_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint64_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint64_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint8_t x33 = (uint8_t)(x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); + uint64_t x36 = (0x0 + x2); + uint64_t x37 = (x36 >> 8); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); uint64_t x43 = (x41 >> 8); @@ -1213,27 +1192,17 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); uint64_t x47 = (x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint64_t x49 = (x47 >> 8); + uint8_t x49 = (uint8_t)(x47 >> 8); uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - fiat_p224_uint1 x53 = (fiat_p224_uint1)(x51 >> 8); - uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - uint64_t x55 = (x53 + x1); - uint64_t x56 = (x55 >> 8); - uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x58 = (x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - uint8_t x60 = (uint8_t)(x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - fiat_p224_uint1 x62 = (fiat_p224_uint1)(x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - fiat_p224_uint1 x64 = (fiat_p224_uint1)(x62 >> 8); - fiat_p224_uint1 x65 = (fiat_p224_uint1)(x62 & UINT8_C(0xff)); - fiat_p224_uint1 x66 = (fiat_p224_uint1)(x64 >> 8); - fiat_p224_uint1 x67 = (fiat_p224_uint1)(x64 & UINT8_C(0xff)); - fiat_p224_uint1 x68 = (fiat_p224_uint1)(x66 >> 8); - fiat_p224_uint1 x69 = (fiat_p224_uint1)(x66 & UINT8_C(0xff)); + uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); + uint64_t x52 = (0x0 + x1); + uint64_t x53 = (x52 >> 8); + uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x55 = (x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint8_t x57 = (uint8_t)(x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); + uint8_t x59 = (uint8_t)(x57 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1241,31 +1210,31 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[4] = x14; out1[5] = x16; out1[6] = x18; - out1[7] = x20; - out1[8] = x23; - out1[9] = x25; - out1[10] = x27; - out1[11] = x29; - out1[12] = x31; - out1[13] = x33; - out1[14] = x35; - out1[15] = x37; - out1[16] = x40; - out1[17] = x42; - out1[18] = x44; - out1[19] = x46; - out1[20] = x48; - out1[21] = x50; - out1[22] = x52; - out1[23] = x54; - out1[24] = x57; - out1[25] = x59; - out1[26] = x61; - out1[27] = x63; - out1[28] = x65; - out1[29] = x67; - out1[30] = x69; - out1[31] = x68; + out1[7] = x19; + out1[8] = x22; + out1[9] = x24; + out1[10] = x26; + out1[11] = x28; + out1[12] = x30; + out1[13] = x32; + out1[14] = x34; + out1[15] = x35; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x44; + out1[20] = x46; + out1[21] = x48; + out1[22] = x50; + out1[23] = x51; + out1[24] = x54; + out1[25] = x56; + out1[26] = x58; + out1[27] = x59; + out1[28] = 0x0; + out1[29] = 0x0; + out1[30] = 0x0; + out1[31] = 0x0; } /* @@ -1275,54 +1244,47 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]] */ static void fiat_p224_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { - fiat_p224_uint1 x1 = (fiat_p224_uint1)((uint64_t)(fiat_p224_uint1)(arg1[31]) << 56); - fiat_p224_uint1 x2 = (fiat_p224_uint1)((uint64_t)(fiat_p224_uint1)(arg1[30]) << 48); - fiat_p224_uint1 x3 = (fiat_p224_uint1)((uint64_t)(fiat_p224_uint1)(arg1[29]) << 40); - fiat_p224_uint1 x4 = (fiat_p224_uint1)((uint64_t)(fiat_p224_uint1)(arg1[28]) << 32); - uint64_t x5 = ((uint64_t)(arg1[27]) << 24); - uint64_t x6 = ((uint64_t)(arg1[26]) << 16); - uint64_t x7 = ((uint64_t)(arg1[25]) << 8); - uint8_t x8 = (arg1[24]); - uint64_t x9 = ((uint64_t)(arg1[23]) << 56); - uint64_t x10 = ((uint64_t)(arg1[22]) << 48); - uint64_t x11 = ((uint64_t)(arg1[21]) << 40); - uint64_t x12 = ((uint64_t)(arg1[20]) << 32); - uint64_t x13 = ((uint64_t)(arg1[19]) << 24); - uint64_t x14 = ((uint64_t)(arg1[18]) << 16); - uint64_t x15 = ((uint64_t)(arg1[17]) << 8); - uint8_t x16 = (arg1[16]); - uint64_t x17 = ((uint64_t)(arg1[15]) << 56); - uint64_t x18 = ((uint64_t)(arg1[14]) << 48); - uint64_t x19 = ((uint64_t)(arg1[13]) << 40); - uint64_t x20 = ((uint64_t)(arg1[12]) << 32); - uint64_t x21 = ((uint64_t)(arg1[11]) << 24); - uint64_t x22 = ((uint64_t)(arg1[10]) << 16); - uint64_t x23 = ((uint64_t)(arg1[9]) << 8); - uint8_t x24 = (arg1[8]); - uint64_t x25 = ((uint64_t)(arg1[7]) << 56); - uint64_t x26 = ((uint64_t)(arg1[6]) << 48); - uint64_t x27 = ((uint64_t)(arg1[5]) << 40); - uint64_t x28 = ((uint64_t)(arg1[4]) << 32); - uint64_t x29 = ((uint64_t)(arg1[3]) << 24); - uint64_t x30 = ((uint64_t)(arg1[2]) << 16); - uint64_t x31 = ((uint64_t)(arg1[1]) << 8); - uint8_t x32 = (arg1[0]); - uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); - fiat_p224_uint1 x34 = (fiat_p224_uint1)((fiat_p224_uint128)x33 >> 64); - uint64_t x35 = (x33 & UINT64_C(0xffffffffffffffff)); - uint64_t x36 = (x8 + (x7 + (x6 + (x5 + (uint64_t)(fiat_p224_uint1)(x4 + (fiat_p224_uint1)(x3 + (fiat_p224_uint1)(x2 + x1))))))); - uint64_t x37 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); - uint64_t x38 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x39 = (x34 + x38); - fiat_p224_uint1 x40 = (fiat_p224_uint1)((fiat_p224_uint128)x39 >> 64); - uint64_t x41 = (x39 & UINT64_C(0xffffffffffffffff)); - uint64_t x42 = (x40 + x37); - fiat_p224_uint1 x43 = (fiat_p224_uint1)((fiat_p224_uint128)x42 >> 64); - uint64_t x44 = (x42 & UINT64_C(0xffffffffffffffff)); - uint64_t x45 = (x43 + x36); - out1[0] = x35; - out1[1] = x41; - out1[2] = x44; - out1[3] = x45; + uint64_t x1 = ((uint64_t)(arg1[27]) << 24); + uint64_t x2 = ((uint64_t)(arg1[26]) << 16); + uint64_t x3 = ((uint64_t)(arg1[25]) << 8); + uint8_t x4 = (arg1[24]); + uint64_t x5 = ((uint64_t)(arg1[23]) << 56); + uint64_t x6 = ((uint64_t)(arg1[22]) << 48); + uint64_t x7 = ((uint64_t)(arg1[21]) << 40); + uint64_t x8 = ((uint64_t)(arg1[20]) << 32); + uint64_t x9 = ((uint64_t)(arg1[19]) << 24); + uint64_t x10 = ((uint64_t)(arg1[18]) << 16); + uint64_t x11 = ((uint64_t)(arg1[17]) << 8); + uint8_t x12 = (arg1[16]); + uint64_t x13 = ((uint64_t)(arg1[15]) << 56); + uint64_t x14 = ((uint64_t)(arg1[14]) << 48); + uint64_t x15 = ((uint64_t)(arg1[13]) << 40); + uint64_t x16 = ((uint64_t)(arg1[12]) << 32); + uint64_t x17 = ((uint64_t)(arg1[11]) << 24); + uint64_t x18 = ((uint64_t)(arg1[10]) << 16); + uint64_t x19 = ((uint64_t)(arg1[9]) << 8); + uint8_t x20 = (arg1[8]); + uint64_t x21 = ((uint64_t)(arg1[7]) << 56); + uint64_t x22 = ((uint64_t)(arg1[6]) << 48); + uint64_t x23 = ((uint64_t)(arg1[5]) << 40); + uint64_t x24 = ((uint64_t)(arg1[4]) << 32); + uint64_t x25 = ((uint64_t)(arg1[3]) << 24); + uint64_t x26 = ((uint64_t)(arg1[2]) << 16); + uint64_t x27 = ((uint64_t)(arg1[1]) << 8); + uint8_t x28 = (arg1[0]); + uint64_t x29 = (x28 + (x27 + (x26 + (x25 + (x24 + (x23 + (x22 + x21))))))); + uint64_t x30 = (x29 & UINT64_C(0xffffffffffffffff)); + uint64_t x31 = (x4 + (x3 + (x2 + (x1 + (uint64_t)0x0)))); + uint64_t x32 = (x12 + (x11 + (x10 + (x9 + (x8 + (x7 + (x6 + x5))))))); + uint64_t x33 = (x20 + (x19 + (x18 + (x17 + (x16 + (x15 + (x14 + x13))))))); + uint64_t x34 = (0x0 + x33); + uint64_t x35 = (x34 & UINT64_C(0xffffffffffffffff)); + uint64_t x36 = (0x0 + x32); + uint64_t x37 = (x36 & UINT64_C(0xffffffffffffffff)); + uint64_t x38 = (0x0 + x31); + out1[0] = x30; + out1[1] = x35; + out1[2] = x37; + out1[3] = x38; } diff --git a/p256_32.c b/p256_32.c index 825a10ca21..fe0bf4cbc0 100644 --- a/p256_32.c +++ b/p256_32.c @@ -168,88 +168,88 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x53, &x54, x52, 0x0, x44); uint32_t x55; fiat_p256_uint1 x56; - fiat_p256_addcarryx_u32(&x55, &x56, x54, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x55, &x56, 0x0, x47, x23); uint32_t x57; fiat_p256_uint1 x58; - fiat_p256_addcarryx_u32(&x57, &x58, 0x0, x47, x23); + fiat_p256_addcarryx_u32(&x57, &x58, x56, x49, x25); uint32_t x59; fiat_p256_uint1 x60; - fiat_p256_addcarryx_u32(&x59, &x60, x58, x49, x25); + fiat_p256_addcarryx_u32(&x59, &x60, x58, x51, x27); uint32_t x61; fiat_p256_uint1 x62; - fiat_p256_addcarryx_u32(&x61, &x62, x60, x51, x27); + fiat_p256_addcarryx_u32(&x61, &x62, x60, x53, x29); uint32_t x63; fiat_p256_uint1 x64; - fiat_p256_addcarryx_u32(&x63, &x64, x62, x53, x29); + fiat_p256_addcarryx_u32(&x63, &x64, x62, 0x0, x31); uint32_t x65; fiat_p256_uint1 x66; - fiat_p256_addcarryx_u32(&x65, &x66, x64, (fiat_p256_uint1)x55, x31); + fiat_p256_addcarryx_u32(&x65, &x66, x64, 0x0, x33); uint32_t x67; fiat_p256_uint1 x68; - fiat_p256_addcarryx_u32(&x67, &x68, x66, 0x0, x33); + fiat_p256_addcarryx_u32(&x67, &x68, x66, x23, x35); uint32_t x69; fiat_p256_uint1 x70; - fiat_p256_addcarryx_u32(&x69, &x70, x68, x23, x35); + fiat_p256_addcarryx_u32(&x69, &x70, x68, x41, x37); uint32_t x71; fiat_p256_uint1 x72; - fiat_p256_addcarryx_u32(&x71, &x72, x70, x41, x37); + fiat_p256_addcarryx_u32(&x71, &x72, x70, x42, x39); uint32_t x73; fiat_p256_uint1 x74; - fiat_p256_addcarryx_u32(&x73, &x74, x72, x42, x39); + fiat_p256_addcarryx_u32(&x73, &x74, x72, 0x0, 0x0); uint32_t x75; - fiat_p256_uint1 x76; - fiat_p256_addcarryx_u32(&x75, &x76, x74, 0x0, 0x0); + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg2[7])); uint32_t x77; uint32_t x78; - fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[7])); + fiat_p256_mulx_u32(&x77, &x78, x1, (arg2[6])); uint32_t x79; uint32_t x80; - fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[6])); + fiat_p256_mulx_u32(&x79, &x80, x1, (arg2[5])); uint32_t x81; uint32_t x82; - fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[5])); + fiat_p256_mulx_u32(&x81, &x82, x1, (arg2[4])); uint32_t x83; uint32_t x84; - fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[4])); + fiat_p256_mulx_u32(&x83, &x84, x1, (arg2[3])); uint32_t x85; uint32_t x86; - fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[3])); + fiat_p256_mulx_u32(&x85, &x86, x1, (arg2[2])); uint32_t x87; uint32_t x88; - fiat_p256_mulx_u32(&x87, &x88, x1, (arg2[2])); + fiat_p256_mulx_u32(&x87, &x88, x1, (arg2[1])); uint32_t x89; uint32_t x90; - fiat_p256_mulx_u32(&x89, &x90, x1, (arg2[1])); + fiat_p256_mulx_u32(&x89, &x90, x1, (arg2[0])); uint32_t x91; - uint32_t x92; - fiat_p256_mulx_u32(&x91, &x92, x1, (arg2[0])); + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, 0x0, x87, x90); uint32_t x93; fiat_p256_uint1 x94; - fiat_p256_addcarryx_u32(&x93, &x94, 0x0, x89, x92); + fiat_p256_addcarryx_u32(&x93, &x94, x92, x85, x88); uint32_t x95; fiat_p256_uint1 x96; - fiat_p256_addcarryx_u32(&x95, &x96, x94, x87, x90); + fiat_p256_addcarryx_u32(&x95, &x96, x94, x83, x86); uint32_t x97; fiat_p256_uint1 x98; - fiat_p256_addcarryx_u32(&x97, &x98, x96, x85, x88); + fiat_p256_addcarryx_u32(&x97, &x98, x96, x81, x84); uint32_t x99; fiat_p256_uint1 x100; - fiat_p256_addcarryx_u32(&x99, &x100, x98, x83, x86); + fiat_p256_addcarryx_u32(&x99, &x100, x98, x79, x82); uint32_t x101; fiat_p256_uint1 x102; - fiat_p256_addcarryx_u32(&x101, &x102, x100, x81, x84); + fiat_p256_addcarryx_u32(&x101, &x102, x100, x77, x80); uint32_t x103; fiat_p256_uint1 x104; - fiat_p256_addcarryx_u32(&x103, &x104, x102, x79, x82); + fiat_p256_addcarryx_u32(&x103, &x104, x102, x75, x78); uint32_t x105; fiat_p256_uint1 x106; - fiat_p256_addcarryx_u32(&x105, &x106, x104, x77, x80); + fiat_p256_addcarryx_u32(&x105, &x106, x104, 0x0, x76); uint32_t x107; fiat_p256_uint1 x108; - fiat_p256_addcarryx_u32(&x107, &x108, x106, 0x0, x78); + fiat_p256_addcarryx_u32(&x107, &x108, 0x0, x89, x57); uint32_t x109; fiat_p256_uint1 x110; - fiat_p256_addcarryx_u32(&x109, &x110, 0x0, x91, x59); + fiat_p256_addcarryx_u32(&x109, &x110, x108, x91, x59); uint32_t x111; fiat_p256_uint1 x112; fiat_p256_addcarryx_u32(&x111, &x112, x110, x93, x61); @@ -270,115 +270,115 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_addcarryx_u32(&x121, &x122, x120, x103, x71); uint32_t x123; fiat_p256_uint1 x124; - fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, x73); + fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, (fiat_p256_uint1)x73); uint32_t x125; - fiat_p256_uint1 x126; - fiat_p256_addcarryx_u32(&x125, &x126, x124, x107, (fiat_p256_uint1)x75); + uint32_t x126; + fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff)); uint32_t x127; uint32_t x128; - fiat_p256_mulx_u32(&x127, &x128, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x127, &x128, x107, UINT32_C(0xffffffff)); uint32_t x129; uint32_t x130; - fiat_p256_mulx_u32(&x129, &x130, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x129, &x130, x107, UINT32_C(0xffffffff)); uint32_t x131; uint32_t x132; - fiat_p256_mulx_u32(&x131, &x132, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff)); uint32_t x133; - uint32_t x134; - fiat_p256_mulx_u32(&x133, &x134, x109, UINT32_C(0xffffffff)); + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x129, x132); uint32_t x135; fiat_p256_uint1 x136; - fiat_p256_addcarryx_u32(&x135, &x136, 0x0, x131, x134); + fiat_p256_addcarryx_u32(&x135, &x136, x134, x127, x130); uint32_t x137; fiat_p256_uint1 x138; - fiat_p256_addcarryx_u32(&x137, &x138, x136, x129, x132); + fiat_p256_addcarryx_u32(&x137, &x138, x136, 0x0, x128); uint32_t x139; fiat_p256_uint1 x140; - fiat_p256_addcarryx_u32(&x139, &x140, x138, 0x0, x130); + fiat_p256_addcarryx_u32(&x139, &x140, 0x0, x131, x107); uint32_t x141; fiat_p256_uint1 x142; - fiat_p256_addcarryx_u32(&x141, &x142, x140, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x141, &x142, x140, x133, x109); uint32_t x143; fiat_p256_uint1 x144; - fiat_p256_addcarryx_u32(&x143, &x144, 0x0, x133, x109); + fiat_p256_addcarryx_u32(&x143, &x144, x142, x135, x111); uint32_t x145; fiat_p256_uint1 x146; - fiat_p256_addcarryx_u32(&x145, &x146, x144, x135, x111); + fiat_p256_addcarryx_u32(&x145, &x146, x144, x137, x113); uint32_t x147; fiat_p256_uint1 x148; - fiat_p256_addcarryx_u32(&x147, &x148, x146, x137, x113); + fiat_p256_addcarryx_u32(&x147, &x148, x146, 0x0, x115); uint32_t x149; fiat_p256_uint1 x150; - fiat_p256_addcarryx_u32(&x149, &x150, x148, x139, x115); + fiat_p256_addcarryx_u32(&x149, &x150, x148, 0x0, x117); uint32_t x151; fiat_p256_uint1 x152; - fiat_p256_addcarryx_u32(&x151, &x152, x150, (fiat_p256_uint1)x141, x117); + fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119); uint32_t x153; fiat_p256_uint1 x154; - fiat_p256_addcarryx_u32(&x153, &x154, x152, 0x0, x119); + fiat_p256_addcarryx_u32(&x153, &x154, x152, x125, x121); uint32_t x155; fiat_p256_uint1 x156; - fiat_p256_addcarryx_u32(&x155, &x156, x154, x109, x121); + fiat_p256_addcarryx_u32(&x155, &x156, x154, x126, x123); uint32_t x157; fiat_p256_uint1 x158; - fiat_p256_addcarryx_u32(&x157, &x158, x156, x127, x123); + fiat_p256_addcarryx_u32(&x157, &x158, x156, 0x0, x124); uint32_t x159; - fiat_p256_uint1 x160; - fiat_p256_addcarryx_u32(&x159, &x160, x158, x128, x125); + uint32_t x160; + fiat_p256_mulx_u32(&x159, &x160, x2, (arg2[7])); uint32_t x161; - fiat_p256_uint1 x162; - fiat_p256_addcarryx_u32(&x161, &x162, x160, 0x0, x126); + uint32_t x162; + fiat_p256_mulx_u32(&x161, &x162, x2, (arg2[6])); uint32_t x163; uint32_t x164; - fiat_p256_mulx_u32(&x163, &x164, x2, (arg2[7])); + fiat_p256_mulx_u32(&x163, &x164, x2, (arg2[5])); uint32_t x165; uint32_t x166; - fiat_p256_mulx_u32(&x165, &x166, x2, (arg2[6])); + fiat_p256_mulx_u32(&x165, &x166, x2, (arg2[4])); uint32_t x167; uint32_t x168; - fiat_p256_mulx_u32(&x167, &x168, x2, (arg2[5])); + fiat_p256_mulx_u32(&x167, &x168, x2, (arg2[3])); uint32_t x169; uint32_t x170; - fiat_p256_mulx_u32(&x169, &x170, x2, (arg2[4])); + fiat_p256_mulx_u32(&x169, &x170, x2, (arg2[2])); uint32_t x171; uint32_t x172; - fiat_p256_mulx_u32(&x171, &x172, x2, (arg2[3])); + fiat_p256_mulx_u32(&x171, &x172, x2, (arg2[1])); uint32_t x173; uint32_t x174; - fiat_p256_mulx_u32(&x173, &x174, x2, (arg2[2])); + fiat_p256_mulx_u32(&x173, &x174, x2, (arg2[0])); uint32_t x175; - uint32_t x176; - fiat_p256_mulx_u32(&x175, &x176, x2, (arg2[1])); + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u32(&x175, &x176, 0x0, x171, x174); uint32_t x177; - uint32_t x178; - fiat_p256_mulx_u32(&x177, &x178, x2, (arg2[0])); + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u32(&x177, &x178, x176, x169, x172); uint32_t x179; fiat_p256_uint1 x180; - fiat_p256_addcarryx_u32(&x179, &x180, 0x0, x175, x178); + fiat_p256_addcarryx_u32(&x179, &x180, x178, x167, x170); uint32_t x181; fiat_p256_uint1 x182; - fiat_p256_addcarryx_u32(&x181, &x182, x180, x173, x176); + fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168); uint32_t x183; fiat_p256_uint1 x184; - fiat_p256_addcarryx_u32(&x183, &x184, x182, x171, x174); + fiat_p256_addcarryx_u32(&x183, &x184, x182, x163, x166); uint32_t x185; fiat_p256_uint1 x186; - fiat_p256_addcarryx_u32(&x185, &x186, x184, x169, x172); + fiat_p256_addcarryx_u32(&x185, &x186, x184, x161, x164); uint32_t x187; fiat_p256_uint1 x188; - fiat_p256_addcarryx_u32(&x187, &x188, x186, x167, x170); + fiat_p256_addcarryx_u32(&x187, &x188, x186, x159, x162); uint32_t x189; fiat_p256_uint1 x190; - fiat_p256_addcarryx_u32(&x189, &x190, x188, x165, x168); + fiat_p256_addcarryx_u32(&x189, &x190, x188, 0x0, x160); uint32_t x191; fiat_p256_uint1 x192; - fiat_p256_addcarryx_u32(&x191, &x192, x190, x163, x166); + fiat_p256_addcarryx_u32(&x191, &x192, 0x0, x173, x141); uint32_t x193; fiat_p256_uint1 x194; - fiat_p256_addcarryx_u32(&x193, &x194, x192, 0x0, x164); + fiat_p256_addcarryx_u32(&x193, &x194, x192, x175, x143); uint32_t x195; fiat_p256_uint1 x196; - fiat_p256_addcarryx_u32(&x195, &x196, 0x0, x177, x145); + fiat_p256_addcarryx_u32(&x195, &x196, x194, x177, x145); uint32_t x197; fiat_p256_uint1 x198; fiat_p256_addcarryx_u32(&x197, &x198, x196, x179, x147); @@ -398,116 +398,116 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x208; fiat_p256_addcarryx_u32(&x207, &x208, x206, x189, x157); uint32_t x209; - fiat_p256_uint1 x210; - fiat_p256_addcarryx_u32(&x209, &x210, x208, x191, x159); + uint32_t x210; + fiat_p256_mulx_u32(&x209, &x210, x191, UINT32_C(0xffffffff)); uint32_t x211; - fiat_p256_uint1 x212; - fiat_p256_addcarryx_u32(&x211, &x212, x210, x193, x161); + uint32_t x212; + fiat_p256_mulx_u32(&x211, &x212, x191, UINT32_C(0xffffffff)); uint32_t x213; uint32_t x214; - fiat_p256_mulx_u32(&x213, &x214, x195, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x213, &x214, x191, UINT32_C(0xffffffff)); uint32_t x215; uint32_t x216; - fiat_p256_mulx_u32(&x215, &x216, x195, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x215, &x216, x191, UINT32_C(0xffffffff)); uint32_t x217; - uint32_t x218; - fiat_p256_mulx_u32(&x217, &x218, x195, UINT32_C(0xffffffff)); + fiat_p256_uint1 x218; + fiat_p256_addcarryx_u32(&x217, &x218, 0x0, x213, x216); uint32_t x219; - uint32_t x220; - fiat_p256_mulx_u32(&x219, &x220, x195, UINT32_C(0xffffffff)); + fiat_p256_uint1 x220; + fiat_p256_addcarryx_u32(&x219, &x220, x218, x211, x214); uint32_t x221; fiat_p256_uint1 x222; - fiat_p256_addcarryx_u32(&x221, &x222, 0x0, x217, x220); + fiat_p256_addcarryx_u32(&x221, &x222, x220, 0x0, x212); uint32_t x223; fiat_p256_uint1 x224; - fiat_p256_addcarryx_u32(&x223, &x224, x222, x215, x218); + fiat_p256_addcarryx_u32(&x223, &x224, 0x0, x215, x191); uint32_t x225; fiat_p256_uint1 x226; - fiat_p256_addcarryx_u32(&x225, &x226, x224, 0x0, x216); + fiat_p256_addcarryx_u32(&x225, &x226, x224, x217, x193); uint32_t x227; fiat_p256_uint1 x228; - fiat_p256_addcarryx_u32(&x227, &x228, x226, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x227, &x228, x226, x219, x195); uint32_t x229; fiat_p256_uint1 x230; - fiat_p256_addcarryx_u32(&x229, &x230, 0x0, x219, x195); + fiat_p256_addcarryx_u32(&x229, &x230, x228, x221, x197); uint32_t x231; fiat_p256_uint1 x232; - fiat_p256_addcarryx_u32(&x231, &x232, x230, x221, x197); + fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199); uint32_t x233; fiat_p256_uint1 x234; - fiat_p256_addcarryx_u32(&x233, &x234, x232, x223, x199); + fiat_p256_addcarryx_u32(&x233, &x234, x232, 0x0, x201); uint32_t x235; fiat_p256_uint1 x236; - fiat_p256_addcarryx_u32(&x235, &x236, x234, x225, x201); + fiat_p256_addcarryx_u32(&x235, &x236, x234, x191, x203); uint32_t x237; fiat_p256_uint1 x238; - fiat_p256_addcarryx_u32(&x237, &x238, x236, (fiat_p256_uint1)x227, x203); + fiat_p256_addcarryx_u32(&x237, &x238, x236, x209, x205); uint32_t x239; fiat_p256_uint1 x240; - fiat_p256_addcarryx_u32(&x239, &x240, x238, 0x0, x205); + fiat_p256_addcarryx_u32(&x239, &x240, x238, x210, x207); uint32_t x241; fiat_p256_uint1 x242; - fiat_p256_addcarryx_u32(&x241, &x242, x240, x195, x207); + fiat_p256_addcarryx_u32(&x241, &x242, x240, 0x0, x208); uint32_t x243; - fiat_p256_uint1 x244; - fiat_p256_addcarryx_u32(&x243, &x244, x242, x213, x209); + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg2[7])); uint32_t x245; - fiat_p256_uint1 x246; - fiat_p256_addcarryx_u32(&x245, &x246, x244, x214, x211); + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg2[6])); uint32_t x247; - fiat_p256_uint1 x248; - fiat_p256_addcarryx_u32(&x247, &x248, x246, 0x0, x212); + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg2[5])); uint32_t x249; uint32_t x250; - fiat_p256_mulx_u32(&x249, &x250, x3, (arg2[7])); + fiat_p256_mulx_u32(&x249, &x250, x3, (arg2[4])); uint32_t x251; uint32_t x252; - fiat_p256_mulx_u32(&x251, &x252, x3, (arg2[6])); + fiat_p256_mulx_u32(&x251, &x252, x3, (arg2[3])); uint32_t x253; uint32_t x254; - fiat_p256_mulx_u32(&x253, &x254, x3, (arg2[5])); + fiat_p256_mulx_u32(&x253, &x254, x3, (arg2[2])); uint32_t x255; uint32_t x256; - fiat_p256_mulx_u32(&x255, &x256, x3, (arg2[4])); + fiat_p256_mulx_u32(&x255, &x256, x3, (arg2[1])); uint32_t x257; uint32_t x258; - fiat_p256_mulx_u32(&x257, &x258, x3, (arg2[3])); + fiat_p256_mulx_u32(&x257, &x258, x3, (arg2[0])); uint32_t x259; - uint32_t x260; - fiat_p256_mulx_u32(&x259, &x260, x3, (arg2[2])); + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, 0x0, x255, x258); uint32_t x261; - uint32_t x262; - fiat_p256_mulx_u32(&x261, &x262, x3, (arg2[1])); + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x253, x256); uint32_t x263; - uint32_t x264; - fiat_p256_mulx_u32(&x263, &x264, x3, (arg2[0])); + fiat_p256_uint1 x264; + fiat_p256_addcarryx_u32(&x263, &x264, x262, x251, x254); uint32_t x265; fiat_p256_uint1 x266; - fiat_p256_addcarryx_u32(&x265, &x266, 0x0, x261, x264); + fiat_p256_addcarryx_u32(&x265, &x266, x264, x249, x252); uint32_t x267; fiat_p256_uint1 x268; - fiat_p256_addcarryx_u32(&x267, &x268, x266, x259, x262); + fiat_p256_addcarryx_u32(&x267, &x268, x266, x247, x250); uint32_t x269; fiat_p256_uint1 x270; - fiat_p256_addcarryx_u32(&x269, &x270, x268, x257, x260); + fiat_p256_addcarryx_u32(&x269, &x270, x268, x245, x248); uint32_t x271; fiat_p256_uint1 x272; - fiat_p256_addcarryx_u32(&x271, &x272, x270, x255, x258); + fiat_p256_addcarryx_u32(&x271, &x272, x270, x243, x246); uint32_t x273; fiat_p256_uint1 x274; - fiat_p256_addcarryx_u32(&x273, &x274, x272, x253, x256); + fiat_p256_addcarryx_u32(&x273, &x274, x272, 0x0, x244); uint32_t x275; fiat_p256_uint1 x276; - fiat_p256_addcarryx_u32(&x275, &x276, x274, x251, x254); + fiat_p256_addcarryx_u32(&x275, &x276, 0x0, x257, x225); uint32_t x277; fiat_p256_uint1 x278; - fiat_p256_addcarryx_u32(&x277, &x278, x276, x249, x252); + fiat_p256_addcarryx_u32(&x277, &x278, x276, x259, x227); uint32_t x279; fiat_p256_uint1 x280; - fiat_p256_addcarryx_u32(&x279, &x280, x278, 0x0, x250); + fiat_p256_addcarryx_u32(&x279, &x280, x278, x261, x229); uint32_t x281; fiat_p256_uint1 x282; - fiat_p256_addcarryx_u32(&x281, &x282, 0x0, x263, x231); + fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231); uint32_t x283; fiat_p256_uint1 x284; fiat_p256_addcarryx_u32(&x283, &x284, x282, x265, x233); @@ -524,119 +524,119 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x292; fiat_p256_addcarryx_u32(&x291, &x292, x290, x273, x241); uint32_t x293; - fiat_p256_uint1 x294; - fiat_p256_addcarryx_u32(&x293, &x294, x292, x275, x243); + uint32_t x294; + fiat_p256_mulx_u32(&x293, &x294, x275, UINT32_C(0xffffffff)); uint32_t x295; - fiat_p256_uint1 x296; - fiat_p256_addcarryx_u32(&x295, &x296, x294, x277, x245); + uint32_t x296; + fiat_p256_mulx_u32(&x295, &x296, x275, UINT32_C(0xffffffff)); uint32_t x297; - fiat_p256_uint1 x298; - fiat_p256_addcarryx_u32(&x297, &x298, x296, x279, x247); + uint32_t x298; + fiat_p256_mulx_u32(&x297, &x298, x275, UINT32_C(0xffffffff)); uint32_t x299; uint32_t x300; - fiat_p256_mulx_u32(&x299, &x300, x281, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x299, &x300, x275, UINT32_C(0xffffffff)); uint32_t x301; - uint32_t x302; - fiat_p256_mulx_u32(&x301, &x302, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, 0x0, x297, x300); uint32_t x303; - uint32_t x304; - fiat_p256_mulx_u32(&x303, &x304, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x295, x298); uint32_t x305; - uint32_t x306; - fiat_p256_mulx_u32(&x305, &x306, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, 0x0, x296); uint32_t x307; fiat_p256_uint1 x308; - fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x303, x306); + fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x299, x275); uint32_t x309; fiat_p256_uint1 x310; - fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x304); + fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x277); uint32_t x311; fiat_p256_uint1 x312; - fiat_p256_addcarryx_u32(&x311, &x312, x310, 0x0, x302); + fiat_p256_addcarryx_u32(&x311, &x312, x310, x303, x279); uint32_t x313; fiat_p256_uint1 x314; - fiat_p256_addcarryx_u32(&x313, &x314, x312, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281); uint32_t x315; fiat_p256_uint1 x316; - fiat_p256_addcarryx_u32(&x315, &x316, 0x0, x305, x281); + fiat_p256_addcarryx_u32(&x315, &x316, x314, 0x0, x283); uint32_t x317; fiat_p256_uint1 x318; - fiat_p256_addcarryx_u32(&x317, &x318, x316, x307, x283); + fiat_p256_addcarryx_u32(&x317, &x318, x316, 0x0, x285); uint32_t x319; fiat_p256_uint1 x320; - fiat_p256_addcarryx_u32(&x319, &x320, x318, x309, x285); + fiat_p256_addcarryx_u32(&x319, &x320, x318, x275, x287); uint32_t x321; fiat_p256_uint1 x322; - fiat_p256_addcarryx_u32(&x321, &x322, x320, x311, x287); + fiat_p256_addcarryx_u32(&x321, &x322, x320, x293, x289); uint32_t x323; fiat_p256_uint1 x324; - fiat_p256_addcarryx_u32(&x323, &x324, x322, (fiat_p256_uint1)x313, x289); + fiat_p256_addcarryx_u32(&x323, &x324, x322, x294, x291); uint32_t x325; fiat_p256_uint1 x326; - fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x291); + fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x292); uint32_t x327; - fiat_p256_uint1 x328; - fiat_p256_addcarryx_u32(&x327, &x328, x326, x281, x293); + uint32_t x328; + fiat_p256_mulx_u32(&x327, &x328, x4, (arg2[7])); uint32_t x329; - fiat_p256_uint1 x330; - fiat_p256_addcarryx_u32(&x329, &x330, x328, x299, x295); + uint32_t x330; + fiat_p256_mulx_u32(&x329, &x330, x4, (arg2[6])); uint32_t x331; - fiat_p256_uint1 x332; - fiat_p256_addcarryx_u32(&x331, &x332, x330, x300, x297); + uint32_t x332; + fiat_p256_mulx_u32(&x331, &x332, x4, (arg2[5])); uint32_t x333; - fiat_p256_uint1 x334; - fiat_p256_addcarryx_u32(&x333, &x334, x332, 0x0, x298); + uint32_t x334; + fiat_p256_mulx_u32(&x333, &x334, x4, (arg2[4])); uint32_t x335; uint32_t x336; - fiat_p256_mulx_u32(&x335, &x336, x4, (arg2[7])); + fiat_p256_mulx_u32(&x335, &x336, x4, (arg2[3])); uint32_t x337; uint32_t x338; - fiat_p256_mulx_u32(&x337, &x338, x4, (arg2[6])); + fiat_p256_mulx_u32(&x337, &x338, x4, (arg2[2])); uint32_t x339; uint32_t x340; - fiat_p256_mulx_u32(&x339, &x340, x4, (arg2[5])); + fiat_p256_mulx_u32(&x339, &x340, x4, (arg2[1])); uint32_t x341; uint32_t x342; - fiat_p256_mulx_u32(&x341, &x342, x4, (arg2[4])); + fiat_p256_mulx_u32(&x341, &x342, x4, (arg2[0])); uint32_t x343; - uint32_t x344; - fiat_p256_mulx_u32(&x343, &x344, x4, (arg2[3])); + fiat_p256_uint1 x344; + fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342); uint32_t x345; - uint32_t x346; - fiat_p256_mulx_u32(&x345, &x346, x4, (arg2[2])); + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, x344, x337, x340); uint32_t x347; - uint32_t x348; - fiat_p256_mulx_u32(&x347, &x348, x4, (arg2[1])); + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x335, x338); uint32_t x349; - uint32_t x350; - fiat_p256_mulx_u32(&x349, &x350, x4, (arg2[0])); + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x333, x336); uint32_t x351; fiat_p256_uint1 x352; - fiat_p256_addcarryx_u32(&x351, &x352, 0x0, x347, x350); + fiat_p256_addcarryx_u32(&x351, &x352, x350, x331, x334); uint32_t x353; fiat_p256_uint1 x354; - fiat_p256_addcarryx_u32(&x353, &x354, x352, x345, x348); + fiat_p256_addcarryx_u32(&x353, &x354, x352, x329, x332); uint32_t x355; fiat_p256_uint1 x356; - fiat_p256_addcarryx_u32(&x355, &x356, x354, x343, x346); + fiat_p256_addcarryx_u32(&x355, &x356, x354, x327, x330); uint32_t x357; fiat_p256_uint1 x358; - fiat_p256_addcarryx_u32(&x357, &x358, x356, x341, x344); + fiat_p256_addcarryx_u32(&x357, &x358, x356, 0x0, x328); uint32_t x359; fiat_p256_uint1 x360; - fiat_p256_addcarryx_u32(&x359, &x360, x358, x339, x342); + fiat_p256_addcarryx_u32(&x359, &x360, 0x0, x341, x309); uint32_t x361; fiat_p256_uint1 x362; - fiat_p256_addcarryx_u32(&x361, &x362, x360, x337, x340); + fiat_p256_addcarryx_u32(&x361, &x362, x360, x343, x311); uint32_t x363; fiat_p256_uint1 x364; - fiat_p256_addcarryx_u32(&x363, &x364, x362, x335, x338); + fiat_p256_addcarryx_u32(&x363, &x364, x362, x345, x313); uint32_t x365; fiat_p256_uint1 x366; - fiat_p256_addcarryx_u32(&x365, &x366, x364, 0x0, x336); + fiat_p256_addcarryx_u32(&x365, &x366, x364, x347, x315); uint32_t x367; fiat_p256_uint1 x368; - fiat_p256_addcarryx_u32(&x367, &x368, 0x0, x349, x317); + fiat_p256_addcarryx_u32(&x367, &x368, x366, x349, x317); uint32_t x369; fiat_p256_uint1 x370; fiat_p256_addcarryx_u32(&x369, &x370, x368, x351, x319); @@ -650,122 +650,122 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x376; fiat_p256_addcarryx_u32(&x375, &x376, x374, x357, x325); uint32_t x377; - fiat_p256_uint1 x378; - fiat_p256_addcarryx_u32(&x377, &x378, x376, x359, x327); + uint32_t x378; + fiat_p256_mulx_u32(&x377, &x378, x359, UINT32_C(0xffffffff)); uint32_t x379; - fiat_p256_uint1 x380; - fiat_p256_addcarryx_u32(&x379, &x380, x378, x361, x329); + uint32_t x380; + fiat_p256_mulx_u32(&x379, &x380, x359, UINT32_C(0xffffffff)); uint32_t x381; - fiat_p256_uint1 x382; - fiat_p256_addcarryx_u32(&x381, &x382, x380, x363, x331); + uint32_t x382; + fiat_p256_mulx_u32(&x381, &x382, x359, UINT32_C(0xffffffff)); uint32_t x383; - fiat_p256_uint1 x384; - fiat_p256_addcarryx_u32(&x383, &x384, x382, x365, x333); + uint32_t x384; + fiat_p256_mulx_u32(&x383, &x384, x359, UINT32_C(0xffffffff)); uint32_t x385; - uint32_t x386; - fiat_p256_mulx_u32(&x385, &x386, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x386; + fiat_p256_addcarryx_u32(&x385, &x386, 0x0, x381, x384); uint32_t x387; - uint32_t x388; - fiat_p256_mulx_u32(&x387, &x388, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x388; + fiat_p256_addcarryx_u32(&x387, &x388, x386, x379, x382); uint32_t x389; - uint32_t x390; - fiat_p256_mulx_u32(&x389, &x390, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x390; + fiat_p256_addcarryx_u32(&x389, &x390, x388, 0x0, x380); uint32_t x391; - uint32_t x392; - fiat_p256_mulx_u32(&x391, &x392, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x392; + fiat_p256_addcarryx_u32(&x391, &x392, 0x0, x383, x359); uint32_t x393; fiat_p256_uint1 x394; - fiat_p256_addcarryx_u32(&x393, &x394, 0x0, x389, x392); + fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361); uint32_t x395; fiat_p256_uint1 x396; - fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x390); + fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x363); uint32_t x397; fiat_p256_uint1 x398; - fiat_p256_addcarryx_u32(&x397, &x398, x396, 0x0, x388); + fiat_p256_addcarryx_u32(&x397, &x398, x396, x389, x365); uint32_t x399; fiat_p256_uint1 x400; - fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, x367); uint32_t x401; fiat_p256_uint1 x402; - fiat_p256_addcarryx_u32(&x401, &x402, 0x0, x391, x367); + fiat_p256_addcarryx_u32(&x401, &x402, x400, 0x0, x369); uint32_t x403; fiat_p256_uint1 x404; - fiat_p256_addcarryx_u32(&x403, &x404, x402, x393, x369); + fiat_p256_addcarryx_u32(&x403, &x404, x402, x359, x371); uint32_t x405; fiat_p256_uint1 x406; - fiat_p256_addcarryx_u32(&x405, &x406, x404, x395, x371); + fiat_p256_addcarryx_u32(&x405, &x406, x404, x377, x373); uint32_t x407; fiat_p256_uint1 x408; - fiat_p256_addcarryx_u32(&x407, &x408, x406, x397, x373); + fiat_p256_addcarryx_u32(&x407, &x408, x406, x378, x375); uint32_t x409; fiat_p256_uint1 x410; - fiat_p256_addcarryx_u32(&x409, &x410, x408, (fiat_p256_uint1)x399, x375); + fiat_p256_addcarryx_u32(&x409, &x410, x408, 0x0, x376); uint32_t x411; - fiat_p256_uint1 x412; - fiat_p256_addcarryx_u32(&x411, &x412, x410, 0x0, x377); + uint32_t x412; + fiat_p256_mulx_u32(&x411, &x412, x5, (arg2[7])); uint32_t x413; - fiat_p256_uint1 x414; - fiat_p256_addcarryx_u32(&x413, &x414, x412, x367, x379); + uint32_t x414; + fiat_p256_mulx_u32(&x413, &x414, x5, (arg2[6])); uint32_t x415; - fiat_p256_uint1 x416; - fiat_p256_addcarryx_u32(&x415, &x416, x414, x385, x381); + uint32_t x416; + fiat_p256_mulx_u32(&x415, &x416, x5, (arg2[5])); uint32_t x417; - fiat_p256_uint1 x418; - fiat_p256_addcarryx_u32(&x417, &x418, x416, x386, x383); + uint32_t x418; + fiat_p256_mulx_u32(&x417, &x418, x5, (arg2[4])); uint32_t x419; - fiat_p256_uint1 x420; - fiat_p256_addcarryx_u32(&x419, &x420, x418, 0x0, x384); + uint32_t x420; + fiat_p256_mulx_u32(&x419, &x420, x5, (arg2[3])); uint32_t x421; uint32_t x422; - fiat_p256_mulx_u32(&x421, &x422, x5, (arg2[7])); + fiat_p256_mulx_u32(&x421, &x422, x5, (arg2[2])); uint32_t x423; uint32_t x424; - fiat_p256_mulx_u32(&x423, &x424, x5, (arg2[6])); + fiat_p256_mulx_u32(&x423, &x424, x5, (arg2[1])); uint32_t x425; uint32_t x426; - fiat_p256_mulx_u32(&x425, &x426, x5, (arg2[5])); + fiat_p256_mulx_u32(&x425, &x426, x5, (arg2[0])); uint32_t x427; - uint32_t x428; - fiat_p256_mulx_u32(&x427, &x428, x5, (arg2[4])); + fiat_p256_uint1 x428; + fiat_p256_addcarryx_u32(&x427, &x428, 0x0, x423, x426); uint32_t x429; - uint32_t x430; - fiat_p256_mulx_u32(&x429, &x430, x5, (arg2[3])); + fiat_p256_uint1 x430; + fiat_p256_addcarryx_u32(&x429, &x430, x428, x421, x424); uint32_t x431; - uint32_t x432; - fiat_p256_mulx_u32(&x431, &x432, x5, (arg2[2])); + fiat_p256_uint1 x432; + fiat_p256_addcarryx_u32(&x431, &x432, x430, x419, x422); uint32_t x433; - uint32_t x434; - fiat_p256_mulx_u32(&x433, &x434, x5, (arg2[1])); + fiat_p256_uint1 x434; + fiat_p256_addcarryx_u32(&x433, &x434, x432, x417, x420); uint32_t x435; - uint32_t x436; - fiat_p256_mulx_u32(&x435, &x436, x5, (arg2[0])); + fiat_p256_uint1 x436; + fiat_p256_addcarryx_u32(&x435, &x436, x434, x415, x418); uint32_t x437; fiat_p256_uint1 x438; - fiat_p256_addcarryx_u32(&x437, &x438, 0x0, x433, x436); + fiat_p256_addcarryx_u32(&x437, &x438, x436, x413, x416); uint32_t x439; fiat_p256_uint1 x440; - fiat_p256_addcarryx_u32(&x439, &x440, x438, x431, x434); + fiat_p256_addcarryx_u32(&x439, &x440, x438, x411, x414); uint32_t x441; fiat_p256_uint1 x442; - fiat_p256_addcarryx_u32(&x441, &x442, x440, x429, x432); + fiat_p256_addcarryx_u32(&x441, &x442, x440, 0x0, x412); uint32_t x443; fiat_p256_uint1 x444; - fiat_p256_addcarryx_u32(&x443, &x444, x442, x427, x430); + fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393); uint32_t x445; fiat_p256_uint1 x446; - fiat_p256_addcarryx_u32(&x445, &x446, x444, x425, x428); + fiat_p256_addcarryx_u32(&x445, &x446, x444, x427, x395); uint32_t x447; fiat_p256_uint1 x448; - fiat_p256_addcarryx_u32(&x447, &x448, x446, x423, x426); + fiat_p256_addcarryx_u32(&x447, &x448, x446, x429, x397); uint32_t x449; fiat_p256_uint1 x450; - fiat_p256_addcarryx_u32(&x449, &x450, x448, x421, x424); + fiat_p256_addcarryx_u32(&x449, &x450, x448, x431, x399); uint32_t x451; fiat_p256_uint1 x452; - fiat_p256_addcarryx_u32(&x451, &x452, x450, 0x0, x422); + fiat_p256_addcarryx_u32(&x451, &x452, x450, x433, x401); uint32_t x453; fiat_p256_uint1 x454; - fiat_p256_addcarryx_u32(&x453, &x454, 0x0, x435, x403); + fiat_p256_addcarryx_u32(&x453, &x454, x452, x435, x403); uint32_t x455; fiat_p256_uint1 x456; fiat_p256_addcarryx_u32(&x455, &x456, x454, x437, x405); @@ -776,125 +776,125 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x460; fiat_p256_addcarryx_u32(&x459, &x460, x458, x441, x409); uint32_t x461; - fiat_p256_uint1 x462; - fiat_p256_addcarryx_u32(&x461, &x462, x460, x443, x411); + uint32_t x462; + fiat_p256_mulx_u32(&x461, &x462, x443, UINT32_C(0xffffffff)); uint32_t x463; - fiat_p256_uint1 x464; - fiat_p256_addcarryx_u32(&x463, &x464, x462, x445, x413); + uint32_t x464; + fiat_p256_mulx_u32(&x463, &x464, x443, UINT32_C(0xffffffff)); uint32_t x465; - fiat_p256_uint1 x466; - fiat_p256_addcarryx_u32(&x465, &x466, x464, x447, x415); + uint32_t x466; + fiat_p256_mulx_u32(&x465, &x466, x443, UINT32_C(0xffffffff)); uint32_t x467; - fiat_p256_uint1 x468; - fiat_p256_addcarryx_u32(&x467, &x468, x466, x449, x417); + uint32_t x468; + fiat_p256_mulx_u32(&x467, &x468, x443, UINT32_C(0xffffffff)); uint32_t x469; fiat_p256_uint1 x470; - fiat_p256_addcarryx_u32(&x469, &x470, x468, x451, x419); + fiat_p256_addcarryx_u32(&x469, &x470, 0x0, x465, x468); uint32_t x471; - uint32_t x472; - fiat_p256_mulx_u32(&x471, &x472, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x463, x466); uint32_t x473; - uint32_t x474; - fiat_p256_mulx_u32(&x473, &x474, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, 0x0, x464); uint32_t x475; - uint32_t x476; - fiat_p256_mulx_u32(&x475, &x476, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x476; + fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443); uint32_t x477; - uint32_t x478; - fiat_p256_mulx_u32(&x477, &x478, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x478; + fiat_p256_addcarryx_u32(&x477, &x478, x476, x469, x445); uint32_t x479; fiat_p256_uint1 x480; - fiat_p256_addcarryx_u32(&x479, &x480, 0x0, x475, x478); + fiat_p256_addcarryx_u32(&x479, &x480, x478, x471, x447); uint32_t x481; fiat_p256_uint1 x482; - fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x476); + fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x449); uint32_t x483; fiat_p256_uint1 x484; - fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x474); + fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x451); uint32_t x485; fiat_p256_uint1 x486; - fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, x453); uint32_t x487; fiat_p256_uint1 x488; - fiat_p256_addcarryx_u32(&x487, &x488, 0x0, x477, x453); + fiat_p256_addcarryx_u32(&x487, &x488, x486, x443, x455); uint32_t x489; fiat_p256_uint1 x490; - fiat_p256_addcarryx_u32(&x489, &x490, x488, x479, x455); + fiat_p256_addcarryx_u32(&x489, &x490, x488, x461, x457); uint32_t x491; fiat_p256_uint1 x492; - fiat_p256_addcarryx_u32(&x491, &x492, x490, x481, x457); + fiat_p256_addcarryx_u32(&x491, &x492, x490, x462, x459); uint32_t x493; fiat_p256_uint1 x494; - fiat_p256_addcarryx_u32(&x493, &x494, x492, x483, x459); + fiat_p256_addcarryx_u32(&x493, &x494, x492, 0x0, x460); uint32_t x495; - fiat_p256_uint1 x496; - fiat_p256_addcarryx_u32(&x495, &x496, x494, (fiat_p256_uint1)x485, x461); + uint32_t x496; + fiat_p256_mulx_u32(&x495, &x496, x6, (arg2[7])); uint32_t x497; - fiat_p256_uint1 x498; - fiat_p256_addcarryx_u32(&x497, &x498, x496, 0x0, x463); + uint32_t x498; + fiat_p256_mulx_u32(&x497, &x498, x6, (arg2[6])); uint32_t x499; - fiat_p256_uint1 x500; - fiat_p256_addcarryx_u32(&x499, &x500, x498, x453, x465); + uint32_t x500; + fiat_p256_mulx_u32(&x499, &x500, x6, (arg2[5])); uint32_t x501; - fiat_p256_uint1 x502; - fiat_p256_addcarryx_u32(&x501, &x502, x500, x471, x467); + uint32_t x502; + fiat_p256_mulx_u32(&x501, &x502, x6, (arg2[4])); uint32_t x503; - fiat_p256_uint1 x504; - fiat_p256_addcarryx_u32(&x503, &x504, x502, x472, x469); + uint32_t x504; + fiat_p256_mulx_u32(&x503, &x504, x6, (arg2[3])); uint32_t x505; - fiat_p256_uint1 x506; - fiat_p256_addcarryx_u32(&x505, &x506, x504, 0x0, x470); + uint32_t x506; + fiat_p256_mulx_u32(&x505, &x506, x6, (arg2[2])); uint32_t x507; uint32_t x508; - fiat_p256_mulx_u32(&x507, &x508, x6, (arg2[7])); + fiat_p256_mulx_u32(&x507, &x508, x6, (arg2[1])); uint32_t x509; uint32_t x510; - fiat_p256_mulx_u32(&x509, &x510, x6, (arg2[6])); + fiat_p256_mulx_u32(&x509, &x510, x6, (arg2[0])); uint32_t x511; - uint32_t x512; - fiat_p256_mulx_u32(&x511, &x512, x6, (arg2[5])); + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, 0x0, x507, x510); uint32_t x513; - uint32_t x514; - fiat_p256_mulx_u32(&x513, &x514, x6, (arg2[4])); + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x505, x508); uint32_t x515; - uint32_t x516; - fiat_p256_mulx_u32(&x515, &x516, x6, (arg2[3])); + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x503, x506); uint32_t x517; - uint32_t x518; - fiat_p256_mulx_u32(&x517, &x518, x6, (arg2[2])); + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x501, x504); uint32_t x519; - uint32_t x520; - fiat_p256_mulx_u32(&x519, &x520, x6, (arg2[1])); + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x499, x502); uint32_t x521; - uint32_t x522; - fiat_p256_mulx_u32(&x521, &x522, x6, (arg2[0])); + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x497, x500); uint32_t x523; fiat_p256_uint1 x524; - fiat_p256_addcarryx_u32(&x523, &x524, 0x0, x519, x522); + fiat_p256_addcarryx_u32(&x523, &x524, x522, x495, x498); uint32_t x525; fiat_p256_uint1 x526; - fiat_p256_addcarryx_u32(&x525, &x526, x524, x517, x520); + fiat_p256_addcarryx_u32(&x525, &x526, x524, 0x0, x496); uint32_t x527; fiat_p256_uint1 x528; - fiat_p256_addcarryx_u32(&x527, &x528, x526, x515, x518); + fiat_p256_addcarryx_u32(&x527, &x528, 0x0, x509, x477); uint32_t x529; fiat_p256_uint1 x530; - fiat_p256_addcarryx_u32(&x529, &x530, x528, x513, x516); + fiat_p256_addcarryx_u32(&x529, &x530, x528, x511, x479); uint32_t x531; fiat_p256_uint1 x532; - fiat_p256_addcarryx_u32(&x531, &x532, x530, x511, x514); + fiat_p256_addcarryx_u32(&x531, &x532, x530, x513, x481); uint32_t x533; fiat_p256_uint1 x534; - fiat_p256_addcarryx_u32(&x533, &x534, x532, x509, x512); + fiat_p256_addcarryx_u32(&x533, &x534, x532, x515, x483); uint32_t x535; fiat_p256_uint1 x536; - fiat_p256_addcarryx_u32(&x535, &x536, x534, x507, x510); + fiat_p256_addcarryx_u32(&x535, &x536, x534, x517, x485); uint32_t x537; fiat_p256_uint1 x538; - fiat_p256_addcarryx_u32(&x537, &x538, x536, 0x0, x508); + fiat_p256_addcarryx_u32(&x537, &x538, x536, x519, x487); uint32_t x539; fiat_p256_uint1 x540; - fiat_p256_addcarryx_u32(&x539, &x540, 0x0, x521, x489); + fiat_p256_addcarryx_u32(&x539, &x540, x538, x521, x489); uint32_t x541; fiat_p256_uint1 x542; fiat_p256_addcarryx_u32(&x541, &x542, x540, x523, x491); @@ -902,257 +902,233 @@ static void fiat_p256_mul(uint32_t out1[8], const uint32_t arg1[8], const uint32 fiat_p256_uint1 x544; fiat_p256_addcarryx_u32(&x543, &x544, x542, x525, x493); uint32_t x545; - fiat_p256_uint1 x546; - fiat_p256_addcarryx_u32(&x545, &x546, x544, x527, x495); + uint32_t x546; + fiat_p256_mulx_u32(&x545, &x546, x527, UINT32_C(0xffffffff)); uint32_t x547; - fiat_p256_uint1 x548; - fiat_p256_addcarryx_u32(&x547, &x548, x546, x529, x497); + uint32_t x548; + fiat_p256_mulx_u32(&x547, &x548, x527, UINT32_C(0xffffffff)); uint32_t x549; - fiat_p256_uint1 x550; - fiat_p256_addcarryx_u32(&x549, &x550, x548, x531, x499); + uint32_t x550; + fiat_p256_mulx_u32(&x549, &x550, x527, UINT32_C(0xffffffff)); uint32_t x551; - fiat_p256_uint1 x552; - fiat_p256_addcarryx_u32(&x551, &x552, x550, x533, x501); + uint32_t x552; + fiat_p256_mulx_u32(&x551, &x552, x527, UINT32_C(0xffffffff)); uint32_t x553; fiat_p256_uint1 x554; - fiat_p256_addcarryx_u32(&x553, &x554, x552, x535, x503); + fiat_p256_addcarryx_u32(&x553, &x554, 0x0, x549, x552); uint32_t x555; fiat_p256_uint1 x556; - fiat_p256_addcarryx_u32(&x555, &x556, x554, x537, x505); + fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550); uint32_t x557; - uint32_t x558; - fiat_p256_mulx_u32(&x557, &x558, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x558; + fiat_p256_addcarryx_u32(&x557, &x558, x556, 0x0, x548); uint32_t x559; - uint32_t x560; - fiat_p256_mulx_u32(&x559, &x560, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x560; + fiat_p256_addcarryx_u32(&x559, &x560, 0x0, x551, x527); uint32_t x561; - uint32_t x562; - fiat_p256_mulx_u32(&x561, &x562, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x562; + fiat_p256_addcarryx_u32(&x561, &x562, x560, x553, x529); uint32_t x563; - uint32_t x564; - fiat_p256_mulx_u32(&x563, &x564, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x564; + fiat_p256_addcarryx_u32(&x563, &x564, x562, x555, x531); uint32_t x565; fiat_p256_uint1 x566; - fiat_p256_addcarryx_u32(&x565, &x566, 0x0, x561, x564); + fiat_p256_addcarryx_u32(&x565, &x566, x564, x557, x533); uint32_t x567; fiat_p256_uint1 x568; - fiat_p256_addcarryx_u32(&x567, &x568, x566, x559, x562); + fiat_p256_addcarryx_u32(&x567, &x568, x566, 0x0, x535); uint32_t x569; fiat_p256_uint1 x570; - fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x560); + fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x537); uint32_t x571; fiat_p256_uint1 x572; - fiat_p256_addcarryx_u32(&x571, &x572, x570, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x571, &x572, x570, x527, x539); uint32_t x573; fiat_p256_uint1 x574; - fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x563, x539); + fiat_p256_addcarryx_u32(&x573, &x574, x572, x545, x541); uint32_t x575; fiat_p256_uint1 x576; - fiat_p256_addcarryx_u32(&x575, &x576, x574, x565, x541); + fiat_p256_addcarryx_u32(&x575, &x576, x574, x546, x543); uint32_t x577; fiat_p256_uint1 x578; - fiat_p256_addcarryx_u32(&x577, &x578, x576, x567, x543); + fiat_p256_addcarryx_u32(&x577, &x578, x576, 0x0, x544); uint32_t x579; - fiat_p256_uint1 x580; - fiat_p256_addcarryx_u32(&x579, &x580, x578, x569, x545); + uint32_t x580; + fiat_p256_mulx_u32(&x579, &x580, x7, (arg2[7])); uint32_t x581; - fiat_p256_uint1 x582; - fiat_p256_addcarryx_u32(&x581, &x582, x580, (fiat_p256_uint1)x571, x547); + uint32_t x582; + fiat_p256_mulx_u32(&x581, &x582, x7, (arg2[6])); uint32_t x583; - fiat_p256_uint1 x584; - fiat_p256_addcarryx_u32(&x583, &x584, x582, 0x0, x549); + uint32_t x584; + fiat_p256_mulx_u32(&x583, &x584, x7, (arg2[5])); uint32_t x585; - fiat_p256_uint1 x586; - fiat_p256_addcarryx_u32(&x585, &x586, x584, x539, x551); + uint32_t x586; + fiat_p256_mulx_u32(&x585, &x586, x7, (arg2[4])); uint32_t x587; - fiat_p256_uint1 x588; - fiat_p256_addcarryx_u32(&x587, &x588, x586, x557, x553); + uint32_t x588; + fiat_p256_mulx_u32(&x587, &x588, x7, (arg2[3])); uint32_t x589; - fiat_p256_uint1 x590; - fiat_p256_addcarryx_u32(&x589, &x590, x588, x558, x555); + uint32_t x590; + fiat_p256_mulx_u32(&x589, &x590, x7, (arg2[2])); uint32_t x591; - fiat_p256_uint1 x592; - fiat_p256_addcarryx_u32(&x591, &x592, x590, 0x0, x556); + uint32_t x592; + fiat_p256_mulx_u32(&x591, &x592, x7, (arg2[1])); uint32_t x593; uint32_t x594; - fiat_p256_mulx_u32(&x593, &x594, x7, (arg2[7])); + fiat_p256_mulx_u32(&x593, &x594, x7, (arg2[0])); uint32_t x595; - uint32_t x596; - fiat_p256_mulx_u32(&x595, &x596, x7, (arg2[6])); + fiat_p256_uint1 x596; + fiat_p256_addcarryx_u32(&x595, &x596, 0x0, x591, x594); uint32_t x597; - uint32_t x598; - fiat_p256_mulx_u32(&x597, &x598, x7, (arg2[5])); + fiat_p256_uint1 x598; + fiat_p256_addcarryx_u32(&x597, &x598, x596, x589, x592); uint32_t x599; - uint32_t x600; - fiat_p256_mulx_u32(&x599, &x600, x7, (arg2[4])); + fiat_p256_uint1 x600; + fiat_p256_addcarryx_u32(&x599, &x600, x598, x587, x590); uint32_t x601; - uint32_t x602; - fiat_p256_mulx_u32(&x601, &x602, x7, (arg2[3])); + fiat_p256_uint1 x602; + fiat_p256_addcarryx_u32(&x601, &x602, x600, x585, x588); uint32_t x603; - uint32_t x604; - fiat_p256_mulx_u32(&x603, &x604, x7, (arg2[2])); + fiat_p256_uint1 x604; + fiat_p256_addcarryx_u32(&x603, &x604, x602, x583, x586); uint32_t x605; - uint32_t x606; - fiat_p256_mulx_u32(&x605, &x606, x7, (arg2[1])); + fiat_p256_uint1 x606; + fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584); uint32_t x607; - uint32_t x608; - fiat_p256_mulx_u32(&x607, &x608, x7, (arg2[0])); + fiat_p256_uint1 x608; + fiat_p256_addcarryx_u32(&x607, &x608, x606, x579, x582); uint32_t x609; fiat_p256_uint1 x610; - fiat_p256_addcarryx_u32(&x609, &x610, 0x0, x605, x608); + fiat_p256_addcarryx_u32(&x609, &x610, x608, 0x0, x580); uint32_t x611; fiat_p256_uint1 x612; - fiat_p256_addcarryx_u32(&x611, &x612, x610, x603, x606); + fiat_p256_addcarryx_u32(&x611, &x612, 0x0, x593, x561); uint32_t x613; fiat_p256_uint1 x614; - fiat_p256_addcarryx_u32(&x613, &x614, x612, x601, x604); + fiat_p256_addcarryx_u32(&x613, &x614, x612, x595, x563); uint32_t x615; fiat_p256_uint1 x616; - fiat_p256_addcarryx_u32(&x615, &x616, x614, x599, x602); + fiat_p256_addcarryx_u32(&x615, &x616, x614, x597, x565); uint32_t x617; fiat_p256_uint1 x618; - fiat_p256_addcarryx_u32(&x617, &x618, x616, x597, x600); + fiat_p256_addcarryx_u32(&x617, &x618, x616, x599, x567); uint32_t x619; fiat_p256_uint1 x620; - fiat_p256_addcarryx_u32(&x619, &x620, x618, x595, x598); + fiat_p256_addcarryx_u32(&x619, &x620, x618, x601, x569); uint32_t x621; fiat_p256_uint1 x622; - fiat_p256_addcarryx_u32(&x621, &x622, x620, x593, x596); + fiat_p256_addcarryx_u32(&x621, &x622, x620, x603, x571); uint32_t x623; fiat_p256_uint1 x624; - fiat_p256_addcarryx_u32(&x623, &x624, x622, 0x0, x594); + fiat_p256_addcarryx_u32(&x623, &x624, x622, x605, x573); uint32_t x625; fiat_p256_uint1 x626; - fiat_p256_addcarryx_u32(&x625, &x626, 0x0, x607, x575); + fiat_p256_addcarryx_u32(&x625, &x626, x624, x607, x575); uint32_t x627; fiat_p256_uint1 x628; fiat_p256_addcarryx_u32(&x627, &x628, x626, x609, x577); uint32_t x629; - fiat_p256_uint1 x630; - fiat_p256_addcarryx_u32(&x629, &x630, x628, x611, x579); + uint32_t x630; + fiat_p256_mulx_u32(&x629, &x630, x611, UINT32_C(0xffffffff)); uint32_t x631; - fiat_p256_uint1 x632; - fiat_p256_addcarryx_u32(&x631, &x632, x630, x613, x581); + uint32_t x632; + fiat_p256_mulx_u32(&x631, &x632, x611, UINT32_C(0xffffffff)); uint32_t x633; - fiat_p256_uint1 x634; - fiat_p256_addcarryx_u32(&x633, &x634, x632, x615, x583); + uint32_t x634; + fiat_p256_mulx_u32(&x633, &x634, x611, UINT32_C(0xffffffff)); uint32_t x635; - fiat_p256_uint1 x636; - fiat_p256_addcarryx_u32(&x635, &x636, x634, x617, x585); + uint32_t x636; + fiat_p256_mulx_u32(&x635, &x636, x611, UINT32_C(0xffffffff)); uint32_t x637; fiat_p256_uint1 x638; - fiat_p256_addcarryx_u32(&x637, &x638, x636, x619, x587); + fiat_p256_addcarryx_u32(&x637, &x638, 0x0, x633, x636); uint32_t x639; fiat_p256_uint1 x640; - fiat_p256_addcarryx_u32(&x639, &x640, x638, x621, x589); + fiat_p256_addcarryx_u32(&x639, &x640, x638, x631, x634); uint32_t x641; fiat_p256_uint1 x642; - fiat_p256_addcarryx_u32(&x641, &x642, x640, x623, x591); + fiat_p256_addcarryx_u32(&x641, &x642, x640, 0x0, x632); uint32_t x643; - uint32_t x644; - fiat_p256_mulx_u32(&x643, &x644, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x644; + fiat_p256_addcarryx_u32(&x643, &x644, 0x0, x635, x611); uint32_t x645; - uint32_t x646; - fiat_p256_mulx_u32(&x645, &x646, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x646; + fiat_p256_addcarryx_u32(&x645, &x646, x644, x637, x613); uint32_t x647; - uint32_t x648; - fiat_p256_mulx_u32(&x647, &x648, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x648; + fiat_p256_addcarryx_u32(&x647, &x648, x646, x639, x615); uint32_t x649; - uint32_t x650; - fiat_p256_mulx_u32(&x649, &x650, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x650; + fiat_p256_addcarryx_u32(&x649, &x650, x648, x641, x617); uint32_t x651; fiat_p256_uint1 x652; - fiat_p256_addcarryx_u32(&x651, &x652, 0x0, x647, x650); + fiat_p256_addcarryx_u32(&x651, &x652, x650, 0x0, x619); uint32_t x653; fiat_p256_uint1 x654; - fiat_p256_addcarryx_u32(&x653, &x654, x652, x645, x648); + fiat_p256_addcarryx_u32(&x653, &x654, x652, 0x0, x621); uint32_t x655; fiat_p256_uint1 x656; - fiat_p256_addcarryx_u32(&x655, &x656, x654, 0x0, x646); + fiat_p256_addcarryx_u32(&x655, &x656, x654, x611, x623); uint32_t x657; fiat_p256_uint1 x658; - fiat_p256_addcarryx_u32(&x657, &x658, x656, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x657, &x658, x656, x629, x625); uint32_t x659; fiat_p256_uint1 x660; - fiat_p256_addcarryx_u32(&x659, &x660, 0x0, x649, x625); + fiat_p256_addcarryx_u32(&x659, &x660, x658, x630, x627); uint32_t x661; fiat_p256_uint1 x662; - fiat_p256_addcarryx_u32(&x661, &x662, x660, x651, x627); + fiat_p256_addcarryx_u32(&x661, &x662, x660, 0x0, x628); uint32_t x663; fiat_p256_uint1 x664; - fiat_p256_addcarryx_u32(&x663, &x664, x662, x653, x629); + fiat_p256_subborrowx_u32(&x663, &x664, 0x0, x645, UINT32_C(0xffffffff)); uint32_t x665; fiat_p256_uint1 x666; - fiat_p256_addcarryx_u32(&x665, &x666, x664, x655, x631); + fiat_p256_subborrowx_u32(&x665, &x666, x664, x647, UINT32_C(0xffffffff)); uint32_t x667; fiat_p256_uint1 x668; - fiat_p256_addcarryx_u32(&x667, &x668, x666, (fiat_p256_uint1)x657, x633); + fiat_p256_subborrowx_u32(&x667, &x668, x666, x649, UINT32_C(0xffffffff)); uint32_t x669; fiat_p256_uint1 x670; - fiat_p256_addcarryx_u32(&x669, &x670, x668, 0x0, x635); + fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0); uint32_t x671; fiat_p256_uint1 x672; - fiat_p256_addcarryx_u32(&x671, &x672, x670, x625, x637); + fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0); uint32_t x673; fiat_p256_uint1 x674; - fiat_p256_addcarryx_u32(&x673, &x674, x672, x643, x639); + fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0); uint32_t x675; fiat_p256_uint1 x676; - fiat_p256_addcarryx_u32(&x675, &x676, x674, x644, x641); + fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1); uint32_t x677; fiat_p256_uint1 x678; - fiat_p256_addcarryx_u32(&x677, &x678, x676, 0x0, x642); + fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff)); uint32_t x679; fiat_p256_uint1 x680; - fiat_p256_subborrowx_u32(&x679, &x680, 0x0, x661, UINT32_C(0xffffffff)); + fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0); uint32_t x681; - fiat_p256_uint1 x682; - fiat_p256_subborrowx_u32(&x681, &x682, x680, x663, UINT32_C(0xffffffff)); + fiat_p256_cmovznz_u32(&x681, x680, x663, x645); + uint32_t x682; + fiat_p256_cmovznz_u32(&x682, x680, x665, x647); uint32_t x683; - fiat_p256_uint1 x684; - fiat_p256_subborrowx_u32(&x683, &x684, x682, x665, UINT32_C(0xffffffff)); + fiat_p256_cmovznz_u32(&x683, x680, x667, x649); + uint32_t x684; + fiat_p256_cmovznz_u32(&x684, x680, x669, x651); uint32_t x685; - fiat_p256_uint1 x686; - fiat_p256_subborrowx_u32(&x685, &x686, x684, x667, 0x0); + fiat_p256_cmovznz_u32(&x685, x680, x671, x653); + uint32_t x686; + fiat_p256_cmovznz_u32(&x686, x680, x673, x655); uint32_t x687; - fiat_p256_uint1 x688; - fiat_p256_subborrowx_u32(&x687, &x688, x686, x669, 0x0); - uint32_t x689; - fiat_p256_uint1 x690; - fiat_p256_subborrowx_u32(&x689, &x690, x688, x671, 0x0); - uint32_t x691; - fiat_p256_uint1 x692; - fiat_p256_subborrowx_u32(&x691, &x692, x690, x673, 0x1); - uint32_t x693; - fiat_p256_uint1 x694; - fiat_p256_subborrowx_u32(&x693, &x694, x692, x675, UINT32_C(0xffffffff)); - uint32_t x695; - fiat_p256_uint1 x696; - fiat_p256_subborrowx_u32(&x695, &x696, x694, x677, 0x0); - uint32_t x697; - fiat_p256_cmovznz_u32(&x697, x696, x679, x661); - uint32_t x698; - fiat_p256_cmovznz_u32(&x698, x696, x681, x663); - uint32_t x699; - fiat_p256_cmovznz_u32(&x699, x696, x683, x665); - uint32_t x700; - fiat_p256_cmovznz_u32(&x700, x696, x685, x667); - uint32_t x701; - fiat_p256_cmovznz_u32(&x701, x696, x687, x669); - uint32_t x702; - fiat_p256_cmovznz_u32(&x702, x696, x689, x671); - uint32_t x703; - fiat_p256_cmovznz_u32(&x703, x696, x691, x673); - uint32_t x704; - fiat_p256_cmovznz_u32(&x704, x696, x693, x675); - out1[0] = x697; - out1[1] = x698; - out1[2] = x699; - out1[3] = x700; - out1[4] = x701; - out1[5] = x702; - out1[6] = x703; - out1[7] = x704; + fiat_p256_cmovznz_u32(&x687, x680, x675, x657); + uint32_t x688; + fiat_p256_cmovznz_u32(&x688, x680, x677, x659); + out1[0] = x681; + out1[1] = x682; + out1[2] = x683; + out1[3] = x684; + out1[4] = x685; + out1[5] = x686; + out1[6] = x687; + out1[7] = x688; } /* @@ -1241,88 +1217,88 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x53, &x54, x52, 0x0, x44); uint32_t x55; fiat_p256_uint1 x56; - fiat_p256_addcarryx_u32(&x55, &x56, x54, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x55, &x56, 0x0, x47, x23); uint32_t x57; fiat_p256_uint1 x58; - fiat_p256_addcarryx_u32(&x57, &x58, 0x0, x47, x23); + fiat_p256_addcarryx_u32(&x57, &x58, x56, x49, x25); uint32_t x59; fiat_p256_uint1 x60; - fiat_p256_addcarryx_u32(&x59, &x60, x58, x49, x25); + fiat_p256_addcarryx_u32(&x59, &x60, x58, x51, x27); uint32_t x61; fiat_p256_uint1 x62; - fiat_p256_addcarryx_u32(&x61, &x62, x60, x51, x27); + fiat_p256_addcarryx_u32(&x61, &x62, x60, x53, x29); uint32_t x63; fiat_p256_uint1 x64; - fiat_p256_addcarryx_u32(&x63, &x64, x62, x53, x29); + fiat_p256_addcarryx_u32(&x63, &x64, x62, 0x0, x31); uint32_t x65; fiat_p256_uint1 x66; - fiat_p256_addcarryx_u32(&x65, &x66, x64, (fiat_p256_uint1)x55, x31); + fiat_p256_addcarryx_u32(&x65, &x66, x64, 0x0, x33); uint32_t x67; fiat_p256_uint1 x68; - fiat_p256_addcarryx_u32(&x67, &x68, x66, 0x0, x33); + fiat_p256_addcarryx_u32(&x67, &x68, x66, x23, x35); uint32_t x69; fiat_p256_uint1 x70; - fiat_p256_addcarryx_u32(&x69, &x70, x68, x23, x35); + fiat_p256_addcarryx_u32(&x69, &x70, x68, x41, x37); uint32_t x71; fiat_p256_uint1 x72; - fiat_p256_addcarryx_u32(&x71, &x72, x70, x41, x37); + fiat_p256_addcarryx_u32(&x71, &x72, x70, x42, x39); uint32_t x73; fiat_p256_uint1 x74; - fiat_p256_addcarryx_u32(&x73, &x74, x72, x42, x39); + fiat_p256_addcarryx_u32(&x73, &x74, x72, 0x0, 0x0); uint32_t x75; - fiat_p256_uint1 x76; - fiat_p256_addcarryx_u32(&x75, &x76, x74, 0x0, 0x0); + uint32_t x76; + fiat_p256_mulx_u32(&x75, &x76, x1, (arg1[7])); uint32_t x77; uint32_t x78; - fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[7])); + fiat_p256_mulx_u32(&x77, &x78, x1, (arg1[6])); uint32_t x79; uint32_t x80; - fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[6])); + fiat_p256_mulx_u32(&x79, &x80, x1, (arg1[5])); uint32_t x81; uint32_t x82; - fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[5])); + fiat_p256_mulx_u32(&x81, &x82, x1, (arg1[4])); uint32_t x83; uint32_t x84; - fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[4])); + fiat_p256_mulx_u32(&x83, &x84, x1, (arg1[3])); uint32_t x85; uint32_t x86; - fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[3])); + fiat_p256_mulx_u32(&x85, &x86, x1, (arg1[2])); uint32_t x87; uint32_t x88; - fiat_p256_mulx_u32(&x87, &x88, x1, (arg1[2])); + fiat_p256_mulx_u32(&x87, &x88, x1, (arg1[1])); uint32_t x89; uint32_t x90; - fiat_p256_mulx_u32(&x89, &x90, x1, (arg1[1])); + fiat_p256_mulx_u32(&x89, &x90, x1, (arg1[0])); uint32_t x91; - uint32_t x92; - fiat_p256_mulx_u32(&x91, &x92, x1, (arg1[0])); + fiat_p256_uint1 x92; + fiat_p256_addcarryx_u32(&x91, &x92, 0x0, x87, x90); uint32_t x93; fiat_p256_uint1 x94; - fiat_p256_addcarryx_u32(&x93, &x94, 0x0, x89, x92); + fiat_p256_addcarryx_u32(&x93, &x94, x92, x85, x88); uint32_t x95; fiat_p256_uint1 x96; - fiat_p256_addcarryx_u32(&x95, &x96, x94, x87, x90); + fiat_p256_addcarryx_u32(&x95, &x96, x94, x83, x86); uint32_t x97; fiat_p256_uint1 x98; - fiat_p256_addcarryx_u32(&x97, &x98, x96, x85, x88); + fiat_p256_addcarryx_u32(&x97, &x98, x96, x81, x84); uint32_t x99; fiat_p256_uint1 x100; - fiat_p256_addcarryx_u32(&x99, &x100, x98, x83, x86); + fiat_p256_addcarryx_u32(&x99, &x100, x98, x79, x82); uint32_t x101; fiat_p256_uint1 x102; - fiat_p256_addcarryx_u32(&x101, &x102, x100, x81, x84); + fiat_p256_addcarryx_u32(&x101, &x102, x100, x77, x80); uint32_t x103; fiat_p256_uint1 x104; - fiat_p256_addcarryx_u32(&x103, &x104, x102, x79, x82); + fiat_p256_addcarryx_u32(&x103, &x104, x102, x75, x78); uint32_t x105; fiat_p256_uint1 x106; - fiat_p256_addcarryx_u32(&x105, &x106, x104, x77, x80); + fiat_p256_addcarryx_u32(&x105, &x106, x104, 0x0, x76); uint32_t x107; fiat_p256_uint1 x108; - fiat_p256_addcarryx_u32(&x107, &x108, x106, 0x0, x78); + fiat_p256_addcarryx_u32(&x107, &x108, 0x0, x89, x57); uint32_t x109; fiat_p256_uint1 x110; - fiat_p256_addcarryx_u32(&x109, &x110, 0x0, x91, x59); + fiat_p256_addcarryx_u32(&x109, &x110, x108, x91, x59); uint32_t x111; fiat_p256_uint1 x112; fiat_p256_addcarryx_u32(&x111, &x112, x110, x93, x61); @@ -1343,115 +1319,115 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_addcarryx_u32(&x121, &x122, x120, x103, x71); uint32_t x123; fiat_p256_uint1 x124; - fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, x73); + fiat_p256_addcarryx_u32(&x123, &x124, x122, x105, (fiat_p256_uint1)x73); uint32_t x125; - fiat_p256_uint1 x126; - fiat_p256_addcarryx_u32(&x125, &x126, x124, x107, (fiat_p256_uint1)x75); + uint32_t x126; + fiat_p256_mulx_u32(&x125, &x126, x107, UINT32_C(0xffffffff)); uint32_t x127; uint32_t x128; - fiat_p256_mulx_u32(&x127, &x128, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x127, &x128, x107, UINT32_C(0xffffffff)); uint32_t x129; uint32_t x130; - fiat_p256_mulx_u32(&x129, &x130, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x129, &x130, x107, UINT32_C(0xffffffff)); uint32_t x131; uint32_t x132; - fiat_p256_mulx_u32(&x131, &x132, x109, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x131, &x132, x107, UINT32_C(0xffffffff)); uint32_t x133; - uint32_t x134; - fiat_p256_mulx_u32(&x133, &x134, x109, UINT32_C(0xffffffff)); + fiat_p256_uint1 x134; + fiat_p256_addcarryx_u32(&x133, &x134, 0x0, x129, x132); uint32_t x135; fiat_p256_uint1 x136; - fiat_p256_addcarryx_u32(&x135, &x136, 0x0, x131, x134); + fiat_p256_addcarryx_u32(&x135, &x136, x134, x127, x130); uint32_t x137; fiat_p256_uint1 x138; - fiat_p256_addcarryx_u32(&x137, &x138, x136, x129, x132); + fiat_p256_addcarryx_u32(&x137, &x138, x136, 0x0, x128); uint32_t x139; fiat_p256_uint1 x140; - fiat_p256_addcarryx_u32(&x139, &x140, x138, 0x0, x130); + fiat_p256_addcarryx_u32(&x139, &x140, 0x0, x131, x107); uint32_t x141; fiat_p256_uint1 x142; - fiat_p256_addcarryx_u32(&x141, &x142, x140, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x141, &x142, x140, x133, x109); uint32_t x143; fiat_p256_uint1 x144; - fiat_p256_addcarryx_u32(&x143, &x144, 0x0, x133, x109); + fiat_p256_addcarryx_u32(&x143, &x144, x142, x135, x111); uint32_t x145; fiat_p256_uint1 x146; - fiat_p256_addcarryx_u32(&x145, &x146, x144, x135, x111); + fiat_p256_addcarryx_u32(&x145, &x146, x144, x137, x113); uint32_t x147; fiat_p256_uint1 x148; - fiat_p256_addcarryx_u32(&x147, &x148, x146, x137, x113); + fiat_p256_addcarryx_u32(&x147, &x148, x146, 0x0, x115); uint32_t x149; fiat_p256_uint1 x150; - fiat_p256_addcarryx_u32(&x149, &x150, x148, x139, x115); + fiat_p256_addcarryx_u32(&x149, &x150, x148, 0x0, x117); uint32_t x151; fiat_p256_uint1 x152; - fiat_p256_addcarryx_u32(&x151, &x152, x150, (fiat_p256_uint1)x141, x117); + fiat_p256_addcarryx_u32(&x151, &x152, x150, x107, x119); uint32_t x153; fiat_p256_uint1 x154; - fiat_p256_addcarryx_u32(&x153, &x154, x152, 0x0, x119); + fiat_p256_addcarryx_u32(&x153, &x154, x152, x125, x121); uint32_t x155; fiat_p256_uint1 x156; - fiat_p256_addcarryx_u32(&x155, &x156, x154, x109, x121); + fiat_p256_addcarryx_u32(&x155, &x156, x154, x126, x123); uint32_t x157; fiat_p256_uint1 x158; - fiat_p256_addcarryx_u32(&x157, &x158, x156, x127, x123); + fiat_p256_addcarryx_u32(&x157, &x158, x156, 0x0, x124); uint32_t x159; - fiat_p256_uint1 x160; - fiat_p256_addcarryx_u32(&x159, &x160, x158, x128, x125); + uint32_t x160; + fiat_p256_mulx_u32(&x159, &x160, x2, (arg1[7])); uint32_t x161; - fiat_p256_uint1 x162; - fiat_p256_addcarryx_u32(&x161, &x162, x160, 0x0, x126); + uint32_t x162; + fiat_p256_mulx_u32(&x161, &x162, x2, (arg1[6])); uint32_t x163; uint32_t x164; - fiat_p256_mulx_u32(&x163, &x164, x2, (arg1[7])); + fiat_p256_mulx_u32(&x163, &x164, x2, (arg1[5])); uint32_t x165; uint32_t x166; - fiat_p256_mulx_u32(&x165, &x166, x2, (arg1[6])); + fiat_p256_mulx_u32(&x165, &x166, x2, (arg1[4])); uint32_t x167; uint32_t x168; - fiat_p256_mulx_u32(&x167, &x168, x2, (arg1[5])); + fiat_p256_mulx_u32(&x167, &x168, x2, (arg1[3])); uint32_t x169; uint32_t x170; - fiat_p256_mulx_u32(&x169, &x170, x2, (arg1[4])); + fiat_p256_mulx_u32(&x169, &x170, x2, (arg1[2])); uint32_t x171; uint32_t x172; - fiat_p256_mulx_u32(&x171, &x172, x2, (arg1[3])); + fiat_p256_mulx_u32(&x171, &x172, x2, (arg1[1])); uint32_t x173; uint32_t x174; - fiat_p256_mulx_u32(&x173, &x174, x2, (arg1[2])); + fiat_p256_mulx_u32(&x173, &x174, x2, (arg1[0])); uint32_t x175; - uint32_t x176; - fiat_p256_mulx_u32(&x175, &x176, x2, (arg1[1])); + fiat_p256_uint1 x176; + fiat_p256_addcarryx_u32(&x175, &x176, 0x0, x171, x174); uint32_t x177; - uint32_t x178; - fiat_p256_mulx_u32(&x177, &x178, x2, (arg1[0])); + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u32(&x177, &x178, x176, x169, x172); uint32_t x179; fiat_p256_uint1 x180; - fiat_p256_addcarryx_u32(&x179, &x180, 0x0, x175, x178); + fiat_p256_addcarryx_u32(&x179, &x180, x178, x167, x170); uint32_t x181; fiat_p256_uint1 x182; - fiat_p256_addcarryx_u32(&x181, &x182, x180, x173, x176); + fiat_p256_addcarryx_u32(&x181, &x182, x180, x165, x168); uint32_t x183; fiat_p256_uint1 x184; - fiat_p256_addcarryx_u32(&x183, &x184, x182, x171, x174); + fiat_p256_addcarryx_u32(&x183, &x184, x182, x163, x166); uint32_t x185; fiat_p256_uint1 x186; - fiat_p256_addcarryx_u32(&x185, &x186, x184, x169, x172); + fiat_p256_addcarryx_u32(&x185, &x186, x184, x161, x164); uint32_t x187; fiat_p256_uint1 x188; - fiat_p256_addcarryx_u32(&x187, &x188, x186, x167, x170); + fiat_p256_addcarryx_u32(&x187, &x188, x186, x159, x162); uint32_t x189; fiat_p256_uint1 x190; - fiat_p256_addcarryx_u32(&x189, &x190, x188, x165, x168); + fiat_p256_addcarryx_u32(&x189, &x190, x188, 0x0, x160); uint32_t x191; fiat_p256_uint1 x192; - fiat_p256_addcarryx_u32(&x191, &x192, x190, x163, x166); + fiat_p256_addcarryx_u32(&x191, &x192, 0x0, x173, x141); uint32_t x193; fiat_p256_uint1 x194; - fiat_p256_addcarryx_u32(&x193, &x194, x192, 0x0, x164); + fiat_p256_addcarryx_u32(&x193, &x194, x192, x175, x143); uint32_t x195; fiat_p256_uint1 x196; - fiat_p256_addcarryx_u32(&x195, &x196, 0x0, x177, x145); + fiat_p256_addcarryx_u32(&x195, &x196, x194, x177, x145); uint32_t x197; fiat_p256_uint1 x198; fiat_p256_addcarryx_u32(&x197, &x198, x196, x179, x147); @@ -1471,116 +1447,116 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x208; fiat_p256_addcarryx_u32(&x207, &x208, x206, x189, x157); uint32_t x209; - fiat_p256_uint1 x210; - fiat_p256_addcarryx_u32(&x209, &x210, x208, x191, x159); + uint32_t x210; + fiat_p256_mulx_u32(&x209, &x210, x191, UINT32_C(0xffffffff)); uint32_t x211; - fiat_p256_uint1 x212; - fiat_p256_addcarryx_u32(&x211, &x212, x210, x193, x161); + uint32_t x212; + fiat_p256_mulx_u32(&x211, &x212, x191, UINT32_C(0xffffffff)); uint32_t x213; uint32_t x214; - fiat_p256_mulx_u32(&x213, &x214, x195, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x213, &x214, x191, UINT32_C(0xffffffff)); uint32_t x215; uint32_t x216; - fiat_p256_mulx_u32(&x215, &x216, x195, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x215, &x216, x191, UINT32_C(0xffffffff)); uint32_t x217; - uint32_t x218; - fiat_p256_mulx_u32(&x217, &x218, x195, UINT32_C(0xffffffff)); + fiat_p256_uint1 x218; + fiat_p256_addcarryx_u32(&x217, &x218, 0x0, x213, x216); uint32_t x219; - uint32_t x220; - fiat_p256_mulx_u32(&x219, &x220, x195, UINT32_C(0xffffffff)); + fiat_p256_uint1 x220; + fiat_p256_addcarryx_u32(&x219, &x220, x218, x211, x214); uint32_t x221; fiat_p256_uint1 x222; - fiat_p256_addcarryx_u32(&x221, &x222, 0x0, x217, x220); + fiat_p256_addcarryx_u32(&x221, &x222, x220, 0x0, x212); uint32_t x223; fiat_p256_uint1 x224; - fiat_p256_addcarryx_u32(&x223, &x224, x222, x215, x218); + fiat_p256_addcarryx_u32(&x223, &x224, 0x0, x215, x191); uint32_t x225; fiat_p256_uint1 x226; - fiat_p256_addcarryx_u32(&x225, &x226, x224, 0x0, x216); + fiat_p256_addcarryx_u32(&x225, &x226, x224, x217, x193); uint32_t x227; fiat_p256_uint1 x228; - fiat_p256_addcarryx_u32(&x227, &x228, x226, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x227, &x228, x226, x219, x195); uint32_t x229; fiat_p256_uint1 x230; - fiat_p256_addcarryx_u32(&x229, &x230, 0x0, x219, x195); + fiat_p256_addcarryx_u32(&x229, &x230, x228, x221, x197); uint32_t x231; fiat_p256_uint1 x232; - fiat_p256_addcarryx_u32(&x231, &x232, x230, x221, x197); + fiat_p256_addcarryx_u32(&x231, &x232, x230, 0x0, x199); uint32_t x233; fiat_p256_uint1 x234; - fiat_p256_addcarryx_u32(&x233, &x234, x232, x223, x199); + fiat_p256_addcarryx_u32(&x233, &x234, x232, 0x0, x201); uint32_t x235; fiat_p256_uint1 x236; - fiat_p256_addcarryx_u32(&x235, &x236, x234, x225, x201); + fiat_p256_addcarryx_u32(&x235, &x236, x234, x191, x203); uint32_t x237; fiat_p256_uint1 x238; - fiat_p256_addcarryx_u32(&x237, &x238, x236, (fiat_p256_uint1)x227, x203); + fiat_p256_addcarryx_u32(&x237, &x238, x236, x209, x205); uint32_t x239; fiat_p256_uint1 x240; - fiat_p256_addcarryx_u32(&x239, &x240, x238, 0x0, x205); + fiat_p256_addcarryx_u32(&x239, &x240, x238, x210, x207); uint32_t x241; fiat_p256_uint1 x242; - fiat_p256_addcarryx_u32(&x241, &x242, x240, x195, x207); + fiat_p256_addcarryx_u32(&x241, &x242, x240, 0x0, x208); uint32_t x243; - fiat_p256_uint1 x244; - fiat_p256_addcarryx_u32(&x243, &x244, x242, x213, x209); + uint32_t x244; + fiat_p256_mulx_u32(&x243, &x244, x3, (arg1[7])); uint32_t x245; - fiat_p256_uint1 x246; - fiat_p256_addcarryx_u32(&x245, &x246, x244, x214, x211); + uint32_t x246; + fiat_p256_mulx_u32(&x245, &x246, x3, (arg1[6])); uint32_t x247; - fiat_p256_uint1 x248; - fiat_p256_addcarryx_u32(&x247, &x248, x246, 0x0, x212); + uint32_t x248; + fiat_p256_mulx_u32(&x247, &x248, x3, (arg1[5])); uint32_t x249; uint32_t x250; - fiat_p256_mulx_u32(&x249, &x250, x3, (arg1[7])); + fiat_p256_mulx_u32(&x249, &x250, x3, (arg1[4])); uint32_t x251; uint32_t x252; - fiat_p256_mulx_u32(&x251, &x252, x3, (arg1[6])); + fiat_p256_mulx_u32(&x251, &x252, x3, (arg1[3])); uint32_t x253; uint32_t x254; - fiat_p256_mulx_u32(&x253, &x254, x3, (arg1[5])); + fiat_p256_mulx_u32(&x253, &x254, x3, (arg1[2])); uint32_t x255; uint32_t x256; - fiat_p256_mulx_u32(&x255, &x256, x3, (arg1[4])); + fiat_p256_mulx_u32(&x255, &x256, x3, (arg1[1])); uint32_t x257; uint32_t x258; - fiat_p256_mulx_u32(&x257, &x258, x3, (arg1[3])); + fiat_p256_mulx_u32(&x257, &x258, x3, (arg1[0])); uint32_t x259; - uint32_t x260; - fiat_p256_mulx_u32(&x259, &x260, x3, (arg1[2])); + fiat_p256_uint1 x260; + fiat_p256_addcarryx_u32(&x259, &x260, 0x0, x255, x258); uint32_t x261; - uint32_t x262; - fiat_p256_mulx_u32(&x261, &x262, x3, (arg1[1])); + fiat_p256_uint1 x262; + fiat_p256_addcarryx_u32(&x261, &x262, x260, x253, x256); uint32_t x263; - uint32_t x264; - fiat_p256_mulx_u32(&x263, &x264, x3, (arg1[0])); + fiat_p256_uint1 x264; + fiat_p256_addcarryx_u32(&x263, &x264, x262, x251, x254); uint32_t x265; fiat_p256_uint1 x266; - fiat_p256_addcarryx_u32(&x265, &x266, 0x0, x261, x264); + fiat_p256_addcarryx_u32(&x265, &x266, x264, x249, x252); uint32_t x267; fiat_p256_uint1 x268; - fiat_p256_addcarryx_u32(&x267, &x268, x266, x259, x262); + fiat_p256_addcarryx_u32(&x267, &x268, x266, x247, x250); uint32_t x269; fiat_p256_uint1 x270; - fiat_p256_addcarryx_u32(&x269, &x270, x268, x257, x260); + fiat_p256_addcarryx_u32(&x269, &x270, x268, x245, x248); uint32_t x271; fiat_p256_uint1 x272; - fiat_p256_addcarryx_u32(&x271, &x272, x270, x255, x258); + fiat_p256_addcarryx_u32(&x271, &x272, x270, x243, x246); uint32_t x273; fiat_p256_uint1 x274; - fiat_p256_addcarryx_u32(&x273, &x274, x272, x253, x256); + fiat_p256_addcarryx_u32(&x273, &x274, x272, 0x0, x244); uint32_t x275; fiat_p256_uint1 x276; - fiat_p256_addcarryx_u32(&x275, &x276, x274, x251, x254); + fiat_p256_addcarryx_u32(&x275, &x276, 0x0, x257, x225); uint32_t x277; fiat_p256_uint1 x278; - fiat_p256_addcarryx_u32(&x277, &x278, x276, x249, x252); + fiat_p256_addcarryx_u32(&x277, &x278, x276, x259, x227); uint32_t x279; fiat_p256_uint1 x280; - fiat_p256_addcarryx_u32(&x279, &x280, x278, 0x0, x250); + fiat_p256_addcarryx_u32(&x279, &x280, x278, x261, x229); uint32_t x281; fiat_p256_uint1 x282; - fiat_p256_addcarryx_u32(&x281, &x282, 0x0, x263, x231); + fiat_p256_addcarryx_u32(&x281, &x282, x280, x263, x231); uint32_t x283; fiat_p256_uint1 x284; fiat_p256_addcarryx_u32(&x283, &x284, x282, x265, x233); @@ -1597,119 +1573,119 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x292; fiat_p256_addcarryx_u32(&x291, &x292, x290, x273, x241); uint32_t x293; - fiat_p256_uint1 x294; - fiat_p256_addcarryx_u32(&x293, &x294, x292, x275, x243); + uint32_t x294; + fiat_p256_mulx_u32(&x293, &x294, x275, UINT32_C(0xffffffff)); uint32_t x295; - fiat_p256_uint1 x296; - fiat_p256_addcarryx_u32(&x295, &x296, x294, x277, x245); + uint32_t x296; + fiat_p256_mulx_u32(&x295, &x296, x275, UINT32_C(0xffffffff)); uint32_t x297; - fiat_p256_uint1 x298; - fiat_p256_addcarryx_u32(&x297, &x298, x296, x279, x247); + uint32_t x298; + fiat_p256_mulx_u32(&x297, &x298, x275, UINT32_C(0xffffffff)); uint32_t x299; uint32_t x300; - fiat_p256_mulx_u32(&x299, &x300, x281, UINT32_C(0xffffffff)); + fiat_p256_mulx_u32(&x299, &x300, x275, UINT32_C(0xffffffff)); uint32_t x301; - uint32_t x302; - fiat_p256_mulx_u32(&x301, &x302, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x302; + fiat_p256_addcarryx_u32(&x301, &x302, 0x0, x297, x300); uint32_t x303; - uint32_t x304; - fiat_p256_mulx_u32(&x303, &x304, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x304; + fiat_p256_addcarryx_u32(&x303, &x304, x302, x295, x298); uint32_t x305; - uint32_t x306; - fiat_p256_mulx_u32(&x305, &x306, x281, UINT32_C(0xffffffff)); + fiat_p256_uint1 x306; + fiat_p256_addcarryx_u32(&x305, &x306, x304, 0x0, x296); uint32_t x307; fiat_p256_uint1 x308; - fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x303, x306); + fiat_p256_addcarryx_u32(&x307, &x308, 0x0, x299, x275); uint32_t x309; fiat_p256_uint1 x310; - fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x304); + fiat_p256_addcarryx_u32(&x309, &x310, x308, x301, x277); uint32_t x311; fiat_p256_uint1 x312; - fiat_p256_addcarryx_u32(&x311, &x312, x310, 0x0, x302); + fiat_p256_addcarryx_u32(&x311, &x312, x310, x303, x279); uint32_t x313; fiat_p256_uint1 x314; - fiat_p256_addcarryx_u32(&x313, &x314, x312, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x313, &x314, x312, x305, x281); uint32_t x315; fiat_p256_uint1 x316; - fiat_p256_addcarryx_u32(&x315, &x316, 0x0, x305, x281); + fiat_p256_addcarryx_u32(&x315, &x316, x314, 0x0, x283); uint32_t x317; fiat_p256_uint1 x318; - fiat_p256_addcarryx_u32(&x317, &x318, x316, x307, x283); + fiat_p256_addcarryx_u32(&x317, &x318, x316, 0x0, x285); uint32_t x319; fiat_p256_uint1 x320; - fiat_p256_addcarryx_u32(&x319, &x320, x318, x309, x285); + fiat_p256_addcarryx_u32(&x319, &x320, x318, x275, x287); uint32_t x321; fiat_p256_uint1 x322; - fiat_p256_addcarryx_u32(&x321, &x322, x320, x311, x287); + fiat_p256_addcarryx_u32(&x321, &x322, x320, x293, x289); uint32_t x323; fiat_p256_uint1 x324; - fiat_p256_addcarryx_u32(&x323, &x324, x322, (fiat_p256_uint1)x313, x289); + fiat_p256_addcarryx_u32(&x323, &x324, x322, x294, x291); uint32_t x325; fiat_p256_uint1 x326; - fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x291); + fiat_p256_addcarryx_u32(&x325, &x326, x324, 0x0, x292); uint32_t x327; - fiat_p256_uint1 x328; - fiat_p256_addcarryx_u32(&x327, &x328, x326, x281, x293); + uint32_t x328; + fiat_p256_mulx_u32(&x327, &x328, x4, (arg1[7])); uint32_t x329; - fiat_p256_uint1 x330; - fiat_p256_addcarryx_u32(&x329, &x330, x328, x299, x295); + uint32_t x330; + fiat_p256_mulx_u32(&x329, &x330, x4, (arg1[6])); uint32_t x331; - fiat_p256_uint1 x332; - fiat_p256_addcarryx_u32(&x331, &x332, x330, x300, x297); + uint32_t x332; + fiat_p256_mulx_u32(&x331, &x332, x4, (arg1[5])); uint32_t x333; - fiat_p256_uint1 x334; - fiat_p256_addcarryx_u32(&x333, &x334, x332, 0x0, x298); + uint32_t x334; + fiat_p256_mulx_u32(&x333, &x334, x4, (arg1[4])); uint32_t x335; uint32_t x336; - fiat_p256_mulx_u32(&x335, &x336, x4, (arg1[7])); + fiat_p256_mulx_u32(&x335, &x336, x4, (arg1[3])); uint32_t x337; uint32_t x338; - fiat_p256_mulx_u32(&x337, &x338, x4, (arg1[6])); + fiat_p256_mulx_u32(&x337, &x338, x4, (arg1[2])); uint32_t x339; uint32_t x340; - fiat_p256_mulx_u32(&x339, &x340, x4, (arg1[5])); + fiat_p256_mulx_u32(&x339, &x340, x4, (arg1[1])); uint32_t x341; uint32_t x342; - fiat_p256_mulx_u32(&x341, &x342, x4, (arg1[4])); + fiat_p256_mulx_u32(&x341, &x342, x4, (arg1[0])); uint32_t x343; - uint32_t x344; - fiat_p256_mulx_u32(&x343, &x344, x4, (arg1[3])); + fiat_p256_uint1 x344; + fiat_p256_addcarryx_u32(&x343, &x344, 0x0, x339, x342); uint32_t x345; - uint32_t x346; - fiat_p256_mulx_u32(&x345, &x346, x4, (arg1[2])); + fiat_p256_uint1 x346; + fiat_p256_addcarryx_u32(&x345, &x346, x344, x337, x340); uint32_t x347; - uint32_t x348; - fiat_p256_mulx_u32(&x347, &x348, x4, (arg1[1])); + fiat_p256_uint1 x348; + fiat_p256_addcarryx_u32(&x347, &x348, x346, x335, x338); uint32_t x349; - uint32_t x350; - fiat_p256_mulx_u32(&x349, &x350, x4, (arg1[0])); + fiat_p256_uint1 x350; + fiat_p256_addcarryx_u32(&x349, &x350, x348, x333, x336); uint32_t x351; fiat_p256_uint1 x352; - fiat_p256_addcarryx_u32(&x351, &x352, 0x0, x347, x350); + fiat_p256_addcarryx_u32(&x351, &x352, x350, x331, x334); uint32_t x353; fiat_p256_uint1 x354; - fiat_p256_addcarryx_u32(&x353, &x354, x352, x345, x348); + fiat_p256_addcarryx_u32(&x353, &x354, x352, x329, x332); uint32_t x355; fiat_p256_uint1 x356; - fiat_p256_addcarryx_u32(&x355, &x356, x354, x343, x346); + fiat_p256_addcarryx_u32(&x355, &x356, x354, x327, x330); uint32_t x357; fiat_p256_uint1 x358; - fiat_p256_addcarryx_u32(&x357, &x358, x356, x341, x344); + fiat_p256_addcarryx_u32(&x357, &x358, x356, 0x0, x328); uint32_t x359; fiat_p256_uint1 x360; - fiat_p256_addcarryx_u32(&x359, &x360, x358, x339, x342); + fiat_p256_addcarryx_u32(&x359, &x360, 0x0, x341, x309); uint32_t x361; fiat_p256_uint1 x362; - fiat_p256_addcarryx_u32(&x361, &x362, x360, x337, x340); + fiat_p256_addcarryx_u32(&x361, &x362, x360, x343, x311); uint32_t x363; fiat_p256_uint1 x364; - fiat_p256_addcarryx_u32(&x363, &x364, x362, x335, x338); + fiat_p256_addcarryx_u32(&x363, &x364, x362, x345, x313); uint32_t x365; fiat_p256_uint1 x366; - fiat_p256_addcarryx_u32(&x365, &x366, x364, 0x0, x336); + fiat_p256_addcarryx_u32(&x365, &x366, x364, x347, x315); uint32_t x367; fiat_p256_uint1 x368; - fiat_p256_addcarryx_u32(&x367, &x368, 0x0, x349, x317); + fiat_p256_addcarryx_u32(&x367, &x368, x366, x349, x317); uint32_t x369; fiat_p256_uint1 x370; fiat_p256_addcarryx_u32(&x369, &x370, x368, x351, x319); @@ -1723,122 +1699,122 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x376; fiat_p256_addcarryx_u32(&x375, &x376, x374, x357, x325); uint32_t x377; - fiat_p256_uint1 x378; - fiat_p256_addcarryx_u32(&x377, &x378, x376, x359, x327); + uint32_t x378; + fiat_p256_mulx_u32(&x377, &x378, x359, UINT32_C(0xffffffff)); uint32_t x379; - fiat_p256_uint1 x380; - fiat_p256_addcarryx_u32(&x379, &x380, x378, x361, x329); + uint32_t x380; + fiat_p256_mulx_u32(&x379, &x380, x359, UINT32_C(0xffffffff)); uint32_t x381; - fiat_p256_uint1 x382; - fiat_p256_addcarryx_u32(&x381, &x382, x380, x363, x331); + uint32_t x382; + fiat_p256_mulx_u32(&x381, &x382, x359, UINT32_C(0xffffffff)); uint32_t x383; - fiat_p256_uint1 x384; - fiat_p256_addcarryx_u32(&x383, &x384, x382, x365, x333); + uint32_t x384; + fiat_p256_mulx_u32(&x383, &x384, x359, UINT32_C(0xffffffff)); uint32_t x385; - uint32_t x386; - fiat_p256_mulx_u32(&x385, &x386, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x386; + fiat_p256_addcarryx_u32(&x385, &x386, 0x0, x381, x384); uint32_t x387; - uint32_t x388; - fiat_p256_mulx_u32(&x387, &x388, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x388; + fiat_p256_addcarryx_u32(&x387, &x388, x386, x379, x382); uint32_t x389; - uint32_t x390; - fiat_p256_mulx_u32(&x389, &x390, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x390; + fiat_p256_addcarryx_u32(&x389, &x390, x388, 0x0, x380); uint32_t x391; - uint32_t x392; - fiat_p256_mulx_u32(&x391, &x392, x367, UINT32_C(0xffffffff)); + fiat_p256_uint1 x392; + fiat_p256_addcarryx_u32(&x391, &x392, 0x0, x383, x359); uint32_t x393; fiat_p256_uint1 x394; - fiat_p256_addcarryx_u32(&x393, &x394, 0x0, x389, x392); + fiat_p256_addcarryx_u32(&x393, &x394, x392, x385, x361); uint32_t x395; fiat_p256_uint1 x396; - fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x390); + fiat_p256_addcarryx_u32(&x395, &x396, x394, x387, x363); uint32_t x397; fiat_p256_uint1 x398; - fiat_p256_addcarryx_u32(&x397, &x398, x396, 0x0, x388); + fiat_p256_addcarryx_u32(&x397, &x398, x396, x389, x365); uint32_t x399; fiat_p256_uint1 x400; - fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x399, &x400, x398, 0x0, x367); uint32_t x401; fiat_p256_uint1 x402; - fiat_p256_addcarryx_u32(&x401, &x402, 0x0, x391, x367); + fiat_p256_addcarryx_u32(&x401, &x402, x400, 0x0, x369); uint32_t x403; fiat_p256_uint1 x404; - fiat_p256_addcarryx_u32(&x403, &x404, x402, x393, x369); + fiat_p256_addcarryx_u32(&x403, &x404, x402, x359, x371); uint32_t x405; fiat_p256_uint1 x406; - fiat_p256_addcarryx_u32(&x405, &x406, x404, x395, x371); + fiat_p256_addcarryx_u32(&x405, &x406, x404, x377, x373); uint32_t x407; fiat_p256_uint1 x408; - fiat_p256_addcarryx_u32(&x407, &x408, x406, x397, x373); + fiat_p256_addcarryx_u32(&x407, &x408, x406, x378, x375); uint32_t x409; fiat_p256_uint1 x410; - fiat_p256_addcarryx_u32(&x409, &x410, x408, (fiat_p256_uint1)x399, x375); + fiat_p256_addcarryx_u32(&x409, &x410, x408, 0x0, x376); uint32_t x411; - fiat_p256_uint1 x412; - fiat_p256_addcarryx_u32(&x411, &x412, x410, 0x0, x377); + uint32_t x412; + fiat_p256_mulx_u32(&x411, &x412, x5, (arg1[7])); uint32_t x413; - fiat_p256_uint1 x414; - fiat_p256_addcarryx_u32(&x413, &x414, x412, x367, x379); + uint32_t x414; + fiat_p256_mulx_u32(&x413, &x414, x5, (arg1[6])); uint32_t x415; - fiat_p256_uint1 x416; - fiat_p256_addcarryx_u32(&x415, &x416, x414, x385, x381); + uint32_t x416; + fiat_p256_mulx_u32(&x415, &x416, x5, (arg1[5])); uint32_t x417; - fiat_p256_uint1 x418; - fiat_p256_addcarryx_u32(&x417, &x418, x416, x386, x383); + uint32_t x418; + fiat_p256_mulx_u32(&x417, &x418, x5, (arg1[4])); uint32_t x419; - fiat_p256_uint1 x420; - fiat_p256_addcarryx_u32(&x419, &x420, x418, 0x0, x384); + uint32_t x420; + fiat_p256_mulx_u32(&x419, &x420, x5, (arg1[3])); uint32_t x421; uint32_t x422; - fiat_p256_mulx_u32(&x421, &x422, x5, (arg1[7])); + fiat_p256_mulx_u32(&x421, &x422, x5, (arg1[2])); uint32_t x423; uint32_t x424; - fiat_p256_mulx_u32(&x423, &x424, x5, (arg1[6])); + fiat_p256_mulx_u32(&x423, &x424, x5, (arg1[1])); uint32_t x425; uint32_t x426; - fiat_p256_mulx_u32(&x425, &x426, x5, (arg1[5])); + fiat_p256_mulx_u32(&x425, &x426, x5, (arg1[0])); uint32_t x427; - uint32_t x428; - fiat_p256_mulx_u32(&x427, &x428, x5, (arg1[4])); + fiat_p256_uint1 x428; + fiat_p256_addcarryx_u32(&x427, &x428, 0x0, x423, x426); uint32_t x429; - uint32_t x430; - fiat_p256_mulx_u32(&x429, &x430, x5, (arg1[3])); + fiat_p256_uint1 x430; + fiat_p256_addcarryx_u32(&x429, &x430, x428, x421, x424); uint32_t x431; - uint32_t x432; - fiat_p256_mulx_u32(&x431, &x432, x5, (arg1[2])); + fiat_p256_uint1 x432; + fiat_p256_addcarryx_u32(&x431, &x432, x430, x419, x422); uint32_t x433; - uint32_t x434; - fiat_p256_mulx_u32(&x433, &x434, x5, (arg1[1])); + fiat_p256_uint1 x434; + fiat_p256_addcarryx_u32(&x433, &x434, x432, x417, x420); uint32_t x435; - uint32_t x436; - fiat_p256_mulx_u32(&x435, &x436, x5, (arg1[0])); + fiat_p256_uint1 x436; + fiat_p256_addcarryx_u32(&x435, &x436, x434, x415, x418); uint32_t x437; fiat_p256_uint1 x438; - fiat_p256_addcarryx_u32(&x437, &x438, 0x0, x433, x436); + fiat_p256_addcarryx_u32(&x437, &x438, x436, x413, x416); uint32_t x439; fiat_p256_uint1 x440; - fiat_p256_addcarryx_u32(&x439, &x440, x438, x431, x434); + fiat_p256_addcarryx_u32(&x439, &x440, x438, x411, x414); uint32_t x441; fiat_p256_uint1 x442; - fiat_p256_addcarryx_u32(&x441, &x442, x440, x429, x432); + fiat_p256_addcarryx_u32(&x441, &x442, x440, 0x0, x412); uint32_t x443; fiat_p256_uint1 x444; - fiat_p256_addcarryx_u32(&x443, &x444, x442, x427, x430); + fiat_p256_addcarryx_u32(&x443, &x444, 0x0, x425, x393); uint32_t x445; fiat_p256_uint1 x446; - fiat_p256_addcarryx_u32(&x445, &x446, x444, x425, x428); + fiat_p256_addcarryx_u32(&x445, &x446, x444, x427, x395); uint32_t x447; fiat_p256_uint1 x448; - fiat_p256_addcarryx_u32(&x447, &x448, x446, x423, x426); + fiat_p256_addcarryx_u32(&x447, &x448, x446, x429, x397); uint32_t x449; fiat_p256_uint1 x450; - fiat_p256_addcarryx_u32(&x449, &x450, x448, x421, x424); + fiat_p256_addcarryx_u32(&x449, &x450, x448, x431, x399); uint32_t x451; fiat_p256_uint1 x452; - fiat_p256_addcarryx_u32(&x451, &x452, x450, 0x0, x422); + fiat_p256_addcarryx_u32(&x451, &x452, x450, x433, x401); uint32_t x453; fiat_p256_uint1 x454; - fiat_p256_addcarryx_u32(&x453, &x454, 0x0, x435, x403); + fiat_p256_addcarryx_u32(&x453, &x454, x452, x435, x403); uint32_t x455; fiat_p256_uint1 x456; fiat_p256_addcarryx_u32(&x455, &x456, x454, x437, x405); @@ -1849,125 +1825,125 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x460; fiat_p256_addcarryx_u32(&x459, &x460, x458, x441, x409); uint32_t x461; - fiat_p256_uint1 x462; - fiat_p256_addcarryx_u32(&x461, &x462, x460, x443, x411); + uint32_t x462; + fiat_p256_mulx_u32(&x461, &x462, x443, UINT32_C(0xffffffff)); uint32_t x463; - fiat_p256_uint1 x464; - fiat_p256_addcarryx_u32(&x463, &x464, x462, x445, x413); + uint32_t x464; + fiat_p256_mulx_u32(&x463, &x464, x443, UINT32_C(0xffffffff)); uint32_t x465; - fiat_p256_uint1 x466; - fiat_p256_addcarryx_u32(&x465, &x466, x464, x447, x415); + uint32_t x466; + fiat_p256_mulx_u32(&x465, &x466, x443, UINT32_C(0xffffffff)); uint32_t x467; - fiat_p256_uint1 x468; - fiat_p256_addcarryx_u32(&x467, &x468, x466, x449, x417); + uint32_t x468; + fiat_p256_mulx_u32(&x467, &x468, x443, UINT32_C(0xffffffff)); uint32_t x469; fiat_p256_uint1 x470; - fiat_p256_addcarryx_u32(&x469, &x470, x468, x451, x419); + fiat_p256_addcarryx_u32(&x469, &x470, 0x0, x465, x468); uint32_t x471; - uint32_t x472; - fiat_p256_mulx_u32(&x471, &x472, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x472; + fiat_p256_addcarryx_u32(&x471, &x472, x470, x463, x466); uint32_t x473; - uint32_t x474; - fiat_p256_mulx_u32(&x473, &x474, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x474; + fiat_p256_addcarryx_u32(&x473, &x474, x472, 0x0, x464); uint32_t x475; - uint32_t x476; - fiat_p256_mulx_u32(&x475, &x476, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x476; + fiat_p256_addcarryx_u32(&x475, &x476, 0x0, x467, x443); uint32_t x477; - uint32_t x478; - fiat_p256_mulx_u32(&x477, &x478, x453, UINT32_C(0xffffffff)); + fiat_p256_uint1 x478; + fiat_p256_addcarryx_u32(&x477, &x478, x476, x469, x445); uint32_t x479; fiat_p256_uint1 x480; - fiat_p256_addcarryx_u32(&x479, &x480, 0x0, x475, x478); + fiat_p256_addcarryx_u32(&x479, &x480, x478, x471, x447); uint32_t x481; fiat_p256_uint1 x482; - fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x476); + fiat_p256_addcarryx_u32(&x481, &x482, x480, x473, x449); uint32_t x483; fiat_p256_uint1 x484; - fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x474); + fiat_p256_addcarryx_u32(&x483, &x484, x482, 0x0, x451); uint32_t x485; fiat_p256_uint1 x486; - fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x485, &x486, x484, 0x0, x453); uint32_t x487; fiat_p256_uint1 x488; - fiat_p256_addcarryx_u32(&x487, &x488, 0x0, x477, x453); + fiat_p256_addcarryx_u32(&x487, &x488, x486, x443, x455); uint32_t x489; fiat_p256_uint1 x490; - fiat_p256_addcarryx_u32(&x489, &x490, x488, x479, x455); + fiat_p256_addcarryx_u32(&x489, &x490, x488, x461, x457); uint32_t x491; fiat_p256_uint1 x492; - fiat_p256_addcarryx_u32(&x491, &x492, x490, x481, x457); + fiat_p256_addcarryx_u32(&x491, &x492, x490, x462, x459); uint32_t x493; fiat_p256_uint1 x494; - fiat_p256_addcarryx_u32(&x493, &x494, x492, x483, x459); + fiat_p256_addcarryx_u32(&x493, &x494, x492, 0x0, x460); uint32_t x495; - fiat_p256_uint1 x496; - fiat_p256_addcarryx_u32(&x495, &x496, x494, (fiat_p256_uint1)x485, x461); + uint32_t x496; + fiat_p256_mulx_u32(&x495, &x496, x6, (arg1[7])); uint32_t x497; - fiat_p256_uint1 x498; - fiat_p256_addcarryx_u32(&x497, &x498, x496, 0x0, x463); + uint32_t x498; + fiat_p256_mulx_u32(&x497, &x498, x6, (arg1[6])); uint32_t x499; - fiat_p256_uint1 x500; - fiat_p256_addcarryx_u32(&x499, &x500, x498, x453, x465); + uint32_t x500; + fiat_p256_mulx_u32(&x499, &x500, x6, (arg1[5])); uint32_t x501; - fiat_p256_uint1 x502; - fiat_p256_addcarryx_u32(&x501, &x502, x500, x471, x467); + uint32_t x502; + fiat_p256_mulx_u32(&x501, &x502, x6, (arg1[4])); uint32_t x503; - fiat_p256_uint1 x504; - fiat_p256_addcarryx_u32(&x503, &x504, x502, x472, x469); + uint32_t x504; + fiat_p256_mulx_u32(&x503, &x504, x6, (arg1[3])); uint32_t x505; - fiat_p256_uint1 x506; - fiat_p256_addcarryx_u32(&x505, &x506, x504, 0x0, x470); + uint32_t x506; + fiat_p256_mulx_u32(&x505, &x506, x6, (arg1[2])); uint32_t x507; uint32_t x508; - fiat_p256_mulx_u32(&x507, &x508, x6, (arg1[7])); + fiat_p256_mulx_u32(&x507, &x508, x6, (arg1[1])); uint32_t x509; uint32_t x510; - fiat_p256_mulx_u32(&x509, &x510, x6, (arg1[6])); + fiat_p256_mulx_u32(&x509, &x510, x6, (arg1[0])); uint32_t x511; - uint32_t x512; - fiat_p256_mulx_u32(&x511, &x512, x6, (arg1[5])); + fiat_p256_uint1 x512; + fiat_p256_addcarryx_u32(&x511, &x512, 0x0, x507, x510); uint32_t x513; - uint32_t x514; - fiat_p256_mulx_u32(&x513, &x514, x6, (arg1[4])); + fiat_p256_uint1 x514; + fiat_p256_addcarryx_u32(&x513, &x514, x512, x505, x508); uint32_t x515; - uint32_t x516; - fiat_p256_mulx_u32(&x515, &x516, x6, (arg1[3])); + fiat_p256_uint1 x516; + fiat_p256_addcarryx_u32(&x515, &x516, x514, x503, x506); uint32_t x517; - uint32_t x518; - fiat_p256_mulx_u32(&x517, &x518, x6, (arg1[2])); + fiat_p256_uint1 x518; + fiat_p256_addcarryx_u32(&x517, &x518, x516, x501, x504); uint32_t x519; - uint32_t x520; - fiat_p256_mulx_u32(&x519, &x520, x6, (arg1[1])); + fiat_p256_uint1 x520; + fiat_p256_addcarryx_u32(&x519, &x520, x518, x499, x502); uint32_t x521; - uint32_t x522; - fiat_p256_mulx_u32(&x521, &x522, x6, (arg1[0])); + fiat_p256_uint1 x522; + fiat_p256_addcarryx_u32(&x521, &x522, x520, x497, x500); uint32_t x523; fiat_p256_uint1 x524; - fiat_p256_addcarryx_u32(&x523, &x524, 0x0, x519, x522); + fiat_p256_addcarryx_u32(&x523, &x524, x522, x495, x498); uint32_t x525; fiat_p256_uint1 x526; - fiat_p256_addcarryx_u32(&x525, &x526, x524, x517, x520); + fiat_p256_addcarryx_u32(&x525, &x526, x524, 0x0, x496); uint32_t x527; fiat_p256_uint1 x528; - fiat_p256_addcarryx_u32(&x527, &x528, x526, x515, x518); + fiat_p256_addcarryx_u32(&x527, &x528, 0x0, x509, x477); uint32_t x529; fiat_p256_uint1 x530; - fiat_p256_addcarryx_u32(&x529, &x530, x528, x513, x516); + fiat_p256_addcarryx_u32(&x529, &x530, x528, x511, x479); uint32_t x531; fiat_p256_uint1 x532; - fiat_p256_addcarryx_u32(&x531, &x532, x530, x511, x514); + fiat_p256_addcarryx_u32(&x531, &x532, x530, x513, x481); uint32_t x533; fiat_p256_uint1 x534; - fiat_p256_addcarryx_u32(&x533, &x534, x532, x509, x512); + fiat_p256_addcarryx_u32(&x533, &x534, x532, x515, x483); uint32_t x535; fiat_p256_uint1 x536; - fiat_p256_addcarryx_u32(&x535, &x536, x534, x507, x510); + fiat_p256_addcarryx_u32(&x535, &x536, x534, x517, x485); uint32_t x537; fiat_p256_uint1 x538; - fiat_p256_addcarryx_u32(&x537, &x538, x536, 0x0, x508); + fiat_p256_addcarryx_u32(&x537, &x538, x536, x519, x487); uint32_t x539; fiat_p256_uint1 x540; - fiat_p256_addcarryx_u32(&x539, &x540, 0x0, x521, x489); + fiat_p256_addcarryx_u32(&x539, &x540, x538, x521, x489); uint32_t x541; fiat_p256_uint1 x542; fiat_p256_addcarryx_u32(&x541, &x542, x540, x523, x491); @@ -1975,257 +1951,233 @@ static void fiat_p256_square(uint32_t out1[8], const uint32_t arg1[8]) { fiat_p256_uint1 x544; fiat_p256_addcarryx_u32(&x543, &x544, x542, x525, x493); uint32_t x545; - fiat_p256_uint1 x546; - fiat_p256_addcarryx_u32(&x545, &x546, x544, x527, x495); + uint32_t x546; + fiat_p256_mulx_u32(&x545, &x546, x527, UINT32_C(0xffffffff)); uint32_t x547; - fiat_p256_uint1 x548; - fiat_p256_addcarryx_u32(&x547, &x548, x546, x529, x497); + uint32_t x548; + fiat_p256_mulx_u32(&x547, &x548, x527, UINT32_C(0xffffffff)); uint32_t x549; - fiat_p256_uint1 x550; - fiat_p256_addcarryx_u32(&x549, &x550, x548, x531, x499); + uint32_t x550; + fiat_p256_mulx_u32(&x549, &x550, x527, UINT32_C(0xffffffff)); uint32_t x551; - fiat_p256_uint1 x552; - fiat_p256_addcarryx_u32(&x551, &x552, x550, x533, x501); + uint32_t x552; + fiat_p256_mulx_u32(&x551, &x552, x527, UINT32_C(0xffffffff)); uint32_t x553; fiat_p256_uint1 x554; - fiat_p256_addcarryx_u32(&x553, &x554, x552, x535, x503); + fiat_p256_addcarryx_u32(&x553, &x554, 0x0, x549, x552); uint32_t x555; fiat_p256_uint1 x556; - fiat_p256_addcarryx_u32(&x555, &x556, x554, x537, x505); + fiat_p256_addcarryx_u32(&x555, &x556, x554, x547, x550); uint32_t x557; - uint32_t x558; - fiat_p256_mulx_u32(&x557, &x558, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x558; + fiat_p256_addcarryx_u32(&x557, &x558, x556, 0x0, x548); uint32_t x559; - uint32_t x560; - fiat_p256_mulx_u32(&x559, &x560, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x560; + fiat_p256_addcarryx_u32(&x559, &x560, 0x0, x551, x527); uint32_t x561; - uint32_t x562; - fiat_p256_mulx_u32(&x561, &x562, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x562; + fiat_p256_addcarryx_u32(&x561, &x562, x560, x553, x529); uint32_t x563; - uint32_t x564; - fiat_p256_mulx_u32(&x563, &x564, x539, UINT32_C(0xffffffff)); + fiat_p256_uint1 x564; + fiat_p256_addcarryx_u32(&x563, &x564, x562, x555, x531); uint32_t x565; fiat_p256_uint1 x566; - fiat_p256_addcarryx_u32(&x565, &x566, 0x0, x561, x564); + fiat_p256_addcarryx_u32(&x565, &x566, x564, x557, x533); uint32_t x567; fiat_p256_uint1 x568; - fiat_p256_addcarryx_u32(&x567, &x568, x566, x559, x562); + fiat_p256_addcarryx_u32(&x567, &x568, x566, 0x0, x535); uint32_t x569; fiat_p256_uint1 x570; - fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x560); + fiat_p256_addcarryx_u32(&x569, &x570, x568, 0x0, x537); uint32_t x571; fiat_p256_uint1 x572; - fiat_p256_addcarryx_u32(&x571, &x572, x570, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x571, &x572, x570, x527, x539); uint32_t x573; fiat_p256_uint1 x574; - fiat_p256_addcarryx_u32(&x573, &x574, 0x0, x563, x539); + fiat_p256_addcarryx_u32(&x573, &x574, x572, x545, x541); uint32_t x575; fiat_p256_uint1 x576; - fiat_p256_addcarryx_u32(&x575, &x576, x574, x565, x541); + fiat_p256_addcarryx_u32(&x575, &x576, x574, x546, x543); uint32_t x577; fiat_p256_uint1 x578; - fiat_p256_addcarryx_u32(&x577, &x578, x576, x567, x543); + fiat_p256_addcarryx_u32(&x577, &x578, x576, 0x0, x544); uint32_t x579; - fiat_p256_uint1 x580; - fiat_p256_addcarryx_u32(&x579, &x580, x578, x569, x545); + uint32_t x580; + fiat_p256_mulx_u32(&x579, &x580, x7, (arg1[7])); uint32_t x581; - fiat_p256_uint1 x582; - fiat_p256_addcarryx_u32(&x581, &x582, x580, (fiat_p256_uint1)x571, x547); + uint32_t x582; + fiat_p256_mulx_u32(&x581, &x582, x7, (arg1[6])); uint32_t x583; - fiat_p256_uint1 x584; - fiat_p256_addcarryx_u32(&x583, &x584, x582, 0x0, x549); + uint32_t x584; + fiat_p256_mulx_u32(&x583, &x584, x7, (arg1[5])); uint32_t x585; - fiat_p256_uint1 x586; - fiat_p256_addcarryx_u32(&x585, &x586, x584, x539, x551); + uint32_t x586; + fiat_p256_mulx_u32(&x585, &x586, x7, (arg1[4])); uint32_t x587; - fiat_p256_uint1 x588; - fiat_p256_addcarryx_u32(&x587, &x588, x586, x557, x553); + uint32_t x588; + fiat_p256_mulx_u32(&x587, &x588, x7, (arg1[3])); uint32_t x589; - fiat_p256_uint1 x590; - fiat_p256_addcarryx_u32(&x589, &x590, x588, x558, x555); + uint32_t x590; + fiat_p256_mulx_u32(&x589, &x590, x7, (arg1[2])); uint32_t x591; - fiat_p256_uint1 x592; - fiat_p256_addcarryx_u32(&x591, &x592, x590, 0x0, x556); + uint32_t x592; + fiat_p256_mulx_u32(&x591, &x592, x7, (arg1[1])); uint32_t x593; uint32_t x594; - fiat_p256_mulx_u32(&x593, &x594, x7, (arg1[7])); + fiat_p256_mulx_u32(&x593, &x594, x7, (arg1[0])); uint32_t x595; - uint32_t x596; - fiat_p256_mulx_u32(&x595, &x596, x7, (arg1[6])); + fiat_p256_uint1 x596; + fiat_p256_addcarryx_u32(&x595, &x596, 0x0, x591, x594); uint32_t x597; - uint32_t x598; - fiat_p256_mulx_u32(&x597, &x598, x7, (arg1[5])); + fiat_p256_uint1 x598; + fiat_p256_addcarryx_u32(&x597, &x598, x596, x589, x592); uint32_t x599; - uint32_t x600; - fiat_p256_mulx_u32(&x599, &x600, x7, (arg1[4])); + fiat_p256_uint1 x600; + fiat_p256_addcarryx_u32(&x599, &x600, x598, x587, x590); uint32_t x601; - uint32_t x602; - fiat_p256_mulx_u32(&x601, &x602, x7, (arg1[3])); + fiat_p256_uint1 x602; + fiat_p256_addcarryx_u32(&x601, &x602, x600, x585, x588); uint32_t x603; - uint32_t x604; - fiat_p256_mulx_u32(&x603, &x604, x7, (arg1[2])); + fiat_p256_uint1 x604; + fiat_p256_addcarryx_u32(&x603, &x604, x602, x583, x586); uint32_t x605; - uint32_t x606; - fiat_p256_mulx_u32(&x605, &x606, x7, (arg1[1])); + fiat_p256_uint1 x606; + fiat_p256_addcarryx_u32(&x605, &x606, x604, x581, x584); uint32_t x607; - uint32_t x608; - fiat_p256_mulx_u32(&x607, &x608, x7, (arg1[0])); + fiat_p256_uint1 x608; + fiat_p256_addcarryx_u32(&x607, &x608, x606, x579, x582); uint32_t x609; fiat_p256_uint1 x610; - fiat_p256_addcarryx_u32(&x609, &x610, 0x0, x605, x608); + fiat_p256_addcarryx_u32(&x609, &x610, x608, 0x0, x580); uint32_t x611; fiat_p256_uint1 x612; - fiat_p256_addcarryx_u32(&x611, &x612, x610, x603, x606); + fiat_p256_addcarryx_u32(&x611, &x612, 0x0, x593, x561); uint32_t x613; fiat_p256_uint1 x614; - fiat_p256_addcarryx_u32(&x613, &x614, x612, x601, x604); + fiat_p256_addcarryx_u32(&x613, &x614, x612, x595, x563); uint32_t x615; fiat_p256_uint1 x616; - fiat_p256_addcarryx_u32(&x615, &x616, x614, x599, x602); + fiat_p256_addcarryx_u32(&x615, &x616, x614, x597, x565); uint32_t x617; fiat_p256_uint1 x618; - fiat_p256_addcarryx_u32(&x617, &x618, x616, x597, x600); + fiat_p256_addcarryx_u32(&x617, &x618, x616, x599, x567); uint32_t x619; fiat_p256_uint1 x620; - fiat_p256_addcarryx_u32(&x619, &x620, x618, x595, x598); + fiat_p256_addcarryx_u32(&x619, &x620, x618, x601, x569); uint32_t x621; fiat_p256_uint1 x622; - fiat_p256_addcarryx_u32(&x621, &x622, x620, x593, x596); + fiat_p256_addcarryx_u32(&x621, &x622, x620, x603, x571); uint32_t x623; fiat_p256_uint1 x624; - fiat_p256_addcarryx_u32(&x623, &x624, x622, 0x0, x594); + fiat_p256_addcarryx_u32(&x623, &x624, x622, x605, x573); uint32_t x625; fiat_p256_uint1 x626; - fiat_p256_addcarryx_u32(&x625, &x626, 0x0, x607, x575); + fiat_p256_addcarryx_u32(&x625, &x626, x624, x607, x575); uint32_t x627; fiat_p256_uint1 x628; fiat_p256_addcarryx_u32(&x627, &x628, x626, x609, x577); uint32_t x629; - fiat_p256_uint1 x630; - fiat_p256_addcarryx_u32(&x629, &x630, x628, x611, x579); + uint32_t x630; + fiat_p256_mulx_u32(&x629, &x630, x611, UINT32_C(0xffffffff)); uint32_t x631; - fiat_p256_uint1 x632; - fiat_p256_addcarryx_u32(&x631, &x632, x630, x613, x581); + uint32_t x632; + fiat_p256_mulx_u32(&x631, &x632, x611, UINT32_C(0xffffffff)); uint32_t x633; - fiat_p256_uint1 x634; - fiat_p256_addcarryx_u32(&x633, &x634, x632, x615, x583); + uint32_t x634; + fiat_p256_mulx_u32(&x633, &x634, x611, UINT32_C(0xffffffff)); uint32_t x635; - fiat_p256_uint1 x636; - fiat_p256_addcarryx_u32(&x635, &x636, x634, x617, x585); + uint32_t x636; + fiat_p256_mulx_u32(&x635, &x636, x611, UINT32_C(0xffffffff)); uint32_t x637; fiat_p256_uint1 x638; - fiat_p256_addcarryx_u32(&x637, &x638, x636, x619, x587); + fiat_p256_addcarryx_u32(&x637, &x638, 0x0, x633, x636); uint32_t x639; fiat_p256_uint1 x640; - fiat_p256_addcarryx_u32(&x639, &x640, x638, x621, x589); + fiat_p256_addcarryx_u32(&x639, &x640, x638, x631, x634); uint32_t x641; fiat_p256_uint1 x642; - fiat_p256_addcarryx_u32(&x641, &x642, x640, x623, x591); + fiat_p256_addcarryx_u32(&x641, &x642, x640, 0x0, x632); uint32_t x643; - uint32_t x644; - fiat_p256_mulx_u32(&x643, &x644, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x644; + fiat_p256_addcarryx_u32(&x643, &x644, 0x0, x635, x611); uint32_t x645; - uint32_t x646; - fiat_p256_mulx_u32(&x645, &x646, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x646; + fiat_p256_addcarryx_u32(&x645, &x646, x644, x637, x613); uint32_t x647; - uint32_t x648; - fiat_p256_mulx_u32(&x647, &x648, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x648; + fiat_p256_addcarryx_u32(&x647, &x648, x646, x639, x615); uint32_t x649; - uint32_t x650; - fiat_p256_mulx_u32(&x649, &x650, x625, UINT32_C(0xffffffff)); + fiat_p256_uint1 x650; + fiat_p256_addcarryx_u32(&x649, &x650, x648, x641, x617); uint32_t x651; fiat_p256_uint1 x652; - fiat_p256_addcarryx_u32(&x651, &x652, 0x0, x647, x650); + fiat_p256_addcarryx_u32(&x651, &x652, x650, 0x0, x619); uint32_t x653; fiat_p256_uint1 x654; - fiat_p256_addcarryx_u32(&x653, &x654, x652, x645, x648); + fiat_p256_addcarryx_u32(&x653, &x654, x652, 0x0, x621); uint32_t x655; fiat_p256_uint1 x656; - fiat_p256_addcarryx_u32(&x655, &x656, x654, 0x0, x646); + fiat_p256_addcarryx_u32(&x655, &x656, x654, x611, x623); uint32_t x657; fiat_p256_uint1 x658; - fiat_p256_addcarryx_u32(&x657, &x658, x656, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x657, &x658, x656, x629, x625); uint32_t x659; fiat_p256_uint1 x660; - fiat_p256_addcarryx_u32(&x659, &x660, 0x0, x649, x625); + fiat_p256_addcarryx_u32(&x659, &x660, x658, x630, x627); uint32_t x661; fiat_p256_uint1 x662; - fiat_p256_addcarryx_u32(&x661, &x662, x660, x651, x627); + fiat_p256_addcarryx_u32(&x661, &x662, x660, 0x0, x628); uint32_t x663; fiat_p256_uint1 x664; - fiat_p256_addcarryx_u32(&x663, &x664, x662, x653, x629); + fiat_p256_subborrowx_u32(&x663, &x664, 0x0, x645, UINT32_C(0xffffffff)); uint32_t x665; fiat_p256_uint1 x666; - fiat_p256_addcarryx_u32(&x665, &x666, x664, x655, x631); + fiat_p256_subborrowx_u32(&x665, &x666, x664, x647, UINT32_C(0xffffffff)); uint32_t x667; fiat_p256_uint1 x668; - fiat_p256_addcarryx_u32(&x667, &x668, x666, (fiat_p256_uint1)x657, x633); + fiat_p256_subborrowx_u32(&x667, &x668, x666, x649, UINT32_C(0xffffffff)); uint32_t x669; fiat_p256_uint1 x670; - fiat_p256_addcarryx_u32(&x669, &x670, x668, 0x0, x635); + fiat_p256_subborrowx_u32(&x669, &x670, x668, x651, 0x0); uint32_t x671; fiat_p256_uint1 x672; - fiat_p256_addcarryx_u32(&x671, &x672, x670, x625, x637); + fiat_p256_subborrowx_u32(&x671, &x672, x670, x653, 0x0); uint32_t x673; fiat_p256_uint1 x674; - fiat_p256_addcarryx_u32(&x673, &x674, x672, x643, x639); + fiat_p256_subborrowx_u32(&x673, &x674, x672, x655, 0x0); uint32_t x675; fiat_p256_uint1 x676; - fiat_p256_addcarryx_u32(&x675, &x676, x674, x644, x641); + fiat_p256_subborrowx_u32(&x675, &x676, x674, x657, 0x1); uint32_t x677; fiat_p256_uint1 x678; - fiat_p256_addcarryx_u32(&x677, &x678, x676, 0x0, x642); + fiat_p256_subborrowx_u32(&x677, &x678, x676, x659, UINT32_C(0xffffffff)); uint32_t x679; fiat_p256_uint1 x680; - fiat_p256_subborrowx_u32(&x679, &x680, 0x0, x661, UINT32_C(0xffffffff)); + fiat_p256_subborrowx_u32(&x679, &x680, x678, x661, 0x0); uint32_t x681; - fiat_p256_uint1 x682; - fiat_p256_subborrowx_u32(&x681, &x682, x680, x663, UINT32_C(0xffffffff)); + fiat_p256_cmovznz_u32(&x681, x680, x663, x645); + uint32_t x682; + fiat_p256_cmovznz_u32(&x682, x680, x665, x647); uint32_t x683; - fiat_p256_uint1 x684; - fiat_p256_subborrowx_u32(&x683, &x684, x682, x665, UINT32_C(0xffffffff)); + fiat_p256_cmovznz_u32(&x683, x680, x667, x649); + uint32_t x684; + fiat_p256_cmovznz_u32(&x684, x680, x669, x651); uint32_t x685; - fiat_p256_uint1 x686; - fiat_p256_subborrowx_u32(&x685, &x686, x684, x667, 0x0); + fiat_p256_cmovznz_u32(&x685, x680, x671, x653); + uint32_t x686; + fiat_p256_cmovznz_u32(&x686, x680, x673, x655); uint32_t x687; - fiat_p256_uint1 x688; - fiat_p256_subborrowx_u32(&x687, &x688, x686, x669, 0x0); - uint32_t x689; - fiat_p256_uint1 x690; - fiat_p256_subborrowx_u32(&x689, &x690, x688, x671, 0x0); - uint32_t x691; - fiat_p256_uint1 x692; - fiat_p256_subborrowx_u32(&x691, &x692, x690, x673, 0x1); - uint32_t x693; - fiat_p256_uint1 x694; - fiat_p256_subborrowx_u32(&x693, &x694, x692, x675, UINT32_C(0xffffffff)); - uint32_t x695; - fiat_p256_uint1 x696; - fiat_p256_subborrowx_u32(&x695, &x696, x694, x677, 0x0); - uint32_t x697; - fiat_p256_cmovznz_u32(&x697, x696, x679, x661); - uint32_t x698; - fiat_p256_cmovznz_u32(&x698, x696, x681, x663); - uint32_t x699; - fiat_p256_cmovznz_u32(&x699, x696, x683, x665); - uint32_t x700; - fiat_p256_cmovznz_u32(&x700, x696, x685, x667); - uint32_t x701; - fiat_p256_cmovznz_u32(&x701, x696, x687, x669); - uint32_t x702; - fiat_p256_cmovznz_u32(&x702, x696, x689, x671); - uint32_t x703; - fiat_p256_cmovznz_u32(&x703, x696, x691, x673); - uint32_t x704; - fiat_p256_cmovznz_u32(&x704, x696, x693, x675); - out1[0] = x697; - out1[1] = x698; - out1[2] = x699; - out1[3] = x700; - out1[4] = x701; - out1[5] = x702; - out1[6] = x703; - out1[7] = x704; + fiat_p256_cmovznz_u32(&x687, x680, x675, x657); + uint32_t x688; + fiat_p256_cmovznz_u32(&x688, x680, x677, x659); + out1[0] = x681; + out1[1] = x682; + out1[2] = x683; + out1[3] = x684; + out1[4] = x685; + out1[5] = x686; + out1[6] = x687; + out1[7] = x688; } /* @@ -2476,646 +2428,580 @@ static void fiat_p256_from_montgomery(uint32_t out1[8], const uint32_t arg1[8]) fiat_p256_addcarryx_u32(&x12, &x13, x11, x4, x7); uint32_t x14; fiat_p256_uint1 x15; - fiat_p256_addcarryx_u32(&x14, &x15, x13, 0x0, x5); + fiat_p256_addcarryx_u32(&x14, &x15, 0x0, x8, x1); uint32_t x16; fiat_p256_uint1 x17; - fiat_p256_addcarryx_u32(&x16, &x17, 0x0, x8, x1); + fiat_p256_addcarryx_u32(&x16, &x17, x15, x10, 0x0); uint32_t x18; fiat_p256_uint1 x19; - fiat_p256_addcarryx_u32(&x18, &x19, x17, x10, 0x0); + fiat_p256_addcarryx_u32(&x18, &x19, x17, x12, 0x0); uint32_t x20; fiat_p256_uint1 x21; - fiat_p256_addcarryx_u32(&x20, &x21, x19, x12, 0x0); + fiat_p256_addcarryx_u32(&x20, &x21, x13, 0x0, x5); uint32_t x22; fiat_p256_uint1 x23; - fiat_p256_addcarryx_u32(&x22, &x23, x21, x14, 0x0); + fiat_p256_addcarryx_u32(&x22, &x23, x19, x20, 0x0); uint32_t x24; fiat_p256_uint1 x25; - fiat_p256_addcarryx_u32(&x24, &x25, x15, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x24, &x25, 0x0, (arg1[1]), x16); uint32_t x26; fiat_p256_uint1 x27; - fiat_p256_addcarryx_u32(&x26, &x27, x23, (fiat_p256_uint1)x24, 0x0); + fiat_p256_addcarryx_u32(&x26, &x27, x25, 0x0, x18); uint32_t x28; fiat_p256_uint1 x29; - fiat_p256_addcarryx_u32(&x28, &x29, 0x0, (arg1[1]), x18); + fiat_p256_addcarryx_u32(&x28, &x29, x27, 0x0, x22); uint32_t x30; - fiat_p256_uint1 x31; - fiat_p256_addcarryx_u32(&x30, &x31, x29, 0x0, x20); + uint32_t x31; + fiat_p256_mulx_u32(&x30, &x31, x24, UINT32_C(0xffffffff)); uint32_t x32; - fiat_p256_uint1 x33; - fiat_p256_addcarryx_u32(&x32, &x33, x31, 0x0, x22); + uint32_t x33; + fiat_p256_mulx_u32(&x32, &x33, x24, UINT32_C(0xffffffff)); uint32_t x34; - fiat_p256_uint1 x35; - fiat_p256_addcarryx_u32(&x34, &x35, x33, 0x0, (fiat_p256_uint1)x26); + uint32_t x35; + fiat_p256_mulx_u32(&x34, &x35, x24, UINT32_C(0xffffffff)); uint32_t x36; - fiat_p256_uint1 x37; - fiat_p256_addcarryx_u32(&x36, &x37, x27, 0x0, 0x0); + uint32_t x37; + fiat_p256_mulx_u32(&x36, &x37, x24, UINT32_C(0xffffffff)); uint32_t x38; fiat_p256_uint1 x39; - fiat_p256_addcarryx_u32(&x38, &x39, x35, 0x0, (fiat_p256_uint1)x36); + fiat_p256_addcarryx_u32(&x38, &x39, 0x0, x34, x37); uint32_t x40; fiat_p256_uint1 x41; - fiat_p256_addcarryx_u32(&x40, &x41, x39, 0x0, x1); + fiat_p256_addcarryx_u32(&x40, &x41, x39, x32, x35); uint32_t x42; fiat_p256_uint1 x43; - fiat_p256_addcarryx_u32(&x42, &x43, x41, 0x0, x2); + fiat_p256_addcarryx_u32(&x42, &x43, 0x0, x36, x24); uint32_t x44; fiat_p256_uint1 x45; - fiat_p256_addcarryx_u32(&x44, &x45, x43, 0x0, x3); + fiat_p256_addcarryx_u32(&x44, &x45, x43, x38, x26); uint32_t x46; - uint32_t x47; - fiat_p256_mulx_u32(&x46, &x47, x28, UINT32_C(0xffffffff)); + fiat_p256_uint1 x47; + fiat_p256_addcarryx_u32(&x46, &x47, x45, x40, x28); uint32_t x48; - uint32_t x49; - fiat_p256_mulx_u32(&x48, &x49, x28, UINT32_C(0xffffffff)); + fiat_p256_uint1 x49; + fiat_p256_addcarryx_u32(&x48, &x49, x23, 0x0, 0x0); uint32_t x50; - uint32_t x51; - fiat_p256_mulx_u32(&x50, &x51, x28, UINT32_C(0xffffffff)); + fiat_p256_uint1 x51; + fiat_p256_addcarryx_u32(&x50, &x51, x29, 0x0, (fiat_p256_uint1)x48); uint32_t x52; - uint32_t x53; - fiat_p256_mulx_u32(&x52, &x53, x28, UINT32_C(0xffffffff)); + fiat_p256_uint1 x53; + fiat_p256_addcarryx_u32(&x52, &x53, x41, 0x0, x33); uint32_t x54; fiat_p256_uint1 x55; - fiat_p256_addcarryx_u32(&x54, &x55, 0x0, x50, x53); + fiat_p256_addcarryx_u32(&x54, &x55, x47, x52, x50); uint32_t x56; fiat_p256_uint1 x57; - fiat_p256_addcarryx_u32(&x56, &x57, x55, x48, x51); + fiat_p256_addcarryx_u32(&x56, &x57, 0x0, x24, x2); uint32_t x58; fiat_p256_uint1 x59; - fiat_p256_addcarryx_u32(&x58, &x59, x57, 0x0, x49); + fiat_p256_addcarryx_u32(&x58, &x59, x57, x30, x3); uint32_t x60; fiat_p256_uint1 x61; - fiat_p256_addcarryx_u32(&x60, &x61, 0x0, x52, x28); + fiat_p256_addcarryx_u32(&x60, &x61, 0x0, (arg1[2]), x44); uint32_t x62; fiat_p256_uint1 x63; - fiat_p256_addcarryx_u32(&x62, &x63, x61, x54, x30); + fiat_p256_addcarryx_u32(&x62, &x63, x61, 0x0, x46); uint32_t x64; fiat_p256_uint1 x65; - fiat_p256_addcarryx_u32(&x64, &x65, x63, x56, x32); + fiat_p256_addcarryx_u32(&x64, &x65, x63, 0x0, x54); uint32_t x66; - fiat_p256_uint1 x67; - fiat_p256_addcarryx_u32(&x66, &x67, x65, x58, x34); + uint32_t x67; + fiat_p256_mulx_u32(&x66, &x67, x60, UINT32_C(0xffffffff)); uint32_t x68; - fiat_p256_uint1 x69; - fiat_p256_addcarryx_u32(&x68, &x69, x59, 0x0, 0x0); + uint32_t x69; + fiat_p256_mulx_u32(&x68, &x69, x60, UINT32_C(0xffffffff)); uint32_t x70; - fiat_p256_uint1 x71; - fiat_p256_addcarryx_u32(&x70, &x71, x67, (fiat_p256_uint1)x68, (fiat_p256_uint1)x38); + uint32_t x71; + fiat_p256_mulx_u32(&x70, &x71, x60, UINT32_C(0xffffffff)); uint32_t x72; - fiat_p256_uint1 x73; - fiat_p256_addcarryx_u32(&x72, &x73, x71, 0x0, x40); + uint32_t x73; + fiat_p256_mulx_u32(&x72, &x73, x60, UINT32_C(0xffffffff)); uint32_t x74; fiat_p256_uint1 x75; - fiat_p256_addcarryx_u32(&x74, &x75, x73, x28, x42); + fiat_p256_addcarryx_u32(&x74, &x75, 0x0, x70, x73); uint32_t x76; fiat_p256_uint1 x77; - fiat_p256_addcarryx_u32(&x76, &x77, x75, x46, x44); + fiat_p256_addcarryx_u32(&x76, &x77, x75, x68, x71); uint32_t x78; fiat_p256_uint1 x79; - fiat_p256_addcarryx_u32(&x78, &x79, x45, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x78, &x79, 0x0, x72, x60); uint32_t x80; fiat_p256_uint1 x81; - fiat_p256_addcarryx_u32(&x80, &x81, x77, x47, (fiat_p256_uint1)x78); + fiat_p256_addcarryx_u32(&x80, &x81, x79, x74, x62); uint32_t x82; fiat_p256_uint1 x83; - fiat_p256_addcarryx_u32(&x82, &x83, 0x0, (arg1[2]), x62); + fiat_p256_addcarryx_u32(&x82, &x83, x81, x76, x64); uint32_t x84; fiat_p256_uint1 x85; - fiat_p256_addcarryx_u32(&x84, &x85, x83, 0x0, x64); + fiat_p256_addcarryx_u32(&x84, &x85, x55, 0x0, 0x0); uint32_t x86; fiat_p256_uint1 x87; - fiat_p256_addcarryx_u32(&x86, &x87, x85, 0x0, x66); + fiat_p256_addcarryx_u32(&x86, &x87, x65, 0x0, (fiat_p256_uint1)x84); uint32_t x88; fiat_p256_uint1 x89; - fiat_p256_addcarryx_u32(&x88, &x89, x87, 0x0, (fiat_p256_uint1)x70); + fiat_p256_addcarryx_u32(&x88, &x89, x77, 0x0, x69); uint32_t x90; fiat_p256_uint1 x91; - fiat_p256_addcarryx_u32(&x90, &x91, x89, 0x0, x72); + fiat_p256_addcarryx_u32(&x90, &x91, x83, x88, x86); uint32_t x92; fiat_p256_uint1 x93; - fiat_p256_addcarryx_u32(&x92, &x93, x91, 0x0, x74); + fiat_p256_addcarryx_u32(&x92, &x93, x91, 0x0, x1); uint32_t x94; fiat_p256_uint1 x95; - fiat_p256_addcarryx_u32(&x94, &x95, x93, 0x0, x76); + fiat_p256_addcarryx_u32(&x94, &x95, x93, 0x0, x56); uint32_t x96; fiat_p256_uint1 x97; - fiat_p256_addcarryx_u32(&x96, &x97, x95, 0x0, x80); + fiat_p256_addcarryx_u32(&x96, &x97, x95, x60, x58); uint32_t x98; fiat_p256_uint1 x99; - fiat_p256_addcarryx_u32(&x98, &x99, x81, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x98, &x99, x59, x31, 0x0); uint32_t x100; fiat_p256_uint1 x101; - fiat_p256_addcarryx_u32(&x100, &x101, x97, 0x0, (fiat_p256_uint1)x98); + fiat_p256_addcarryx_u32(&x100, &x101, x97, x66, x98); uint32_t x102; - uint32_t x103; - fiat_p256_mulx_u32(&x102, &x103, x82, UINT32_C(0xffffffff)); + fiat_p256_uint1 x103; + fiat_p256_addcarryx_u32(&x102, &x103, 0x0, (arg1[3]), x80); uint32_t x104; - uint32_t x105; - fiat_p256_mulx_u32(&x104, &x105, x82, UINT32_C(0xffffffff)); + fiat_p256_uint1 x105; + fiat_p256_addcarryx_u32(&x104, &x105, x103, 0x0, x82); uint32_t x106; - uint32_t x107; - fiat_p256_mulx_u32(&x106, &x107, x82, UINT32_C(0xffffffff)); + fiat_p256_uint1 x107; + fiat_p256_addcarryx_u32(&x106, &x107, x105, 0x0, x90); uint32_t x108; - uint32_t x109; - fiat_p256_mulx_u32(&x108, &x109, x82, UINT32_C(0xffffffff)); + fiat_p256_uint1 x109; + fiat_p256_addcarryx_u32(&x108, &x109, x107, 0x0, x92); uint32_t x110; fiat_p256_uint1 x111; - fiat_p256_addcarryx_u32(&x110, &x111, 0x0, x106, x109); + fiat_p256_addcarryx_u32(&x110, &x111, x109, 0x0, x94); uint32_t x112; fiat_p256_uint1 x113; - fiat_p256_addcarryx_u32(&x112, &x113, x111, x104, x107); + fiat_p256_addcarryx_u32(&x112, &x113, x111, 0x0, x96); uint32_t x114; fiat_p256_uint1 x115; - fiat_p256_addcarryx_u32(&x114, &x115, x113, 0x0, x105); + fiat_p256_addcarryx_u32(&x114, &x115, x113, 0x0, x100); uint32_t x116; fiat_p256_uint1 x117; - fiat_p256_addcarryx_u32(&x116, &x117, 0x0, x108, x82); + fiat_p256_addcarryx_u32(&x116, &x117, x101, x67, 0x0); uint32_t x118; fiat_p256_uint1 x119; - fiat_p256_addcarryx_u32(&x118, &x119, x117, x110, x84); + fiat_p256_addcarryx_u32(&x118, &x119, x115, 0x0, x116); uint32_t x120; - fiat_p256_uint1 x121; - fiat_p256_addcarryx_u32(&x120, &x121, x119, x112, x86); + uint32_t x121; + fiat_p256_mulx_u32(&x120, &x121, x102, UINT32_C(0xffffffff)); uint32_t x122; - fiat_p256_uint1 x123; - fiat_p256_addcarryx_u32(&x122, &x123, x121, x114, x88); + uint32_t x123; + fiat_p256_mulx_u32(&x122, &x123, x102, UINT32_C(0xffffffff)); uint32_t x124; - fiat_p256_uint1 x125; - fiat_p256_addcarryx_u32(&x124, &x125, x115, 0x0, 0x0); + uint32_t x125; + fiat_p256_mulx_u32(&x124, &x125, x102, UINT32_C(0xffffffff)); uint32_t x126; - fiat_p256_uint1 x127; - fiat_p256_addcarryx_u32(&x126, &x127, x123, (fiat_p256_uint1)x124, x90); + uint32_t x127; + fiat_p256_mulx_u32(&x126, &x127, x102, UINT32_C(0xffffffff)); uint32_t x128; fiat_p256_uint1 x129; - fiat_p256_addcarryx_u32(&x128, &x129, x127, 0x0, x92); + fiat_p256_addcarryx_u32(&x128, &x129, 0x0, x124, x127); uint32_t x130; fiat_p256_uint1 x131; - fiat_p256_addcarryx_u32(&x130, &x131, x129, x82, x94); + fiat_p256_addcarryx_u32(&x130, &x131, x129, x122, x125); uint32_t x132; fiat_p256_uint1 x133; - fiat_p256_addcarryx_u32(&x132, &x133, x131, x102, x96); + fiat_p256_addcarryx_u32(&x132, &x133, 0x0, x126, x102); uint32_t x134; fiat_p256_uint1 x135; - fiat_p256_addcarryx_u32(&x134, &x135, x133, x103, (fiat_p256_uint1)x100); + fiat_p256_addcarryx_u32(&x134, &x135, x133, x128, x104); uint32_t x136; fiat_p256_uint1 x137; - fiat_p256_addcarryx_u32(&x136, &x137, 0x0, (arg1[3]), x118); + fiat_p256_addcarryx_u32(&x136, &x137, x135, x130, x106); uint32_t x138; fiat_p256_uint1 x139; - fiat_p256_addcarryx_u32(&x138, &x139, x137, 0x0, x120); + fiat_p256_addcarryx_u32(&x138, &x139, x131, 0x0, x123); uint32_t x140; fiat_p256_uint1 x141; - fiat_p256_addcarryx_u32(&x140, &x141, x139, 0x0, x122); + fiat_p256_addcarryx_u32(&x140, &x141, x137, x138, x108); uint32_t x142; fiat_p256_uint1 x143; - fiat_p256_addcarryx_u32(&x142, &x143, x141, 0x0, x126); + fiat_p256_addcarryx_u32(&x142, &x143, x141, 0x0, x110); uint32_t x144; fiat_p256_uint1 x145; - fiat_p256_addcarryx_u32(&x144, &x145, x143, 0x0, x128); + fiat_p256_addcarryx_u32(&x144, &x145, x143, 0x0, x112); uint32_t x146; fiat_p256_uint1 x147; - fiat_p256_addcarryx_u32(&x146, &x147, x145, 0x0, x130); + fiat_p256_addcarryx_u32(&x146, &x147, x145, x102, x114); uint32_t x148; fiat_p256_uint1 x149; - fiat_p256_addcarryx_u32(&x148, &x149, x147, 0x0, x132); + fiat_p256_addcarryx_u32(&x148, &x149, x147, x120, x118); uint32_t x150; fiat_p256_uint1 x151; - fiat_p256_addcarryx_u32(&x150, &x151, x149, 0x0, x134); + fiat_p256_addcarryx_u32(&x150, &x151, x119, 0x0, 0x0); uint32_t x152; fiat_p256_uint1 x153; - fiat_p256_addcarryx_u32(&x152, &x153, x135, 0x0, x101); + fiat_p256_addcarryx_u32(&x152, &x153, x149, x121, (fiat_p256_uint1)x150); uint32_t x154; fiat_p256_uint1 x155; - fiat_p256_addcarryx_u32(&x154, &x155, x151, 0x0, (fiat_p256_uint1)x152); + fiat_p256_addcarryx_u32(&x154, &x155, 0x0, (arg1[4]), x134); uint32_t x156; - uint32_t x157; - fiat_p256_mulx_u32(&x156, &x157, x136, UINT32_C(0xffffffff)); + fiat_p256_uint1 x157; + fiat_p256_addcarryx_u32(&x156, &x157, x155, 0x0, x136); uint32_t x158; - uint32_t x159; - fiat_p256_mulx_u32(&x158, &x159, x136, UINT32_C(0xffffffff)); + fiat_p256_uint1 x159; + fiat_p256_addcarryx_u32(&x158, &x159, x157, 0x0, x140); uint32_t x160; - uint32_t x161; - fiat_p256_mulx_u32(&x160, &x161, x136, UINT32_C(0xffffffff)); + fiat_p256_uint1 x161; + fiat_p256_addcarryx_u32(&x160, &x161, x159, 0x0, x142); uint32_t x162; - uint32_t x163; - fiat_p256_mulx_u32(&x162, &x163, x136, UINT32_C(0xffffffff)); + fiat_p256_uint1 x163; + fiat_p256_addcarryx_u32(&x162, &x163, x161, 0x0, x144); uint32_t x164; fiat_p256_uint1 x165; - fiat_p256_addcarryx_u32(&x164, &x165, 0x0, x160, x163); + fiat_p256_addcarryx_u32(&x164, &x165, x163, 0x0, x146); uint32_t x166; fiat_p256_uint1 x167; - fiat_p256_addcarryx_u32(&x166, &x167, x165, x158, x161); + fiat_p256_addcarryx_u32(&x166, &x167, x165, 0x0, x148); uint32_t x168; fiat_p256_uint1 x169; - fiat_p256_addcarryx_u32(&x168, &x169, x167, 0x0, x159); + fiat_p256_addcarryx_u32(&x168, &x169, x167, 0x0, x152); uint32_t x170; - fiat_p256_uint1 x171; - fiat_p256_addcarryx_u32(&x170, &x171, 0x0, x162, x136); + uint32_t x171; + fiat_p256_mulx_u32(&x170, &x171, x154, UINT32_C(0xffffffff)); uint32_t x172; - fiat_p256_uint1 x173; - fiat_p256_addcarryx_u32(&x172, &x173, x171, x164, x138); + uint32_t x173; + fiat_p256_mulx_u32(&x172, &x173, x154, UINT32_C(0xffffffff)); uint32_t x174; - fiat_p256_uint1 x175; - fiat_p256_addcarryx_u32(&x174, &x175, x173, x166, x140); + uint32_t x175; + fiat_p256_mulx_u32(&x174, &x175, x154, UINT32_C(0xffffffff)); uint32_t x176; - fiat_p256_uint1 x177; - fiat_p256_addcarryx_u32(&x176, &x177, x175, x168, x142); + uint32_t x177; + fiat_p256_mulx_u32(&x176, &x177, x154, UINT32_C(0xffffffff)); uint32_t x178; fiat_p256_uint1 x179; - fiat_p256_addcarryx_u32(&x178, &x179, x169, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x178, &x179, 0x0, x174, x177); uint32_t x180; fiat_p256_uint1 x181; - fiat_p256_addcarryx_u32(&x180, &x181, x177, (fiat_p256_uint1)x178, x144); + fiat_p256_addcarryx_u32(&x180, &x181, x179, x172, x175); uint32_t x182; fiat_p256_uint1 x183; - fiat_p256_addcarryx_u32(&x182, &x183, x181, 0x0, x146); + fiat_p256_addcarryx_u32(&x182, &x183, 0x0, x176, x154); uint32_t x184; fiat_p256_uint1 x185; - fiat_p256_addcarryx_u32(&x184, &x185, x183, x136, x148); + fiat_p256_addcarryx_u32(&x184, &x185, x183, x178, x156); uint32_t x186; fiat_p256_uint1 x187; - fiat_p256_addcarryx_u32(&x186, &x187, x185, x156, x150); + fiat_p256_addcarryx_u32(&x186, &x187, x185, x180, x158); uint32_t x188; fiat_p256_uint1 x189; - fiat_p256_addcarryx_u32(&x188, &x189, x187, x157, (fiat_p256_uint1)x154); + fiat_p256_addcarryx_u32(&x188, &x189, x181, 0x0, x173); uint32_t x190; fiat_p256_uint1 x191; - fiat_p256_addcarryx_u32(&x190, &x191, 0x0, (arg1[4]), x172); + fiat_p256_addcarryx_u32(&x190, &x191, x187, x188, x160); uint32_t x192; fiat_p256_uint1 x193; - fiat_p256_addcarryx_u32(&x192, &x193, x191, 0x0, x174); + fiat_p256_addcarryx_u32(&x192, &x193, x191, 0x0, x162); uint32_t x194; fiat_p256_uint1 x195; - fiat_p256_addcarryx_u32(&x194, &x195, x193, 0x0, x176); + fiat_p256_addcarryx_u32(&x194, &x195, x193, 0x0, x164); uint32_t x196; fiat_p256_uint1 x197; - fiat_p256_addcarryx_u32(&x196, &x197, x195, 0x0, x180); + fiat_p256_addcarryx_u32(&x196, &x197, x195, x154, x166); uint32_t x198; fiat_p256_uint1 x199; - fiat_p256_addcarryx_u32(&x198, &x199, x197, 0x0, x182); + fiat_p256_addcarryx_u32(&x198, &x199, x197, x170, x168); uint32_t x200; fiat_p256_uint1 x201; - fiat_p256_addcarryx_u32(&x200, &x201, x199, 0x0, x184); + fiat_p256_addcarryx_u32(&x200, &x201, x153, 0x0, 0x0); uint32_t x202; fiat_p256_uint1 x203; - fiat_p256_addcarryx_u32(&x202, &x203, x201, 0x0, x186); + fiat_p256_addcarryx_u32(&x202, &x203, x169, 0x0, (fiat_p256_uint1)x200); uint32_t x204; fiat_p256_uint1 x205; - fiat_p256_addcarryx_u32(&x204, &x205, x203, 0x0, x188); + fiat_p256_addcarryx_u32(&x204, &x205, x199, x171, x202); uint32_t x206; fiat_p256_uint1 x207; - fiat_p256_addcarryx_u32(&x206, &x207, x189, 0x0, x155); + fiat_p256_addcarryx_u32(&x206, &x207, 0x0, (arg1[5]), x184); uint32_t x208; fiat_p256_uint1 x209; - fiat_p256_addcarryx_u32(&x208, &x209, x205, 0x0, (fiat_p256_uint1)x206); + fiat_p256_addcarryx_u32(&x208, &x209, x207, 0x0, x186); uint32_t x210; - uint32_t x211; - fiat_p256_mulx_u32(&x210, &x211, x190, UINT32_C(0xffffffff)); + fiat_p256_uint1 x211; + fiat_p256_addcarryx_u32(&x210, &x211, x209, 0x0, x190); uint32_t x212; - uint32_t x213; - fiat_p256_mulx_u32(&x212, &x213, x190, UINT32_C(0xffffffff)); + fiat_p256_uint1 x213; + fiat_p256_addcarryx_u32(&x212, &x213, x211, 0x0, x192); uint32_t x214; - uint32_t x215; - fiat_p256_mulx_u32(&x214, &x215, x190, UINT32_C(0xffffffff)); + fiat_p256_uint1 x215; + fiat_p256_addcarryx_u32(&x214, &x215, x213, 0x0, x194); uint32_t x216; - uint32_t x217; - fiat_p256_mulx_u32(&x216, &x217, x190, UINT32_C(0xffffffff)); + fiat_p256_uint1 x217; + fiat_p256_addcarryx_u32(&x216, &x217, x215, 0x0, x196); uint32_t x218; fiat_p256_uint1 x219; - fiat_p256_addcarryx_u32(&x218, &x219, 0x0, x214, x217); + fiat_p256_addcarryx_u32(&x218, &x219, x217, 0x0, x198); uint32_t x220; fiat_p256_uint1 x221; - fiat_p256_addcarryx_u32(&x220, &x221, x219, x212, x215); + fiat_p256_addcarryx_u32(&x220, &x221, x219, 0x0, x204); uint32_t x222; - fiat_p256_uint1 x223; - fiat_p256_addcarryx_u32(&x222, &x223, x221, 0x0, x213); + uint32_t x223; + fiat_p256_mulx_u32(&x222, &x223, x206, UINT32_C(0xffffffff)); uint32_t x224; - fiat_p256_uint1 x225; - fiat_p256_addcarryx_u32(&x224, &x225, 0x0, x216, x190); + uint32_t x225; + fiat_p256_mulx_u32(&x224, &x225, x206, UINT32_C(0xffffffff)); uint32_t x226; - fiat_p256_uint1 x227; - fiat_p256_addcarryx_u32(&x226, &x227, x225, x218, x192); + uint32_t x227; + fiat_p256_mulx_u32(&x226, &x227, x206, UINT32_C(0xffffffff)); uint32_t x228; - fiat_p256_uint1 x229; - fiat_p256_addcarryx_u32(&x228, &x229, x227, x220, x194); + uint32_t x229; + fiat_p256_mulx_u32(&x228, &x229, x206, UINT32_C(0xffffffff)); uint32_t x230; fiat_p256_uint1 x231; - fiat_p256_addcarryx_u32(&x230, &x231, x229, x222, x196); + fiat_p256_addcarryx_u32(&x230, &x231, 0x0, x226, x229); uint32_t x232; fiat_p256_uint1 x233; - fiat_p256_addcarryx_u32(&x232, &x233, x223, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x232, &x233, x231, x224, x227); uint32_t x234; fiat_p256_uint1 x235; - fiat_p256_addcarryx_u32(&x234, &x235, x231, (fiat_p256_uint1)x232, x198); + fiat_p256_addcarryx_u32(&x234, &x235, 0x0, x228, x206); uint32_t x236; fiat_p256_uint1 x237; - fiat_p256_addcarryx_u32(&x236, &x237, x235, 0x0, x200); + fiat_p256_addcarryx_u32(&x236, &x237, x235, x230, x208); uint32_t x238; fiat_p256_uint1 x239; - fiat_p256_addcarryx_u32(&x238, &x239, x237, x190, x202); + fiat_p256_addcarryx_u32(&x238, &x239, x237, x232, x210); uint32_t x240; fiat_p256_uint1 x241; - fiat_p256_addcarryx_u32(&x240, &x241, x239, x210, x204); + fiat_p256_addcarryx_u32(&x240, &x241, x233, 0x0, x225); uint32_t x242; fiat_p256_uint1 x243; - fiat_p256_addcarryx_u32(&x242, &x243, x241, x211, x208); + fiat_p256_addcarryx_u32(&x242, &x243, x239, x240, x212); uint32_t x244; fiat_p256_uint1 x245; - fiat_p256_addcarryx_u32(&x244, &x245, 0x0, (arg1[5]), x226); + fiat_p256_addcarryx_u32(&x244, &x245, x243, 0x0, x214); uint32_t x246; fiat_p256_uint1 x247; - fiat_p256_addcarryx_u32(&x246, &x247, x245, 0x0, x228); + fiat_p256_addcarryx_u32(&x246, &x247, x245, 0x0, x216); uint32_t x248; fiat_p256_uint1 x249; - fiat_p256_addcarryx_u32(&x248, &x249, x247, 0x0, x230); + fiat_p256_addcarryx_u32(&x248, &x249, x247, x206, x218); uint32_t x250; fiat_p256_uint1 x251; - fiat_p256_addcarryx_u32(&x250, &x251, x249, 0x0, x234); + fiat_p256_addcarryx_u32(&x250, &x251, x249, x222, x220); uint32_t x252; fiat_p256_uint1 x253; - fiat_p256_addcarryx_u32(&x252, &x253, x251, 0x0, x236); + fiat_p256_addcarryx_u32(&x252, &x253, x205, 0x0, 0x0); uint32_t x254; fiat_p256_uint1 x255; - fiat_p256_addcarryx_u32(&x254, &x255, x253, 0x0, x238); + fiat_p256_addcarryx_u32(&x254, &x255, x221, 0x0, (fiat_p256_uint1)x252); uint32_t x256; fiat_p256_uint1 x257; - fiat_p256_addcarryx_u32(&x256, &x257, x255, 0x0, x240); + fiat_p256_addcarryx_u32(&x256, &x257, x251, x223, x254); uint32_t x258; fiat_p256_uint1 x259; - fiat_p256_addcarryx_u32(&x258, &x259, x257, 0x0, x242); + fiat_p256_addcarryx_u32(&x258, &x259, 0x0, (arg1[6]), x236); uint32_t x260; fiat_p256_uint1 x261; - fiat_p256_addcarryx_u32(&x260, &x261, x243, 0x0, x209); + fiat_p256_addcarryx_u32(&x260, &x261, x259, 0x0, x238); uint32_t x262; fiat_p256_uint1 x263; - fiat_p256_addcarryx_u32(&x262, &x263, x259, 0x0, (fiat_p256_uint1)x260); + fiat_p256_addcarryx_u32(&x262, &x263, x261, 0x0, x242); uint32_t x264; - uint32_t x265; - fiat_p256_mulx_u32(&x264, &x265, x244, UINT32_C(0xffffffff)); + fiat_p256_uint1 x265; + fiat_p256_addcarryx_u32(&x264, &x265, x263, 0x0, x244); uint32_t x266; - uint32_t x267; - fiat_p256_mulx_u32(&x266, &x267, x244, UINT32_C(0xffffffff)); + fiat_p256_uint1 x267; + fiat_p256_addcarryx_u32(&x266, &x267, x265, 0x0, x246); uint32_t x268; - uint32_t x269; - fiat_p256_mulx_u32(&x268, &x269, x244, UINT32_C(0xffffffff)); + fiat_p256_uint1 x269; + fiat_p256_addcarryx_u32(&x268, &x269, x267, 0x0, x248); uint32_t x270; - uint32_t x271; - fiat_p256_mulx_u32(&x270, &x271, x244, UINT32_C(0xffffffff)); + fiat_p256_uint1 x271; + fiat_p256_addcarryx_u32(&x270, &x271, x269, 0x0, x250); uint32_t x272; fiat_p256_uint1 x273; - fiat_p256_addcarryx_u32(&x272, &x273, 0x0, x268, x271); + fiat_p256_addcarryx_u32(&x272, &x273, x271, 0x0, x256); uint32_t x274; - fiat_p256_uint1 x275; - fiat_p256_addcarryx_u32(&x274, &x275, x273, x266, x269); + uint32_t x275; + fiat_p256_mulx_u32(&x274, &x275, x258, UINT32_C(0xffffffff)); uint32_t x276; - fiat_p256_uint1 x277; - fiat_p256_addcarryx_u32(&x276, &x277, x275, 0x0, x267); + uint32_t x277; + fiat_p256_mulx_u32(&x276, &x277, x258, UINT32_C(0xffffffff)); uint32_t x278; - fiat_p256_uint1 x279; - fiat_p256_addcarryx_u32(&x278, &x279, 0x0, x270, x244); + uint32_t x279; + fiat_p256_mulx_u32(&x278, &x279, x258, UINT32_C(0xffffffff)); uint32_t x280; - fiat_p256_uint1 x281; - fiat_p256_addcarryx_u32(&x280, &x281, x279, x272, x246); + uint32_t x281; + fiat_p256_mulx_u32(&x280, &x281, x258, UINT32_C(0xffffffff)); uint32_t x282; fiat_p256_uint1 x283; - fiat_p256_addcarryx_u32(&x282, &x283, x281, x274, x248); + fiat_p256_addcarryx_u32(&x282, &x283, 0x0, x278, x281); uint32_t x284; fiat_p256_uint1 x285; - fiat_p256_addcarryx_u32(&x284, &x285, x283, x276, x250); + fiat_p256_addcarryx_u32(&x284, &x285, x283, x276, x279); uint32_t x286; fiat_p256_uint1 x287; - fiat_p256_addcarryx_u32(&x286, &x287, x277, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x286, &x287, 0x0, x280, x258); uint32_t x288; fiat_p256_uint1 x289; - fiat_p256_addcarryx_u32(&x288, &x289, x285, (fiat_p256_uint1)x286, x252); + fiat_p256_addcarryx_u32(&x288, &x289, x287, x282, x260); uint32_t x290; fiat_p256_uint1 x291; - fiat_p256_addcarryx_u32(&x290, &x291, x289, 0x0, x254); + fiat_p256_addcarryx_u32(&x290, &x291, x289, x284, x262); uint32_t x292; fiat_p256_uint1 x293; - fiat_p256_addcarryx_u32(&x292, &x293, x291, x244, x256); + fiat_p256_addcarryx_u32(&x292, &x293, x285, 0x0, x277); uint32_t x294; fiat_p256_uint1 x295; - fiat_p256_addcarryx_u32(&x294, &x295, x293, x264, x258); + fiat_p256_addcarryx_u32(&x294, &x295, x291, x292, x264); uint32_t x296; fiat_p256_uint1 x297; - fiat_p256_addcarryx_u32(&x296, &x297, x295, x265, x262); + fiat_p256_addcarryx_u32(&x296, &x297, x295, 0x0, x266); uint32_t x298; fiat_p256_uint1 x299; - fiat_p256_addcarryx_u32(&x298, &x299, 0x0, (arg1[6]), x280); + fiat_p256_addcarryx_u32(&x298, &x299, x297, 0x0, x268); uint32_t x300; fiat_p256_uint1 x301; - fiat_p256_addcarryx_u32(&x300, &x301, x299, 0x0, x282); + fiat_p256_addcarryx_u32(&x300, &x301, x299, x258, x270); uint32_t x302; fiat_p256_uint1 x303; - fiat_p256_addcarryx_u32(&x302, &x303, x301, 0x0, x284); + fiat_p256_addcarryx_u32(&x302, &x303, x301, x274, x272); uint32_t x304; fiat_p256_uint1 x305; - fiat_p256_addcarryx_u32(&x304, &x305, x303, 0x0, x288); + fiat_p256_addcarryx_u32(&x304, &x305, x257, 0x0, 0x0); uint32_t x306; fiat_p256_uint1 x307; - fiat_p256_addcarryx_u32(&x306, &x307, x305, 0x0, x290); + fiat_p256_addcarryx_u32(&x306, &x307, x273, 0x0, (fiat_p256_uint1)x304); uint32_t x308; fiat_p256_uint1 x309; - fiat_p256_addcarryx_u32(&x308, &x309, x307, 0x0, x292); + fiat_p256_addcarryx_u32(&x308, &x309, x303, x275, x306); uint32_t x310; fiat_p256_uint1 x311; - fiat_p256_addcarryx_u32(&x310, &x311, x309, 0x0, x294); + fiat_p256_addcarryx_u32(&x310, &x311, 0x0, (arg1[7]), x288); uint32_t x312; fiat_p256_uint1 x313; - fiat_p256_addcarryx_u32(&x312, &x313, x311, 0x0, x296); + fiat_p256_addcarryx_u32(&x312, &x313, x311, 0x0, x290); uint32_t x314; fiat_p256_uint1 x315; - fiat_p256_addcarryx_u32(&x314, &x315, x297, 0x0, x263); + fiat_p256_addcarryx_u32(&x314, &x315, x313, 0x0, x294); uint32_t x316; fiat_p256_uint1 x317; - fiat_p256_addcarryx_u32(&x316, &x317, x313, 0x0, (fiat_p256_uint1)x314); + fiat_p256_addcarryx_u32(&x316, &x317, x315, 0x0, x296); uint32_t x318; - uint32_t x319; - fiat_p256_mulx_u32(&x318, &x319, x298, UINT32_C(0xffffffff)); + fiat_p256_uint1 x319; + fiat_p256_addcarryx_u32(&x318, &x319, x317, 0x0, x298); uint32_t x320; - uint32_t x321; - fiat_p256_mulx_u32(&x320, &x321, x298, UINT32_C(0xffffffff)); + fiat_p256_uint1 x321; + fiat_p256_addcarryx_u32(&x320, &x321, x319, 0x0, x300); uint32_t x322; - uint32_t x323; - fiat_p256_mulx_u32(&x322, &x323, x298, UINT32_C(0xffffffff)); + fiat_p256_uint1 x323; + fiat_p256_addcarryx_u32(&x322, &x323, x321, 0x0, x302); uint32_t x324; - uint32_t x325; - fiat_p256_mulx_u32(&x324, &x325, x298, UINT32_C(0xffffffff)); + fiat_p256_uint1 x325; + fiat_p256_addcarryx_u32(&x324, &x325, x323, 0x0, x308); uint32_t x326; - fiat_p256_uint1 x327; - fiat_p256_addcarryx_u32(&x326, &x327, 0x0, x322, x325); + uint32_t x327; + fiat_p256_mulx_u32(&x326, &x327, x310, UINT32_C(0xffffffff)); uint32_t x328; - fiat_p256_uint1 x329; - fiat_p256_addcarryx_u32(&x328, &x329, x327, x320, x323); + uint32_t x329; + fiat_p256_mulx_u32(&x328, &x329, x310, UINT32_C(0xffffffff)); uint32_t x330; - fiat_p256_uint1 x331; - fiat_p256_addcarryx_u32(&x330, &x331, x329, 0x0, x321); + uint32_t x331; + fiat_p256_mulx_u32(&x330, &x331, x310, UINT32_C(0xffffffff)); uint32_t x332; - fiat_p256_uint1 x333; - fiat_p256_addcarryx_u32(&x332, &x333, 0x0, x324, x298); + uint32_t x333; + fiat_p256_mulx_u32(&x332, &x333, x310, UINT32_C(0xffffffff)); uint32_t x334; fiat_p256_uint1 x335; - fiat_p256_addcarryx_u32(&x334, &x335, x333, x326, x300); + fiat_p256_addcarryx_u32(&x334, &x335, 0x0, x330, x333); uint32_t x336; fiat_p256_uint1 x337; - fiat_p256_addcarryx_u32(&x336, &x337, x335, x328, x302); + fiat_p256_addcarryx_u32(&x336, &x337, x335, x328, x331); uint32_t x338; fiat_p256_uint1 x339; - fiat_p256_addcarryx_u32(&x338, &x339, x337, x330, x304); + fiat_p256_addcarryx_u32(&x338, &x339, 0x0, x332, x310); uint32_t x340; fiat_p256_uint1 x341; - fiat_p256_addcarryx_u32(&x340, &x341, x331, 0x0, 0x0); + fiat_p256_addcarryx_u32(&x340, &x341, x339, x334, x312); uint32_t x342; fiat_p256_uint1 x343; - fiat_p256_addcarryx_u32(&x342, &x343, x339, (fiat_p256_uint1)x340, x306); + fiat_p256_addcarryx_u32(&x342, &x343, x341, x336, x314); uint32_t x344; fiat_p256_uint1 x345; - fiat_p256_addcarryx_u32(&x344, &x345, x343, 0x0, x308); + fiat_p256_addcarryx_u32(&x344, &x345, x337, 0x0, x329); uint32_t x346; fiat_p256_uint1 x347; - fiat_p256_addcarryx_u32(&x346, &x347, x345, x298, x310); + fiat_p256_addcarryx_u32(&x346, &x347, x343, x344, x316); uint32_t x348; fiat_p256_uint1 x349; - fiat_p256_addcarryx_u32(&x348, &x349, x347, x318, x312); + fiat_p256_addcarryx_u32(&x348, &x349, x347, 0x0, x318); uint32_t x350; fiat_p256_uint1 x351; - fiat_p256_addcarryx_u32(&x350, &x351, x349, x319, x316); + fiat_p256_addcarryx_u32(&x350, &x351, x349, 0x0, x320); uint32_t x352; fiat_p256_uint1 x353; - fiat_p256_addcarryx_u32(&x352, &x353, 0x0, (arg1[7]), x334); + fiat_p256_addcarryx_u32(&x352, &x353, x351, x310, x322); uint32_t x354; fiat_p256_uint1 x355; - fiat_p256_addcarryx_u32(&x354, &x355, x353, 0x0, x336); + fiat_p256_addcarryx_u32(&x354, &x355, x353, x326, x324); uint32_t x356; fiat_p256_uint1 x357; - fiat_p256_addcarryx_u32(&x356, &x357, x355, 0x0, x338); + fiat_p256_addcarryx_u32(&x356, &x357, x309, 0x0, 0x0); uint32_t x358; fiat_p256_uint1 x359; - fiat_p256_addcarryx_u32(&x358, &x359, x357, 0x0, x342); + fiat_p256_addcarryx_u32(&x358, &x359, x325, 0x0, (fiat_p256_uint1)x356); uint32_t x360; fiat_p256_uint1 x361; - fiat_p256_addcarryx_u32(&x360, &x361, x359, 0x0, x344); + fiat_p256_addcarryx_u32(&x360, &x361, x355, x327, x358); uint32_t x362; fiat_p256_uint1 x363; - fiat_p256_addcarryx_u32(&x362, &x363, x361, 0x0, x346); + fiat_p256_subborrowx_u32(&x362, &x363, 0x0, x340, UINT32_C(0xffffffff)); uint32_t x364; fiat_p256_uint1 x365; - fiat_p256_addcarryx_u32(&x364, &x365, x363, 0x0, x348); + fiat_p256_subborrowx_u32(&x364, &x365, x363, x342, UINT32_C(0xffffffff)); uint32_t x366; fiat_p256_uint1 x367; - fiat_p256_addcarryx_u32(&x366, &x367, x365, 0x0, x350); + fiat_p256_subborrowx_u32(&x366, &x367, x365, x346, UINT32_C(0xffffffff)); uint32_t x368; fiat_p256_uint1 x369; - fiat_p256_addcarryx_u32(&x368, &x369, x351, 0x0, x317); + fiat_p256_subborrowx_u32(&x368, &x369, x367, x348, 0x0); uint32_t x370; fiat_p256_uint1 x371; - fiat_p256_addcarryx_u32(&x370, &x371, x367, 0x0, (fiat_p256_uint1)x368); + fiat_p256_subborrowx_u32(&x370, &x371, x369, x350, 0x0); uint32_t x372; - uint32_t x373; - fiat_p256_mulx_u32(&x372, &x373, x352, UINT32_C(0xffffffff)); + fiat_p256_uint1 x373; + fiat_p256_subborrowx_u32(&x372, &x373, x371, x352, 0x0); uint32_t x374; - uint32_t x375; - fiat_p256_mulx_u32(&x374, &x375, x352, UINT32_C(0xffffffff)); + fiat_p256_uint1 x375; + fiat_p256_subborrowx_u32(&x374, &x375, x373, x354, 0x1); uint32_t x376; - uint32_t x377; - fiat_p256_mulx_u32(&x376, &x377, x352, UINT32_C(0xffffffff)); + fiat_p256_uint1 x377; + fiat_p256_subborrowx_u32(&x376, &x377, x375, x360, UINT32_C(0xffffffff)); uint32_t x378; - uint32_t x379; - fiat_p256_mulx_u32(&x378, &x379, x352, UINT32_C(0xffffffff)); + fiat_p256_uint1 x379; + fiat_p256_addcarryx_u32(&x378, &x379, x361, 0x0, 0x0); uint32_t x380; fiat_p256_uint1 x381; - fiat_p256_addcarryx_u32(&x380, &x381, 0x0, x376, x379); + fiat_p256_subborrowx_u32(&x380, &x381, x377, (fiat_p256_uint1)x378, 0x0); uint32_t x382; - fiat_p256_uint1 x383; - fiat_p256_addcarryx_u32(&x382, &x383, x381, x374, x377); + fiat_p256_cmovznz_u32(&x382, x381, x362, x340); + uint32_t x383; + fiat_p256_cmovznz_u32(&x383, x381, x364, x342); uint32_t x384; - fiat_p256_uint1 x385; - fiat_p256_addcarryx_u32(&x384, &x385, x383, 0x0, x375); + fiat_p256_cmovznz_u32(&x384, x381, x366, x346); + uint32_t x385; + fiat_p256_cmovznz_u32(&x385, x381, x368, x348); uint32_t x386; - fiat_p256_uint1 x387; - fiat_p256_addcarryx_u32(&x386, &x387, 0x0, x378, x352); + fiat_p256_cmovznz_u32(&x386, x381, x370, x350); + uint32_t x387; + fiat_p256_cmovznz_u32(&x387, x381, x372, x352); uint32_t x388; - fiat_p256_uint1 x389; - fiat_p256_addcarryx_u32(&x388, &x389, x387, x380, x354); - uint32_t x390; - fiat_p256_uint1 x391; - fiat_p256_addcarryx_u32(&x390, &x391, x389, x382, x356); - uint32_t x392; - fiat_p256_uint1 x393; - fiat_p256_addcarryx_u32(&x392, &x393, x391, x384, x358); - uint32_t x394; - fiat_p256_uint1 x395; - fiat_p256_addcarryx_u32(&x394, &x395, x385, 0x0, 0x0); - uint32_t x396; - fiat_p256_uint1 x397; - fiat_p256_addcarryx_u32(&x396, &x397, x393, (fiat_p256_uint1)x394, x360); - uint32_t x398; - fiat_p256_uint1 x399; - fiat_p256_addcarryx_u32(&x398, &x399, x397, 0x0, x362); - uint32_t x400; - fiat_p256_uint1 x401; - fiat_p256_addcarryx_u32(&x400, &x401, x399, x352, x364); - uint32_t x402; - fiat_p256_uint1 x403; - fiat_p256_addcarryx_u32(&x402, &x403, x401, x372, x366); - uint32_t x404; - fiat_p256_uint1 x405; - fiat_p256_addcarryx_u32(&x404, &x405, x403, x373, x370); - uint32_t x406; - fiat_p256_uint1 x407; - fiat_p256_subborrowx_u32(&x406, &x407, 0x0, x388, UINT32_C(0xffffffff)); - uint32_t x408; - fiat_p256_uint1 x409; - fiat_p256_subborrowx_u32(&x408, &x409, x407, x390, UINT32_C(0xffffffff)); - uint32_t x410; - fiat_p256_uint1 x411; - fiat_p256_subborrowx_u32(&x410, &x411, x409, x392, UINT32_C(0xffffffff)); - uint32_t x412; - fiat_p256_uint1 x413; - fiat_p256_subborrowx_u32(&x412, &x413, x411, x396, 0x0); - uint32_t x414; - fiat_p256_uint1 x415; - fiat_p256_subborrowx_u32(&x414, &x415, x413, x398, 0x0); - uint32_t x416; - fiat_p256_uint1 x417; - fiat_p256_subborrowx_u32(&x416, &x417, x415, x400, 0x0); - uint32_t x418; - fiat_p256_uint1 x419; - fiat_p256_subborrowx_u32(&x418, &x419, x417, x402, 0x1); - uint32_t x420; - fiat_p256_uint1 x421; - fiat_p256_subborrowx_u32(&x420, &x421, x419, x404, UINT32_C(0xffffffff)); - uint32_t x422; - fiat_p256_uint1 x423; - fiat_p256_addcarryx_u32(&x422, &x423, x405, 0x0, x371); - uint32_t x424; - fiat_p256_uint1 x425; - fiat_p256_subborrowx_u32(&x424, &x425, x421, (fiat_p256_uint1)x422, 0x0); - uint32_t x426; - fiat_p256_cmovznz_u32(&x426, x425, x406, x388); - uint32_t x427; - fiat_p256_cmovznz_u32(&x427, x425, x408, x390); - uint32_t x428; - fiat_p256_cmovznz_u32(&x428, x425, x410, x392); - uint32_t x429; - fiat_p256_cmovznz_u32(&x429, x425, x412, x396); - uint32_t x430; - fiat_p256_cmovznz_u32(&x430, x425, x414, x398); - uint32_t x431; - fiat_p256_cmovznz_u32(&x431, x425, x416, x400); - uint32_t x432; - fiat_p256_cmovznz_u32(&x432, x425, x418, x402); - uint32_t x433; - fiat_p256_cmovznz_u32(&x433, x425, x420, x404); - out1[0] = x426; - out1[1] = x427; - out1[2] = x428; - out1[3] = x429; - out1[4] = x430; - out1[5] = x431; - out1[6] = x432; - out1[7] = x433; + fiat_p256_cmovznz_u32(&x388, x381, x374, x354); + uint32_t x389; + fiat_p256_cmovznz_u32(&x389, x381, x376, x360); + out1[0] = x382; + out1[1] = x383; + out1[2] = x384; + out1[3] = x385; + out1[4] = x386; + out1[5] = x387; + out1[6] = x388; + out1[7] = x389; } /* @@ -3185,101 +3071,94 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint8_t x12 = (uint8_t)(x9 & UINT8_C(0xff)); uint8_t x13 = (uint8_t)(x11 >> 8); uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); - fiat_p256_uint1 x15 = (fiat_p256_uint1)(x13 >> 8); - uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); - uint32_t x17 = (x15 + x7); - uint32_t x18 = (x17 >> 8); - uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint32_t x20 = (x18 >> 8); - uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); - uint8_t x22 = (uint8_t)(x20 >> 8); - uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); - fiat_p256_uint1 x24 = (fiat_p256_uint1)(x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint32_t x26 = (x24 + x6); - uint32_t x27 = (x26 >> 8); - uint8_t x28 = (uint8_t)(x26 & UINT8_C(0xff)); - uint32_t x29 = (x27 >> 8); + uint8_t x15 = (uint8_t)(x13 & UINT8_C(0xff)); + uint32_t x16 = (0x0 + x7); + uint32_t x17 = (x16 >> 8); + uint8_t x18 = (uint8_t)(x16 & UINT8_C(0xff)); + uint32_t x19 = (x17 >> 8); + uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); + uint8_t x21 = (uint8_t)(x19 >> 8); + uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); + uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); + uint32_t x24 = (0x0 + x6); + uint32_t x25 = (x24 >> 8); + uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); + uint32_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint8_t x29 = (uint8_t)(x27 >> 8); uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint8_t x31 = (uint8_t)(x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - fiat_p256_uint1 x33 = (fiat_p256_uint1)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint32_t x35 = (x33 + x5); - uint32_t x36 = (x35 >> 8); - uint8_t x37 = (uint8_t)(x35 & UINT8_C(0xff)); - uint32_t x38 = (x36 >> 8); - uint8_t x39 = (uint8_t)(x36 & UINT8_C(0xff)); - uint8_t x40 = (uint8_t)(x38 >> 8); - uint8_t x41 = (uint8_t)(x38 & UINT8_C(0xff)); - fiat_p256_uint1 x42 = (fiat_p256_uint1)(x40 >> 8); - uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); - uint32_t x44 = (x42 + x4); - uint32_t x45 = (x44 >> 8); - uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); - uint32_t x47 = (x45 >> 8); - uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - fiat_p256_uint1 x51 = (fiat_p256_uint1)(x49 >> 8); + uint8_t x31 = (uint8_t)(x29 & UINT8_C(0xff)); + uint32_t x32 = (0x0 + x5); + uint32_t x33 = (x32 >> 8); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint32_t x35 = (x33 >> 8); + uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); + uint8_t x37 = (uint8_t)(x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); + uint8_t x39 = (uint8_t)(x37 & UINT8_C(0xff)); + uint32_t x40 = (0x0 + x4); + uint32_t x41 = (x40 >> 8); + uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); + uint32_t x43 = (x41 >> 8); + uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); + uint8_t x45 = (uint8_t)(x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint8_t x47 = (uint8_t)(x45 & UINT8_C(0xff)); + uint32_t x48 = (0x0 + x3); + uint32_t x49 = (x48 >> 8); + uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); + uint32_t x51 = (x49 >> 8); uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint32_t x53 = (x51 + x3); - uint32_t x54 = (x53 >> 8); + uint8_t x53 = (uint8_t)(x51 >> 8); + uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); uint8_t x55 = (uint8_t)(x53 & UINT8_C(0xff)); - uint32_t x56 = (x54 >> 8); - uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); - uint8_t x58 = (uint8_t)(x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - fiat_p256_uint1 x60 = (fiat_p256_uint1)(x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint32_t x62 = (x60 + x2); - uint32_t x63 = (x62 >> 8); - uint8_t x64 = (uint8_t)(x62 & UINT8_C(0xff)); - uint32_t x65 = (x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); - uint8_t x67 = (uint8_t)(x65 >> 8); + uint32_t x56 = (0x0 + x2); + uint32_t x57 = (x56 >> 8); + uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff)); + uint32_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint8_t x61 = (uint8_t)(x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint8_t x63 = (uint8_t)(x61 & UINT8_C(0xff)); + uint32_t x64 = (0x0 + x1); + uint32_t x65 = (x64 >> 8); + uint8_t x66 = (uint8_t)(x64 & UINT8_C(0xff)); + uint32_t x67 = (x65 >> 8); uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - fiat_p256_uint1 x69 = (fiat_p256_uint1)(x67 >> 8); + uint8_t x69 = (uint8_t)(x67 >> 8); uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); - uint32_t x71 = (x69 + x1); - uint32_t x72 = (x71 >> 8); - uint8_t x73 = (uint8_t)(x71 & UINT8_C(0xff)); - uint32_t x74 = (x72 >> 8); - uint8_t x75 = (uint8_t)(x72 & UINT8_C(0xff)); - uint8_t x76 = (uint8_t)(x74 >> 8); - uint8_t x77 = (uint8_t)(x74 & UINT8_C(0xff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; - out1[3] = x16; - out1[4] = x19; - out1[5] = x21; - out1[6] = x23; - out1[7] = x25; - out1[8] = x28; - out1[9] = x30; - out1[10] = x32; - out1[11] = x34; - out1[12] = x37; - out1[13] = x39; - out1[14] = x41; - out1[15] = x43; - out1[16] = x46; - out1[17] = x48; - out1[18] = x50; - out1[19] = x52; - out1[20] = x55; - out1[21] = x57; - out1[22] = x59; - out1[23] = x61; - out1[24] = x64; - out1[25] = x66; - out1[26] = x68; - out1[27] = x70; - out1[28] = x73; - out1[29] = x75; - out1[30] = x77; - out1[31] = x76; + out1[3] = x15; + out1[4] = x18; + out1[5] = x20; + out1[6] = x22; + out1[7] = x23; + out1[8] = x26; + out1[9] = x28; + out1[10] = x30; + out1[11] = x31; + out1[12] = x34; + out1[13] = x36; + out1[14] = x38; + out1[15] = x39; + out1[16] = x42; + out1[17] = x44; + out1[18] = x46; + out1[19] = x47; + out1[20] = x50; + out1[21] = x52; + out1[22] = x54; + out1[23] = x55; + out1[24] = x58; + out1[25] = x60; + out1[26] = x62; + out1[27] = x63; + out1[28] = x66; + out1[29] = x68; + out1[30] = x70; + out1[31] = x69; } /* @@ -3322,41 +3201,34 @@ static void fiat_p256_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { uint32_t x31 = ((uint32_t)(arg1[1]) << 8); uint8_t x32 = (arg1[0]); uint32_t x33 = (x32 + (x31 + (x30 + x29))); - fiat_p256_uint1 x34 = (fiat_p256_uint1)((uint64_t)x33 >> 32); - uint32_t x35 = (x33 & UINT32_C(0xffffffff)); - uint32_t x36 = (x4 + (x3 + (x2 + x1))); - uint32_t x37 = (x8 + (x7 + (x6 + x5))); - uint32_t x38 = (x12 + (x11 + (x10 + x9))); - uint32_t x39 = (x16 + (x15 + (x14 + x13))); - uint32_t x40 = (x20 + (x19 + (x18 + x17))); - uint32_t x41 = (x24 + (x23 + (x22 + x21))); - uint32_t x42 = (x28 + (x27 + (x26 + x25))); - uint32_t x43 = (x34 + x42); - fiat_p256_uint1 x44 = (fiat_p256_uint1)((uint64_t)x43 >> 32); - uint32_t x45 = (x43 & UINT32_C(0xffffffff)); - uint32_t x46 = (x44 + x41); - fiat_p256_uint1 x47 = (fiat_p256_uint1)((uint64_t)x46 >> 32); - uint32_t x48 = (x46 & UINT32_C(0xffffffff)); - uint32_t x49 = (x47 + x40); - fiat_p256_uint1 x50 = (fiat_p256_uint1)((uint64_t)x49 >> 32); - uint32_t x51 = (x49 & UINT32_C(0xffffffff)); - uint32_t x52 = (x50 + x39); - fiat_p256_uint1 x53 = (fiat_p256_uint1)((uint64_t)x52 >> 32); - uint32_t x54 = (x52 & UINT32_C(0xffffffff)); - uint32_t x55 = (x53 + x38); - fiat_p256_uint1 x56 = (fiat_p256_uint1)((uint64_t)x55 >> 32); - uint32_t x57 = (x55 & UINT32_C(0xffffffff)); - uint32_t x58 = (x56 + x37); - fiat_p256_uint1 x59 = (fiat_p256_uint1)((uint64_t)x58 >> 32); - uint32_t x60 = (x58 & UINT32_C(0xffffffff)); - uint32_t x61 = (x59 + x36); - out1[0] = x35; - out1[1] = x45; - out1[2] = x48; - out1[3] = x51; - out1[4] = x54; - out1[5] = x57; - out1[6] = x60; - out1[7] = x61; + uint32_t x34 = (x33 & UINT32_C(0xffffffff)); + uint32_t x35 = (x4 + (x3 + (x2 + x1))); + uint32_t x36 = (x8 + (x7 + (x6 + x5))); + uint32_t x37 = (x12 + (x11 + (x10 + x9))); + uint32_t x38 = (x16 + (x15 + (x14 + x13))); + uint32_t x39 = (x20 + (x19 + (x18 + x17))); + uint32_t x40 = (x24 + (x23 + (x22 + x21))); + uint32_t x41 = (x28 + (x27 + (x26 + x25))); + uint32_t x42 = (0x0 + x41); + uint32_t x43 = (x42 & UINT32_C(0xffffffff)); + uint32_t x44 = (0x0 + x40); + uint32_t x45 = (x44 & UINT32_C(0xffffffff)); + uint32_t x46 = (0x0 + x39); + uint32_t x47 = (x46 & UINT32_C(0xffffffff)); + uint32_t x48 = (0x0 + x38); + uint32_t x49 = (x48 & UINT32_C(0xffffffff)); + uint32_t x50 = (0x0 + x37); + uint32_t x51 = (x50 & UINT32_C(0xffffffff)); + uint32_t x52 = (0x0 + x36); + uint32_t x53 = (x52 & UINT32_C(0xffffffff)); + uint32_t x54 = (0x0 + x35); + out1[0] = x34; + out1[1] = x43; + out1[2] = x45; + out1[3] = x47; + out1[4] = x49; + out1[5] = x51; + out1[6] = x53; + out1[7] = x54; } diff --git a/p256_64.c b/p256_64.c index 2bd9b8d51c..018092b3f4 100644 --- a/p256_64.c +++ b/p256_64.c @@ -136,289 +136,265 @@ static void fiat_p256_mul(uint64_t out1[4], const uint64_t arg1[4], const uint64 fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24); uint64_t x31; fiat_p256_uint1 x32; - fiat_p256_addcarryx_u64(&x31, &x32, x30, x21, 0x0); + fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11); uint64_t x33; fiat_p256_uint1 x34; - fiat_p256_addcarryx_u64(&x33, &x34, x32, 0x0, x22); + fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13); uint64_t x35; fiat_p256_uint1 x36; - fiat_p256_addcarryx_u64(&x35, &x36, 0x0, x25, x11); + fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15); uint64_t x37; fiat_p256_uint1 x38; - fiat_p256_addcarryx_u64(&x37, &x38, x36, x27, x13); + fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17); uint64_t x39; fiat_p256_uint1 x40; - fiat_p256_addcarryx_u64(&x39, &x40, x38, x29, x15); + fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19); uint64_t x41; fiat_p256_uint1 x42; - fiat_p256_addcarryx_u64(&x41, &x42, x40, x31, x17); + fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0); uint64_t x43; - fiat_p256_uint1 x44; - fiat_p256_addcarryx_u64(&x43, &x44, x42, x33, x19); + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg2[3])); uint64_t x45; - fiat_p256_uint1 x46; - fiat_p256_addcarryx_u64(&x45, &x46, x44, 0x0, 0x0); + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg2[2])); uint64_t x47; uint64_t x48; - fiat_p256_mulx_u64(&x47, &x48, x1, (arg2[3])); + fiat_p256_mulx_u64(&x47, &x48, x1, (arg2[1])); uint64_t x49; uint64_t x50; - fiat_p256_mulx_u64(&x49, &x50, x1, (arg2[2])); + fiat_p256_mulx_u64(&x49, &x50, x1, (arg2[0])); uint64_t x51; - uint64_t x52; - fiat_p256_mulx_u64(&x51, &x52, x1, (arg2[1])); + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50); uint64_t x53; - uint64_t x54; - fiat_p256_mulx_u64(&x53, &x54, x1, (arg2[0])); + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48); uint64_t x55; fiat_p256_uint1 x56; - fiat_p256_addcarryx_u64(&x55, &x56, 0x0, x51, x54); + fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46); uint64_t x57; fiat_p256_uint1 x58; - fiat_p256_addcarryx_u64(&x57, &x58, x56, x49, x52); + fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44); uint64_t x59; fiat_p256_uint1 x60; - fiat_p256_addcarryx_u64(&x59, &x60, x58, x47, x50); + fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33); uint64_t x61; fiat_p256_uint1 x62; - fiat_p256_addcarryx_u64(&x61, &x62, x60, 0x0, x48); + fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35); uint64_t x63; fiat_p256_uint1 x64; - fiat_p256_addcarryx_u64(&x63, &x64, 0x0, x53, x37); + fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37); uint64_t x65; fiat_p256_uint1 x66; fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39); uint64_t x67; fiat_p256_uint1 x68; - fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, x41); + fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41); uint64_t x69; - fiat_p256_uint1 x70; - fiat_p256_addcarryx_u64(&x69, &x70, x68, x59, x43); + uint64_t x70; + fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001)); uint64_t x71; - fiat_p256_uint1 x72; - fiat_p256_addcarryx_u64(&x71, &x72, x70, x61, (fiat_p256_uint1)x45); + uint64_t x72; + fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff)); uint64_t x73; uint64_t x74; - fiat_p256_mulx_u64(&x73, &x74, x63, UINT64_C(0xffffffff00000001)); + fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff)); uint64_t x75; - uint64_t x76; - fiat_p256_mulx_u64(&x75, &x76, x63, UINT32_C(0xffffffff)); + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74); uint64_t x77; - uint64_t x78; - fiat_p256_mulx_u64(&x77, &x78, x63, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72); uint64_t x79; fiat_p256_uint1 x80; - fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x75, x78); + fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59); uint64_t x81; fiat_p256_uint1 x82; - fiat_p256_addcarryx_u64(&x81, &x82, x80, 0x0, x76); + fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61); uint64_t x83; fiat_p256_uint1 x84; - fiat_p256_addcarryx_u64(&x83, &x84, x82, x73, 0x0); + fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63); uint64_t x85; fiat_p256_uint1 x86; - fiat_p256_addcarryx_u64(&x85, &x86, x84, 0x0, x74); + fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65); uint64_t x87; fiat_p256_uint1 x88; - fiat_p256_addcarryx_u64(&x87, &x88, 0x0, x77, x63); + fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67); uint64_t x89; fiat_p256_uint1 x90; - fiat_p256_addcarryx_u64(&x89, &x90, x88, x79, x65); + fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68); uint64_t x91; - fiat_p256_uint1 x92; - fiat_p256_addcarryx_u64(&x91, &x92, x90, x81, x67); + uint64_t x92; + fiat_p256_mulx_u64(&x91, &x92, x2, (arg2[3])); uint64_t x93; - fiat_p256_uint1 x94; - fiat_p256_addcarryx_u64(&x93, &x94, x92, x83, x69); + uint64_t x94; + fiat_p256_mulx_u64(&x93, &x94, x2, (arg2[2])); uint64_t x95; - fiat_p256_uint1 x96; - fiat_p256_addcarryx_u64(&x95, &x96, x94, x85, x71); + uint64_t x96; + fiat_p256_mulx_u64(&x95, &x96, x2, (arg2[1])); uint64_t x97; - fiat_p256_uint1 x98; - fiat_p256_addcarryx_u64(&x97, &x98, x96, 0x0, x72); + uint64_t x98; + fiat_p256_mulx_u64(&x97, &x98, x2, (arg2[0])); uint64_t x99; - uint64_t x100; - fiat_p256_mulx_u64(&x99, &x100, x2, (arg2[3])); + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98); uint64_t x101; - uint64_t x102; - fiat_p256_mulx_u64(&x101, &x102, x2, (arg2[2])); + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96); uint64_t x103; - uint64_t x104; - fiat_p256_mulx_u64(&x103, &x104, x2, (arg2[1])); + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94); uint64_t x105; - uint64_t x106; - fiat_p256_mulx_u64(&x105, &x106, x2, (arg2[0])); + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92); uint64_t x107; fiat_p256_uint1 x108; - fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x103, x106); + fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81); uint64_t x109; fiat_p256_uint1 x110; - fiat_p256_addcarryx_u64(&x109, &x110, x108, x101, x104); + fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83); uint64_t x111; fiat_p256_uint1 x112; - fiat_p256_addcarryx_u64(&x111, &x112, x110, x99, x102); + fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85); uint64_t x113; fiat_p256_uint1 x114; - fiat_p256_addcarryx_u64(&x113, &x114, x112, 0x0, x100); + fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87); uint64_t x115; fiat_p256_uint1 x116; - fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x105, x89); + fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89); uint64_t x117; - fiat_p256_uint1 x118; - fiat_p256_addcarryx_u64(&x117, &x118, x116, x107, x91); + uint64_t x118; + fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001)); uint64_t x119; - fiat_p256_uint1 x120; - fiat_p256_addcarryx_u64(&x119, &x120, x118, x109, x93); + uint64_t x120; + fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff)); uint64_t x121; - fiat_p256_uint1 x122; - fiat_p256_addcarryx_u64(&x121, &x122, x120, x111, x95); + uint64_t x122; + fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff)); uint64_t x123; fiat_p256_uint1 x124; - fiat_p256_addcarryx_u64(&x123, &x124, x122, x113, x97); + fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122); uint64_t x125; - uint64_t x126; - fiat_p256_mulx_u64(&x125, &x126, x115, UINT64_C(0xffffffff00000001)); + fiat_p256_uint1 x126; + fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120); uint64_t x127; - uint64_t x128; - fiat_p256_mulx_u64(&x127, &x128, x115, UINT32_C(0xffffffff)); + fiat_p256_uint1 x128; + fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107); uint64_t x129; - uint64_t x130; - fiat_p256_mulx_u64(&x129, &x130, x115, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x130; + fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109); uint64_t x131; fiat_p256_uint1 x132; - fiat_p256_addcarryx_u64(&x131, &x132, 0x0, x127, x130); + fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111); uint64_t x133; fiat_p256_uint1 x134; - fiat_p256_addcarryx_u64(&x133, &x134, x132, 0x0, x128); + fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113); uint64_t x135; fiat_p256_uint1 x136; - fiat_p256_addcarryx_u64(&x135, &x136, x134, x125, 0x0); + fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115); uint64_t x137; fiat_p256_uint1 x138; - fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x126); + fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116); uint64_t x139; - fiat_p256_uint1 x140; - fiat_p256_addcarryx_u64(&x139, &x140, 0x0, x129, x115); + uint64_t x140; + fiat_p256_mulx_u64(&x139, &x140, x3, (arg2[3])); uint64_t x141; - fiat_p256_uint1 x142; - fiat_p256_addcarryx_u64(&x141, &x142, x140, x131, x117); + uint64_t x142; + fiat_p256_mulx_u64(&x141, &x142, x3, (arg2[2])); uint64_t x143; - fiat_p256_uint1 x144; - fiat_p256_addcarryx_u64(&x143, &x144, x142, x133, x119); + uint64_t x144; + fiat_p256_mulx_u64(&x143, &x144, x3, (arg2[1])); uint64_t x145; - fiat_p256_uint1 x146; - fiat_p256_addcarryx_u64(&x145, &x146, x144, x135, x121); + uint64_t x146; + fiat_p256_mulx_u64(&x145, &x146, x3, (arg2[0])); uint64_t x147; fiat_p256_uint1 x148; - fiat_p256_addcarryx_u64(&x147, &x148, x146, x137, x123); + fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146); uint64_t x149; fiat_p256_uint1 x150; - fiat_p256_addcarryx_u64(&x149, &x150, x148, 0x0, x124); + fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144); uint64_t x151; - uint64_t x152; - fiat_p256_mulx_u64(&x151, &x152, x3, (arg2[3])); + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142); uint64_t x153; - uint64_t x154; - fiat_p256_mulx_u64(&x153, &x154, x3, (arg2[2])); + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140); uint64_t x155; - uint64_t x156; - fiat_p256_mulx_u64(&x155, &x156, x3, (arg2[1])); + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129); uint64_t x157; - uint64_t x158; - fiat_p256_mulx_u64(&x157, &x158, x3, (arg2[0])); + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131); uint64_t x159; fiat_p256_uint1 x160; - fiat_p256_addcarryx_u64(&x159, &x160, 0x0, x155, x158); + fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133); uint64_t x161; fiat_p256_uint1 x162; - fiat_p256_addcarryx_u64(&x161, &x162, x160, x153, x156); + fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135); uint64_t x163; fiat_p256_uint1 x164; - fiat_p256_addcarryx_u64(&x163, &x164, x162, x151, x154); + fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137); uint64_t x165; - fiat_p256_uint1 x166; - fiat_p256_addcarryx_u64(&x165, &x166, x164, 0x0, x152); + uint64_t x166; + fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001)); uint64_t x167; - fiat_p256_uint1 x168; - fiat_p256_addcarryx_u64(&x167, &x168, 0x0, x157, x141); + uint64_t x168; + fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff)); uint64_t x169; - fiat_p256_uint1 x170; - fiat_p256_addcarryx_u64(&x169, &x170, x168, x159, x143); + uint64_t x170; + fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff)); uint64_t x171; fiat_p256_uint1 x172; - fiat_p256_addcarryx_u64(&x171, &x172, x170, x161, x145); + fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170); uint64_t x173; fiat_p256_uint1 x174; - fiat_p256_addcarryx_u64(&x173, &x174, x172, x163, x147); + fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168); uint64_t x175; fiat_p256_uint1 x176; - fiat_p256_addcarryx_u64(&x175, &x176, x174, x165, x149); + fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155); uint64_t x177; - uint64_t x178; - fiat_p256_mulx_u64(&x177, &x178, x167, UINT64_C(0xffffffff00000001)); + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157); uint64_t x179; - uint64_t x180; - fiat_p256_mulx_u64(&x179, &x180, x167, UINT32_C(0xffffffff)); + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159); uint64_t x181; - uint64_t x182; - fiat_p256_mulx_u64(&x181, &x182, x167, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161); uint64_t x183; fiat_p256_uint1 x184; - fiat_p256_addcarryx_u64(&x183, &x184, 0x0, x179, x182); + fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163); uint64_t x185; fiat_p256_uint1 x186; - fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x180); + fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164); uint64_t x187; fiat_p256_uint1 x188; - fiat_p256_addcarryx_u64(&x187, &x188, x186, x177, 0x0); + fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff)); uint64_t x189; fiat_p256_uint1 x190; - fiat_p256_addcarryx_u64(&x189, &x190, x188, 0x0, x178); + fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff)); uint64_t x191; fiat_p256_uint1 x192; - fiat_p256_addcarryx_u64(&x191, &x192, 0x0, x181, x167); + fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0); uint64_t x193; fiat_p256_uint1 x194; - fiat_p256_addcarryx_u64(&x193, &x194, x192, x183, x169); + fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001)); uint64_t x195; fiat_p256_uint1 x196; - fiat_p256_addcarryx_u64(&x195, &x196, x194, x185, x171); + fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0); uint64_t x197; - fiat_p256_uint1 x198; - fiat_p256_addcarryx_u64(&x197, &x198, x196, x187, x173); + fiat_p256_cmovznz_u64(&x197, x196, x187, x177); + uint64_t x198; + fiat_p256_cmovznz_u64(&x198, x196, x189, x179); uint64_t x199; - fiat_p256_uint1 x200; - fiat_p256_addcarryx_u64(&x199, &x200, x198, x189, x175); - uint64_t x201; - fiat_p256_uint1 x202; - fiat_p256_addcarryx_u64(&x201, &x202, x200, 0x0, x176); - uint64_t x203; - fiat_p256_uint1 x204; - fiat_p256_subborrowx_u64(&x203, &x204, 0x0, x193, UINT64_C(0xffffffffffffffff)); - uint64_t x205; - fiat_p256_uint1 x206; - fiat_p256_subborrowx_u64(&x205, &x206, x204, x195, UINT32_C(0xffffffff)); - uint64_t x207; - fiat_p256_uint1 x208; - fiat_p256_subborrowx_u64(&x207, &x208, x206, x197, 0x0); - uint64_t x209; - fiat_p256_uint1 x210; - fiat_p256_subborrowx_u64(&x209, &x210, x208, x199, UINT64_C(0xffffffff00000001)); - uint64_t x211; - fiat_p256_uint1 x212; - fiat_p256_subborrowx_u64(&x211, &x212, x210, x201, 0x0); - uint64_t x213; - fiat_p256_cmovznz_u64(&x213, x212, x203, x193); - uint64_t x214; - fiat_p256_cmovznz_u64(&x214, x212, x205, x195); - uint64_t x215; - fiat_p256_cmovznz_u64(&x215, x212, x207, x197); - uint64_t x216; - fiat_p256_cmovznz_u64(&x216, x212, x209, x199); - out1[0] = x213; - out1[1] = x214; - out1[2] = x215; - out1[3] = x216; + fiat_p256_cmovznz_u64(&x199, x196, x191, x181); + uint64_t x200; + fiat_p256_cmovznz_u64(&x200, x196, x193, x183); + out1[0] = x197; + out1[1] = x198; + out1[2] = x199; + out1[3] = x200; } /* @@ -473,289 +449,265 @@ static void fiat_p256_square(uint64_t out1[4], const uint64_t arg1[4]) { fiat_p256_addcarryx_u64(&x29, &x30, x28, 0x0, x24); uint64_t x31; fiat_p256_uint1 x32; - fiat_p256_addcarryx_u64(&x31, &x32, x30, x21, 0x0); + fiat_p256_addcarryx_u64(&x31, &x32, 0x0, x25, x11); uint64_t x33; fiat_p256_uint1 x34; - fiat_p256_addcarryx_u64(&x33, &x34, x32, 0x0, x22); + fiat_p256_addcarryx_u64(&x33, &x34, x32, x27, x13); uint64_t x35; fiat_p256_uint1 x36; - fiat_p256_addcarryx_u64(&x35, &x36, 0x0, x25, x11); + fiat_p256_addcarryx_u64(&x35, &x36, x34, x29, x15); uint64_t x37; fiat_p256_uint1 x38; - fiat_p256_addcarryx_u64(&x37, &x38, x36, x27, x13); + fiat_p256_addcarryx_u64(&x37, &x38, x36, x21, x17); uint64_t x39; fiat_p256_uint1 x40; - fiat_p256_addcarryx_u64(&x39, &x40, x38, x29, x15); + fiat_p256_addcarryx_u64(&x39, &x40, x38, x22, x19); uint64_t x41; fiat_p256_uint1 x42; - fiat_p256_addcarryx_u64(&x41, &x42, x40, x31, x17); + fiat_p256_addcarryx_u64(&x41, &x42, x40, 0x0, 0x0); uint64_t x43; - fiat_p256_uint1 x44; - fiat_p256_addcarryx_u64(&x43, &x44, x42, x33, x19); + uint64_t x44; + fiat_p256_mulx_u64(&x43, &x44, x1, (arg1[3])); uint64_t x45; - fiat_p256_uint1 x46; - fiat_p256_addcarryx_u64(&x45, &x46, x44, 0x0, 0x0); + uint64_t x46; + fiat_p256_mulx_u64(&x45, &x46, x1, (arg1[2])); uint64_t x47; uint64_t x48; - fiat_p256_mulx_u64(&x47, &x48, x1, (arg1[3])); + fiat_p256_mulx_u64(&x47, &x48, x1, (arg1[1])); uint64_t x49; uint64_t x50; - fiat_p256_mulx_u64(&x49, &x50, x1, (arg1[2])); + fiat_p256_mulx_u64(&x49, &x50, x1, (arg1[0])); uint64_t x51; - uint64_t x52; - fiat_p256_mulx_u64(&x51, &x52, x1, (arg1[1])); + fiat_p256_uint1 x52; + fiat_p256_addcarryx_u64(&x51, &x52, 0x0, x47, x50); uint64_t x53; - uint64_t x54; - fiat_p256_mulx_u64(&x53, &x54, x1, (arg1[0])); + fiat_p256_uint1 x54; + fiat_p256_addcarryx_u64(&x53, &x54, x52, x45, x48); uint64_t x55; fiat_p256_uint1 x56; - fiat_p256_addcarryx_u64(&x55, &x56, 0x0, x51, x54); + fiat_p256_addcarryx_u64(&x55, &x56, x54, x43, x46); uint64_t x57; fiat_p256_uint1 x58; - fiat_p256_addcarryx_u64(&x57, &x58, x56, x49, x52); + fiat_p256_addcarryx_u64(&x57, &x58, x56, 0x0, x44); uint64_t x59; fiat_p256_uint1 x60; - fiat_p256_addcarryx_u64(&x59, &x60, x58, x47, x50); + fiat_p256_addcarryx_u64(&x59, &x60, 0x0, x49, x33); uint64_t x61; fiat_p256_uint1 x62; - fiat_p256_addcarryx_u64(&x61, &x62, x60, 0x0, x48); + fiat_p256_addcarryx_u64(&x61, &x62, x60, x51, x35); uint64_t x63; fiat_p256_uint1 x64; - fiat_p256_addcarryx_u64(&x63, &x64, 0x0, x53, x37); + fiat_p256_addcarryx_u64(&x63, &x64, x62, x53, x37); uint64_t x65; fiat_p256_uint1 x66; fiat_p256_addcarryx_u64(&x65, &x66, x64, x55, x39); uint64_t x67; fiat_p256_uint1 x68; - fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, x41); + fiat_p256_addcarryx_u64(&x67, &x68, x66, x57, (fiat_p256_uint1)x41); uint64_t x69; - fiat_p256_uint1 x70; - fiat_p256_addcarryx_u64(&x69, &x70, x68, x59, x43); + uint64_t x70; + fiat_p256_mulx_u64(&x69, &x70, x59, UINT64_C(0xffffffff00000001)); uint64_t x71; - fiat_p256_uint1 x72; - fiat_p256_addcarryx_u64(&x71, &x72, x70, x61, (fiat_p256_uint1)x45); + uint64_t x72; + fiat_p256_mulx_u64(&x71, &x72, x59, UINT32_C(0xffffffff)); uint64_t x73; uint64_t x74; - fiat_p256_mulx_u64(&x73, &x74, x63, UINT64_C(0xffffffff00000001)); + fiat_p256_mulx_u64(&x73, &x74, x59, UINT64_C(0xffffffffffffffff)); uint64_t x75; - uint64_t x76; - fiat_p256_mulx_u64(&x75, &x76, x63, UINT32_C(0xffffffff)); + fiat_p256_uint1 x76; + fiat_p256_addcarryx_u64(&x75, &x76, 0x0, x71, x74); uint64_t x77; - uint64_t x78; - fiat_p256_mulx_u64(&x77, &x78, x63, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x78; + fiat_p256_addcarryx_u64(&x77, &x78, x76, 0x0, x72); uint64_t x79; fiat_p256_uint1 x80; - fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x75, x78); + fiat_p256_addcarryx_u64(&x79, &x80, 0x0, x73, x59); uint64_t x81; fiat_p256_uint1 x82; - fiat_p256_addcarryx_u64(&x81, &x82, x80, 0x0, x76); + fiat_p256_addcarryx_u64(&x81, &x82, x80, x75, x61); uint64_t x83; fiat_p256_uint1 x84; - fiat_p256_addcarryx_u64(&x83, &x84, x82, x73, 0x0); + fiat_p256_addcarryx_u64(&x83, &x84, x82, x77, x63); uint64_t x85; fiat_p256_uint1 x86; - fiat_p256_addcarryx_u64(&x85, &x86, x84, 0x0, x74); + fiat_p256_addcarryx_u64(&x85, &x86, x84, x69, x65); uint64_t x87; fiat_p256_uint1 x88; - fiat_p256_addcarryx_u64(&x87, &x88, 0x0, x77, x63); + fiat_p256_addcarryx_u64(&x87, &x88, x86, x70, x67); uint64_t x89; fiat_p256_uint1 x90; - fiat_p256_addcarryx_u64(&x89, &x90, x88, x79, x65); + fiat_p256_addcarryx_u64(&x89, &x90, x88, 0x0, x68); uint64_t x91; - fiat_p256_uint1 x92; - fiat_p256_addcarryx_u64(&x91, &x92, x90, x81, x67); + uint64_t x92; + fiat_p256_mulx_u64(&x91, &x92, x2, (arg1[3])); uint64_t x93; - fiat_p256_uint1 x94; - fiat_p256_addcarryx_u64(&x93, &x94, x92, x83, x69); + uint64_t x94; + fiat_p256_mulx_u64(&x93, &x94, x2, (arg1[2])); uint64_t x95; - fiat_p256_uint1 x96; - fiat_p256_addcarryx_u64(&x95, &x96, x94, x85, x71); + uint64_t x96; + fiat_p256_mulx_u64(&x95, &x96, x2, (arg1[1])); uint64_t x97; - fiat_p256_uint1 x98; - fiat_p256_addcarryx_u64(&x97, &x98, x96, 0x0, x72); + uint64_t x98; + fiat_p256_mulx_u64(&x97, &x98, x2, (arg1[0])); uint64_t x99; - uint64_t x100; - fiat_p256_mulx_u64(&x99, &x100, x2, (arg1[3])); + fiat_p256_uint1 x100; + fiat_p256_addcarryx_u64(&x99, &x100, 0x0, x95, x98); uint64_t x101; - uint64_t x102; - fiat_p256_mulx_u64(&x101, &x102, x2, (arg1[2])); + fiat_p256_uint1 x102; + fiat_p256_addcarryx_u64(&x101, &x102, x100, x93, x96); uint64_t x103; - uint64_t x104; - fiat_p256_mulx_u64(&x103, &x104, x2, (arg1[1])); + fiat_p256_uint1 x104; + fiat_p256_addcarryx_u64(&x103, &x104, x102, x91, x94); uint64_t x105; - uint64_t x106; - fiat_p256_mulx_u64(&x105, &x106, x2, (arg1[0])); + fiat_p256_uint1 x106; + fiat_p256_addcarryx_u64(&x105, &x106, x104, 0x0, x92); uint64_t x107; fiat_p256_uint1 x108; - fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x103, x106); + fiat_p256_addcarryx_u64(&x107, &x108, 0x0, x97, x81); uint64_t x109; fiat_p256_uint1 x110; - fiat_p256_addcarryx_u64(&x109, &x110, x108, x101, x104); + fiat_p256_addcarryx_u64(&x109, &x110, x108, x99, x83); uint64_t x111; fiat_p256_uint1 x112; - fiat_p256_addcarryx_u64(&x111, &x112, x110, x99, x102); + fiat_p256_addcarryx_u64(&x111, &x112, x110, x101, x85); uint64_t x113; fiat_p256_uint1 x114; - fiat_p256_addcarryx_u64(&x113, &x114, x112, 0x0, x100); + fiat_p256_addcarryx_u64(&x113, &x114, x112, x103, x87); uint64_t x115; fiat_p256_uint1 x116; - fiat_p256_addcarryx_u64(&x115, &x116, 0x0, x105, x89); + fiat_p256_addcarryx_u64(&x115, &x116, x114, x105, x89); uint64_t x117; - fiat_p256_uint1 x118; - fiat_p256_addcarryx_u64(&x117, &x118, x116, x107, x91); + uint64_t x118; + fiat_p256_mulx_u64(&x117, &x118, x107, UINT64_C(0xffffffff00000001)); uint64_t x119; - fiat_p256_uint1 x120; - fiat_p256_addcarryx_u64(&x119, &x120, x118, x109, x93); + uint64_t x120; + fiat_p256_mulx_u64(&x119, &x120, x107, UINT32_C(0xffffffff)); uint64_t x121; - fiat_p256_uint1 x122; - fiat_p256_addcarryx_u64(&x121, &x122, x120, x111, x95); + uint64_t x122; + fiat_p256_mulx_u64(&x121, &x122, x107, UINT64_C(0xffffffffffffffff)); uint64_t x123; fiat_p256_uint1 x124; - fiat_p256_addcarryx_u64(&x123, &x124, x122, x113, x97); + fiat_p256_addcarryx_u64(&x123, &x124, 0x0, x119, x122); uint64_t x125; - uint64_t x126; - fiat_p256_mulx_u64(&x125, &x126, x115, UINT64_C(0xffffffff00000001)); + fiat_p256_uint1 x126; + fiat_p256_addcarryx_u64(&x125, &x126, x124, 0x0, x120); uint64_t x127; - uint64_t x128; - fiat_p256_mulx_u64(&x127, &x128, x115, UINT32_C(0xffffffff)); + fiat_p256_uint1 x128; + fiat_p256_addcarryx_u64(&x127, &x128, 0x0, x121, x107); uint64_t x129; - uint64_t x130; - fiat_p256_mulx_u64(&x129, &x130, x115, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x130; + fiat_p256_addcarryx_u64(&x129, &x130, x128, x123, x109); uint64_t x131; fiat_p256_uint1 x132; - fiat_p256_addcarryx_u64(&x131, &x132, 0x0, x127, x130); + fiat_p256_addcarryx_u64(&x131, &x132, x130, x125, x111); uint64_t x133; fiat_p256_uint1 x134; - fiat_p256_addcarryx_u64(&x133, &x134, x132, 0x0, x128); + fiat_p256_addcarryx_u64(&x133, &x134, x132, x117, x113); uint64_t x135; fiat_p256_uint1 x136; - fiat_p256_addcarryx_u64(&x135, &x136, x134, x125, 0x0); + fiat_p256_addcarryx_u64(&x135, &x136, x134, x118, x115); uint64_t x137; fiat_p256_uint1 x138; - fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x126); + fiat_p256_addcarryx_u64(&x137, &x138, x136, 0x0, x116); uint64_t x139; - fiat_p256_uint1 x140; - fiat_p256_addcarryx_u64(&x139, &x140, 0x0, x129, x115); + uint64_t x140; + fiat_p256_mulx_u64(&x139, &x140, x3, (arg1[3])); uint64_t x141; - fiat_p256_uint1 x142; - fiat_p256_addcarryx_u64(&x141, &x142, x140, x131, x117); + uint64_t x142; + fiat_p256_mulx_u64(&x141, &x142, x3, (arg1[2])); uint64_t x143; - fiat_p256_uint1 x144; - fiat_p256_addcarryx_u64(&x143, &x144, x142, x133, x119); + uint64_t x144; + fiat_p256_mulx_u64(&x143, &x144, x3, (arg1[1])); uint64_t x145; - fiat_p256_uint1 x146; - fiat_p256_addcarryx_u64(&x145, &x146, x144, x135, x121); + uint64_t x146; + fiat_p256_mulx_u64(&x145, &x146, x3, (arg1[0])); uint64_t x147; fiat_p256_uint1 x148; - fiat_p256_addcarryx_u64(&x147, &x148, x146, x137, x123); + fiat_p256_addcarryx_u64(&x147, &x148, 0x0, x143, x146); uint64_t x149; fiat_p256_uint1 x150; - fiat_p256_addcarryx_u64(&x149, &x150, x148, 0x0, x124); + fiat_p256_addcarryx_u64(&x149, &x150, x148, x141, x144); uint64_t x151; - uint64_t x152; - fiat_p256_mulx_u64(&x151, &x152, x3, (arg1[3])); + fiat_p256_uint1 x152; + fiat_p256_addcarryx_u64(&x151, &x152, x150, x139, x142); uint64_t x153; - uint64_t x154; - fiat_p256_mulx_u64(&x153, &x154, x3, (arg1[2])); + fiat_p256_uint1 x154; + fiat_p256_addcarryx_u64(&x153, &x154, x152, 0x0, x140); uint64_t x155; - uint64_t x156; - fiat_p256_mulx_u64(&x155, &x156, x3, (arg1[1])); + fiat_p256_uint1 x156; + fiat_p256_addcarryx_u64(&x155, &x156, 0x0, x145, x129); uint64_t x157; - uint64_t x158; - fiat_p256_mulx_u64(&x157, &x158, x3, (arg1[0])); + fiat_p256_uint1 x158; + fiat_p256_addcarryx_u64(&x157, &x158, x156, x147, x131); uint64_t x159; fiat_p256_uint1 x160; - fiat_p256_addcarryx_u64(&x159, &x160, 0x0, x155, x158); + fiat_p256_addcarryx_u64(&x159, &x160, x158, x149, x133); uint64_t x161; fiat_p256_uint1 x162; - fiat_p256_addcarryx_u64(&x161, &x162, x160, x153, x156); + fiat_p256_addcarryx_u64(&x161, &x162, x160, x151, x135); uint64_t x163; fiat_p256_uint1 x164; - fiat_p256_addcarryx_u64(&x163, &x164, x162, x151, x154); + fiat_p256_addcarryx_u64(&x163, &x164, x162, x153, x137); uint64_t x165; - fiat_p256_uint1 x166; - fiat_p256_addcarryx_u64(&x165, &x166, x164, 0x0, x152); + uint64_t x166; + fiat_p256_mulx_u64(&x165, &x166, x155, UINT64_C(0xffffffff00000001)); uint64_t x167; - fiat_p256_uint1 x168; - fiat_p256_addcarryx_u64(&x167, &x168, 0x0, x157, x141); + uint64_t x168; + fiat_p256_mulx_u64(&x167, &x168, x155, UINT32_C(0xffffffff)); uint64_t x169; - fiat_p256_uint1 x170; - fiat_p256_addcarryx_u64(&x169, &x170, x168, x159, x143); + uint64_t x170; + fiat_p256_mulx_u64(&x169, &x170, x155, UINT64_C(0xffffffffffffffff)); uint64_t x171; fiat_p256_uint1 x172; - fiat_p256_addcarryx_u64(&x171, &x172, x170, x161, x145); + fiat_p256_addcarryx_u64(&x171, &x172, 0x0, x167, x170); uint64_t x173; fiat_p256_uint1 x174; - fiat_p256_addcarryx_u64(&x173, &x174, x172, x163, x147); + fiat_p256_addcarryx_u64(&x173, &x174, x172, 0x0, x168); uint64_t x175; fiat_p256_uint1 x176; - fiat_p256_addcarryx_u64(&x175, &x176, x174, x165, x149); + fiat_p256_addcarryx_u64(&x175, &x176, 0x0, x169, x155); uint64_t x177; - uint64_t x178; - fiat_p256_mulx_u64(&x177, &x178, x167, UINT64_C(0xffffffff00000001)); + fiat_p256_uint1 x178; + fiat_p256_addcarryx_u64(&x177, &x178, x176, x171, x157); uint64_t x179; - uint64_t x180; - fiat_p256_mulx_u64(&x179, &x180, x167, UINT32_C(0xffffffff)); + fiat_p256_uint1 x180; + fiat_p256_addcarryx_u64(&x179, &x180, x178, x173, x159); uint64_t x181; - uint64_t x182; - fiat_p256_mulx_u64(&x181, &x182, x167, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x182; + fiat_p256_addcarryx_u64(&x181, &x182, x180, x165, x161); uint64_t x183; fiat_p256_uint1 x184; - fiat_p256_addcarryx_u64(&x183, &x184, 0x0, x179, x182); + fiat_p256_addcarryx_u64(&x183, &x184, x182, x166, x163); uint64_t x185; fiat_p256_uint1 x186; - fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x180); + fiat_p256_addcarryx_u64(&x185, &x186, x184, 0x0, x164); uint64_t x187; fiat_p256_uint1 x188; - fiat_p256_addcarryx_u64(&x187, &x188, x186, x177, 0x0); + fiat_p256_subborrowx_u64(&x187, &x188, 0x0, x177, UINT64_C(0xffffffffffffffff)); uint64_t x189; fiat_p256_uint1 x190; - fiat_p256_addcarryx_u64(&x189, &x190, x188, 0x0, x178); + fiat_p256_subborrowx_u64(&x189, &x190, x188, x179, UINT32_C(0xffffffff)); uint64_t x191; fiat_p256_uint1 x192; - fiat_p256_addcarryx_u64(&x191, &x192, 0x0, x181, x167); + fiat_p256_subborrowx_u64(&x191, &x192, x190, x181, 0x0); uint64_t x193; fiat_p256_uint1 x194; - fiat_p256_addcarryx_u64(&x193, &x194, x192, x183, x169); + fiat_p256_subborrowx_u64(&x193, &x194, x192, x183, UINT64_C(0xffffffff00000001)); uint64_t x195; fiat_p256_uint1 x196; - fiat_p256_addcarryx_u64(&x195, &x196, x194, x185, x171); + fiat_p256_subborrowx_u64(&x195, &x196, x194, x185, 0x0); uint64_t x197; - fiat_p256_uint1 x198; - fiat_p256_addcarryx_u64(&x197, &x198, x196, x187, x173); + fiat_p256_cmovznz_u64(&x197, x196, x187, x177); + uint64_t x198; + fiat_p256_cmovznz_u64(&x198, x196, x189, x179); uint64_t x199; - fiat_p256_uint1 x200; - fiat_p256_addcarryx_u64(&x199, &x200, x198, x189, x175); - uint64_t x201; - fiat_p256_uint1 x202; - fiat_p256_addcarryx_u64(&x201, &x202, x200, 0x0, x176); - uint64_t x203; - fiat_p256_uint1 x204; - fiat_p256_subborrowx_u64(&x203, &x204, 0x0, x193, UINT64_C(0xffffffffffffffff)); - uint64_t x205; - fiat_p256_uint1 x206; - fiat_p256_subborrowx_u64(&x205, &x206, x204, x195, UINT32_C(0xffffffff)); - uint64_t x207; - fiat_p256_uint1 x208; - fiat_p256_subborrowx_u64(&x207, &x208, x206, x197, 0x0); - uint64_t x209; - fiat_p256_uint1 x210; - fiat_p256_subborrowx_u64(&x209, &x210, x208, x199, UINT64_C(0xffffffff00000001)); - uint64_t x211; - fiat_p256_uint1 x212; - fiat_p256_subborrowx_u64(&x211, &x212, x210, x201, 0x0); - uint64_t x213; - fiat_p256_cmovznz_u64(&x213, x212, x203, x193); - uint64_t x214; - fiat_p256_cmovznz_u64(&x214, x212, x205, x195); - uint64_t x215; - fiat_p256_cmovznz_u64(&x215, x212, x207, x197); - uint64_t x216; - fiat_p256_cmovznz_u64(&x216, x212, x209, x199); - out1[0] = x213; - out1[1] = x214; - out1[2] = x215; - out1[3] = x216; + fiat_p256_cmovznz_u64(&x199, x196, x191, x181); + uint64_t x200; + fiat_p256_cmovznz_u64(&x200, x196, x193, x183); + out1[0] = x197; + out1[1] = x198; + out1[2] = x199; + out1[3] = x200; } /* @@ -908,220 +860,163 @@ static void fiat_p256_from_montgomery(uint64_t out1[4], const uint64_t arg1[4]) fiat_p256_addcarryx_u64(&x8, &x9, 0x0, x4, x7); uint64_t x10; fiat_p256_uint1 x11; - fiat_p256_addcarryx_u64(&x10, &x11, x9, 0x0, x5); + fiat_p256_addcarryx_u64(&x10, &x11, 0x0, x6, x1); uint64_t x12; fiat_p256_uint1 x13; - fiat_p256_addcarryx_u64(&x12, &x13, x11, x2, 0x0); + fiat_p256_addcarryx_u64(&x12, &x13, x11, x8, 0x0); uint64_t x14; fiat_p256_uint1 x15; - fiat_p256_addcarryx_u64(&x14, &x15, 0x0, x6, x1); + fiat_p256_addcarryx_u64(&x14, &x15, 0x0, (arg1[1]), x12); uint64_t x16; - fiat_p256_uint1 x17; - fiat_p256_addcarryx_u64(&x16, &x17, x15, x8, 0x0); + uint64_t x17; + fiat_p256_mulx_u64(&x16, &x17, x14, UINT64_C(0xffffffff00000001)); uint64_t x18; - fiat_p256_uint1 x19; - fiat_p256_addcarryx_u64(&x18, &x19, x17, x10, 0x0); + uint64_t x19; + fiat_p256_mulx_u64(&x18, &x19, x14, UINT32_C(0xffffffff)); uint64_t x20; - fiat_p256_uint1 x21; - fiat_p256_addcarryx_u64(&x20, &x21, x19, x12, 0x0); + uint64_t x21; + fiat_p256_mulx_u64(&x20, &x21, x14, UINT64_C(0xffffffffffffffff)); uint64_t x22; fiat_p256_uint1 x23; - fiat_p256_addcarryx_u64(&x22, &x23, x13, 0x0, x3); + fiat_p256_addcarryx_u64(&x22, &x23, 0x0, x18, x21); uint64_t x24; fiat_p256_uint1 x25; - fiat_p256_addcarryx_u64(&x24, &x25, x21, x22, 0x0); + fiat_p256_addcarryx_u64(&x24, &x25, x9, 0x0, x5); uint64_t x26; fiat_p256_uint1 x27; - fiat_p256_addcarryx_u64(&x26, &x27, 0x0, (arg1[1]), x16); + fiat_p256_addcarryx_u64(&x26, &x27, x13, x24, 0x0); uint64_t x28; fiat_p256_uint1 x29; - fiat_p256_addcarryx_u64(&x28, &x29, x27, 0x0, x18); + fiat_p256_addcarryx_u64(&x28, &x29, x15, 0x0, x26); uint64_t x30; fiat_p256_uint1 x31; - fiat_p256_addcarryx_u64(&x30, &x31, x29, 0x0, x20); + fiat_p256_addcarryx_u64(&x30, &x31, 0x0, x20, x14); uint64_t x32; fiat_p256_uint1 x33; - fiat_p256_addcarryx_u64(&x32, &x33, x31, 0x0, x24); + fiat_p256_addcarryx_u64(&x32, &x33, x31, x22, x28); uint64_t x34; fiat_p256_uint1 x35; - fiat_p256_addcarryx_u64(&x34, &x35, x25, 0x0, 0x0); + fiat_p256_addcarryx_u64(&x34, &x35, x23, 0x0, x19); uint64_t x36; fiat_p256_uint1 x37; - fiat_p256_addcarryx_u64(&x36, &x37, x33, 0x0, (fiat_p256_uint1)x34); + fiat_p256_addcarryx_u64(&x36, &x37, x33, x34, x2); uint64_t x38; - uint64_t x39; - fiat_p256_mulx_u64(&x38, &x39, x26, UINT64_C(0xffffffff00000001)); + fiat_p256_uint1 x39; + fiat_p256_addcarryx_u64(&x38, &x39, x37, x16, x3); uint64_t x40; - uint64_t x41; - fiat_p256_mulx_u64(&x40, &x41, x26, UINT32_C(0xffffffff)); + fiat_p256_uint1 x41; + fiat_p256_addcarryx_u64(&x40, &x41, 0x0, (arg1[2]), x32); uint64_t x42; - uint64_t x43; - fiat_p256_mulx_u64(&x42, &x43, x26, UINT64_C(0xffffffffffffffff)); + fiat_p256_uint1 x43; + fiat_p256_addcarryx_u64(&x42, &x43, x41, 0x0, x36); uint64_t x44; fiat_p256_uint1 x45; - fiat_p256_addcarryx_u64(&x44, &x45, 0x0, x40, x43); + fiat_p256_addcarryx_u64(&x44, &x45, x43, 0x0, x38); uint64_t x46; - fiat_p256_uint1 x47; - fiat_p256_addcarryx_u64(&x46, &x47, x45, 0x0, x41); + uint64_t x47; + fiat_p256_mulx_u64(&x46, &x47, x40, UINT64_C(0xffffffff00000001)); uint64_t x48; - fiat_p256_uint1 x49; - fiat_p256_addcarryx_u64(&x48, &x49, x47, x38, 0x0); + uint64_t x49; + fiat_p256_mulx_u64(&x48, &x49, x40, UINT32_C(0xffffffff)); uint64_t x50; - fiat_p256_uint1 x51; - fiat_p256_addcarryx_u64(&x50, &x51, 0x0, x42, x26); + uint64_t x51; + fiat_p256_mulx_u64(&x50, &x51, x40, UINT64_C(0xffffffffffffffff)); uint64_t x52; fiat_p256_uint1 x53; - fiat_p256_addcarryx_u64(&x52, &x53, x51, x44, x28); + fiat_p256_addcarryx_u64(&x52, &x53, 0x0, x48, x51); uint64_t x54; fiat_p256_uint1 x55; - fiat_p256_addcarryx_u64(&x54, &x55, x53, x46, x30); + fiat_p256_addcarryx_u64(&x54, &x55, 0x0, x50, x40); uint64_t x56; fiat_p256_uint1 x57; - fiat_p256_addcarryx_u64(&x56, &x57, x55, x48, x32); + fiat_p256_addcarryx_u64(&x56, &x57, x55, x52, x42); uint64_t x58; fiat_p256_uint1 x59; - fiat_p256_addcarryx_u64(&x58, &x59, x49, 0x0, x39); + fiat_p256_addcarryx_u64(&x58, &x59, x53, 0x0, x49); uint64_t x60; fiat_p256_uint1 x61; - fiat_p256_addcarryx_u64(&x60, &x61, x57, x58, (fiat_p256_uint1)x36); + fiat_p256_addcarryx_u64(&x60, &x61, x57, x58, x44); uint64_t x62; fiat_p256_uint1 x63; - fiat_p256_addcarryx_u64(&x62, &x63, 0x0, (arg1[2]), x52); + fiat_p256_addcarryx_u64(&x62, &x63, x39, x17, 0x0); uint64_t x64; fiat_p256_uint1 x65; - fiat_p256_addcarryx_u64(&x64, &x65, x63, 0x0, x54); + fiat_p256_addcarryx_u64(&x64, &x65, x45, 0x0, x62); uint64_t x66; fiat_p256_uint1 x67; - fiat_p256_addcarryx_u64(&x66, &x67, x65, 0x0, x56); + fiat_p256_addcarryx_u64(&x66, &x67, x61, x46, x64); uint64_t x68; fiat_p256_uint1 x69; - fiat_p256_addcarryx_u64(&x68, &x69, x67, 0x0, x60); + fiat_p256_addcarryx_u64(&x68, &x69, 0x0, (arg1[3]), x56); uint64_t x70; fiat_p256_uint1 x71; - fiat_p256_addcarryx_u64(&x70, &x71, x61, 0x0, x37); + fiat_p256_addcarryx_u64(&x70, &x71, x69, 0x0, x60); uint64_t x72; fiat_p256_uint1 x73; - fiat_p256_addcarryx_u64(&x72, &x73, x69, 0x0, (fiat_p256_uint1)x70); + fiat_p256_addcarryx_u64(&x72, &x73, x71, 0x0, x66); uint64_t x74; uint64_t x75; - fiat_p256_mulx_u64(&x74, &x75, x62, UINT64_C(0xffffffff00000001)); + fiat_p256_mulx_u64(&x74, &x75, x68, UINT64_C(0xffffffff00000001)); uint64_t x76; uint64_t x77; - fiat_p256_mulx_u64(&x76, &x77, x62, UINT32_C(0xffffffff)); + fiat_p256_mulx_u64(&x76, &x77, x68, UINT32_C(0xffffffff)); uint64_t x78; uint64_t x79; - fiat_p256_mulx_u64(&x78, &x79, x62, UINT64_C(0xffffffffffffffff)); + fiat_p256_mulx_u64(&x78, &x79, x68, UINT64_C(0xffffffffffffffff)); uint64_t x80; fiat_p256_uint1 x81; fiat_p256_addcarryx_u64(&x80, &x81, 0x0, x76, x79); uint64_t x82; fiat_p256_uint1 x83; - fiat_p256_addcarryx_u64(&x82, &x83, x81, 0x0, x77); + fiat_p256_addcarryx_u64(&x82, &x83, 0x0, x78, x68); uint64_t x84; fiat_p256_uint1 x85; - fiat_p256_addcarryx_u64(&x84, &x85, x83, x74, 0x0); + fiat_p256_addcarryx_u64(&x84, &x85, x83, x80, x70); uint64_t x86; fiat_p256_uint1 x87; - fiat_p256_addcarryx_u64(&x86, &x87, 0x0, x78, x62); + fiat_p256_addcarryx_u64(&x86, &x87, x81, 0x0, x77); uint64_t x88; fiat_p256_uint1 x89; - fiat_p256_addcarryx_u64(&x88, &x89, x87, x80, x64); + fiat_p256_addcarryx_u64(&x88, &x89, x85, x86, x72); uint64_t x90; fiat_p256_uint1 x91; - fiat_p256_addcarryx_u64(&x90, &x91, x89, x82, x66); + fiat_p256_addcarryx_u64(&x90, &x91, x67, x47, 0x0); uint64_t x92; fiat_p256_uint1 x93; - fiat_p256_addcarryx_u64(&x92, &x93, x91, x84, x68); + fiat_p256_addcarryx_u64(&x92, &x93, x73, 0x0, x90); uint64_t x94; fiat_p256_uint1 x95; - fiat_p256_addcarryx_u64(&x94, &x95, x85, 0x0, x75); + fiat_p256_addcarryx_u64(&x94, &x95, x89, x74, x92); uint64_t x96; fiat_p256_uint1 x97; - fiat_p256_addcarryx_u64(&x96, &x97, x93, x94, (fiat_p256_uint1)x72); + fiat_p256_addcarryx_u64(&x96, &x97, x95, x75, 0x0); uint64_t x98; fiat_p256_uint1 x99; - fiat_p256_addcarryx_u64(&x98, &x99, 0x0, (arg1[3]), x88); + fiat_p256_subborrowx_u64(&x98, &x99, 0x0, x84, UINT64_C(0xffffffffffffffff)); uint64_t x100; fiat_p256_uint1 x101; - fiat_p256_addcarryx_u64(&x100, &x101, x99, 0x0, x90); + fiat_p256_subborrowx_u64(&x100, &x101, x99, x88, UINT32_C(0xffffffff)); uint64_t x102; fiat_p256_uint1 x103; - fiat_p256_addcarryx_u64(&x102, &x103, x101, 0x0, x92); + fiat_p256_subborrowx_u64(&x102, &x103, x101, x94, 0x0); uint64_t x104; fiat_p256_uint1 x105; - fiat_p256_addcarryx_u64(&x104, &x105, x103, 0x0, x96); + fiat_p256_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0xffffffff00000001)); uint64_t x106; fiat_p256_uint1 x107; - fiat_p256_addcarryx_u64(&x106, &x107, x97, 0x0, x73); + fiat_p256_subborrowx_u64(&x106, &x107, x105, 0x0, 0x0); uint64_t x108; - fiat_p256_uint1 x109; - fiat_p256_addcarryx_u64(&x108, &x109, x105, 0x0, (fiat_p256_uint1)x106); + fiat_p256_cmovznz_u64(&x108, x107, x98, x84); + uint64_t x109; + fiat_p256_cmovznz_u64(&x109, x107, x100, x88); uint64_t x110; + fiat_p256_cmovznz_u64(&x110, x107, x102, x94); uint64_t x111; - fiat_p256_mulx_u64(&x110, &x111, x98, UINT64_C(0xffffffff00000001)); - uint64_t x112; - uint64_t x113; - fiat_p256_mulx_u64(&x112, &x113, x98, UINT32_C(0xffffffff)); - uint64_t x114; - uint64_t x115; - fiat_p256_mulx_u64(&x114, &x115, x98, UINT64_C(0xffffffffffffffff)); - uint64_t x116; - fiat_p256_uint1 x117; - fiat_p256_addcarryx_u64(&x116, &x117, 0x0, x112, x115); - uint64_t x118; - fiat_p256_uint1 x119; - fiat_p256_addcarryx_u64(&x118, &x119, x117, 0x0, x113); - uint64_t x120; - fiat_p256_uint1 x121; - fiat_p256_addcarryx_u64(&x120, &x121, x119, x110, 0x0); - uint64_t x122; - fiat_p256_uint1 x123; - fiat_p256_addcarryx_u64(&x122, &x123, 0x0, x114, x98); - uint64_t x124; - fiat_p256_uint1 x125; - fiat_p256_addcarryx_u64(&x124, &x125, x123, x116, x100); - uint64_t x126; - fiat_p256_uint1 x127; - fiat_p256_addcarryx_u64(&x126, &x127, x125, x118, x102); - uint64_t x128; - fiat_p256_uint1 x129; - fiat_p256_addcarryx_u64(&x128, &x129, x127, x120, x104); - uint64_t x130; - fiat_p256_uint1 x131; - fiat_p256_addcarryx_u64(&x130, &x131, x121, 0x0, x111); - uint64_t x132; - fiat_p256_uint1 x133; - fiat_p256_addcarryx_u64(&x132, &x133, x129, x130, (fiat_p256_uint1)x108); - uint64_t x134; - fiat_p256_uint1 x135; - fiat_p256_subborrowx_u64(&x134, &x135, 0x0, x124, UINT64_C(0xffffffffffffffff)); - uint64_t x136; - fiat_p256_uint1 x137; - fiat_p256_subborrowx_u64(&x136, &x137, x135, x126, UINT32_C(0xffffffff)); - uint64_t x138; - fiat_p256_uint1 x139; - fiat_p256_subborrowx_u64(&x138, &x139, x137, x128, 0x0); - uint64_t x140; - fiat_p256_uint1 x141; - fiat_p256_subborrowx_u64(&x140, &x141, x139, x132, UINT64_C(0xffffffff00000001)); - uint64_t x142; - fiat_p256_uint1 x143; - fiat_p256_addcarryx_u64(&x142, &x143, x133, 0x0, x109); - uint64_t x144; - fiat_p256_uint1 x145; - fiat_p256_subborrowx_u64(&x144, &x145, x141, (fiat_p256_uint1)x142, 0x0); - uint64_t x146; - fiat_p256_cmovznz_u64(&x146, x145, x134, x124); - uint64_t x147; - fiat_p256_cmovznz_u64(&x147, x145, x136, x126); - uint64_t x148; - fiat_p256_cmovznz_u64(&x148, x145, x138, x128); - uint64_t x149; - fiat_p256_cmovznz_u64(&x149, x145, x140, x132); - out1[0] = x146; - out1[1] = x147; - out1[2] = x148; - out1[3] = x149; + fiat_p256_cmovznz_u64(&x111, x107, x104, x96); + out1[0] = x108; + out1[1] = x109; + out1[2] = x110; + out1[3] = x111; } /* @@ -1183,28 +1078,28 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); - fiat_p256_uint1 x19 = (fiat_p256_uint1)(x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x21 = (x19 + x3); - uint64_t x22 = (x21 >> 8); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x24 = (x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint64_t x26 = (x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x28 = (x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint64_t x30 = (x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - uint64_t x32 = (x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint8_t x34 = (uint8_t)(x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - fiat_p256_uint1 x36 = (fiat_p256_uint1)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - uint64_t x38 = (x36 + x2); - uint64_t x39 = (x38 >> 8); - uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); + uint64_t x20 = (0x0 + x3); + uint64_t x21 = (x20 >> 8); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x23 = (x21 >> 8); + uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); + uint64_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint64_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint64_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint8_t x33 = (uint8_t)(x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); + uint64_t x36 = (0x0 + x2); + uint64_t x37 = (x36 >> 8); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); uint64_t x43 = (x41 >> 8); @@ -1213,27 +1108,24 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); uint64_t x47 = (x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint64_t x49 = (x47 >> 8); + uint8_t x49 = (uint8_t)(x47 >> 8); uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - fiat_p256_uint1 x53 = (fiat_p256_uint1)(x51 >> 8); - uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - uint64_t x55 = (x53 + x1); - uint64_t x56 = (x55 >> 8); - uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x58 = (x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - uint64_t x60 = (x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint64_t x62 = (x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - uint64_t x64 = (x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint64_t x66 = (x64 >> 8); - uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); - uint8_t x68 = (uint8_t)(x66 >> 8); - uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); + uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); + uint64_t x52 = (0x0 + x1); + uint64_t x53 = (x52 >> 8); + uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x55 = (x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint64_t x57 = (x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); + uint64_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint64_t x61 = (x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint64_t x63 = (x61 >> 8); + uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); + uint8_t x65 = (uint8_t)(x63 >> 8); + uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1241,31 +1133,31 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[4] = x14; out1[5] = x16; out1[6] = x18; - out1[7] = x20; - out1[8] = x23; - out1[9] = x25; - out1[10] = x27; - out1[11] = x29; - out1[12] = x31; - out1[13] = x33; - out1[14] = x35; - out1[15] = x37; - out1[16] = x40; - out1[17] = x42; - out1[18] = x44; - out1[19] = x46; - out1[20] = x48; - out1[21] = x50; - out1[22] = x52; - out1[23] = x54; - out1[24] = x57; - out1[25] = x59; - out1[26] = x61; - out1[27] = x63; - out1[28] = x65; - out1[29] = x67; - out1[30] = x69; - out1[31] = x68; + out1[7] = x19; + out1[8] = x22; + out1[9] = x24; + out1[10] = x26; + out1[11] = x28; + out1[12] = x30; + out1[13] = x32; + out1[14] = x34; + out1[15] = x35; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x44; + out1[20] = x46; + out1[21] = x48; + out1[22] = x50; + out1[23] = x51; + out1[24] = x54; + out1[25] = x56; + out1[26] = x58; + out1[27] = x60; + out1[28] = x62; + out1[29] = x64; + out1[30] = x66; + out1[31] = x65; } /* @@ -1308,21 +1200,18 @@ static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { uint64_t x31 = ((uint64_t)(arg1[1]) << 8); uint8_t x32 = (arg1[0]); uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); - fiat_p256_uint1 x34 = (fiat_p256_uint1)((fiat_p256_uint128)x33 >> 64); - uint64_t x35 = (x33 & UINT64_C(0xffffffffffffffff)); - uint64_t x36 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); - uint64_t x37 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); - uint64_t x38 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x39 = (x34 + x38); - fiat_p256_uint1 x40 = (fiat_p256_uint1)((fiat_p256_uint128)x39 >> 64); - uint64_t x41 = (x39 & UINT64_C(0xffffffffffffffff)); - uint64_t x42 = (x40 + x37); - fiat_p256_uint1 x43 = (fiat_p256_uint1)((fiat_p256_uint128)x42 >> 64); - uint64_t x44 = (x42 & UINT64_C(0xffffffffffffffff)); - uint64_t x45 = (x43 + x36); - out1[0] = x35; - out1[1] = x41; - out1[2] = x44; - out1[3] = x45; + uint64_t x34 = (x33 & UINT64_C(0xffffffffffffffff)); + uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); + uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); + uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); + uint64_t x38 = (0x0 + x37); + uint64_t x39 = (x38 & UINT64_C(0xffffffffffffffff)); + uint64_t x40 = (0x0 + x36); + uint64_t x41 = (x40 & UINT64_C(0xffffffffffffffff)); + uint64_t x42 = (0x0 + x35); + out1[0] = x34; + out1[1] = x39; + out1[2] = x41; + out1[3] = x42; } diff --git a/p384_32.c b/p384_32.c index 3c8f908af3..9dc2368dd4 100644 --- a/p384_32.c +++ b/p384_32.c @@ -5620,1601 +5620,1565 @@ static void fiat_p384_from_montgomery(uint32_t out1[12], const uint32_t arg1[12] fiat_p384_uint1 x43; fiat_p384_addcarryx_u32(&x42, &x43, 0x0, (arg1[1]), x40); uint32_t x44; - fiat_p384_uint1 x45; - fiat_p384_addcarryx_u32(&x44, &x45, x41, 0x0, 0x0); + uint32_t x45; + fiat_p384_mulx_u32(&x44, &x45, x42, UINT32_C(0xffffffff)); uint32_t x46; - fiat_p384_uint1 x47; - fiat_p384_addcarryx_u32(&x46, &x47, x43, 0x0, (fiat_p384_uint1)x44); + uint32_t x47; + fiat_p384_mulx_u32(&x46, &x47, x42, UINT32_C(0xffffffff)); uint32_t x48; - fiat_p384_uint1 x49; - fiat_p384_addcarryx_u32(&x48, &x49, x47, 0x0, x18); + uint32_t x49; + fiat_p384_mulx_u32(&x48, &x49, x42, UINT32_C(0xffffffff)); uint32_t x50; - fiat_p384_uint1 x51; - fiat_p384_addcarryx_u32(&x50, &x51, x49, 0x0, x22); + uint32_t x51; + fiat_p384_mulx_u32(&x50, &x51, x42, UINT32_C(0xffffffff)); uint32_t x52; - fiat_p384_uint1 x53; - fiat_p384_addcarryx_u32(&x52, &x53, x51, 0x0, x24); + uint32_t x53; + fiat_p384_mulx_u32(&x52, &x53, x42, UINT32_C(0xffffffff)); uint32_t x54; - fiat_p384_uint1 x55; - fiat_p384_addcarryx_u32(&x54, &x55, x53, 0x0, x26); + uint32_t x55; + fiat_p384_mulx_u32(&x54, &x55, x42, UINT32_C(0xffffffff)); uint32_t x56; - fiat_p384_uint1 x57; - fiat_p384_addcarryx_u32(&x56, &x57, x55, 0x0, x28); + uint32_t x57; + fiat_p384_mulx_u32(&x56, &x57, x42, UINT32_C(0xffffffff)); uint32_t x58; - fiat_p384_uint1 x59; - fiat_p384_addcarryx_u32(&x58, &x59, x57, 0x0, x30); + uint32_t x59; + fiat_p384_mulx_u32(&x58, &x59, x42, UINT32_C(0xfffffffe)); uint32_t x60; - fiat_p384_uint1 x61; - fiat_p384_addcarryx_u32(&x60, &x61, x59, 0x0, x32); + uint32_t x61; + fiat_p384_mulx_u32(&x60, &x61, x42, UINT32_C(0xffffffff)); uint32_t x62; - fiat_p384_uint1 x63; - fiat_p384_addcarryx_u32(&x62, &x63, x61, 0x0, x34); + uint32_t x63; + fiat_p384_mulx_u32(&x62, &x63, x42, UINT32_C(0xffffffff)); uint32_t x64; fiat_p384_uint1 x65; - fiat_p384_addcarryx_u32(&x64, &x65, x63, 0x0, x36); + fiat_p384_addcarryx_u32(&x64, &x65, 0x0, x58, x61); uint32_t x66; fiat_p384_uint1 x67; - fiat_p384_addcarryx_u32(&x66, &x67, x37, 0x0, x3); + fiat_p384_addcarryx_u32(&x66, &x67, x65, x56, x59); uint32_t x68; fiat_p384_uint1 x69; - fiat_p384_addcarryx_u32(&x68, &x69, x65, 0x0, x66); + fiat_p384_addcarryx_u32(&x68, &x69, x67, x54, x57); uint32_t x70; - uint32_t x71; - fiat_p384_mulx_u32(&x70, &x71, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x71; + fiat_p384_addcarryx_u32(&x70, &x71, x69, x52, x55); uint32_t x72; - uint32_t x73; - fiat_p384_mulx_u32(&x72, &x73, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x73; + fiat_p384_addcarryx_u32(&x72, &x73, x71, x50, x53); uint32_t x74; - uint32_t x75; - fiat_p384_mulx_u32(&x74, &x75, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x75; + fiat_p384_addcarryx_u32(&x74, &x75, x73, x48, x51); uint32_t x76; - uint32_t x77; - fiat_p384_mulx_u32(&x76, &x77, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x77; + fiat_p384_addcarryx_u32(&x76, &x77, x75, x46, x49); uint32_t x78; - uint32_t x79; - fiat_p384_mulx_u32(&x78, &x79, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x79; + fiat_p384_addcarryx_u32(&x78, &x79, x77, x44, x47); uint32_t x80; - uint32_t x81; - fiat_p384_mulx_u32(&x80, &x81, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x81; + fiat_p384_addcarryx_u32(&x80, &x81, x43, 0x0, 0x0); uint32_t x82; - uint32_t x83; - fiat_p384_mulx_u32(&x82, &x83, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x83; + fiat_p384_addcarryx_u32(&x82, &x83, 0x0, x62, x42); uint32_t x84; - uint32_t x85; - fiat_p384_mulx_u32(&x84, &x85, x42, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x85; + fiat_p384_addcarryx_u32(&x84, &x85, x83, x63, (fiat_p384_uint1)x80); uint32_t x86; - uint32_t x87; - fiat_p384_mulx_u32(&x86, &x87, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x87; + fiat_p384_addcarryx_u32(&x86, &x87, x85, 0x0, x18); uint32_t x88; - uint32_t x89; - fiat_p384_mulx_u32(&x88, &x89, x42, UINT32_C(0xffffffff)); + fiat_p384_uint1 x89; + fiat_p384_addcarryx_u32(&x88, &x89, x87, x60, x22); uint32_t x90; fiat_p384_uint1 x91; - fiat_p384_addcarryx_u32(&x90, &x91, 0x0, x84, x87); + fiat_p384_addcarryx_u32(&x90, &x91, x89, x64, x24); uint32_t x92; fiat_p384_uint1 x93; - fiat_p384_addcarryx_u32(&x92, &x93, x91, x82, x85); + fiat_p384_addcarryx_u32(&x92, &x93, x91, x66, x26); uint32_t x94; fiat_p384_uint1 x95; - fiat_p384_addcarryx_u32(&x94, &x95, x93, x80, x83); + fiat_p384_addcarryx_u32(&x94, &x95, x93, x68, x28); uint32_t x96; fiat_p384_uint1 x97; - fiat_p384_addcarryx_u32(&x96, &x97, x95, x78, x81); + fiat_p384_addcarryx_u32(&x96, &x97, x95, x70, x30); uint32_t x98; fiat_p384_uint1 x99; - fiat_p384_addcarryx_u32(&x98, &x99, x97, x76, x79); + fiat_p384_addcarryx_u32(&x98, &x99, x97, x72, x32); uint32_t x100; fiat_p384_uint1 x101; - fiat_p384_addcarryx_u32(&x100, &x101, x99, x74, x77); + fiat_p384_addcarryx_u32(&x100, &x101, x99, x74, x34); uint32_t x102; fiat_p384_uint1 x103; - fiat_p384_addcarryx_u32(&x102, &x103, x101, x72, x75); + fiat_p384_addcarryx_u32(&x102, &x103, x101, x76, x36); uint32_t x104; fiat_p384_uint1 x105; - fiat_p384_addcarryx_u32(&x104, &x105, x103, x70, x73); + fiat_p384_addcarryx_u32(&x104, &x105, x37, 0x0, x3); uint32_t x106; fiat_p384_uint1 x107; - fiat_p384_addcarryx_u32(&x106, &x107, 0x0, x88, x42); + fiat_p384_addcarryx_u32(&x106, &x107, x103, x78, x104); uint32_t x108; fiat_p384_uint1 x109; - fiat_p384_addcarryx_u32(&x108, &x109, x107, x89, (fiat_p384_uint1)x46); + fiat_p384_addcarryx_u32(&x108, &x109, x79, 0x0, x45); uint32_t x110; fiat_p384_uint1 x111; - fiat_p384_addcarryx_u32(&x110, &x111, x109, 0x0, x48); + fiat_p384_addcarryx_u32(&x110, &x111, x107, x108, 0x0); uint32_t x112; fiat_p384_uint1 x113; - fiat_p384_addcarryx_u32(&x112, &x113, x111, x86, x50); + fiat_p384_addcarryx_u32(&x112, &x113, 0x0, (arg1[2]), x84); uint32_t x114; fiat_p384_uint1 x115; - fiat_p384_addcarryx_u32(&x114, &x115, x113, x90, x52); + fiat_p384_addcarryx_u32(&x114, &x115, x113, 0x0, x86); uint32_t x116; fiat_p384_uint1 x117; - fiat_p384_addcarryx_u32(&x116, &x117, x115, x92, x54); + fiat_p384_addcarryx_u32(&x116, &x117, x115, 0x0, x88); uint32_t x118; fiat_p384_uint1 x119; - fiat_p384_addcarryx_u32(&x118, &x119, x117, x94, x56); + fiat_p384_addcarryx_u32(&x118, &x119, x117, 0x0, x90); uint32_t x120; fiat_p384_uint1 x121; - fiat_p384_addcarryx_u32(&x120, &x121, x119, x96, x58); + fiat_p384_addcarryx_u32(&x120, &x121, x119, 0x0, x92); uint32_t x122; fiat_p384_uint1 x123; - fiat_p384_addcarryx_u32(&x122, &x123, x121, x98, x60); + fiat_p384_addcarryx_u32(&x122, &x123, x121, 0x0, x94); uint32_t x124; fiat_p384_uint1 x125; - fiat_p384_addcarryx_u32(&x124, &x125, x123, x100, x62); + fiat_p384_addcarryx_u32(&x124, &x125, x123, 0x0, x96); uint32_t x126; fiat_p384_uint1 x127; - fiat_p384_addcarryx_u32(&x126, &x127, x125, x102, x64); + fiat_p384_addcarryx_u32(&x126, &x127, x125, 0x0, x98); uint32_t x128; fiat_p384_uint1 x129; - fiat_p384_addcarryx_u32(&x128, &x129, x127, x104, x68); + fiat_p384_addcarryx_u32(&x128, &x129, x127, 0x0, x100); uint32_t x130; fiat_p384_uint1 x131; - fiat_p384_addcarryx_u32(&x130, &x131, x69, 0x0, 0x0); + fiat_p384_addcarryx_u32(&x130, &x131, x129, 0x0, x102); uint32_t x132; fiat_p384_uint1 x133; - fiat_p384_addcarryx_u32(&x132, &x133, x105, 0x0, x71); + fiat_p384_addcarryx_u32(&x132, &x133, x131, 0x0, x106); uint32_t x134; fiat_p384_uint1 x135; - fiat_p384_addcarryx_u32(&x134, &x135, x129, x132, (fiat_p384_uint1)x130); + fiat_p384_addcarryx_u32(&x134, &x135, x133, 0x0, x110); uint32_t x136; - fiat_p384_uint1 x137; - fiat_p384_addcarryx_u32(&x136, &x137, 0x0, (arg1[2]), x108); + uint32_t x137; + fiat_p384_mulx_u32(&x136, &x137, x112, UINT32_C(0xffffffff)); uint32_t x138; - fiat_p384_uint1 x139; - fiat_p384_addcarryx_u32(&x138, &x139, x137, 0x0, x110); + uint32_t x139; + fiat_p384_mulx_u32(&x138, &x139, x112, UINT32_C(0xffffffff)); uint32_t x140; - fiat_p384_uint1 x141; - fiat_p384_addcarryx_u32(&x140, &x141, x139, 0x0, x112); + uint32_t x141; + fiat_p384_mulx_u32(&x140, &x141, x112, UINT32_C(0xffffffff)); uint32_t x142; - fiat_p384_uint1 x143; - fiat_p384_addcarryx_u32(&x142, &x143, x141, 0x0, x114); + uint32_t x143; + fiat_p384_mulx_u32(&x142, &x143, x112, UINT32_C(0xffffffff)); uint32_t x144; - fiat_p384_uint1 x145; - fiat_p384_addcarryx_u32(&x144, &x145, x143, 0x0, x116); + uint32_t x145; + fiat_p384_mulx_u32(&x144, &x145, x112, UINT32_C(0xffffffff)); uint32_t x146; - fiat_p384_uint1 x147; - fiat_p384_addcarryx_u32(&x146, &x147, x145, 0x0, x118); + uint32_t x147; + fiat_p384_mulx_u32(&x146, &x147, x112, UINT32_C(0xffffffff)); uint32_t x148; - fiat_p384_uint1 x149; - fiat_p384_addcarryx_u32(&x148, &x149, x147, 0x0, x120); + uint32_t x149; + fiat_p384_mulx_u32(&x148, &x149, x112, UINT32_C(0xffffffff)); uint32_t x150; - fiat_p384_uint1 x151; - fiat_p384_addcarryx_u32(&x150, &x151, x149, 0x0, x122); + uint32_t x151; + fiat_p384_mulx_u32(&x150, &x151, x112, UINT32_C(0xfffffffe)); uint32_t x152; - fiat_p384_uint1 x153; - fiat_p384_addcarryx_u32(&x152, &x153, x151, 0x0, x124); + uint32_t x153; + fiat_p384_mulx_u32(&x152, &x153, x112, UINT32_C(0xffffffff)); uint32_t x154; - fiat_p384_uint1 x155; - fiat_p384_addcarryx_u32(&x154, &x155, x153, 0x0, x126); + uint32_t x155; + fiat_p384_mulx_u32(&x154, &x155, x112, UINT32_C(0xffffffff)); uint32_t x156; fiat_p384_uint1 x157; - fiat_p384_addcarryx_u32(&x156, &x157, x155, 0x0, x128); + fiat_p384_addcarryx_u32(&x156, &x157, 0x0, x150, x153); uint32_t x158; fiat_p384_uint1 x159; - fiat_p384_addcarryx_u32(&x158, &x159, x157, 0x0, x134); + fiat_p384_addcarryx_u32(&x158, &x159, x157, x148, x151); uint32_t x160; fiat_p384_uint1 x161; - fiat_p384_addcarryx_u32(&x160, &x161, x135, 0x0, 0x0); + fiat_p384_addcarryx_u32(&x160, &x161, x159, x146, x149); uint32_t x162; fiat_p384_uint1 x163; - fiat_p384_addcarryx_u32(&x162, &x163, x159, 0x0, (fiat_p384_uint1)x160); + fiat_p384_addcarryx_u32(&x162, &x163, x161, x144, x147); uint32_t x164; - uint32_t x165; - fiat_p384_mulx_u32(&x164, &x165, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x165; + fiat_p384_addcarryx_u32(&x164, &x165, x163, x142, x145); uint32_t x166; - uint32_t x167; - fiat_p384_mulx_u32(&x166, &x167, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x167; + fiat_p384_addcarryx_u32(&x166, &x167, x165, x140, x143); uint32_t x168; - uint32_t x169; - fiat_p384_mulx_u32(&x168, &x169, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x169; + fiat_p384_addcarryx_u32(&x168, &x169, x167, x138, x141); uint32_t x170; - uint32_t x171; - fiat_p384_mulx_u32(&x170, &x171, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x171; + fiat_p384_addcarryx_u32(&x170, &x171, x169, x136, x139); uint32_t x172; - uint32_t x173; - fiat_p384_mulx_u32(&x172, &x173, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x173; + fiat_p384_addcarryx_u32(&x172, &x173, 0x0, x154, x112); uint32_t x174; - uint32_t x175; - fiat_p384_mulx_u32(&x174, &x175, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x175; + fiat_p384_addcarryx_u32(&x174, &x175, x173, x155, x114); uint32_t x176; - uint32_t x177; - fiat_p384_mulx_u32(&x176, &x177, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x177; + fiat_p384_addcarryx_u32(&x176, &x177, x175, 0x0, x116); uint32_t x178; - uint32_t x179; - fiat_p384_mulx_u32(&x178, &x179, x136, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x179; + fiat_p384_addcarryx_u32(&x178, &x179, x177, x152, x118); uint32_t x180; - uint32_t x181; - fiat_p384_mulx_u32(&x180, &x181, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x181; + fiat_p384_addcarryx_u32(&x180, &x181, x179, x156, x120); uint32_t x182; - uint32_t x183; - fiat_p384_mulx_u32(&x182, &x183, x136, UINT32_C(0xffffffff)); + fiat_p384_uint1 x183; + fiat_p384_addcarryx_u32(&x182, &x183, x181, x158, x122); uint32_t x184; fiat_p384_uint1 x185; - fiat_p384_addcarryx_u32(&x184, &x185, 0x0, x178, x181); + fiat_p384_addcarryx_u32(&x184, &x185, x183, x160, x124); uint32_t x186; fiat_p384_uint1 x187; - fiat_p384_addcarryx_u32(&x186, &x187, x185, x176, x179); + fiat_p384_addcarryx_u32(&x186, &x187, x185, x162, x126); uint32_t x188; fiat_p384_uint1 x189; - fiat_p384_addcarryx_u32(&x188, &x189, x187, x174, x177); + fiat_p384_addcarryx_u32(&x188, &x189, x187, x164, x128); uint32_t x190; fiat_p384_uint1 x191; - fiat_p384_addcarryx_u32(&x190, &x191, x189, x172, x175); + fiat_p384_addcarryx_u32(&x190, &x191, x189, x166, x130); uint32_t x192; fiat_p384_uint1 x193; - fiat_p384_addcarryx_u32(&x192, &x193, x191, x170, x173); + fiat_p384_addcarryx_u32(&x192, &x193, x191, x168, x132); uint32_t x194; fiat_p384_uint1 x195; - fiat_p384_addcarryx_u32(&x194, &x195, x193, x168, x171); + fiat_p384_addcarryx_u32(&x194, &x195, x193, x170, x134); uint32_t x196; fiat_p384_uint1 x197; - fiat_p384_addcarryx_u32(&x196, &x197, x195, x166, x169); + fiat_p384_addcarryx_u32(&x196, &x197, x111, 0x0, 0x0); uint32_t x198; fiat_p384_uint1 x199; - fiat_p384_addcarryx_u32(&x198, &x199, x197, x164, x167); + fiat_p384_addcarryx_u32(&x198, &x199, x135, 0x0, (fiat_p384_uint1)x196); uint32_t x200; fiat_p384_uint1 x201; - fiat_p384_addcarryx_u32(&x200, &x201, 0x0, x182, x136); + fiat_p384_addcarryx_u32(&x200, &x201, x171, 0x0, x137); uint32_t x202; fiat_p384_uint1 x203; - fiat_p384_addcarryx_u32(&x202, &x203, x201, x183, x138); + fiat_p384_addcarryx_u32(&x202, &x203, x195, x200, x198); uint32_t x204; fiat_p384_uint1 x205; - fiat_p384_addcarryx_u32(&x204, &x205, x203, 0x0, x140); + fiat_p384_addcarryx_u32(&x204, &x205, 0x0, (arg1[3]), x174); uint32_t x206; fiat_p384_uint1 x207; - fiat_p384_addcarryx_u32(&x206, &x207, x205, x180, x142); + fiat_p384_addcarryx_u32(&x206, &x207, x205, 0x0, x176); uint32_t x208; fiat_p384_uint1 x209; - fiat_p384_addcarryx_u32(&x208, &x209, x207, x184, x144); + fiat_p384_addcarryx_u32(&x208, &x209, x207, 0x0, x178); uint32_t x210; fiat_p384_uint1 x211; - fiat_p384_addcarryx_u32(&x210, &x211, x209, x186, x146); + fiat_p384_addcarryx_u32(&x210, &x211, x209, 0x0, x180); uint32_t x212; fiat_p384_uint1 x213; - fiat_p384_addcarryx_u32(&x212, &x213, x211, x188, x148); + fiat_p384_addcarryx_u32(&x212, &x213, x211, 0x0, x182); uint32_t x214; fiat_p384_uint1 x215; - fiat_p384_addcarryx_u32(&x214, &x215, x213, x190, x150); + fiat_p384_addcarryx_u32(&x214, &x215, x213, 0x0, x184); uint32_t x216; fiat_p384_uint1 x217; - fiat_p384_addcarryx_u32(&x216, &x217, x215, x192, x152); + fiat_p384_addcarryx_u32(&x216, &x217, x215, 0x0, x186); uint32_t x218; fiat_p384_uint1 x219; - fiat_p384_addcarryx_u32(&x218, &x219, x217, x194, x154); + fiat_p384_addcarryx_u32(&x218, &x219, x217, 0x0, x188); uint32_t x220; fiat_p384_uint1 x221; - fiat_p384_addcarryx_u32(&x220, &x221, x219, x196, x156); + fiat_p384_addcarryx_u32(&x220, &x221, x219, 0x0, x190); uint32_t x222; fiat_p384_uint1 x223; - fiat_p384_addcarryx_u32(&x222, &x223, x221, x198, x158); + fiat_p384_addcarryx_u32(&x222, &x223, x221, 0x0, x192); uint32_t x224; fiat_p384_uint1 x225; - fiat_p384_addcarryx_u32(&x224, &x225, x199, 0x0, x165); + fiat_p384_addcarryx_u32(&x224, &x225, x223, 0x0, x194); uint32_t x226; fiat_p384_uint1 x227; - fiat_p384_addcarryx_u32(&x226, &x227, x223, x224, x162); + fiat_p384_addcarryx_u32(&x226, &x227, x225, 0x0, x202); uint32_t x228; - fiat_p384_uint1 x229; - fiat_p384_addcarryx_u32(&x228, &x229, 0x0, (arg1[3]), x202); + uint32_t x229; + fiat_p384_mulx_u32(&x228, &x229, x204, UINT32_C(0xffffffff)); uint32_t x230; - fiat_p384_uint1 x231; - fiat_p384_addcarryx_u32(&x230, &x231, x229, 0x0, x204); + uint32_t x231; + fiat_p384_mulx_u32(&x230, &x231, x204, UINT32_C(0xffffffff)); uint32_t x232; - fiat_p384_uint1 x233; - fiat_p384_addcarryx_u32(&x232, &x233, x231, 0x0, x206); + uint32_t x233; + fiat_p384_mulx_u32(&x232, &x233, x204, UINT32_C(0xffffffff)); uint32_t x234; - fiat_p384_uint1 x235; - fiat_p384_addcarryx_u32(&x234, &x235, x233, 0x0, x208); + uint32_t x235; + fiat_p384_mulx_u32(&x234, &x235, x204, UINT32_C(0xffffffff)); uint32_t x236; - fiat_p384_uint1 x237; - fiat_p384_addcarryx_u32(&x236, &x237, x235, 0x0, x210); + uint32_t x237; + fiat_p384_mulx_u32(&x236, &x237, x204, UINT32_C(0xffffffff)); uint32_t x238; - fiat_p384_uint1 x239; - fiat_p384_addcarryx_u32(&x238, &x239, x237, 0x0, x212); + uint32_t x239; + fiat_p384_mulx_u32(&x238, &x239, x204, UINT32_C(0xffffffff)); uint32_t x240; - fiat_p384_uint1 x241; - fiat_p384_addcarryx_u32(&x240, &x241, x239, 0x0, x214); + uint32_t x241; + fiat_p384_mulx_u32(&x240, &x241, x204, UINT32_C(0xffffffff)); uint32_t x242; - fiat_p384_uint1 x243; - fiat_p384_addcarryx_u32(&x242, &x243, x241, 0x0, x216); + uint32_t x243; + fiat_p384_mulx_u32(&x242, &x243, x204, UINT32_C(0xfffffffe)); uint32_t x244; - fiat_p384_uint1 x245; - fiat_p384_addcarryx_u32(&x244, &x245, x243, 0x0, x218); + uint32_t x245; + fiat_p384_mulx_u32(&x244, &x245, x204, UINT32_C(0xffffffff)); uint32_t x246; - fiat_p384_uint1 x247; - fiat_p384_addcarryx_u32(&x246, &x247, x245, 0x0, x220); + uint32_t x247; + fiat_p384_mulx_u32(&x246, &x247, x204, UINT32_C(0xffffffff)); uint32_t x248; fiat_p384_uint1 x249; - fiat_p384_addcarryx_u32(&x248, &x249, x247, 0x0, x222); + fiat_p384_addcarryx_u32(&x248, &x249, 0x0, x242, x245); uint32_t x250; fiat_p384_uint1 x251; - fiat_p384_addcarryx_u32(&x250, &x251, x249, 0x0, x226); + fiat_p384_addcarryx_u32(&x250, &x251, x249, x240, x243); uint32_t x252; fiat_p384_uint1 x253; - fiat_p384_addcarryx_u32(&x252, &x253, x227, 0x0, x163); + fiat_p384_addcarryx_u32(&x252, &x253, x251, x238, x241); uint32_t x254; fiat_p384_uint1 x255; - fiat_p384_addcarryx_u32(&x254, &x255, x251, 0x0, (fiat_p384_uint1)x252); + fiat_p384_addcarryx_u32(&x254, &x255, x253, x236, x239); uint32_t x256; - uint32_t x257; - fiat_p384_mulx_u32(&x256, &x257, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x257; + fiat_p384_addcarryx_u32(&x256, &x257, x255, x234, x237); uint32_t x258; - uint32_t x259; - fiat_p384_mulx_u32(&x258, &x259, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x259; + fiat_p384_addcarryx_u32(&x258, &x259, x257, x232, x235); uint32_t x260; - uint32_t x261; - fiat_p384_mulx_u32(&x260, &x261, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x261; + fiat_p384_addcarryx_u32(&x260, &x261, x259, x230, x233); uint32_t x262; - uint32_t x263; - fiat_p384_mulx_u32(&x262, &x263, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x263; + fiat_p384_addcarryx_u32(&x262, &x263, x261, x228, x231); uint32_t x264; - uint32_t x265; - fiat_p384_mulx_u32(&x264, &x265, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x265; + fiat_p384_addcarryx_u32(&x264, &x265, 0x0, x246, x204); uint32_t x266; - uint32_t x267; - fiat_p384_mulx_u32(&x266, &x267, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x267; + fiat_p384_addcarryx_u32(&x266, &x267, x265, x247, x206); uint32_t x268; - uint32_t x269; - fiat_p384_mulx_u32(&x268, &x269, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x269; + fiat_p384_addcarryx_u32(&x268, &x269, x267, 0x0, x208); uint32_t x270; - uint32_t x271; - fiat_p384_mulx_u32(&x270, &x271, x228, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x271; + fiat_p384_addcarryx_u32(&x270, &x271, x269, x244, x210); uint32_t x272; - uint32_t x273; - fiat_p384_mulx_u32(&x272, &x273, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x273; + fiat_p384_addcarryx_u32(&x272, &x273, x271, x248, x212); uint32_t x274; - uint32_t x275; - fiat_p384_mulx_u32(&x274, &x275, x228, UINT32_C(0xffffffff)); + fiat_p384_uint1 x275; + fiat_p384_addcarryx_u32(&x274, &x275, x273, x250, x214); uint32_t x276; fiat_p384_uint1 x277; - fiat_p384_addcarryx_u32(&x276, &x277, 0x0, x270, x273); + fiat_p384_addcarryx_u32(&x276, &x277, x275, x252, x216); uint32_t x278; fiat_p384_uint1 x279; - fiat_p384_addcarryx_u32(&x278, &x279, x277, x268, x271); + fiat_p384_addcarryx_u32(&x278, &x279, x277, x254, x218); uint32_t x280; fiat_p384_uint1 x281; - fiat_p384_addcarryx_u32(&x280, &x281, x279, x266, x269); + fiat_p384_addcarryx_u32(&x280, &x281, x279, x256, x220); uint32_t x282; fiat_p384_uint1 x283; - fiat_p384_addcarryx_u32(&x282, &x283, x281, x264, x267); + fiat_p384_addcarryx_u32(&x282, &x283, x281, x258, x222); uint32_t x284; fiat_p384_uint1 x285; - fiat_p384_addcarryx_u32(&x284, &x285, x283, x262, x265); + fiat_p384_addcarryx_u32(&x284, &x285, x283, x260, x224); uint32_t x286; fiat_p384_uint1 x287; - fiat_p384_addcarryx_u32(&x286, &x287, x285, x260, x263); + fiat_p384_addcarryx_u32(&x286, &x287, x285, x262, x226); uint32_t x288; fiat_p384_uint1 x289; - fiat_p384_addcarryx_u32(&x288, &x289, x287, x258, x261); + fiat_p384_addcarryx_u32(&x288, &x289, x203, 0x0, 0x0); uint32_t x290; fiat_p384_uint1 x291; - fiat_p384_addcarryx_u32(&x290, &x291, x289, x256, x259); + fiat_p384_addcarryx_u32(&x290, &x291, x227, 0x0, (fiat_p384_uint1)x288); uint32_t x292; fiat_p384_uint1 x293; - fiat_p384_addcarryx_u32(&x292, &x293, 0x0, x274, x228); + fiat_p384_addcarryx_u32(&x292, &x293, x263, 0x0, x229); uint32_t x294; fiat_p384_uint1 x295; - fiat_p384_addcarryx_u32(&x294, &x295, x293, x275, x230); + fiat_p384_addcarryx_u32(&x294, &x295, x287, x292, x290); uint32_t x296; fiat_p384_uint1 x297; - fiat_p384_addcarryx_u32(&x296, &x297, x295, 0x0, x232); + fiat_p384_addcarryx_u32(&x296, &x297, 0x0, (arg1[4]), x266); uint32_t x298; fiat_p384_uint1 x299; - fiat_p384_addcarryx_u32(&x298, &x299, x297, x272, x234); + fiat_p384_addcarryx_u32(&x298, &x299, x297, 0x0, x268); uint32_t x300; fiat_p384_uint1 x301; - fiat_p384_addcarryx_u32(&x300, &x301, x299, x276, x236); + fiat_p384_addcarryx_u32(&x300, &x301, x299, 0x0, x270); uint32_t x302; fiat_p384_uint1 x303; - fiat_p384_addcarryx_u32(&x302, &x303, x301, x278, x238); + fiat_p384_addcarryx_u32(&x302, &x303, x301, 0x0, x272); uint32_t x304; fiat_p384_uint1 x305; - fiat_p384_addcarryx_u32(&x304, &x305, x303, x280, x240); + fiat_p384_addcarryx_u32(&x304, &x305, x303, 0x0, x274); uint32_t x306; fiat_p384_uint1 x307; - fiat_p384_addcarryx_u32(&x306, &x307, x305, x282, x242); + fiat_p384_addcarryx_u32(&x306, &x307, x305, 0x0, x276); uint32_t x308; fiat_p384_uint1 x309; - fiat_p384_addcarryx_u32(&x308, &x309, x307, x284, x244); + fiat_p384_addcarryx_u32(&x308, &x309, x307, 0x0, x278); uint32_t x310; fiat_p384_uint1 x311; - fiat_p384_addcarryx_u32(&x310, &x311, x309, x286, x246); + fiat_p384_addcarryx_u32(&x310, &x311, x309, 0x0, x280); uint32_t x312; fiat_p384_uint1 x313; - fiat_p384_addcarryx_u32(&x312, &x313, x311, x288, x248); + fiat_p384_addcarryx_u32(&x312, &x313, x311, 0x0, x282); uint32_t x314; fiat_p384_uint1 x315; - fiat_p384_addcarryx_u32(&x314, &x315, x313, x290, x250); + fiat_p384_addcarryx_u32(&x314, &x315, x313, 0x0, x284); uint32_t x316; fiat_p384_uint1 x317; - fiat_p384_addcarryx_u32(&x316, &x317, x291, 0x0, x257); + fiat_p384_addcarryx_u32(&x316, &x317, x315, 0x0, x286); uint32_t x318; fiat_p384_uint1 x319; - fiat_p384_addcarryx_u32(&x318, &x319, x315, x316, x254); + fiat_p384_addcarryx_u32(&x318, &x319, x317, 0x0, x294); uint32_t x320; - fiat_p384_uint1 x321; - fiat_p384_addcarryx_u32(&x320, &x321, 0x0, (arg1[4]), x294); + uint32_t x321; + fiat_p384_mulx_u32(&x320, &x321, x296, UINT32_C(0xffffffff)); uint32_t x322; - fiat_p384_uint1 x323; - fiat_p384_addcarryx_u32(&x322, &x323, x321, 0x0, x296); + uint32_t x323; + fiat_p384_mulx_u32(&x322, &x323, x296, UINT32_C(0xffffffff)); uint32_t x324; - fiat_p384_uint1 x325; - fiat_p384_addcarryx_u32(&x324, &x325, x323, 0x0, x298); + uint32_t x325; + fiat_p384_mulx_u32(&x324, &x325, x296, UINT32_C(0xffffffff)); uint32_t x326; - fiat_p384_uint1 x327; - fiat_p384_addcarryx_u32(&x326, &x327, x325, 0x0, x300); + uint32_t x327; + fiat_p384_mulx_u32(&x326, &x327, x296, UINT32_C(0xffffffff)); uint32_t x328; - fiat_p384_uint1 x329; - fiat_p384_addcarryx_u32(&x328, &x329, x327, 0x0, x302); + uint32_t x329; + fiat_p384_mulx_u32(&x328, &x329, x296, UINT32_C(0xffffffff)); uint32_t x330; - fiat_p384_uint1 x331; - fiat_p384_addcarryx_u32(&x330, &x331, x329, 0x0, x304); + uint32_t x331; + fiat_p384_mulx_u32(&x330, &x331, x296, UINT32_C(0xffffffff)); uint32_t x332; - fiat_p384_uint1 x333; - fiat_p384_addcarryx_u32(&x332, &x333, x331, 0x0, x306); + uint32_t x333; + fiat_p384_mulx_u32(&x332, &x333, x296, UINT32_C(0xffffffff)); uint32_t x334; - fiat_p384_uint1 x335; - fiat_p384_addcarryx_u32(&x334, &x335, x333, 0x0, x308); + uint32_t x335; + fiat_p384_mulx_u32(&x334, &x335, x296, UINT32_C(0xfffffffe)); uint32_t x336; - fiat_p384_uint1 x337; - fiat_p384_addcarryx_u32(&x336, &x337, x335, 0x0, x310); + uint32_t x337; + fiat_p384_mulx_u32(&x336, &x337, x296, UINT32_C(0xffffffff)); uint32_t x338; - fiat_p384_uint1 x339; - fiat_p384_addcarryx_u32(&x338, &x339, x337, 0x0, x312); + uint32_t x339; + fiat_p384_mulx_u32(&x338, &x339, x296, UINT32_C(0xffffffff)); uint32_t x340; fiat_p384_uint1 x341; - fiat_p384_addcarryx_u32(&x340, &x341, x339, 0x0, x314); + fiat_p384_addcarryx_u32(&x340, &x341, 0x0, x334, x337); uint32_t x342; fiat_p384_uint1 x343; - fiat_p384_addcarryx_u32(&x342, &x343, x341, 0x0, x318); + fiat_p384_addcarryx_u32(&x342, &x343, x341, x332, x335); uint32_t x344; fiat_p384_uint1 x345; - fiat_p384_addcarryx_u32(&x344, &x345, x319, 0x0, x255); + fiat_p384_addcarryx_u32(&x344, &x345, x343, x330, x333); uint32_t x346; fiat_p384_uint1 x347; - fiat_p384_addcarryx_u32(&x346, &x347, x343, 0x0, (fiat_p384_uint1)x344); + fiat_p384_addcarryx_u32(&x346, &x347, x345, x328, x331); uint32_t x348; - uint32_t x349; - fiat_p384_mulx_u32(&x348, &x349, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x349; + fiat_p384_addcarryx_u32(&x348, &x349, x347, x326, x329); uint32_t x350; - uint32_t x351; - fiat_p384_mulx_u32(&x350, &x351, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x351; + fiat_p384_addcarryx_u32(&x350, &x351, x349, x324, x327); uint32_t x352; - uint32_t x353; - fiat_p384_mulx_u32(&x352, &x353, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x353; + fiat_p384_addcarryx_u32(&x352, &x353, x351, x322, x325); uint32_t x354; - uint32_t x355; - fiat_p384_mulx_u32(&x354, &x355, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x355; + fiat_p384_addcarryx_u32(&x354, &x355, x353, x320, x323); uint32_t x356; - uint32_t x357; - fiat_p384_mulx_u32(&x356, &x357, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x357; + fiat_p384_addcarryx_u32(&x356, &x357, 0x0, x338, x296); uint32_t x358; - uint32_t x359; - fiat_p384_mulx_u32(&x358, &x359, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x359; + fiat_p384_addcarryx_u32(&x358, &x359, x357, x339, x298); uint32_t x360; - uint32_t x361; - fiat_p384_mulx_u32(&x360, &x361, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x361; + fiat_p384_addcarryx_u32(&x360, &x361, x359, 0x0, x300); uint32_t x362; - uint32_t x363; - fiat_p384_mulx_u32(&x362, &x363, x320, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x363; + fiat_p384_addcarryx_u32(&x362, &x363, x361, x336, x302); uint32_t x364; - uint32_t x365; - fiat_p384_mulx_u32(&x364, &x365, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x365; + fiat_p384_addcarryx_u32(&x364, &x365, x363, x340, x304); uint32_t x366; - uint32_t x367; - fiat_p384_mulx_u32(&x366, &x367, x320, UINT32_C(0xffffffff)); + fiat_p384_uint1 x367; + fiat_p384_addcarryx_u32(&x366, &x367, x365, x342, x306); uint32_t x368; fiat_p384_uint1 x369; - fiat_p384_addcarryx_u32(&x368, &x369, 0x0, x362, x365); + fiat_p384_addcarryx_u32(&x368, &x369, x367, x344, x308); uint32_t x370; fiat_p384_uint1 x371; - fiat_p384_addcarryx_u32(&x370, &x371, x369, x360, x363); + fiat_p384_addcarryx_u32(&x370, &x371, x369, x346, x310); uint32_t x372; fiat_p384_uint1 x373; - fiat_p384_addcarryx_u32(&x372, &x373, x371, x358, x361); + fiat_p384_addcarryx_u32(&x372, &x373, x371, x348, x312); uint32_t x374; fiat_p384_uint1 x375; - fiat_p384_addcarryx_u32(&x374, &x375, x373, x356, x359); + fiat_p384_addcarryx_u32(&x374, &x375, x373, x350, x314); uint32_t x376; fiat_p384_uint1 x377; - fiat_p384_addcarryx_u32(&x376, &x377, x375, x354, x357); + fiat_p384_addcarryx_u32(&x376, &x377, x375, x352, x316); uint32_t x378; fiat_p384_uint1 x379; - fiat_p384_addcarryx_u32(&x378, &x379, x377, x352, x355); + fiat_p384_addcarryx_u32(&x378, &x379, x377, x354, x318); uint32_t x380; fiat_p384_uint1 x381; - fiat_p384_addcarryx_u32(&x380, &x381, x379, x350, x353); + fiat_p384_addcarryx_u32(&x380, &x381, x295, 0x0, 0x0); uint32_t x382; fiat_p384_uint1 x383; - fiat_p384_addcarryx_u32(&x382, &x383, x381, x348, x351); + fiat_p384_addcarryx_u32(&x382, &x383, x319, 0x0, (fiat_p384_uint1)x380); uint32_t x384; fiat_p384_uint1 x385; - fiat_p384_addcarryx_u32(&x384, &x385, 0x0, x366, x320); + fiat_p384_addcarryx_u32(&x384, &x385, x355, 0x0, x321); uint32_t x386; fiat_p384_uint1 x387; - fiat_p384_addcarryx_u32(&x386, &x387, x385, x367, x322); + fiat_p384_addcarryx_u32(&x386, &x387, x379, x384, x382); uint32_t x388; fiat_p384_uint1 x389; - fiat_p384_addcarryx_u32(&x388, &x389, x387, 0x0, x324); + fiat_p384_addcarryx_u32(&x388, &x389, 0x0, (arg1[5]), x358); uint32_t x390; fiat_p384_uint1 x391; - fiat_p384_addcarryx_u32(&x390, &x391, x389, x364, x326); + fiat_p384_addcarryx_u32(&x390, &x391, x389, 0x0, x360); uint32_t x392; fiat_p384_uint1 x393; - fiat_p384_addcarryx_u32(&x392, &x393, x391, x368, x328); + fiat_p384_addcarryx_u32(&x392, &x393, x391, 0x0, x362); uint32_t x394; fiat_p384_uint1 x395; - fiat_p384_addcarryx_u32(&x394, &x395, x393, x370, x330); + fiat_p384_addcarryx_u32(&x394, &x395, x393, 0x0, x364); uint32_t x396; fiat_p384_uint1 x397; - fiat_p384_addcarryx_u32(&x396, &x397, x395, x372, x332); + fiat_p384_addcarryx_u32(&x396, &x397, x395, 0x0, x366); uint32_t x398; fiat_p384_uint1 x399; - fiat_p384_addcarryx_u32(&x398, &x399, x397, x374, x334); + fiat_p384_addcarryx_u32(&x398, &x399, x397, 0x0, x368); uint32_t x400; fiat_p384_uint1 x401; - fiat_p384_addcarryx_u32(&x400, &x401, x399, x376, x336); + fiat_p384_addcarryx_u32(&x400, &x401, x399, 0x0, x370); uint32_t x402; fiat_p384_uint1 x403; - fiat_p384_addcarryx_u32(&x402, &x403, x401, x378, x338); + fiat_p384_addcarryx_u32(&x402, &x403, x401, 0x0, x372); uint32_t x404; fiat_p384_uint1 x405; - fiat_p384_addcarryx_u32(&x404, &x405, x403, x380, x340); + fiat_p384_addcarryx_u32(&x404, &x405, x403, 0x0, x374); uint32_t x406; fiat_p384_uint1 x407; - fiat_p384_addcarryx_u32(&x406, &x407, x405, x382, x342); + fiat_p384_addcarryx_u32(&x406, &x407, x405, 0x0, x376); uint32_t x408; fiat_p384_uint1 x409; - fiat_p384_addcarryx_u32(&x408, &x409, x383, 0x0, x349); + fiat_p384_addcarryx_u32(&x408, &x409, x407, 0x0, x378); uint32_t x410; fiat_p384_uint1 x411; - fiat_p384_addcarryx_u32(&x410, &x411, x407, x408, x346); + fiat_p384_addcarryx_u32(&x410, &x411, x409, 0x0, x386); uint32_t x412; - fiat_p384_uint1 x413; - fiat_p384_addcarryx_u32(&x412, &x413, 0x0, (arg1[5]), x386); + uint32_t x413; + fiat_p384_mulx_u32(&x412, &x413, x388, UINT32_C(0xffffffff)); uint32_t x414; - fiat_p384_uint1 x415; - fiat_p384_addcarryx_u32(&x414, &x415, x413, 0x0, x388); + uint32_t x415; + fiat_p384_mulx_u32(&x414, &x415, x388, UINT32_C(0xffffffff)); uint32_t x416; - fiat_p384_uint1 x417; - fiat_p384_addcarryx_u32(&x416, &x417, x415, 0x0, x390); + uint32_t x417; + fiat_p384_mulx_u32(&x416, &x417, x388, UINT32_C(0xffffffff)); uint32_t x418; - fiat_p384_uint1 x419; - fiat_p384_addcarryx_u32(&x418, &x419, x417, 0x0, x392); + uint32_t x419; + fiat_p384_mulx_u32(&x418, &x419, x388, UINT32_C(0xffffffff)); uint32_t x420; - fiat_p384_uint1 x421; - fiat_p384_addcarryx_u32(&x420, &x421, x419, 0x0, x394); + uint32_t x421; + fiat_p384_mulx_u32(&x420, &x421, x388, UINT32_C(0xffffffff)); uint32_t x422; - fiat_p384_uint1 x423; - fiat_p384_addcarryx_u32(&x422, &x423, x421, 0x0, x396); + uint32_t x423; + fiat_p384_mulx_u32(&x422, &x423, x388, UINT32_C(0xffffffff)); uint32_t x424; - fiat_p384_uint1 x425; - fiat_p384_addcarryx_u32(&x424, &x425, x423, 0x0, x398); + uint32_t x425; + fiat_p384_mulx_u32(&x424, &x425, x388, UINT32_C(0xffffffff)); uint32_t x426; - fiat_p384_uint1 x427; - fiat_p384_addcarryx_u32(&x426, &x427, x425, 0x0, x400); + uint32_t x427; + fiat_p384_mulx_u32(&x426, &x427, x388, UINT32_C(0xfffffffe)); uint32_t x428; - fiat_p384_uint1 x429; - fiat_p384_addcarryx_u32(&x428, &x429, x427, 0x0, x402); + uint32_t x429; + fiat_p384_mulx_u32(&x428, &x429, x388, UINT32_C(0xffffffff)); uint32_t x430; - fiat_p384_uint1 x431; - fiat_p384_addcarryx_u32(&x430, &x431, x429, 0x0, x404); + uint32_t x431; + fiat_p384_mulx_u32(&x430, &x431, x388, UINT32_C(0xffffffff)); uint32_t x432; fiat_p384_uint1 x433; - fiat_p384_addcarryx_u32(&x432, &x433, x431, 0x0, x406); + fiat_p384_addcarryx_u32(&x432, &x433, 0x0, x426, x429); uint32_t x434; fiat_p384_uint1 x435; - fiat_p384_addcarryx_u32(&x434, &x435, x433, 0x0, x410); + fiat_p384_addcarryx_u32(&x434, &x435, x433, x424, x427); uint32_t x436; fiat_p384_uint1 x437; - fiat_p384_addcarryx_u32(&x436, &x437, x411, 0x0, x347); + fiat_p384_addcarryx_u32(&x436, &x437, x435, x422, x425); uint32_t x438; fiat_p384_uint1 x439; - fiat_p384_addcarryx_u32(&x438, &x439, x435, 0x0, (fiat_p384_uint1)x436); + fiat_p384_addcarryx_u32(&x438, &x439, x437, x420, x423); uint32_t x440; - uint32_t x441; - fiat_p384_mulx_u32(&x440, &x441, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x441; + fiat_p384_addcarryx_u32(&x440, &x441, x439, x418, x421); uint32_t x442; - uint32_t x443; - fiat_p384_mulx_u32(&x442, &x443, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x443; + fiat_p384_addcarryx_u32(&x442, &x443, x441, x416, x419); uint32_t x444; - uint32_t x445; - fiat_p384_mulx_u32(&x444, &x445, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x445; + fiat_p384_addcarryx_u32(&x444, &x445, x443, x414, x417); uint32_t x446; - uint32_t x447; - fiat_p384_mulx_u32(&x446, &x447, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x447; + fiat_p384_addcarryx_u32(&x446, &x447, x445, x412, x415); uint32_t x448; - uint32_t x449; - fiat_p384_mulx_u32(&x448, &x449, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x449; + fiat_p384_addcarryx_u32(&x448, &x449, 0x0, x430, x388); uint32_t x450; - uint32_t x451; - fiat_p384_mulx_u32(&x450, &x451, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x451; + fiat_p384_addcarryx_u32(&x450, &x451, x449, x431, x390); uint32_t x452; - uint32_t x453; - fiat_p384_mulx_u32(&x452, &x453, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x453; + fiat_p384_addcarryx_u32(&x452, &x453, x451, 0x0, x392); uint32_t x454; - uint32_t x455; - fiat_p384_mulx_u32(&x454, &x455, x412, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x455; + fiat_p384_addcarryx_u32(&x454, &x455, x453, x428, x394); uint32_t x456; - uint32_t x457; - fiat_p384_mulx_u32(&x456, &x457, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x457; + fiat_p384_addcarryx_u32(&x456, &x457, x455, x432, x396); uint32_t x458; - uint32_t x459; - fiat_p384_mulx_u32(&x458, &x459, x412, UINT32_C(0xffffffff)); + fiat_p384_uint1 x459; + fiat_p384_addcarryx_u32(&x458, &x459, x457, x434, x398); uint32_t x460; fiat_p384_uint1 x461; - fiat_p384_addcarryx_u32(&x460, &x461, 0x0, x454, x457); + fiat_p384_addcarryx_u32(&x460, &x461, x459, x436, x400); uint32_t x462; fiat_p384_uint1 x463; - fiat_p384_addcarryx_u32(&x462, &x463, x461, x452, x455); + fiat_p384_addcarryx_u32(&x462, &x463, x461, x438, x402); uint32_t x464; fiat_p384_uint1 x465; - fiat_p384_addcarryx_u32(&x464, &x465, x463, x450, x453); + fiat_p384_addcarryx_u32(&x464, &x465, x463, x440, x404); uint32_t x466; fiat_p384_uint1 x467; - fiat_p384_addcarryx_u32(&x466, &x467, x465, x448, x451); + fiat_p384_addcarryx_u32(&x466, &x467, x465, x442, x406); uint32_t x468; fiat_p384_uint1 x469; - fiat_p384_addcarryx_u32(&x468, &x469, x467, x446, x449); + fiat_p384_addcarryx_u32(&x468, &x469, x467, x444, x408); uint32_t x470; fiat_p384_uint1 x471; - fiat_p384_addcarryx_u32(&x470, &x471, x469, x444, x447); + fiat_p384_addcarryx_u32(&x470, &x471, x469, x446, x410); uint32_t x472; fiat_p384_uint1 x473; - fiat_p384_addcarryx_u32(&x472, &x473, x471, x442, x445); + fiat_p384_addcarryx_u32(&x472, &x473, x387, 0x0, 0x0); uint32_t x474; fiat_p384_uint1 x475; - fiat_p384_addcarryx_u32(&x474, &x475, x473, x440, x443); + fiat_p384_addcarryx_u32(&x474, &x475, x411, 0x0, (fiat_p384_uint1)x472); uint32_t x476; fiat_p384_uint1 x477; - fiat_p384_addcarryx_u32(&x476, &x477, 0x0, x458, x412); + fiat_p384_addcarryx_u32(&x476, &x477, x447, 0x0, x413); uint32_t x478; fiat_p384_uint1 x479; - fiat_p384_addcarryx_u32(&x478, &x479, x477, x459, x414); + fiat_p384_addcarryx_u32(&x478, &x479, x471, x476, x474); uint32_t x480; fiat_p384_uint1 x481; - fiat_p384_addcarryx_u32(&x480, &x481, x479, 0x0, x416); + fiat_p384_addcarryx_u32(&x480, &x481, 0x0, (arg1[6]), x450); uint32_t x482; fiat_p384_uint1 x483; - fiat_p384_addcarryx_u32(&x482, &x483, x481, x456, x418); + fiat_p384_addcarryx_u32(&x482, &x483, x481, 0x0, x452); uint32_t x484; fiat_p384_uint1 x485; - fiat_p384_addcarryx_u32(&x484, &x485, x483, x460, x420); + fiat_p384_addcarryx_u32(&x484, &x485, x483, 0x0, x454); uint32_t x486; fiat_p384_uint1 x487; - fiat_p384_addcarryx_u32(&x486, &x487, x485, x462, x422); + fiat_p384_addcarryx_u32(&x486, &x487, x485, 0x0, x456); uint32_t x488; fiat_p384_uint1 x489; - fiat_p384_addcarryx_u32(&x488, &x489, x487, x464, x424); + fiat_p384_addcarryx_u32(&x488, &x489, x487, 0x0, x458); uint32_t x490; fiat_p384_uint1 x491; - fiat_p384_addcarryx_u32(&x490, &x491, x489, x466, x426); + fiat_p384_addcarryx_u32(&x490, &x491, x489, 0x0, x460); uint32_t x492; fiat_p384_uint1 x493; - fiat_p384_addcarryx_u32(&x492, &x493, x491, x468, x428); + fiat_p384_addcarryx_u32(&x492, &x493, x491, 0x0, x462); uint32_t x494; fiat_p384_uint1 x495; - fiat_p384_addcarryx_u32(&x494, &x495, x493, x470, x430); + fiat_p384_addcarryx_u32(&x494, &x495, x493, 0x0, x464); uint32_t x496; fiat_p384_uint1 x497; - fiat_p384_addcarryx_u32(&x496, &x497, x495, x472, x432); + fiat_p384_addcarryx_u32(&x496, &x497, x495, 0x0, x466); uint32_t x498; fiat_p384_uint1 x499; - fiat_p384_addcarryx_u32(&x498, &x499, x497, x474, x434); + fiat_p384_addcarryx_u32(&x498, &x499, x497, 0x0, x468); uint32_t x500; fiat_p384_uint1 x501; - fiat_p384_addcarryx_u32(&x500, &x501, x475, 0x0, x441); + fiat_p384_addcarryx_u32(&x500, &x501, x499, 0x0, x470); uint32_t x502; fiat_p384_uint1 x503; - fiat_p384_addcarryx_u32(&x502, &x503, x499, x500, x438); + fiat_p384_addcarryx_u32(&x502, &x503, x501, 0x0, x478); uint32_t x504; - fiat_p384_uint1 x505; - fiat_p384_addcarryx_u32(&x504, &x505, 0x0, (arg1[6]), x478); + uint32_t x505; + fiat_p384_mulx_u32(&x504, &x505, x480, UINT32_C(0xffffffff)); uint32_t x506; - fiat_p384_uint1 x507; - fiat_p384_addcarryx_u32(&x506, &x507, x505, 0x0, x480); + uint32_t x507; + fiat_p384_mulx_u32(&x506, &x507, x480, UINT32_C(0xffffffff)); uint32_t x508; - fiat_p384_uint1 x509; - fiat_p384_addcarryx_u32(&x508, &x509, x507, 0x0, x482); + uint32_t x509; + fiat_p384_mulx_u32(&x508, &x509, x480, UINT32_C(0xffffffff)); uint32_t x510; - fiat_p384_uint1 x511; - fiat_p384_addcarryx_u32(&x510, &x511, x509, 0x0, x484); + uint32_t x511; + fiat_p384_mulx_u32(&x510, &x511, x480, UINT32_C(0xffffffff)); uint32_t x512; - fiat_p384_uint1 x513; - fiat_p384_addcarryx_u32(&x512, &x513, x511, 0x0, x486); + uint32_t x513; + fiat_p384_mulx_u32(&x512, &x513, x480, UINT32_C(0xffffffff)); uint32_t x514; - fiat_p384_uint1 x515; - fiat_p384_addcarryx_u32(&x514, &x515, x513, 0x0, x488); + uint32_t x515; + fiat_p384_mulx_u32(&x514, &x515, x480, UINT32_C(0xffffffff)); uint32_t x516; - fiat_p384_uint1 x517; - fiat_p384_addcarryx_u32(&x516, &x517, x515, 0x0, x490); + uint32_t x517; + fiat_p384_mulx_u32(&x516, &x517, x480, UINT32_C(0xffffffff)); uint32_t x518; - fiat_p384_uint1 x519; - fiat_p384_addcarryx_u32(&x518, &x519, x517, 0x0, x492); + uint32_t x519; + fiat_p384_mulx_u32(&x518, &x519, x480, UINT32_C(0xfffffffe)); uint32_t x520; - fiat_p384_uint1 x521; - fiat_p384_addcarryx_u32(&x520, &x521, x519, 0x0, x494); + uint32_t x521; + fiat_p384_mulx_u32(&x520, &x521, x480, UINT32_C(0xffffffff)); uint32_t x522; - fiat_p384_uint1 x523; - fiat_p384_addcarryx_u32(&x522, &x523, x521, 0x0, x496); + uint32_t x523; + fiat_p384_mulx_u32(&x522, &x523, x480, UINT32_C(0xffffffff)); uint32_t x524; fiat_p384_uint1 x525; - fiat_p384_addcarryx_u32(&x524, &x525, x523, 0x0, x498); + fiat_p384_addcarryx_u32(&x524, &x525, 0x0, x518, x521); uint32_t x526; fiat_p384_uint1 x527; - fiat_p384_addcarryx_u32(&x526, &x527, x525, 0x0, x502); + fiat_p384_addcarryx_u32(&x526, &x527, x525, x516, x519); uint32_t x528; fiat_p384_uint1 x529; - fiat_p384_addcarryx_u32(&x528, &x529, x503, 0x0, x439); + fiat_p384_addcarryx_u32(&x528, &x529, x527, x514, x517); uint32_t x530; fiat_p384_uint1 x531; - fiat_p384_addcarryx_u32(&x530, &x531, x527, 0x0, (fiat_p384_uint1)x528); + fiat_p384_addcarryx_u32(&x530, &x531, x529, x512, x515); uint32_t x532; - uint32_t x533; - fiat_p384_mulx_u32(&x532, &x533, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x533; + fiat_p384_addcarryx_u32(&x532, &x533, x531, x510, x513); uint32_t x534; - uint32_t x535; - fiat_p384_mulx_u32(&x534, &x535, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x535; + fiat_p384_addcarryx_u32(&x534, &x535, x533, x508, x511); uint32_t x536; - uint32_t x537; - fiat_p384_mulx_u32(&x536, &x537, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x537; + fiat_p384_addcarryx_u32(&x536, &x537, x535, x506, x509); uint32_t x538; - uint32_t x539; - fiat_p384_mulx_u32(&x538, &x539, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x539; + fiat_p384_addcarryx_u32(&x538, &x539, x537, x504, x507); uint32_t x540; - uint32_t x541; - fiat_p384_mulx_u32(&x540, &x541, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x541; + fiat_p384_addcarryx_u32(&x540, &x541, 0x0, x522, x480); uint32_t x542; - uint32_t x543; - fiat_p384_mulx_u32(&x542, &x543, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x543; + fiat_p384_addcarryx_u32(&x542, &x543, x541, x523, x482); uint32_t x544; - uint32_t x545; - fiat_p384_mulx_u32(&x544, &x545, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x545; + fiat_p384_addcarryx_u32(&x544, &x545, x543, 0x0, x484); uint32_t x546; - uint32_t x547; - fiat_p384_mulx_u32(&x546, &x547, x504, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x547; + fiat_p384_addcarryx_u32(&x546, &x547, x545, x520, x486); uint32_t x548; - uint32_t x549; - fiat_p384_mulx_u32(&x548, &x549, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x549; + fiat_p384_addcarryx_u32(&x548, &x549, x547, x524, x488); uint32_t x550; - uint32_t x551; - fiat_p384_mulx_u32(&x550, &x551, x504, UINT32_C(0xffffffff)); + fiat_p384_uint1 x551; + fiat_p384_addcarryx_u32(&x550, &x551, x549, x526, x490); uint32_t x552; fiat_p384_uint1 x553; - fiat_p384_addcarryx_u32(&x552, &x553, 0x0, x546, x549); + fiat_p384_addcarryx_u32(&x552, &x553, x551, x528, x492); uint32_t x554; fiat_p384_uint1 x555; - fiat_p384_addcarryx_u32(&x554, &x555, x553, x544, x547); + fiat_p384_addcarryx_u32(&x554, &x555, x553, x530, x494); uint32_t x556; fiat_p384_uint1 x557; - fiat_p384_addcarryx_u32(&x556, &x557, x555, x542, x545); + fiat_p384_addcarryx_u32(&x556, &x557, x555, x532, x496); uint32_t x558; fiat_p384_uint1 x559; - fiat_p384_addcarryx_u32(&x558, &x559, x557, x540, x543); + fiat_p384_addcarryx_u32(&x558, &x559, x557, x534, x498); uint32_t x560; fiat_p384_uint1 x561; - fiat_p384_addcarryx_u32(&x560, &x561, x559, x538, x541); + fiat_p384_addcarryx_u32(&x560, &x561, x559, x536, x500); uint32_t x562; fiat_p384_uint1 x563; - fiat_p384_addcarryx_u32(&x562, &x563, x561, x536, x539); + fiat_p384_addcarryx_u32(&x562, &x563, x561, x538, x502); uint32_t x564; fiat_p384_uint1 x565; - fiat_p384_addcarryx_u32(&x564, &x565, x563, x534, x537); + fiat_p384_addcarryx_u32(&x564, &x565, x479, 0x0, 0x0); uint32_t x566; fiat_p384_uint1 x567; - fiat_p384_addcarryx_u32(&x566, &x567, x565, x532, x535); + fiat_p384_addcarryx_u32(&x566, &x567, x503, 0x0, (fiat_p384_uint1)x564); uint32_t x568; fiat_p384_uint1 x569; - fiat_p384_addcarryx_u32(&x568, &x569, 0x0, x550, x504); + fiat_p384_addcarryx_u32(&x568, &x569, x539, 0x0, x505); uint32_t x570; fiat_p384_uint1 x571; - fiat_p384_addcarryx_u32(&x570, &x571, x569, x551, x506); + fiat_p384_addcarryx_u32(&x570, &x571, x563, x568, x566); uint32_t x572; fiat_p384_uint1 x573; - fiat_p384_addcarryx_u32(&x572, &x573, x571, 0x0, x508); + fiat_p384_addcarryx_u32(&x572, &x573, 0x0, (arg1[7]), x542); uint32_t x574; fiat_p384_uint1 x575; - fiat_p384_addcarryx_u32(&x574, &x575, x573, x548, x510); + fiat_p384_addcarryx_u32(&x574, &x575, x573, 0x0, x544); uint32_t x576; fiat_p384_uint1 x577; - fiat_p384_addcarryx_u32(&x576, &x577, x575, x552, x512); + fiat_p384_addcarryx_u32(&x576, &x577, x575, 0x0, x546); uint32_t x578; fiat_p384_uint1 x579; - fiat_p384_addcarryx_u32(&x578, &x579, x577, x554, x514); + fiat_p384_addcarryx_u32(&x578, &x579, x577, 0x0, x548); uint32_t x580; fiat_p384_uint1 x581; - fiat_p384_addcarryx_u32(&x580, &x581, x579, x556, x516); + fiat_p384_addcarryx_u32(&x580, &x581, x579, 0x0, x550); uint32_t x582; fiat_p384_uint1 x583; - fiat_p384_addcarryx_u32(&x582, &x583, x581, x558, x518); + fiat_p384_addcarryx_u32(&x582, &x583, x581, 0x0, x552); uint32_t x584; fiat_p384_uint1 x585; - fiat_p384_addcarryx_u32(&x584, &x585, x583, x560, x520); + fiat_p384_addcarryx_u32(&x584, &x585, x583, 0x0, x554); uint32_t x586; fiat_p384_uint1 x587; - fiat_p384_addcarryx_u32(&x586, &x587, x585, x562, x522); + fiat_p384_addcarryx_u32(&x586, &x587, x585, 0x0, x556); uint32_t x588; fiat_p384_uint1 x589; - fiat_p384_addcarryx_u32(&x588, &x589, x587, x564, x524); + fiat_p384_addcarryx_u32(&x588, &x589, x587, 0x0, x558); uint32_t x590; fiat_p384_uint1 x591; - fiat_p384_addcarryx_u32(&x590, &x591, x589, x566, x526); + fiat_p384_addcarryx_u32(&x590, &x591, x589, 0x0, x560); uint32_t x592; fiat_p384_uint1 x593; - fiat_p384_addcarryx_u32(&x592, &x593, x567, 0x0, x533); + fiat_p384_addcarryx_u32(&x592, &x593, x591, 0x0, x562); uint32_t x594; fiat_p384_uint1 x595; - fiat_p384_addcarryx_u32(&x594, &x595, x591, x592, x530); + fiat_p384_addcarryx_u32(&x594, &x595, x593, 0x0, x570); uint32_t x596; - fiat_p384_uint1 x597; - fiat_p384_addcarryx_u32(&x596, &x597, 0x0, (arg1[7]), x570); + uint32_t x597; + fiat_p384_mulx_u32(&x596, &x597, x572, UINT32_C(0xffffffff)); uint32_t x598; - fiat_p384_uint1 x599; - fiat_p384_addcarryx_u32(&x598, &x599, x597, 0x0, x572); + uint32_t x599; + fiat_p384_mulx_u32(&x598, &x599, x572, UINT32_C(0xffffffff)); uint32_t x600; - fiat_p384_uint1 x601; - fiat_p384_addcarryx_u32(&x600, &x601, x599, 0x0, x574); + uint32_t x601; + fiat_p384_mulx_u32(&x600, &x601, x572, UINT32_C(0xffffffff)); uint32_t x602; - fiat_p384_uint1 x603; - fiat_p384_addcarryx_u32(&x602, &x603, x601, 0x0, x576); + uint32_t x603; + fiat_p384_mulx_u32(&x602, &x603, x572, UINT32_C(0xffffffff)); uint32_t x604; - fiat_p384_uint1 x605; - fiat_p384_addcarryx_u32(&x604, &x605, x603, 0x0, x578); + uint32_t x605; + fiat_p384_mulx_u32(&x604, &x605, x572, UINT32_C(0xffffffff)); uint32_t x606; - fiat_p384_uint1 x607; - fiat_p384_addcarryx_u32(&x606, &x607, x605, 0x0, x580); + uint32_t x607; + fiat_p384_mulx_u32(&x606, &x607, x572, UINT32_C(0xffffffff)); uint32_t x608; - fiat_p384_uint1 x609; - fiat_p384_addcarryx_u32(&x608, &x609, x607, 0x0, x582); + uint32_t x609; + fiat_p384_mulx_u32(&x608, &x609, x572, UINT32_C(0xffffffff)); uint32_t x610; - fiat_p384_uint1 x611; - fiat_p384_addcarryx_u32(&x610, &x611, x609, 0x0, x584); + uint32_t x611; + fiat_p384_mulx_u32(&x610, &x611, x572, UINT32_C(0xfffffffe)); uint32_t x612; - fiat_p384_uint1 x613; - fiat_p384_addcarryx_u32(&x612, &x613, x611, 0x0, x586); + uint32_t x613; + fiat_p384_mulx_u32(&x612, &x613, x572, UINT32_C(0xffffffff)); uint32_t x614; - fiat_p384_uint1 x615; - fiat_p384_addcarryx_u32(&x614, &x615, x613, 0x0, x588); + uint32_t x615; + fiat_p384_mulx_u32(&x614, &x615, x572, UINT32_C(0xffffffff)); uint32_t x616; fiat_p384_uint1 x617; - fiat_p384_addcarryx_u32(&x616, &x617, x615, 0x0, x590); + fiat_p384_addcarryx_u32(&x616, &x617, 0x0, x610, x613); uint32_t x618; fiat_p384_uint1 x619; - fiat_p384_addcarryx_u32(&x618, &x619, x617, 0x0, x594); + fiat_p384_addcarryx_u32(&x618, &x619, x617, x608, x611); uint32_t x620; fiat_p384_uint1 x621; - fiat_p384_addcarryx_u32(&x620, &x621, x595, 0x0, x531); + fiat_p384_addcarryx_u32(&x620, &x621, x619, x606, x609); uint32_t x622; fiat_p384_uint1 x623; - fiat_p384_addcarryx_u32(&x622, &x623, x619, 0x0, (fiat_p384_uint1)x620); + fiat_p384_addcarryx_u32(&x622, &x623, x621, x604, x607); uint32_t x624; - uint32_t x625; - fiat_p384_mulx_u32(&x624, &x625, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x625; + fiat_p384_addcarryx_u32(&x624, &x625, x623, x602, x605); uint32_t x626; - uint32_t x627; - fiat_p384_mulx_u32(&x626, &x627, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x627; + fiat_p384_addcarryx_u32(&x626, &x627, x625, x600, x603); uint32_t x628; - uint32_t x629; - fiat_p384_mulx_u32(&x628, &x629, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x629; + fiat_p384_addcarryx_u32(&x628, &x629, x627, x598, x601); uint32_t x630; - uint32_t x631; - fiat_p384_mulx_u32(&x630, &x631, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x631; + fiat_p384_addcarryx_u32(&x630, &x631, x629, x596, x599); uint32_t x632; - uint32_t x633; - fiat_p384_mulx_u32(&x632, &x633, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x633; + fiat_p384_addcarryx_u32(&x632, &x633, 0x0, x614, x572); uint32_t x634; - uint32_t x635; - fiat_p384_mulx_u32(&x634, &x635, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x635; + fiat_p384_addcarryx_u32(&x634, &x635, x633, x615, x574); uint32_t x636; - uint32_t x637; - fiat_p384_mulx_u32(&x636, &x637, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x637; + fiat_p384_addcarryx_u32(&x636, &x637, x635, 0x0, x576); uint32_t x638; - uint32_t x639; - fiat_p384_mulx_u32(&x638, &x639, x596, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x639; + fiat_p384_addcarryx_u32(&x638, &x639, x637, x612, x578); uint32_t x640; - uint32_t x641; - fiat_p384_mulx_u32(&x640, &x641, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x641; + fiat_p384_addcarryx_u32(&x640, &x641, x639, x616, x580); uint32_t x642; - uint32_t x643; - fiat_p384_mulx_u32(&x642, &x643, x596, UINT32_C(0xffffffff)); + fiat_p384_uint1 x643; + fiat_p384_addcarryx_u32(&x642, &x643, x641, x618, x582); uint32_t x644; fiat_p384_uint1 x645; - fiat_p384_addcarryx_u32(&x644, &x645, 0x0, x638, x641); + fiat_p384_addcarryx_u32(&x644, &x645, x643, x620, x584); uint32_t x646; fiat_p384_uint1 x647; - fiat_p384_addcarryx_u32(&x646, &x647, x645, x636, x639); + fiat_p384_addcarryx_u32(&x646, &x647, x645, x622, x586); uint32_t x648; fiat_p384_uint1 x649; - fiat_p384_addcarryx_u32(&x648, &x649, x647, x634, x637); + fiat_p384_addcarryx_u32(&x648, &x649, x647, x624, x588); uint32_t x650; fiat_p384_uint1 x651; - fiat_p384_addcarryx_u32(&x650, &x651, x649, x632, x635); + fiat_p384_addcarryx_u32(&x650, &x651, x649, x626, x590); uint32_t x652; fiat_p384_uint1 x653; - fiat_p384_addcarryx_u32(&x652, &x653, x651, x630, x633); + fiat_p384_addcarryx_u32(&x652, &x653, x651, x628, x592); uint32_t x654; fiat_p384_uint1 x655; - fiat_p384_addcarryx_u32(&x654, &x655, x653, x628, x631); + fiat_p384_addcarryx_u32(&x654, &x655, x653, x630, x594); uint32_t x656; fiat_p384_uint1 x657; - fiat_p384_addcarryx_u32(&x656, &x657, x655, x626, x629); + fiat_p384_addcarryx_u32(&x656, &x657, x571, 0x0, 0x0); uint32_t x658; fiat_p384_uint1 x659; - fiat_p384_addcarryx_u32(&x658, &x659, x657, x624, x627); + fiat_p384_addcarryx_u32(&x658, &x659, x595, 0x0, (fiat_p384_uint1)x656); uint32_t x660; fiat_p384_uint1 x661; - fiat_p384_addcarryx_u32(&x660, &x661, 0x0, x642, x596); + fiat_p384_addcarryx_u32(&x660, &x661, x631, 0x0, x597); uint32_t x662; fiat_p384_uint1 x663; - fiat_p384_addcarryx_u32(&x662, &x663, x661, x643, x598); + fiat_p384_addcarryx_u32(&x662, &x663, x655, x660, x658); uint32_t x664; fiat_p384_uint1 x665; - fiat_p384_addcarryx_u32(&x664, &x665, x663, 0x0, x600); + fiat_p384_addcarryx_u32(&x664, &x665, 0x0, (arg1[8]), x634); uint32_t x666; fiat_p384_uint1 x667; - fiat_p384_addcarryx_u32(&x666, &x667, x665, x640, x602); + fiat_p384_addcarryx_u32(&x666, &x667, x665, 0x0, x636); uint32_t x668; fiat_p384_uint1 x669; - fiat_p384_addcarryx_u32(&x668, &x669, x667, x644, x604); + fiat_p384_addcarryx_u32(&x668, &x669, x667, 0x0, x638); uint32_t x670; fiat_p384_uint1 x671; - fiat_p384_addcarryx_u32(&x670, &x671, x669, x646, x606); + fiat_p384_addcarryx_u32(&x670, &x671, x669, 0x0, x640); uint32_t x672; fiat_p384_uint1 x673; - fiat_p384_addcarryx_u32(&x672, &x673, x671, x648, x608); + fiat_p384_addcarryx_u32(&x672, &x673, x671, 0x0, x642); uint32_t x674; fiat_p384_uint1 x675; - fiat_p384_addcarryx_u32(&x674, &x675, x673, x650, x610); + fiat_p384_addcarryx_u32(&x674, &x675, x673, 0x0, x644); uint32_t x676; fiat_p384_uint1 x677; - fiat_p384_addcarryx_u32(&x676, &x677, x675, x652, x612); + fiat_p384_addcarryx_u32(&x676, &x677, x675, 0x0, x646); uint32_t x678; fiat_p384_uint1 x679; - fiat_p384_addcarryx_u32(&x678, &x679, x677, x654, x614); + fiat_p384_addcarryx_u32(&x678, &x679, x677, 0x0, x648); uint32_t x680; fiat_p384_uint1 x681; - fiat_p384_addcarryx_u32(&x680, &x681, x679, x656, x616); + fiat_p384_addcarryx_u32(&x680, &x681, x679, 0x0, x650); uint32_t x682; fiat_p384_uint1 x683; - fiat_p384_addcarryx_u32(&x682, &x683, x681, x658, x618); + fiat_p384_addcarryx_u32(&x682, &x683, x681, 0x0, x652); uint32_t x684; fiat_p384_uint1 x685; - fiat_p384_addcarryx_u32(&x684, &x685, x659, 0x0, x625); + fiat_p384_addcarryx_u32(&x684, &x685, x683, 0x0, x654); uint32_t x686; fiat_p384_uint1 x687; - fiat_p384_addcarryx_u32(&x686, &x687, x683, x684, x622); + fiat_p384_addcarryx_u32(&x686, &x687, x685, 0x0, x662); uint32_t x688; - fiat_p384_uint1 x689; - fiat_p384_addcarryx_u32(&x688, &x689, 0x0, (arg1[8]), x662); + uint32_t x689; + fiat_p384_mulx_u32(&x688, &x689, x664, UINT32_C(0xffffffff)); uint32_t x690; - fiat_p384_uint1 x691; - fiat_p384_addcarryx_u32(&x690, &x691, x689, 0x0, x664); + uint32_t x691; + fiat_p384_mulx_u32(&x690, &x691, x664, UINT32_C(0xffffffff)); uint32_t x692; - fiat_p384_uint1 x693; - fiat_p384_addcarryx_u32(&x692, &x693, x691, 0x0, x666); + uint32_t x693; + fiat_p384_mulx_u32(&x692, &x693, x664, UINT32_C(0xffffffff)); uint32_t x694; - fiat_p384_uint1 x695; - fiat_p384_addcarryx_u32(&x694, &x695, x693, 0x0, x668); + uint32_t x695; + fiat_p384_mulx_u32(&x694, &x695, x664, UINT32_C(0xffffffff)); uint32_t x696; - fiat_p384_uint1 x697; - fiat_p384_addcarryx_u32(&x696, &x697, x695, 0x0, x670); + uint32_t x697; + fiat_p384_mulx_u32(&x696, &x697, x664, UINT32_C(0xffffffff)); uint32_t x698; - fiat_p384_uint1 x699; - fiat_p384_addcarryx_u32(&x698, &x699, x697, 0x0, x672); + uint32_t x699; + fiat_p384_mulx_u32(&x698, &x699, x664, UINT32_C(0xffffffff)); uint32_t x700; - fiat_p384_uint1 x701; - fiat_p384_addcarryx_u32(&x700, &x701, x699, 0x0, x674); + uint32_t x701; + fiat_p384_mulx_u32(&x700, &x701, x664, UINT32_C(0xffffffff)); uint32_t x702; - fiat_p384_uint1 x703; - fiat_p384_addcarryx_u32(&x702, &x703, x701, 0x0, x676); + uint32_t x703; + fiat_p384_mulx_u32(&x702, &x703, x664, UINT32_C(0xfffffffe)); uint32_t x704; - fiat_p384_uint1 x705; - fiat_p384_addcarryx_u32(&x704, &x705, x703, 0x0, x678); + uint32_t x705; + fiat_p384_mulx_u32(&x704, &x705, x664, UINT32_C(0xffffffff)); uint32_t x706; - fiat_p384_uint1 x707; - fiat_p384_addcarryx_u32(&x706, &x707, x705, 0x0, x680); + uint32_t x707; + fiat_p384_mulx_u32(&x706, &x707, x664, UINT32_C(0xffffffff)); uint32_t x708; fiat_p384_uint1 x709; - fiat_p384_addcarryx_u32(&x708, &x709, x707, 0x0, x682); + fiat_p384_addcarryx_u32(&x708, &x709, 0x0, x702, x705); uint32_t x710; fiat_p384_uint1 x711; - fiat_p384_addcarryx_u32(&x710, &x711, x709, 0x0, x686); + fiat_p384_addcarryx_u32(&x710, &x711, x709, x700, x703); uint32_t x712; fiat_p384_uint1 x713; - fiat_p384_addcarryx_u32(&x712, &x713, x687, 0x0, x623); + fiat_p384_addcarryx_u32(&x712, &x713, x711, x698, x701); uint32_t x714; fiat_p384_uint1 x715; - fiat_p384_addcarryx_u32(&x714, &x715, x711, 0x0, (fiat_p384_uint1)x712); + fiat_p384_addcarryx_u32(&x714, &x715, x713, x696, x699); uint32_t x716; - uint32_t x717; - fiat_p384_mulx_u32(&x716, &x717, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x717; + fiat_p384_addcarryx_u32(&x716, &x717, x715, x694, x697); uint32_t x718; - uint32_t x719; - fiat_p384_mulx_u32(&x718, &x719, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x719; + fiat_p384_addcarryx_u32(&x718, &x719, x717, x692, x695); uint32_t x720; - uint32_t x721; - fiat_p384_mulx_u32(&x720, &x721, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x721; + fiat_p384_addcarryx_u32(&x720, &x721, x719, x690, x693); uint32_t x722; - uint32_t x723; - fiat_p384_mulx_u32(&x722, &x723, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x723; + fiat_p384_addcarryx_u32(&x722, &x723, x721, x688, x691); uint32_t x724; - uint32_t x725; - fiat_p384_mulx_u32(&x724, &x725, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x725; + fiat_p384_addcarryx_u32(&x724, &x725, 0x0, x706, x664); uint32_t x726; - uint32_t x727; - fiat_p384_mulx_u32(&x726, &x727, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x727; + fiat_p384_addcarryx_u32(&x726, &x727, x725, x707, x666); uint32_t x728; - uint32_t x729; - fiat_p384_mulx_u32(&x728, &x729, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x729; + fiat_p384_addcarryx_u32(&x728, &x729, x727, 0x0, x668); uint32_t x730; - uint32_t x731; - fiat_p384_mulx_u32(&x730, &x731, x688, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x731; + fiat_p384_addcarryx_u32(&x730, &x731, x729, x704, x670); uint32_t x732; - uint32_t x733; - fiat_p384_mulx_u32(&x732, &x733, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x733; + fiat_p384_addcarryx_u32(&x732, &x733, x731, x708, x672); uint32_t x734; - uint32_t x735; - fiat_p384_mulx_u32(&x734, &x735, x688, UINT32_C(0xffffffff)); + fiat_p384_uint1 x735; + fiat_p384_addcarryx_u32(&x734, &x735, x733, x710, x674); uint32_t x736; fiat_p384_uint1 x737; - fiat_p384_addcarryx_u32(&x736, &x737, 0x0, x730, x733); + fiat_p384_addcarryx_u32(&x736, &x737, x735, x712, x676); uint32_t x738; fiat_p384_uint1 x739; - fiat_p384_addcarryx_u32(&x738, &x739, x737, x728, x731); + fiat_p384_addcarryx_u32(&x738, &x739, x737, x714, x678); uint32_t x740; fiat_p384_uint1 x741; - fiat_p384_addcarryx_u32(&x740, &x741, x739, x726, x729); + fiat_p384_addcarryx_u32(&x740, &x741, x739, x716, x680); uint32_t x742; fiat_p384_uint1 x743; - fiat_p384_addcarryx_u32(&x742, &x743, x741, x724, x727); + fiat_p384_addcarryx_u32(&x742, &x743, x741, x718, x682); uint32_t x744; fiat_p384_uint1 x745; - fiat_p384_addcarryx_u32(&x744, &x745, x743, x722, x725); + fiat_p384_addcarryx_u32(&x744, &x745, x743, x720, x684); uint32_t x746; fiat_p384_uint1 x747; - fiat_p384_addcarryx_u32(&x746, &x747, x745, x720, x723); + fiat_p384_addcarryx_u32(&x746, &x747, x745, x722, x686); uint32_t x748; fiat_p384_uint1 x749; - fiat_p384_addcarryx_u32(&x748, &x749, x747, x718, x721); + fiat_p384_addcarryx_u32(&x748, &x749, x663, 0x0, 0x0); uint32_t x750; fiat_p384_uint1 x751; - fiat_p384_addcarryx_u32(&x750, &x751, x749, x716, x719); + fiat_p384_addcarryx_u32(&x750, &x751, x687, 0x0, (fiat_p384_uint1)x748); uint32_t x752; fiat_p384_uint1 x753; - fiat_p384_addcarryx_u32(&x752, &x753, 0x0, x734, x688); + fiat_p384_addcarryx_u32(&x752, &x753, x723, 0x0, x689); uint32_t x754; fiat_p384_uint1 x755; - fiat_p384_addcarryx_u32(&x754, &x755, x753, x735, x690); + fiat_p384_addcarryx_u32(&x754, &x755, x747, x752, x750); uint32_t x756; fiat_p384_uint1 x757; - fiat_p384_addcarryx_u32(&x756, &x757, x755, 0x0, x692); + fiat_p384_addcarryx_u32(&x756, &x757, 0x0, (arg1[9]), x726); uint32_t x758; fiat_p384_uint1 x759; - fiat_p384_addcarryx_u32(&x758, &x759, x757, x732, x694); + fiat_p384_addcarryx_u32(&x758, &x759, x757, 0x0, x728); uint32_t x760; fiat_p384_uint1 x761; - fiat_p384_addcarryx_u32(&x760, &x761, x759, x736, x696); + fiat_p384_addcarryx_u32(&x760, &x761, x759, 0x0, x730); uint32_t x762; fiat_p384_uint1 x763; - fiat_p384_addcarryx_u32(&x762, &x763, x761, x738, x698); + fiat_p384_addcarryx_u32(&x762, &x763, x761, 0x0, x732); uint32_t x764; fiat_p384_uint1 x765; - fiat_p384_addcarryx_u32(&x764, &x765, x763, x740, x700); + fiat_p384_addcarryx_u32(&x764, &x765, x763, 0x0, x734); uint32_t x766; fiat_p384_uint1 x767; - fiat_p384_addcarryx_u32(&x766, &x767, x765, x742, x702); + fiat_p384_addcarryx_u32(&x766, &x767, x765, 0x0, x736); uint32_t x768; fiat_p384_uint1 x769; - fiat_p384_addcarryx_u32(&x768, &x769, x767, x744, x704); + fiat_p384_addcarryx_u32(&x768, &x769, x767, 0x0, x738); uint32_t x770; fiat_p384_uint1 x771; - fiat_p384_addcarryx_u32(&x770, &x771, x769, x746, x706); + fiat_p384_addcarryx_u32(&x770, &x771, x769, 0x0, x740); uint32_t x772; fiat_p384_uint1 x773; - fiat_p384_addcarryx_u32(&x772, &x773, x771, x748, x708); + fiat_p384_addcarryx_u32(&x772, &x773, x771, 0x0, x742); uint32_t x774; fiat_p384_uint1 x775; - fiat_p384_addcarryx_u32(&x774, &x775, x773, x750, x710); + fiat_p384_addcarryx_u32(&x774, &x775, x773, 0x0, x744); uint32_t x776; fiat_p384_uint1 x777; - fiat_p384_addcarryx_u32(&x776, &x777, x751, 0x0, x717); + fiat_p384_addcarryx_u32(&x776, &x777, x775, 0x0, x746); uint32_t x778; fiat_p384_uint1 x779; - fiat_p384_addcarryx_u32(&x778, &x779, x775, x776, x714); + fiat_p384_addcarryx_u32(&x778, &x779, x777, 0x0, x754); uint32_t x780; - fiat_p384_uint1 x781; - fiat_p384_addcarryx_u32(&x780, &x781, 0x0, (arg1[9]), x754); + uint32_t x781; + fiat_p384_mulx_u32(&x780, &x781, x756, UINT32_C(0xffffffff)); uint32_t x782; - fiat_p384_uint1 x783; - fiat_p384_addcarryx_u32(&x782, &x783, x781, 0x0, x756); + uint32_t x783; + fiat_p384_mulx_u32(&x782, &x783, x756, UINT32_C(0xffffffff)); uint32_t x784; - fiat_p384_uint1 x785; - fiat_p384_addcarryx_u32(&x784, &x785, x783, 0x0, x758); + uint32_t x785; + fiat_p384_mulx_u32(&x784, &x785, x756, UINT32_C(0xffffffff)); uint32_t x786; - fiat_p384_uint1 x787; - fiat_p384_addcarryx_u32(&x786, &x787, x785, 0x0, x760); + uint32_t x787; + fiat_p384_mulx_u32(&x786, &x787, x756, UINT32_C(0xffffffff)); uint32_t x788; - fiat_p384_uint1 x789; - fiat_p384_addcarryx_u32(&x788, &x789, x787, 0x0, x762); + uint32_t x789; + fiat_p384_mulx_u32(&x788, &x789, x756, UINT32_C(0xffffffff)); uint32_t x790; - fiat_p384_uint1 x791; - fiat_p384_addcarryx_u32(&x790, &x791, x789, 0x0, x764); + uint32_t x791; + fiat_p384_mulx_u32(&x790, &x791, x756, UINT32_C(0xffffffff)); uint32_t x792; - fiat_p384_uint1 x793; - fiat_p384_addcarryx_u32(&x792, &x793, x791, 0x0, x766); + uint32_t x793; + fiat_p384_mulx_u32(&x792, &x793, x756, UINT32_C(0xffffffff)); uint32_t x794; - fiat_p384_uint1 x795; - fiat_p384_addcarryx_u32(&x794, &x795, x793, 0x0, x768); + uint32_t x795; + fiat_p384_mulx_u32(&x794, &x795, x756, UINT32_C(0xfffffffe)); uint32_t x796; - fiat_p384_uint1 x797; - fiat_p384_addcarryx_u32(&x796, &x797, x795, 0x0, x770); + uint32_t x797; + fiat_p384_mulx_u32(&x796, &x797, x756, UINT32_C(0xffffffff)); uint32_t x798; - fiat_p384_uint1 x799; - fiat_p384_addcarryx_u32(&x798, &x799, x797, 0x0, x772); + uint32_t x799; + fiat_p384_mulx_u32(&x798, &x799, x756, UINT32_C(0xffffffff)); uint32_t x800; fiat_p384_uint1 x801; - fiat_p384_addcarryx_u32(&x800, &x801, x799, 0x0, x774); + fiat_p384_addcarryx_u32(&x800, &x801, 0x0, x794, x797); uint32_t x802; fiat_p384_uint1 x803; - fiat_p384_addcarryx_u32(&x802, &x803, x801, 0x0, x778); + fiat_p384_addcarryx_u32(&x802, &x803, x801, x792, x795); uint32_t x804; fiat_p384_uint1 x805; - fiat_p384_addcarryx_u32(&x804, &x805, x779, 0x0, x715); + fiat_p384_addcarryx_u32(&x804, &x805, x803, x790, x793); uint32_t x806; fiat_p384_uint1 x807; - fiat_p384_addcarryx_u32(&x806, &x807, x803, 0x0, (fiat_p384_uint1)x804); + fiat_p384_addcarryx_u32(&x806, &x807, x805, x788, x791); uint32_t x808; - uint32_t x809; - fiat_p384_mulx_u32(&x808, &x809, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x809; + fiat_p384_addcarryx_u32(&x808, &x809, x807, x786, x789); uint32_t x810; - uint32_t x811; - fiat_p384_mulx_u32(&x810, &x811, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x811; + fiat_p384_addcarryx_u32(&x810, &x811, x809, x784, x787); uint32_t x812; - uint32_t x813; - fiat_p384_mulx_u32(&x812, &x813, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x813; + fiat_p384_addcarryx_u32(&x812, &x813, x811, x782, x785); uint32_t x814; - uint32_t x815; - fiat_p384_mulx_u32(&x814, &x815, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x815; + fiat_p384_addcarryx_u32(&x814, &x815, x813, x780, x783); uint32_t x816; - uint32_t x817; - fiat_p384_mulx_u32(&x816, &x817, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x817; + fiat_p384_addcarryx_u32(&x816, &x817, 0x0, x798, x756); uint32_t x818; - uint32_t x819; - fiat_p384_mulx_u32(&x818, &x819, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x819; + fiat_p384_addcarryx_u32(&x818, &x819, x817, x799, x758); uint32_t x820; - uint32_t x821; - fiat_p384_mulx_u32(&x820, &x821, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x821; + fiat_p384_addcarryx_u32(&x820, &x821, x819, 0x0, x760); uint32_t x822; - uint32_t x823; - fiat_p384_mulx_u32(&x822, &x823, x780, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x823; + fiat_p384_addcarryx_u32(&x822, &x823, x821, x796, x762); uint32_t x824; - uint32_t x825; - fiat_p384_mulx_u32(&x824, &x825, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x825; + fiat_p384_addcarryx_u32(&x824, &x825, x823, x800, x764); uint32_t x826; - uint32_t x827; - fiat_p384_mulx_u32(&x826, &x827, x780, UINT32_C(0xffffffff)); + fiat_p384_uint1 x827; + fiat_p384_addcarryx_u32(&x826, &x827, x825, x802, x766); uint32_t x828; fiat_p384_uint1 x829; - fiat_p384_addcarryx_u32(&x828, &x829, 0x0, x822, x825); + fiat_p384_addcarryx_u32(&x828, &x829, x827, x804, x768); uint32_t x830; fiat_p384_uint1 x831; - fiat_p384_addcarryx_u32(&x830, &x831, x829, x820, x823); + fiat_p384_addcarryx_u32(&x830, &x831, x829, x806, x770); uint32_t x832; fiat_p384_uint1 x833; - fiat_p384_addcarryx_u32(&x832, &x833, x831, x818, x821); + fiat_p384_addcarryx_u32(&x832, &x833, x831, x808, x772); uint32_t x834; fiat_p384_uint1 x835; - fiat_p384_addcarryx_u32(&x834, &x835, x833, x816, x819); + fiat_p384_addcarryx_u32(&x834, &x835, x833, x810, x774); uint32_t x836; fiat_p384_uint1 x837; - fiat_p384_addcarryx_u32(&x836, &x837, x835, x814, x817); + fiat_p384_addcarryx_u32(&x836, &x837, x835, x812, x776); uint32_t x838; fiat_p384_uint1 x839; - fiat_p384_addcarryx_u32(&x838, &x839, x837, x812, x815); + fiat_p384_addcarryx_u32(&x838, &x839, x837, x814, x778); uint32_t x840; fiat_p384_uint1 x841; - fiat_p384_addcarryx_u32(&x840, &x841, x839, x810, x813); + fiat_p384_addcarryx_u32(&x840, &x841, x755, 0x0, 0x0); uint32_t x842; fiat_p384_uint1 x843; - fiat_p384_addcarryx_u32(&x842, &x843, x841, x808, x811); + fiat_p384_addcarryx_u32(&x842, &x843, x779, 0x0, (fiat_p384_uint1)x840); uint32_t x844; fiat_p384_uint1 x845; - fiat_p384_addcarryx_u32(&x844, &x845, 0x0, x826, x780); + fiat_p384_addcarryx_u32(&x844, &x845, x815, 0x0, x781); uint32_t x846; fiat_p384_uint1 x847; - fiat_p384_addcarryx_u32(&x846, &x847, x845, x827, x782); + fiat_p384_addcarryx_u32(&x846, &x847, x839, x844, x842); uint32_t x848; fiat_p384_uint1 x849; - fiat_p384_addcarryx_u32(&x848, &x849, x847, 0x0, x784); + fiat_p384_addcarryx_u32(&x848, &x849, 0x0, (arg1[10]), x818); uint32_t x850; fiat_p384_uint1 x851; - fiat_p384_addcarryx_u32(&x850, &x851, x849, x824, x786); + fiat_p384_addcarryx_u32(&x850, &x851, x849, 0x0, x820); uint32_t x852; fiat_p384_uint1 x853; - fiat_p384_addcarryx_u32(&x852, &x853, x851, x828, x788); + fiat_p384_addcarryx_u32(&x852, &x853, x851, 0x0, x822); uint32_t x854; fiat_p384_uint1 x855; - fiat_p384_addcarryx_u32(&x854, &x855, x853, x830, x790); + fiat_p384_addcarryx_u32(&x854, &x855, x853, 0x0, x824); uint32_t x856; fiat_p384_uint1 x857; - fiat_p384_addcarryx_u32(&x856, &x857, x855, x832, x792); + fiat_p384_addcarryx_u32(&x856, &x857, x855, 0x0, x826); uint32_t x858; fiat_p384_uint1 x859; - fiat_p384_addcarryx_u32(&x858, &x859, x857, x834, x794); + fiat_p384_addcarryx_u32(&x858, &x859, x857, 0x0, x828); uint32_t x860; fiat_p384_uint1 x861; - fiat_p384_addcarryx_u32(&x860, &x861, x859, x836, x796); + fiat_p384_addcarryx_u32(&x860, &x861, x859, 0x0, x830); uint32_t x862; fiat_p384_uint1 x863; - fiat_p384_addcarryx_u32(&x862, &x863, x861, x838, x798); + fiat_p384_addcarryx_u32(&x862, &x863, x861, 0x0, x832); uint32_t x864; fiat_p384_uint1 x865; - fiat_p384_addcarryx_u32(&x864, &x865, x863, x840, x800); + fiat_p384_addcarryx_u32(&x864, &x865, x863, 0x0, x834); uint32_t x866; fiat_p384_uint1 x867; - fiat_p384_addcarryx_u32(&x866, &x867, x865, x842, x802); + fiat_p384_addcarryx_u32(&x866, &x867, x865, 0x0, x836); uint32_t x868; fiat_p384_uint1 x869; - fiat_p384_addcarryx_u32(&x868, &x869, x843, 0x0, x809); + fiat_p384_addcarryx_u32(&x868, &x869, x867, 0x0, x838); uint32_t x870; fiat_p384_uint1 x871; - fiat_p384_addcarryx_u32(&x870, &x871, x867, x868, x806); + fiat_p384_addcarryx_u32(&x870, &x871, x869, 0x0, x846); uint32_t x872; - fiat_p384_uint1 x873; - fiat_p384_addcarryx_u32(&x872, &x873, 0x0, (arg1[10]), x846); + uint32_t x873; + fiat_p384_mulx_u32(&x872, &x873, x848, UINT32_C(0xffffffff)); uint32_t x874; - fiat_p384_uint1 x875; - fiat_p384_addcarryx_u32(&x874, &x875, x873, 0x0, x848); + uint32_t x875; + fiat_p384_mulx_u32(&x874, &x875, x848, UINT32_C(0xffffffff)); uint32_t x876; - fiat_p384_uint1 x877; - fiat_p384_addcarryx_u32(&x876, &x877, x875, 0x0, x850); + uint32_t x877; + fiat_p384_mulx_u32(&x876, &x877, x848, UINT32_C(0xffffffff)); uint32_t x878; - fiat_p384_uint1 x879; - fiat_p384_addcarryx_u32(&x878, &x879, x877, 0x0, x852); + uint32_t x879; + fiat_p384_mulx_u32(&x878, &x879, x848, UINT32_C(0xffffffff)); uint32_t x880; - fiat_p384_uint1 x881; - fiat_p384_addcarryx_u32(&x880, &x881, x879, 0x0, x854); + uint32_t x881; + fiat_p384_mulx_u32(&x880, &x881, x848, UINT32_C(0xffffffff)); uint32_t x882; - fiat_p384_uint1 x883; - fiat_p384_addcarryx_u32(&x882, &x883, x881, 0x0, x856); + uint32_t x883; + fiat_p384_mulx_u32(&x882, &x883, x848, UINT32_C(0xffffffff)); uint32_t x884; - fiat_p384_uint1 x885; - fiat_p384_addcarryx_u32(&x884, &x885, x883, 0x0, x858); + uint32_t x885; + fiat_p384_mulx_u32(&x884, &x885, x848, UINT32_C(0xffffffff)); uint32_t x886; - fiat_p384_uint1 x887; - fiat_p384_addcarryx_u32(&x886, &x887, x885, 0x0, x860); + uint32_t x887; + fiat_p384_mulx_u32(&x886, &x887, x848, UINT32_C(0xfffffffe)); uint32_t x888; - fiat_p384_uint1 x889; - fiat_p384_addcarryx_u32(&x888, &x889, x887, 0x0, x862); + uint32_t x889; + fiat_p384_mulx_u32(&x888, &x889, x848, UINT32_C(0xffffffff)); uint32_t x890; - fiat_p384_uint1 x891; - fiat_p384_addcarryx_u32(&x890, &x891, x889, 0x0, x864); + uint32_t x891; + fiat_p384_mulx_u32(&x890, &x891, x848, UINT32_C(0xffffffff)); uint32_t x892; fiat_p384_uint1 x893; - fiat_p384_addcarryx_u32(&x892, &x893, x891, 0x0, x866); + fiat_p384_addcarryx_u32(&x892, &x893, 0x0, x886, x889); uint32_t x894; fiat_p384_uint1 x895; - fiat_p384_addcarryx_u32(&x894, &x895, x893, 0x0, x870); + fiat_p384_addcarryx_u32(&x894, &x895, x893, x884, x887); uint32_t x896; fiat_p384_uint1 x897; - fiat_p384_addcarryx_u32(&x896, &x897, x871, 0x0, x807); + fiat_p384_addcarryx_u32(&x896, &x897, x895, x882, x885); uint32_t x898; fiat_p384_uint1 x899; - fiat_p384_addcarryx_u32(&x898, &x899, x895, 0x0, (fiat_p384_uint1)x896); + fiat_p384_addcarryx_u32(&x898, &x899, x897, x880, x883); uint32_t x900; - uint32_t x901; - fiat_p384_mulx_u32(&x900, &x901, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x901; + fiat_p384_addcarryx_u32(&x900, &x901, x899, x878, x881); uint32_t x902; - uint32_t x903; - fiat_p384_mulx_u32(&x902, &x903, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x903; + fiat_p384_addcarryx_u32(&x902, &x903, x901, x876, x879); uint32_t x904; - uint32_t x905; - fiat_p384_mulx_u32(&x904, &x905, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x905; + fiat_p384_addcarryx_u32(&x904, &x905, x903, x874, x877); uint32_t x906; - uint32_t x907; - fiat_p384_mulx_u32(&x906, &x907, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x907; + fiat_p384_addcarryx_u32(&x906, &x907, x905, x872, x875); uint32_t x908; - uint32_t x909; - fiat_p384_mulx_u32(&x908, &x909, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x909; + fiat_p384_addcarryx_u32(&x908, &x909, 0x0, x890, x848); uint32_t x910; - uint32_t x911; - fiat_p384_mulx_u32(&x910, &x911, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x911; + fiat_p384_addcarryx_u32(&x910, &x911, x909, x891, x850); uint32_t x912; - uint32_t x913; - fiat_p384_mulx_u32(&x912, &x913, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x913; + fiat_p384_addcarryx_u32(&x912, &x913, x911, 0x0, x852); uint32_t x914; - uint32_t x915; - fiat_p384_mulx_u32(&x914, &x915, x872, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x915; + fiat_p384_addcarryx_u32(&x914, &x915, x913, x888, x854); uint32_t x916; - uint32_t x917; - fiat_p384_mulx_u32(&x916, &x917, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x917; + fiat_p384_addcarryx_u32(&x916, &x917, x915, x892, x856); uint32_t x918; - uint32_t x919; - fiat_p384_mulx_u32(&x918, &x919, x872, UINT32_C(0xffffffff)); + fiat_p384_uint1 x919; + fiat_p384_addcarryx_u32(&x918, &x919, x917, x894, x858); uint32_t x920; fiat_p384_uint1 x921; - fiat_p384_addcarryx_u32(&x920, &x921, 0x0, x914, x917); + fiat_p384_addcarryx_u32(&x920, &x921, x919, x896, x860); uint32_t x922; fiat_p384_uint1 x923; - fiat_p384_addcarryx_u32(&x922, &x923, x921, x912, x915); + fiat_p384_addcarryx_u32(&x922, &x923, x921, x898, x862); uint32_t x924; fiat_p384_uint1 x925; - fiat_p384_addcarryx_u32(&x924, &x925, x923, x910, x913); + fiat_p384_addcarryx_u32(&x924, &x925, x923, x900, x864); uint32_t x926; fiat_p384_uint1 x927; - fiat_p384_addcarryx_u32(&x926, &x927, x925, x908, x911); + fiat_p384_addcarryx_u32(&x926, &x927, x925, x902, x866); uint32_t x928; fiat_p384_uint1 x929; - fiat_p384_addcarryx_u32(&x928, &x929, x927, x906, x909); + fiat_p384_addcarryx_u32(&x928, &x929, x927, x904, x868); uint32_t x930; fiat_p384_uint1 x931; - fiat_p384_addcarryx_u32(&x930, &x931, x929, x904, x907); + fiat_p384_addcarryx_u32(&x930, &x931, x929, x906, x870); uint32_t x932; fiat_p384_uint1 x933; - fiat_p384_addcarryx_u32(&x932, &x933, x931, x902, x905); + fiat_p384_addcarryx_u32(&x932, &x933, x847, 0x0, 0x0); uint32_t x934; fiat_p384_uint1 x935; - fiat_p384_addcarryx_u32(&x934, &x935, x933, x900, x903); + fiat_p384_addcarryx_u32(&x934, &x935, x871, 0x0, (fiat_p384_uint1)x932); uint32_t x936; fiat_p384_uint1 x937; - fiat_p384_addcarryx_u32(&x936, &x937, 0x0, x918, x872); + fiat_p384_addcarryx_u32(&x936, &x937, x907, 0x0, x873); uint32_t x938; fiat_p384_uint1 x939; - fiat_p384_addcarryx_u32(&x938, &x939, x937, x919, x874); + fiat_p384_addcarryx_u32(&x938, &x939, x931, x936, x934); uint32_t x940; fiat_p384_uint1 x941; - fiat_p384_addcarryx_u32(&x940, &x941, x939, 0x0, x876); + fiat_p384_addcarryx_u32(&x940, &x941, 0x0, (arg1[11]), x910); uint32_t x942; fiat_p384_uint1 x943; - fiat_p384_addcarryx_u32(&x942, &x943, x941, x916, x878); + fiat_p384_addcarryx_u32(&x942, &x943, x941, 0x0, x912); uint32_t x944; fiat_p384_uint1 x945; - fiat_p384_addcarryx_u32(&x944, &x945, x943, x920, x880); + fiat_p384_addcarryx_u32(&x944, &x945, x943, 0x0, x914); uint32_t x946; fiat_p384_uint1 x947; - fiat_p384_addcarryx_u32(&x946, &x947, x945, x922, x882); + fiat_p384_addcarryx_u32(&x946, &x947, x945, 0x0, x916); uint32_t x948; fiat_p384_uint1 x949; - fiat_p384_addcarryx_u32(&x948, &x949, x947, x924, x884); + fiat_p384_addcarryx_u32(&x948, &x949, x947, 0x0, x918); uint32_t x950; fiat_p384_uint1 x951; - fiat_p384_addcarryx_u32(&x950, &x951, x949, x926, x886); + fiat_p384_addcarryx_u32(&x950, &x951, x949, 0x0, x920); uint32_t x952; fiat_p384_uint1 x953; - fiat_p384_addcarryx_u32(&x952, &x953, x951, x928, x888); + fiat_p384_addcarryx_u32(&x952, &x953, x951, 0x0, x922); uint32_t x954; fiat_p384_uint1 x955; - fiat_p384_addcarryx_u32(&x954, &x955, x953, x930, x890); + fiat_p384_addcarryx_u32(&x954, &x955, x953, 0x0, x924); uint32_t x956; fiat_p384_uint1 x957; - fiat_p384_addcarryx_u32(&x956, &x957, x955, x932, x892); + fiat_p384_addcarryx_u32(&x956, &x957, x955, 0x0, x926); uint32_t x958; fiat_p384_uint1 x959; - fiat_p384_addcarryx_u32(&x958, &x959, x957, x934, x894); + fiat_p384_addcarryx_u32(&x958, &x959, x957, 0x0, x928); uint32_t x960; fiat_p384_uint1 x961; - fiat_p384_addcarryx_u32(&x960, &x961, x935, 0x0, x901); + fiat_p384_addcarryx_u32(&x960, &x961, x959, 0x0, x930); uint32_t x962; fiat_p384_uint1 x963; - fiat_p384_addcarryx_u32(&x962, &x963, x959, x960, x898); + fiat_p384_addcarryx_u32(&x962, &x963, x961, 0x0, x938); uint32_t x964; - fiat_p384_uint1 x965; - fiat_p384_addcarryx_u32(&x964, &x965, 0x0, (arg1[11]), x938); + uint32_t x965; + fiat_p384_mulx_u32(&x964, &x965, x940, UINT32_C(0xffffffff)); uint32_t x966; - fiat_p384_uint1 x967; - fiat_p384_addcarryx_u32(&x966, &x967, x965, 0x0, x940); + uint32_t x967; + fiat_p384_mulx_u32(&x966, &x967, x940, UINT32_C(0xffffffff)); uint32_t x968; - fiat_p384_uint1 x969; - fiat_p384_addcarryx_u32(&x968, &x969, x967, 0x0, x942); + uint32_t x969; + fiat_p384_mulx_u32(&x968, &x969, x940, UINT32_C(0xffffffff)); uint32_t x970; - fiat_p384_uint1 x971; - fiat_p384_addcarryx_u32(&x970, &x971, x969, 0x0, x944); + uint32_t x971; + fiat_p384_mulx_u32(&x970, &x971, x940, UINT32_C(0xffffffff)); uint32_t x972; - fiat_p384_uint1 x973; - fiat_p384_addcarryx_u32(&x972, &x973, x971, 0x0, x946); + uint32_t x973; + fiat_p384_mulx_u32(&x972, &x973, x940, UINT32_C(0xffffffff)); uint32_t x974; - fiat_p384_uint1 x975; - fiat_p384_addcarryx_u32(&x974, &x975, x973, 0x0, x948); + uint32_t x975; + fiat_p384_mulx_u32(&x974, &x975, x940, UINT32_C(0xffffffff)); uint32_t x976; - fiat_p384_uint1 x977; - fiat_p384_addcarryx_u32(&x976, &x977, x975, 0x0, x950); + uint32_t x977; + fiat_p384_mulx_u32(&x976, &x977, x940, UINT32_C(0xffffffff)); uint32_t x978; - fiat_p384_uint1 x979; - fiat_p384_addcarryx_u32(&x978, &x979, x977, 0x0, x952); + uint32_t x979; + fiat_p384_mulx_u32(&x978, &x979, x940, UINT32_C(0xfffffffe)); uint32_t x980; - fiat_p384_uint1 x981; - fiat_p384_addcarryx_u32(&x980, &x981, x979, 0x0, x954); + uint32_t x981; + fiat_p384_mulx_u32(&x980, &x981, x940, UINT32_C(0xffffffff)); uint32_t x982; - fiat_p384_uint1 x983; - fiat_p384_addcarryx_u32(&x982, &x983, x981, 0x0, x956); + uint32_t x983; + fiat_p384_mulx_u32(&x982, &x983, x940, UINT32_C(0xffffffff)); uint32_t x984; fiat_p384_uint1 x985; - fiat_p384_addcarryx_u32(&x984, &x985, x983, 0x0, x958); + fiat_p384_addcarryx_u32(&x984, &x985, 0x0, x978, x981); uint32_t x986; fiat_p384_uint1 x987; - fiat_p384_addcarryx_u32(&x986, &x987, x985, 0x0, x962); + fiat_p384_addcarryx_u32(&x986, &x987, x985, x976, x979); uint32_t x988; fiat_p384_uint1 x989; - fiat_p384_addcarryx_u32(&x988, &x989, x963, 0x0, x899); + fiat_p384_addcarryx_u32(&x988, &x989, x987, x974, x977); uint32_t x990; fiat_p384_uint1 x991; - fiat_p384_addcarryx_u32(&x990, &x991, x987, 0x0, (fiat_p384_uint1)x988); + fiat_p384_addcarryx_u32(&x990, &x991, x989, x972, x975); uint32_t x992; - uint32_t x993; - fiat_p384_mulx_u32(&x992, &x993, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x993; + fiat_p384_addcarryx_u32(&x992, &x993, x991, x970, x973); uint32_t x994; - uint32_t x995; - fiat_p384_mulx_u32(&x994, &x995, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x995; + fiat_p384_addcarryx_u32(&x994, &x995, x993, x968, x971); uint32_t x996; - uint32_t x997; - fiat_p384_mulx_u32(&x996, &x997, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x997; + fiat_p384_addcarryx_u32(&x996, &x997, x995, x966, x969); uint32_t x998; - uint32_t x999; - fiat_p384_mulx_u32(&x998, &x999, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x999; + fiat_p384_addcarryx_u32(&x998, &x999, x997, x964, x967); uint32_t x1000; - uint32_t x1001; - fiat_p384_mulx_u32(&x1000, &x1001, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x1001; + fiat_p384_addcarryx_u32(&x1000, &x1001, 0x0, x982, x940); uint32_t x1002; - uint32_t x1003; - fiat_p384_mulx_u32(&x1002, &x1003, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x1003; + fiat_p384_addcarryx_u32(&x1002, &x1003, x1001, x983, x942); uint32_t x1004; - uint32_t x1005; - fiat_p384_mulx_u32(&x1004, &x1005, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x1005; + fiat_p384_addcarryx_u32(&x1004, &x1005, x1003, 0x0, x944); uint32_t x1006; - uint32_t x1007; - fiat_p384_mulx_u32(&x1006, &x1007, x964, UINT32_C(0xfffffffe)); + fiat_p384_uint1 x1007; + fiat_p384_addcarryx_u32(&x1006, &x1007, x1005, x980, x946); uint32_t x1008; - uint32_t x1009; - fiat_p384_mulx_u32(&x1008, &x1009, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x1009; + fiat_p384_addcarryx_u32(&x1008, &x1009, x1007, x984, x948); uint32_t x1010; - uint32_t x1011; - fiat_p384_mulx_u32(&x1010, &x1011, x964, UINT32_C(0xffffffff)); + fiat_p384_uint1 x1011; + fiat_p384_addcarryx_u32(&x1010, &x1011, x1009, x986, x950); uint32_t x1012; fiat_p384_uint1 x1013; - fiat_p384_addcarryx_u32(&x1012, &x1013, 0x0, x1006, x1009); + fiat_p384_addcarryx_u32(&x1012, &x1013, x1011, x988, x952); uint32_t x1014; fiat_p384_uint1 x1015; - fiat_p384_addcarryx_u32(&x1014, &x1015, x1013, x1004, x1007); + fiat_p384_addcarryx_u32(&x1014, &x1015, x1013, x990, x954); uint32_t x1016; fiat_p384_uint1 x1017; - fiat_p384_addcarryx_u32(&x1016, &x1017, x1015, x1002, x1005); + fiat_p384_addcarryx_u32(&x1016, &x1017, x1015, x992, x956); uint32_t x1018; fiat_p384_uint1 x1019; - fiat_p384_addcarryx_u32(&x1018, &x1019, x1017, x1000, x1003); + fiat_p384_addcarryx_u32(&x1018, &x1019, x1017, x994, x958); uint32_t x1020; fiat_p384_uint1 x1021; - fiat_p384_addcarryx_u32(&x1020, &x1021, x1019, x998, x1001); + fiat_p384_addcarryx_u32(&x1020, &x1021, x1019, x996, x960); uint32_t x1022; fiat_p384_uint1 x1023; - fiat_p384_addcarryx_u32(&x1022, &x1023, x1021, x996, x999); + fiat_p384_addcarryx_u32(&x1022, &x1023, x1021, x998, x962); uint32_t x1024; fiat_p384_uint1 x1025; - fiat_p384_addcarryx_u32(&x1024, &x1025, x1023, x994, x997); + fiat_p384_addcarryx_u32(&x1024, &x1025, x939, 0x0, 0x0); uint32_t x1026; fiat_p384_uint1 x1027; - fiat_p384_addcarryx_u32(&x1026, &x1027, x1025, x992, x995); + fiat_p384_addcarryx_u32(&x1026, &x1027, x963, 0x0, (fiat_p384_uint1)x1024); uint32_t x1028; fiat_p384_uint1 x1029; - fiat_p384_addcarryx_u32(&x1028, &x1029, 0x0, x1010, x964); + fiat_p384_addcarryx_u32(&x1028, &x1029, x999, 0x0, x965); uint32_t x1030; fiat_p384_uint1 x1031; - fiat_p384_addcarryx_u32(&x1030, &x1031, x1029, x1011, x966); + fiat_p384_addcarryx_u32(&x1030, &x1031, x1023, x1028, x1026); uint32_t x1032; fiat_p384_uint1 x1033; - fiat_p384_addcarryx_u32(&x1032, &x1033, x1031, 0x0, x968); + fiat_p384_subborrowx_u32(&x1032, &x1033, 0x0, x1002, UINT32_C(0xffffffff)); uint32_t x1034; fiat_p384_uint1 x1035; - fiat_p384_addcarryx_u32(&x1034, &x1035, x1033, x1008, x970); + fiat_p384_subborrowx_u32(&x1034, &x1035, x1033, x1004, 0x0); uint32_t x1036; fiat_p384_uint1 x1037; - fiat_p384_addcarryx_u32(&x1036, &x1037, x1035, x1012, x972); + fiat_p384_subborrowx_u32(&x1036, &x1037, x1035, x1006, 0x0); uint32_t x1038; fiat_p384_uint1 x1039; - fiat_p384_addcarryx_u32(&x1038, &x1039, x1037, x1014, x974); + fiat_p384_subborrowx_u32(&x1038, &x1039, x1037, x1008, UINT32_C(0xffffffff)); uint32_t x1040; fiat_p384_uint1 x1041; - fiat_p384_addcarryx_u32(&x1040, &x1041, x1039, x1016, x976); + fiat_p384_subborrowx_u32(&x1040, &x1041, x1039, x1010, UINT32_C(0xfffffffe)); uint32_t x1042; fiat_p384_uint1 x1043; - fiat_p384_addcarryx_u32(&x1042, &x1043, x1041, x1018, x978); + fiat_p384_subborrowx_u32(&x1042, &x1043, x1041, x1012, UINT32_C(0xffffffff)); uint32_t x1044; fiat_p384_uint1 x1045; - fiat_p384_addcarryx_u32(&x1044, &x1045, x1043, x1020, x980); + fiat_p384_subborrowx_u32(&x1044, &x1045, x1043, x1014, UINT32_C(0xffffffff)); uint32_t x1046; fiat_p384_uint1 x1047; - fiat_p384_addcarryx_u32(&x1046, &x1047, x1045, x1022, x982); + fiat_p384_subborrowx_u32(&x1046, &x1047, x1045, x1016, UINT32_C(0xffffffff)); uint32_t x1048; fiat_p384_uint1 x1049; - fiat_p384_addcarryx_u32(&x1048, &x1049, x1047, x1024, x984); + fiat_p384_subborrowx_u32(&x1048, &x1049, x1047, x1018, UINT32_C(0xffffffff)); uint32_t x1050; fiat_p384_uint1 x1051; - fiat_p384_addcarryx_u32(&x1050, &x1051, x1049, x1026, x986); + fiat_p384_subborrowx_u32(&x1050, &x1051, x1049, x1020, UINT32_C(0xffffffff)); uint32_t x1052; fiat_p384_uint1 x1053; - fiat_p384_addcarryx_u32(&x1052, &x1053, x1027, 0x0, x993); + fiat_p384_subborrowx_u32(&x1052, &x1053, x1051, x1022, UINT32_C(0xffffffff)); uint32_t x1054; fiat_p384_uint1 x1055; - fiat_p384_addcarryx_u32(&x1054, &x1055, x1051, x1052, x990); + fiat_p384_subborrowx_u32(&x1054, &x1055, x1053, x1030, UINT32_C(0xffffffff)); uint32_t x1056; fiat_p384_uint1 x1057; - fiat_p384_subborrowx_u32(&x1056, &x1057, 0x0, x1030, UINT32_C(0xffffffff)); + fiat_p384_addcarryx_u32(&x1056, &x1057, x1031, 0x0, 0x0); uint32_t x1058; fiat_p384_uint1 x1059; - fiat_p384_subborrowx_u32(&x1058, &x1059, x1057, x1032, 0x0); + fiat_p384_subborrowx_u32(&x1058, &x1059, x1055, (fiat_p384_uint1)x1056, 0x0); uint32_t x1060; - fiat_p384_uint1 x1061; - fiat_p384_subborrowx_u32(&x1060, &x1061, x1059, x1034, 0x0); + fiat_p384_cmovznz_u32(&x1060, x1059, x1032, x1002); + uint32_t x1061; + fiat_p384_cmovznz_u32(&x1061, x1059, x1034, x1004); uint32_t x1062; - fiat_p384_uint1 x1063; - fiat_p384_subborrowx_u32(&x1062, &x1063, x1061, x1036, UINT32_C(0xffffffff)); + fiat_p384_cmovznz_u32(&x1062, x1059, x1036, x1006); + uint32_t x1063; + fiat_p384_cmovznz_u32(&x1063, x1059, x1038, x1008); uint32_t x1064; - fiat_p384_uint1 x1065; - fiat_p384_subborrowx_u32(&x1064, &x1065, x1063, x1038, UINT32_C(0xfffffffe)); + fiat_p384_cmovznz_u32(&x1064, x1059, x1040, x1010); + uint32_t x1065; + fiat_p384_cmovznz_u32(&x1065, x1059, x1042, x1012); uint32_t x1066; - fiat_p384_uint1 x1067; - fiat_p384_subborrowx_u32(&x1066, &x1067, x1065, x1040, UINT32_C(0xffffffff)); + fiat_p384_cmovznz_u32(&x1066, x1059, x1044, x1014); + uint32_t x1067; + fiat_p384_cmovznz_u32(&x1067, x1059, x1046, x1016); uint32_t x1068; - fiat_p384_uint1 x1069; - fiat_p384_subborrowx_u32(&x1068, &x1069, x1067, x1042, UINT32_C(0xffffffff)); + fiat_p384_cmovznz_u32(&x1068, x1059, x1048, x1018); + uint32_t x1069; + fiat_p384_cmovznz_u32(&x1069, x1059, x1050, x1020); uint32_t x1070; - fiat_p384_uint1 x1071; - fiat_p384_subborrowx_u32(&x1070, &x1071, x1069, x1044, UINT32_C(0xffffffff)); - uint32_t x1072; - fiat_p384_uint1 x1073; - fiat_p384_subborrowx_u32(&x1072, &x1073, x1071, x1046, UINT32_C(0xffffffff)); - uint32_t x1074; - fiat_p384_uint1 x1075; - fiat_p384_subborrowx_u32(&x1074, &x1075, x1073, x1048, UINT32_C(0xffffffff)); - uint32_t x1076; - fiat_p384_uint1 x1077; - fiat_p384_subborrowx_u32(&x1076, &x1077, x1075, x1050, UINT32_C(0xffffffff)); - uint32_t x1078; - fiat_p384_uint1 x1079; - fiat_p384_subborrowx_u32(&x1078, &x1079, x1077, x1054, UINT32_C(0xffffffff)); - uint32_t x1080; - fiat_p384_uint1 x1081; - fiat_p384_addcarryx_u32(&x1080, &x1081, x1055, 0x0, x991); - uint32_t x1082; - fiat_p384_uint1 x1083; - fiat_p384_subborrowx_u32(&x1082, &x1083, x1079, (fiat_p384_uint1)x1080, 0x0); - uint32_t x1084; - fiat_p384_cmovznz_u32(&x1084, x1083, x1056, x1030); - uint32_t x1085; - fiat_p384_cmovznz_u32(&x1085, x1083, x1058, x1032); - uint32_t x1086; - fiat_p384_cmovznz_u32(&x1086, x1083, x1060, x1034); - uint32_t x1087; - fiat_p384_cmovznz_u32(&x1087, x1083, x1062, x1036); - uint32_t x1088; - fiat_p384_cmovznz_u32(&x1088, x1083, x1064, x1038); - uint32_t x1089; - fiat_p384_cmovznz_u32(&x1089, x1083, x1066, x1040); - uint32_t x1090; - fiat_p384_cmovznz_u32(&x1090, x1083, x1068, x1042); - uint32_t x1091; - fiat_p384_cmovznz_u32(&x1091, x1083, x1070, x1044); - uint32_t x1092; - fiat_p384_cmovznz_u32(&x1092, x1083, x1072, x1046); - uint32_t x1093; - fiat_p384_cmovznz_u32(&x1093, x1083, x1074, x1048); - uint32_t x1094; - fiat_p384_cmovznz_u32(&x1094, x1083, x1076, x1050); - uint32_t x1095; - fiat_p384_cmovznz_u32(&x1095, x1083, x1078, x1054); - out1[0] = x1084; - out1[1] = x1085; - out1[2] = x1086; - out1[3] = x1087; - out1[4] = x1088; - out1[5] = x1089; - out1[6] = x1090; - out1[7] = x1091; - out1[8] = x1092; - out1[9] = x1093; - out1[10] = x1094; - out1[11] = x1095; + fiat_p384_cmovznz_u32(&x1070, x1059, x1052, x1022); + uint32_t x1071; + fiat_p384_cmovznz_u32(&x1071, x1059, x1054, x1030); + out1[0] = x1060; + out1[1] = x1061; + out1[2] = x1062; + out1[3] = x1063; + out1[4] = x1064; + out1[5] = x1065; + out1[6] = x1066; + out1[7] = x1067; + out1[8] = x1068; + out1[9] = x1069; + out1[10] = x1070; + out1[11] = x1071; } /* @@ -7300,153 +7264,142 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint32_t arg1[12]) { uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); - fiat_p384_uint1 x19 = (fiat_p384_uint1)(x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint32_t x21 = (x19 + x11); - uint32_t x22 = (x21 >> 8); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint32_t x24 = (x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint8_t x26 = (uint8_t)(x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - fiat_p384_uint1 x28 = (fiat_p384_uint1)(x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint32_t x30 = (x28 + x10); - uint32_t x31 = (x30 >> 8); - uint8_t x32 = (uint8_t)(x30 & UINT8_C(0xff)); - uint32_t x33 = (x31 >> 8); + uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); + uint32_t x20 = (0x0 + x11); + uint32_t x21 = (x20 >> 8); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint32_t x23 = (x21 >> 8); + uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); + uint8_t x25 = (uint8_t)(x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint8_t x27 = (uint8_t)(x25 & UINT8_C(0xff)); + uint32_t x28 = (0x0 + x10); + uint32_t x29 = (x28 >> 8); + uint8_t x30 = (uint8_t)(x28 & UINT8_C(0xff)); + uint32_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint8_t x33 = (uint8_t)(x31 >> 8); uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 >> 8); - uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); - fiat_p384_uint1 x37 = (fiat_p384_uint1)(x35 >> 8); - uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); - uint32_t x39 = (x37 + x9); - uint32_t x40 = (x39 >> 8); - uint8_t x41 = (uint8_t)(x39 & UINT8_C(0xff)); - uint32_t x42 = (x40 >> 8); - uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); - uint8_t x44 = (uint8_t)(x42 >> 8); - uint8_t x45 = (uint8_t)(x42 & UINT8_C(0xff)); - fiat_p384_uint1 x46 = (fiat_p384_uint1)(x44 >> 8); - uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); - uint32_t x48 = (x46 + x8); - uint32_t x49 = (x48 >> 8); - uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); - uint32_t x51 = (x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint8_t x53 = (uint8_t)(x51 >> 8); - uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - fiat_p384_uint1 x55 = (fiat_p384_uint1)(x53 >> 8); + uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); + uint32_t x36 = (0x0 + x9); + uint32_t x37 = (x36 >> 8); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint32_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); + uint8_t x41 = (uint8_t)(x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); + uint32_t x44 = (0x0 + x8); + uint32_t x45 = (x44 >> 8); + uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); + uint32_t x47 = (x45 >> 8); + uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 >> 8); + uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); + uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); + uint32_t x52 = (0x0 + x7); + uint32_t x53 = (x52 >> 8); + uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); + uint32_t x55 = (x53 >> 8); uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint32_t x57 = (x55 + x7); - uint32_t x58 = (x57 >> 8); + uint8_t x57 = (uint8_t)(x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); uint8_t x59 = (uint8_t)(x57 & UINT8_C(0xff)); - uint32_t x60 = (x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint8_t x62 = (uint8_t)(x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - fiat_p384_uint1 x64 = (fiat_p384_uint1)(x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint32_t x66 = (x64 + x6); - uint32_t x67 = (x66 >> 8); - uint8_t x68 = (uint8_t)(x66 & UINT8_C(0xff)); - uint32_t x69 = (x67 >> 8); - uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); - uint8_t x71 = (uint8_t)(x69 >> 8); + uint32_t x60 = (0x0 + x6); + uint32_t x61 = (x60 >> 8); + uint8_t x62 = (uint8_t)(x60 & UINT8_C(0xff)); + uint32_t x63 = (x61 >> 8); + uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); + uint8_t x65 = (uint8_t)(x63 >> 8); + uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); + uint8_t x67 = (uint8_t)(x65 & UINT8_C(0xff)); + uint32_t x68 = (0x0 + x5); + uint32_t x69 = (x68 >> 8); + uint8_t x70 = (uint8_t)(x68 & UINT8_C(0xff)); + uint32_t x71 = (x69 >> 8); uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff)); - fiat_p384_uint1 x73 = (fiat_p384_uint1)(x71 >> 8); + uint8_t x73 = (uint8_t)(x71 >> 8); uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); - uint32_t x75 = (x73 + x5); - uint32_t x76 = (x75 >> 8); - uint8_t x77 = (uint8_t)(x75 & UINT8_C(0xff)); - uint32_t x78 = (x76 >> 8); - uint8_t x79 = (uint8_t)(x76 & UINT8_C(0xff)); - uint8_t x80 = (uint8_t)(x78 >> 8); - uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); - fiat_p384_uint1 x82 = (fiat_p384_uint1)(x80 >> 8); - uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); - uint32_t x84 = (x82 + x4); + uint8_t x75 = (uint8_t)(x73 & UINT8_C(0xff)); + uint32_t x76 = (0x0 + x4); + uint32_t x77 = (x76 >> 8); + uint8_t x78 = (uint8_t)(x76 & UINT8_C(0xff)); + uint32_t x79 = (x77 >> 8); + uint8_t x80 = (uint8_t)(x77 & UINT8_C(0xff)); + uint8_t x81 = (uint8_t)(x79 >> 8); + uint8_t x82 = (uint8_t)(x79 & UINT8_C(0xff)); + uint8_t x83 = (uint8_t)(x81 & UINT8_C(0xff)); + uint32_t x84 = (0x0 + x3); uint32_t x85 = (x84 >> 8); uint8_t x86 = (uint8_t)(x84 & UINT8_C(0xff)); uint32_t x87 = (x85 >> 8); uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); uint8_t x89 = (uint8_t)(x87 >> 8); uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); - fiat_p384_uint1 x91 = (fiat_p384_uint1)(x89 >> 8); - uint8_t x92 = (uint8_t)(x89 & UINT8_C(0xff)); - uint32_t x93 = (x91 + x3); - uint32_t x94 = (x93 >> 8); - uint8_t x95 = (uint8_t)(x93 & UINT8_C(0xff)); - uint32_t x96 = (x94 >> 8); - uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); - uint8_t x98 = (uint8_t)(x96 >> 8); - uint8_t x99 = (uint8_t)(x96 & UINT8_C(0xff)); - fiat_p384_uint1 x100 = (fiat_p384_uint1)(x98 >> 8); - uint8_t x101 = (uint8_t)(x98 & UINT8_C(0xff)); - uint32_t x102 = (x100 + x2); - uint32_t x103 = (x102 >> 8); - uint8_t x104 = (uint8_t)(x102 & UINT8_C(0xff)); - uint32_t x105 = (x103 >> 8); + uint8_t x91 = (uint8_t)(x89 & UINT8_C(0xff)); + uint32_t x92 = (0x0 + x2); + uint32_t x93 = (x92 >> 8); + uint8_t x94 = (uint8_t)(x92 & UINT8_C(0xff)); + uint32_t x95 = (x93 >> 8); + uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); + uint8_t x97 = (uint8_t)(x95 >> 8); + uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); + uint8_t x99 = (uint8_t)(x97 & UINT8_C(0xff)); + uint32_t x100 = (0x0 + x1); + uint32_t x101 = (x100 >> 8); + uint8_t x102 = (uint8_t)(x100 & UINT8_C(0xff)); + uint32_t x103 = (x101 >> 8); + uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); + uint8_t x105 = (uint8_t)(x103 >> 8); uint8_t x106 = (uint8_t)(x103 & UINT8_C(0xff)); - uint8_t x107 = (uint8_t)(x105 >> 8); - uint8_t x108 = (uint8_t)(x105 & UINT8_C(0xff)); - fiat_p384_uint1 x109 = (fiat_p384_uint1)(x107 >> 8); - uint8_t x110 = (uint8_t)(x107 & UINT8_C(0xff)); - uint32_t x111 = (x109 + x1); - uint32_t x112 = (x111 >> 8); - uint8_t x113 = (uint8_t)(x111 & UINT8_C(0xff)); - uint32_t x114 = (x112 >> 8); - uint8_t x115 = (uint8_t)(x112 & UINT8_C(0xff)); - uint8_t x116 = (uint8_t)(x114 >> 8); - uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); out1[0] = x14; out1[1] = x16; out1[2] = x18; - out1[3] = x20; - out1[4] = x23; - out1[5] = x25; - out1[6] = x27; - out1[7] = x29; - out1[8] = x32; - out1[9] = x34; - out1[10] = x36; - out1[11] = x38; - out1[12] = x41; - out1[13] = x43; - out1[14] = x45; - out1[15] = x47; - out1[16] = x50; - out1[17] = x52; - out1[18] = x54; - out1[19] = x56; - out1[20] = x59; - out1[21] = x61; - out1[22] = x63; - out1[23] = x65; - out1[24] = x68; - out1[25] = x70; - out1[26] = x72; - out1[27] = x74; - out1[28] = x77; - out1[29] = x79; - out1[30] = x81; - out1[31] = x83; - out1[32] = x86; - out1[33] = x88; - out1[34] = x90; - out1[35] = x92; - out1[36] = x95; - out1[37] = x97; - out1[38] = x99; - out1[39] = x101; - out1[40] = x104; - out1[41] = x106; - out1[42] = x108; - out1[43] = x110; - out1[44] = x113; - out1[45] = x115; - out1[46] = x117; - out1[47] = x116; + out1[3] = x19; + out1[4] = x22; + out1[5] = x24; + out1[6] = x26; + out1[7] = x27; + out1[8] = x30; + out1[9] = x32; + out1[10] = x34; + out1[11] = x35; + out1[12] = x38; + out1[13] = x40; + out1[14] = x42; + out1[15] = x43; + out1[16] = x46; + out1[17] = x48; + out1[18] = x50; + out1[19] = x51; + out1[20] = x54; + out1[21] = x56; + out1[22] = x58; + out1[23] = x59; + out1[24] = x62; + out1[25] = x64; + out1[26] = x66; + out1[27] = x67; + out1[28] = x70; + out1[29] = x72; + out1[30] = x74; + out1[31] = x75; + out1[32] = x78; + out1[33] = x80; + out1[34] = x82; + out1[35] = x83; + out1[36] = x86; + out1[37] = x88; + out1[38] = x90; + out1[39] = x91; + out1[40] = x94; + out1[41] = x96; + out1[42] = x98; + out1[43] = x99; + out1[44] = x102; + out1[45] = x104; + out1[46] = x106; + out1[47] = x105; } /* @@ -7505,61 +7458,50 @@ static void fiat_p384_from_bytes(uint32_t out1[12], const uint8_t arg1[48]) { uint32_t x47 = ((uint32_t)(arg1[1]) << 8); uint8_t x48 = (arg1[0]); uint32_t x49 = (x48 + (x47 + (x46 + x45))); - fiat_p384_uint1 x50 = (fiat_p384_uint1)((uint64_t)x49 >> 32); - uint32_t x51 = (x49 & UINT32_C(0xffffffff)); - uint32_t x52 = (x4 + (x3 + (x2 + x1))); - uint32_t x53 = (x8 + (x7 + (x6 + x5))); - uint32_t x54 = (x12 + (x11 + (x10 + x9))); - uint32_t x55 = (x16 + (x15 + (x14 + x13))); - uint32_t x56 = (x20 + (x19 + (x18 + x17))); - uint32_t x57 = (x24 + (x23 + (x22 + x21))); - uint32_t x58 = (x28 + (x27 + (x26 + x25))); - uint32_t x59 = (x32 + (x31 + (x30 + x29))); - uint32_t x60 = (x36 + (x35 + (x34 + x33))); - uint32_t x61 = (x40 + (x39 + (x38 + x37))); - uint32_t x62 = (x44 + (x43 + (x42 + x41))); - uint32_t x63 = (x50 + x62); - fiat_p384_uint1 x64 = (fiat_p384_uint1)((uint64_t)x63 >> 32); - uint32_t x65 = (x63 & UINT32_C(0xffffffff)); - uint32_t x66 = (x64 + x61); - fiat_p384_uint1 x67 = (fiat_p384_uint1)((uint64_t)x66 >> 32); - uint32_t x68 = (x66 & UINT32_C(0xffffffff)); - uint32_t x69 = (x67 + x60); - fiat_p384_uint1 x70 = (fiat_p384_uint1)((uint64_t)x69 >> 32); - uint32_t x71 = (x69 & UINT32_C(0xffffffff)); - uint32_t x72 = (x70 + x59); - fiat_p384_uint1 x73 = (fiat_p384_uint1)((uint64_t)x72 >> 32); - uint32_t x74 = (x72 & UINT32_C(0xffffffff)); - uint32_t x75 = (x73 + x58); - fiat_p384_uint1 x76 = (fiat_p384_uint1)((uint64_t)x75 >> 32); - uint32_t x77 = (x75 & UINT32_C(0xffffffff)); - uint32_t x78 = (x76 + x57); - fiat_p384_uint1 x79 = (fiat_p384_uint1)((uint64_t)x78 >> 32); - uint32_t x80 = (x78 & UINT32_C(0xffffffff)); - uint32_t x81 = (x79 + x56); - fiat_p384_uint1 x82 = (fiat_p384_uint1)((uint64_t)x81 >> 32); - uint32_t x83 = (x81 & UINT32_C(0xffffffff)); - uint32_t x84 = (x82 + x55); - fiat_p384_uint1 x85 = (fiat_p384_uint1)((uint64_t)x84 >> 32); - uint32_t x86 = (x84 & UINT32_C(0xffffffff)); - uint32_t x87 = (x85 + x54); - fiat_p384_uint1 x88 = (fiat_p384_uint1)((uint64_t)x87 >> 32); - uint32_t x89 = (x87 & UINT32_C(0xffffffff)); - uint32_t x90 = (x88 + x53); - fiat_p384_uint1 x91 = (fiat_p384_uint1)((uint64_t)x90 >> 32); - uint32_t x92 = (x90 & UINT32_C(0xffffffff)); - uint32_t x93 = (x91 + x52); - out1[0] = x51; - out1[1] = x65; - out1[2] = x68; - out1[3] = x71; - out1[4] = x74; - out1[5] = x77; - out1[6] = x80; - out1[7] = x83; - out1[8] = x86; - out1[9] = x89; - out1[10] = x92; - out1[11] = x93; + uint32_t x50 = (x49 & UINT32_C(0xffffffff)); + uint32_t x51 = (x4 + (x3 + (x2 + x1))); + uint32_t x52 = (x8 + (x7 + (x6 + x5))); + uint32_t x53 = (x12 + (x11 + (x10 + x9))); + uint32_t x54 = (x16 + (x15 + (x14 + x13))); + uint32_t x55 = (x20 + (x19 + (x18 + x17))); + uint32_t x56 = (x24 + (x23 + (x22 + x21))); + uint32_t x57 = (x28 + (x27 + (x26 + x25))); + uint32_t x58 = (x32 + (x31 + (x30 + x29))); + uint32_t x59 = (x36 + (x35 + (x34 + x33))); + uint32_t x60 = (x40 + (x39 + (x38 + x37))); + uint32_t x61 = (x44 + (x43 + (x42 + x41))); + uint32_t x62 = (0x0 + x61); + uint32_t x63 = (x62 & UINT32_C(0xffffffff)); + uint32_t x64 = (0x0 + x60); + uint32_t x65 = (x64 & UINT32_C(0xffffffff)); + uint32_t x66 = (0x0 + x59); + uint32_t x67 = (x66 & UINT32_C(0xffffffff)); + uint32_t x68 = (0x0 + x58); + uint32_t x69 = (x68 & UINT32_C(0xffffffff)); + uint32_t x70 = (0x0 + x57); + uint32_t x71 = (x70 & UINT32_C(0xffffffff)); + uint32_t x72 = (0x0 + x56); + uint32_t x73 = (x72 & UINT32_C(0xffffffff)); + uint32_t x74 = (0x0 + x55); + uint32_t x75 = (x74 & UINT32_C(0xffffffff)); + uint32_t x76 = (0x0 + x54); + uint32_t x77 = (x76 & UINT32_C(0xffffffff)); + uint32_t x78 = (0x0 + x53); + uint32_t x79 = (x78 & UINT32_C(0xffffffff)); + uint32_t x80 = (0x0 + x52); + uint32_t x81 = (x80 & UINT32_C(0xffffffff)); + uint32_t x82 = (0x0 + x51); + out1[0] = x50; + out1[1] = x63; + out1[2] = x65; + out1[3] = x67; + out1[4] = x69; + out1[5] = x71; + out1[6] = x73; + out1[7] = x75; + out1[8] = x77; + out1[9] = x79; + out1[10] = x81; + out1[11] = x82; } diff --git a/p384_64.c b/p384_64.c index 094f27a92b..906996746a 100644 --- a/p384_64.c +++ b/p384_64.c @@ -1851,441 +1851,441 @@ static void fiat_p384_from_montgomery(uint64_t out1[6], const uint64_t arg1[6]) fiat_p384_uint1 x53; fiat_p384_addcarryx_u64(&x52, &x53, x51, 0x0, x40); uint64_t x54; - fiat_p384_uint1 x55; - fiat_p384_addcarryx_u64(&x54, &x55, x41, 0x0, 0x0); + uint64_t x55; + fiat_p384_mulx_u64(&x54, &x55, x42, UINT64_C(0x100000001)); uint64_t x56; - fiat_p384_uint1 x57; - fiat_p384_addcarryx_u64(&x56, &x57, x53, 0x0, (fiat_p384_uint1)x54); + uint64_t x57; + fiat_p384_mulx_u64(&x56, &x57, x54, UINT64_C(0xffffffffffffffff)); uint64_t x58; uint64_t x59; - fiat_p384_mulx_u64(&x58, &x59, x42, UINT64_C(0x100000001)); + fiat_p384_mulx_u64(&x58, &x59, x54, UINT64_C(0xffffffffffffffff)); uint64_t x60; uint64_t x61; - fiat_p384_mulx_u64(&x60, &x61, x58, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x60, &x61, x54, UINT64_C(0xffffffffffffffff)); uint64_t x62; uint64_t x63; - fiat_p384_mulx_u64(&x62, &x63, x58, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x62, &x63, x54, UINT64_C(0xfffffffffffffffe)); uint64_t x64; uint64_t x65; - fiat_p384_mulx_u64(&x64, &x65, x58, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x64, &x65, x54, UINT64_C(0xffffffff00000000)); uint64_t x66; uint64_t x67; - fiat_p384_mulx_u64(&x66, &x67, x58, UINT64_C(0xfffffffffffffffe)); + fiat_p384_mulx_u64(&x66, &x67, x54, UINT32_C(0xffffffff)); uint64_t x68; - uint64_t x69; - fiat_p384_mulx_u64(&x68, &x69, x58, UINT64_C(0xffffffff00000000)); + fiat_p384_uint1 x69; + fiat_p384_addcarryx_u64(&x68, &x69, 0x0, x64, x67); uint64_t x70; - uint64_t x71; - fiat_p384_mulx_u64(&x70, &x71, x58, UINT32_C(0xffffffff)); + fiat_p384_uint1 x71; + fiat_p384_addcarryx_u64(&x70, &x71, x69, x62, x65); uint64_t x72; fiat_p384_uint1 x73; - fiat_p384_addcarryx_u64(&x72, &x73, 0x0, x68, x71); + fiat_p384_addcarryx_u64(&x72, &x73, x71, x60, x63); uint64_t x74; fiat_p384_uint1 x75; - fiat_p384_addcarryx_u64(&x74, &x75, x73, x66, x69); + fiat_p384_addcarryx_u64(&x74, &x75, x73, x58, x61); uint64_t x76; fiat_p384_uint1 x77; - fiat_p384_addcarryx_u64(&x76, &x77, x75, x64, x67); + fiat_p384_addcarryx_u64(&x76, &x77, x75, x56, x59); uint64_t x78; fiat_p384_uint1 x79; - fiat_p384_addcarryx_u64(&x78, &x79, x77, x62, x65); + fiat_p384_addcarryx_u64(&x78, &x79, 0x0, x66, x42); uint64_t x80; fiat_p384_uint1 x81; - fiat_p384_addcarryx_u64(&x80, &x81, x79, x60, x63); + fiat_p384_addcarryx_u64(&x80, &x81, x79, x68, x44); uint64_t x82; fiat_p384_uint1 x83; - fiat_p384_addcarryx_u64(&x82, &x83, 0x0, x70, x42); + fiat_p384_addcarryx_u64(&x82, &x83, x81, x70, x46); uint64_t x84; fiat_p384_uint1 x85; - fiat_p384_addcarryx_u64(&x84, &x85, x83, x72, x44); + fiat_p384_addcarryx_u64(&x84, &x85, x83, x72, x48); uint64_t x86; fiat_p384_uint1 x87; - fiat_p384_addcarryx_u64(&x86, &x87, x85, x74, x46); + fiat_p384_addcarryx_u64(&x86, &x87, x85, x74, x50); uint64_t x88; fiat_p384_uint1 x89; - fiat_p384_addcarryx_u64(&x88, &x89, x87, x76, x48); + fiat_p384_addcarryx_u64(&x88, &x89, x87, x76, x52); uint64_t x90; fiat_p384_uint1 x91; - fiat_p384_addcarryx_u64(&x90, &x91, x89, x78, x50); + fiat_p384_addcarryx_u64(&x90, &x91, x41, 0x0, 0x0); uint64_t x92; fiat_p384_uint1 x93; - fiat_p384_addcarryx_u64(&x92, &x93, x91, x80, x52); + fiat_p384_addcarryx_u64(&x92, &x93, x53, 0x0, (fiat_p384_uint1)x90); uint64_t x94; fiat_p384_uint1 x95; - fiat_p384_addcarryx_u64(&x94, &x95, x81, 0x0, x61); + fiat_p384_addcarryx_u64(&x94, &x95, x77, 0x0, x57); uint64_t x96; fiat_p384_uint1 x97; - fiat_p384_addcarryx_u64(&x96, &x97, x93, x94, x56); + fiat_p384_addcarryx_u64(&x96, &x97, x89, x94, x92); uint64_t x98; fiat_p384_uint1 x99; - fiat_p384_addcarryx_u64(&x98, &x99, 0x0, (arg1[2]), x84); + fiat_p384_addcarryx_u64(&x98, &x99, 0x0, (arg1[2]), x80); uint64_t x100; fiat_p384_uint1 x101; - fiat_p384_addcarryx_u64(&x100, &x101, x99, 0x0, x86); + fiat_p384_addcarryx_u64(&x100, &x101, x99, 0x0, x82); uint64_t x102; fiat_p384_uint1 x103; - fiat_p384_addcarryx_u64(&x102, &x103, x101, 0x0, x88); + fiat_p384_addcarryx_u64(&x102, &x103, x101, 0x0, x84); uint64_t x104; fiat_p384_uint1 x105; - fiat_p384_addcarryx_u64(&x104, &x105, x103, 0x0, x90); + fiat_p384_addcarryx_u64(&x104, &x105, x103, 0x0, x86); uint64_t x106; fiat_p384_uint1 x107; - fiat_p384_addcarryx_u64(&x106, &x107, x105, 0x0, x92); + fiat_p384_addcarryx_u64(&x106, &x107, x105, 0x0, x88); uint64_t x108; fiat_p384_uint1 x109; fiat_p384_addcarryx_u64(&x108, &x109, x107, 0x0, x96); uint64_t x110; - fiat_p384_uint1 x111; - fiat_p384_addcarryx_u64(&x110, &x111, x97, 0x0, x57); + uint64_t x111; + fiat_p384_mulx_u64(&x110, &x111, x98, UINT64_C(0x100000001)); uint64_t x112; - fiat_p384_uint1 x113; - fiat_p384_addcarryx_u64(&x112, &x113, x109, 0x0, (fiat_p384_uint1)x110); + uint64_t x113; + fiat_p384_mulx_u64(&x112, &x113, x110, UINT64_C(0xffffffffffffffff)); uint64_t x114; uint64_t x115; - fiat_p384_mulx_u64(&x114, &x115, x98, UINT64_C(0x100000001)); + fiat_p384_mulx_u64(&x114, &x115, x110, UINT64_C(0xffffffffffffffff)); uint64_t x116; uint64_t x117; - fiat_p384_mulx_u64(&x116, &x117, x114, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x116, &x117, x110, UINT64_C(0xffffffffffffffff)); uint64_t x118; uint64_t x119; - fiat_p384_mulx_u64(&x118, &x119, x114, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x118, &x119, x110, UINT64_C(0xfffffffffffffffe)); uint64_t x120; uint64_t x121; - fiat_p384_mulx_u64(&x120, &x121, x114, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x120, &x121, x110, UINT64_C(0xffffffff00000000)); uint64_t x122; uint64_t x123; - fiat_p384_mulx_u64(&x122, &x123, x114, UINT64_C(0xfffffffffffffffe)); + fiat_p384_mulx_u64(&x122, &x123, x110, UINT32_C(0xffffffff)); uint64_t x124; - uint64_t x125; - fiat_p384_mulx_u64(&x124, &x125, x114, UINT64_C(0xffffffff00000000)); + fiat_p384_uint1 x125; + fiat_p384_addcarryx_u64(&x124, &x125, 0x0, x120, x123); uint64_t x126; - uint64_t x127; - fiat_p384_mulx_u64(&x126, &x127, x114, UINT32_C(0xffffffff)); + fiat_p384_uint1 x127; + fiat_p384_addcarryx_u64(&x126, &x127, x125, x118, x121); uint64_t x128; fiat_p384_uint1 x129; - fiat_p384_addcarryx_u64(&x128, &x129, 0x0, x124, x127); + fiat_p384_addcarryx_u64(&x128, &x129, x127, x116, x119); uint64_t x130; fiat_p384_uint1 x131; - fiat_p384_addcarryx_u64(&x130, &x131, x129, x122, x125); + fiat_p384_addcarryx_u64(&x130, &x131, x129, x114, x117); uint64_t x132; fiat_p384_uint1 x133; - fiat_p384_addcarryx_u64(&x132, &x133, x131, x120, x123); + fiat_p384_addcarryx_u64(&x132, &x133, x131, x112, x115); uint64_t x134; fiat_p384_uint1 x135; - fiat_p384_addcarryx_u64(&x134, &x135, x133, x118, x121); + fiat_p384_addcarryx_u64(&x134, &x135, 0x0, x122, x98); uint64_t x136; fiat_p384_uint1 x137; - fiat_p384_addcarryx_u64(&x136, &x137, x135, x116, x119); + fiat_p384_addcarryx_u64(&x136, &x137, x135, x124, x100); uint64_t x138; fiat_p384_uint1 x139; - fiat_p384_addcarryx_u64(&x138, &x139, 0x0, x126, x98); + fiat_p384_addcarryx_u64(&x138, &x139, x137, x126, x102); uint64_t x140; fiat_p384_uint1 x141; - fiat_p384_addcarryx_u64(&x140, &x141, x139, x128, x100); + fiat_p384_addcarryx_u64(&x140, &x141, x139, x128, x104); uint64_t x142; fiat_p384_uint1 x143; - fiat_p384_addcarryx_u64(&x142, &x143, x141, x130, x102); + fiat_p384_addcarryx_u64(&x142, &x143, x141, x130, x106); uint64_t x144; fiat_p384_uint1 x145; - fiat_p384_addcarryx_u64(&x144, &x145, x143, x132, x104); + fiat_p384_addcarryx_u64(&x144, &x145, x143, x132, x108); uint64_t x146; fiat_p384_uint1 x147; - fiat_p384_addcarryx_u64(&x146, &x147, x145, x134, x106); + fiat_p384_addcarryx_u64(&x146, &x147, x97, 0x0, 0x0); uint64_t x148; fiat_p384_uint1 x149; - fiat_p384_addcarryx_u64(&x148, &x149, x147, x136, x108); + fiat_p384_addcarryx_u64(&x148, &x149, x109, 0x0, (fiat_p384_uint1)x146); uint64_t x150; fiat_p384_uint1 x151; - fiat_p384_addcarryx_u64(&x150, &x151, x137, 0x0, x117); + fiat_p384_addcarryx_u64(&x150, &x151, x133, 0x0, x113); uint64_t x152; fiat_p384_uint1 x153; - fiat_p384_addcarryx_u64(&x152, &x153, x149, x150, x112); + fiat_p384_addcarryx_u64(&x152, &x153, x145, x150, x148); uint64_t x154; fiat_p384_uint1 x155; - fiat_p384_addcarryx_u64(&x154, &x155, 0x0, (arg1[3]), x140); + fiat_p384_addcarryx_u64(&x154, &x155, 0x0, (arg1[3]), x136); uint64_t x156; fiat_p384_uint1 x157; - fiat_p384_addcarryx_u64(&x156, &x157, x155, 0x0, x142); + fiat_p384_addcarryx_u64(&x156, &x157, x155, 0x0, x138); uint64_t x158; fiat_p384_uint1 x159; - fiat_p384_addcarryx_u64(&x158, &x159, x157, 0x0, x144); + fiat_p384_addcarryx_u64(&x158, &x159, x157, 0x0, x140); uint64_t x160; fiat_p384_uint1 x161; - fiat_p384_addcarryx_u64(&x160, &x161, x159, 0x0, x146); + fiat_p384_addcarryx_u64(&x160, &x161, x159, 0x0, x142); uint64_t x162; fiat_p384_uint1 x163; - fiat_p384_addcarryx_u64(&x162, &x163, x161, 0x0, x148); + fiat_p384_addcarryx_u64(&x162, &x163, x161, 0x0, x144); uint64_t x164; fiat_p384_uint1 x165; fiat_p384_addcarryx_u64(&x164, &x165, x163, 0x0, x152); uint64_t x166; - fiat_p384_uint1 x167; - fiat_p384_addcarryx_u64(&x166, &x167, x153, 0x0, x113); + uint64_t x167; + fiat_p384_mulx_u64(&x166, &x167, x154, UINT64_C(0x100000001)); uint64_t x168; - fiat_p384_uint1 x169; - fiat_p384_addcarryx_u64(&x168, &x169, x165, 0x0, (fiat_p384_uint1)x166); + uint64_t x169; + fiat_p384_mulx_u64(&x168, &x169, x166, UINT64_C(0xffffffffffffffff)); uint64_t x170; uint64_t x171; - fiat_p384_mulx_u64(&x170, &x171, x154, UINT64_C(0x100000001)); + fiat_p384_mulx_u64(&x170, &x171, x166, UINT64_C(0xffffffffffffffff)); uint64_t x172; uint64_t x173; - fiat_p384_mulx_u64(&x172, &x173, x170, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x172, &x173, x166, UINT64_C(0xffffffffffffffff)); uint64_t x174; uint64_t x175; - fiat_p384_mulx_u64(&x174, &x175, x170, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x174, &x175, x166, UINT64_C(0xfffffffffffffffe)); uint64_t x176; uint64_t x177; - fiat_p384_mulx_u64(&x176, &x177, x170, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x176, &x177, x166, UINT64_C(0xffffffff00000000)); uint64_t x178; uint64_t x179; - fiat_p384_mulx_u64(&x178, &x179, x170, UINT64_C(0xfffffffffffffffe)); + fiat_p384_mulx_u64(&x178, &x179, x166, UINT32_C(0xffffffff)); uint64_t x180; - uint64_t x181; - fiat_p384_mulx_u64(&x180, &x181, x170, UINT64_C(0xffffffff00000000)); + fiat_p384_uint1 x181; + fiat_p384_addcarryx_u64(&x180, &x181, 0x0, x176, x179); uint64_t x182; - uint64_t x183; - fiat_p384_mulx_u64(&x182, &x183, x170, UINT32_C(0xffffffff)); + fiat_p384_uint1 x183; + fiat_p384_addcarryx_u64(&x182, &x183, x181, x174, x177); uint64_t x184; fiat_p384_uint1 x185; - fiat_p384_addcarryx_u64(&x184, &x185, 0x0, x180, x183); + fiat_p384_addcarryx_u64(&x184, &x185, x183, x172, x175); uint64_t x186; fiat_p384_uint1 x187; - fiat_p384_addcarryx_u64(&x186, &x187, x185, x178, x181); + fiat_p384_addcarryx_u64(&x186, &x187, x185, x170, x173); uint64_t x188; fiat_p384_uint1 x189; - fiat_p384_addcarryx_u64(&x188, &x189, x187, x176, x179); + fiat_p384_addcarryx_u64(&x188, &x189, x187, x168, x171); uint64_t x190; fiat_p384_uint1 x191; - fiat_p384_addcarryx_u64(&x190, &x191, x189, x174, x177); + fiat_p384_addcarryx_u64(&x190, &x191, 0x0, x178, x154); uint64_t x192; fiat_p384_uint1 x193; - fiat_p384_addcarryx_u64(&x192, &x193, x191, x172, x175); + fiat_p384_addcarryx_u64(&x192, &x193, x191, x180, x156); uint64_t x194; fiat_p384_uint1 x195; - fiat_p384_addcarryx_u64(&x194, &x195, 0x0, x182, x154); + fiat_p384_addcarryx_u64(&x194, &x195, x193, x182, x158); uint64_t x196; fiat_p384_uint1 x197; - fiat_p384_addcarryx_u64(&x196, &x197, x195, x184, x156); + fiat_p384_addcarryx_u64(&x196, &x197, x195, x184, x160); uint64_t x198; fiat_p384_uint1 x199; - fiat_p384_addcarryx_u64(&x198, &x199, x197, x186, x158); + fiat_p384_addcarryx_u64(&x198, &x199, x197, x186, x162); uint64_t x200; fiat_p384_uint1 x201; - fiat_p384_addcarryx_u64(&x200, &x201, x199, x188, x160); + fiat_p384_addcarryx_u64(&x200, &x201, x199, x188, x164); uint64_t x202; fiat_p384_uint1 x203; - fiat_p384_addcarryx_u64(&x202, &x203, x201, x190, x162); + fiat_p384_addcarryx_u64(&x202, &x203, x153, 0x0, 0x0); uint64_t x204; fiat_p384_uint1 x205; - fiat_p384_addcarryx_u64(&x204, &x205, x203, x192, x164); + fiat_p384_addcarryx_u64(&x204, &x205, x165, 0x0, (fiat_p384_uint1)x202); uint64_t x206; fiat_p384_uint1 x207; - fiat_p384_addcarryx_u64(&x206, &x207, x193, 0x0, x173); + fiat_p384_addcarryx_u64(&x206, &x207, x189, 0x0, x169); uint64_t x208; fiat_p384_uint1 x209; - fiat_p384_addcarryx_u64(&x208, &x209, x205, x206, x168); + fiat_p384_addcarryx_u64(&x208, &x209, x201, x206, x204); uint64_t x210; fiat_p384_uint1 x211; - fiat_p384_addcarryx_u64(&x210, &x211, 0x0, (arg1[4]), x196); + fiat_p384_addcarryx_u64(&x210, &x211, 0x0, (arg1[4]), x192); uint64_t x212; fiat_p384_uint1 x213; - fiat_p384_addcarryx_u64(&x212, &x213, x211, 0x0, x198); + fiat_p384_addcarryx_u64(&x212, &x213, x211, 0x0, x194); uint64_t x214; fiat_p384_uint1 x215; - fiat_p384_addcarryx_u64(&x214, &x215, x213, 0x0, x200); + fiat_p384_addcarryx_u64(&x214, &x215, x213, 0x0, x196); uint64_t x216; fiat_p384_uint1 x217; - fiat_p384_addcarryx_u64(&x216, &x217, x215, 0x0, x202); + fiat_p384_addcarryx_u64(&x216, &x217, x215, 0x0, x198); uint64_t x218; fiat_p384_uint1 x219; - fiat_p384_addcarryx_u64(&x218, &x219, x217, 0x0, x204); + fiat_p384_addcarryx_u64(&x218, &x219, x217, 0x0, x200); uint64_t x220; fiat_p384_uint1 x221; fiat_p384_addcarryx_u64(&x220, &x221, x219, 0x0, x208); uint64_t x222; - fiat_p384_uint1 x223; - fiat_p384_addcarryx_u64(&x222, &x223, x209, 0x0, x169); + uint64_t x223; + fiat_p384_mulx_u64(&x222, &x223, x210, UINT64_C(0x100000001)); uint64_t x224; - fiat_p384_uint1 x225; - fiat_p384_addcarryx_u64(&x224, &x225, x221, 0x0, (fiat_p384_uint1)x222); + uint64_t x225; + fiat_p384_mulx_u64(&x224, &x225, x222, UINT64_C(0xffffffffffffffff)); uint64_t x226; uint64_t x227; - fiat_p384_mulx_u64(&x226, &x227, x210, UINT64_C(0x100000001)); + fiat_p384_mulx_u64(&x226, &x227, x222, UINT64_C(0xffffffffffffffff)); uint64_t x228; uint64_t x229; - fiat_p384_mulx_u64(&x228, &x229, x226, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x228, &x229, x222, UINT64_C(0xffffffffffffffff)); uint64_t x230; uint64_t x231; - fiat_p384_mulx_u64(&x230, &x231, x226, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x230, &x231, x222, UINT64_C(0xfffffffffffffffe)); uint64_t x232; uint64_t x233; - fiat_p384_mulx_u64(&x232, &x233, x226, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x232, &x233, x222, UINT64_C(0xffffffff00000000)); uint64_t x234; uint64_t x235; - fiat_p384_mulx_u64(&x234, &x235, x226, UINT64_C(0xfffffffffffffffe)); + fiat_p384_mulx_u64(&x234, &x235, x222, UINT32_C(0xffffffff)); uint64_t x236; - uint64_t x237; - fiat_p384_mulx_u64(&x236, &x237, x226, UINT64_C(0xffffffff00000000)); + fiat_p384_uint1 x237; + fiat_p384_addcarryx_u64(&x236, &x237, 0x0, x232, x235); uint64_t x238; - uint64_t x239; - fiat_p384_mulx_u64(&x238, &x239, x226, UINT32_C(0xffffffff)); + fiat_p384_uint1 x239; + fiat_p384_addcarryx_u64(&x238, &x239, x237, x230, x233); uint64_t x240; fiat_p384_uint1 x241; - fiat_p384_addcarryx_u64(&x240, &x241, 0x0, x236, x239); + fiat_p384_addcarryx_u64(&x240, &x241, x239, x228, x231); uint64_t x242; fiat_p384_uint1 x243; - fiat_p384_addcarryx_u64(&x242, &x243, x241, x234, x237); + fiat_p384_addcarryx_u64(&x242, &x243, x241, x226, x229); uint64_t x244; fiat_p384_uint1 x245; - fiat_p384_addcarryx_u64(&x244, &x245, x243, x232, x235); + fiat_p384_addcarryx_u64(&x244, &x245, x243, x224, x227); uint64_t x246; fiat_p384_uint1 x247; - fiat_p384_addcarryx_u64(&x246, &x247, x245, x230, x233); + fiat_p384_addcarryx_u64(&x246, &x247, 0x0, x234, x210); uint64_t x248; fiat_p384_uint1 x249; - fiat_p384_addcarryx_u64(&x248, &x249, x247, x228, x231); + fiat_p384_addcarryx_u64(&x248, &x249, x247, x236, x212); uint64_t x250; fiat_p384_uint1 x251; - fiat_p384_addcarryx_u64(&x250, &x251, 0x0, x238, x210); + fiat_p384_addcarryx_u64(&x250, &x251, x249, x238, x214); uint64_t x252; fiat_p384_uint1 x253; - fiat_p384_addcarryx_u64(&x252, &x253, x251, x240, x212); + fiat_p384_addcarryx_u64(&x252, &x253, x251, x240, x216); uint64_t x254; fiat_p384_uint1 x255; - fiat_p384_addcarryx_u64(&x254, &x255, x253, x242, x214); + fiat_p384_addcarryx_u64(&x254, &x255, x253, x242, x218); uint64_t x256; fiat_p384_uint1 x257; - fiat_p384_addcarryx_u64(&x256, &x257, x255, x244, x216); + fiat_p384_addcarryx_u64(&x256, &x257, x255, x244, x220); uint64_t x258; fiat_p384_uint1 x259; - fiat_p384_addcarryx_u64(&x258, &x259, x257, x246, x218); + fiat_p384_addcarryx_u64(&x258, &x259, x209, 0x0, 0x0); uint64_t x260; fiat_p384_uint1 x261; - fiat_p384_addcarryx_u64(&x260, &x261, x259, x248, x220); + fiat_p384_addcarryx_u64(&x260, &x261, x221, 0x0, (fiat_p384_uint1)x258); uint64_t x262; fiat_p384_uint1 x263; - fiat_p384_addcarryx_u64(&x262, &x263, x249, 0x0, x229); + fiat_p384_addcarryx_u64(&x262, &x263, x245, 0x0, x225); uint64_t x264; fiat_p384_uint1 x265; - fiat_p384_addcarryx_u64(&x264, &x265, x261, x262, x224); + fiat_p384_addcarryx_u64(&x264, &x265, x257, x262, x260); uint64_t x266; fiat_p384_uint1 x267; - fiat_p384_addcarryx_u64(&x266, &x267, 0x0, (arg1[5]), x252); + fiat_p384_addcarryx_u64(&x266, &x267, 0x0, (arg1[5]), x248); uint64_t x268; fiat_p384_uint1 x269; - fiat_p384_addcarryx_u64(&x268, &x269, x267, 0x0, x254); + fiat_p384_addcarryx_u64(&x268, &x269, x267, 0x0, x250); uint64_t x270; fiat_p384_uint1 x271; - fiat_p384_addcarryx_u64(&x270, &x271, x269, 0x0, x256); + fiat_p384_addcarryx_u64(&x270, &x271, x269, 0x0, x252); uint64_t x272; fiat_p384_uint1 x273; - fiat_p384_addcarryx_u64(&x272, &x273, x271, 0x0, x258); + fiat_p384_addcarryx_u64(&x272, &x273, x271, 0x0, x254); uint64_t x274; fiat_p384_uint1 x275; - fiat_p384_addcarryx_u64(&x274, &x275, x273, 0x0, x260); + fiat_p384_addcarryx_u64(&x274, &x275, x273, 0x0, x256); uint64_t x276; fiat_p384_uint1 x277; fiat_p384_addcarryx_u64(&x276, &x277, x275, 0x0, x264); uint64_t x278; - fiat_p384_uint1 x279; - fiat_p384_addcarryx_u64(&x278, &x279, x265, 0x0, x225); + uint64_t x279; + fiat_p384_mulx_u64(&x278, &x279, x266, UINT64_C(0x100000001)); uint64_t x280; - fiat_p384_uint1 x281; - fiat_p384_addcarryx_u64(&x280, &x281, x277, 0x0, (fiat_p384_uint1)x278); + uint64_t x281; + fiat_p384_mulx_u64(&x280, &x281, x278, UINT64_C(0xffffffffffffffff)); uint64_t x282; uint64_t x283; - fiat_p384_mulx_u64(&x282, &x283, x266, UINT64_C(0x100000001)); + fiat_p384_mulx_u64(&x282, &x283, x278, UINT64_C(0xffffffffffffffff)); uint64_t x284; uint64_t x285; - fiat_p384_mulx_u64(&x284, &x285, x282, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x284, &x285, x278, UINT64_C(0xffffffffffffffff)); uint64_t x286; uint64_t x287; - fiat_p384_mulx_u64(&x286, &x287, x282, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x286, &x287, x278, UINT64_C(0xfffffffffffffffe)); uint64_t x288; uint64_t x289; - fiat_p384_mulx_u64(&x288, &x289, x282, UINT64_C(0xffffffffffffffff)); + fiat_p384_mulx_u64(&x288, &x289, x278, UINT64_C(0xffffffff00000000)); uint64_t x290; uint64_t x291; - fiat_p384_mulx_u64(&x290, &x291, x282, UINT64_C(0xfffffffffffffffe)); + fiat_p384_mulx_u64(&x290, &x291, x278, UINT32_C(0xffffffff)); uint64_t x292; - uint64_t x293; - fiat_p384_mulx_u64(&x292, &x293, x282, UINT64_C(0xffffffff00000000)); + fiat_p384_uint1 x293; + fiat_p384_addcarryx_u64(&x292, &x293, 0x0, x288, x291); uint64_t x294; - uint64_t x295; - fiat_p384_mulx_u64(&x294, &x295, x282, UINT32_C(0xffffffff)); + fiat_p384_uint1 x295; + fiat_p384_addcarryx_u64(&x294, &x295, x293, x286, x289); uint64_t x296; fiat_p384_uint1 x297; - fiat_p384_addcarryx_u64(&x296, &x297, 0x0, x292, x295); + fiat_p384_addcarryx_u64(&x296, &x297, x295, x284, x287); uint64_t x298; fiat_p384_uint1 x299; - fiat_p384_addcarryx_u64(&x298, &x299, x297, x290, x293); + fiat_p384_addcarryx_u64(&x298, &x299, x297, x282, x285); uint64_t x300; fiat_p384_uint1 x301; - fiat_p384_addcarryx_u64(&x300, &x301, x299, x288, x291); + fiat_p384_addcarryx_u64(&x300, &x301, x299, x280, x283); uint64_t x302; fiat_p384_uint1 x303; - fiat_p384_addcarryx_u64(&x302, &x303, x301, x286, x289); + fiat_p384_addcarryx_u64(&x302, &x303, 0x0, x290, x266); uint64_t x304; fiat_p384_uint1 x305; - fiat_p384_addcarryx_u64(&x304, &x305, x303, x284, x287); + fiat_p384_addcarryx_u64(&x304, &x305, x303, x292, x268); uint64_t x306; fiat_p384_uint1 x307; - fiat_p384_addcarryx_u64(&x306, &x307, 0x0, x294, x266); + fiat_p384_addcarryx_u64(&x306, &x307, x305, x294, x270); uint64_t x308; fiat_p384_uint1 x309; - fiat_p384_addcarryx_u64(&x308, &x309, x307, x296, x268); + fiat_p384_addcarryx_u64(&x308, &x309, x307, x296, x272); uint64_t x310; fiat_p384_uint1 x311; - fiat_p384_addcarryx_u64(&x310, &x311, x309, x298, x270); + fiat_p384_addcarryx_u64(&x310, &x311, x309, x298, x274); uint64_t x312; fiat_p384_uint1 x313; - fiat_p384_addcarryx_u64(&x312, &x313, x311, x300, x272); + fiat_p384_addcarryx_u64(&x312, &x313, x311, x300, x276); uint64_t x314; fiat_p384_uint1 x315; - fiat_p384_addcarryx_u64(&x314, &x315, x313, x302, x274); + fiat_p384_addcarryx_u64(&x314, &x315, x265, 0x0, 0x0); uint64_t x316; fiat_p384_uint1 x317; - fiat_p384_addcarryx_u64(&x316, &x317, x315, x304, x276); + fiat_p384_addcarryx_u64(&x316, &x317, x277, 0x0, (fiat_p384_uint1)x314); uint64_t x318; fiat_p384_uint1 x319; - fiat_p384_addcarryx_u64(&x318, &x319, x305, 0x0, x285); + fiat_p384_addcarryx_u64(&x318, &x319, x301, 0x0, x281); uint64_t x320; fiat_p384_uint1 x321; - fiat_p384_addcarryx_u64(&x320, &x321, x317, x318, x280); + fiat_p384_addcarryx_u64(&x320, &x321, x313, x318, x316); uint64_t x322; fiat_p384_uint1 x323; - fiat_p384_subborrowx_u64(&x322, &x323, 0x0, x308, UINT32_C(0xffffffff)); + fiat_p384_subborrowx_u64(&x322, &x323, 0x0, x304, UINT32_C(0xffffffff)); uint64_t x324; fiat_p384_uint1 x325; - fiat_p384_subborrowx_u64(&x324, &x325, x323, x310, UINT64_C(0xffffffff00000000)); + fiat_p384_subborrowx_u64(&x324, &x325, x323, x306, UINT64_C(0xffffffff00000000)); uint64_t x326; fiat_p384_uint1 x327; - fiat_p384_subborrowx_u64(&x326, &x327, x325, x312, UINT64_C(0xfffffffffffffffe)); + fiat_p384_subborrowx_u64(&x326, &x327, x325, x308, UINT64_C(0xfffffffffffffffe)); uint64_t x328; fiat_p384_uint1 x329; - fiat_p384_subborrowx_u64(&x328, &x329, x327, x314, UINT64_C(0xffffffffffffffff)); + fiat_p384_subborrowx_u64(&x328, &x329, x327, x310, UINT64_C(0xffffffffffffffff)); uint64_t x330; fiat_p384_uint1 x331; - fiat_p384_subborrowx_u64(&x330, &x331, x329, x316, UINT64_C(0xffffffffffffffff)); + fiat_p384_subborrowx_u64(&x330, &x331, x329, x312, UINT64_C(0xffffffffffffffff)); uint64_t x332; fiat_p384_uint1 x333; fiat_p384_subborrowx_u64(&x332, &x333, x331, x320, UINT64_C(0xffffffffffffffff)); uint64_t x334; fiat_p384_uint1 x335; - fiat_p384_addcarryx_u64(&x334, &x335, x321, 0x0, x281); + fiat_p384_addcarryx_u64(&x334, &x335, x321, 0x0, 0x0); uint64_t x336; fiat_p384_uint1 x337; fiat_p384_subborrowx_u64(&x336, &x337, x333, (fiat_p384_uint1)x334, 0x0); uint64_t x338; - fiat_p384_cmovznz_u64(&x338, x337, x322, x308); + fiat_p384_cmovznz_u64(&x338, x337, x322, x304); uint64_t x339; - fiat_p384_cmovznz_u64(&x339, x337, x324, x310); + fiat_p384_cmovznz_u64(&x339, x337, x324, x306); uint64_t x340; - fiat_p384_cmovznz_u64(&x340, x337, x326, x312); + fiat_p384_cmovznz_u64(&x340, x337, x326, x308); uint64_t x341; - fiat_p384_cmovznz_u64(&x341, x337, x328, x314); + fiat_p384_cmovznz_u64(&x341, x337, x328, x310); uint64_t x342; - fiat_p384_cmovznz_u64(&x342, x337, x330, x316); + fiat_p384_cmovznz_u64(&x342, x337, x330, x312); uint64_t x343; fiat_p384_cmovznz_u64(&x343, x337, x332, x320); out1[0] = x338; @@ -2363,28 +2363,28 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); uint8_t x19 = (uint8_t)(x17 >> 8); uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - fiat_p384_uint1 x21 = (fiat_p384_uint1)(x19 >> 8); - uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); - uint64_t x23 = (x21 + x5); - uint64_t x24 = (x23 >> 8); - uint8_t x25 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x26 = (x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x28 = (x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint64_t x30 = (x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - uint64_t x32 = (x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint64_t x34 = (x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - uint8_t x36 = (uint8_t)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - fiat_p384_uint1 x38 = (fiat_p384_uint1)(x36 >> 8); - uint8_t x39 = (uint8_t)(x36 & UINT8_C(0xff)); - uint64_t x40 = (x38 + x4); - uint64_t x41 = (x40 >> 8); - uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); + uint8_t x21 = (uint8_t)(x19 & UINT8_C(0xff)); + uint64_t x22 = (0x0 + x5); + uint64_t x23 = (x22 >> 8); + uint8_t x24 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint64_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint64_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint64_t x33 = (x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 >> 8); + uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); + uint8_t x37 = (uint8_t)(x35 & UINT8_C(0xff)); + uint64_t x38 = (0x0 + x4); + uint64_t x39 = (x38 >> 8); + uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint64_t x41 = (x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); uint64_t x43 = (x41 >> 8); uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); uint64_t x45 = (x43 >> 8); @@ -2393,61 +2393,56 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); uint64_t x49 = (x47 >> 8); uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint64_t x51 = (x49 >> 8); + uint8_t x51 = (uint8_t)(x49 >> 8); uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint8_t x53 = (uint8_t)(x51 >> 8); - uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - fiat_p384_uint1 x55 = (fiat_p384_uint1)(x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint64_t x57 = (x55 + x3); - uint64_t x58 = (x57 >> 8); - uint8_t x59 = (uint8_t)(x57 & UINT8_C(0xff)); - uint64_t x60 = (x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint64_t x62 = (x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - uint64_t x64 = (x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint64_t x66 = (x64 >> 8); - uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); - uint64_t x68 = (x66 >> 8); - uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); - uint8_t x70 = (uint8_t)(x68 >> 8); - uint8_t x71 = (uint8_t)(x68 & UINT8_C(0xff)); - fiat_p384_uint1 x72 = (fiat_p384_uint1)(x70 >> 8); - uint8_t x73 = (uint8_t)(x70 & UINT8_C(0xff)); - uint64_t x74 = (x72 + x2); - uint64_t x75 = (x74 >> 8); - uint8_t x76 = (uint8_t)(x74 & UINT8_C(0xff)); + uint8_t x53 = (uint8_t)(x51 & UINT8_C(0xff)); + uint64_t x54 = (0x0 + x3); + uint64_t x55 = (x54 >> 8); + uint8_t x56 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x57 = (x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); + uint64_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint64_t x61 = (x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint64_t x63 = (x61 >> 8); + uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); + uint64_t x65 = (x63 >> 8); + uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); + uint8_t x67 = (uint8_t)(x65 >> 8); + uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); + uint8_t x69 = (uint8_t)(x67 & UINT8_C(0xff)); + uint64_t x70 = (0x0 + x2); + uint64_t x71 = (x70 >> 8); + uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff)); + uint64_t x73 = (x71 >> 8); + uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); + uint64_t x75 = (x73 >> 8); + uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff)); uint64_t x77 = (x75 >> 8); uint8_t x78 = (uint8_t)(x75 & UINT8_C(0xff)); uint64_t x79 = (x77 >> 8); uint8_t x80 = (uint8_t)(x77 & UINT8_C(0xff)); uint64_t x81 = (x79 >> 8); uint8_t x82 = (uint8_t)(x79 & UINT8_C(0xff)); - uint64_t x83 = (x81 >> 8); + uint8_t x83 = (uint8_t)(x81 >> 8); uint8_t x84 = (uint8_t)(x81 & UINT8_C(0xff)); - uint64_t x85 = (x83 >> 8); - uint8_t x86 = (uint8_t)(x83 & UINT8_C(0xff)); - uint8_t x87 = (uint8_t)(x85 >> 8); - uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); - fiat_p384_uint1 x89 = (fiat_p384_uint1)(x87 >> 8); + uint8_t x85 = (uint8_t)(x83 & UINT8_C(0xff)); + uint64_t x86 = (0x0 + x1); + uint64_t x87 = (x86 >> 8); + uint8_t x88 = (uint8_t)(x86 & UINT8_C(0xff)); + uint64_t x89 = (x87 >> 8); uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); - uint64_t x91 = (x89 + x1); - uint64_t x92 = (x91 >> 8); - uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff)); - uint64_t x94 = (x92 >> 8); - uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); - uint64_t x96 = (x94 >> 8); - uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); - uint64_t x98 = (x96 >> 8); - uint8_t x99 = (uint8_t)(x96 & UINT8_C(0xff)); - uint64_t x100 = (x98 >> 8); - uint8_t x101 = (uint8_t)(x98 & UINT8_C(0xff)); - uint64_t x102 = (x100 >> 8); - uint8_t x103 = (uint8_t)(x100 & UINT8_C(0xff)); - uint8_t x104 = (uint8_t)(x102 >> 8); - uint8_t x105 = (uint8_t)(x102 & UINT8_C(0xff)); + uint64_t x91 = (x89 >> 8); + uint8_t x92 = (uint8_t)(x89 & UINT8_C(0xff)); + uint64_t x93 = (x91 >> 8); + uint8_t x94 = (uint8_t)(x91 & UINT8_C(0xff)); + uint64_t x95 = (x93 >> 8); + uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); + uint64_t x97 = (x95 >> 8); + uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); + uint8_t x99 = (uint8_t)(x97 >> 8); + uint8_t x100 = (uint8_t)(x97 & UINT8_C(0xff)); out1[0] = x8; out1[1] = x10; out1[2] = x12; @@ -2455,47 +2450,47 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { out1[4] = x16; out1[5] = x18; out1[6] = x20; - out1[7] = x22; - out1[8] = x25; - out1[9] = x27; - out1[10] = x29; - out1[11] = x31; - out1[12] = x33; - out1[13] = x35; - out1[14] = x37; - out1[15] = x39; - out1[16] = x42; - out1[17] = x44; - out1[18] = x46; - out1[19] = x48; - out1[20] = x50; - out1[21] = x52; - out1[22] = x54; - out1[23] = x56; - out1[24] = x59; - out1[25] = x61; - out1[26] = x63; - out1[27] = x65; - out1[28] = x67; - out1[29] = x69; - out1[30] = x71; - out1[31] = x73; - out1[32] = x76; - out1[33] = x78; - out1[34] = x80; - out1[35] = x82; - out1[36] = x84; - out1[37] = x86; - out1[38] = x88; - out1[39] = x90; - out1[40] = x93; - out1[41] = x95; - out1[42] = x97; - out1[43] = x99; - out1[44] = x101; - out1[45] = x103; - out1[46] = x105; - out1[47] = x104; + out1[7] = x21; + out1[8] = x24; + out1[9] = x26; + out1[10] = x28; + out1[11] = x30; + out1[12] = x32; + out1[13] = x34; + out1[14] = x36; + out1[15] = x37; + out1[16] = x40; + out1[17] = x42; + out1[18] = x44; + out1[19] = x46; + out1[20] = x48; + out1[21] = x50; + out1[22] = x52; + out1[23] = x53; + out1[24] = x56; + out1[25] = x58; + out1[26] = x60; + out1[27] = x62; + out1[28] = x64; + out1[29] = x66; + out1[30] = x68; + out1[31] = x69; + out1[32] = x72; + out1[33] = x74; + out1[34] = x76; + out1[35] = x78; + out1[36] = x80; + out1[37] = x82; + out1[38] = x84; + out1[39] = x85; + out1[40] = x88; + out1[41] = x90; + out1[42] = x92; + out1[43] = x94; + out1[44] = x96; + out1[45] = x98; + out1[46] = x100; + out1[47] = x99; } /* @@ -2554,31 +2549,26 @@ static void fiat_p384_from_bytes(uint64_t out1[6], const uint8_t arg1[48]) { uint64_t x47 = ((uint64_t)(arg1[1]) << 8); uint8_t x48 = (arg1[0]); uint64_t x49 = (x48 + (x47 + (x46 + (x45 + (x44 + (x43 + (x42 + x41))))))); - fiat_p384_uint1 x50 = (fiat_p384_uint1)((fiat_p384_uint128)x49 >> 64); - uint64_t x51 = (x49 & UINT64_C(0xffffffffffffffff)); - uint64_t x52 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); - uint64_t x53 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); - uint64_t x54 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x55 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); - uint64_t x56 = (x40 + (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + x33))))))); - uint64_t x57 = (x50 + x56); - fiat_p384_uint1 x58 = (fiat_p384_uint1)((fiat_p384_uint128)x57 >> 64); - uint64_t x59 = (x57 & UINT64_C(0xffffffffffffffff)); - uint64_t x60 = (x58 + x55); - fiat_p384_uint1 x61 = (fiat_p384_uint1)((fiat_p384_uint128)x60 >> 64); - uint64_t x62 = (x60 & UINT64_C(0xffffffffffffffff)); - uint64_t x63 = (x61 + x54); - fiat_p384_uint1 x64 = (fiat_p384_uint1)((fiat_p384_uint128)x63 >> 64); - uint64_t x65 = (x63 & UINT64_C(0xffffffffffffffff)); - uint64_t x66 = (x64 + x53); - fiat_p384_uint1 x67 = (fiat_p384_uint1)((fiat_p384_uint128)x66 >> 64); - uint64_t x68 = (x66 & UINT64_C(0xffffffffffffffff)); - uint64_t x69 = (x67 + x52); - out1[0] = x51; - out1[1] = x59; - out1[2] = x62; - out1[3] = x65; - out1[4] = x68; - out1[5] = x69; + uint64_t x50 = (x49 & UINT64_C(0xffffffffffffffff)); + uint64_t x51 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); + uint64_t x52 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); + uint64_t x53 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); + uint64_t x54 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); + uint64_t x55 = (x40 + (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + x33))))))); + uint64_t x56 = (0x0 + x55); + uint64_t x57 = (x56 & UINT64_C(0xffffffffffffffff)); + uint64_t x58 = (0x0 + x54); + uint64_t x59 = (x58 & UINT64_C(0xffffffffffffffff)); + uint64_t x60 = (0x0 + x53); + uint64_t x61 = (x60 & UINT64_C(0xffffffffffffffff)); + uint64_t x62 = (0x0 + x52); + uint64_t x63 = (x62 & UINT64_C(0xffffffffffffffff)); + uint64_t x64 = (0x0 + x51); + out1[0] = x50; + out1[1] = x57; + out1[2] = x59; + out1[3] = x61; + out1[4] = x63; + out1[5] = x64; } diff --git a/p484_64.c b/p484_64.c index f3c66f1ff5..399ada567f 100644 --- a/p484_64.c +++ b/p484_64.c @@ -2315,616 +2315,577 @@ static void fiat_p484_from_montgomery(uint64_t out1[7], const uint64_t arg1[7]) fiat_p484_addcarryx_u64(&x40, &x41, x39, x26, 0x0); uint64_t x42; fiat_p484_uint1 x43; - fiat_p484_addcarryx_u64(&x42, &x43, x27, 0x0, x3); + fiat_p484_addcarryx_u64(&x42, &x43, 0x0, (arg1[1]), x30); uint64_t x44; fiat_p484_uint1 x45; - fiat_p484_addcarryx_u64(&x44, &x45, x41, x42, 0x0); + fiat_p484_addcarryx_u64(&x44, &x45, x43, 0x0, x32); uint64_t x46; fiat_p484_uint1 x47; - fiat_p484_addcarryx_u64(&x46, &x47, 0x0, (arg1[1]), x30); + fiat_p484_addcarryx_u64(&x46, &x47, x45, 0x0, x34); uint64_t x48; fiat_p484_uint1 x49; - fiat_p484_addcarryx_u64(&x48, &x49, x47, 0x0, x32); + fiat_p484_addcarryx_u64(&x48, &x49, x47, 0x0, x36); uint64_t x50; fiat_p484_uint1 x51; - fiat_p484_addcarryx_u64(&x50, &x51, x49, 0x0, x34); + fiat_p484_addcarryx_u64(&x50, &x51, x49, 0x0, x38); uint64_t x52; fiat_p484_uint1 x53; - fiat_p484_addcarryx_u64(&x52, &x53, x51, 0x0, x36); + fiat_p484_addcarryx_u64(&x52, &x53, x51, 0x0, x40); uint64_t x54; - fiat_p484_uint1 x55; - fiat_p484_addcarryx_u64(&x54, &x55, x53, 0x0, x38); + uint64_t x55; + fiat_p484_mulx_u64(&x54, &x55, x42, UINT64_C(0x2341f27177344)); uint64_t x56; - fiat_p484_uint1 x57; - fiat_p484_addcarryx_u64(&x56, &x57, x55, 0x0, x40); + uint64_t x57; + fiat_p484_mulx_u64(&x56, &x57, x42, UINT64_C(0x6cfc5fd681c52056)); uint64_t x58; - fiat_p484_uint1 x59; - fiat_p484_addcarryx_u64(&x58, &x59, x57, 0x0, x44); + uint64_t x59; + fiat_p484_mulx_u64(&x58, &x59, x42, UINT64_C(0x7bc65c783158aea3)); uint64_t x60; - fiat_p484_uint1 x61; - fiat_p484_addcarryx_u64(&x60, &x61, x45, 0x0, 0x0); + uint64_t x61; + fiat_p484_mulx_u64(&x60, &x61, x42, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x62; - fiat_p484_uint1 x63; - fiat_p484_addcarryx_u64(&x62, &x63, x59, 0x0, (fiat_p484_uint1)x60); + uint64_t x63; + fiat_p484_mulx_u64(&x62, &x63, x42, UINT64_C(0xffffffffffffffff)); uint64_t x64; uint64_t x65; - fiat_p484_mulx_u64(&x64, &x65, x46, UINT64_C(0x2341f27177344)); + fiat_p484_mulx_u64(&x64, &x65, x42, UINT64_C(0xffffffffffffffff)); uint64_t x66; uint64_t x67; - fiat_p484_mulx_u64(&x66, &x67, x46, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_mulx_u64(&x66, &x67, x42, UINT64_C(0xffffffffffffffff)); uint64_t x68; - uint64_t x69; - fiat_p484_mulx_u64(&x68, &x69, x46, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x69; + fiat_p484_addcarryx_u64(&x68, &x69, 0x0, x64, x67); uint64_t x70; - uint64_t x71; - fiat_p484_mulx_u64(&x70, &x71, x46, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x71; + fiat_p484_addcarryx_u64(&x70, &x71, x69, x62, x65); uint64_t x72; - uint64_t x73; - fiat_p484_mulx_u64(&x72, &x73, x46, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x73; + fiat_p484_addcarryx_u64(&x72, &x73, x71, x60, x63); uint64_t x74; - uint64_t x75; - fiat_p484_mulx_u64(&x74, &x75, x46, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x75; + fiat_p484_addcarryx_u64(&x74, &x75, x73, x58, x61); uint64_t x76; - uint64_t x77; - fiat_p484_mulx_u64(&x76, &x77, x46, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x77; + fiat_p484_addcarryx_u64(&x76, &x77, x75, x56, x59); uint64_t x78; fiat_p484_uint1 x79; - fiat_p484_addcarryx_u64(&x78, &x79, 0x0, x74, x77); + fiat_p484_addcarryx_u64(&x78, &x79, x77, x54, x57); uint64_t x80; fiat_p484_uint1 x81; - fiat_p484_addcarryx_u64(&x80, &x81, x79, x72, x75); + fiat_p484_addcarryx_u64(&x80, &x81, 0x0, x66, x42); uint64_t x82; fiat_p484_uint1 x83; - fiat_p484_addcarryx_u64(&x82, &x83, x81, x70, x73); + fiat_p484_addcarryx_u64(&x82, &x83, x81, x68, x44); uint64_t x84; fiat_p484_uint1 x85; - fiat_p484_addcarryx_u64(&x84, &x85, x83, x68, x71); + fiat_p484_addcarryx_u64(&x84, &x85, x83, x70, x46); uint64_t x86; fiat_p484_uint1 x87; - fiat_p484_addcarryx_u64(&x86, &x87, x85, x66, x69); + fiat_p484_addcarryx_u64(&x86, &x87, x85, x72, x48); uint64_t x88; fiat_p484_uint1 x89; - fiat_p484_addcarryx_u64(&x88, &x89, x87, x64, x67); + fiat_p484_addcarryx_u64(&x88, &x89, x87, x74, x50); uint64_t x90; fiat_p484_uint1 x91; - fiat_p484_addcarryx_u64(&x90, &x91, 0x0, x76, x46); + fiat_p484_addcarryx_u64(&x90, &x91, x89, x76, x52); uint64_t x92; fiat_p484_uint1 x93; - fiat_p484_addcarryx_u64(&x92, &x93, x91, x78, x48); + fiat_p484_addcarryx_u64(&x92, &x93, x27, 0x0, x3); uint64_t x94; fiat_p484_uint1 x95; - fiat_p484_addcarryx_u64(&x94, &x95, x93, x80, x50); + fiat_p484_addcarryx_u64(&x94, &x95, x41, x92, 0x0); uint64_t x96; fiat_p484_uint1 x97; - fiat_p484_addcarryx_u64(&x96, &x97, x95, x82, x52); + fiat_p484_addcarryx_u64(&x96, &x97, x53, 0x0, x94); uint64_t x98; fiat_p484_uint1 x99; - fiat_p484_addcarryx_u64(&x98, &x99, x97, x84, x54); + fiat_p484_addcarryx_u64(&x98, &x99, x91, x78, x96); uint64_t x100; fiat_p484_uint1 x101; - fiat_p484_addcarryx_u64(&x100, &x101, x99, x86, x56); + fiat_p484_addcarryx_u64(&x100, &x101, 0x0, (arg1[2]), x82); uint64_t x102; fiat_p484_uint1 x103; - fiat_p484_addcarryx_u64(&x102, &x103, x101, x88, x58); + fiat_p484_addcarryx_u64(&x102, &x103, x101, 0x0, x84); uint64_t x104; fiat_p484_uint1 x105; - fiat_p484_addcarryx_u64(&x104, &x105, x89, 0x0, x65); + fiat_p484_addcarryx_u64(&x104, &x105, x103, 0x0, x86); uint64_t x106; fiat_p484_uint1 x107; - fiat_p484_addcarryx_u64(&x106, &x107, x103, x104, (fiat_p484_uint1)x62); + fiat_p484_addcarryx_u64(&x106, &x107, x105, 0x0, x88); uint64_t x108; fiat_p484_uint1 x109; - fiat_p484_addcarryx_u64(&x108, &x109, 0x0, (arg1[2]), x92); + fiat_p484_addcarryx_u64(&x108, &x109, x107, 0x0, x90); uint64_t x110; fiat_p484_uint1 x111; - fiat_p484_addcarryx_u64(&x110, &x111, x109, 0x0, x94); + fiat_p484_addcarryx_u64(&x110, &x111, x109, 0x0, x98); uint64_t x112; - fiat_p484_uint1 x113; - fiat_p484_addcarryx_u64(&x112, &x113, x111, 0x0, x96); + uint64_t x113; + fiat_p484_mulx_u64(&x112, &x113, x100, UINT64_C(0x2341f27177344)); uint64_t x114; - fiat_p484_uint1 x115; - fiat_p484_addcarryx_u64(&x114, &x115, x113, 0x0, x98); + uint64_t x115; + fiat_p484_mulx_u64(&x114, &x115, x100, UINT64_C(0x6cfc5fd681c52056)); uint64_t x116; - fiat_p484_uint1 x117; - fiat_p484_addcarryx_u64(&x116, &x117, x115, 0x0, x100); + uint64_t x117; + fiat_p484_mulx_u64(&x116, &x117, x100, UINT64_C(0x7bc65c783158aea3)); uint64_t x118; - fiat_p484_uint1 x119; - fiat_p484_addcarryx_u64(&x118, &x119, x117, 0x0, x102); + uint64_t x119; + fiat_p484_mulx_u64(&x118, &x119, x100, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x120; - fiat_p484_uint1 x121; - fiat_p484_addcarryx_u64(&x120, &x121, x119, 0x0, x106); + uint64_t x121; + fiat_p484_mulx_u64(&x120, &x121, x100, UINT64_C(0xffffffffffffffff)); uint64_t x122; - fiat_p484_uint1 x123; - fiat_p484_addcarryx_u64(&x122, &x123, x107, 0x0, x63); + uint64_t x123; + fiat_p484_mulx_u64(&x122, &x123, x100, UINT64_C(0xffffffffffffffff)); uint64_t x124; - fiat_p484_uint1 x125; - fiat_p484_addcarryx_u64(&x124, &x125, x121, 0x0, (fiat_p484_uint1)x122); + uint64_t x125; + fiat_p484_mulx_u64(&x124, &x125, x100, UINT64_C(0xffffffffffffffff)); uint64_t x126; - uint64_t x127; - fiat_p484_mulx_u64(&x126, &x127, x108, UINT64_C(0x2341f27177344)); + fiat_p484_uint1 x127; + fiat_p484_addcarryx_u64(&x126, &x127, 0x0, x122, x125); uint64_t x128; - uint64_t x129; - fiat_p484_mulx_u64(&x128, &x129, x108, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_uint1 x129; + fiat_p484_addcarryx_u64(&x128, &x129, x127, x120, x123); uint64_t x130; - uint64_t x131; - fiat_p484_mulx_u64(&x130, &x131, x108, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x131; + fiat_p484_addcarryx_u64(&x130, &x131, x129, x118, x121); uint64_t x132; - uint64_t x133; - fiat_p484_mulx_u64(&x132, &x133, x108, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x133; + fiat_p484_addcarryx_u64(&x132, &x133, x131, x116, x119); uint64_t x134; - uint64_t x135; - fiat_p484_mulx_u64(&x134, &x135, x108, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x135; + fiat_p484_addcarryx_u64(&x134, &x135, x133, x114, x117); uint64_t x136; - uint64_t x137; - fiat_p484_mulx_u64(&x136, &x137, x108, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x137; + fiat_p484_addcarryx_u64(&x136, &x137, x135, x112, x115); uint64_t x138; - uint64_t x139; - fiat_p484_mulx_u64(&x138, &x139, x108, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x139; + fiat_p484_addcarryx_u64(&x138, &x139, 0x0, x124, x100); uint64_t x140; fiat_p484_uint1 x141; - fiat_p484_addcarryx_u64(&x140, &x141, 0x0, x136, x139); + fiat_p484_addcarryx_u64(&x140, &x141, x139, x126, x102); uint64_t x142; fiat_p484_uint1 x143; - fiat_p484_addcarryx_u64(&x142, &x143, x141, x134, x137); + fiat_p484_addcarryx_u64(&x142, &x143, x141, x128, x104); uint64_t x144; fiat_p484_uint1 x145; - fiat_p484_addcarryx_u64(&x144, &x145, x143, x132, x135); + fiat_p484_addcarryx_u64(&x144, &x145, x143, x130, x106); uint64_t x146; fiat_p484_uint1 x147; - fiat_p484_addcarryx_u64(&x146, &x147, x145, x130, x133); + fiat_p484_addcarryx_u64(&x146, &x147, x145, x132, x108); uint64_t x148; fiat_p484_uint1 x149; - fiat_p484_addcarryx_u64(&x148, &x149, x147, x128, x131); + fiat_p484_addcarryx_u64(&x148, &x149, x147, x134, x110); uint64_t x150; fiat_p484_uint1 x151; - fiat_p484_addcarryx_u64(&x150, &x151, x149, x126, x129); + fiat_p484_addcarryx_u64(&x150, &x151, x79, 0x0, x55); uint64_t x152; fiat_p484_uint1 x153; - fiat_p484_addcarryx_u64(&x152, &x153, 0x0, x138, x108); + fiat_p484_addcarryx_u64(&x152, &x153, x99, x150, 0x0); uint64_t x154; fiat_p484_uint1 x155; - fiat_p484_addcarryx_u64(&x154, &x155, x153, x140, x110); + fiat_p484_addcarryx_u64(&x154, &x155, x111, 0x0, x152); uint64_t x156; fiat_p484_uint1 x157; - fiat_p484_addcarryx_u64(&x156, &x157, x155, x142, x112); + fiat_p484_addcarryx_u64(&x156, &x157, x149, x136, x154); uint64_t x158; fiat_p484_uint1 x159; - fiat_p484_addcarryx_u64(&x158, &x159, x157, x144, x114); + fiat_p484_addcarryx_u64(&x158, &x159, 0x0, (arg1[3]), x140); uint64_t x160; fiat_p484_uint1 x161; - fiat_p484_addcarryx_u64(&x160, &x161, x159, x146, x116); + fiat_p484_addcarryx_u64(&x160, &x161, x159, 0x0, x142); uint64_t x162; fiat_p484_uint1 x163; - fiat_p484_addcarryx_u64(&x162, &x163, x161, x148, x118); + fiat_p484_addcarryx_u64(&x162, &x163, x161, 0x0, x144); uint64_t x164; fiat_p484_uint1 x165; - fiat_p484_addcarryx_u64(&x164, &x165, x163, x150, x120); + fiat_p484_addcarryx_u64(&x164, &x165, x163, 0x0, x146); uint64_t x166; fiat_p484_uint1 x167; - fiat_p484_addcarryx_u64(&x166, &x167, x151, 0x0, x127); + fiat_p484_addcarryx_u64(&x166, &x167, x165, 0x0, x148); uint64_t x168; fiat_p484_uint1 x169; - fiat_p484_addcarryx_u64(&x168, &x169, x165, x166, (fiat_p484_uint1)x124); + fiat_p484_addcarryx_u64(&x168, &x169, x167, 0x0, x156); uint64_t x170; - fiat_p484_uint1 x171; - fiat_p484_addcarryx_u64(&x170, &x171, 0x0, (arg1[3]), x154); + uint64_t x171; + fiat_p484_mulx_u64(&x170, &x171, x158, UINT64_C(0x2341f27177344)); uint64_t x172; - fiat_p484_uint1 x173; - fiat_p484_addcarryx_u64(&x172, &x173, x171, 0x0, x156); + uint64_t x173; + fiat_p484_mulx_u64(&x172, &x173, x158, UINT64_C(0x6cfc5fd681c52056)); uint64_t x174; - fiat_p484_uint1 x175; - fiat_p484_addcarryx_u64(&x174, &x175, x173, 0x0, x158); + uint64_t x175; + fiat_p484_mulx_u64(&x174, &x175, x158, UINT64_C(0x7bc65c783158aea3)); uint64_t x176; - fiat_p484_uint1 x177; - fiat_p484_addcarryx_u64(&x176, &x177, x175, 0x0, x160); + uint64_t x177; + fiat_p484_mulx_u64(&x176, &x177, x158, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x178; - fiat_p484_uint1 x179; - fiat_p484_addcarryx_u64(&x178, &x179, x177, 0x0, x162); + uint64_t x179; + fiat_p484_mulx_u64(&x178, &x179, x158, UINT64_C(0xffffffffffffffff)); uint64_t x180; - fiat_p484_uint1 x181; - fiat_p484_addcarryx_u64(&x180, &x181, x179, 0x0, x164); + uint64_t x181; + fiat_p484_mulx_u64(&x180, &x181, x158, UINT64_C(0xffffffffffffffff)); uint64_t x182; - fiat_p484_uint1 x183; - fiat_p484_addcarryx_u64(&x182, &x183, x181, 0x0, x168); + uint64_t x183; + fiat_p484_mulx_u64(&x182, &x183, x158, UINT64_C(0xffffffffffffffff)); uint64_t x184; fiat_p484_uint1 x185; - fiat_p484_addcarryx_u64(&x184, &x185, x169, 0x0, x125); + fiat_p484_addcarryx_u64(&x184, &x185, 0x0, x180, x183); uint64_t x186; fiat_p484_uint1 x187; - fiat_p484_addcarryx_u64(&x186, &x187, x183, 0x0, (fiat_p484_uint1)x184); + fiat_p484_addcarryx_u64(&x186, &x187, x185, x178, x181); uint64_t x188; - uint64_t x189; - fiat_p484_mulx_u64(&x188, &x189, x170, UINT64_C(0x2341f27177344)); + fiat_p484_uint1 x189; + fiat_p484_addcarryx_u64(&x188, &x189, x187, x176, x179); uint64_t x190; - uint64_t x191; - fiat_p484_mulx_u64(&x190, &x191, x170, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_uint1 x191; + fiat_p484_addcarryx_u64(&x190, &x191, x189, x174, x177); uint64_t x192; - uint64_t x193; - fiat_p484_mulx_u64(&x192, &x193, x170, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x193; + fiat_p484_addcarryx_u64(&x192, &x193, x191, x172, x175); uint64_t x194; - uint64_t x195; - fiat_p484_mulx_u64(&x194, &x195, x170, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x195; + fiat_p484_addcarryx_u64(&x194, &x195, x193, x170, x173); uint64_t x196; - uint64_t x197; - fiat_p484_mulx_u64(&x196, &x197, x170, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x197; + fiat_p484_addcarryx_u64(&x196, &x197, 0x0, x182, x158); uint64_t x198; - uint64_t x199; - fiat_p484_mulx_u64(&x198, &x199, x170, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x199; + fiat_p484_addcarryx_u64(&x198, &x199, x197, x184, x160); uint64_t x200; - uint64_t x201; - fiat_p484_mulx_u64(&x200, &x201, x170, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x201; + fiat_p484_addcarryx_u64(&x200, &x201, x199, x186, x162); uint64_t x202; fiat_p484_uint1 x203; - fiat_p484_addcarryx_u64(&x202, &x203, 0x0, x198, x201); + fiat_p484_addcarryx_u64(&x202, &x203, x201, x188, x164); uint64_t x204; fiat_p484_uint1 x205; - fiat_p484_addcarryx_u64(&x204, &x205, x203, x196, x199); + fiat_p484_addcarryx_u64(&x204, &x205, x203, x190, x166); uint64_t x206; fiat_p484_uint1 x207; - fiat_p484_addcarryx_u64(&x206, &x207, x205, x194, x197); + fiat_p484_addcarryx_u64(&x206, &x207, x205, x192, x168); uint64_t x208; fiat_p484_uint1 x209; - fiat_p484_addcarryx_u64(&x208, &x209, x207, x192, x195); + fiat_p484_addcarryx_u64(&x208, &x209, x137, 0x0, x113); uint64_t x210; fiat_p484_uint1 x211; - fiat_p484_addcarryx_u64(&x210, &x211, x209, x190, x193); + fiat_p484_addcarryx_u64(&x210, &x211, x157, x208, 0x0); uint64_t x212; fiat_p484_uint1 x213; - fiat_p484_addcarryx_u64(&x212, &x213, x211, x188, x191); + fiat_p484_addcarryx_u64(&x212, &x213, x169, 0x0, x210); uint64_t x214; fiat_p484_uint1 x215; - fiat_p484_addcarryx_u64(&x214, &x215, 0x0, x200, x170); + fiat_p484_addcarryx_u64(&x214, &x215, x207, x194, x212); uint64_t x216; fiat_p484_uint1 x217; - fiat_p484_addcarryx_u64(&x216, &x217, x215, x202, x172); + fiat_p484_addcarryx_u64(&x216, &x217, 0x0, (arg1[4]), x198); uint64_t x218; fiat_p484_uint1 x219; - fiat_p484_addcarryx_u64(&x218, &x219, x217, x204, x174); + fiat_p484_addcarryx_u64(&x218, &x219, x217, 0x0, x200); uint64_t x220; fiat_p484_uint1 x221; - fiat_p484_addcarryx_u64(&x220, &x221, x219, x206, x176); + fiat_p484_addcarryx_u64(&x220, &x221, x219, 0x0, x202); uint64_t x222; fiat_p484_uint1 x223; - fiat_p484_addcarryx_u64(&x222, &x223, x221, x208, x178); + fiat_p484_addcarryx_u64(&x222, &x223, x221, 0x0, x204); uint64_t x224; fiat_p484_uint1 x225; - fiat_p484_addcarryx_u64(&x224, &x225, x223, x210, x180); + fiat_p484_addcarryx_u64(&x224, &x225, x223, 0x0, x206); uint64_t x226; fiat_p484_uint1 x227; - fiat_p484_addcarryx_u64(&x226, &x227, x225, x212, x182); + fiat_p484_addcarryx_u64(&x226, &x227, x225, 0x0, x214); uint64_t x228; - fiat_p484_uint1 x229; - fiat_p484_addcarryx_u64(&x228, &x229, x213, 0x0, x189); + uint64_t x229; + fiat_p484_mulx_u64(&x228, &x229, x216, UINT64_C(0x2341f27177344)); uint64_t x230; - fiat_p484_uint1 x231; - fiat_p484_addcarryx_u64(&x230, &x231, x227, x228, (fiat_p484_uint1)x186); + uint64_t x231; + fiat_p484_mulx_u64(&x230, &x231, x216, UINT64_C(0x6cfc5fd681c52056)); uint64_t x232; - fiat_p484_uint1 x233; - fiat_p484_addcarryx_u64(&x232, &x233, 0x0, (arg1[4]), x216); + uint64_t x233; + fiat_p484_mulx_u64(&x232, &x233, x216, UINT64_C(0x7bc65c783158aea3)); uint64_t x234; - fiat_p484_uint1 x235; - fiat_p484_addcarryx_u64(&x234, &x235, x233, 0x0, x218); + uint64_t x235; + fiat_p484_mulx_u64(&x234, &x235, x216, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x236; - fiat_p484_uint1 x237; - fiat_p484_addcarryx_u64(&x236, &x237, x235, 0x0, x220); + uint64_t x237; + fiat_p484_mulx_u64(&x236, &x237, x216, UINT64_C(0xffffffffffffffff)); uint64_t x238; - fiat_p484_uint1 x239; - fiat_p484_addcarryx_u64(&x238, &x239, x237, 0x0, x222); + uint64_t x239; + fiat_p484_mulx_u64(&x238, &x239, x216, UINT64_C(0xffffffffffffffff)); uint64_t x240; - fiat_p484_uint1 x241; - fiat_p484_addcarryx_u64(&x240, &x241, x239, 0x0, x224); + uint64_t x241; + fiat_p484_mulx_u64(&x240, &x241, x216, UINT64_C(0xffffffffffffffff)); uint64_t x242; fiat_p484_uint1 x243; - fiat_p484_addcarryx_u64(&x242, &x243, x241, 0x0, x226); + fiat_p484_addcarryx_u64(&x242, &x243, 0x0, x238, x241); uint64_t x244; fiat_p484_uint1 x245; - fiat_p484_addcarryx_u64(&x244, &x245, x243, 0x0, x230); + fiat_p484_addcarryx_u64(&x244, &x245, x243, x236, x239); uint64_t x246; fiat_p484_uint1 x247; - fiat_p484_addcarryx_u64(&x246, &x247, x231, 0x0, x187); + fiat_p484_addcarryx_u64(&x246, &x247, x245, x234, x237); uint64_t x248; fiat_p484_uint1 x249; - fiat_p484_addcarryx_u64(&x248, &x249, x245, 0x0, (fiat_p484_uint1)x246); + fiat_p484_addcarryx_u64(&x248, &x249, x247, x232, x235); uint64_t x250; - uint64_t x251; - fiat_p484_mulx_u64(&x250, &x251, x232, UINT64_C(0x2341f27177344)); + fiat_p484_uint1 x251; + fiat_p484_addcarryx_u64(&x250, &x251, x249, x230, x233); uint64_t x252; - uint64_t x253; - fiat_p484_mulx_u64(&x252, &x253, x232, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_uint1 x253; + fiat_p484_addcarryx_u64(&x252, &x253, x251, x228, x231); uint64_t x254; - uint64_t x255; - fiat_p484_mulx_u64(&x254, &x255, x232, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x255; + fiat_p484_addcarryx_u64(&x254, &x255, 0x0, x240, x216); uint64_t x256; - uint64_t x257; - fiat_p484_mulx_u64(&x256, &x257, x232, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x257; + fiat_p484_addcarryx_u64(&x256, &x257, x255, x242, x218); uint64_t x258; - uint64_t x259; - fiat_p484_mulx_u64(&x258, &x259, x232, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x259; + fiat_p484_addcarryx_u64(&x258, &x259, x257, x244, x220); uint64_t x260; - uint64_t x261; - fiat_p484_mulx_u64(&x260, &x261, x232, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x261; + fiat_p484_addcarryx_u64(&x260, &x261, x259, x246, x222); uint64_t x262; - uint64_t x263; - fiat_p484_mulx_u64(&x262, &x263, x232, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x263; + fiat_p484_addcarryx_u64(&x262, &x263, x261, x248, x224); uint64_t x264; fiat_p484_uint1 x265; - fiat_p484_addcarryx_u64(&x264, &x265, 0x0, x260, x263); + fiat_p484_addcarryx_u64(&x264, &x265, x263, x250, x226); uint64_t x266; fiat_p484_uint1 x267; - fiat_p484_addcarryx_u64(&x266, &x267, x265, x258, x261); + fiat_p484_addcarryx_u64(&x266, &x267, x195, 0x0, x171); uint64_t x268; fiat_p484_uint1 x269; - fiat_p484_addcarryx_u64(&x268, &x269, x267, x256, x259); + fiat_p484_addcarryx_u64(&x268, &x269, x215, x266, 0x0); uint64_t x270; fiat_p484_uint1 x271; - fiat_p484_addcarryx_u64(&x270, &x271, x269, x254, x257); + fiat_p484_addcarryx_u64(&x270, &x271, x227, 0x0, x268); uint64_t x272; fiat_p484_uint1 x273; - fiat_p484_addcarryx_u64(&x272, &x273, x271, x252, x255); + fiat_p484_addcarryx_u64(&x272, &x273, x265, x252, x270); uint64_t x274; fiat_p484_uint1 x275; - fiat_p484_addcarryx_u64(&x274, &x275, x273, x250, x253); + fiat_p484_addcarryx_u64(&x274, &x275, 0x0, (arg1[5]), x256); uint64_t x276; fiat_p484_uint1 x277; - fiat_p484_addcarryx_u64(&x276, &x277, 0x0, x262, x232); + fiat_p484_addcarryx_u64(&x276, &x277, x275, 0x0, x258); uint64_t x278; fiat_p484_uint1 x279; - fiat_p484_addcarryx_u64(&x278, &x279, x277, x264, x234); + fiat_p484_addcarryx_u64(&x278, &x279, x277, 0x0, x260); uint64_t x280; fiat_p484_uint1 x281; - fiat_p484_addcarryx_u64(&x280, &x281, x279, x266, x236); + fiat_p484_addcarryx_u64(&x280, &x281, x279, 0x0, x262); uint64_t x282; fiat_p484_uint1 x283; - fiat_p484_addcarryx_u64(&x282, &x283, x281, x268, x238); + fiat_p484_addcarryx_u64(&x282, &x283, x281, 0x0, x264); uint64_t x284; fiat_p484_uint1 x285; - fiat_p484_addcarryx_u64(&x284, &x285, x283, x270, x240); + fiat_p484_addcarryx_u64(&x284, &x285, x283, 0x0, x272); uint64_t x286; - fiat_p484_uint1 x287; - fiat_p484_addcarryx_u64(&x286, &x287, x285, x272, x242); + uint64_t x287; + fiat_p484_mulx_u64(&x286, &x287, x274, UINT64_C(0x2341f27177344)); uint64_t x288; - fiat_p484_uint1 x289; - fiat_p484_addcarryx_u64(&x288, &x289, x287, x274, x244); + uint64_t x289; + fiat_p484_mulx_u64(&x288, &x289, x274, UINT64_C(0x6cfc5fd681c52056)); uint64_t x290; - fiat_p484_uint1 x291; - fiat_p484_addcarryx_u64(&x290, &x291, x275, 0x0, x251); + uint64_t x291; + fiat_p484_mulx_u64(&x290, &x291, x274, UINT64_C(0x7bc65c783158aea3)); uint64_t x292; - fiat_p484_uint1 x293; - fiat_p484_addcarryx_u64(&x292, &x293, x289, x290, (fiat_p484_uint1)x248); + uint64_t x293; + fiat_p484_mulx_u64(&x292, &x293, x274, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x294; - fiat_p484_uint1 x295; - fiat_p484_addcarryx_u64(&x294, &x295, 0x0, (arg1[5]), x278); + uint64_t x295; + fiat_p484_mulx_u64(&x294, &x295, x274, UINT64_C(0xffffffffffffffff)); uint64_t x296; - fiat_p484_uint1 x297; - fiat_p484_addcarryx_u64(&x296, &x297, x295, 0x0, x280); + uint64_t x297; + fiat_p484_mulx_u64(&x296, &x297, x274, UINT64_C(0xffffffffffffffff)); uint64_t x298; - fiat_p484_uint1 x299; - fiat_p484_addcarryx_u64(&x298, &x299, x297, 0x0, x282); + uint64_t x299; + fiat_p484_mulx_u64(&x298, &x299, x274, UINT64_C(0xffffffffffffffff)); uint64_t x300; fiat_p484_uint1 x301; - fiat_p484_addcarryx_u64(&x300, &x301, x299, 0x0, x284); + fiat_p484_addcarryx_u64(&x300, &x301, 0x0, x296, x299); uint64_t x302; fiat_p484_uint1 x303; - fiat_p484_addcarryx_u64(&x302, &x303, x301, 0x0, x286); + fiat_p484_addcarryx_u64(&x302, &x303, x301, x294, x297); uint64_t x304; fiat_p484_uint1 x305; - fiat_p484_addcarryx_u64(&x304, &x305, x303, 0x0, x288); + fiat_p484_addcarryx_u64(&x304, &x305, x303, x292, x295); uint64_t x306; fiat_p484_uint1 x307; - fiat_p484_addcarryx_u64(&x306, &x307, x305, 0x0, x292); + fiat_p484_addcarryx_u64(&x306, &x307, x305, x290, x293); uint64_t x308; fiat_p484_uint1 x309; - fiat_p484_addcarryx_u64(&x308, &x309, x293, 0x0, x249); + fiat_p484_addcarryx_u64(&x308, &x309, x307, x288, x291); uint64_t x310; fiat_p484_uint1 x311; - fiat_p484_addcarryx_u64(&x310, &x311, x307, 0x0, (fiat_p484_uint1)x308); + fiat_p484_addcarryx_u64(&x310, &x311, x309, x286, x289); uint64_t x312; - uint64_t x313; - fiat_p484_mulx_u64(&x312, &x313, x294, UINT64_C(0x2341f27177344)); + fiat_p484_uint1 x313; + fiat_p484_addcarryx_u64(&x312, &x313, 0x0, x298, x274); uint64_t x314; - uint64_t x315; - fiat_p484_mulx_u64(&x314, &x315, x294, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_uint1 x315; + fiat_p484_addcarryx_u64(&x314, &x315, x313, x300, x276); uint64_t x316; - uint64_t x317; - fiat_p484_mulx_u64(&x316, &x317, x294, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x317; + fiat_p484_addcarryx_u64(&x316, &x317, x315, x302, x278); uint64_t x318; - uint64_t x319; - fiat_p484_mulx_u64(&x318, &x319, x294, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x319; + fiat_p484_addcarryx_u64(&x318, &x319, x317, x304, x280); uint64_t x320; - uint64_t x321; - fiat_p484_mulx_u64(&x320, &x321, x294, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x321; + fiat_p484_addcarryx_u64(&x320, &x321, x319, x306, x282); uint64_t x322; - uint64_t x323; - fiat_p484_mulx_u64(&x322, &x323, x294, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x323; + fiat_p484_addcarryx_u64(&x322, &x323, x321, x308, x284); uint64_t x324; - uint64_t x325; - fiat_p484_mulx_u64(&x324, &x325, x294, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x325; + fiat_p484_addcarryx_u64(&x324, &x325, x253, 0x0, x229); uint64_t x326; fiat_p484_uint1 x327; - fiat_p484_addcarryx_u64(&x326, &x327, 0x0, x322, x325); + fiat_p484_addcarryx_u64(&x326, &x327, x273, x324, 0x0); uint64_t x328; fiat_p484_uint1 x329; - fiat_p484_addcarryx_u64(&x328, &x329, x327, x320, x323); + fiat_p484_addcarryx_u64(&x328, &x329, x285, 0x0, x326); uint64_t x330; fiat_p484_uint1 x331; - fiat_p484_addcarryx_u64(&x330, &x331, x329, x318, x321); + fiat_p484_addcarryx_u64(&x330, &x331, x323, x310, x328); uint64_t x332; fiat_p484_uint1 x333; - fiat_p484_addcarryx_u64(&x332, &x333, x331, x316, x319); + fiat_p484_addcarryx_u64(&x332, &x333, 0x0, (arg1[6]), x314); uint64_t x334; fiat_p484_uint1 x335; - fiat_p484_addcarryx_u64(&x334, &x335, x333, x314, x317); + fiat_p484_addcarryx_u64(&x334, &x335, x333, 0x0, x316); uint64_t x336; fiat_p484_uint1 x337; - fiat_p484_addcarryx_u64(&x336, &x337, x335, x312, x315); + fiat_p484_addcarryx_u64(&x336, &x337, x335, 0x0, x318); uint64_t x338; fiat_p484_uint1 x339; - fiat_p484_addcarryx_u64(&x338, &x339, 0x0, x324, x294); + fiat_p484_addcarryx_u64(&x338, &x339, x337, 0x0, x320); uint64_t x340; fiat_p484_uint1 x341; - fiat_p484_addcarryx_u64(&x340, &x341, x339, x326, x296); + fiat_p484_addcarryx_u64(&x340, &x341, x339, 0x0, x322); uint64_t x342; fiat_p484_uint1 x343; - fiat_p484_addcarryx_u64(&x342, &x343, x341, x328, x298); + fiat_p484_addcarryx_u64(&x342, &x343, x341, 0x0, x330); uint64_t x344; - fiat_p484_uint1 x345; - fiat_p484_addcarryx_u64(&x344, &x345, x343, x330, x300); + uint64_t x345; + fiat_p484_mulx_u64(&x344, &x345, x332, UINT64_C(0x2341f27177344)); uint64_t x346; - fiat_p484_uint1 x347; - fiat_p484_addcarryx_u64(&x346, &x347, x345, x332, x302); + uint64_t x347; + fiat_p484_mulx_u64(&x346, &x347, x332, UINT64_C(0x6cfc5fd681c52056)); uint64_t x348; - fiat_p484_uint1 x349; - fiat_p484_addcarryx_u64(&x348, &x349, x347, x334, x304); + uint64_t x349; + fiat_p484_mulx_u64(&x348, &x349, x332, UINT64_C(0x7bc65c783158aea3)); uint64_t x350; - fiat_p484_uint1 x351; - fiat_p484_addcarryx_u64(&x350, &x351, x349, x336, x306); + uint64_t x351; + fiat_p484_mulx_u64(&x350, &x351, x332, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x352; - fiat_p484_uint1 x353; - fiat_p484_addcarryx_u64(&x352, &x353, x337, 0x0, x313); + uint64_t x353; + fiat_p484_mulx_u64(&x352, &x353, x332, UINT64_C(0xffffffffffffffff)); uint64_t x354; - fiat_p484_uint1 x355; - fiat_p484_addcarryx_u64(&x354, &x355, x351, x352, (fiat_p484_uint1)x310); + uint64_t x355; + fiat_p484_mulx_u64(&x354, &x355, x332, UINT64_C(0xffffffffffffffff)); uint64_t x356; - fiat_p484_uint1 x357; - fiat_p484_addcarryx_u64(&x356, &x357, 0x0, (arg1[6]), x340); + uint64_t x357; + fiat_p484_mulx_u64(&x356, &x357, x332, UINT64_C(0xffffffffffffffff)); uint64_t x358; fiat_p484_uint1 x359; - fiat_p484_addcarryx_u64(&x358, &x359, x357, 0x0, x342); + fiat_p484_addcarryx_u64(&x358, &x359, 0x0, x354, x357); uint64_t x360; fiat_p484_uint1 x361; - fiat_p484_addcarryx_u64(&x360, &x361, x359, 0x0, x344); + fiat_p484_addcarryx_u64(&x360, &x361, x359, x352, x355); uint64_t x362; fiat_p484_uint1 x363; - fiat_p484_addcarryx_u64(&x362, &x363, x361, 0x0, x346); + fiat_p484_addcarryx_u64(&x362, &x363, x361, x350, x353); uint64_t x364; fiat_p484_uint1 x365; - fiat_p484_addcarryx_u64(&x364, &x365, x363, 0x0, x348); + fiat_p484_addcarryx_u64(&x364, &x365, x363, x348, x351); uint64_t x366; fiat_p484_uint1 x367; - fiat_p484_addcarryx_u64(&x366, &x367, x365, 0x0, x350); + fiat_p484_addcarryx_u64(&x366, &x367, x365, x346, x349); uint64_t x368; fiat_p484_uint1 x369; - fiat_p484_addcarryx_u64(&x368, &x369, x367, 0x0, x354); + fiat_p484_addcarryx_u64(&x368, &x369, x367, x344, x347); uint64_t x370; fiat_p484_uint1 x371; - fiat_p484_addcarryx_u64(&x370, &x371, x355, 0x0, x311); + fiat_p484_addcarryx_u64(&x370, &x371, 0x0, x356, x332); uint64_t x372; fiat_p484_uint1 x373; - fiat_p484_addcarryx_u64(&x372, &x373, x369, 0x0, (fiat_p484_uint1)x370); + fiat_p484_addcarryx_u64(&x372, &x373, x371, x358, x334); uint64_t x374; - uint64_t x375; - fiat_p484_mulx_u64(&x374, &x375, x356, UINT64_C(0x2341f27177344)); + fiat_p484_uint1 x375; + fiat_p484_addcarryx_u64(&x374, &x375, x373, x360, x336); uint64_t x376; - uint64_t x377; - fiat_p484_mulx_u64(&x376, &x377, x356, UINT64_C(0x6cfc5fd681c52056)); + fiat_p484_uint1 x377; + fiat_p484_addcarryx_u64(&x376, &x377, x375, x362, x338); uint64_t x378; - uint64_t x379; - fiat_p484_mulx_u64(&x378, &x379, x356, UINT64_C(0x7bc65c783158aea3)); + fiat_p484_uint1 x379; + fiat_p484_addcarryx_u64(&x378, &x379, x377, x364, x340); uint64_t x380; - uint64_t x381; - fiat_p484_mulx_u64(&x380, &x381, x356, UINT64_C(0xfdc1767ae2ffffff)); + fiat_p484_uint1 x381; + fiat_p484_addcarryx_u64(&x380, &x381, x379, x366, x342); uint64_t x382; - uint64_t x383; - fiat_p484_mulx_u64(&x382, &x383, x356, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x383; + fiat_p484_addcarryx_u64(&x382, &x383, x311, 0x0, x287); uint64_t x384; - uint64_t x385; - fiat_p484_mulx_u64(&x384, &x385, x356, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x385; + fiat_p484_addcarryx_u64(&x384, &x385, x331, x382, 0x0); uint64_t x386; - uint64_t x387; - fiat_p484_mulx_u64(&x386, &x387, x356, UINT64_C(0xffffffffffffffff)); + fiat_p484_uint1 x387; + fiat_p484_addcarryx_u64(&x386, &x387, x343, 0x0, x384); uint64_t x388; fiat_p484_uint1 x389; - fiat_p484_addcarryx_u64(&x388, &x389, 0x0, x384, x387); + fiat_p484_addcarryx_u64(&x388, &x389, x381, x368, x386); uint64_t x390; fiat_p484_uint1 x391; - fiat_p484_addcarryx_u64(&x390, &x391, x389, x382, x385); + fiat_p484_addcarryx_u64(&x390, &x391, x369, 0x0, x345); uint64_t x392; fiat_p484_uint1 x393; - fiat_p484_addcarryx_u64(&x392, &x393, x391, x380, x383); + fiat_p484_addcarryx_u64(&x392, &x393, x389, x390, 0x0); uint64_t x394; fiat_p484_uint1 x395; - fiat_p484_addcarryx_u64(&x394, &x395, x393, x378, x381); + fiat_p484_subborrowx_u64(&x394, &x395, 0x0, x372, UINT64_C(0xffffffffffffffff)); uint64_t x396; fiat_p484_uint1 x397; - fiat_p484_addcarryx_u64(&x396, &x397, x395, x376, x379); + fiat_p484_subborrowx_u64(&x396, &x397, x395, x374, UINT64_C(0xffffffffffffffff)); uint64_t x398; fiat_p484_uint1 x399; - fiat_p484_addcarryx_u64(&x398, &x399, x397, x374, x377); + fiat_p484_subborrowx_u64(&x398, &x399, x397, x376, UINT64_C(0xffffffffffffffff)); uint64_t x400; fiat_p484_uint1 x401; - fiat_p484_addcarryx_u64(&x400, &x401, 0x0, x386, x356); + fiat_p484_subborrowx_u64(&x400, &x401, x399, x378, UINT64_C(0xfdc1767ae2ffffff)); uint64_t x402; fiat_p484_uint1 x403; - fiat_p484_addcarryx_u64(&x402, &x403, x401, x388, x358); + fiat_p484_subborrowx_u64(&x402, &x403, x401, x380, UINT64_C(0x7bc65c783158aea3)); uint64_t x404; fiat_p484_uint1 x405; - fiat_p484_addcarryx_u64(&x404, &x405, x403, x390, x360); + fiat_p484_subborrowx_u64(&x404, &x405, x403, x388, UINT64_C(0x6cfc5fd681c52056)); uint64_t x406; fiat_p484_uint1 x407; - fiat_p484_addcarryx_u64(&x406, &x407, x405, x392, x362); + fiat_p484_subborrowx_u64(&x406, &x407, x405, x392, UINT64_C(0x2341f27177344)); uint64_t x408; fiat_p484_uint1 x409; - fiat_p484_addcarryx_u64(&x408, &x409, x407, x394, x364); + fiat_p484_subborrowx_u64(&x408, &x409, x407, 0x0, 0x0); uint64_t x410; - fiat_p484_uint1 x411; - fiat_p484_addcarryx_u64(&x410, &x411, x409, x396, x366); + fiat_p484_cmovznz_u64(&x410, x409, x394, x372); + uint64_t x411; + fiat_p484_cmovznz_u64(&x411, x409, x396, x374); uint64_t x412; - fiat_p484_uint1 x413; - fiat_p484_addcarryx_u64(&x412, &x413, x411, x398, x368); + fiat_p484_cmovznz_u64(&x412, x409, x398, x376); + uint64_t x413; + fiat_p484_cmovznz_u64(&x413, x409, x400, x378); uint64_t x414; - fiat_p484_uint1 x415; - fiat_p484_addcarryx_u64(&x414, &x415, x399, 0x0, x375); + fiat_p484_cmovznz_u64(&x414, x409, x402, x380); + uint64_t x415; + fiat_p484_cmovznz_u64(&x415, x409, x404, x388); uint64_t x416; - fiat_p484_uint1 x417; - fiat_p484_addcarryx_u64(&x416, &x417, x413, x414, (fiat_p484_uint1)x372); - uint64_t x418; - fiat_p484_uint1 x419; - fiat_p484_subborrowx_u64(&x418, &x419, 0x0, x402, UINT64_C(0xffffffffffffffff)); - uint64_t x420; - fiat_p484_uint1 x421; - fiat_p484_subborrowx_u64(&x420, &x421, x419, x404, UINT64_C(0xffffffffffffffff)); - uint64_t x422; - fiat_p484_uint1 x423; - fiat_p484_subborrowx_u64(&x422, &x423, x421, x406, UINT64_C(0xffffffffffffffff)); - uint64_t x424; - fiat_p484_uint1 x425; - fiat_p484_subborrowx_u64(&x424, &x425, x423, x408, UINT64_C(0xfdc1767ae2ffffff)); - uint64_t x426; - fiat_p484_uint1 x427; - fiat_p484_subborrowx_u64(&x426, &x427, x425, x410, UINT64_C(0x7bc65c783158aea3)); - uint64_t x428; - fiat_p484_uint1 x429; - fiat_p484_subborrowx_u64(&x428, &x429, x427, x412, UINT64_C(0x6cfc5fd681c52056)); - uint64_t x430; - fiat_p484_uint1 x431; - fiat_p484_subborrowx_u64(&x430, &x431, x429, x416, UINT64_C(0x2341f27177344)); - uint64_t x432; - fiat_p484_uint1 x433; - fiat_p484_addcarryx_u64(&x432, &x433, x417, 0x0, x373); - uint64_t x434; - fiat_p484_uint1 x435; - fiat_p484_subborrowx_u64(&x434, &x435, x431, (fiat_p484_uint1)x432, 0x0); - uint64_t x436; - fiat_p484_cmovznz_u64(&x436, x435, x418, x402); - uint64_t x437; - fiat_p484_cmovznz_u64(&x437, x435, x420, x404); - uint64_t x438; - fiat_p484_cmovznz_u64(&x438, x435, x422, x406); - uint64_t x439; - fiat_p484_cmovznz_u64(&x439, x435, x424, x408); - uint64_t x440; - fiat_p484_cmovznz_u64(&x440, x435, x426, x410); - uint64_t x441; - fiat_p484_cmovznz_u64(&x441, x435, x428, x412); - uint64_t x442; - fiat_p484_cmovznz_u64(&x442, x435, x430, x416); - out1[0] = x436; - out1[1] = x437; - out1[2] = x438; - out1[3] = x439; - out1[4] = x440; - out1[5] = x441; - out1[6] = x442; + fiat_p484_cmovznz_u64(&x416, x409, x406, x392); + out1[0] = x410; + out1[1] = x411; + out1[2] = x412; + out1[3] = x413; + out1[4] = x414; + out1[5] = x415; + out1[6] = x416; } /* @@ -2998,28 +2959,28 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); uint8_t x20 = (uint8_t)(x18 >> 8); uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); - fiat_p484_uint1 x22 = (fiat_p484_uint1)(x20 >> 8); - uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); - uint64_t x24 = (x22 + x6); - uint64_t x25 = (x24 >> 8); - uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x27 = (x25 >> 8); - uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint64_t x29 = (x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint64_t x31 = (x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint64_t x33 = (x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint64_t x35 = (x33 >> 8); - uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); - uint8_t x37 = (uint8_t)(x35 >> 8); - uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); - fiat_p484_uint1 x39 = (fiat_p484_uint1)(x37 >> 8); - uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); - uint64_t x41 = (x39 + x5); - uint64_t x42 = (x41 >> 8); - uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x23 = (0x0 + x6); + uint64_t x24 = (x23 >> 8); + uint8_t x25 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint64_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint64_t x34 = (x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 >> 8); + uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x39 = (0x0 + x5); + uint64_t x40 = (x39 >> 8); + uint8_t x41 = (uint8_t)(x39 & UINT8_C(0xff)); + uint64_t x42 = (x40 >> 8); + uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); uint64_t x44 = (x42 >> 8); uint8_t x45 = (uint8_t)(x42 & UINT8_C(0xff)); uint64_t x46 = (x44 >> 8); @@ -3028,78 +2989,71 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); uint64_t x50 = (x48 >> 8); uint8_t x51 = (uint8_t)(x48 & UINT8_C(0xff)); - uint64_t x52 = (x50 >> 8); + uint8_t x52 = (uint8_t)(x50 >> 8); uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); - uint8_t x54 = (uint8_t)(x52 >> 8); - uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); - fiat_p484_uint1 x56 = (fiat_p484_uint1)(x54 >> 8); - uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); - uint64_t x58 = (x56 + x4); - uint64_t x59 = (x58 >> 8); - uint8_t x60 = (uint8_t)(x58 & UINT8_C(0xff)); - uint64_t x61 = (x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint64_t x63 = (x61 >> 8); - uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); - uint64_t x65 = (x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); - uint64_t x67 = (x65 >> 8); - uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - uint64_t x69 = (x67 >> 8); - uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); - uint8_t x71 = (uint8_t)(x69 >> 8); - uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff)); - fiat_p484_uint1 x73 = (fiat_p484_uint1)(x71 >> 8); - uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); - uint64_t x75 = (x73 + x3); - uint64_t x76 = (x75 >> 8); - uint8_t x77 = (uint8_t)(x75 & UINT8_C(0xff)); + uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x55 = (0x0 + x4); + uint64_t x56 = (x55 >> 8); + uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint64_t x62 = (x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); + uint64_t x64 = (x62 >> 8); + uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); + uint64_t x66 = (x64 >> 8); + uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); + uint8_t x68 = (uint8_t)(x66 >> 8); + uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); + uint8_t x70 = (uint8_t)(x68 & UINT8_C(0xff)); + uint64_t x71 = (0x0 + x3); + uint64_t x72 = (x71 >> 8); + uint8_t x73 = (uint8_t)(x71 & UINT8_C(0xff)); + uint64_t x74 = (x72 >> 8); + uint8_t x75 = (uint8_t)(x72 & UINT8_C(0xff)); + uint64_t x76 = (x74 >> 8); + uint8_t x77 = (uint8_t)(x74 & UINT8_C(0xff)); uint64_t x78 = (x76 >> 8); uint8_t x79 = (uint8_t)(x76 & UINT8_C(0xff)); uint64_t x80 = (x78 >> 8); uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); uint64_t x82 = (x80 >> 8); uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); - uint64_t x84 = (x82 >> 8); + uint8_t x84 = (uint8_t)(x82 >> 8); uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff)); - uint64_t x86 = (x84 >> 8); - uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff)); - uint8_t x88 = (uint8_t)(x86 >> 8); - uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); - fiat_p484_uint1 x90 = (fiat_p484_uint1)(x88 >> 8); + uint8_t x86 = (uint8_t)(x84 & UINT8_C(0xff)); + uint64_t x87 = (0x0 + x2); + uint64_t x88 = (x87 >> 8); + uint8_t x89 = (uint8_t)(x87 & UINT8_C(0xff)); + uint64_t x90 = (x88 >> 8); uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); - uint64_t x92 = (x90 + x2); - uint64_t x93 = (x92 >> 8); - uint8_t x94 = (uint8_t)(x92 & UINT8_C(0xff)); - uint64_t x95 = (x93 >> 8); - uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); - uint64_t x97 = (x95 >> 8); - uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); - uint64_t x99 = (x97 >> 8); - uint8_t x100 = (uint8_t)(x97 & UINT8_C(0xff)); - uint64_t x101 = (x99 >> 8); - uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff)); - uint64_t x103 = (x101 >> 8); - uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); - uint8_t x105 = (uint8_t)(x103 >> 8); - uint8_t x106 = (uint8_t)(x103 & UINT8_C(0xff)); - fiat_p484_uint1 x107 = (fiat_p484_uint1)(x105 >> 8); - uint8_t x108 = (uint8_t)(x105 & UINT8_C(0xff)); - uint64_t x109 = (x107 + x1); - uint64_t x110 = (x109 >> 8); - uint8_t x111 = (uint8_t)(x109 & UINT8_C(0xff)); + uint64_t x92 = (x90 >> 8); + uint8_t x93 = (uint8_t)(x90 & UINT8_C(0xff)); + uint64_t x94 = (x92 >> 8); + uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); + uint64_t x96 = (x94 >> 8); + uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); + uint64_t x98 = (x96 >> 8); + uint8_t x99 = (uint8_t)(x96 & UINT8_C(0xff)); + uint8_t x100 = (uint8_t)(x98 >> 8); + uint8_t x101 = (uint8_t)(x98 & UINT8_C(0xff)); + uint8_t x102 = (uint8_t)(x100 & UINT8_C(0xff)); + uint64_t x103 = (0x0 + x1); + uint64_t x104 = (x103 >> 8); + uint8_t x105 = (uint8_t)(x103 & UINT8_C(0xff)); + uint64_t x106 = (x104 >> 8); + uint8_t x107 = (uint8_t)(x104 & UINT8_C(0xff)); + uint64_t x108 = (x106 >> 8); + uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); + uint64_t x110 = (x108 >> 8); + uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); uint64_t x112 = (x110 >> 8); uint8_t x113 = (uint8_t)(x110 & UINT8_C(0xff)); - uint64_t x114 = (x112 >> 8); + uint8_t x114 = (uint8_t)(x112 >> 8); uint8_t x115 = (uint8_t)(x112 & UINT8_C(0xff)); - uint64_t x116 = (x114 >> 8); - uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); - uint64_t x118 = (x116 >> 8); - uint8_t x119 = (uint8_t)(x116 & UINT8_C(0xff)); - uint8_t x120 = (uint8_t)(x118 >> 8); - uint8_t x121 = (uint8_t)(x118 & UINT8_C(0xff)); - fiat_p484_uint1 x122 = (fiat_p484_uint1)(x120 >> 8); - uint8_t x123 = (uint8_t)(x120 & UINT8_C(0xff)); + uint8_t x116 = (uint8_t)(x114 & UINT8_C(0xff)); out1[0] = x9; out1[1] = x11; out1[2] = x13; @@ -3107,55 +3061,55 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { out1[4] = x17; out1[5] = x19; out1[6] = x21; - out1[7] = x23; - out1[8] = x26; - out1[9] = x28; - out1[10] = x30; - out1[11] = x32; - out1[12] = x34; - out1[13] = x36; - out1[14] = x38; - out1[15] = x40; - out1[16] = x43; - out1[17] = x45; - out1[18] = x47; - out1[19] = x49; - out1[20] = x51; - out1[21] = x53; - out1[22] = x55; - out1[23] = x57; - out1[24] = x60; - out1[25] = x62; - out1[26] = x64; - out1[27] = x66; - out1[28] = x68; - out1[29] = x70; - out1[30] = x72; - out1[31] = x74; - out1[32] = x77; - out1[33] = x79; - out1[34] = x81; - out1[35] = x83; - out1[36] = x85; - out1[37] = x87; - out1[38] = x89; - out1[39] = x91; - out1[40] = x94; - out1[41] = x96; - out1[42] = x98; - out1[43] = x100; - out1[44] = x102; - out1[45] = x104; - out1[46] = x106; - out1[47] = x108; - out1[48] = x111; - out1[49] = x113; - out1[50] = x115; - out1[51] = x117; - out1[52] = x119; - out1[53] = x121; - out1[54] = x123; - out1[55] = x122; + out1[7] = x22; + out1[8] = x25; + out1[9] = x27; + out1[10] = x29; + out1[11] = x31; + out1[12] = x33; + out1[13] = x35; + out1[14] = x37; + out1[15] = x38; + out1[16] = x41; + out1[17] = x43; + out1[18] = x45; + out1[19] = x47; + out1[20] = x49; + out1[21] = x51; + out1[22] = x53; + out1[23] = x54; + out1[24] = x57; + out1[25] = x59; + out1[26] = x61; + out1[27] = x63; + out1[28] = x65; + out1[29] = x67; + out1[30] = x69; + out1[31] = x70; + out1[32] = x73; + out1[33] = x75; + out1[34] = x77; + out1[35] = x79; + out1[36] = x81; + out1[37] = x83; + out1[38] = x85; + out1[39] = x86; + out1[40] = x89; + out1[41] = x91; + out1[42] = x93; + out1[43] = x95; + out1[44] = x97; + out1[45] = x99; + out1[46] = x101; + out1[47] = x102; + out1[48] = x105; + out1[49] = x107; + out1[50] = x109; + out1[51] = x111; + out1[52] = x113; + out1[53] = x115; + out1[54] = x116; + out1[55] = 0x0; } /* @@ -3165,93 +3119,86 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3ffffffffffff]] */ static void fiat_p484_from_bytes(uint64_t out1[7], const uint8_t arg1[56]) { - fiat_p484_uint1 x1 = (fiat_p484_uint1)((uint64_t)(fiat_p484_uint1)(arg1[55]) << 56); - uint64_t x2 = ((uint64_t)(arg1[54]) << 48); - uint64_t x3 = ((uint64_t)(arg1[53]) << 40); - uint64_t x4 = ((uint64_t)(arg1[52]) << 32); - uint64_t x5 = ((uint64_t)(arg1[51]) << 24); - uint64_t x6 = ((uint64_t)(arg1[50]) << 16); - uint64_t x7 = ((uint64_t)(arg1[49]) << 8); - uint8_t x8 = (arg1[48]); - uint64_t x9 = ((uint64_t)(arg1[47]) << 56); - uint64_t x10 = ((uint64_t)(arg1[46]) << 48); - uint64_t x11 = ((uint64_t)(arg1[45]) << 40); - uint64_t x12 = ((uint64_t)(arg1[44]) << 32); - uint64_t x13 = ((uint64_t)(arg1[43]) << 24); - uint64_t x14 = ((uint64_t)(arg1[42]) << 16); - uint64_t x15 = ((uint64_t)(arg1[41]) << 8); - uint8_t x16 = (arg1[40]); - uint64_t x17 = ((uint64_t)(arg1[39]) << 56); - uint64_t x18 = ((uint64_t)(arg1[38]) << 48); - uint64_t x19 = ((uint64_t)(arg1[37]) << 40); - uint64_t x20 = ((uint64_t)(arg1[36]) << 32); - uint64_t x21 = ((uint64_t)(arg1[35]) << 24); - uint64_t x22 = ((uint64_t)(arg1[34]) << 16); - uint64_t x23 = ((uint64_t)(arg1[33]) << 8); - uint8_t x24 = (arg1[32]); - uint64_t x25 = ((uint64_t)(arg1[31]) << 56); - uint64_t x26 = ((uint64_t)(arg1[30]) << 48); - uint64_t x27 = ((uint64_t)(arg1[29]) << 40); - uint64_t x28 = ((uint64_t)(arg1[28]) << 32); - uint64_t x29 = ((uint64_t)(arg1[27]) << 24); - uint64_t x30 = ((uint64_t)(arg1[26]) << 16); - uint64_t x31 = ((uint64_t)(arg1[25]) << 8); - uint8_t x32 = (arg1[24]); - uint64_t x33 = ((uint64_t)(arg1[23]) << 56); - uint64_t x34 = ((uint64_t)(arg1[22]) << 48); - uint64_t x35 = ((uint64_t)(arg1[21]) << 40); - uint64_t x36 = ((uint64_t)(arg1[20]) << 32); - uint64_t x37 = ((uint64_t)(arg1[19]) << 24); - uint64_t x38 = ((uint64_t)(arg1[18]) << 16); - uint64_t x39 = ((uint64_t)(arg1[17]) << 8); - uint8_t x40 = (arg1[16]); - uint64_t x41 = ((uint64_t)(arg1[15]) << 56); - uint64_t x42 = ((uint64_t)(arg1[14]) << 48); - uint64_t x43 = ((uint64_t)(arg1[13]) << 40); - uint64_t x44 = ((uint64_t)(arg1[12]) << 32); - uint64_t x45 = ((uint64_t)(arg1[11]) << 24); - uint64_t x46 = ((uint64_t)(arg1[10]) << 16); - uint64_t x47 = ((uint64_t)(arg1[9]) << 8); - uint8_t x48 = (arg1[8]); - uint64_t x49 = ((uint64_t)(arg1[7]) << 56); - uint64_t x50 = ((uint64_t)(arg1[6]) << 48); - uint64_t x51 = ((uint64_t)(arg1[5]) << 40); - uint64_t x52 = ((uint64_t)(arg1[4]) << 32); - uint64_t x53 = ((uint64_t)(arg1[3]) << 24); - uint64_t x54 = ((uint64_t)(arg1[2]) << 16); - uint64_t x55 = ((uint64_t)(arg1[1]) << 8); - uint8_t x56 = (arg1[0]); - uint64_t x57 = (x56 + (x55 + (x54 + (x53 + (x52 + (x51 + (x50 + x49))))))); - fiat_p484_uint1 x58 = (fiat_p484_uint1)((fiat_p484_uint128)x57 >> 64); - uint64_t x59 = (x57 & UINT64_C(0xffffffffffffffff)); - uint64_t x60 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + (uint64_t)x1))))))); - uint64_t x61 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); - uint64_t x62 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x63 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); - uint64_t x64 = (x40 + (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + x33))))))); - uint64_t x65 = (x48 + (x47 + (x46 + (x45 + (x44 + (x43 + (x42 + x41))))))); - uint64_t x66 = (x58 + x65); - fiat_p484_uint1 x67 = (fiat_p484_uint1)((fiat_p484_uint128)x66 >> 64); - uint64_t x68 = (x66 & UINT64_C(0xffffffffffffffff)); - uint64_t x69 = (x67 + x64); - fiat_p484_uint1 x70 = (fiat_p484_uint1)((fiat_p484_uint128)x69 >> 64); - uint64_t x71 = (x69 & UINT64_C(0xffffffffffffffff)); - uint64_t x72 = (x70 + x63); - fiat_p484_uint1 x73 = (fiat_p484_uint1)((fiat_p484_uint128)x72 >> 64); - uint64_t x74 = (x72 & UINT64_C(0xffffffffffffffff)); - uint64_t x75 = (x73 + x62); - fiat_p484_uint1 x76 = (fiat_p484_uint1)((fiat_p484_uint128)x75 >> 64); - uint64_t x77 = (x75 & UINT64_C(0xffffffffffffffff)); - uint64_t x78 = (x76 + x61); - fiat_p484_uint1 x79 = (fiat_p484_uint1)((fiat_p484_uint128)x78 >> 64); - uint64_t x80 = (x78 & UINT64_C(0xffffffffffffffff)); - uint64_t x81 = (x79 + x60); - out1[0] = x59; - out1[1] = x68; - out1[2] = x71; - out1[3] = x74; - out1[4] = x77; - out1[5] = x80; - out1[6] = x81; + uint64_t x1 = ((uint64_t)(arg1[54]) << 48); + uint64_t x2 = ((uint64_t)(arg1[53]) << 40); + uint64_t x3 = ((uint64_t)(arg1[52]) << 32); + uint64_t x4 = ((uint64_t)(arg1[51]) << 24); + uint64_t x5 = ((uint64_t)(arg1[50]) << 16); + uint64_t x6 = ((uint64_t)(arg1[49]) << 8); + uint8_t x7 = (arg1[48]); + uint64_t x8 = ((uint64_t)(arg1[47]) << 56); + uint64_t x9 = ((uint64_t)(arg1[46]) << 48); + uint64_t x10 = ((uint64_t)(arg1[45]) << 40); + uint64_t x11 = ((uint64_t)(arg1[44]) << 32); + uint64_t x12 = ((uint64_t)(arg1[43]) << 24); + uint64_t x13 = ((uint64_t)(arg1[42]) << 16); + uint64_t x14 = ((uint64_t)(arg1[41]) << 8); + uint8_t x15 = (arg1[40]); + uint64_t x16 = ((uint64_t)(arg1[39]) << 56); + uint64_t x17 = ((uint64_t)(arg1[38]) << 48); + uint64_t x18 = ((uint64_t)(arg1[37]) << 40); + uint64_t x19 = ((uint64_t)(arg1[36]) << 32); + uint64_t x20 = ((uint64_t)(arg1[35]) << 24); + uint64_t x21 = ((uint64_t)(arg1[34]) << 16); + uint64_t x22 = ((uint64_t)(arg1[33]) << 8); + uint8_t x23 = (arg1[32]); + uint64_t x24 = ((uint64_t)(arg1[31]) << 56); + uint64_t x25 = ((uint64_t)(arg1[30]) << 48); + uint64_t x26 = ((uint64_t)(arg1[29]) << 40); + uint64_t x27 = ((uint64_t)(arg1[28]) << 32); + uint64_t x28 = ((uint64_t)(arg1[27]) << 24); + uint64_t x29 = ((uint64_t)(arg1[26]) << 16); + uint64_t x30 = ((uint64_t)(arg1[25]) << 8); + uint8_t x31 = (arg1[24]); + uint64_t x32 = ((uint64_t)(arg1[23]) << 56); + uint64_t x33 = ((uint64_t)(arg1[22]) << 48); + uint64_t x34 = ((uint64_t)(arg1[21]) << 40); + uint64_t x35 = ((uint64_t)(arg1[20]) << 32); + uint64_t x36 = ((uint64_t)(arg1[19]) << 24); + uint64_t x37 = ((uint64_t)(arg1[18]) << 16); + uint64_t x38 = ((uint64_t)(arg1[17]) << 8); + uint8_t x39 = (arg1[16]); + uint64_t x40 = ((uint64_t)(arg1[15]) << 56); + uint64_t x41 = ((uint64_t)(arg1[14]) << 48); + uint64_t x42 = ((uint64_t)(arg1[13]) << 40); + uint64_t x43 = ((uint64_t)(arg1[12]) << 32); + uint64_t x44 = ((uint64_t)(arg1[11]) << 24); + uint64_t x45 = ((uint64_t)(arg1[10]) << 16); + uint64_t x46 = ((uint64_t)(arg1[9]) << 8); + uint8_t x47 = (arg1[8]); + uint64_t x48 = ((uint64_t)(arg1[7]) << 56); + uint64_t x49 = ((uint64_t)(arg1[6]) << 48); + uint64_t x50 = ((uint64_t)(arg1[5]) << 40); + uint64_t x51 = ((uint64_t)(arg1[4]) << 32); + uint64_t x52 = ((uint64_t)(arg1[3]) << 24); + uint64_t x53 = ((uint64_t)(arg1[2]) << 16); + uint64_t x54 = ((uint64_t)(arg1[1]) << 8); + uint8_t x55 = (arg1[0]); + uint64_t x56 = (x55 + (x54 + (x53 + (x52 + (x51 + (x50 + (x49 + x48))))))); + uint64_t x57 = (x56 & UINT64_C(0xffffffffffffffff)); + uint64_t x58 = (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + (x1 + (uint64_t)0x0))))))); + uint64_t x59 = (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + (x9 + x8))))))); + uint64_t x60 = (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + (x17 + x16))))))); + uint64_t x61 = (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + (x25 + x24))))))); + uint64_t x62 = (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + (x33 + x32))))))); + uint64_t x63 = (x47 + (x46 + (x45 + (x44 + (x43 + (x42 + (x41 + x40))))))); + uint64_t x64 = (0x0 + x63); + uint64_t x65 = (x64 & UINT64_C(0xffffffffffffffff)); + uint64_t x66 = (0x0 + x62); + uint64_t x67 = (x66 & UINT64_C(0xffffffffffffffff)); + uint64_t x68 = (0x0 + x61); + uint64_t x69 = (x68 & UINT64_C(0xffffffffffffffff)); + uint64_t x70 = (0x0 + x60); + uint64_t x71 = (x70 & UINT64_C(0xffffffffffffffff)); + uint64_t x72 = (0x0 + x59); + uint64_t x73 = (x72 & UINT64_C(0xffffffffffffffff)); + uint64_t x74 = (0x0 + x58); + out1[0] = x57; + out1[1] = x65; + out1[2] = x67; + out1[3] = x69; + out1[4] = x71; + out1[5] = x73; + out1[6] = x74; } diff --git a/p521_32.c b/p521_32.c index d1ae368c9f..b044dc804c 100644 --- a/p521_32.c +++ b/p521_32.c @@ -1200,103 +1200,101 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint32_t arg1[17]) { uint8_t x130 = (uint8_t)(x127 & UINT8_C(0xff)); uint8_t x131 = (uint8_t)(x129 >> 8); uint8_t x132 = (uint8_t)(x129 & UINT8_C(0xff)); - fiat_p521_uint1 x133 = (fiat_p521_uint1)(x131 >> 8); - uint8_t x134 = (uint8_t)(x131 & UINT8_C(0xff)); - uint32_t x135 = (x133 + x48); - uint32_t x136 = (x135 >> 8); - uint8_t x137 = (uint8_t)(x135 & UINT8_C(0xff)); - uint32_t x138 = (x136 >> 8); - uint8_t x139 = (uint8_t)(x136 & UINT8_C(0xff)); - uint8_t x140 = (uint8_t)(x138 >> 8); - uint8_t x141 = (uint8_t)(x138 & UINT8_C(0xff)); - uint64_t x142 = (x140 + x78); - uint32_t x143 = (uint32_t)(x142 >> 8); - uint8_t x144 = (uint8_t)(x142 & UINT8_C(0xff)); - uint32_t x145 = (x143 >> 8); - uint8_t x146 = (uint8_t)(x143 & UINT8_C(0xff)); - uint32_t x147 = (x145 >> 8); - uint8_t x148 = (uint8_t)(x145 & UINT8_C(0xff)); - uint8_t x149 = (uint8_t)(x147 >> 8); - uint8_t x150 = (uint8_t)(x147 & UINT8_C(0xff)); - uint64_t x151 = (x149 + x77); - uint32_t x152 = (uint32_t)(x151 >> 8); - uint8_t x153 = (uint8_t)(x151 & UINT8_C(0xff)); - uint32_t x154 = (x152 >> 8); - uint8_t x155 = (uint8_t)(x152 & UINT8_C(0xff)); - uint32_t x156 = (x154 >> 8); - uint8_t x157 = (uint8_t)(x154 & UINT8_C(0xff)); - uint8_t x158 = (uint8_t)(x156 >> 8); - uint8_t x159 = (uint8_t)(x156 & UINT8_C(0xff)); - uint64_t x160 = (x158 + x76); - uint32_t x161 = (uint32_t)(x160 >> 8); - uint8_t x162 = (uint8_t)(x160 & UINT8_C(0xff)); - uint32_t x163 = (x161 >> 8); - uint8_t x164 = (uint8_t)(x161 & UINT8_C(0xff)); - uint32_t x165 = (x163 >> 8); - uint8_t x166 = (uint8_t)(x163 & UINT8_C(0xff)); - uint8_t x167 = (uint8_t)(x165 >> 8); - uint8_t x168 = (uint8_t)(x165 & UINT8_C(0xff)); - uint64_t x169 = (x167 + x75); - uint32_t x170 = (uint32_t)(x169 >> 8); - uint8_t x171 = (uint8_t)(x169 & UINT8_C(0xff)); - uint32_t x172 = (x170 >> 8); - uint8_t x173 = (uint8_t)(x170 & UINT8_C(0xff)); - uint32_t x174 = (x172 >> 8); - uint8_t x175 = (uint8_t)(x172 & UINT8_C(0xff)); - uint8_t x176 = (uint8_t)(x174 >> 8); - uint8_t x177 = (uint8_t)(x174 & UINT8_C(0xff)); - uint32_t x178 = (x176 + x74); - uint32_t x179 = (x178 >> 8); - uint8_t x180 = (uint8_t)(x178 & UINT8_C(0xff)); - uint32_t x181 = (x179 >> 8); - uint8_t x182 = (uint8_t)(x179 & UINT8_C(0xff)); - uint8_t x183 = (uint8_t)(x181 >> 8); - uint8_t x184 = (uint8_t)(x181 & UINT8_C(0xff)); - fiat_p521_uint1 x185 = (fiat_p521_uint1)(x183 >> 8); - uint8_t x186 = (uint8_t)(x183 & UINT8_C(0xff)); - uint32_t x187 = (x185 + x60); - uint32_t x188 = (x187 >> 8); - uint8_t x189 = (uint8_t)(x187 & UINT8_C(0xff)); - uint32_t x190 = (x188 >> 8); + uint8_t x133 = (uint8_t)(x131 & UINT8_C(0xff)); + uint32_t x134 = (0x0 + x48); + uint32_t x135 = (x134 >> 8); + uint8_t x136 = (uint8_t)(x134 & UINT8_C(0xff)); + uint32_t x137 = (x135 >> 8); + uint8_t x138 = (uint8_t)(x135 & UINT8_C(0xff)); + uint8_t x139 = (uint8_t)(x137 >> 8); + uint8_t x140 = (uint8_t)(x137 & UINT8_C(0xff)); + uint64_t x141 = (x139 + x78); + uint32_t x142 = (uint32_t)(x141 >> 8); + uint8_t x143 = (uint8_t)(x141 & UINT8_C(0xff)); + uint32_t x144 = (x142 >> 8); + uint8_t x145 = (uint8_t)(x142 & UINT8_C(0xff)); + uint32_t x146 = (x144 >> 8); + uint8_t x147 = (uint8_t)(x144 & UINT8_C(0xff)); + uint8_t x148 = (uint8_t)(x146 >> 8); + uint8_t x149 = (uint8_t)(x146 & UINT8_C(0xff)); + uint64_t x150 = (x148 + x77); + uint32_t x151 = (uint32_t)(x150 >> 8); + uint8_t x152 = (uint8_t)(x150 & UINT8_C(0xff)); + uint32_t x153 = (x151 >> 8); + uint8_t x154 = (uint8_t)(x151 & UINT8_C(0xff)); + uint32_t x155 = (x153 >> 8); + uint8_t x156 = (uint8_t)(x153 & UINT8_C(0xff)); + uint8_t x157 = (uint8_t)(x155 >> 8); + uint8_t x158 = (uint8_t)(x155 & UINT8_C(0xff)); + uint64_t x159 = (x157 + x76); + uint32_t x160 = (uint32_t)(x159 >> 8); + uint8_t x161 = (uint8_t)(x159 & UINT8_C(0xff)); + uint32_t x162 = (x160 >> 8); + uint8_t x163 = (uint8_t)(x160 & UINT8_C(0xff)); + uint32_t x164 = (x162 >> 8); + uint8_t x165 = (uint8_t)(x162 & UINT8_C(0xff)); + uint8_t x166 = (uint8_t)(x164 >> 8); + uint8_t x167 = (uint8_t)(x164 & UINT8_C(0xff)); + uint64_t x168 = (x166 + x75); + uint32_t x169 = (uint32_t)(x168 >> 8); + uint8_t x170 = (uint8_t)(x168 & UINT8_C(0xff)); + uint32_t x171 = (x169 >> 8); + uint8_t x172 = (uint8_t)(x169 & UINT8_C(0xff)); + uint32_t x173 = (x171 >> 8); + uint8_t x174 = (uint8_t)(x171 & UINT8_C(0xff)); + uint8_t x175 = (uint8_t)(x173 >> 8); + uint8_t x176 = (uint8_t)(x173 & UINT8_C(0xff)); + uint32_t x177 = (x175 + x74); + uint32_t x178 = (x177 >> 8); + uint8_t x179 = (uint8_t)(x177 & UINT8_C(0xff)); + uint32_t x180 = (x178 >> 8); + uint8_t x181 = (uint8_t)(x178 & UINT8_C(0xff)); + uint8_t x182 = (uint8_t)(x180 >> 8); + uint8_t x183 = (uint8_t)(x180 & UINT8_C(0xff)); + uint8_t x184 = (uint8_t)(x182 & UINT8_C(0xff)); + uint32_t x185 = (0x0 + x60); + uint32_t x186 = (x185 >> 8); + uint8_t x187 = (uint8_t)(x185 & UINT8_C(0xff)); + uint32_t x188 = (x186 >> 8); + uint8_t x189 = (uint8_t)(x186 & UINT8_C(0xff)); + uint8_t x190 = (uint8_t)(x188 >> 8); uint8_t x191 = (uint8_t)(x188 & UINT8_C(0xff)); - uint8_t x192 = (uint8_t)(x190 >> 8); - uint8_t x193 = (uint8_t)(x190 & UINT8_C(0xff)); - uint64_t x194 = (x192 + x73); - uint32_t x195 = (uint32_t)(x194 >> 8); - uint8_t x196 = (uint8_t)(x194 & UINT8_C(0xff)); + uint64_t x192 = (x190 + x73); + uint32_t x193 = (uint32_t)(x192 >> 8); + uint8_t x194 = (uint8_t)(x192 & UINT8_C(0xff)); + uint32_t x195 = (x193 >> 8); + uint8_t x196 = (uint8_t)(x193 & UINT8_C(0xff)); uint32_t x197 = (x195 >> 8); uint8_t x198 = (uint8_t)(x195 & UINT8_C(0xff)); - uint32_t x199 = (x197 >> 8); + uint8_t x199 = (uint8_t)(x197 >> 8); uint8_t x200 = (uint8_t)(x197 & UINT8_C(0xff)); - uint8_t x201 = (uint8_t)(x199 >> 8); - uint8_t x202 = (uint8_t)(x199 & UINT8_C(0xff)); - uint64_t x203 = (x201 + x72); - uint32_t x204 = (uint32_t)(x203 >> 8); - uint8_t x205 = (uint8_t)(x203 & UINT8_C(0xff)); + uint64_t x201 = (x199 + x72); + uint32_t x202 = (uint32_t)(x201 >> 8); + uint8_t x203 = (uint8_t)(x201 & UINT8_C(0xff)); + uint32_t x204 = (x202 >> 8); + uint8_t x205 = (uint8_t)(x202 & UINT8_C(0xff)); uint32_t x206 = (x204 >> 8); uint8_t x207 = (uint8_t)(x204 & UINT8_C(0xff)); - uint32_t x208 = (x206 >> 8); + uint8_t x208 = (uint8_t)(x206 >> 8); uint8_t x209 = (uint8_t)(x206 & UINT8_C(0xff)); - uint8_t x210 = (uint8_t)(x208 >> 8); - uint8_t x211 = (uint8_t)(x208 & UINT8_C(0xff)); - uint64_t x212 = (x210 + x71); - uint32_t x213 = (uint32_t)(x212 >> 8); - uint8_t x214 = (uint8_t)(x212 & UINT8_C(0xff)); + uint64_t x210 = (x208 + x71); + uint32_t x211 = (uint32_t)(x210 >> 8); + uint8_t x212 = (uint8_t)(x210 & UINT8_C(0xff)); + uint32_t x213 = (x211 >> 8); + uint8_t x214 = (uint8_t)(x211 & UINT8_C(0xff)); uint32_t x215 = (x213 >> 8); uint8_t x216 = (uint8_t)(x213 & UINT8_C(0xff)); - uint32_t x217 = (x215 >> 8); + uint8_t x217 = (uint8_t)(x215 >> 8); uint8_t x218 = (uint8_t)(x215 & UINT8_C(0xff)); - uint8_t x219 = (uint8_t)(x217 >> 8); - uint8_t x220 = (uint8_t)(x217 & UINT8_C(0xff)); - uint64_t x221 = (x219 + x70); - uint32_t x222 = (uint32_t)(x221 >> 8); - uint8_t x223 = (uint8_t)(x221 & UINT8_C(0xff)); + uint64_t x219 = (x217 + x70); + uint32_t x220 = (uint32_t)(x219 >> 8); + uint8_t x221 = (uint8_t)(x219 & UINT8_C(0xff)); + uint32_t x222 = (x220 >> 8); + uint8_t x223 = (uint8_t)(x220 & UINT8_C(0xff)); uint32_t x224 = (x222 >> 8); uint8_t x225 = (uint8_t)(x222 & UINT8_C(0xff)); - uint32_t x226 = (x224 >> 8); + fiat_p521_uint1 x226 = (fiat_p521_uint1)(x224 >> 8); uint8_t x227 = (uint8_t)(x224 & UINT8_C(0xff)); - fiat_p521_uint1 x228 = (fiat_p521_uint1)(x226 >> 8); - uint8_t x229 = (uint8_t)(x226 & UINT8_C(0xff)); out1[0] = x85; out1[1] = x87; out1[2] = x89; @@ -1319,50 +1317,50 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint32_t arg1[17]) { out1[19] = x128; out1[20] = x130; out1[21] = x132; - out1[22] = x134; - out1[23] = x137; - out1[24] = x139; - out1[25] = x141; - out1[26] = x144; - out1[27] = x146; - out1[28] = x148; - out1[29] = x150; - out1[30] = x153; - out1[31] = x155; - out1[32] = x157; - out1[33] = x159; - out1[34] = x162; - out1[35] = x164; - out1[36] = x166; - out1[37] = x168; - out1[38] = x171; - out1[39] = x173; - out1[40] = x175; - out1[41] = x177; - out1[42] = x180; - out1[43] = x182; - out1[44] = x184; - out1[45] = x186; - out1[46] = x189; - out1[47] = x191; - out1[48] = x193; - out1[49] = x196; - out1[50] = x198; - out1[51] = x200; - out1[52] = x202; - out1[53] = x205; - out1[54] = x207; - out1[55] = x209; - out1[56] = x211; - out1[57] = x214; - out1[58] = x216; - out1[59] = x218; - out1[60] = x220; - out1[61] = x223; - out1[62] = x225; - out1[63] = x227; - out1[64] = x229; - out1[65] = x228; + out1[22] = x133; + out1[23] = x136; + out1[24] = x138; + out1[25] = x140; + out1[26] = x143; + out1[27] = x145; + out1[28] = x147; + out1[29] = x149; + out1[30] = x152; + out1[31] = x154; + out1[32] = x156; + out1[33] = x158; + out1[34] = x161; + out1[35] = x163; + out1[36] = x165; + out1[37] = x167; + out1[38] = x170; + out1[39] = x172; + out1[40] = x174; + out1[41] = x176; + out1[42] = x179; + out1[43] = x181; + out1[44] = x183; + out1[45] = x184; + out1[46] = x187; + out1[47] = x189; + out1[48] = x191; + out1[49] = x194; + out1[50] = x196; + out1[51] = x198; + out1[52] = x200; + out1[53] = x203; + out1[54] = x205; + out1[55] = x207; + out1[56] = x209; + out1[57] = x212; + out1[58] = x214; + out1[59] = x216; + out1[60] = x218; + out1[61] = x221; + out1[62] = x223; + out1[63] = x225; + out1[64] = x227; + out1[65] = x226; } /* @@ -1470,55 +1468,53 @@ static void fiat_p521_from_bytes(uint32_t out1[17], const uint8_t arg1[66]) { uint8_t x96 = (uint8_t)(x95 >> 31); uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x7fffffff)); uint32_t x98 = (x96 + x81); - fiat_p521_uint1 x99 = (fiat_p521_uint1)(x98 >> 30); - uint32_t x100 = (x98 & UINT32_C(0x3fffffff)); - uint32_t x101 = (x99 + x80); - fiat_p521_uint1 x102 = (fiat_p521_uint1)(x101 >> 31); - uint32_t x103 = (x101 & UINT32_C(0x7fffffff)); - uint64_t x104 = (x102 + x79); - uint8_t x105 = (uint8_t)(x104 >> 31); - uint32_t x106 = (uint32_t)(x104 & UINT32_C(0x7fffffff)); - uint64_t x107 = (x105 + x78); - uint8_t x108 = (uint8_t)(x107 >> 30); - uint32_t x109 = (uint32_t)(x107 & UINT32_C(0x3fffffff)); - uint64_t x110 = (x108 + x77); - uint8_t x111 = (uint8_t)(x110 >> 31); - uint32_t x112 = (uint32_t)(x110 & UINT32_C(0x7fffffff)); - uint64_t x113 = (x111 + x76); - uint8_t x114 = (uint8_t)(x113 >> 31); - uint32_t x115 = (uint32_t)(x113 & UINT32_C(0x7fffffff)); - uint32_t x116 = (x114 + x75); - fiat_p521_uint1 x117 = (fiat_p521_uint1)(x116 >> 30); - uint32_t x118 = (x116 & UINT32_C(0x3fffffff)); - uint32_t x119 = (x117 + x74); - fiat_p521_uint1 x120 = (fiat_p521_uint1)(x119 >> 31); - uint32_t x121 = (x119 & UINT32_C(0x7fffffff)); - uint64_t x122 = (x120 + x73); - uint8_t x123 = (uint8_t)(x122 >> 31); - uint32_t x124 = (uint32_t)(x122 & UINT32_C(0x7fffffff)); - uint64_t x125 = (x123 + x72); - uint8_t x126 = (uint8_t)(x125 >> 30); - uint32_t x127 = (uint32_t)(x125 & UINT32_C(0x3fffffff)); - uint64_t x128 = (x126 + x71); - uint8_t x129 = (uint8_t)(x128 >> 31); - uint32_t x130 = (uint32_t)(x128 & UINT32_C(0x7fffffff)); - uint32_t x131 = (x129 + x70); + uint32_t x99 = (x98 & UINT32_C(0x3fffffff)); + uint32_t x100 = (0x0 + x80); + fiat_p521_uint1 x101 = (fiat_p521_uint1)(x100 >> 31); + uint32_t x102 = (x100 & UINT32_C(0x7fffffff)); + uint64_t x103 = (x101 + x79); + uint8_t x104 = (uint8_t)(x103 >> 31); + uint32_t x105 = (uint32_t)(x103 & UINT32_C(0x7fffffff)); + uint64_t x106 = (x104 + x78); + uint8_t x107 = (uint8_t)(x106 >> 30); + uint32_t x108 = (uint32_t)(x106 & UINT32_C(0x3fffffff)); + uint64_t x109 = (x107 + x77); + uint8_t x110 = (uint8_t)(x109 >> 31); + uint32_t x111 = (uint32_t)(x109 & UINT32_C(0x7fffffff)); + uint64_t x112 = (x110 + x76); + uint8_t x113 = (uint8_t)(x112 >> 31); + uint32_t x114 = (uint32_t)(x112 & UINT32_C(0x7fffffff)); + uint32_t x115 = (x113 + x75); + uint32_t x116 = (x115 & UINT32_C(0x3fffffff)); + uint32_t x117 = (0x0 + x74); + fiat_p521_uint1 x118 = (fiat_p521_uint1)(x117 >> 31); + uint32_t x119 = (x117 & UINT32_C(0x7fffffff)); + uint64_t x120 = (x118 + x73); + uint8_t x121 = (uint8_t)(x120 >> 31); + uint32_t x122 = (uint32_t)(x120 & UINT32_C(0x7fffffff)); + uint64_t x123 = (x121 + x72); + uint8_t x124 = (uint8_t)(x123 >> 30); + uint32_t x125 = (uint32_t)(x123 & UINT32_C(0x3fffffff)); + uint64_t x126 = (x124 + x71); + uint8_t x127 = (uint8_t)(x126 >> 31); + uint32_t x128 = (uint32_t)(x126 & UINT32_C(0x7fffffff)); + uint32_t x129 = (x127 + x70); out1[0] = x69; out1[1] = x88; out1[2] = x91; out1[3] = x94; out1[4] = x97; - out1[5] = x100; - out1[6] = x103; - out1[7] = x106; - out1[8] = x109; - out1[9] = x112; - out1[10] = x115; - out1[11] = x118; - out1[12] = x121; - out1[13] = x124; - out1[14] = x127; - out1[15] = x130; - out1[16] = x131; + out1[5] = x99; + out1[6] = x102; + out1[7] = x105; + out1[8] = x108; + out1[9] = x111; + out1[10] = x114; + out1[11] = x116; + out1[12] = x119; + out1[13] = x122; + out1[14] = x125; + out1[15] = x128; + out1[16] = x129; } diff --git a/p521_64.c b/p521_64.c index f81fa7967f..08ba9e1b7f 100644 --- a/p521_64.c +++ b/p521_64.c @@ -646,73 +646,73 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { uint8_t x100 = (uint8_t)(x97 & UINT8_C(0xff)); uint8_t x101 = (uint8_t)(x99 >> 8); uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff)); - fiat_p521_uint1 x103 = (fiat_p521_uint1)(x101 >> 8); - uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); - uint64_t x105 = (x103 + x28); - uint64_t x106 = (x105 >> 8); - uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff)); - uint64_t x108 = (x106 >> 8); - uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); - uint64_t x110 = (x108 >> 8); - uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); - uint64_t x112 = (x110 >> 8); - uint8_t x113 = (uint8_t)(x110 & UINT8_C(0xff)); - uint64_t x114 = (x112 >> 8); - uint8_t x115 = (uint8_t)(x112 & UINT8_C(0xff)); - uint64_t x116 = (x114 >> 8); - uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); - uint8_t x118 = (uint8_t)(x116 >> 8); - uint8_t x119 = (uint8_t)(x116 & UINT8_C(0xff)); - uint64_t x120 = (x118 + x40); - uint64_t x121 = (x120 >> 8); - uint8_t x122 = (uint8_t)(x120 & UINT8_C(0xff)); - uint64_t x123 = (x121 >> 8); - uint8_t x124 = (uint8_t)(x121 & UINT8_C(0xff)); - uint64_t x125 = (x123 >> 8); - uint8_t x126 = (uint8_t)(x123 & UINT8_C(0xff)); - uint64_t x127 = (x125 >> 8); - uint8_t x128 = (uint8_t)(x125 & UINT8_C(0xff)); - uint64_t x129 = (x127 >> 8); - uint8_t x130 = (uint8_t)(x127 & UINT8_C(0xff)); - uint64_t x131 = (x129 >> 8); - uint8_t x132 = (uint8_t)(x129 & UINT8_C(0xff)); - uint8_t x133 = (uint8_t)(x131 >> 8); - uint8_t x134 = (uint8_t)(x131 & UINT8_C(0xff)); - uint64_t x135 = (x133 + x39); - uint64_t x136 = (x135 >> 8); - uint8_t x137 = (uint8_t)(x135 & UINT8_C(0xff)); - uint64_t x138 = (x136 >> 8); - uint8_t x139 = (uint8_t)(x136 & UINT8_C(0xff)); - uint64_t x140 = (x138 >> 8); - uint8_t x141 = (uint8_t)(x138 & UINT8_C(0xff)); - uint64_t x142 = (x140 >> 8); - uint8_t x143 = (uint8_t)(x140 & UINT8_C(0xff)); - uint64_t x144 = (x142 >> 8); - uint8_t x145 = (uint8_t)(x142 & UINT8_C(0xff)); - uint64_t x146 = (x144 >> 8); - uint8_t x147 = (uint8_t)(x144 & UINT8_C(0xff)); - uint8_t x148 = (uint8_t)(x146 >> 8); - uint8_t x149 = (uint8_t)(x146 & UINT8_C(0xff)); - uint64_t x150 = (x148 + x38); - uint64_t x151 = (x150 >> 8); - uint8_t x152 = (uint8_t)(x150 & UINT8_C(0xff)); - uint64_t x153 = (x151 >> 8); - uint8_t x154 = (uint8_t)(x151 & UINT8_C(0xff)); - uint64_t x155 = (x153 >> 8); - uint8_t x156 = (uint8_t)(x153 & UINT8_C(0xff)); - uint64_t x157 = (x155 >> 8); - uint8_t x158 = (uint8_t)(x155 & UINT8_C(0xff)); - uint64_t x159 = (x157 >> 8); - uint8_t x160 = (uint8_t)(x157 & UINT8_C(0xff)); - uint64_t x161 = (x159 >> 8); - uint8_t x162 = (uint8_t)(x159 & UINT8_C(0xff)); - uint8_t x163 = (uint8_t)(x161 >> 8); - uint8_t x164 = (uint8_t)(x161 & UINT8_C(0xff)); - fiat_p521_uint1 x165 = (fiat_p521_uint1)(x163 >> 8); - uint8_t x166 = (uint8_t)(x163 & UINT8_C(0xff)); - uint64_t x167 = (x165 + x36); - uint64_t x168 = (x167 >> 8); - uint8_t x169 = (uint8_t)(x167 & UINT8_C(0xff)); + uint8_t x103 = (uint8_t)(x101 & UINT8_C(0xff)); + uint64_t x104 = (0x0 + x28); + uint64_t x105 = (x104 >> 8); + uint8_t x106 = (uint8_t)(x104 & UINT8_C(0xff)); + uint64_t x107 = (x105 >> 8); + uint8_t x108 = (uint8_t)(x105 & UINT8_C(0xff)); + uint64_t x109 = (x107 >> 8); + uint8_t x110 = (uint8_t)(x107 & UINT8_C(0xff)); + uint64_t x111 = (x109 >> 8); + uint8_t x112 = (uint8_t)(x109 & UINT8_C(0xff)); + uint64_t x113 = (x111 >> 8); + uint8_t x114 = (uint8_t)(x111 & UINT8_C(0xff)); + uint64_t x115 = (x113 >> 8); + uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff)); + uint8_t x117 = (uint8_t)(x115 >> 8); + uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff)); + uint64_t x119 = (x117 + x40); + uint64_t x120 = (x119 >> 8); + uint8_t x121 = (uint8_t)(x119 & UINT8_C(0xff)); + uint64_t x122 = (x120 >> 8); + uint8_t x123 = (uint8_t)(x120 & UINT8_C(0xff)); + uint64_t x124 = (x122 >> 8); + uint8_t x125 = (uint8_t)(x122 & UINT8_C(0xff)); + uint64_t x126 = (x124 >> 8); + uint8_t x127 = (uint8_t)(x124 & UINT8_C(0xff)); + uint64_t x128 = (x126 >> 8); + uint8_t x129 = (uint8_t)(x126 & UINT8_C(0xff)); + uint64_t x130 = (x128 >> 8); + uint8_t x131 = (uint8_t)(x128 & UINT8_C(0xff)); + uint8_t x132 = (uint8_t)(x130 >> 8); + uint8_t x133 = (uint8_t)(x130 & UINT8_C(0xff)); + uint64_t x134 = (x132 + x39); + uint64_t x135 = (x134 >> 8); + uint8_t x136 = (uint8_t)(x134 & UINT8_C(0xff)); + uint64_t x137 = (x135 >> 8); + uint8_t x138 = (uint8_t)(x135 & UINT8_C(0xff)); + uint64_t x139 = (x137 >> 8); + uint8_t x140 = (uint8_t)(x137 & UINT8_C(0xff)); + uint64_t x141 = (x139 >> 8); + uint8_t x142 = (uint8_t)(x139 & UINT8_C(0xff)); + uint64_t x143 = (x141 >> 8); + uint8_t x144 = (uint8_t)(x141 & UINT8_C(0xff)); + uint64_t x145 = (x143 >> 8); + uint8_t x146 = (uint8_t)(x143 & UINT8_C(0xff)); + uint8_t x147 = (uint8_t)(x145 >> 8); + uint8_t x148 = (uint8_t)(x145 & UINT8_C(0xff)); + uint64_t x149 = (x147 + x38); + uint64_t x150 = (x149 >> 8); + uint8_t x151 = (uint8_t)(x149 & UINT8_C(0xff)); + uint64_t x152 = (x150 >> 8); + uint8_t x153 = (uint8_t)(x150 & UINT8_C(0xff)); + uint64_t x154 = (x152 >> 8); + uint8_t x155 = (uint8_t)(x152 & UINT8_C(0xff)); + uint64_t x156 = (x154 >> 8); + uint8_t x157 = (uint8_t)(x154 & UINT8_C(0xff)); + uint64_t x158 = (x156 >> 8); + uint8_t x159 = (uint8_t)(x156 & UINT8_C(0xff)); + uint64_t x160 = (x158 >> 8); + uint8_t x161 = (uint8_t)(x158 & UINT8_C(0xff)); + uint8_t x162 = (uint8_t)(x160 >> 8); + uint8_t x163 = (uint8_t)(x160 & UINT8_C(0xff)); + uint8_t x164 = (uint8_t)(x162 & UINT8_C(0xff)); + uint64_t x165 = (0x0 + x36); + uint64_t x166 = (x165 >> 8); + uint8_t x167 = (uint8_t)(x165 & UINT8_C(0xff)); + uint64_t x168 = (x166 >> 8); + uint8_t x169 = (uint8_t)(x166 & UINT8_C(0xff)); uint64_t x170 = (x168 >> 8); uint8_t x171 = (uint8_t)(x168 & UINT8_C(0xff)); uint64_t x172 = (x170 >> 8); @@ -721,10 +721,8 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { uint8_t x175 = (uint8_t)(x172 & UINT8_C(0xff)); uint64_t x176 = (x174 >> 8); uint8_t x177 = (uint8_t)(x174 & UINT8_C(0xff)); - uint64_t x178 = (x176 >> 8); + fiat_p521_uint1 x178 = (fiat_p521_uint1)(x176 >> 8); uint8_t x179 = (uint8_t)(x176 & UINT8_C(0xff)); - fiat_p521_uint1 x180 = (fiat_p521_uint1)(x178 >> 8); - uint8_t x181 = (uint8_t)(x178 & UINT8_C(0xff)); out1[0] = x45; out1[1] = x47; out1[2] = x49; @@ -753,44 +751,44 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { out1[25] = x98; out1[26] = x100; out1[27] = x102; - out1[28] = x104; - out1[29] = x107; - out1[30] = x109; - out1[31] = x111; - out1[32] = x113; - out1[33] = x115; - out1[34] = x117; - out1[35] = x119; - out1[36] = x122; - out1[37] = x124; - out1[38] = x126; - out1[39] = x128; - out1[40] = x130; - out1[41] = x132; - out1[42] = x134; - out1[43] = x137; - out1[44] = x139; - out1[45] = x141; - out1[46] = x143; - out1[47] = x145; - out1[48] = x147; - out1[49] = x149; - out1[50] = x152; - out1[51] = x154; - out1[52] = x156; - out1[53] = x158; - out1[54] = x160; - out1[55] = x162; - out1[56] = x164; - out1[57] = x166; - out1[58] = x169; - out1[59] = x171; - out1[60] = x173; - out1[61] = x175; - out1[62] = x177; - out1[63] = x179; - out1[64] = x181; - out1[65] = x180; + out1[28] = x103; + out1[29] = x106; + out1[30] = x108; + out1[31] = x110; + out1[32] = x112; + out1[33] = x114; + out1[34] = x116; + out1[35] = x118; + out1[36] = x121; + out1[37] = x123; + out1[38] = x125; + out1[39] = x127; + out1[40] = x129; + out1[41] = x131; + out1[42] = x133; + out1[43] = x136; + out1[44] = x138; + out1[45] = x140; + out1[46] = x142; + out1[47] = x144; + out1[48] = x146; + out1[49] = x148; + out1[50] = x151; + out1[51] = x153; + out1[52] = x155; + out1[53] = x157; + out1[54] = x159; + out1[55] = x161; + out1[56] = x163; + out1[57] = x164; + out1[58] = x167; + out1[59] = x169; + out1[60] = x171; + out1[61] = x173; + out1[62] = x175; + out1[63] = x177; + out1[64] = x179; + out1[65] = x178; } /* @@ -884,29 +882,27 @@ static void fiat_p521_from_bytes(uint64_t out1[9], const uint8_t arg1[66]) { uint8_t x82 = (uint8_t)(x81 >> 58); uint64_t x83 = (x81 & UINT64_C(0x3ffffffffffffff)); uint64_t x84 = (x82 + x75); - fiat_p521_uint1 x85 = (fiat_p521_uint1)(x84 >> 58); - uint64_t x86 = (x84 & UINT64_C(0x3ffffffffffffff)); - uint64_t x87 = (x85 + x74); - uint8_t x88 = (uint8_t)(x87 >> 58); - uint64_t x89 = (x87 & UINT64_C(0x3ffffffffffffff)); - uint64_t x90 = (x88 + x73); - uint8_t x91 = (uint8_t)(x90 >> 58); - uint64_t x92 = (x90 & UINT64_C(0x3ffffffffffffff)); - uint64_t x93 = (x91 + x72); - uint8_t x94 = (uint8_t)(x93 >> 58); - uint64_t x95 = (x93 & UINT64_C(0x3ffffffffffffff)); - uint64_t x96 = (x94 + x71); - fiat_p521_uint1 x97 = (fiat_p521_uint1)(x96 >> 58); - uint64_t x98 = (x96 & UINT64_C(0x3ffffffffffffff)); - uint64_t x99 = (x97 + x70); + uint64_t x85 = (x84 & UINT64_C(0x3ffffffffffffff)); + uint64_t x86 = (0x0 + x74); + uint8_t x87 = (uint8_t)(x86 >> 58); + uint64_t x88 = (x86 & UINT64_C(0x3ffffffffffffff)); + uint64_t x89 = (x87 + x73); + uint8_t x90 = (uint8_t)(x89 >> 58); + uint64_t x91 = (x89 & UINT64_C(0x3ffffffffffffff)); + uint64_t x92 = (x90 + x72); + uint8_t x93 = (uint8_t)(x92 >> 58); + uint64_t x94 = (x92 & UINT64_C(0x3ffffffffffffff)); + uint64_t x95 = (x93 + x71); + uint64_t x96 = (x95 & UINT64_C(0x3ffffffffffffff)); + uint64_t x97 = (0x0 + x70); out1[0] = x69; out1[1] = x80; out1[2] = x83; - out1[3] = x86; - out1[4] = x89; - out1[5] = x92; - out1[6] = x95; - out1[7] = x98; - out1[8] = x99; + out1[3] = x85; + out1[4] = x88; + out1[5] = x91; + out1[6] = x94; + out1[7] = x96; + out1[8] = x97; } diff --git a/secp256k1_32.c b/secp256k1_32.c index 94744d26a3..a4015f1341 100644 --- a/secp256k1_32.c +++ b/secp256k1_32.c @@ -2991,781 +2991,781 @@ static void fiat_secp256k1_from_montgomery(uint32_t out1[8], const uint32_t arg1 fiat_secp256k1_uint1 x69; fiat_secp256k1_addcarryx_u32(&x68, &x69, x67, 0x0, x52); uint32_t x70; - fiat_secp256k1_uint1 x71; - fiat_secp256k1_addcarryx_u32(&x70, &x71, x53, 0x0, 0x0); + uint32_t x71; + fiat_secp256k1_mulx_u32(&x70, &x71, x54, UINT32_C(0xd2253531)); uint32_t x72; - fiat_secp256k1_uint1 x73; - fiat_secp256k1_addcarryx_u32(&x72, &x73, x69, 0x0, (fiat_secp256k1_uint1)x70); + uint32_t x73; + fiat_secp256k1_mulx_u32(&x72, &x73, x70, UINT32_C(0xffffffff)); uint32_t x74; uint32_t x75; - fiat_secp256k1_mulx_u32(&x74, &x75, x54, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x74, &x75, x70, UINT32_C(0xffffffff)); uint32_t x76; uint32_t x77; - fiat_secp256k1_mulx_u32(&x76, &x77, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x76, &x77, x70, UINT32_C(0xffffffff)); uint32_t x78; uint32_t x79; - fiat_secp256k1_mulx_u32(&x78, &x79, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x78, &x79, x70, UINT32_C(0xffffffff)); uint32_t x80; uint32_t x81; - fiat_secp256k1_mulx_u32(&x80, &x81, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x80, &x81, x70, UINT32_C(0xffffffff)); uint32_t x82; uint32_t x83; - fiat_secp256k1_mulx_u32(&x82, &x83, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x82, &x83, x70, UINT32_C(0xffffffff)); uint32_t x84; uint32_t x85; - fiat_secp256k1_mulx_u32(&x84, &x85, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x84, &x85, x70, UINT32_C(0xfffffffe)); uint32_t x86; uint32_t x87; - fiat_secp256k1_mulx_u32(&x86, &x87, x74, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x86, &x87, x70, UINT32_C(0xfffffc2f)); uint32_t x88; - uint32_t x89; - fiat_secp256k1_mulx_u32(&x88, &x89, x74, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x89; + fiat_secp256k1_addcarryx_u32(&x88, &x89, 0x0, x84, x87); uint32_t x90; - uint32_t x91; - fiat_secp256k1_mulx_u32(&x90, &x91, x74, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x91; + fiat_secp256k1_addcarryx_u32(&x90, &x91, x89, x82, x85); uint32_t x92; fiat_secp256k1_uint1 x93; - fiat_secp256k1_addcarryx_u32(&x92, &x93, 0x0, x88, x91); + fiat_secp256k1_addcarryx_u32(&x92, &x93, x91, x80, x83); uint32_t x94; fiat_secp256k1_uint1 x95; - fiat_secp256k1_addcarryx_u32(&x94, &x95, x93, x86, x89); + fiat_secp256k1_addcarryx_u32(&x94, &x95, x93, x78, x81); uint32_t x96; fiat_secp256k1_uint1 x97; - fiat_secp256k1_addcarryx_u32(&x96, &x97, x95, x84, x87); + fiat_secp256k1_addcarryx_u32(&x96, &x97, x95, x76, x79); uint32_t x98; fiat_secp256k1_uint1 x99; - fiat_secp256k1_addcarryx_u32(&x98, &x99, x97, x82, x85); + fiat_secp256k1_addcarryx_u32(&x98, &x99, x97, x74, x77); uint32_t x100; fiat_secp256k1_uint1 x101; - fiat_secp256k1_addcarryx_u32(&x100, &x101, x99, x80, x83); + fiat_secp256k1_addcarryx_u32(&x100, &x101, x99, x72, x75); uint32_t x102; fiat_secp256k1_uint1 x103; - fiat_secp256k1_addcarryx_u32(&x102, &x103, x101, x78, x81); + fiat_secp256k1_addcarryx_u32(&x102, &x103, 0x0, x86, x54); uint32_t x104; fiat_secp256k1_uint1 x105; - fiat_secp256k1_addcarryx_u32(&x104, &x105, x103, x76, x79); + fiat_secp256k1_addcarryx_u32(&x104, &x105, x103, x88, x56); uint32_t x106; fiat_secp256k1_uint1 x107; - fiat_secp256k1_addcarryx_u32(&x106, &x107, 0x0, x90, x54); + fiat_secp256k1_addcarryx_u32(&x106, &x107, x105, x90, x58); uint32_t x108; fiat_secp256k1_uint1 x109; - fiat_secp256k1_addcarryx_u32(&x108, &x109, x107, x92, x56); + fiat_secp256k1_addcarryx_u32(&x108, &x109, x107, x92, x60); uint32_t x110; fiat_secp256k1_uint1 x111; - fiat_secp256k1_addcarryx_u32(&x110, &x111, x109, x94, x58); + fiat_secp256k1_addcarryx_u32(&x110, &x111, x109, x94, x62); uint32_t x112; fiat_secp256k1_uint1 x113; - fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x96, x60); + fiat_secp256k1_addcarryx_u32(&x112, &x113, x111, x96, x64); uint32_t x114; fiat_secp256k1_uint1 x115; - fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x98, x62); + fiat_secp256k1_addcarryx_u32(&x114, &x115, x113, x98, x66); uint32_t x116; fiat_secp256k1_uint1 x117; - fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, x100, x64); + fiat_secp256k1_addcarryx_u32(&x116, &x117, x115, x100, x68); uint32_t x118; fiat_secp256k1_uint1 x119; - fiat_secp256k1_addcarryx_u32(&x118, &x119, x117, x102, x66); + fiat_secp256k1_addcarryx_u32(&x118, &x119, x53, 0x0, 0x0); uint32_t x120; fiat_secp256k1_uint1 x121; - fiat_secp256k1_addcarryx_u32(&x120, &x121, x119, x104, x68); + fiat_secp256k1_addcarryx_u32(&x120, &x121, x69, 0x0, (fiat_secp256k1_uint1)x118); uint32_t x122; fiat_secp256k1_uint1 x123; - fiat_secp256k1_addcarryx_u32(&x122, &x123, x105, 0x0, x77); + fiat_secp256k1_addcarryx_u32(&x122, &x123, x101, 0x0, x73); uint32_t x124; fiat_secp256k1_uint1 x125; - fiat_secp256k1_addcarryx_u32(&x124, &x125, x121, x122, x72); + fiat_secp256k1_addcarryx_u32(&x124, &x125, x117, x122, x120); uint32_t x126; fiat_secp256k1_uint1 x127; - fiat_secp256k1_addcarryx_u32(&x126, &x127, 0x0, (arg1[2]), x108); + fiat_secp256k1_addcarryx_u32(&x126, &x127, 0x0, (arg1[2]), x104); uint32_t x128; fiat_secp256k1_uint1 x129; - fiat_secp256k1_addcarryx_u32(&x128, &x129, x127, 0x0, x110); + fiat_secp256k1_addcarryx_u32(&x128, &x129, x127, 0x0, x106); uint32_t x130; fiat_secp256k1_uint1 x131; - fiat_secp256k1_addcarryx_u32(&x130, &x131, x129, 0x0, x112); + fiat_secp256k1_addcarryx_u32(&x130, &x131, x129, 0x0, x108); uint32_t x132; fiat_secp256k1_uint1 x133; - fiat_secp256k1_addcarryx_u32(&x132, &x133, x131, 0x0, x114); + fiat_secp256k1_addcarryx_u32(&x132, &x133, x131, 0x0, x110); uint32_t x134; fiat_secp256k1_uint1 x135; - fiat_secp256k1_addcarryx_u32(&x134, &x135, x133, 0x0, x116); + fiat_secp256k1_addcarryx_u32(&x134, &x135, x133, 0x0, x112); uint32_t x136; fiat_secp256k1_uint1 x137; - fiat_secp256k1_addcarryx_u32(&x136, &x137, x135, 0x0, x118); + fiat_secp256k1_addcarryx_u32(&x136, &x137, x135, 0x0, x114); uint32_t x138; fiat_secp256k1_uint1 x139; - fiat_secp256k1_addcarryx_u32(&x138, &x139, x137, 0x0, x120); + fiat_secp256k1_addcarryx_u32(&x138, &x139, x137, 0x0, x116); uint32_t x140; fiat_secp256k1_uint1 x141; fiat_secp256k1_addcarryx_u32(&x140, &x141, x139, 0x0, x124); uint32_t x142; - fiat_secp256k1_uint1 x143; - fiat_secp256k1_addcarryx_u32(&x142, &x143, x125, 0x0, x73); + uint32_t x143; + fiat_secp256k1_mulx_u32(&x142, &x143, x126, UINT32_C(0xd2253531)); uint32_t x144; - fiat_secp256k1_uint1 x145; - fiat_secp256k1_addcarryx_u32(&x144, &x145, x141, 0x0, (fiat_secp256k1_uint1)x142); + uint32_t x145; + fiat_secp256k1_mulx_u32(&x144, &x145, x142, UINT32_C(0xffffffff)); uint32_t x146; uint32_t x147; - fiat_secp256k1_mulx_u32(&x146, &x147, x126, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x146, &x147, x142, UINT32_C(0xffffffff)); uint32_t x148; uint32_t x149; - fiat_secp256k1_mulx_u32(&x148, &x149, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x148, &x149, x142, UINT32_C(0xffffffff)); uint32_t x150; uint32_t x151; - fiat_secp256k1_mulx_u32(&x150, &x151, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x150, &x151, x142, UINT32_C(0xffffffff)); uint32_t x152; uint32_t x153; - fiat_secp256k1_mulx_u32(&x152, &x153, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x152, &x153, x142, UINT32_C(0xffffffff)); uint32_t x154; uint32_t x155; - fiat_secp256k1_mulx_u32(&x154, &x155, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x154, &x155, x142, UINT32_C(0xffffffff)); uint32_t x156; uint32_t x157; - fiat_secp256k1_mulx_u32(&x156, &x157, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x156, &x157, x142, UINT32_C(0xfffffffe)); uint32_t x158; uint32_t x159; - fiat_secp256k1_mulx_u32(&x158, &x159, x146, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x158, &x159, x142, UINT32_C(0xfffffc2f)); uint32_t x160; - uint32_t x161; - fiat_secp256k1_mulx_u32(&x160, &x161, x146, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x161; + fiat_secp256k1_addcarryx_u32(&x160, &x161, 0x0, x156, x159); uint32_t x162; - uint32_t x163; - fiat_secp256k1_mulx_u32(&x162, &x163, x146, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x163; + fiat_secp256k1_addcarryx_u32(&x162, &x163, x161, x154, x157); uint32_t x164; fiat_secp256k1_uint1 x165; - fiat_secp256k1_addcarryx_u32(&x164, &x165, 0x0, x160, x163); + fiat_secp256k1_addcarryx_u32(&x164, &x165, x163, x152, x155); uint32_t x166; fiat_secp256k1_uint1 x167; - fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x158, x161); + fiat_secp256k1_addcarryx_u32(&x166, &x167, x165, x150, x153); uint32_t x168; fiat_secp256k1_uint1 x169; - fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x156, x159); + fiat_secp256k1_addcarryx_u32(&x168, &x169, x167, x148, x151); uint32_t x170; fiat_secp256k1_uint1 x171; - fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x154, x157); + fiat_secp256k1_addcarryx_u32(&x170, &x171, x169, x146, x149); uint32_t x172; fiat_secp256k1_uint1 x173; - fiat_secp256k1_addcarryx_u32(&x172, &x173, x171, x152, x155); + fiat_secp256k1_addcarryx_u32(&x172, &x173, x171, x144, x147); uint32_t x174; fiat_secp256k1_uint1 x175; - fiat_secp256k1_addcarryx_u32(&x174, &x175, x173, x150, x153); + fiat_secp256k1_addcarryx_u32(&x174, &x175, 0x0, x158, x126); uint32_t x176; fiat_secp256k1_uint1 x177; - fiat_secp256k1_addcarryx_u32(&x176, &x177, x175, x148, x151); + fiat_secp256k1_addcarryx_u32(&x176, &x177, x175, x160, x128); uint32_t x178; fiat_secp256k1_uint1 x179; - fiat_secp256k1_addcarryx_u32(&x178, &x179, 0x0, x162, x126); + fiat_secp256k1_addcarryx_u32(&x178, &x179, x177, x162, x130); uint32_t x180; fiat_secp256k1_uint1 x181; - fiat_secp256k1_addcarryx_u32(&x180, &x181, x179, x164, x128); + fiat_secp256k1_addcarryx_u32(&x180, &x181, x179, x164, x132); uint32_t x182; fiat_secp256k1_uint1 x183; - fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, x166, x130); + fiat_secp256k1_addcarryx_u32(&x182, &x183, x181, x166, x134); uint32_t x184; fiat_secp256k1_uint1 x185; - fiat_secp256k1_addcarryx_u32(&x184, &x185, x183, x168, x132); + fiat_secp256k1_addcarryx_u32(&x184, &x185, x183, x168, x136); uint32_t x186; fiat_secp256k1_uint1 x187; - fiat_secp256k1_addcarryx_u32(&x186, &x187, x185, x170, x134); + fiat_secp256k1_addcarryx_u32(&x186, &x187, x185, x170, x138); uint32_t x188; fiat_secp256k1_uint1 x189; - fiat_secp256k1_addcarryx_u32(&x188, &x189, x187, x172, x136); + fiat_secp256k1_addcarryx_u32(&x188, &x189, x187, x172, x140); uint32_t x190; fiat_secp256k1_uint1 x191; - fiat_secp256k1_addcarryx_u32(&x190, &x191, x189, x174, x138); + fiat_secp256k1_addcarryx_u32(&x190, &x191, x125, 0x0, 0x0); uint32_t x192; fiat_secp256k1_uint1 x193; - fiat_secp256k1_addcarryx_u32(&x192, &x193, x191, x176, x140); + fiat_secp256k1_addcarryx_u32(&x192, &x193, x141, 0x0, (fiat_secp256k1_uint1)x190); uint32_t x194; fiat_secp256k1_uint1 x195; - fiat_secp256k1_addcarryx_u32(&x194, &x195, x177, 0x0, x149); + fiat_secp256k1_addcarryx_u32(&x194, &x195, x173, 0x0, x145); uint32_t x196; fiat_secp256k1_uint1 x197; - fiat_secp256k1_addcarryx_u32(&x196, &x197, x193, x194, x144); + fiat_secp256k1_addcarryx_u32(&x196, &x197, x189, x194, x192); uint32_t x198; fiat_secp256k1_uint1 x199; - fiat_secp256k1_addcarryx_u32(&x198, &x199, 0x0, (arg1[3]), x180); + fiat_secp256k1_addcarryx_u32(&x198, &x199, 0x0, (arg1[3]), x176); uint32_t x200; fiat_secp256k1_uint1 x201; - fiat_secp256k1_addcarryx_u32(&x200, &x201, x199, 0x0, x182); + fiat_secp256k1_addcarryx_u32(&x200, &x201, x199, 0x0, x178); uint32_t x202; fiat_secp256k1_uint1 x203; - fiat_secp256k1_addcarryx_u32(&x202, &x203, x201, 0x0, x184); + fiat_secp256k1_addcarryx_u32(&x202, &x203, x201, 0x0, x180); uint32_t x204; fiat_secp256k1_uint1 x205; - fiat_secp256k1_addcarryx_u32(&x204, &x205, x203, 0x0, x186); + fiat_secp256k1_addcarryx_u32(&x204, &x205, x203, 0x0, x182); uint32_t x206; fiat_secp256k1_uint1 x207; - fiat_secp256k1_addcarryx_u32(&x206, &x207, x205, 0x0, x188); + fiat_secp256k1_addcarryx_u32(&x206, &x207, x205, 0x0, x184); uint32_t x208; fiat_secp256k1_uint1 x209; - fiat_secp256k1_addcarryx_u32(&x208, &x209, x207, 0x0, x190); + fiat_secp256k1_addcarryx_u32(&x208, &x209, x207, 0x0, x186); uint32_t x210; fiat_secp256k1_uint1 x211; - fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, 0x0, x192); + fiat_secp256k1_addcarryx_u32(&x210, &x211, x209, 0x0, x188); uint32_t x212; fiat_secp256k1_uint1 x213; fiat_secp256k1_addcarryx_u32(&x212, &x213, x211, 0x0, x196); uint32_t x214; - fiat_secp256k1_uint1 x215; - fiat_secp256k1_addcarryx_u32(&x214, &x215, x197, 0x0, x145); + uint32_t x215; + fiat_secp256k1_mulx_u32(&x214, &x215, x198, UINT32_C(0xd2253531)); uint32_t x216; - fiat_secp256k1_uint1 x217; - fiat_secp256k1_addcarryx_u32(&x216, &x217, x213, 0x0, (fiat_secp256k1_uint1)x214); + uint32_t x217; + fiat_secp256k1_mulx_u32(&x216, &x217, x214, UINT32_C(0xffffffff)); uint32_t x218; uint32_t x219; - fiat_secp256k1_mulx_u32(&x218, &x219, x198, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x218, &x219, x214, UINT32_C(0xffffffff)); uint32_t x220; uint32_t x221; - fiat_secp256k1_mulx_u32(&x220, &x221, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x220, &x221, x214, UINT32_C(0xffffffff)); uint32_t x222; uint32_t x223; - fiat_secp256k1_mulx_u32(&x222, &x223, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x222, &x223, x214, UINT32_C(0xffffffff)); uint32_t x224; uint32_t x225; - fiat_secp256k1_mulx_u32(&x224, &x225, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x224, &x225, x214, UINT32_C(0xffffffff)); uint32_t x226; uint32_t x227; - fiat_secp256k1_mulx_u32(&x226, &x227, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x226, &x227, x214, UINT32_C(0xffffffff)); uint32_t x228; uint32_t x229; - fiat_secp256k1_mulx_u32(&x228, &x229, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x228, &x229, x214, UINT32_C(0xfffffffe)); uint32_t x230; uint32_t x231; - fiat_secp256k1_mulx_u32(&x230, &x231, x218, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x230, &x231, x214, UINT32_C(0xfffffc2f)); uint32_t x232; - uint32_t x233; - fiat_secp256k1_mulx_u32(&x232, &x233, x218, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x233; + fiat_secp256k1_addcarryx_u32(&x232, &x233, 0x0, x228, x231); uint32_t x234; - uint32_t x235; - fiat_secp256k1_mulx_u32(&x234, &x235, x218, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x235; + fiat_secp256k1_addcarryx_u32(&x234, &x235, x233, x226, x229); uint32_t x236; fiat_secp256k1_uint1 x237; - fiat_secp256k1_addcarryx_u32(&x236, &x237, 0x0, x232, x235); + fiat_secp256k1_addcarryx_u32(&x236, &x237, x235, x224, x227); uint32_t x238; fiat_secp256k1_uint1 x239; - fiat_secp256k1_addcarryx_u32(&x238, &x239, x237, x230, x233); + fiat_secp256k1_addcarryx_u32(&x238, &x239, x237, x222, x225); uint32_t x240; fiat_secp256k1_uint1 x241; - fiat_secp256k1_addcarryx_u32(&x240, &x241, x239, x228, x231); + fiat_secp256k1_addcarryx_u32(&x240, &x241, x239, x220, x223); uint32_t x242; fiat_secp256k1_uint1 x243; - fiat_secp256k1_addcarryx_u32(&x242, &x243, x241, x226, x229); + fiat_secp256k1_addcarryx_u32(&x242, &x243, x241, x218, x221); uint32_t x244; fiat_secp256k1_uint1 x245; - fiat_secp256k1_addcarryx_u32(&x244, &x245, x243, x224, x227); + fiat_secp256k1_addcarryx_u32(&x244, &x245, x243, x216, x219); uint32_t x246; fiat_secp256k1_uint1 x247; - fiat_secp256k1_addcarryx_u32(&x246, &x247, x245, x222, x225); + fiat_secp256k1_addcarryx_u32(&x246, &x247, 0x0, x230, x198); uint32_t x248; fiat_secp256k1_uint1 x249; - fiat_secp256k1_addcarryx_u32(&x248, &x249, x247, x220, x223); + fiat_secp256k1_addcarryx_u32(&x248, &x249, x247, x232, x200); uint32_t x250; fiat_secp256k1_uint1 x251; - fiat_secp256k1_addcarryx_u32(&x250, &x251, 0x0, x234, x198); + fiat_secp256k1_addcarryx_u32(&x250, &x251, x249, x234, x202); uint32_t x252; fiat_secp256k1_uint1 x253; - fiat_secp256k1_addcarryx_u32(&x252, &x253, x251, x236, x200); + fiat_secp256k1_addcarryx_u32(&x252, &x253, x251, x236, x204); uint32_t x254; fiat_secp256k1_uint1 x255; - fiat_secp256k1_addcarryx_u32(&x254, &x255, x253, x238, x202); + fiat_secp256k1_addcarryx_u32(&x254, &x255, x253, x238, x206); uint32_t x256; fiat_secp256k1_uint1 x257; - fiat_secp256k1_addcarryx_u32(&x256, &x257, x255, x240, x204); + fiat_secp256k1_addcarryx_u32(&x256, &x257, x255, x240, x208); uint32_t x258; fiat_secp256k1_uint1 x259; - fiat_secp256k1_addcarryx_u32(&x258, &x259, x257, x242, x206); + fiat_secp256k1_addcarryx_u32(&x258, &x259, x257, x242, x210); uint32_t x260; fiat_secp256k1_uint1 x261; - fiat_secp256k1_addcarryx_u32(&x260, &x261, x259, x244, x208); + fiat_secp256k1_addcarryx_u32(&x260, &x261, x259, x244, x212); uint32_t x262; fiat_secp256k1_uint1 x263; - fiat_secp256k1_addcarryx_u32(&x262, &x263, x261, x246, x210); + fiat_secp256k1_addcarryx_u32(&x262, &x263, x197, 0x0, 0x0); uint32_t x264; fiat_secp256k1_uint1 x265; - fiat_secp256k1_addcarryx_u32(&x264, &x265, x263, x248, x212); + fiat_secp256k1_addcarryx_u32(&x264, &x265, x213, 0x0, (fiat_secp256k1_uint1)x262); uint32_t x266; fiat_secp256k1_uint1 x267; - fiat_secp256k1_addcarryx_u32(&x266, &x267, x249, 0x0, x221); + fiat_secp256k1_addcarryx_u32(&x266, &x267, x245, 0x0, x217); uint32_t x268; fiat_secp256k1_uint1 x269; - fiat_secp256k1_addcarryx_u32(&x268, &x269, x265, x266, x216); + fiat_secp256k1_addcarryx_u32(&x268, &x269, x261, x266, x264); uint32_t x270; fiat_secp256k1_uint1 x271; - fiat_secp256k1_addcarryx_u32(&x270, &x271, 0x0, (arg1[4]), x252); + fiat_secp256k1_addcarryx_u32(&x270, &x271, 0x0, (arg1[4]), x248); uint32_t x272; fiat_secp256k1_uint1 x273; - fiat_secp256k1_addcarryx_u32(&x272, &x273, x271, 0x0, x254); + fiat_secp256k1_addcarryx_u32(&x272, &x273, x271, 0x0, x250); uint32_t x274; fiat_secp256k1_uint1 x275; - fiat_secp256k1_addcarryx_u32(&x274, &x275, x273, 0x0, x256); + fiat_secp256k1_addcarryx_u32(&x274, &x275, x273, 0x0, x252); uint32_t x276; fiat_secp256k1_uint1 x277; - fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, 0x0, x258); + fiat_secp256k1_addcarryx_u32(&x276, &x277, x275, 0x0, x254); uint32_t x278; fiat_secp256k1_uint1 x279; - fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, 0x0, x260); + fiat_secp256k1_addcarryx_u32(&x278, &x279, x277, 0x0, x256); uint32_t x280; fiat_secp256k1_uint1 x281; - fiat_secp256k1_addcarryx_u32(&x280, &x281, x279, 0x0, x262); + fiat_secp256k1_addcarryx_u32(&x280, &x281, x279, 0x0, x258); uint32_t x282; fiat_secp256k1_uint1 x283; - fiat_secp256k1_addcarryx_u32(&x282, &x283, x281, 0x0, x264); + fiat_secp256k1_addcarryx_u32(&x282, &x283, x281, 0x0, x260); uint32_t x284; fiat_secp256k1_uint1 x285; fiat_secp256k1_addcarryx_u32(&x284, &x285, x283, 0x0, x268); uint32_t x286; - fiat_secp256k1_uint1 x287; - fiat_secp256k1_addcarryx_u32(&x286, &x287, x269, 0x0, x217); + uint32_t x287; + fiat_secp256k1_mulx_u32(&x286, &x287, x270, UINT32_C(0xd2253531)); uint32_t x288; - fiat_secp256k1_uint1 x289; - fiat_secp256k1_addcarryx_u32(&x288, &x289, x285, 0x0, (fiat_secp256k1_uint1)x286); + uint32_t x289; + fiat_secp256k1_mulx_u32(&x288, &x289, x286, UINT32_C(0xffffffff)); uint32_t x290; uint32_t x291; - fiat_secp256k1_mulx_u32(&x290, &x291, x270, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x290, &x291, x286, UINT32_C(0xffffffff)); uint32_t x292; uint32_t x293; - fiat_secp256k1_mulx_u32(&x292, &x293, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x292, &x293, x286, UINT32_C(0xffffffff)); uint32_t x294; uint32_t x295; - fiat_secp256k1_mulx_u32(&x294, &x295, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x294, &x295, x286, UINT32_C(0xffffffff)); uint32_t x296; uint32_t x297; - fiat_secp256k1_mulx_u32(&x296, &x297, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x296, &x297, x286, UINT32_C(0xffffffff)); uint32_t x298; uint32_t x299; - fiat_secp256k1_mulx_u32(&x298, &x299, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x298, &x299, x286, UINT32_C(0xffffffff)); uint32_t x300; uint32_t x301; - fiat_secp256k1_mulx_u32(&x300, &x301, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x300, &x301, x286, UINT32_C(0xfffffffe)); uint32_t x302; uint32_t x303; - fiat_secp256k1_mulx_u32(&x302, &x303, x290, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x302, &x303, x286, UINT32_C(0xfffffc2f)); uint32_t x304; - uint32_t x305; - fiat_secp256k1_mulx_u32(&x304, &x305, x290, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x305; + fiat_secp256k1_addcarryx_u32(&x304, &x305, 0x0, x300, x303); uint32_t x306; - uint32_t x307; - fiat_secp256k1_mulx_u32(&x306, &x307, x290, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x307; + fiat_secp256k1_addcarryx_u32(&x306, &x307, x305, x298, x301); uint32_t x308; fiat_secp256k1_uint1 x309; - fiat_secp256k1_addcarryx_u32(&x308, &x309, 0x0, x304, x307); + fiat_secp256k1_addcarryx_u32(&x308, &x309, x307, x296, x299); uint32_t x310; fiat_secp256k1_uint1 x311; - fiat_secp256k1_addcarryx_u32(&x310, &x311, x309, x302, x305); + fiat_secp256k1_addcarryx_u32(&x310, &x311, x309, x294, x297); uint32_t x312; fiat_secp256k1_uint1 x313; - fiat_secp256k1_addcarryx_u32(&x312, &x313, x311, x300, x303); + fiat_secp256k1_addcarryx_u32(&x312, &x313, x311, x292, x295); uint32_t x314; fiat_secp256k1_uint1 x315; - fiat_secp256k1_addcarryx_u32(&x314, &x315, x313, x298, x301); + fiat_secp256k1_addcarryx_u32(&x314, &x315, x313, x290, x293); uint32_t x316; fiat_secp256k1_uint1 x317; - fiat_secp256k1_addcarryx_u32(&x316, &x317, x315, x296, x299); + fiat_secp256k1_addcarryx_u32(&x316, &x317, x315, x288, x291); uint32_t x318; fiat_secp256k1_uint1 x319; - fiat_secp256k1_addcarryx_u32(&x318, &x319, x317, x294, x297); + fiat_secp256k1_addcarryx_u32(&x318, &x319, 0x0, x302, x270); uint32_t x320; fiat_secp256k1_uint1 x321; - fiat_secp256k1_addcarryx_u32(&x320, &x321, x319, x292, x295); + fiat_secp256k1_addcarryx_u32(&x320, &x321, x319, x304, x272); uint32_t x322; fiat_secp256k1_uint1 x323; - fiat_secp256k1_addcarryx_u32(&x322, &x323, 0x0, x306, x270); + fiat_secp256k1_addcarryx_u32(&x322, &x323, x321, x306, x274); uint32_t x324; fiat_secp256k1_uint1 x325; - fiat_secp256k1_addcarryx_u32(&x324, &x325, x323, x308, x272); + fiat_secp256k1_addcarryx_u32(&x324, &x325, x323, x308, x276); uint32_t x326; fiat_secp256k1_uint1 x327; - fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x310, x274); + fiat_secp256k1_addcarryx_u32(&x326, &x327, x325, x310, x278); uint32_t x328; fiat_secp256k1_uint1 x329; - fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x312, x276); + fiat_secp256k1_addcarryx_u32(&x328, &x329, x327, x312, x280); uint32_t x330; fiat_secp256k1_uint1 x331; - fiat_secp256k1_addcarryx_u32(&x330, &x331, x329, x314, x278); + fiat_secp256k1_addcarryx_u32(&x330, &x331, x329, x314, x282); uint32_t x332; fiat_secp256k1_uint1 x333; - fiat_secp256k1_addcarryx_u32(&x332, &x333, x331, x316, x280); + fiat_secp256k1_addcarryx_u32(&x332, &x333, x331, x316, x284); uint32_t x334; fiat_secp256k1_uint1 x335; - fiat_secp256k1_addcarryx_u32(&x334, &x335, x333, x318, x282); + fiat_secp256k1_addcarryx_u32(&x334, &x335, x269, 0x0, 0x0); uint32_t x336; fiat_secp256k1_uint1 x337; - fiat_secp256k1_addcarryx_u32(&x336, &x337, x335, x320, x284); + fiat_secp256k1_addcarryx_u32(&x336, &x337, x285, 0x0, (fiat_secp256k1_uint1)x334); uint32_t x338; fiat_secp256k1_uint1 x339; - fiat_secp256k1_addcarryx_u32(&x338, &x339, x321, 0x0, x293); + fiat_secp256k1_addcarryx_u32(&x338, &x339, x317, 0x0, x289); uint32_t x340; fiat_secp256k1_uint1 x341; - fiat_secp256k1_addcarryx_u32(&x340, &x341, x337, x338, x288); + fiat_secp256k1_addcarryx_u32(&x340, &x341, x333, x338, x336); uint32_t x342; fiat_secp256k1_uint1 x343; - fiat_secp256k1_addcarryx_u32(&x342, &x343, 0x0, (arg1[5]), x324); + fiat_secp256k1_addcarryx_u32(&x342, &x343, 0x0, (arg1[5]), x320); uint32_t x344; fiat_secp256k1_uint1 x345; - fiat_secp256k1_addcarryx_u32(&x344, &x345, x343, 0x0, x326); + fiat_secp256k1_addcarryx_u32(&x344, &x345, x343, 0x0, x322); uint32_t x346; fiat_secp256k1_uint1 x347; - fiat_secp256k1_addcarryx_u32(&x346, &x347, x345, 0x0, x328); + fiat_secp256k1_addcarryx_u32(&x346, &x347, x345, 0x0, x324); uint32_t x348; fiat_secp256k1_uint1 x349; - fiat_secp256k1_addcarryx_u32(&x348, &x349, x347, 0x0, x330); + fiat_secp256k1_addcarryx_u32(&x348, &x349, x347, 0x0, x326); uint32_t x350; fiat_secp256k1_uint1 x351; - fiat_secp256k1_addcarryx_u32(&x350, &x351, x349, 0x0, x332); + fiat_secp256k1_addcarryx_u32(&x350, &x351, x349, 0x0, x328); uint32_t x352; fiat_secp256k1_uint1 x353; - fiat_secp256k1_addcarryx_u32(&x352, &x353, x351, 0x0, x334); + fiat_secp256k1_addcarryx_u32(&x352, &x353, x351, 0x0, x330); uint32_t x354; fiat_secp256k1_uint1 x355; - fiat_secp256k1_addcarryx_u32(&x354, &x355, x353, 0x0, x336); + fiat_secp256k1_addcarryx_u32(&x354, &x355, x353, 0x0, x332); uint32_t x356; fiat_secp256k1_uint1 x357; fiat_secp256k1_addcarryx_u32(&x356, &x357, x355, 0x0, x340); uint32_t x358; - fiat_secp256k1_uint1 x359; - fiat_secp256k1_addcarryx_u32(&x358, &x359, x341, 0x0, x289); + uint32_t x359; + fiat_secp256k1_mulx_u32(&x358, &x359, x342, UINT32_C(0xd2253531)); uint32_t x360; - fiat_secp256k1_uint1 x361; - fiat_secp256k1_addcarryx_u32(&x360, &x361, x357, 0x0, (fiat_secp256k1_uint1)x358); + uint32_t x361; + fiat_secp256k1_mulx_u32(&x360, &x361, x358, UINT32_C(0xffffffff)); uint32_t x362; uint32_t x363; - fiat_secp256k1_mulx_u32(&x362, &x363, x342, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x362, &x363, x358, UINT32_C(0xffffffff)); uint32_t x364; uint32_t x365; - fiat_secp256k1_mulx_u32(&x364, &x365, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x364, &x365, x358, UINT32_C(0xffffffff)); uint32_t x366; uint32_t x367; - fiat_secp256k1_mulx_u32(&x366, &x367, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x366, &x367, x358, UINT32_C(0xffffffff)); uint32_t x368; uint32_t x369; - fiat_secp256k1_mulx_u32(&x368, &x369, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x368, &x369, x358, UINT32_C(0xffffffff)); uint32_t x370; uint32_t x371; - fiat_secp256k1_mulx_u32(&x370, &x371, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x370, &x371, x358, UINT32_C(0xffffffff)); uint32_t x372; uint32_t x373; - fiat_secp256k1_mulx_u32(&x372, &x373, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x372, &x373, x358, UINT32_C(0xfffffffe)); uint32_t x374; uint32_t x375; - fiat_secp256k1_mulx_u32(&x374, &x375, x362, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x374, &x375, x358, UINT32_C(0xfffffc2f)); uint32_t x376; - uint32_t x377; - fiat_secp256k1_mulx_u32(&x376, &x377, x362, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x377; + fiat_secp256k1_addcarryx_u32(&x376, &x377, 0x0, x372, x375); uint32_t x378; - uint32_t x379; - fiat_secp256k1_mulx_u32(&x378, &x379, x362, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x379; + fiat_secp256k1_addcarryx_u32(&x378, &x379, x377, x370, x373); uint32_t x380; fiat_secp256k1_uint1 x381; - fiat_secp256k1_addcarryx_u32(&x380, &x381, 0x0, x376, x379); + fiat_secp256k1_addcarryx_u32(&x380, &x381, x379, x368, x371); uint32_t x382; fiat_secp256k1_uint1 x383; - fiat_secp256k1_addcarryx_u32(&x382, &x383, x381, x374, x377); + fiat_secp256k1_addcarryx_u32(&x382, &x383, x381, x366, x369); uint32_t x384; fiat_secp256k1_uint1 x385; - fiat_secp256k1_addcarryx_u32(&x384, &x385, x383, x372, x375); + fiat_secp256k1_addcarryx_u32(&x384, &x385, x383, x364, x367); uint32_t x386; fiat_secp256k1_uint1 x387; - fiat_secp256k1_addcarryx_u32(&x386, &x387, x385, x370, x373); + fiat_secp256k1_addcarryx_u32(&x386, &x387, x385, x362, x365); uint32_t x388; fiat_secp256k1_uint1 x389; - fiat_secp256k1_addcarryx_u32(&x388, &x389, x387, x368, x371); + fiat_secp256k1_addcarryx_u32(&x388, &x389, x387, x360, x363); uint32_t x390; fiat_secp256k1_uint1 x391; - fiat_secp256k1_addcarryx_u32(&x390, &x391, x389, x366, x369); + fiat_secp256k1_addcarryx_u32(&x390, &x391, 0x0, x374, x342); uint32_t x392; fiat_secp256k1_uint1 x393; - fiat_secp256k1_addcarryx_u32(&x392, &x393, x391, x364, x367); + fiat_secp256k1_addcarryx_u32(&x392, &x393, x391, x376, x344); uint32_t x394; fiat_secp256k1_uint1 x395; - fiat_secp256k1_addcarryx_u32(&x394, &x395, 0x0, x378, x342); + fiat_secp256k1_addcarryx_u32(&x394, &x395, x393, x378, x346); uint32_t x396; fiat_secp256k1_uint1 x397; - fiat_secp256k1_addcarryx_u32(&x396, &x397, x395, x380, x344); + fiat_secp256k1_addcarryx_u32(&x396, &x397, x395, x380, x348); uint32_t x398; fiat_secp256k1_uint1 x399; - fiat_secp256k1_addcarryx_u32(&x398, &x399, x397, x382, x346); + fiat_secp256k1_addcarryx_u32(&x398, &x399, x397, x382, x350); uint32_t x400; fiat_secp256k1_uint1 x401; - fiat_secp256k1_addcarryx_u32(&x400, &x401, x399, x384, x348); + fiat_secp256k1_addcarryx_u32(&x400, &x401, x399, x384, x352); uint32_t x402; fiat_secp256k1_uint1 x403; - fiat_secp256k1_addcarryx_u32(&x402, &x403, x401, x386, x350); + fiat_secp256k1_addcarryx_u32(&x402, &x403, x401, x386, x354); uint32_t x404; fiat_secp256k1_uint1 x405; - fiat_secp256k1_addcarryx_u32(&x404, &x405, x403, x388, x352); + fiat_secp256k1_addcarryx_u32(&x404, &x405, x403, x388, x356); uint32_t x406; fiat_secp256k1_uint1 x407; - fiat_secp256k1_addcarryx_u32(&x406, &x407, x405, x390, x354); + fiat_secp256k1_addcarryx_u32(&x406, &x407, x341, 0x0, 0x0); uint32_t x408; fiat_secp256k1_uint1 x409; - fiat_secp256k1_addcarryx_u32(&x408, &x409, x407, x392, x356); + fiat_secp256k1_addcarryx_u32(&x408, &x409, x357, 0x0, (fiat_secp256k1_uint1)x406); uint32_t x410; fiat_secp256k1_uint1 x411; - fiat_secp256k1_addcarryx_u32(&x410, &x411, x393, 0x0, x365); + fiat_secp256k1_addcarryx_u32(&x410, &x411, x389, 0x0, x361); uint32_t x412; fiat_secp256k1_uint1 x413; - fiat_secp256k1_addcarryx_u32(&x412, &x413, x409, x410, x360); + fiat_secp256k1_addcarryx_u32(&x412, &x413, x405, x410, x408); uint32_t x414; fiat_secp256k1_uint1 x415; - fiat_secp256k1_addcarryx_u32(&x414, &x415, 0x0, (arg1[6]), x396); + fiat_secp256k1_addcarryx_u32(&x414, &x415, 0x0, (arg1[6]), x392); uint32_t x416; fiat_secp256k1_uint1 x417; - fiat_secp256k1_addcarryx_u32(&x416, &x417, x415, 0x0, x398); + fiat_secp256k1_addcarryx_u32(&x416, &x417, x415, 0x0, x394); uint32_t x418; fiat_secp256k1_uint1 x419; - fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, 0x0, x400); + fiat_secp256k1_addcarryx_u32(&x418, &x419, x417, 0x0, x396); uint32_t x420; fiat_secp256k1_uint1 x421; - fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, 0x0, x402); + fiat_secp256k1_addcarryx_u32(&x420, &x421, x419, 0x0, x398); uint32_t x422; fiat_secp256k1_uint1 x423; - fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, 0x0, x404); + fiat_secp256k1_addcarryx_u32(&x422, &x423, x421, 0x0, x400); uint32_t x424; fiat_secp256k1_uint1 x425; - fiat_secp256k1_addcarryx_u32(&x424, &x425, x423, 0x0, x406); + fiat_secp256k1_addcarryx_u32(&x424, &x425, x423, 0x0, x402); uint32_t x426; fiat_secp256k1_uint1 x427; - fiat_secp256k1_addcarryx_u32(&x426, &x427, x425, 0x0, x408); + fiat_secp256k1_addcarryx_u32(&x426, &x427, x425, 0x0, x404); uint32_t x428; fiat_secp256k1_uint1 x429; fiat_secp256k1_addcarryx_u32(&x428, &x429, x427, 0x0, x412); uint32_t x430; - fiat_secp256k1_uint1 x431; - fiat_secp256k1_addcarryx_u32(&x430, &x431, x413, 0x0, x361); + uint32_t x431; + fiat_secp256k1_mulx_u32(&x430, &x431, x414, UINT32_C(0xd2253531)); uint32_t x432; - fiat_secp256k1_uint1 x433; - fiat_secp256k1_addcarryx_u32(&x432, &x433, x429, 0x0, (fiat_secp256k1_uint1)x430); + uint32_t x433; + fiat_secp256k1_mulx_u32(&x432, &x433, x430, UINT32_C(0xffffffff)); uint32_t x434; uint32_t x435; - fiat_secp256k1_mulx_u32(&x434, &x435, x414, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x434, &x435, x430, UINT32_C(0xffffffff)); uint32_t x436; uint32_t x437; - fiat_secp256k1_mulx_u32(&x436, &x437, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x436, &x437, x430, UINT32_C(0xffffffff)); uint32_t x438; uint32_t x439; - fiat_secp256k1_mulx_u32(&x438, &x439, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x438, &x439, x430, UINT32_C(0xffffffff)); uint32_t x440; uint32_t x441; - fiat_secp256k1_mulx_u32(&x440, &x441, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x440, &x441, x430, UINT32_C(0xffffffff)); uint32_t x442; uint32_t x443; - fiat_secp256k1_mulx_u32(&x442, &x443, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x442, &x443, x430, UINT32_C(0xffffffff)); uint32_t x444; uint32_t x445; - fiat_secp256k1_mulx_u32(&x444, &x445, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x444, &x445, x430, UINT32_C(0xfffffffe)); uint32_t x446; uint32_t x447; - fiat_secp256k1_mulx_u32(&x446, &x447, x434, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x446, &x447, x430, UINT32_C(0xfffffc2f)); uint32_t x448; - uint32_t x449; - fiat_secp256k1_mulx_u32(&x448, &x449, x434, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x449; + fiat_secp256k1_addcarryx_u32(&x448, &x449, 0x0, x444, x447); uint32_t x450; - uint32_t x451; - fiat_secp256k1_mulx_u32(&x450, &x451, x434, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x451; + fiat_secp256k1_addcarryx_u32(&x450, &x451, x449, x442, x445); uint32_t x452; fiat_secp256k1_uint1 x453; - fiat_secp256k1_addcarryx_u32(&x452, &x453, 0x0, x448, x451); + fiat_secp256k1_addcarryx_u32(&x452, &x453, x451, x440, x443); uint32_t x454; fiat_secp256k1_uint1 x455; - fiat_secp256k1_addcarryx_u32(&x454, &x455, x453, x446, x449); + fiat_secp256k1_addcarryx_u32(&x454, &x455, x453, x438, x441); uint32_t x456; fiat_secp256k1_uint1 x457; - fiat_secp256k1_addcarryx_u32(&x456, &x457, x455, x444, x447); + fiat_secp256k1_addcarryx_u32(&x456, &x457, x455, x436, x439); uint32_t x458; fiat_secp256k1_uint1 x459; - fiat_secp256k1_addcarryx_u32(&x458, &x459, x457, x442, x445); + fiat_secp256k1_addcarryx_u32(&x458, &x459, x457, x434, x437); uint32_t x460; fiat_secp256k1_uint1 x461; - fiat_secp256k1_addcarryx_u32(&x460, &x461, x459, x440, x443); + fiat_secp256k1_addcarryx_u32(&x460, &x461, x459, x432, x435); uint32_t x462; fiat_secp256k1_uint1 x463; - fiat_secp256k1_addcarryx_u32(&x462, &x463, x461, x438, x441); + fiat_secp256k1_addcarryx_u32(&x462, &x463, 0x0, x446, x414); uint32_t x464; fiat_secp256k1_uint1 x465; - fiat_secp256k1_addcarryx_u32(&x464, &x465, x463, x436, x439); + fiat_secp256k1_addcarryx_u32(&x464, &x465, x463, x448, x416); uint32_t x466; fiat_secp256k1_uint1 x467; - fiat_secp256k1_addcarryx_u32(&x466, &x467, 0x0, x450, x414); + fiat_secp256k1_addcarryx_u32(&x466, &x467, x465, x450, x418); uint32_t x468; fiat_secp256k1_uint1 x469; - fiat_secp256k1_addcarryx_u32(&x468, &x469, x467, x452, x416); + fiat_secp256k1_addcarryx_u32(&x468, &x469, x467, x452, x420); uint32_t x470; fiat_secp256k1_uint1 x471; - fiat_secp256k1_addcarryx_u32(&x470, &x471, x469, x454, x418); + fiat_secp256k1_addcarryx_u32(&x470, &x471, x469, x454, x422); uint32_t x472; fiat_secp256k1_uint1 x473; - fiat_secp256k1_addcarryx_u32(&x472, &x473, x471, x456, x420); + fiat_secp256k1_addcarryx_u32(&x472, &x473, x471, x456, x424); uint32_t x474; fiat_secp256k1_uint1 x475; - fiat_secp256k1_addcarryx_u32(&x474, &x475, x473, x458, x422); + fiat_secp256k1_addcarryx_u32(&x474, &x475, x473, x458, x426); uint32_t x476; fiat_secp256k1_uint1 x477; - fiat_secp256k1_addcarryx_u32(&x476, &x477, x475, x460, x424); + fiat_secp256k1_addcarryx_u32(&x476, &x477, x475, x460, x428); uint32_t x478; fiat_secp256k1_uint1 x479; - fiat_secp256k1_addcarryx_u32(&x478, &x479, x477, x462, x426); + fiat_secp256k1_addcarryx_u32(&x478, &x479, x413, 0x0, 0x0); uint32_t x480; fiat_secp256k1_uint1 x481; - fiat_secp256k1_addcarryx_u32(&x480, &x481, x479, x464, x428); + fiat_secp256k1_addcarryx_u32(&x480, &x481, x429, 0x0, (fiat_secp256k1_uint1)x478); uint32_t x482; fiat_secp256k1_uint1 x483; - fiat_secp256k1_addcarryx_u32(&x482, &x483, x465, 0x0, x437); + fiat_secp256k1_addcarryx_u32(&x482, &x483, x461, 0x0, x433); uint32_t x484; fiat_secp256k1_uint1 x485; - fiat_secp256k1_addcarryx_u32(&x484, &x485, x481, x482, x432); + fiat_secp256k1_addcarryx_u32(&x484, &x485, x477, x482, x480); uint32_t x486; fiat_secp256k1_uint1 x487; - fiat_secp256k1_addcarryx_u32(&x486, &x487, 0x0, (arg1[7]), x468); + fiat_secp256k1_addcarryx_u32(&x486, &x487, 0x0, (arg1[7]), x464); uint32_t x488; fiat_secp256k1_uint1 x489; - fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, 0x0, x470); + fiat_secp256k1_addcarryx_u32(&x488, &x489, x487, 0x0, x466); uint32_t x490; fiat_secp256k1_uint1 x491; - fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, 0x0, x472); + fiat_secp256k1_addcarryx_u32(&x490, &x491, x489, 0x0, x468); uint32_t x492; fiat_secp256k1_uint1 x493; - fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, 0x0, x474); + fiat_secp256k1_addcarryx_u32(&x492, &x493, x491, 0x0, x470); uint32_t x494; fiat_secp256k1_uint1 x495; - fiat_secp256k1_addcarryx_u32(&x494, &x495, x493, 0x0, x476); + fiat_secp256k1_addcarryx_u32(&x494, &x495, x493, 0x0, x472); uint32_t x496; fiat_secp256k1_uint1 x497; - fiat_secp256k1_addcarryx_u32(&x496, &x497, x495, 0x0, x478); + fiat_secp256k1_addcarryx_u32(&x496, &x497, x495, 0x0, x474); uint32_t x498; fiat_secp256k1_uint1 x499; - fiat_secp256k1_addcarryx_u32(&x498, &x499, x497, 0x0, x480); + fiat_secp256k1_addcarryx_u32(&x498, &x499, x497, 0x0, x476); uint32_t x500; fiat_secp256k1_uint1 x501; fiat_secp256k1_addcarryx_u32(&x500, &x501, x499, 0x0, x484); uint32_t x502; - fiat_secp256k1_uint1 x503; - fiat_secp256k1_addcarryx_u32(&x502, &x503, x485, 0x0, x433); + uint32_t x503; + fiat_secp256k1_mulx_u32(&x502, &x503, x486, UINT32_C(0xd2253531)); uint32_t x504; - fiat_secp256k1_uint1 x505; - fiat_secp256k1_addcarryx_u32(&x504, &x505, x501, 0x0, (fiat_secp256k1_uint1)x502); + uint32_t x505; + fiat_secp256k1_mulx_u32(&x504, &x505, x502, UINT32_C(0xffffffff)); uint32_t x506; uint32_t x507; - fiat_secp256k1_mulx_u32(&x506, &x507, x486, UINT32_C(0xd2253531)); + fiat_secp256k1_mulx_u32(&x506, &x507, x502, UINT32_C(0xffffffff)); uint32_t x508; uint32_t x509; - fiat_secp256k1_mulx_u32(&x508, &x509, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x508, &x509, x502, UINT32_C(0xffffffff)); uint32_t x510; uint32_t x511; - fiat_secp256k1_mulx_u32(&x510, &x511, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x510, &x511, x502, UINT32_C(0xffffffff)); uint32_t x512; uint32_t x513; - fiat_secp256k1_mulx_u32(&x512, &x513, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x512, &x513, x502, UINT32_C(0xffffffff)); uint32_t x514; uint32_t x515; - fiat_secp256k1_mulx_u32(&x514, &x515, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x514, &x515, x502, UINT32_C(0xffffffff)); uint32_t x516; uint32_t x517; - fiat_secp256k1_mulx_u32(&x516, &x517, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x516, &x517, x502, UINT32_C(0xfffffffe)); uint32_t x518; uint32_t x519; - fiat_secp256k1_mulx_u32(&x518, &x519, x506, UINT32_C(0xffffffff)); + fiat_secp256k1_mulx_u32(&x518, &x519, x502, UINT32_C(0xfffffc2f)); uint32_t x520; - uint32_t x521; - fiat_secp256k1_mulx_u32(&x520, &x521, x506, UINT32_C(0xfffffffe)); + fiat_secp256k1_uint1 x521; + fiat_secp256k1_addcarryx_u32(&x520, &x521, 0x0, x516, x519); uint32_t x522; - uint32_t x523; - fiat_secp256k1_mulx_u32(&x522, &x523, x506, UINT32_C(0xfffffc2f)); + fiat_secp256k1_uint1 x523; + fiat_secp256k1_addcarryx_u32(&x522, &x523, x521, x514, x517); uint32_t x524; fiat_secp256k1_uint1 x525; - fiat_secp256k1_addcarryx_u32(&x524, &x525, 0x0, x520, x523); + fiat_secp256k1_addcarryx_u32(&x524, &x525, x523, x512, x515); uint32_t x526; fiat_secp256k1_uint1 x527; - fiat_secp256k1_addcarryx_u32(&x526, &x527, x525, x518, x521); + fiat_secp256k1_addcarryx_u32(&x526, &x527, x525, x510, x513); uint32_t x528; fiat_secp256k1_uint1 x529; - fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x516, x519); + fiat_secp256k1_addcarryx_u32(&x528, &x529, x527, x508, x511); uint32_t x530; fiat_secp256k1_uint1 x531; - fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x514, x517); + fiat_secp256k1_addcarryx_u32(&x530, &x531, x529, x506, x509); uint32_t x532; fiat_secp256k1_uint1 x533; - fiat_secp256k1_addcarryx_u32(&x532, &x533, x531, x512, x515); + fiat_secp256k1_addcarryx_u32(&x532, &x533, x531, x504, x507); uint32_t x534; fiat_secp256k1_uint1 x535; - fiat_secp256k1_addcarryx_u32(&x534, &x535, x533, x510, x513); + fiat_secp256k1_addcarryx_u32(&x534, &x535, 0x0, x518, x486); uint32_t x536; fiat_secp256k1_uint1 x537; - fiat_secp256k1_addcarryx_u32(&x536, &x537, x535, x508, x511); + fiat_secp256k1_addcarryx_u32(&x536, &x537, x535, x520, x488); uint32_t x538; fiat_secp256k1_uint1 x539; - fiat_secp256k1_addcarryx_u32(&x538, &x539, 0x0, x522, x486); + fiat_secp256k1_addcarryx_u32(&x538, &x539, x537, x522, x490); uint32_t x540; fiat_secp256k1_uint1 x541; - fiat_secp256k1_addcarryx_u32(&x540, &x541, x539, x524, x488); + fiat_secp256k1_addcarryx_u32(&x540, &x541, x539, x524, x492); uint32_t x542; fiat_secp256k1_uint1 x543; - fiat_secp256k1_addcarryx_u32(&x542, &x543, x541, x526, x490); + fiat_secp256k1_addcarryx_u32(&x542, &x543, x541, x526, x494); uint32_t x544; fiat_secp256k1_uint1 x545; - fiat_secp256k1_addcarryx_u32(&x544, &x545, x543, x528, x492); + fiat_secp256k1_addcarryx_u32(&x544, &x545, x543, x528, x496); uint32_t x546; fiat_secp256k1_uint1 x547; - fiat_secp256k1_addcarryx_u32(&x546, &x547, x545, x530, x494); + fiat_secp256k1_addcarryx_u32(&x546, &x547, x545, x530, x498); uint32_t x548; fiat_secp256k1_uint1 x549; - fiat_secp256k1_addcarryx_u32(&x548, &x549, x547, x532, x496); + fiat_secp256k1_addcarryx_u32(&x548, &x549, x547, x532, x500); uint32_t x550; fiat_secp256k1_uint1 x551; - fiat_secp256k1_addcarryx_u32(&x550, &x551, x549, x534, x498); + fiat_secp256k1_addcarryx_u32(&x550, &x551, x485, 0x0, 0x0); uint32_t x552; fiat_secp256k1_uint1 x553; - fiat_secp256k1_addcarryx_u32(&x552, &x553, x551, x536, x500); + fiat_secp256k1_addcarryx_u32(&x552, &x553, x501, 0x0, (fiat_secp256k1_uint1)x550); uint32_t x554; fiat_secp256k1_uint1 x555; - fiat_secp256k1_addcarryx_u32(&x554, &x555, x537, 0x0, x509); + fiat_secp256k1_addcarryx_u32(&x554, &x555, x533, 0x0, x505); uint32_t x556; fiat_secp256k1_uint1 x557; - fiat_secp256k1_addcarryx_u32(&x556, &x557, x553, x554, x504); + fiat_secp256k1_addcarryx_u32(&x556, &x557, x549, x554, x552); uint32_t x558; fiat_secp256k1_uint1 x559; - fiat_secp256k1_subborrowx_u32(&x558, &x559, 0x0, x540, UINT32_C(0xfffffc2f)); + fiat_secp256k1_subborrowx_u32(&x558, &x559, 0x0, x536, UINT32_C(0xfffffc2f)); uint32_t x560; fiat_secp256k1_uint1 x561; - fiat_secp256k1_subborrowx_u32(&x560, &x561, x559, x542, UINT32_C(0xfffffffe)); + fiat_secp256k1_subborrowx_u32(&x560, &x561, x559, x538, UINT32_C(0xfffffffe)); uint32_t x562; fiat_secp256k1_uint1 x563; - fiat_secp256k1_subborrowx_u32(&x562, &x563, x561, x544, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x562, &x563, x561, x540, UINT32_C(0xffffffff)); uint32_t x564; fiat_secp256k1_uint1 x565; - fiat_secp256k1_subborrowx_u32(&x564, &x565, x563, x546, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x564, &x565, x563, x542, UINT32_C(0xffffffff)); uint32_t x566; fiat_secp256k1_uint1 x567; - fiat_secp256k1_subborrowx_u32(&x566, &x567, x565, x548, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x566, &x567, x565, x544, UINT32_C(0xffffffff)); uint32_t x568; fiat_secp256k1_uint1 x569; - fiat_secp256k1_subborrowx_u32(&x568, &x569, x567, x550, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x568, &x569, x567, x546, UINT32_C(0xffffffff)); uint32_t x570; fiat_secp256k1_uint1 x571; - fiat_secp256k1_subborrowx_u32(&x570, &x571, x569, x552, UINT32_C(0xffffffff)); + fiat_secp256k1_subborrowx_u32(&x570, &x571, x569, x548, UINT32_C(0xffffffff)); uint32_t x572; fiat_secp256k1_uint1 x573; fiat_secp256k1_subborrowx_u32(&x572, &x573, x571, x556, UINT32_C(0xffffffff)); uint32_t x574; fiat_secp256k1_uint1 x575; - fiat_secp256k1_addcarryx_u32(&x574, &x575, x557, 0x0, x505); + fiat_secp256k1_addcarryx_u32(&x574, &x575, x557, 0x0, 0x0); uint32_t x576; fiat_secp256k1_uint1 x577; fiat_secp256k1_subborrowx_u32(&x576, &x577, x573, (fiat_secp256k1_uint1)x574, 0x0); uint32_t x578; - fiat_secp256k1_cmovznz_u32(&x578, x577, x558, x540); + fiat_secp256k1_cmovznz_u32(&x578, x577, x558, x536); uint32_t x579; - fiat_secp256k1_cmovznz_u32(&x579, x577, x560, x542); + fiat_secp256k1_cmovznz_u32(&x579, x577, x560, x538); uint32_t x580; - fiat_secp256k1_cmovznz_u32(&x580, x577, x562, x544); + fiat_secp256k1_cmovznz_u32(&x580, x577, x562, x540); uint32_t x581; - fiat_secp256k1_cmovznz_u32(&x581, x577, x564, x546); + fiat_secp256k1_cmovznz_u32(&x581, x577, x564, x542); uint32_t x582; - fiat_secp256k1_cmovznz_u32(&x582, x577, x566, x548); + fiat_secp256k1_cmovznz_u32(&x582, x577, x566, x544); uint32_t x583; - fiat_secp256k1_cmovznz_u32(&x583, x577, x568, x550); + fiat_secp256k1_cmovznz_u32(&x583, x577, x568, x546); uint32_t x584; - fiat_secp256k1_cmovznz_u32(&x584, x577, x570, x552); + fiat_secp256k1_cmovznz_u32(&x584, x577, x570, x548); uint32_t x585; fiat_secp256k1_cmovznz_u32(&x585, x577, x572, x556); out1[0] = x578; @@ -3845,101 +3845,94 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint8_t x12 = (uint8_t)(x9 & UINT8_C(0xff)); uint8_t x13 = (uint8_t)(x11 >> 8); uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x15 = (fiat_secp256k1_uint1)(x13 >> 8); - uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); - uint32_t x17 = (x15 + x7); - uint32_t x18 = (x17 >> 8); - uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint32_t x20 = (x18 >> 8); - uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); - uint8_t x22 = (uint8_t)(x20 >> 8); - uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x24 = (fiat_secp256k1_uint1)(x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint32_t x26 = (x24 + x6); - uint32_t x27 = (x26 >> 8); - uint8_t x28 = (uint8_t)(x26 & UINT8_C(0xff)); - uint32_t x29 = (x27 >> 8); + uint8_t x15 = (uint8_t)(x13 & UINT8_C(0xff)); + uint32_t x16 = (0x0 + x7); + uint32_t x17 = (x16 >> 8); + uint8_t x18 = (uint8_t)(x16 & UINT8_C(0xff)); + uint32_t x19 = (x17 >> 8); + uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); + uint8_t x21 = (uint8_t)(x19 >> 8); + uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); + uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); + uint32_t x24 = (0x0 + x6); + uint32_t x25 = (x24 >> 8); + uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); + uint32_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint8_t x29 = (uint8_t)(x27 >> 8); uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint8_t x31 = (uint8_t)(x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x33 = (fiat_secp256k1_uint1)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint32_t x35 = (x33 + x5); - uint32_t x36 = (x35 >> 8); - uint8_t x37 = (uint8_t)(x35 & UINT8_C(0xff)); - uint32_t x38 = (x36 >> 8); - uint8_t x39 = (uint8_t)(x36 & UINT8_C(0xff)); - uint8_t x40 = (uint8_t)(x38 >> 8); - uint8_t x41 = (uint8_t)(x38 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x42 = (fiat_secp256k1_uint1)(x40 >> 8); - uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); - uint32_t x44 = (x42 + x4); - uint32_t x45 = (x44 >> 8); - uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); - uint32_t x47 = (x45 >> 8); - uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x51 = (fiat_secp256k1_uint1)(x49 >> 8); + uint8_t x31 = (uint8_t)(x29 & UINT8_C(0xff)); + uint32_t x32 = (0x0 + x5); + uint32_t x33 = (x32 >> 8); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint32_t x35 = (x33 >> 8); + uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); + uint8_t x37 = (uint8_t)(x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); + uint8_t x39 = (uint8_t)(x37 & UINT8_C(0xff)); + uint32_t x40 = (0x0 + x4); + uint32_t x41 = (x40 >> 8); + uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); + uint32_t x43 = (x41 >> 8); + uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); + uint8_t x45 = (uint8_t)(x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint8_t x47 = (uint8_t)(x45 & UINT8_C(0xff)); + uint32_t x48 = (0x0 + x3); + uint32_t x49 = (x48 >> 8); + uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); + uint32_t x51 = (x49 >> 8); uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint32_t x53 = (x51 + x3); - uint32_t x54 = (x53 >> 8); + uint8_t x53 = (uint8_t)(x51 >> 8); + uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); uint8_t x55 = (uint8_t)(x53 & UINT8_C(0xff)); - uint32_t x56 = (x54 >> 8); - uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); - uint8_t x58 = (uint8_t)(x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x60 = (fiat_secp256k1_uint1)(x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint32_t x62 = (x60 + x2); - uint32_t x63 = (x62 >> 8); - uint8_t x64 = (uint8_t)(x62 & UINT8_C(0xff)); - uint32_t x65 = (x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); - uint8_t x67 = (uint8_t)(x65 >> 8); + uint32_t x56 = (0x0 + x2); + uint32_t x57 = (x56 >> 8); + uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff)); + uint32_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint8_t x61 = (uint8_t)(x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint8_t x63 = (uint8_t)(x61 & UINT8_C(0xff)); + uint32_t x64 = (0x0 + x1); + uint32_t x65 = (x64 >> 8); + uint8_t x66 = (uint8_t)(x64 & UINT8_C(0xff)); + uint32_t x67 = (x65 >> 8); uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x69 = (fiat_secp256k1_uint1)(x67 >> 8); + uint8_t x69 = (uint8_t)(x67 >> 8); uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); - uint32_t x71 = (x69 + x1); - uint32_t x72 = (x71 >> 8); - uint8_t x73 = (uint8_t)(x71 & UINT8_C(0xff)); - uint32_t x74 = (x72 >> 8); - uint8_t x75 = (uint8_t)(x72 & UINT8_C(0xff)); - uint8_t x76 = (uint8_t)(x74 >> 8); - uint8_t x77 = (uint8_t)(x74 & UINT8_C(0xff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; - out1[3] = x16; - out1[4] = x19; - out1[5] = x21; - out1[6] = x23; - out1[7] = x25; - out1[8] = x28; - out1[9] = x30; - out1[10] = x32; - out1[11] = x34; - out1[12] = x37; - out1[13] = x39; - out1[14] = x41; - out1[15] = x43; - out1[16] = x46; - out1[17] = x48; - out1[18] = x50; - out1[19] = x52; - out1[20] = x55; - out1[21] = x57; - out1[22] = x59; - out1[23] = x61; - out1[24] = x64; - out1[25] = x66; - out1[26] = x68; - out1[27] = x70; - out1[28] = x73; - out1[29] = x75; - out1[30] = x77; - out1[31] = x76; + out1[3] = x15; + out1[4] = x18; + out1[5] = x20; + out1[6] = x22; + out1[7] = x23; + out1[8] = x26; + out1[9] = x28; + out1[10] = x30; + out1[11] = x31; + out1[12] = x34; + out1[13] = x36; + out1[14] = x38; + out1[15] = x39; + out1[16] = x42; + out1[17] = x44; + out1[18] = x46; + out1[19] = x47; + out1[20] = x50; + out1[21] = x52; + out1[22] = x54; + out1[23] = x55; + out1[24] = x58; + out1[25] = x60; + out1[26] = x62; + out1[27] = x63; + out1[28] = x66; + out1[29] = x68; + out1[30] = x70; + out1[31] = x69; } /* @@ -3982,41 +3975,34 @@ static void fiat_secp256k1_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) uint32_t x31 = ((uint32_t)(arg1[1]) << 8); uint8_t x32 = (arg1[0]); uint32_t x33 = (x32 + (x31 + (x30 + x29))); - fiat_secp256k1_uint1 x34 = (fiat_secp256k1_uint1)((uint64_t)x33 >> 32); - uint32_t x35 = (x33 & UINT32_C(0xffffffff)); - uint32_t x36 = (x4 + (x3 + (x2 + x1))); - uint32_t x37 = (x8 + (x7 + (x6 + x5))); - uint32_t x38 = (x12 + (x11 + (x10 + x9))); - uint32_t x39 = (x16 + (x15 + (x14 + x13))); - uint32_t x40 = (x20 + (x19 + (x18 + x17))); - uint32_t x41 = (x24 + (x23 + (x22 + x21))); - uint32_t x42 = (x28 + (x27 + (x26 + x25))); - uint32_t x43 = (x34 + x42); - fiat_secp256k1_uint1 x44 = (fiat_secp256k1_uint1)((uint64_t)x43 >> 32); - uint32_t x45 = (x43 & UINT32_C(0xffffffff)); - uint32_t x46 = (x44 + x41); - fiat_secp256k1_uint1 x47 = (fiat_secp256k1_uint1)((uint64_t)x46 >> 32); - uint32_t x48 = (x46 & UINT32_C(0xffffffff)); - uint32_t x49 = (x47 + x40); - fiat_secp256k1_uint1 x50 = (fiat_secp256k1_uint1)((uint64_t)x49 >> 32); - uint32_t x51 = (x49 & UINT32_C(0xffffffff)); - uint32_t x52 = (x50 + x39); - fiat_secp256k1_uint1 x53 = (fiat_secp256k1_uint1)((uint64_t)x52 >> 32); - uint32_t x54 = (x52 & UINT32_C(0xffffffff)); - uint32_t x55 = (x53 + x38); - fiat_secp256k1_uint1 x56 = (fiat_secp256k1_uint1)((uint64_t)x55 >> 32); - uint32_t x57 = (x55 & UINT32_C(0xffffffff)); - uint32_t x58 = (x56 + x37); - fiat_secp256k1_uint1 x59 = (fiat_secp256k1_uint1)((uint64_t)x58 >> 32); - uint32_t x60 = (x58 & UINT32_C(0xffffffff)); - uint32_t x61 = (x59 + x36); - out1[0] = x35; - out1[1] = x45; - out1[2] = x48; - out1[3] = x51; - out1[4] = x54; - out1[5] = x57; - out1[6] = x60; - out1[7] = x61; + uint32_t x34 = (x33 & UINT32_C(0xffffffff)); + uint32_t x35 = (x4 + (x3 + (x2 + x1))); + uint32_t x36 = (x8 + (x7 + (x6 + x5))); + uint32_t x37 = (x12 + (x11 + (x10 + x9))); + uint32_t x38 = (x16 + (x15 + (x14 + x13))); + uint32_t x39 = (x20 + (x19 + (x18 + x17))); + uint32_t x40 = (x24 + (x23 + (x22 + x21))); + uint32_t x41 = (x28 + (x27 + (x26 + x25))); + uint32_t x42 = (0x0 + x41); + uint32_t x43 = (x42 & UINT32_C(0xffffffff)); + uint32_t x44 = (0x0 + x40); + uint32_t x45 = (x44 & UINT32_C(0xffffffff)); + uint32_t x46 = (0x0 + x39); + uint32_t x47 = (x46 & UINT32_C(0xffffffff)); + uint32_t x48 = (0x0 + x38); + uint32_t x49 = (x48 & UINT32_C(0xffffffff)); + uint32_t x50 = (0x0 + x37); + uint32_t x51 = (x50 & UINT32_C(0xffffffff)); + uint32_t x52 = (0x0 + x36); + uint32_t x53 = (x52 & UINT32_C(0xffffffff)); + uint32_t x54 = (0x0 + x35); + out1[0] = x34; + out1[1] = x43; + out1[2] = x45; + out1[3] = x47; + out1[4] = x49; + out1[5] = x51; + out1[6] = x53; + out1[7] = x54; } diff --git a/secp256k1_64.c b/secp256k1_64.c index 749e9bc408..a80485a4fd 100644 --- a/secp256k1_64.c +++ b/secp256k1_64.c @@ -997,197 +997,197 @@ static void fiat_secp256k1_from_montgomery(uint64_t out1[4], const uint64_t arg1 fiat_secp256k1_uint1 x37; fiat_secp256k1_addcarryx_u64(&x36, &x37, x35, 0x0, x28); uint64_t x38; - fiat_secp256k1_uint1 x39; - fiat_secp256k1_addcarryx_u64(&x38, &x39, x29, 0x0, 0x0); + uint64_t x39; + fiat_secp256k1_mulx_u64(&x38, &x39, x30, UINT64_C(0xd838091dd2253531)); uint64_t x40; - fiat_secp256k1_uint1 x41; - fiat_secp256k1_addcarryx_u64(&x40, &x41, x37, 0x0, (fiat_secp256k1_uint1)x38); + uint64_t x41; + fiat_secp256k1_mulx_u64(&x40, &x41, x38, UINT64_C(0xffffffffffffffff)); uint64_t x42; uint64_t x43; - fiat_secp256k1_mulx_u64(&x42, &x43, x30, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x42, &x43, x38, UINT64_C(0xffffffffffffffff)); uint64_t x44; uint64_t x45; - fiat_secp256k1_mulx_u64(&x44, &x45, x42, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x44, &x45, x38, UINT64_C(0xffffffffffffffff)); uint64_t x46; uint64_t x47; - fiat_secp256k1_mulx_u64(&x46, &x47, x42, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x46, &x47, x38, UINT64_C(0xfffffffefffffc2f)); uint64_t x48; - uint64_t x49; - fiat_secp256k1_mulx_u64(&x48, &x49, x42, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_uint1 x49; + fiat_secp256k1_addcarryx_u64(&x48, &x49, 0x0, x44, x47); uint64_t x50; - uint64_t x51; - fiat_secp256k1_mulx_u64(&x50, &x51, x42, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_uint1 x51; + fiat_secp256k1_addcarryx_u64(&x50, &x51, x49, x42, x45); uint64_t x52; fiat_secp256k1_uint1 x53; - fiat_secp256k1_addcarryx_u64(&x52, &x53, 0x0, x48, x51); + fiat_secp256k1_addcarryx_u64(&x52, &x53, x51, x40, x43); uint64_t x54; fiat_secp256k1_uint1 x55; - fiat_secp256k1_addcarryx_u64(&x54, &x55, x53, x46, x49); + fiat_secp256k1_addcarryx_u64(&x54, &x55, 0x0, x46, x30); uint64_t x56; fiat_secp256k1_uint1 x57; - fiat_secp256k1_addcarryx_u64(&x56, &x57, x55, x44, x47); + fiat_secp256k1_addcarryx_u64(&x56, &x57, x55, x48, x32); uint64_t x58; fiat_secp256k1_uint1 x59; - fiat_secp256k1_addcarryx_u64(&x58, &x59, 0x0, x50, x30); + fiat_secp256k1_addcarryx_u64(&x58, &x59, x57, x50, x34); uint64_t x60; fiat_secp256k1_uint1 x61; - fiat_secp256k1_addcarryx_u64(&x60, &x61, x59, x52, x32); + fiat_secp256k1_addcarryx_u64(&x60, &x61, x59, x52, x36); uint64_t x62; fiat_secp256k1_uint1 x63; - fiat_secp256k1_addcarryx_u64(&x62, &x63, x61, x54, x34); + fiat_secp256k1_addcarryx_u64(&x62, &x63, x29, 0x0, 0x0); uint64_t x64; fiat_secp256k1_uint1 x65; - fiat_secp256k1_addcarryx_u64(&x64, &x65, x63, x56, x36); + fiat_secp256k1_addcarryx_u64(&x64, &x65, x37, 0x0, (fiat_secp256k1_uint1)x62); uint64_t x66; fiat_secp256k1_uint1 x67; - fiat_secp256k1_addcarryx_u64(&x66, &x67, x57, 0x0, x45); + fiat_secp256k1_addcarryx_u64(&x66, &x67, x53, 0x0, x41); uint64_t x68; fiat_secp256k1_uint1 x69; - fiat_secp256k1_addcarryx_u64(&x68, &x69, x65, x66, x40); + fiat_secp256k1_addcarryx_u64(&x68, &x69, x61, x66, x64); uint64_t x70; fiat_secp256k1_uint1 x71; - fiat_secp256k1_addcarryx_u64(&x70, &x71, 0x0, (arg1[2]), x60); + fiat_secp256k1_addcarryx_u64(&x70, &x71, 0x0, (arg1[2]), x56); uint64_t x72; fiat_secp256k1_uint1 x73; - fiat_secp256k1_addcarryx_u64(&x72, &x73, x71, 0x0, x62); + fiat_secp256k1_addcarryx_u64(&x72, &x73, x71, 0x0, x58); uint64_t x74; fiat_secp256k1_uint1 x75; - fiat_secp256k1_addcarryx_u64(&x74, &x75, x73, 0x0, x64); + fiat_secp256k1_addcarryx_u64(&x74, &x75, x73, 0x0, x60); uint64_t x76; fiat_secp256k1_uint1 x77; fiat_secp256k1_addcarryx_u64(&x76, &x77, x75, 0x0, x68); uint64_t x78; - fiat_secp256k1_uint1 x79; - fiat_secp256k1_addcarryx_u64(&x78, &x79, x69, 0x0, x41); + uint64_t x79; + fiat_secp256k1_mulx_u64(&x78, &x79, x70, UINT64_C(0xd838091dd2253531)); uint64_t x80; - fiat_secp256k1_uint1 x81; - fiat_secp256k1_addcarryx_u64(&x80, &x81, x77, 0x0, (fiat_secp256k1_uint1)x78); + uint64_t x81; + fiat_secp256k1_mulx_u64(&x80, &x81, x78, UINT64_C(0xffffffffffffffff)); uint64_t x82; uint64_t x83; - fiat_secp256k1_mulx_u64(&x82, &x83, x70, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x82, &x83, x78, UINT64_C(0xffffffffffffffff)); uint64_t x84; uint64_t x85; - fiat_secp256k1_mulx_u64(&x84, &x85, x82, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x84, &x85, x78, UINT64_C(0xffffffffffffffff)); uint64_t x86; uint64_t x87; - fiat_secp256k1_mulx_u64(&x86, &x87, x82, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x86, &x87, x78, UINT64_C(0xfffffffefffffc2f)); uint64_t x88; - uint64_t x89; - fiat_secp256k1_mulx_u64(&x88, &x89, x82, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_uint1 x89; + fiat_secp256k1_addcarryx_u64(&x88, &x89, 0x0, x84, x87); uint64_t x90; - uint64_t x91; - fiat_secp256k1_mulx_u64(&x90, &x91, x82, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_uint1 x91; + fiat_secp256k1_addcarryx_u64(&x90, &x91, x89, x82, x85); uint64_t x92; fiat_secp256k1_uint1 x93; - fiat_secp256k1_addcarryx_u64(&x92, &x93, 0x0, x88, x91); + fiat_secp256k1_addcarryx_u64(&x92, &x93, x91, x80, x83); uint64_t x94; fiat_secp256k1_uint1 x95; - fiat_secp256k1_addcarryx_u64(&x94, &x95, x93, x86, x89); + fiat_secp256k1_addcarryx_u64(&x94, &x95, 0x0, x86, x70); uint64_t x96; fiat_secp256k1_uint1 x97; - fiat_secp256k1_addcarryx_u64(&x96, &x97, x95, x84, x87); + fiat_secp256k1_addcarryx_u64(&x96, &x97, x95, x88, x72); uint64_t x98; fiat_secp256k1_uint1 x99; - fiat_secp256k1_addcarryx_u64(&x98, &x99, 0x0, x90, x70); + fiat_secp256k1_addcarryx_u64(&x98, &x99, x97, x90, x74); uint64_t x100; fiat_secp256k1_uint1 x101; - fiat_secp256k1_addcarryx_u64(&x100, &x101, x99, x92, x72); + fiat_secp256k1_addcarryx_u64(&x100, &x101, x99, x92, x76); uint64_t x102; fiat_secp256k1_uint1 x103; - fiat_secp256k1_addcarryx_u64(&x102, &x103, x101, x94, x74); + fiat_secp256k1_addcarryx_u64(&x102, &x103, x69, 0x0, 0x0); uint64_t x104; fiat_secp256k1_uint1 x105; - fiat_secp256k1_addcarryx_u64(&x104, &x105, x103, x96, x76); + fiat_secp256k1_addcarryx_u64(&x104, &x105, x77, 0x0, (fiat_secp256k1_uint1)x102); uint64_t x106; fiat_secp256k1_uint1 x107; - fiat_secp256k1_addcarryx_u64(&x106, &x107, x97, 0x0, x85); + fiat_secp256k1_addcarryx_u64(&x106, &x107, x93, 0x0, x81); uint64_t x108; fiat_secp256k1_uint1 x109; - fiat_secp256k1_addcarryx_u64(&x108, &x109, x105, x106, x80); + fiat_secp256k1_addcarryx_u64(&x108, &x109, x101, x106, x104); uint64_t x110; fiat_secp256k1_uint1 x111; - fiat_secp256k1_addcarryx_u64(&x110, &x111, 0x0, (arg1[3]), x100); + fiat_secp256k1_addcarryx_u64(&x110, &x111, 0x0, (arg1[3]), x96); uint64_t x112; fiat_secp256k1_uint1 x113; - fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, 0x0, x102); + fiat_secp256k1_addcarryx_u64(&x112, &x113, x111, 0x0, x98); uint64_t x114; fiat_secp256k1_uint1 x115; - fiat_secp256k1_addcarryx_u64(&x114, &x115, x113, 0x0, x104); + fiat_secp256k1_addcarryx_u64(&x114, &x115, x113, 0x0, x100); uint64_t x116; fiat_secp256k1_uint1 x117; fiat_secp256k1_addcarryx_u64(&x116, &x117, x115, 0x0, x108); uint64_t x118; - fiat_secp256k1_uint1 x119; - fiat_secp256k1_addcarryx_u64(&x118, &x119, x109, 0x0, x81); + uint64_t x119; + fiat_secp256k1_mulx_u64(&x118, &x119, x110, UINT64_C(0xd838091dd2253531)); uint64_t x120; - fiat_secp256k1_uint1 x121; - fiat_secp256k1_addcarryx_u64(&x120, &x121, x117, 0x0, (fiat_secp256k1_uint1)x118); + uint64_t x121; + fiat_secp256k1_mulx_u64(&x120, &x121, x118, UINT64_C(0xffffffffffffffff)); uint64_t x122; uint64_t x123; - fiat_secp256k1_mulx_u64(&x122, &x123, x110, UINT64_C(0xd838091dd2253531)); + fiat_secp256k1_mulx_u64(&x122, &x123, x118, UINT64_C(0xffffffffffffffff)); uint64_t x124; uint64_t x125; - fiat_secp256k1_mulx_u64(&x124, &x125, x122, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x124, &x125, x118, UINT64_C(0xffffffffffffffff)); uint64_t x126; uint64_t x127; - fiat_secp256k1_mulx_u64(&x126, &x127, x122, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_mulx_u64(&x126, &x127, x118, UINT64_C(0xfffffffefffffc2f)); uint64_t x128; - uint64_t x129; - fiat_secp256k1_mulx_u64(&x128, &x129, x122, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_uint1 x129; + fiat_secp256k1_addcarryx_u64(&x128, &x129, 0x0, x124, x127); uint64_t x130; - uint64_t x131; - fiat_secp256k1_mulx_u64(&x130, &x131, x122, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_uint1 x131; + fiat_secp256k1_addcarryx_u64(&x130, &x131, x129, x122, x125); uint64_t x132; fiat_secp256k1_uint1 x133; - fiat_secp256k1_addcarryx_u64(&x132, &x133, 0x0, x128, x131); + fiat_secp256k1_addcarryx_u64(&x132, &x133, x131, x120, x123); uint64_t x134; fiat_secp256k1_uint1 x135; - fiat_secp256k1_addcarryx_u64(&x134, &x135, x133, x126, x129); + fiat_secp256k1_addcarryx_u64(&x134, &x135, 0x0, x126, x110); uint64_t x136; fiat_secp256k1_uint1 x137; - fiat_secp256k1_addcarryx_u64(&x136, &x137, x135, x124, x127); + fiat_secp256k1_addcarryx_u64(&x136, &x137, x135, x128, x112); uint64_t x138; fiat_secp256k1_uint1 x139; - fiat_secp256k1_addcarryx_u64(&x138, &x139, 0x0, x130, x110); + fiat_secp256k1_addcarryx_u64(&x138, &x139, x137, x130, x114); uint64_t x140; fiat_secp256k1_uint1 x141; - fiat_secp256k1_addcarryx_u64(&x140, &x141, x139, x132, x112); + fiat_secp256k1_addcarryx_u64(&x140, &x141, x139, x132, x116); uint64_t x142; fiat_secp256k1_uint1 x143; - fiat_secp256k1_addcarryx_u64(&x142, &x143, x141, x134, x114); + fiat_secp256k1_addcarryx_u64(&x142, &x143, x109, 0x0, 0x0); uint64_t x144; fiat_secp256k1_uint1 x145; - fiat_secp256k1_addcarryx_u64(&x144, &x145, x143, x136, x116); + fiat_secp256k1_addcarryx_u64(&x144, &x145, x117, 0x0, (fiat_secp256k1_uint1)x142); uint64_t x146; fiat_secp256k1_uint1 x147; - fiat_secp256k1_addcarryx_u64(&x146, &x147, x137, 0x0, x125); + fiat_secp256k1_addcarryx_u64(&x146, &x147, x133, 0x0, x121); uint64_t x148; fiat_secp256k1_uint1 x149; - fiat_secp256k1_addcarryx_u64(&x148, &x149, x145, x146, x120); + fiat_secp256k1_addcarryx_u64(&x148, &x149, x141, x146, x144); uint64_t x150; fiat_secp256k1_uint1 x151; - fiat_secp256k1_subborrowx_u64(&x150, &x151, 0x0, x140, UINT64_C(0xfffffffefffffc2f)); + fiat_secp256k1_subborrowx_u64(&x150, &x151, 0x0, x136, UINT64_C(0xfffffffefffffc2f)); uint64_t x152; fiat_secp256k1_uint1 x153; - fiat_secp256k1_subborrowx_u64(&x152, &x153, x151, x142, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x152, &x153, x151, x138, UINT64_C(0xffffffffffffffff)); uint64_t x154; fiat_secp256k1_uint1 x155; - fiat_secp256k1_subborrowx_u64(&x154, &x155, x153, x144, UINT64_C(0xffffffffffffffff)); + fiat_secp256k1_subborrowx_u64(&x154, &x155, x153, x140, UINT64_C(0xffffffffffffffff)); uint64_t x156; fiat_secp256k1_uint1 x157; fiat_secp256k1_subborrowx_u64(&x156, &x157, x155, x148, UINT64_C(0xffffffffffffffff)); uint64_t x158; fiat_secp256k1_uint1 x159; - fiat_secp256k1_addcarryx_u64(&x158, &x159, x149, 0x0, x121); + fiat_secp256k1_addcarryx_u64(&x158, &x159, x149, 0x0, 0x0); uint64_t x160; fiat_secp256k1_uint1 x161; fiat_secp256k1_subborrowx_u64(&x160, &x161, x157, (fiat_secp256k1_uint1)x158, 0x0); uint64_t x162; - fiat_secp256k1_cmovznz_u64(&x162, x161, x150, x140); + fiat_secp256k1_cmovznz_u64(&x162, x161, x150, x136); uint64_t x163; - fiat_secp256k1_cmovznz_u64(&x163, x161, x152, x142); + fiat_secp256k1_cmovznz_u64(&x163, x161, x152, x138); uint64_t x164; - fiat_secp256k1_cmovznz_u64(&x164, x161, x154, x144); + fiat_secp256k1_cmovznz_u64(&x164, x161, x154, x140); uint64_t x165; fiat_secp256k1_cmovznz_u64(&x165, x161, x156, x148); out1[0] = x162; @@ -1255,28 +1255,28 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x16 = (uint8_t)(x13 & UINT8_C(0xff)); uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x19 = (fiat_secp256k1_uint1)(x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x21 = (x19 + x3); - uint64_t x22 = (x21 >> 8); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x24 = (x22 >> 8); - uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); - uint64_t x26 = (x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x28 = (x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint64_t x30 = (x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - uint64_t x32 = (x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint8_t x34 = (uint8_t)(x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x36 = (fiat_secp256k1_uint1)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - uint64_t x38 = (x36 + x2); - uint64_t x39 = (x38 >> 8); - uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); + uint64_t x20 = (0x0 + x3); + uint64_t x21 = (x20 >> 8); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x23 = (x21 >> 8); + uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); + uint64_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint64_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint64_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint8_t x33 = (uint8_t)(x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); + uint64_t x36 = (0x0 + x2); + uint64_t x37 = (x36 >> 8); + uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); uint64_t x43 = (x41 >> 8); @@ -1285,27 +1285,24 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); uint64_t x47 = (x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint64_t x49 = (x47 >> 8); + uint8_t x49 = (uint8_t)(x47 >> 8); uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - fiat_secp256k1_uint1 x53 = (fiat_secp256k1_uint1)(x51 >> 8); - uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - uint64_t x55 = (x53 + x1); - uint64_t x56 = (x55 >> 8); - uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x58 = (x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - uint64_t x60 = (x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint64_t x62 = (x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - uint64_t x64 = (x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint64_t x66 = (x64 >> 8); - uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); - uint8_t x68 = (uint8_t)(x66 >> 8); - uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); + uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); + uint64_t x52 = (0x0 + x1); + uint64_t x53 = (x52 >> 8); + uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x55 = (x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint64_t x57 = (x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); + uint64_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint64_t x61 = (x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint64_t x63 = (x61 >> 8); + uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); + uint8_t x65 = (uint8_t)(x63 >> 8); + uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1313,31 +1310,31 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[4] = x14; out1[5] = x16; out1[6] = x18; - out1[7] = x20; - out1[8] = x23; - out1[9] = x25; - out1[10] = x27; - out1[11] = x29; - out1[12] = x31; - out1[13] = x33; - out1[14] = x35; - out1[15] = x37; - out1[16] = x40; - out1[17] = x42; - out1[18] = x44; - out1[19] = x46; - out1[20] = x48; - out1[21] = x50; - out1[22] = x52; - out1[23] = x54; - out1[24] = x57; - out1[25] = x59; - out1[26] = x61; - out1[27] = x63; - out1[28] = x65; - out1[29] = x67; - out1[30] = x69; - out1[31] = x68; + out1[7] = x19; + out1[8] = x22; + out1[9] = x24; + out1[10] = x26; + out1[11] = x28; + out1[12] = x30; + out1[13] = x32; + out1[14] = x34; + out1[15] = x35; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x44; + out1[20] = x46; + out1[21] = x48; + out1[22] = x50; + out1[23] = x51; + out1[24] = x54; + out1[25] = x56; + out1[26] = x58; + out1[27] = x60; + out1[28] = x62; + out1[29] = x64; + out1[30] = x66; + out1[31] = x65; } /* @@ -1380,21 +1377,18 @@ static void fiat_secp256k1_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) uint64_t x31 = ((uint64_t)(arg1[1]) << 8); uint8_t x32 = (arg1[0]); uint64_t x33 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); - fiat_secp256k1_uint1 x34 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint128)x33 >> 64); - uint64_t x35 = (x33 & UINT64_C(0xffffffffffffffff)); - uint64_t x36 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); - uint64_t x37 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); - uint64_t x38 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x39 = (x34 + x38); - fiat_secp256k1_uint1 x40 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint128)x39 >> 64); - uint64_t x41 = (x39 & UINT64_C(0xffffffffffffffff)); - uint64_t x42 = (x40 + x37); - fiat_secp256k1_uint1 x43 = (fiat_secp256k1_uint1)((fiat_secp256k1_uint128)x42 >> 64); - uint64_t x44 = (x42 & UINT64_C(0xffffffffffffffff)); - uint64_t x45 = (x43 + x36); - out1[0] = x35; - out1[1] = x41; - out1[2] = x44; - out1[3] = x45; + uint64_t x34 = (x33 & UINT64_C(0xffffffffffffffff)); + uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); + uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); + uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); + uint64_t x38 = (0x0 + x37); + uint64_t x39 = (x38 & UINT64_C(0xffffffffffffffff)); + uint64_t x40 = (0x0 + x36); + uint64_t x41 = (x40 & UINT64_C(0xffffffffffffffff)); + uint64_t x42 = (0x0 + x35); + out1[0] = x34; + out1[1] = x39; + out1[2] = x41; + out1[3] = x42; } diff --git a/src/PushButtonSynthesis.v b/src/PushButtonSynthesis.v index 0c7f0c994e..e20904f63f 100644 --- a/src/PushButtonSynthesis.v +++ b/src/PushButtonSynthesis.v @@ -212,11 +212,13 @@ Local Opaque reified_%s_gen. (* needed for making [autorewrite] not take a very Definition saturated_bounds : ZRange.type.option.interp (base.type.list (base.type.Z)) := Some saturated_bounds_list. + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [machine_wordsize; 2 * machine_wordsize]%Z. + := [0; machine_wordsize; 2 * machine_wordsize]%Z. Definition possible_values_of_machine_wordsize_with_bytes - := [1; 8; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; 8; machine_wordsize; 2 * machine_wordsize]%Z. Let possible_values := possible_values_of_machine_wordsize. Let possible_values_with_bytes := possible_values_of_machine_wordsize_with_bytes. @@ -600,11 +602,13 @@ Local Opaque reified_%s_gen. (* needed for making [autorewrite] not take a very Definition m_enc : list Z := encode (weight (Qnum limbwidth) (Qden limbwidth)) n s c m. + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [machine_wordsize; 2 * machine_wordsize]%Z. + := [0; machine_wordsize; 2 * machine_wordsize]%Z. Definition possible_values_of_machine_wordsize_with_bytes - := [1; 8; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; 8; machine_wordsize; 2 * machine_wordsize]%Z. Let possible_values := possible_values_of_machine_wordsize. Let possible_values_with_bytes := possible_values_of_machine_wordsize_with_bytes. @@ -1131,8 +1135,10 @@ Module SaturatedSolinas. (c : list (Z * Z)) (machine_wordsize : Z). + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [1; machine_wordsize]%Z. + := [0; 1; machine_wordsize]%Z. Let n : nat := Z.to_nat (Qceiling (Z.log2_up s / machine_wordsize)). Let m := s - Associational.eval c. @@ -1518,11 +1524,13 @@ Local Opaque reified_%s_gen. (* needed for making [autorewrite] not take a very Local Notation saturated_bounds_list := (saturated_bounds_list n machine_wordsize). Local Notation saturated_bounds := (saturated_bounds n machine_wordsize). + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [1; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; machine_wordsize; 2 * machine_wordsize]%Z. Definition possible_values_of_machine_wordsize_with_bytes - := [1; 8; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; 8; machine_wordsize; 2 * machine_wordsize]%Z. Let possible_values := possible_values_of_machine_wordsize. Let possible_values_with_bytes := possible_values_of_machine_wordsize_with_bytes. @@ -2825,8 +2833,10 @@ Module BarrettReduction. Let muLow := mu mod (2 ^ machine_wordsize). Let consts_list := [M; muLow]. + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [1; machine_wordsize / 2; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; machine_wordsize / 2; machine_wordsize; 2 * machine_wordsize]%Z. Let possible_values := possible_values_of_machine_wordsize. Definition check_args {T} (res : Pipeline.ErrorT T) @@ -3026,8 +3036,10 @@ Module MontgomeryReduction. Let bound := Some value_range. Let consts_list := [N; N']. + (* We include [0], so that even after bounds relaxation, we can + notice where the constant 0s are, and remove them. *) Definition possible_values_of_machine_wordsize - := [1; machine_wordsize / 2; machine_wordsize; 2 * machine_wordsize]%Z. + := [0; 1; machine_wordsize / 2; machine_wordsize; 2 * machine_wordsize]%Z. Local Arguments possible_values_of_machine_wordsize / . Let possible_values := possible_values_of_machine_wordsize. diff --git a/src/Rewriter.v b/src/Rewriter.v index 76071b866a..8bbf131732 100644 --- a/src/Rewriter.v +++ b/src/Rewriter.v @@ -1790,6 +1790,8 @@ Module Compilers. := [make_rewrite (#(@pattern.ident.fst '1 '2) @ (??, ??)) (fun _ _ x y => x) ; make_rewrite (#(@pattern.ident.snd '1 '2) @ (??, ??)) (fun _ x _ y => y) + ; make_rewriteo (??') (fun r v => ##(lower r) when lower r =? upper r) + ; make_rewriteo (#?ℤ - (-'??')) (fun z rnv rv v => cst rv v when (z =? 0) && (ZRange.normalize rv <=? -ZRange.normalize rnv)%zrange) diff --git a/src/RewriterRulesInterpGood.v b/src/RewriterRulesInterpGood.v index 40177e3a09..469f0cb317 100644 --- a/src/RewriterRulesInterpGood.v +++ b/src/RewriterRulesInterpGood.v @@ -502,7 +502,11 @@ Module Compilers. => rewrite (@ident.cast_idempotent _ _ r) | [ H : is_bounded_by_bool _ ?r = true |- _] => is_var r; unique pose proof (ZRange.is_bounded_by_normalize _ _ H) - + | [ H : lower ?x = upper ?x |- _ ] => is_var x; destruct x; cbn [upper lower] in * + | [ H : is_bounded_by_bool ?x (ZRange.normalize r[?y~>?y]) = true |- _ ] + => apply ZRange.is_bounded_by_bool_normalize_constant_iff in H + | [ H : is_bounded_by_bool ?x r[?y~>?y] = true |- _ ] + => apply ZRange.is_bounded_by_bool_constant_iff in H end | progress intros | progress subst diff --git a/src/arith_with_casts_rewrite_head.out b/src/arith_with_casts_rewrite_head.out index 2baf1c5d27..053110d891 100644 --- a/src/arith_with_casts_rewrite_head.out +++ b/src/arith_with_casts_rewrite_head.out @@ -888,440 +888,71 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with | Z_cc_m => fun x x0 : expr ℤ => Base (#(Z_cc_m)%expr @ x @ x0)%expr_pat | Z_cast range => fun x : expr ℤ => - (match x with - | @expr.Ident _ _ _ t idc => - args <- invert_bind_args idc Raw.ident.Literal; - match - pattern.type.unify_extracted_cps ℤ (projT1 args) option - (fun x0 : option => x0) - with - | Some _ => - if type.type_beq base.type base.type.type_beq ℤ (projT1 args) - then - xv <- ident.unify pattern.ident.Literal ##(projT2 args); - fv <- (x0 <- (if - is_bounded_by_bool (let (x0, _) := xv in x0) - range - then Some (##(let (x0, _) := xv in x0))%expr - else None); - Some (Base x0)); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | @expr.App _ _ _ s _ (@expr.Ident _ _ _ t idc) x0 => - args <- invert_bind_args idc Raw.ident.Z_cast; - match - pattern.type.unify_extracted_cps ℤ s option - (fun x1 : option => x1) - with - | Some _ => - if type.type_beq base.type base.type.type_beq ℤ s - then - v <- type.try_make_transport_cps s ℤ; - fv <- (x1 <- (if - (ZRange.normalize args <=? - ZRange.normalize range)%zrange - then - Some - (#(Z_cast args)%expr @ v (Compile.reflect x0))%expr_pat - else None); - Some (Base x1)); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t idc) x2) x1) x0 => - _ <- invert_bind_args idc Raw.ident.Z_add_with_carry; - match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) - with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype - then - v <- type.try_make_transport_cps s1 ℤ; - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - Some - (UnderLet - (#(Z_cast range)%expr @ - (#(Z_add_with_carry)%expr @ v (Compile.reflect x2) @ - v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat - (fun v2 : var ℤ => - Base (#(Z_cast range)%expr @ ($v2)%expr)%expr_pat)) - else None - | None => None - end - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ ($_)%expr _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _) - _) _ | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (_ @ _)%expr_pat _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _ => None - | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ #(_)%expr_pat _) _ | - @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App _ - _ _ s _ (@expr.App _ _ _ s0 _ (@expr.Abs _ _ _ _ _ _) _) _ | @expr.App - _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.LetIn _ _ _ _ _ _ _) _) _ => - None - | @expr.App _ _ _ s _ ($_)%expr _ | @expr.App _ _ _ s _ - (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s _ - (@expr.LetIn _ _ _ _ _ _ _) _ => None - | _ => None - end;;; - Base (#(Z_cast range)%expr @ x)%expr_pat)%option -| Z_cast2 range => - fun x : expr (ℤ * ℤ)%etype => - ((match x with - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) x1) x0 => - args <- invert_bind_args idc Raw.ident.pair; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ -> (ℤ * ℤ)%pbtype) -> ℤ) -> ℤ)%ptype - ((((let (x2, _) := args in x2) -> - (let (_, y) := args in y) -> - ((let (x2, _) := args in x2) * (let (_, y) := args in y))%etype) -> - s0) -> s)%ptype option (fun x2 : option => x2) - with - | Some (_, (_, (_, _)), _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ -> (ℤ * ℤ)%etype) -> ℤ) -> ℤ)%ptype - ((((let (x2, _) := args in x2) -> - (let (_, y) := args in y) -> - ((let (x2, _) := args in x2) * (let (_, y) := args in y))%etype) -> - s0) -> s)%ptype - then - _ <- ident.unify pattern.ident.pair pair; - v <- type.try_make_transport_cps s0 ℤ; - v0 <- type.try_make_transport_cps s ℤ; - Some - (fv0 <-- do_again (ℤ * ℤ) - (#(Z_cast (Datatypes.fst range))%expr @ - ($(v (Compile.reflect x1)))%expr, - #(Z_cast (Datatypes.snd range))%expr @ - ($(v0 (Compile.reflect x0)))%expr)%expr_pat; + (((match + pattern.type.unify_extracted_cps ℤ ℤ option (fun x0 : option => x0) + with + | Some _ => + if type.type_beq base.type base.type.type_beq ℤ ℤ + then + fv <- (x0 <- (if lower range =? upper range + then Some (##(lower range))%expr + else None); + Some (Base x0)); + Some (fv0 <-- fv; Base fv0)%under_lets - else None - | None => None - end - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t idc) x2) x1) x0 => - (match x1 with - | (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.Ident _ _ _ t2 idc2) x5))%expr_pat => - args <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args1 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; - match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s4) -> s)%ptype option (fun x6 : option => x6) - with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s4) -> s)%ptype - then - v <- type.try_make_transport_cps s1 ℤ; - v0 <- type.try_make_transport_cps s4 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - fv <- (if - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange - then - Some - (UnderLet - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - (#(Z_sub_get_borrow)%expr @ - v (Compile.reflect x2) @ - v1 (Compile.reflect x0) @ - (#(Z_cast args)%expr @ - v0 (Compile.reflect x5))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ ($_)%expr _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t0 idc0 @ (@expr.Ident _ _ _ t1 idc1 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t0 idc0 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x0 with - | (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.Ident _ _ _ t2 idc2) x5))%expr_pat => - args <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args1 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; - match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s0) -> s4)%ptype option (fun x6 : option => x6) - with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s4)%ptype - then - v <- type.try_make_transport_cps s1 ℤ; - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s4 ℤ; - fv <- (if - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange - then - Some - (UnderLet - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - (#(Z_sub_get_borrow)%expr @ - v (Compile.reflect x2) @ - v0 (Compile.reflect x1) @ - (#(Z_cast args)%expr @ - v1 (Compile.reflect x5))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ ($_)%expr _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t0 idc0 @ (@expr.Ident _ _ _ t1 idc1 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ - (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t0 idc0 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t0 idc0 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x1 with - | @expr.Ident _ _ _ t0 idc0 => - args <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; - match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> (projT1 args)) -> s)%ptype option - (fun x3 : option => x3) - with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> (projT1 args)) -> s)%ptype - then - v <- type.try_make_transport_cps s1 ℤ; - xv <- ident.unify pattern.ident.Literal ##(projT2 args); - v0 <- type.try_make_transport_cps s ℤ; - fv <- (if (let (x3, _) := xv in x3) - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | _ => None - end;; - match x0 with - | @expr.Ident _ _ _ t0 idc0 => - args <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; - match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s0) -> (projT1 args))%ptype option - (fun x3 : option => x3) - with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s0) -> (projT1 args))%ptype - then - v <- type.try_make_transport_cps s1 ℤ; - v0 <- type.try_make_transport_cps s0 ℤ; - xv <- ident.unify pattern.ident.Literal ##(projT2 args); - fv <- (if (let (x3, _) := xv in x3) - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | _ => None - end;; - _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; + else None + | None => None + end;; + match x with + | @expr.Ident _ _ _ t idc => + args <- invert_bind_args idc Raw.ident.Literal; match - pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype - ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) + pattern.type.unify_extracted_cps ℤ (projT1 args) option + (fun x0 : option => x0) with - | Some (_, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype + | Some _ => + if type.type_beq base.type base.type.type_beq ℤ (projT1 args) then - v <- type.try_make_transport_cps s1 ℤ; - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - Some - (UnderLet - (#(Z_cast2 range)%expr @ - (#(Z_add_get_carry)%expr @ v (Compile.reflect x2) @ - v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat - (fun v2 : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)))%expr_pat)) + xv <- ident.unify pattern.ident.Literal ##(projT2 args); + fv <- (x0 <- (if + is_bounded_by_bool (let (x0, _) := xv in x0) + range + then Some (##(let (x0, _) := xv in x0))%expr + else None); + Some (Base x0)); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | @expr.App _ _ _ s _ (@expr.Ident _ _ _ t idc) x0 => + args <- invert_bind_args idc Raw.ident.Z_cast; + match + pattern.type.unify_extracted_cps ℤ s option + (fun x1 : option => x1) + with + | Some _ => + if type.type_beq base.type base.type.type_beq ℤ s + then + v <- type.try_make_transport_cps s ℤ; + fv <- (x1 <- (if + (ZRange.normalize args <=? + ZRange.normalize range)%zrange + then + Some + (#(Z_cast args)%expr @ + v (Compile.reflect x0))%expr_pat + else None); + Some (Base x1)); + Some (fv0 <-- fv; + Base fv0)%under_lets else None | None => None - end);; - (_ <- invert_bind_args idc Raw.ident.Z_sub_get_borrow; + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t idc) x2) x1) x0 => + _ <- invert_bind_args idc Raw.ident.Z_add_with_carry; match pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) @@ -1336,19 +967,347 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with v1 <- type.try_make_transport_cps s ℤ; Some (UnderLet - (#(Z_cast2 range)%expr @ - (#(Z_sub_get_borrow)%expr @ v (Compile.reflect x2) @ + (#(Z_cast range)%expr @ + (#(Z_add_with_carry)%expr @ v (Compile.reflect x2) @ v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat - (fun v2 : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)))%expr_pat)) + (fun v2 : var ℤ => + Base (#(Z_cast range)%expr @ ($v2)%expr)%expr_pat)) else None | None => None - end);; - _ <- invert_bind_args idc Raw.ident.Z_mul_split; + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ ($_)%expr _) _) _ | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _) _) _ | @expr.App _ + _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (_ @ _)%expr_pat _) _) + _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _ => None + | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ #(_)%expr_pat _) _ | + @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App + _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.Abs _ _ _ _ _ _) _) _ | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.LetIn _ _ _ _ _ _ _) _) _ => None + | @expr.App _ _ _ s _ ($_)%expr _ | @expr.App _ _ _ s _ + (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s _ + (@expr.LetIn _ _ _ _ _ _ _) _ => None + | _ => None + end);; + None);;; + Base (#(Z_cast range)%expr @ x)%expr_pat)%option +| Z_cast2 range => + fun x : expr (ℤ * ℤ)%etype => + (match x with + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) x1) x0 => + args <- invert_bind_args idc Raw.ident.pair; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ -> (ℤ * ℤ)%pbtype) -> ℤ) -> ℤ)%ptype + ((((let (x2, _) := args in x2) -> + (let (_, y) := args in y) -> + ((let (x2, _) := args in x2) * (let (_, y) := args in y))%etype) -> + s0) -> s)%ptype option (fun x2 : option => x2) + with + | Some (_, (_, (_, _)), _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ -> (ℤ * ℤ)%etype) -> ℤ) -> ℤ)%ptype + ((((let (x2, _) := args in x2) -> + (let (_, y) := args in y) -> + ((let (x2, _) := args in x2) * (let (_, y) := args in y))%etype) -> + s0) -> s)%ptype + then + _ <- ident.unify pattern.ident.pair pair; + v <- type.try_make_transport_cps s0 ℤ; + v0 <- type.try_make_transport_cps s ℤ; + Some + (fv0 <-- do_again (ℤ * ℤ) + (#(Z_cast (Datatypes.fst range))%expr @ + ($(v (Compile.reflect x1)))%expr, + #(Z_cast (Datatypes.snd range))%expr @ + ($(v0 (Compile.reflect x0)))%expr)%expr_pat; + Base fv0)%under_lets + else None + | None => None + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t idc) x2) x1) x0 => + (match x1 with + | (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.Ident _ _ _ t2 idc2) x5))%expr_pat => + args <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args1 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s4) -> s)%ptype option (fun x6 : option => x6) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s4) -> s)%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + v0 <- type.try_make_transport_cps s4 ℤ; + v1 <- type.try_make_transport_cps s ℤ; + fv <- (if + (ZRange.normalize args <=? + - ZRange.normalize args1)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_get_borrow)%expr @ + v (Compile.reflect x2) @ + v1 (Compile.reflect x0) @ + (#(Z_cast args)%expr @ + v0 (Compile.reflect x5))))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ ($_)%expr _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t0 idc0 @ (@expr.Ident _ _ _ t1 idc1 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t0 idc0 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x0 with + | (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.Ident _ _ _ t2 idc2) x5))%expr_pat => + args <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args1 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s0) -> s4)%ptype option (fun x6 : option => x6) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s4)%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + v0 <- type.try_make_transport_cps s0 ℤ; + v1 <- type.try_make_transport_cps s4 ℤ; + fv <- (if + (ZRange.normalize args <=? + - ZRange.normalize args1)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_get_borrow)%expr @ + v (Compile.reflect x2) @ + v0 (Compile.reflect x1) @ + (#(Z_cast args)%expr @ + v1 (Compile.reflect x5))))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ ($_)%expr _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s4 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t0 idc0 @ (@expr.Ident _ _ _ t1 idc1 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ + (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t0 idc0 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t0 idc0 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x1 with + | @expr.Ident _ _ _ t0 idc0 => + args <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> (projT1 args)) -> s)%ptype option + (fun x3 : option => x3) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> (projT1 args)) -> s)%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + xv <- ident.unify pattern.ident.Literal ##(projT2 args); + v0 <- type.try_make_transport_cps s ℤ; + fv <- (if (let (x3, _) := xv in x3) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end;; + match x0 with + | @expr.Ident _ _ _ t0 idc0 => + args <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s0) -> (projT1 args))%ptype option + (fun x3 : option => x3) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s0) -> (projT1 args))%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + v0 <- type.try_make_transport_cps s0 ℤ; + xv <- ident.unify pattern.ident.Literal ##(projT2 args); + fv <- (if (let (x3, _) := xv in x3) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end;; + _ <- invert_bind_args idc Raw.ident.Z_add_get_carry; match pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) @@ -1364,7 +1323,7 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with Some (UnderLet (#(Z_cast2 range)%expr @ - (#(Z_mul_split)%expr @ v (Compile.reflect x2) @ + (#(Z_add_get_carry)%expr @ v (Compile.reflect x2) @ v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat (fun v2 : var (ℤ * ℤ)%etype => Base @@ -1374,360 +1333,108 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)))%expr_pat)) else None | None => None - end - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ - (@expr.App _ _ _ s2 _ (@expr.Ident _ _ _ t idc) x3) x2) x1) x0 => - (match x2 with - | @expr.Ident _ _ _ t0 idc0 => - match x1 with - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.Ident _ _ _ t3 idc3) x6))%expr_pat => - (args <- invert_bind_args idc3 Raw.ident.Z_cast; - _ <- invert_bind_args idc2 Raw.ident.Z_opp; - args1 <- invert_bind_args idc1 Raw.ident.Z_cast; - args2 <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s5) -> s)%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s5) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args2); - v0 <- type.try_make_transport_cps s5 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - fv <- (if - ((let (x7, _) := xv in x7) =? 0) && - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange - then - Some - (UnderLet - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - (#(Z_sub_get_borrow)%expr @ - v (Compile.reflect x3) @ - v1 (Compile.reflect x0) @ - (#(Z_cast args)%expr @ - v0 (Compile.reflect x6))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end);; - args <- invert_bind_args idc3 Raw.ident.Z_cast; - _ <- invert_bind_args idc2 Raw.ident.Z_opp; - args1 <- invert_bind_args idc1 Raw.ident.Z_cast; - args2 <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s5) -> s)%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s5) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args2); - v0 <- type.try_make_transport_cps s5 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - fv <- (if - ((let (x7, _) := xv in x7) - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ ($_)%expr - _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x0 with - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.Ident _ _ _ t3 idc3) x6))%expr_pat => - (args <- invert_bind_args idc3 Raw.ident.Z_cast; - _ <- invert_bind_args idc2 Raw.ident.Z_opp; - args1 <- invert_bind_args idc1 Raw.ident.Z_cast; - args2 <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args2); - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s5 ℤ; - fv <- (if - ((let (x7, _) := xv in x7) =? 0) && - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange - then - Some - (UnderLet - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - (#(Z_sub_get_borrow)%expr @ - v (Compile.reflect x3) @ - v0 (Compile.reflect x1) @ - (#(Z_cast args)%expr @ - v1 (Compile.reflect x6))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end);; - args <- invert_bind_args idc3 Raw.ident.Z_cast; - _ <- invert_bind_args idc2 Raw.ident.Z_opp; - args1 <- invert_bind_args idc1 Raw.ident.Z_cast; - args2 <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args2); - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s5 ℤ; - fv <- (if - ((let (x7, _) := xv in x7) - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ ($_)%expr - _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ - (@expr.Ident _ _ _ t2 idc2 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x1 with - | @expr.Ident _ _ _ t1 idc1 => - args <- invert_bind_args idc1 Raw.ident.Literal; - args0 <- invert_bind_args idc0 Raw.ident.Literal; + end);; + (_ <- invert_bind_args idc Raw.ident.Z_sub_get_borrow; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + v0 <- type.try_make_transport_cps s0 ℤ; + v1 <- type.try_make_transport_cps s ℤ; + Some + (UnderLet + (#(Z_cast2 range)%expr @ + (#(Z_sub_get_borrow)%expr @ v (Compile.reflect x2) @ + v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat + (fun v2 : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)))%expr_pat)) + else None + | None => None + end);; + _ <- invert_bind_args idc Raw.ident.Z_mul_split; + match + pattern.type.unify_extracted_cps ((ℤ -> ℤ) -> ℤ)%ptype + ((s1 -> s0) -> s)%ptype option (fun x3 : option => x3) + with + | Some (_, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + ((ℤ -> ℤ) -> ℤ)%ptype ((s1 -> s0) -> s)%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + v0 <- type.try_make_transport_cps s0 ℤ; + v1 <- type.try_make_transport_cps s ℤ; + Some + (UnderLet + (#(Z_cast2 range)%expr @ + (#(Z_mul_split)%expr @ v (Compile.reflect x2) @ + v0 (Compile.reflect x1) @ v1 (Compile.reflect x0)))%expr_pat + (fun v2 : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v2)%expr)))%expr_pat)) + else None + | None => None + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ + (@expr.App _ _ _ s2 _ (@expr.Ident _ _ _ t idc) x3) x2) x1) x0 => + (match x2 with + | @expr.Ident _ _ _ t0 idc0 => + match x1 with + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.Ident _ _ _ t3 idc3) x6))%expr_pat => + (args <- invert_bind_args idc3 Raw.ident.Z_cast; + _ <- invert_bind_args idc2 Raw.ident.Z_opp; + args1 <- invert_bind_args idc1 Raw.ident.Z_cast; + args2 <- invert_bind_args idc0 Raw.ident.Literal; _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; match pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args0)) -> (projT1 args)) -> s)%ptype - option (fun x4 : option => x4) + (((s2 -> (projT1 args2)) -> s5) -> s)%ptype option + (fun x7 : option => x7) with | Some (_, _, _, _)%zrange => if type.type_beq base.type base.type.type_beq (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args0)) -> (projT1 args)) -> s)%ptype + (((s2 -> (projT1 args2)) -> s5) -> s)%ptype then v <- type.try_make_transport_cps s2 ℤ; xv <- ident.unify pattern.ident.Literal - ##(projT2 args0); - xv0 <- ident.unify pattern.ident.Literal - ##(projT2 args); - v0 <- type.try_make_transport_cps s ℤ; + ##(projT2 args2); + v0 <- type.try_make_transport_cps s5 ℤ; + v1 <- type.try_make_transport_cps s ℤ; fv <- (if - ((let (x4, _) := xv0 in x4) <=? 0) && - ((let (x4, _) := xv in x4) <=? 0) && - ((let (x4, _) := xv0 in x4) + - (let (x4, _) := xv in x4) Base (#(Z_cast (Datatypes.fst range))%expr @ @@ -1749,48 +1456,139 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with Base fv0)%under_lets else None | None => None - end - | _ => None - end;; - match x0 with - | @expr.Ident _ _ _ t1 idc1 => - args <- invert_bind_args idc1 Raw.ident.Literal; - args0 <- invert_bind_args idc0 Raw.ident.Literal; + end);; + args <- invert_bind_args idc3 Raw.ident.Z_cast; + _ <- invert_bind_args idc2 Raw.ident.Z_opp; + args1 <- invert_bind_args idc1 Raw.ident.Z_cast; + args2 <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args2)) -> s5) -> s)%ptype option + (fun x7 : option => x7) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args2)) -> s5) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args2); + v0 <- type.try_make_transport_cps s5 ℤ; + v1 <- type.try_make_transport_cps s ℤ; + fv <- (if + ((let (x7, _) := xv in x7) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ ($_)%expr + _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x0 with + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.Ident _ _ _ t3 idc3) x6))%expr_pat => + (args <- invert_bind_args idc3 Raw.ident.Z_cast; + _ <- invert_bind_args idc2 Raw.ident.Z_opp; + args1 <- invert_bind_args idc1 Raw.ident.Z_cast; + args2 <- invert_bind_args idc0 Raw.ident.Literal; _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; match pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args0)) -> s0) -> (projT1 args))%ptype - option (fun x4 : option => x4) + (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype option + (fun x7 : option => x7) with | Some (_, _, _, _)%zrange => if type.type_beq base.type base.type.type_beq (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args0)) -> s0) -> (projT1 args))%ptype + (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype then v <- type.try_make_transport_cps s2 ℤ; xv <- ident.unify pattern.ident.Literal - ##(projT2 args0); + ##(projT2 args2); v0 <- type.try_make_transport_cps s0 ℤ; - xv0 <- ident.unify pattern.ident.Literal - ##(projT2 args); + v1 <- type.try_make_transport_cps s5 ℤ; fv <- (if - ((let (x4, _) := xv0 in x4) <=? 0) && - ((let (x4, _) := xv in x4) <=? 0) && - ((let (x4, _) := xv0 in x4) + - (let (x4, _) := xv in x4) Base (#(Z_cast (Datatypes.fst range))%expr @ @@ -1812,510 +1610,688 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with Base fv0)%under_lets else None | None => None - end - | _ => None - end;; - args <- invert_bind_args idc0 Raw.ident.Literal; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args)) -> s0) -> s)%ptype option - (fun x4 : option => x4) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq + end);; + args <- invert_bind_args idc3 Raw.ident.Z_cast; + _ <- invert_bind_args idc2 Raw.ident.Z_opp; + args1 <- invert_bind_args idc1 Raw.ident.Z_cast; + args2 <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> (projT1 args)) -> s0) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - xv <- ident.unify pattern.ident.Literal ##(projT2 args); - v0 <- type.try_make_transport_cps s0 ℤ; - v1 <- type.try_make_transport_cps s ℤ; - fv <- (if (let (x4, _) := xv in x4) =? 0 - then - Some - (UnderLet - (#(Z_cast2 range)%expr @ - (#(Z_add_get_carry)%expr @ - v (Compile.reflect x3) @ - v0 (Compile.reflect x1) @ - v1 (Compile.reflect x0)))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 range)%expr @ ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 range)%expr @ ($vc)%expr)))%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | @expr.App _ _ _ s3 _ (@expr.Ident _ _ _ t0 idc0) x4 => - match x4 with - | (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ - (@expr.Ident _ _ _ t2 idc2) x6)%expr_pat => - match x1 with - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.Ident _ _ _ t5 idc5) x9))%expr_pat => - args <- invert_bind_args idc5 Raw.ident.Z_cast; - _ <- invert_bind_args idc4 Raw.ident.Z_opp; - args1 <- invert_bind_args idc3 Raw.ident.Z_cast; - args2 <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args4 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc - Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s8) -> s)%ptype option - (fun x10 : option => x10) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s8) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - v0 <- type.try_make_transport_cps s5 ℤ; - v1 <- type.try_make_transport_cps s8 ℤ; - v2 <- type.try_make_transport_cps s ℤ; - fv <- (if - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange && - (ZRange.normalize args2 <=? - - ZRange.normalize args4)%zrange - then - Some - (UnderLet + (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype option + (fun x7 : option => x7) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args2)) -> s0) -> s5)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args2); + v0 <- type.try_make_transport_cps s0 ℤ; + v1 <- type.try_make_transport_cps s5 ℤ; + fv <- (if + ((let (x7, _) := xv in x7) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 (Datatypes.fst range, - Datatypes.snd range))%expr @ - (#(Z_sub_with_get_borrow)%expr @ - v (Compile.reflect x3) @ - (#(Z_cast args2)%expr @ - v0 (Compile.reflect x6)) @ - v2 (Compile.reflect x0) @ - (#(Z_cast args)%expr @ - v1 (Compile.reflect x9))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast - (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - ($_)%expr _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t3 idc3 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x0 with - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.Ident _ _ _ t5 idc5) x9))%expr_pat => - args <- invert_bind_args idc5 Raw.ident.Z_cast; - _ <- invert_bind_args idc4 Raw.ident.Z_opp; - args1 <- invert_bind_args idc3 Raw.ident.Z_cast; - args2 <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args4 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc - Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s0) -> s8)%ptype option - (fun x10 : option => x10) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s0) -> s8)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - v0 <- type.try_make_transport_cps s5 ℤ; - v1 <- type.try_make_transport_cps s0 ℤ; - v2 <- type.try_make_transport_cps s8 ℤ; - fv <- (if - (ZRange.normalize args <=? - - ZRange.normalize args1)%zrange && - (ZRange.normalize args2 <=? - - ZRange.normalize args4)%zrange - then - Some - (UnderLet + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ ($_)%expr + _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.App _ _ _ s5 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ + (@expr.Ident _ _ _ t2 idc2 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x1 with + | @expr.Ident _ _ _ t1 idc1 => + args <- invert_bind_args idc1 Raw.ident.Literal; + args0 <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args0)) -> (projT1 args)) -> s)%ptype + option (fun x4 : option => x4) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args0)) -> (projT1 args)) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args0); + xv0 <- ident.unify pattern.ident.Literal + ##(projT2 args); + v0 <- type.try_make_transport_cps s ℤ; + fv <- (if + ((let (x4, _) := xv0 in x4) <=? 0) && + ((let (x4, _) := xv in x4) <=? 0) && + ((let (x4, _) := xv0 in x4) + + (let (x4, _) := xv in x4) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 (Datatypes.fst range, - Datatypes.snd range))%expr @ - (#(Z_sub_with_get_borrow)%expr @ - v (Compile.reflect x3) @ - (#(Z_cast args2)%expr @ - v0 (Compile.reflect x6)) @ - v1 (Compile.reflect x1) @ - (#(Z_cast args)%expr @ - v2 (Compile.reflect x9))))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast - (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - ($_)%expr _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.Abs _ _ _ _ _ _) _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (_ @ _) _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ - (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None - | (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ #(_)))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ ($_)%expr))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.Abs _ _ _ _ _ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.Ident _ _ _ t4 idc4 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => - None - | (@expr.Ident _ _ _ t3 idc3 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (($_)%expr @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ (_ @ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ - (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | - (@expr.Ident _ _ _ t3 idc3 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x1 with - | @expr.Ident _ _ _ t3 idc3 => - args <- invert_bind_args idc3 Raw.ident.Literal; - args0 <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args2 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc - Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> (projT1 args)) -> s)%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> (projT1 args)) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - v0 <- type.try_make_transport_cps s5 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args); - v1 <- type.try_make_transport_cps s ℤ; - fv <- (if - ((let (x7, _) := xv in x7) <=? 0) && - (ZRange.normalize args0 <=? - - ZRange.normalize args2)%zrange - then - Some - (UnderLet + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end;; + match x0 with + | @expr.Ident _ _ _ t1 idc1 => + args <- invert_bind_args idc1 Raw.ident.Literal; + args0 <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args0)) -> s0) -> (projT1 args))%ptype + option (fun x4 : option => x4) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args0)) -> s0) -> (projT1 args))%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args0); + v0 <- type.try_make_transport_cps s0 ℤ; + xv0 <- ident.unify pattern.ident.Literal + ##(projT2 args); + fv <- (if + ((let (x4, _) := xv0 in x4) <=? 0) && + ((let (x4, _) := xv in x4) <=? 0) && + ((let (x4, _) := xv0 in x4) + + (let (x4, _) := xv in x4) + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 (Datatypes.fst range, - Datatypes.snd range))%expr @ - (#(Z_sub_with_get_borrow)%expr @ - v (Compile.reflect x3) @ - (#(Z_cast args0)%expr @ - v0 (Compile.reflect x6)) @ - v1 (Compile.reflect x0) @ - (##(- (let (x7, _) := xv in x7))%Z)%expr))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end;; + args <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args)) -> s0) -> s)%ptype option + (fun x4 : option => x4) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> (projT1 args)) -> s0) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + xv <- ident.unify pattern.ident.Literal ##(projT2 args); + v0 <- type.try_make_transport_cps s0 ℤ; + v1 <- type.try_make_transport_cps s ℤ; + fv <- (if (let (x4, _) := xv in x4) =? 0 + then + Some + (UnderLet + (#(Z_cast2 range)%expr @ + (#(Z_add_get_carry)%expr @ + v (Compile.reflect x3) @ + v0 (Compile.reflect x1) @ + v1 (Compile.reflect x0)))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 range)%expr @ ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 range)%expr @ ($vc)%expr)))%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | @expr.App _ _ _ s3 _ (@expr.Ident _ _ _ t0 idc0) x4 => + match x4 with + | (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ + (@expr.Ident _ _ _ t2 idc2) x6)%expr_pat => + match x1 with + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.Ident _ _ _ t5 idc5) x9))%expr_pat => + args <- invert_bind_args idc5 Raw.ident.Z_cast; + _ <- invert_bind_args idc4 Raw.ident.Z_opp; + args1 <- invert_bind_args idc3 Raw.ident.Z_cast; + args2 <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args4 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc + Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s8) -> s)%ptype option + (fun x10 : option => x10) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s8) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + v0 <- type.try_make_transport_cps s5 ℤ; + v1 <- type.try_make_transport_cps s8 ℤ; + v2 <- type.try_make_transport_cps s ℤ; + fv <- (if + (ZRange.normalize args <=? + - ZRange.normalize args1)%zrange && + (ZRange.normalize args2 <=? + - ZRange.normalize args4)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_with_get_borrow)%expr @ + v (Compile.reflect x3) @ + (#(Z_cast args2)%expr @ + v0 (Compile.reflect x6)) @ + v2 (Compile.reflect x0) @ + (#(Z_cast args)%expr @ + v1 (Compile.reflect x9))))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ (#(Z_cast2 (Datatypes.fst range, - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast - (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | _ => None - end;; - match x0 with - | @expr.Ident _ _ _ t3 idc3 => - args <- invert_bind_args idc3 Raw.ident.Literal; - args0 <- invert_bind_args idc2 Raw.ident.Z_cast; - _ <- invert_bind_args idc1 Raw.ident.Z_opp; - args2 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc - Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s0) -> (projT1 args))%ptype option - (fun x7 : option => x7) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s5) -> s0) -> (projT1 args))%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - v0 <- type.try_make_transport_cps s5 ℤ; - v1 <- type.try_make_transport_cps s0 ℤ; - xv <- ident.unify pattern.ident.Literal - ##(projT2 args); - fv <- (if - ((let (x7, _) := xv in x7) <=? 0) && - (ZRange.normalize args0 <=? - - ZRange.normalize args2)%zrange - then - Some - (UnderLet - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - (#(Z_sub_with_get_borrow)%expr @ - v (Compile.reflect x3) @ - (#(Z_cast args0)%expr @ - v0 (Compile.reflect x6)) @ - v1 (Compile.reflect x1) @ - (##(- (let (x7, _) := xv in x7))%Z)%expr))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + ($_)%expr _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t3 idc3 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x0 with + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.Ident _ _ _ t5 idc5) x9))%expr_pat => + args <- invert_bind_args idc5 Raw.ident.Z_cast; + _ <- invert_bind_args idc4 Raw.ident.Z_opp; + args1 <- invert_bind_args idc3 Raw.ident.Z_cast; + args2 <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args4 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc + Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s0) -> s8)%ptype option + (fun x10 : option => x10) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s0) -> s8)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + v0 <- type.try_make_transport_cps s5 ℤ; + v1 <- type.try_make_transport_cps s0 ℤ; + v2 <- type.try_make_transport_cps s8 ℤ; + fv <- (if + (ZRange.normalize args <=? + - ZRange.normalize args1)%zrange && + (ZRange.normalize args2 <=? + - ZRange.normalize args4)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_with_get_borrow)%expr @ + v (Compile.reflect x3) @ + (#(Z_cast args2)%expr @ + v0 (Compile.reflect x6)) @ + v1 (Compile.reflect x1) @ + (#(Z_cast args)%expr @ + v2 (Compile.reflect x9))))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ (#(Z_cast2 (Datatypes.fst range, - Datatypes.snd range))%expr @ - ($vc)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (- - (#(Z_cast - (- Datatypes.snd range))%expr @ - (#(snd)%expr @ - (#(Z_cast2 - (Datatypes.fst range, - - Datatypes.snd range))%expr @ - $vc)))%expr_pat)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | _ => None - end - | (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ ($_)%expr - _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ - (@expr.Abs _ _ _ _ _ _) _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ (_ @ _) _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ - (@expr.LetIn _ _ _ _ _ _ _) _)%expr_pat => None - | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | - (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => - None - | _ => None - end;; - match x3 with - | @expr.Ident _ _ _ t1 idc1 => - match x1 with - | @expr.Ident _ _ _ t2 idc2 => - match x0 with - | @expr.Ident _ _ _ t3 idc3 => - args <- invert_bind_args idc3 Raw.ident.Literal; - args0 <- invert_bind_args idc2 Raw.ident.Literal; - args1 <- invert_bind_args idc1 Raw.ident.Literal; - args2 <- invert_bind_args idc0 Raw.ident.Z_cast; - _ <- invert_bind_args idc - Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - ((((projT1 args1) -> s3) -> (projT1 args0)) -> - (projT1 args))%ptype option - (fun x5 : option => x5) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - ((((projT1 args1) -> s3) -> (projT1 args0)) -> - (projT1 args))%ptype - then - xv <- ident.unify pattern.ident.Literal - ##(projT2 args1); - v <- type.try_make_transport_cps s3 ℤ; - xv0 <- ident.unify pattern.ident.Literal - ##(projT2 args0); - xv1 <- ident.unify pattern.ident.Literal - ##(projT2 args); - fv <- (if - ((let (x5, _) := xv0 in x5) =? 0) && - ((let (x5, _) := xv1 in x5) =? 0) && - (ZRange.normalize args2 <=? - r[0 ~> (let (x5, _) := xv in x5) - 1])%zrange && - is_bounded_by_bool 0 - (Datatypes.snd range) - then - Some - (UnderLet - (#(Z_cast2 range)%expr @ - (#(Z_add_with_get_carry)%expr @ - (##(let (x5, _) := xv in x5))%expr @ - (#(Z_cast args2)%expr @ - v (Compile.reflect x4)) @ - (##(let (x5, _) := xv0 in x5))%expr @ - (##(let (x5, _) := xv1 in x5))%expr))%expr_pat - (fun vc : var (ℤ * ℤ)%etype => - Base - (#(Z_cast - (Datatypes.fst range))%expr @ - (#(fst)%expr @ - (#(Z_cast2 range)%expr @ - ($vc)%expr)), (##0)%expr)%expr_pat)) - else None); - Some (fv0 <-- fv; - Base fv0)%under_lets - else None - | None => None - end - | _ => None - end - | _ => None - end - | _ => None - end - | @expr.App _ _ _ s3 _ ($_)%expr _ | @expr.App _ _ _ s3 _ - (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s3 _ - (_ @ _)%expr_pat _ | @expr.App _ _ _ s3 _ - (@expr.LetIn _ _ _ _ _ _ _) _ => None - | _ => None - end;; - _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; - match - pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s1) -> s0) -> s)%ptype option (fun x4 : option => x4) - with - | Some (_, _, _, _)%zrange => - if - type.type_beq base.type base.type.type_beq - (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype - (((s2 -> s1) -> s0) -> s)%ptype - then - v <- type.try_make_transport_cps s2 ℤ; - v0 <- type.try_make_transport_cps s1 ℤ; - v1 <- type.try_make_transport_cps s0 ℤ; - v2 <- type.try_make_transport_cps s ℤ; - Some - (UnderLet - (#(Z_cast2 range)%expr @ - (#(Z_add_with_get_carry)%expr @ v (Compile.reflect x3) @ - v0 (Compile.reflect x2) @ v1 (Compile.reflect x1) @ - v2 (Compile.reflect x0)))%expr_pat - (fun v3 : var (ℤ * ℤ)%etype => - Base - (#(Z_cast (Datatypes.fst range))%expr @ - (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v3)%expr)), - #(Z_cast (Datatypes.snd range))%expr @ - (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v3)%expr)))%expr_pat)) - else None - | None => None - end);; - _ <- invert_bind_args idc Raw.ident.Z_sub_with_get_borrow; + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + ($_)%expr _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.Abs _ _ _ _ _ _) _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (_ @ _) _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.App _ _ _ s8 _ + (@expr.LetIn _ _ _ _ _ _ _) _))%expr_pat => None + | (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ #(_)))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ ($_)%expr))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.Abs _ _ _ _ _ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.Ident _ _ _ t4 idc4 @ @expr.LetIn _ _ _ _ _ _ _))%expr_pat => + None + | (@expr.Ident _ _ _ t3 idc3 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (($_)%expr @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (@expr.Abs _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ (_ @ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ + (@expr.LetIn _ _ _ _ _ _ _ @ _))%expr_pat | + (@expr.Ident _ _ _ t3 idc3 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x1 with + | @expr.Ident _ _ _ t3 idc3 => + args <- invert_bind_args idc3 Raw.ident.Literal; + args0 <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args2 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc + Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> (projT1 args)) -> s)%ptype option + (fun x7 : option => x7) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> (projT1 args)) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + v0 <- type.try_make_transport_cps s5 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args); + v1 <- type.try_make_transport_cps s ℤ; + fv <- (if + ((let (x7, _) := xv in x7) <=? 0) && + (ZRange.normalize args0 <=? + - ZRange.normalize args2)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_with_get_borrow)%expr @ + v (Compile.reflect x3) @ + (#(Z_cast args0)%expr @ + v0 (Compile.reflect x6)) @ + v1 (Compile.reflect x0) @ + (##(- (let (x7, _) := xv in x7))%Z)%expr))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end;; + match x0 with + | @expr.Ident _ _ _ t3 idc3 => + args <- invert_bind_args idc3 Raw.ident.Literal; + args0 <- invert_bind_args idc2 Raw.ident.Z_cast; + _ <- invert_bind_args idc1 Raw.ident.Z_opp; + args2 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc + Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s0) -> (projT1 args))%ptype option + (fun x7 : option => x7) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s5) -> s0) -> (projT1 args))%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + v0 <- type.try_make_transport_cps s5 ℤ; + v1 <- type.try_make_transport_cps s0 ℤ; + xv <- ident.unify pattern.ident.Literal + ##(projT2 args); + fv <- (if + ((let (x7, _) := xv in x7) <=? 0) && + (ZRange.normalize args0 <=? + - ZRange.normalize args2)%zrange + then + Some + (UnderLet + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + (#(Z_sub_with_get_borrow)%expr @ + v (Compile.reflect x3) @ + (#(Z_cast args0)%expr @ + v0 (Compile.reflect x6)) @ + v1 (Compile.reflect x1) @ + (##(- (let (x7, _) := xv in x7))%Z)%expr))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + ($vc)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (- + (#(Z_cast (- Datatypes.snd range))%expr @ + (#(snd)%expr @ + (#(Z_cast2 + (Datatypes.fst range, + - Datatypes.snd range))%expr @ + $vc)))%expr_pat)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end + | (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ ($_)%expr _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ + (@expr.Abs _ _ _ _ _ _) _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ (_ @ _) _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.App _ _ _ s5 _ + (@expr.LetIn _ _ _ _ _ _ _) _)%expr_pat => None + | (@expr.Ident _ _ _ t1 idc1 @ #(_))%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ ($_)%expr)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.Abs _ _ _ _ _ _)%expr_pat | + (@expr.Ident _ _ _ t1 idc1 @ @expr.LetIn _ _ _ _ _ _ _)%expr_pat => + None + | _ => None + end;; + match x3 with + | @expr.Ident _ _ _ t1 idc1 => + match x1 with + | @expr.Ident _ _ _ t2 idc2 => + match x0 with + | @expr.Ident _ _ _ t3 idc3 => + args <- invert_bind_args idc3 Raw.ident.Literal; + args0 <- invert_bind_args idc2 Raw.ident.Literal; + args1 <- invert_bind_args idc1 Raw.ident.Literal; + args2 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc + Raw.ident.Z_add_with_get_carry; + match + pattern.type.unify_extracted_cps + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + ((((projT1 args1) -> s3) -> (projT1 args0)) -> + (projT1 args))%ptype option + (fun x5 : option => x5) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + ((((projT1 args1) -> s3) -> (projT1 args0)) -> + (projT1 args))%ptype + then + xv <- ident.unify pattern.ident.Literal + ##(projT2 args1); + v <- type.try_make_transport_cps s3 ℤ; + xv0 <- ident.unify pattern.ident.Literal + ##(projT2 args0); + xv1 <- ident.unify pattern.ident.Literal + ##(projT2 args); + fv <- (if + ((let (x5, _) := xv0 in x5) =? 0) && + ((let (x5, _) := xv1 in x5) =? 0) && + (ZRange.normalize args2 <=? + r[0 ~> (let (x5, _) := xv in x5) - 1])%zrange && + is_bounded_by_bool 0 + (Datatypes.snd range) + then + Some + (UnderLet + (#(Z_cast2 range)%expr @ + (#(Z_add_with_get_carry)%expr @ + (##(let (x5, _) := xv in x5))%expr @ + (#(Z_cast args2)%expr @ + v (Compile.reflect x4)) @ + (##(let (x5, _) := xv0 in x5))%expr @ + (##(let (x5, _) := xv1 in x5))%expr))%expr_pat + (fun vc : var (ℤ * ℤ)%etype => + Base + (#(Z_cast + (Datatypes.fst range))%expr @ + (#(fst)%expr @ + (#(Z_cast2 range)%expr @ + ($vc)%expr)), (##0)%expr)%expr_pat)) + else None); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | _ => None + end + | _ => None + end + | _ => None + end + | @expr.App _ _ _ s3 _ ($_)%expr _ | @expr.App _ _ _ s3 _ + (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s3 _ (_ @ _)%expr_pat + _ | @expr.App _ _ _ s3 _ (@expr.LetIn _ _ _ _ _ _ _) _ => None + | _ => None + end;; + _ <- invert_bind_args idc Raw.ident.Z_add_with_get_carry; match pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype (((s2 -> s1) -> s0) -> s)%ptype option (fun x4 : option => x4) @@ -2332,7 +2308,7 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with Some (UnderLet (#(Z_cast2 range)%expr @ - (#(Z_sub_with_get_borrow)%expr @ v (Compile.reflect x3) @ + (#(Z_add_with_get_carry)%expr @ v (Compile.reflect x3) @ v0 (Compile.reflect x2) @ v1 (Compile.reflect x1) @ v2 (Compile.reflect x0)))%expr_pat (fun v3 : var (ℤ * ℤ)%etype => @@ -2343,40 +2319,66 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v3)%expr)))%expr_pat)) else None | None => None - end - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.App _ _ _ s2 _ ($_)%expr _) _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ - (@expr.App _ _ _ s2 _ (@expr.Abs _ _ _ _ _ _) _) _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.App _ _ _ s2 _ (_ @ _)%expr_pat _) _) - _) _ | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ - (@expr.App _ _ _ s2 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _) _ => - None - | @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ ($_)%expr _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _) _) _ | @expr.App _ - _ _ s _ - (@expr.App _ _ _ s0 _ - (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _ => None - | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App - _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.Abs _ _ _ _ _ _) _) _ | - @expr.App _ _ _ s _ - (@expr.App _ _ _ s0 _ (@expr.LetIn _ _ _ _ _ _ _) _) _ => None - | @expr.App _ _ _ s _ #(_)%expr_pat _ | @expr.App _ _ _ s _ ($_)%expr - _ | @expr.App _ _ _ s _ (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s - _ (@expr.LetIn _ _ _ _ _ _ _) _ => None - | _ => None - end;; - None);;; + end);; + _ <- invert_bind_args idc Raw.ident.Z_sub_with_get_borrow; + match + pattern.type.unify_extracted_cps (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype + (((s2 -> s1) -> s0) -> s)%ptype option (fun x4 : option => x4) + with + | Some (_, _, _, _)%zrange => + if + type.type_beq base.type base.type.type_beq + (((ℤ -> ℤ) -> ℤ) -> ℤ)%ptype (((s2 -> s1) -> s0) -> s)%ptype + then + v <- type.try_make_transport_cps s2 ℤ; + v0 <- type.try_make_transport_cps s1 ℤ; + v1 <- type.try_make_transport_cps s0 ℤ; + v2 <- type.try_make_transport_cps s ℤ; + Some + (UnderLet + (#(Z_cast2 range)%expr @ + (#(Z_sub_with_get_borrow)%expr @ v (Compile.reflect x3) @ + v0 (Compile.reflect x2) @ v1 (Compile.reflect x1) @ + v2 (Compile.reflect x0)))%expr_pat + (fun v3 : var (ℤ * ℤ)%etype => + Base + (#(Z_cast (Datatypes.fst range))%expr @ + (#(fst)%expr @ (#(Z_cast2 range)%expr @ ($v3)%expr)), + #(Z_cast (Datatypes.snd range))%expr @ + (#(snd)%expr @ (#(Z_cast2 range)%expr @ ($v3)%expr)))%expr_pat)) + else None + | None => None + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.App _ _ _ s2 _ ($_)%expr _) _) _) _ | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ + (@expr.App _ _ _ s2 _ (@expr.Abs _ _ _ _ _ _) _) _) _) _ | @expr.App + _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.App _ _ _ s2 _ (_ @ _)%expr_pat _) _) _) + _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ + (@expr.App _ _ _ s2 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _) _ => None + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ ($_)%expr _) _) _ | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _) + _) _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ + (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _ => None + | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App _ + _ _ s _ (@expr.App _ _ _ s0 _ (@expr.Abs _ _ _ _ _ _) _) _ | @expr.App + _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.LetIn _ _ _ _ _ _ _) _) _ => + None + | @expr.App _ _ _ s _ #(_)%expr_pat _ | @expr.App _ _ _ s _ ($_)%expr + _ | @expr.App _ _ _ s _ (@expr.Abs _ _ _ _ _ _) _ | @expr.App _ _ _ s + _ (@expr.LetIn _ _ _ _ _ _ _) _ => None + | _ => None + end;;; Base (#(Z_cast2 range)%expr @ x)%expr_pat)%option | fancy_add log2wordmax imm => fun x : expr (ℤ * ℤ)%etype => From c07d388d50a58c5641c49528481bab5b308f5be1 Mon Sep 17 00:00:00 2001 From: Jason Gross Date: Wed, 16 Jan 2019 00:24:19 -0500 Subject: [PATCH 2/2] Constant-propogate 0+x and x+0 after bounds After | File Name | Before || Change | % Change -------------------------------------------------------------------------------------------- 21m22.67s | Total | 21m28.24s || -0m05.56s | -0.43% -------------------------------------------------------------------------------------------- 4m09.95s | PushButtonSynthesis.vo | 4m14.76s || -0m04.81s | -1.88% 3m07.95s | p384_32.c | 3m11.17s || -0m03.21s | -1.68% 2m06.43s | Rewriter.vo | 2m06.15s || +0m00.28s | +0.22% 1m55.83s | RewriterWf2.vo | 1m56.15s || -0m00.32s | -0.27% 1m52.36s | RewriterRulesGood.vo | 1m52.34s || +0m00.01s | +0.01% 1m46.52s | RewriterRulesInterpGood.vo | 1m45.70s || +0m00.82s | +0.77% 0m46.56s | RewriterInterpProofs1.vo | 0m46.72s || -0m00.15s | -0.34% 0m45.04s | ExtractionHaskell/word_by_word_montgomery | 0m45.33s || -0m00.28s | -0.63% 0m39.17s | p521_32.c | 0m39.07s || +0m00.10s | +0.25% 0m32.40s | p521_64.c | 0m32.64s || -0m00.24s | -0.73% 0m31.13s | ExtractionHaskell/unsaturated_solinas | 0m30.88s || +0m00.25s | +0.80% 0m24.20s | ExtractionHaskell/saturated_solinas | 0m24.27s || -0m00.07s | -0.28% 0m23.72s | RewriterWf1.vo | 0m23.42s || +0m00.29s | +1.28% 0m17.52s | ExtractionOCaml/word_by_word_montgomery | 0m17.10s || +0m00.41s | +2.45% 0m13.39s | secp256k1_32.c | 0m13.29s || +0m00.10s | +0.75% 0m13.08s | p256_32.c | 0m13.26s || -0m00.17s | -1.35% 0m11.49s | p484_64.c | 0m11.18s || +0m00.31s | +2.77% 0m10.68s | ExtractionOCaml/unsaturated_solinas | 0m10.64s || +0m00.03s | +0.37% 0m10.11s | ExtractionOCaml/word_by_word_montgomery.ml | 0m10.10s || +0m00.00s | +0.09% 0m07.96s | ExtractionOCaml/saturated_solinas | 0m07.95s || +0m00.00s | +0.12% 0m06.81s | ExtractionOCaml/unsaturated_solinas.ml | 0m06.76s || +0m00.04s | +0.73% 0m06.30s | ExtractionHaskell/word_by_word_montgomery.hs | 0m06.26s || +0m00.04s | +0.63% 0m06.07s | p224_32.c | 0m05.94s || +0m00.12s | +2.18% 0m06.06s | BoundsPipeline.vo | 0m06.08s || -0m00.02s | -0.32% 0m05.46s | p384_64.c | 0m05.30s || +0m00.16s | +3.01% 0m05.28s | ExtractionOCaml/saturated_solinas.ml | 0m05.18s || +0m00.10s | +1.93% 0m04.97s | ExtractionHaskell/unsaturated_solinas.hs | 0m04.99s || -0m00.02s | -0.40% 0m04.13s | ExtractionHaskell/saturated_solinas.hs | 0m04.10s || +0m00.03s | +0.73% 0m02.34s | curve25519_32.c | 0m02.21s || +0m00.12s | +5.88% 0m01.59s | curve25519_64.c | 0m01.47s || +0m00.12s | +8.16% 0m01.46s | CLI.vo | 0m01.48s || -0m00.02s | -1.35% 0m01.15s | secp256k1_64.c | 0m01.03s || +0m00.11s | +11.65% 0m01.14s | RewriterProofs.vo | 0m01.13s || +0m00.01s | +0.88% 0m01.14s | StandaloneHaskellMain.vo | 0m01.09s || +0m00.04s | +4.58% 0m01.14s | StandaloneOCamlMain.vo | 0m01.12s || +0m00.01s | +1.78% 0m01.09s | p256_64.c | 0m00.98s || +0m00.11s | +11.22% 0m01.06s | p224_64.c | 0m01.00s || +0m00.06s | +6.00% --- curve25519_32.c | 136 ++++++----- p224_32.c | 158 ++++++------- p224_64.c | 114 +++++---- p256_32.c | 186 +++++++-------- p256_64.c | 134 +++++------ p384_32.c | 286 +++++++++++----------- p384_64.c | 224 +++++++++--------- p484_64.c | 266 ++++++++++----------- p521_32.c | 326 +++++++++++++------------- p521_64.c | 238 +++++++++---------- secp256k1_32.c | 186 +++++++-------- secp256k1_64.c | 134 +++++------ src/Rewriter.v | 7 + src/arith_with_casts_rewrite_head.out | 123 +++++++++- 14 files changed, 1266 insertions(+), 1252 deletions(-) diff --git a/curve25519_32.c b/curve25519_32.c index 5081417867..820a5c9bb0 100644 --- a/curve25519_32.c +++ b/curve25519_32.c @@ -749,41 +749,40 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { uint8_t x82 = (uint8_t)(x80 >> 8); uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); uint8_t x84 = (uint8_t)(x82 & UINT8_C(0xff)); - uint32_t x85 = (0x0 + x32); - uint32_t x86 = (x85 >> 8); - uint8_t x87 = (uint8_t)(x85 & UINT8_C(0xff)); - uint32_t x88 = (x86 >> 8); - uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); - fiat_25519_uint1 x90 = (fiat_25519_uint1)(x88 >> 8); - uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); - uint32_t x92 = (x90 + x45); - uint32_t x93 = (x92 >> 8); - uint8_t x94 = (uint8_t)(x92 & UINT8_C(0xff)); - uint32_t x95 = (x93 >> 8); - uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); - uint8_t x97 = (uint8_t)(x95 >> 8); - uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); - uint32_t x99 = (x97 + x44); - uint32_t x100 = (x99 >> 8); - uint8_t x101 = (uint8_t)(x99 & UINT8_C(0xff)); - uint32_t x102 = (x100 >> 8); - uint8_t x103 = (uint8_t)(x100 & UINT8_C(0xff)); - uint8_t x104 = (uint8_t)(x102 >> 8); - uint8_t x105 = (uint8_t)(x102 & UINT8_C(0xff)); - uint32_t x106 = (x104 + x43); - uint32_t x107 = (x106 >> 8); - uint8_t x108 = (uint8_t)(x106 & UINT8_C(0xff)); - uint32_t x109 = (x107 >> 8); - uint8_t x110 = (uint8_t)(x107 & UINT8_C(0xff)); - uint8_t x111 = (uint8_t)(x109 >> 8); - uint8_t x112 = (uint8_t)(x109 & UINT8_C(0xff)); - uint32_t x113 = (x111 + x42); - uint32_t x114 = (x113 >> 8); - uint8_t x115 = (uint8_t)(x113 & UINT8_C(0xff)); - uint32_t x116 = (x114 >> 8); - uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); - uint8_t x118 = (uint8_t)(x116 >> 8); - uint8_t x119 = (uint8_t)(x116 & UINT8_C(0xff)); + uint32_t x85 = (x32 >> 8); + uint8_t x86 = (uint8_t)(x32 & UINT8_C(0xff)); + uint32_t x87 = (x85 >> 8); + uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); + fiat_25519_uint1 x89 = (fiat_25519_uint1)(x87 >> 8); + uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); + uint32_t x91 = (x89 + x45); + uint32_t x92 = (x91 >> 8); + uint8_t x93 = (uint8_t)(x91 & UINT8_C(0xff)); + uint32_t x94 = (x92 >> 8); + uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); + uint8_t x96 = (uint8_t)(x94 >> 8); + uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); + uint32_t x98 = (x96 + x44); + uint32_t x99 = (x98 >> 8); + uint8_t x100 = (uint8_t)(x98 & UINT8_C(0xff)); + uint32_t x101 = (x99 >> 8); + uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff)); + uint8_t x103 = (uint8_t)(x101 >> 8); + uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); + uint32_t x105 = (x103 + x43); + uint32_t x106 = (x105 >> 8); + uint8_t x107 = (uint8_t)(x105 & UINT8_C(0xff)); + uint32_t x108 = (x106 >> 8); + uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); + uint8_t x110 = (uint8_t)(x108 >> 8); + uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); + uint32_t x112 = (x110 + x42); + uint32_t x113 = (x112 >> 8); + uint8_t x114 = (uint8_t)(x112 & UINT8_C(0xff)); + uint32_t x115 = (x113 >> 8); + uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff)); + uint8_t x117 = (uint8_t)(x115 >> 8); + uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff)); out1[0] = x51; out1[1] = x53; out1[2] = x55; @@ -800,22 +799,22 @@ static void fiat_25519_to_bytes(uint8_t out1[32], const uint32_t arg1[10]) { out1[13] = x81; out1[14] = x83; out1[15] = x84; - out1[16] = x87; - out1[17] = x89; - out1[18] = x91; - out1[19] = x94; - out1[20] = x96; - out1[21] = x98; - out1[22] = x101; - out1[23] = x103; - out1[24] = x105; - out1[25] = x108; - out1[26] = x110; - out1[27] = x112; - out1[28] = x115; - out1[29] = x117; - out1[30] = x119; - out1[31] = x118; + out1[16] = x86; + out1[17] = x88; + out1[18] = x90; + out1[19] = x93; + out1[20] = x95; + out1[21] = x97; + out1[22] = x100; + out1[23] = x102; + out1[24] = x104; + out1[25] = x107; + out1[26] = x109; + out1[27] = x111; + out1[28] = x114; + out1[29] = x116; + out1[30] = x118; + out1[31] = x117; } /* @@ -880,28 +879,27 @@ static void fiat_25519_from_bytes(uint32_t out1[10], const uint8_t arg1[32]) { uint32_t x53 = (x51 & UINT32_C(0x1ffffff)); uint32_t x54 = (x52 + x41); uint32_t x55 = (x54 & UINT32_C(0x3ffffff)); - uint32_t x56 = (0x0 + x40); - uint8_t x57 = (uint8_t)(x56 >> 25); - uint32_t x58 = (x56 & UINT32_C(0x1ffffff)); - uint32_t x59 = (x57 + x39); - uint8_t x60 = (uint8_t)(x59 >> 26); - uint32_t x61 = (x59 & UINT32_C(0x3ffffff)); - uint32_t x62 = (x60 + x38); - uint8_t x63 = (uint8_t)(x62 >> 25); - uint32_t x64 = (x62 & UINT32_C(0x1ffffff)); - uint32_t x65 = (x63 + x37); - uint8_t x66 = (uint8_t)(x65 >> 26); - uint32_t x67 = (x65 & UINT32_C(0x3ffffff)); - uint32_t x68 = (x66 + x36); + uint8_t x56 = (uint8_t)(x40 >> 25); + uint32_t x57 = (x40 & UINT32_C(0x1ffffff)); + uint32_t x58 = (x56 + x39); + uint8_t x59 = (uint8_t)(x58 >> 26); + uint32_t x60 = (x58 & UINT32_C(0x3ffffff)); + uint32_t x61 = (x59 + x38); + uint8_t x62 = (uint8_t)(x61 >> 25); + uint32_t x63 = (x61 & UINT32_C(0x1ffffff)); + uint32_t x64 = (x62 + x37); + uint8_t x65 = (uint8_t)(x64 >> 26); + uint32_t x66 = (x64 & UINT32_C(0x3ffffff)); + uint32_t x67 = (x65 + x36); out1[0] = x35; out1[1] = x47; out1[2] = x50; out1[3] = x53; out1[4] = x55; - out1[5] = x58; - out1[6] = x61; - out1[7] = x64; - out1[8] = x67; - out1[9] = x68; + out1[5] = x57; + out1[6] = x60; + out1[7] = x63; + out1[8] = x66; + out1[9] = x67; } diff --git a/p224_32.c b/p224_32.c index eda2b7e5fa..8be4ebec7e 100644 --- a/p224_32.c +++ b/p224_32.c @@ -2632,81 +2632,75 @@ static void fiat_p224_to_bytes(uint8_t out1[28], const uint32_t arg1[7]) { uint8_t x12 = (uint8_t)(x10 >> 8); uint8_t x13 = (uint8_t)(x10 & UINT8_C(0xff)); uint8_t x14 = (uint8_t)(x12 & UINT8_C(0xff)); - uint32_t x15 = (0x0 + x6); - uint32_t x16 = (x15 >> 8); - uint8_t x17 = (uint8_t)(x15 & UINT8_C(0xff)); - uint32_t x18 = (x16 >> 8); - uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); - uint8_t x20 = (uint8_t)(x18 >> 8); - uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); - uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint32_t x23 = (0x0 + x5); - uint32_t x24 = (x23 >> 8); - uint8_t x25 = (uint8_t)(x23 & UINT8_C(0xff)); - uint32_t x26 = (x24 >> 8); + uint32_t x15 = (x6 >> 8); + uint8_t x16 = (uint8_t)(x6 & UINT8_C(0xff)); + uint32_t x17 = (x15 >> 8); + uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); + uint8_t x19 = (uint8_t)(x17 >> 8); + uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); + uint8_t x21 = (uint8_t)(x19 & UINT8_C(0xff)); + uint32_t x22 = (x5 >> 8); + uint8_t x23 = (uint8_t)(x5 & UINT8_C(0xff)); + uint32_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint8_t x26 = (uint8_t)(x24 >> 8); uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint8_t x28 = (uint8_t)(x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint8_t x30 = (uint8_t)(x28 & UINT8_C(0xff)); - uint32_t x31 = (0x0 + x4); - uint32_t x32 = (x31 >> 8); - uint8_t x33 = (uint8_t)(x31 & UINT8_C(0xff)); - uint32_t x34 = (x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - uint8_t x36 = (uint8_t)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); - uint32_t x39 = (0x0 + x3); - uint32_t x40 = (x39 >> 8); - uint8_t x41 = (uint8_t)(x39 & UINT8_C(0xff)); - uint32_t x42 = (x40 >> 8); - uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); - uint8_t x44 = (uint8_t)(x42 >> 8); - uint8_t x45 = (uint8_t)(x42 & UINT8_C(0xff)); - uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); - uint32_t x47 = (0x0 + x2); - uint32_t x48 = (x47 >> 8); + uint8_t x28 = (uint8_t)(x26 & UINT8_C(0xff)); + uint32_t x29 = (x4 >> 8); + uint8_t x30 = (uint8_t)(x4 & UINT8_C(0xff)); + uint32_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint8_t x33 = (uint8_t)(x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); + uint32_t x36 = (x3 >> 8); + uint8_t x37 = (uint8_t)(x3 & UINT8_C(0xff)); + uint32_t x38 = (x36 >> 8); + uint8_t x39 = (uint8_t)(x36 & UINT8_C(0xff)); + uint8_t x40 = (uint8_t)(x38 >> 8); + uint8_t x41 = (uint8_t)(x38 & UINT8_C(0xff)); + uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); + uint32_t x43 = (x2 >> 8); + uint8_t x44 = (uint8_t)(x2 & UINT8_C(0xff)); + uint32_t x45 = (x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint8_t x47 = (uint8_t)(x45 >> 8); + uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); - uint32_t x50 = (x48 >> 8); - uint8_t x51 = (uint8_t)(x48 & UINT8_C(0xff)); - uint8_t x52 = (uint8_t)(x50 >> 8); + uint32_t x50 = (x1 >> 8); + uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff)); + uint32_t x52 = (x50 >> 8); uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); - uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint32_t x55 = (0x0 + x1); - uint32_t x56 = (x55 >> 8); - uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); - uint32_t x58 = (x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - uint8_t x60 = (uint8_t)(x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x54 = (uint8_t)(x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); out1[0] = x9; out1[1] = x11; out1[2] = x13; out1[3] = x14; - out1[4] = x17; - out1[5] = x19; - out1[6] = x21; - out1[7] = x22; - out1[8] = x25; - out1[9] = x27; - out1[10] = x29; - out1[11] = x30; - out1[12] = x33; - out1[13] = x35; - out1[14] = x37; - out1[15] = x38; - out1[16] = x41; - out1[17] = x43; - out1[18] = x45; - out1[19] = x46; - out1[20] = x49; - out1[21] = x51; - out1[22] = x53; - out1[23] = x54; - out1[24] = x57; - out1[25] = x59; - out1[26] = x61; - out1[27] = x60; + out1[4] = x16; + out1[5] = x18; + out1[6] = x20; + out1[7] = x21; + out1[8] = x23; + out1[9] = x25; + out1[10] = x27; + out1[11] = x28; + out1[12] = x30; + out1[13] = x32; + out1[14] = x34; + out1[15] = x35; + out1[16] = x37; + out1[17] = x39; + out1[18] = x41; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x51; + out1[25] = x53; + out1[26] = x55; + out1[27] = x54; } /* @@ -2752,23 +2746,17 @@ static void fiat_p224_from_bytes(uint32_t out1[7], const uint8_t arg1[28]) { uint32_t x34 = (x16 + (x15 + (x14 + x13))); uint32_t x35 = (x20 + (x19 + (x18 + x17))); uint32_t x36 = (x24 + (x23 + (x22 + x21))); - uint32_t x37 = (0x0 + x36); - uint32_t x38 = (x37 & UINT32_C(0xffffffff)); - uint32_t x39 = (0x0 + x35); - uint32_t x40 = (x39 & UINT32_C(0xffffffff)); - uint32_t x41 = (0x0 + x34); - uint32_t x42 = (x41 & UINT32_C(0xffffffff)); - uint32_t x43 = (0x0 + x33); - uint32_t x44 = (x43 & UINT32_C(0xffffffff)); - uint32_t x45 = (0x0 + x32); - uint32_t x46 = (x45 & UINT32_C(0xffffffff)); - uint32_t x47 = (0x0 + x31); + uint32_t x37 = (x36 & UINT32_C(0xffffffff)); + uint32_t x38 = (x35 & UINT32_C(0xffffffff)); + uint32_t x39 = (x34 & UINT32_C(0xffffffff)); + uint32_t x40 = (x33 & UINT32_C(0xffffffff)); + uint32_t x41 = (x32 & UINT32_C(0xffffffff)); out1[0] = x30; - out1[1] = x38; - out1[2] = x40; - out1[3] = x42; - out1[4] = x44; - out1[5] = x46; - out1[6] = x47; + out1[1] = x37; + out1[2] = x38; + out1[3] = x39; + out1[4] = x40; + out1[5] = x41; + out1[6] = x31; } diff --git a/p224_64.c b/p224_64.c index 05e0e02af3..25c2d295e7 100644 --- a/p224_64.c +++ b/p224_64.c @@ -1163,25 +1163,25 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x20 = (0x0 + x3); - uint64_t x21 = (x20 >> 8); - uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint64_t x23 = (x21 >> 8); - uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x25 = (x23 >> 8); - uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x27 = (x25 >> 8); - uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint64_t x29 = (x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint64_t x31 = (x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint8_t x33 = (uint8_t)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); - uint64_t x36 = (0x0 + x2); - uint64_t x37 = (x36 >> 8); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x20 = (x3 >> 8); + uint8_t x21 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x22 = (x20 >> 8); + uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint8_t x32 = (uint8_t)(x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint64_t x35 = (x2 >> 8); + uint8_t x36 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x37 = (x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); uint64_t x39 = (x37 >> 8); uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); @@ -1190,19 +1190,16 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); uint64_t x45 = (x43 >> 8); uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); - uint64_t x47 = (x45 >> 8); + uint8_t x47 = (uint8_t)(x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); - uint64_t x52 = (0x0 + x1); - uint64_t x53 = (x52 >> 8); - uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint64_t x55 = (x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint8_t x57 = (uint8_t)(x55 >> 8); - uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - uint8_t x59 = (uint8_t)(x57 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); + uint64_t x50 = (x1 >> 8); + uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x52 = (x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); + uint8_t x54 = (uint8_t)(x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint8_t x56 = (uint8_t)(x54 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1211,26 +1208,26 @@ static void fiat_p224_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[5] = x16; out1[6] = x18; out1[7] = x19; - out1[8] = x22; - out1[9] = x24; - out1[10] = x26; - out1[11] = x28; - out1[12] = x30; - out1[13] = x32; - out1[14] = x34; - out1[15] = x35; - out1[16] = x38; - out1[17] = x40; - out1[18] = x42; - out1[19] = x44; - out1[20] = x46; - out1[21] = x48; - out1[22] = x50; - out1[23] = x51; - out1[24] = x54; - out1[25] = x56; - out1[26] = x58; - out1[27] = x59; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x27; + out1[12] = x29; + out1[13] = x31; + out1[14] = x33; + out1[15] = x34; + out1[16] = x36; + out1[17] = x38; + out1[18] = x40; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x51; + out1[25] = x53; + out1[26] = x55; + out1[27] = x56; out1[28] = 0x0; out1[29] = 0x0; out1[30] = 0x0; @@ -1274,17 +1271,14 @@ static void fiat_p224_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { uint8_t x28 = (arg1[0]); uint64_t x29 = (x28 + (x27 + (x26 + (x25 + (x24 + (x23 + (x22 + x21))))))); uint64_t x30 = (x29 & UINT64_C(0xffffffffffffffff)); - uint64_t x31 = (x4 + (x3 + (x2 + (x1 + (uint64_t)0x0)))); + uint64_t x31 = (x4 + (x3 + (x2 + x1))); uint64_t x32 = (x12 + (x11 + (x10 + (x9 + (x8 + (x7 + (x6 + x5))))))); uint64_t x33 = (x20 + (x19 + (x18 + (x17 + (x16 + (x15 + (x14 + x13))))))); - uint64_t x34 = (0x0 + x33); - uint64_t x35 = (x34 & UINT64_C(0xffffffffffffffff)); - uint64_t x36 = (0x0 + x32); - uint64_t x37 = (x36 & UINT64_C(0xffffffffffffffff)); - uint64_t x38 = (0x0 + x31); + uint64_t x34 = (x33 & UINT64_C(0xffffffffffffffff)); + uint64_t x35 = (x32 & UINT64_C(0xffffffffffffffff)); out1[0] = x30; - out1[1] = x35; - out1[2] = x37; - out1[3] = x38; + out1[1] = x34; + out1[2] = x35; + out1[3] = x31; } diff --git a/p256_32.c b/p256_32.c index fe0bf4cbc0..faaa0b04e4 100644 --- a/p256_32.c +++ b/p256_32.c @@ -3072,93 +3072,86 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint8_t x13 = (uint8_t)(x11 >> 8); uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); uint8_t x15 = (uint8_t)(x13 & UINT8_C(0xff)); - uint32_t x16 = (0x0 + x7); - uint32_t x17 = (x16 >> 8); - uint8_t x18 = (uint8_t)(x16 & UINT8_C(0xff)); - uint32_t x19 = (x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint8_t x21 = (uint8_t)(x19 >> 8); - uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint32_t x24 = (0x0 + x6); - uint32_t x25 = (x24 >> 8); - uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); - uint32_t x27 = (x25 >> 8); + uint32_t x16 = (x7 >> 8); + uint8_t x17 = (uint8_t)(x7 & UINT8_C(0xff)); + uint32_t x18 = (x16 >> 8); + uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); + uint8_t x20 = (uint8_t)(x18 >> 8); + uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint32_t x23 = (x6 >> 8); + uint8_t x24 = (uint8_t)(x6 & UINT8_C(0xff)); + uint32_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint8_t x27 = (uint8_t)(x25 >> 8); uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint8_t x29 = (uint8_t)(x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint8_t x31 = (uint8_t)(x29 & UINT8_C(0xff)); - uint32_t x32 = (0x0 + x5); - uint32_t x33 = (x32 >> 8); - uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); - uint32_t x35 = (x33 >> 8); - uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); - uint8_t x37 = (uint8_t)(x35 >> 8); - uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); - uint8_t x39 = (uint8_t)(x37 & UINT8_C(0xff)); - uint32_t x40 = (0x0 + x4); - uint32_t x41 = (x40 >> 8); - uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); - uint32_t x43 = (x41 >> 8); - uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); - uint8_t x45 = (uint8_t)(x43 >> 8); - uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); - uint8_t x47 = (uint8_t)(x45 & UINT8_C(0xff)); - uint32_t x48 = (0x0 + x3); - uint32_t x49 = (x48 >> 8); + uint8_t x29 = (uint8_t)(x27 & UINT8_C(0xff)); + uint32_t x30 = (x5 >> 8); + uint8_t x31 = (uint8_t)(x5 & UINT8_C(0xff)); + uint32_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 & UINT8_C(0xff)); + uint32_t x37 = (x4 >> 8); + uint8_t x38 = (uint8_t)(x4 & UINT8_C(0xff)); + uint32_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); + uint8_t x41 = (uint8_t)(x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); + uint32_t x44 = (x3 >> 8); + uint8_t x45 = (uint8_t)(x3 & UINT8_C(0xff)); + uint32_t x46 = (x44 >> 8); + uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); + uint8_t x48 = (uint8_t)(x46 >> 8); + uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); - uint32_t x51 = (x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint8_t x53 = (uint8_t)(x51 >> 8); + uint32_t x51 = (x2 >> 8); + uint8_t x52 = (uint8_t)(x2 & UINT8_C(0xff)); + uint32_t x53 = (x51 >> 8); uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - uint8_t x55 = (uint8_t)(x53 & UINT8_C(0xff)); - uint32_t x56 = (0x0 + x2); - uint32_t x57 = (x56 >> 8); - uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff)); - uint32_t x59 = (x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint8_t x61 = (uint8_t)(x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint8_t x63 = (uint8_t)(x61 & UINT8_C(0xff)); - uint32_t x64 = (0x0 + x1); - uint32_t x65 = (x64 >> 8); - uint8_t x66 = (uint8_t)(x64 & UINT8_C(0xff)); - uint32_t x67 = (x65 >> 8); - uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - uint8_t x69 = (uint8_t)(x67 >> 8); - uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); + uint8_t x55 = (uint8_t)(x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); + uint32_t x58 = (x1 >> 8); + uint8_t x59 = (uint8_t)(x1 & UINT8_C(0xff)); + uint32_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x15; - out1[4] = x18; - out1[5] = x20; - out1[6] = x22; - out1[7] = x23; - out1[8] = x26; - out1[9] = x28; - out1[10] = x30; - out1[11] = x31; - out1[12] = x34; - out1[13] = x36; - out1[14] = x38; - out1[15] = x39; - out1[16] = x42; - out1[17] = x44; - out1[18] = x46; - out1[19] = x47; - out1[20] = x50; - out1[21] = x52; - out1[22] = x54; - out1[23] = x55; - out1[24] = x58; - out1[25] = x60; - out1[26] = x62; - out1[27] = x63; - out1[28] = x66; - out1[29] = x68; - out1[30] = x70; - out1[31] = x69; + out1[4] = x17; + out1[5] = x19; + out1[6] = x21; + out1[7] = x22; + out1[8] = x24; + out1[9] = x26; + out1[10] = x28; + out1[11] = x29; + out1[12] = x31; + out1[13] = x33; + out1[14] = x35; + out1[15] = x36; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x43; + out1[20] = x45; + out1[21] = x47; + out1[22] = x49; + out1[23] = x50; + out1[24] = x52; + out1[25] = x54; + out1[26] = x56; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; } /* @@ -3209,26 +3202,19 @@ static void fiat_p256_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) { uint32_t x39 = (x20 + (x19 + (x18 + x17))); uint32_t x40 = (x24 + (x23 + (x22 + x21))); uint32_t x41 = (x28 + (x27 + (x26 + x25))); - uint32_t x42 = (0x0 + x41); - uint32_t x43 = (x42 & UINT32_C(0xffffffff)); - uint32_t x44 = (0x0 + x40); - uint32_t x45 = (x44 & UINT32_C(0xffffffff)); - uint32_t x46 = (0x0 + x39); - uint32_t x47 = (x46 & UINT32_C(0xffffffff)); - uint32_t x48 = (0x0 + x38); - uint32_t x49 = (x48 & UINT32_C(0xffffffff)); - uint32_t x50 = (0x0 + x37); - uint32_t x51 = (x50 & UINT32_C(0xffffffff)); - uint32_t x52 = (0x0 + x36); - uint32_t x53 = (x52 & UINT32_C(0xffffffff)); - uint32_t x54 = (0x0 + x35); + uint32_t x42 = (x41 & UINT32_C(0xffffffff)); + uint32_t x43 = (x40 & UINT32_C(0xffffffff)); + uint32_t x44 = (x39 & UINT32_C(0xffffffff)); + uint32_t x45 = (x38 & UINT32_C(0xffffffff)); + uint32_t x46 = (x37 & UINT32_C(0xffffffff)); + uint32_t x47 = (x36 & UINT32_C(0xffffffff)); out1[0] = x34; - out1[1] = x43; - out1[2] = x45; - out1[3] = x47; - out1[4] = x49; - out1[5] = x51; - out1[6] = x53; - out1[7] = x54; + out1[1] = x42; + out1[2] = x43; + out1[3] = x44; + out1[4] = x45; + out1[5] = x46; + out1[6] = x47; + out1[7] = x35; } diff --git a/p256_64.c b/p256_64.c index 018092b3f4..8e449c6b9c 100644 --- a/p256_64.c +++ b/p256_64.c @@ -1079,25 +1079,25 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x20 = (0x0 + x3); - uint64_t x21 = (x20 >> 8); - uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint64_t x23 = (x21 >> 8); - uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x25 = (x23 >> 8); - uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x27 = (x25 >> 8); - uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint64_t x29 = (x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint64_t x31 = (x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint8_t x33 = (uint8_t)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); - uint64_t x36 = (0x0 + x2); - uint64_t x37 = (x36 >> 8); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x20 = (x3 >> 8); + uint8_t x21 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x22 = (x20 >> 8); + uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint8_t x32 = (uint8_t)(x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint64_t x35 = (x2 >> 8); + uint8_t x36 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x37 = (x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); uint64_t x39 = (x37 >> 8); uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); @@ -1106,26 +1106,23 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); uint64_t x45 = (x43 >> 8); uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); - uint64_t x47 = (x45 >> 8); + uint8_t x47 = (uint8_t)(x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); - uint64_t x52 = (0x0 + x1); - uint64_t x53 = (x52 >> 8); - uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint64_t x55 = (x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint64_t x57 = (x55 >> 8); - uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x59 = (x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint64_t x61 = (x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint64_t x63 = (x61 >> 8); - uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); - uint8_t x65 = (uint8_t)(x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); + uint64_t x50 = (x1 >> 8); + uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x52 = (x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); + uint64_t x54 = (x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x56 = (x54 >> 8); + uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1134,30 +1131,30 @@ static void fiat_p256_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[5] = x16; out1[6] = x18; out1[7] = x19; - out1[8] = x22; - out1[9] = x24; - out1[10] = x26; - out1[11] = x28; - out1[12] = x30; - out1[13] = x32; - out1[14] = x34; - out1[15] = x35; - out1[16] = x38; - out1[17] = x40; - out1[18] = x42; - out1[19] = x44; - out1[20] = x46; - out1[21] = x48; - out1[22] = x50; - out1[23] = x51; - out1[24] = x54; - out1[25] = x56; - out1[26] = x58; - out1[27] = x60; - out1[28] = x62; - out1[29] = x64; - out1[30] = x66; - out1[31] = x65; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x27; + out1[12] = x29; + out1[13] = x31; + out1[14] = x33; + out1[15] = x34; + out1[16] = x36; + out1[17] = x38; + out1[18] = x40; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x51; + out1[25] = x53; + out1[26] = x55; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; } /* @@ -1204,14 +1201,11 @@ static void fiat_p256_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) { uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x38 = (0x0 + x37); - uint64_t x39 = (x38 & UINT64_C(0xffffffffffffffff)); - uint64_t x40 = (0x0 + x36); - uint64_t x41 = (x40 & UINT64_C(0xffffffffffffffff)); - uint64_t x42 = (0x0 + x35); + uint64_t x38 = (x37 & UINT64_C(0xffffffffffffffff)); + uint64_t x39 = (x36 & UINT64_C(0xffffffffffffffff)); out1[0] = x34; - out1[1] = x39; - out1[2] = x41; - out1[3] = x42; + out1[1] = x38; + out1[2] = x39; + out1[3] = x35; } diff --git a/p384_32.c b/p384_32.c index 9dc2368dd4..45614448ff 100644 --- a/p384_32.c +++ b/p384_32.c @@ -7265,141 +7265,130 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint32_t arg1[12]) { uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint32_t x20 = (0x0 + x11); - uint32_t x21 = (x20 >> 8); - uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint32_t x23 = (x21 >> 8); - uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); - uint8_t x25 = (uint8_t)(x23 >> 8); - uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); - uint8_t x27 = (uint8_t)(x25 & UINT8_C(0xff)); - uint32_t x28 = (0x0 + x10); - uint32_t x29 = (x28 >> 8); - uint8_t x30 = (uint8_t)(x28 & UINT8_C(0xff)); - uint32_t x31 = (x29 >> 8); + uint32_t x20 = (x11 >> 8); + uint8_t x21 = (uint8_t)(x11 & UINT8_C(0xff)); + uint32_t x22 = (x20 >> 8); + uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); + uint8_t x24 = (uint8_t)(x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); + uint32_t x27 = (x10 >> 8); + uint8_t x28 = (uint8_t)(x10 & UINT8_C(0xff)); + uint32_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint8_t x31 = (uint8_t)(x29 >> 8); uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint8_t x33 = (uint8_t)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); - uint32_t x36 = (0x0 + x9); - uint32_t x37 = (x36 >> 8); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); - uint32_t x39 = (x37 >> 8); - uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); - uint8_t x41 = (uint8_t)(x39 >> 8); - uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); - uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); - uint32_t x44 = (0x0 + x8); - uint32_t x45 = (x44 >> 8); - uint8_t x46 = (uint8_t)(x44 & UINT8_C(0xff)); - uint32_t x47 = (x45 >> 8); - uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); - uint32_t x52 = (0x0 + x7); - uint32_t x53 = (x52 >> 8); + uint8_t x33 = (uint8_t)(x31 & UINT8_C(0xff)); + uint32_t x34 = (x9 >> 8); + uint8_t x35 = (uint8_t)(x9 & UINT8_C(0xff)); + uint32_t x36 = (x34 >> 8); + uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); + uint8_t x38 = (uint8_t)(x36 >> 8); + uint8_t x39 = (uint8_t)(x36 & UINT8_C(0xff)); + uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint32_t x41 = (x8 >> 8); + uint8_t x42 = (uint8_t)(x8 & UINT8_C(0xff)); + uint32_t x43 = (x41 >> 8); + uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); + uint8_t x45 = (uint8_t)(x43 >> 8); + uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); + uint8_t x47 = (uint8_t)(x45 & UINT8_C(0xff)); + uint32_t x48 = (x7 >> 8); + uint8_t x49 = (uint8_t)(x7 & UINT8_C(0xff)); + uint32_t x50 = (x48 >> 8); + uint8_t x51 = (uint8_t)(x48 & UINT8_C(0xff)); + uint8_t x52 = (uint8_t)(x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint32_t x55 = (x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint8_t x57 = (uint8_t)(x55 >> 8); + uint32_t x55 = (x6 >> 8); + uint8_t x56 = (uint8_t)(x6 & UINT8_C(0xff)); + uint32_t x57 = (x55 >> 8); uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - uint8_t x59 = (uint8_t)(x57 & UINT8_C(0xff)); - uint32_t x60 = (0x0 + x6); - uint32_t x61 = (x60 >> 8); - uint8_t x62 = (uint8_t)(x60 & UINT8_C(0xff)); - uint32_t x63 = (x61 >> 8); - uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); - uint8_t x65 = (uint8_t)(x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); - uint8_t x67 = (uint8_t)(x65 & UINT8_C(0xff)); - uint32_t x68 = (0x0 + x5); - uint32_t x69 = (x68 >> 8); - uint8_t x70 = (uint8_t)(x68 & UINT8_C(0xff)); + uint8_t x59 = (uint8_t)(x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint8_t x61 = (uint8_t)(x59 & UINT8_C(0xff)); + uint32_t x62 = (x5 >> 8); + uint8_t x63 = (uint8_t)(x5 & UINT8_C(0xff)); + uint32_t x64 = (x62 >> 8); + uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); + uint8_t x66 = (uint8_t)(x64 >> 8); + uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); + uint8_t x68 = (uint8_t)(x66 & UINT8_C(0xff)); + uint32_t x69 = (x4 >> 8); + uint8_t x70 = (uint8_t)(x4 & UINT8_C(0xff)); uint32_t x71 = (x69 >> 8); uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff)); uint8_t x73 = (uint8_t)(x71 >> 8); uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); uint8_t x75 = (uint8_t)(x73 & UINT8_C(0xff)); - uint32_t x76 = (0x0 + x4); - uint32_t x77 = (x76 >> 8); - uint8_t x78 = (uint8_t)(x76 & UINT8_C(0xff)); - uint32_t x79 = (x77 >> 8); - uint8_t x80 = (uint8_t)(x77 & UINT8_C(0xff)); - uint8_t x81 = (uint8_t)(x79 >> 8); - uint8_t x82 = (uint8_t)(x79 & UINT8_C(0xff)); - uint8_t x83 = (uint8_t)(x81 & UINT8_C(0xff)); - uint32_t x84 = (0x0 + x3); - uint32_t x85 = (x84 >> 8); - uint8_t x86 = (uint8_t)(x84 & UINT8_C(0xff)); - uint32_t x87 = (x85 >> 8); + uint32_t x76 = (x3 >> 8); + uint8_t x77 = (uint8_t)(x3 & UINT8_C(0xff)); + uint32_t x78 = (x76 >> 8); + uint8_t x79 = (uint8_t)(x76 & UINT8_C(0xff)); + uint8_t x80 = (uint8_t)(x78 >> 8); + uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); + uint8_t x82 = (uint8_t)(x80 & UINT8_C(0xff)); + uint32_t x83 = (x2 >> 8); + uint8_t x84 = (uint8_t)(x2 & UINT8_C(0xff)); + uint32_t x85 = (x83 >> 8); + uint8_t x86 = (uint8_t)(x83 & UINT8_C(0xff)); + uint8_t x87 = (uint8_t)(x85 >> 8); uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); - uint8_t x89 = (uint8_t)(x87 >> 8); - uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); - uint8_t x91 = (uint8_t)(x89 & UINT8_C(0xff)); - uint32_t x92 = (0x0 + x2); - uint32_t x93 = (x92 >> 8); - uint8_t x94 = (uint8_t)(x92 & UINT8_C(0xff)); - uint32_t x95 = (x93 >> 8); - uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); - uint8_t x97 = (uint8_t)(x95 >> 8); - uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); - uint8_t x99 = (uint8_t)(x97 & UINT8_C(0xff)); - uint32_t x100 = (0x0 + x1); - uint32_t x101 = (x100 >> 8); - uint8_t x102 = (uint8_t)(x100 & UINT8_C(0xff)); - uint32_t x103 = (x101 >> 8); - uint8_t x104 = (uint8_t)(x101 & UINT8_C(0xff)); - uint8_t x105 = (uint8_t)(x103 >> 8); - uint8_t x106 = (uint8_t)(x103 & UINT8_C(0xff)); + uint8_t x89 = (uint8_t)(x87 & UINT8_C(0xff)); + uint32_t x90 = (x1 >> 8); + uint8_t x91 = (uint8_t)(x1 & UINT8_C(0xff)); + uint32_t x92 = (x90 >> 8); + uint8_t x93 = (uint8_t)(x90 & UINT8_C(0xff)); + uint8_t x94 = (uint8_t)(x92 >> 8); + uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); out1[0] = x14; out1[1] = x16; out1[2] = x18; out1[3] = x19; - out1[4] = x22; - out1[5] = x24; - out1[6] = x26; - out1[7] = x27; - out1[8] = x30; - out1[9] = x32; - out1[10] = x34; - out1[11] = x35; - out1[12] = x38; - out1[13] = x40; - out1[14] = x42; - out1[15] = x43; - out1[16] = x46; - out1[17] = x48; - out1[18] = x50; - out1[19] = x51; - out1[20] = x54; - out1[21] = x56; - out1[22] = x58; - out1[23] = x59; - out1[24] = x62; - out1[25] = x64; - out1[26] = x66; - out1[27] = x67; - out1[28] = x70; - out1[29] = x72; - out1[30] = x74; - out1[31] = x75; - out1[32] = x78; - out1[33] = x80; - out1[34] = x82; - out1[35] = x83; - out1[36] = x86; - out1[37] = x88; - out1[38] = x90; - out1[39] = x91; - out1[40] = x94; - out1[41] = x96; - out1[42] = x98; - out1[43] = x99; - out1[44] = x102; - out1[45] = x104; - out1[46] = x106; - out1[47] = x105; + out1[4] = x21; + out1[5] = x23; + out1[6] = x25; + out1[7] = x26; + out1[8] = x28; + out1[9] = x30; + out1[10] = x32; + out1[11] = x33; + out1[12] = x35; + out1[13] = x37; + out1[14] = x39; + out1[15] = x40; + out1[16] = x42; + out1[17] = x44; + out1[18] = x46; + out1[19] = x47; + out1[20] = x49; + out1[21] = x51; + out1[22] = x53; + out1[23] = x54; + out1[24] = x56; + out1[25] = x58; + out1[26] = x60; + out1[27] = x61; + out1[28] = x63; + out1[29] = x65; + out1[30] = x67; + out1[31] = x68; + out1[32] = x70; + out1[33] = x72; + out1[34] = x74; + out1[35] = x75; + out1[36] = x77; + out1[37] = x79; + out1[38] = x81; + out1[39] = x82; + out1[40] = x84; + out1[41] = x86; + out1[42] = x88; + out1[43] = x89; + out1[44] = x91; + out1[45] = x93; + out1[46] = x95; + out1[47] = x94; } /* @@ -7470,38 +7459,27 @@ static void fiat_p384_from_bytes(uint32_t out1[12], const uint8_t arg1[48]) { uint32_t x59 = (x36 + (x35 + (x34 + x33))); uint32_t x60 = (x40 + (x39 + (x38 + x37))); uint32_t x61 = (x44 + (x43 + (x42 + x41))); - uint32_t x62 = (0x0 + x61); - uint32_t x63 = (x62 & UINT32_C(0xffffffff)); - uint32_t x64 = (0x0 + x60); - uint32_t x65 = (x64 & UINT32_C(0xffffffff)); - uint32_t x66 = (0x0 + x59); - uint32_t x67 = (x66 & UINT32_C(0xffffffff)); - uint32_t x68 = (0x0 + x58); - uint32_t x69 = (x68 & UINT32_C(0xffffffff)); - uint32_t x70 = (0x0 + x57); - uint32_t x71 = (x70 & UINT32_C(0xffffffff)); - uint32_t x72 = (0x0 + x56); - uint32_t x73 = (x72 & UINT32_C(0xffffffff)); - uint32_t x74 = (0x0 + x55); - uint32_t x75 = (x74 & UINT32_C(0xffffffff)); - uint32_t x76 = (0x0 + x54); - uint32_t x77 = (x76 & UINT32_C(0xffffffff)); - uint32_t x78 = (0x0 + x53); - uint32_t x79 = (x78 & UINT32_C(0xffffffff)); - uint32_t x80 = (0x0 + x52); - uint32_t x81 = (x80 & UINT32_C(0xffffffff)); - uint32_t x82 = (0x0 + x51); + uint32_t x62 = (x61 & UINT32_C(0xffffffff)); + uint32_t x63 = (x60 & UINT32_C(0xffffffff)); + uint32_t x64 = (x59 & UINT32_C(0xffffffff)); + uint32_t x65 = (x58 & UINT32_C(0xffffffff)); + uint32_t x66 = (x57 & UINT32_C(0xffffffff)); + uint32_t x67 = (x56 & UINT32_C(0xffffffff)); + uint32_t x68 = (x55 & UINT32_C(0xffffffff)); + uint32_t x69 = (x54 & UINT32_C(0xffffffff)); + uint32_t x70 = (x53 & UINT32_C(0xffffffff)); + uint32_t x71 = (x52 & UINT32_C(0xffffffff)); out1[0] = x50; - out1[1] = x63; - out1[2] = x65; - out1[3] = x67; - out1[4] = x69; - out1[5] = x71; - out1[6] = x73; - out1[7] = x75; - out1[8] = x77; - out1[9] = x79; - out1[10] = x81; - out1[11] = x82; + out1[1] = x62; + out1[2] = x63; + out1[3] = x64; + out1[4] = x65; + out1[5] = x66; + out1[6] = x67; + out1[7] = x68; + out1[8] = x69; + out1[9] = x70; + out1[10] = x71; + out1[11] = x51; } diff --git a/p384_64.c b/p384_64.c index 906996746a..e5cc086285 100644 --- a/p384_64.c +++ b/p384_64.c @@ -2364,25 +2364,25 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { uint8_t x19 = (uint8_t)(x17 >> 8); uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); uint8_t x21 = (uint8_t)(x19 & UINT8_C(0xff)); - uint64_t x22 = (0x0 + x5); - uint64_t x23 = (x22 >> 8); - uint8_t x24 = (uint8_t)(x22 & UINT8_C(0xff)); - uint64_t x25 = (x23 >> 8); - uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x27 = (x25 >> 8); - uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint64_t x29 = (x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint64_t x31 = (x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint64_t x33 = (x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 >> 8); - uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); - uint8_t x37 = (uint8_t)(x35 & UINT8_C(0xff)); - uint64_t x38 = (0x0 + x4); - uint64_t x39 = (x38 >> 8); - uint8_t x40 = (uint8_t)(x38 & UINT8_C(0xff)); + uint64_t x22 = (x5 >> 8); + uint8_t x23 = (uint8_t)(x5 & UINT8_C(0xff)); + uint64_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint64_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 & UINT8_C(0xff)); + uint64_t x37 = (x4 >> 8); + uint8_t x38 = (uint8_t)(x4 & UINT8_C(0xff)); + uint64_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); uint64_t x43 = (x41 >> 8); @@ -2391,58 +2391,53 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); uint64_t x47 = (x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint64_t x49 = (x47 >> 8); + uint8_t x49 = (uint8_t)(x47 >> 8); uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint8_t x53 = (uint8_t)(x51 & UINT8_C(0xff)); - uint64_t x54 = (0x0 + x3); - uint64_t x55 = (x54 >> 8); - uint8_t x56 = (uint8_t)(x54 & UINT8_C(0xff)); - uint64_t x57 = (x55 >> 8); - uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x59 = (x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint64_t x61 = (x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint64_t x63 = (x61 >> 8); - uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); - uint64_t x65 = (x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); - uint8_t x67 = (uint8_t)(x65 >> 8); - uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - uint8_t x69 = (uint8_t)(x67 & UINT8_C(0xff)); - uint64_t x70 = (0x0 + x2); - uint64_t x71 = (x70 >> 8); - uint8_t x72 = (uint8_t)(x70 & UINT8_C(0xff)); + uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); + uint64_t x52 = (x3 >> 8); + uint8_t x53 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x54 = (x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x56 = (x54 >> 8); + uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint64_t x62 = (x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); + uint8_t x64 = (uint8_t)(x62 >> 8); + uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); + uint8_t x66 = (uint8_t)(x64 & UINT8_C(0xff)); + uint64_t x67 = (x2 >> 8); + uint8_t x68 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x69 = (x67 >> 8); + uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); + uint64_t x71 = (x69 >> 8); + uint8_t x72 = (uint8_t)(x69 & UINT8_C(0xff)); uint64_t x73 = (x71 >> 8); uint8_t x74 = (uint8_t)(x71 & UINT8_C(0xff)); uint64_t x75 = (x73 >> 8); uint8_t x76 = (uint8_t)(x73 & UINT8_C(0xff)); uint64_t x77 = (x75 >> 8); uint8_t x78 = (uint8_t)(x75 & UINT8_C(0xff)); - uint64_t x79 = (x77 >> 8); + uint8_t x79 = (uint8_t)(x77 >> 8); uint8_t x80 = (uint8_t)(x77 & UINT8_C(0xff)); - uint64_t x81 = (x79 >> 8); - uint8_t x82 = (uint8_t)(x79 & UINT8_C(0xff)); - uint8_t x83 = (uint8_t)(x81 >> 8); - uint8_t x84 = (uint8_t)(x81 & UINT8_C(0xff)); - uint8_t x85 = (uint8_t)(x83 & UINT8_C(0xff)); - uint64_t x86 = (0x0 + x1); - uint64_t x87 = (x86 >> 8); - uint8_t x88 = (uint8_t)(x86 & UINT8_C(0xff)); - uint64_t x89 = (x87 >> 8); - uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); - uint64_t x91 = (x89 >> 8); - uint8_t x92 = (uint8_t)(x89 & UINT8_C(0xff)); - uint64_t x93 = (x91 >> 8); - uint8_t x94 = (uint8_t)(x91 & UINT8_C(0xff)); - uint64_t x95 = (x93 >> 8); - uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); - uint64_t x97 = (x95 >> 8); - uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); - uint8_t x99 = (uint8_t)(x97 >> 8); - uint8_t x100 = (uint8_t)(x97 & UINT8_C(0xff)); + uint8_t x81 = (uint8_t)(x79 & UINT8_C(0xff)); + uint64_t x82 = (x1 >> 8); + uint8_t x83 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x84 = (x82 >> 8); + uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff)); + uint64_t x86 = (x84 >> 8); + uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff)); + uint64_t x88 = (x86 >> 8); + uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); + uint64_t x90 = (x88 >> 8); + uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); + uint64_t x92 = (x90 >> 8); + uint8_t x93 = (uint8_t)(x90 & UINT8_C(0xff)); + uint8_t x94 = (uint8_t)(x92 >> 8); + uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); out1[0] = x8; out1[1] = x10; out1[2] = x12; @@ -2451,46 +2446,46 @@ static void fiat_p384_to_bytes(uint8_t out1[48], const uint64_t arg1[6]) { out1[5] = x18; out1[6] = x20; out1[7] = x21; - out1[8] = x24; - out1[9] = x26; - out1[10] = x28; - out1[11] = x30; - out1[12] = x32; - out1[13] = x34; - out1[14] = x36; - out1[15] = x37; - out1[16] = x40; - out1[17] = x42; - out1[18] = x44; - out1[19] = x46; - out1[20] = x48; - out1[21] = x50; - out1[22] = x52; - out1[23] = x53; - out1[24] = x56; - out1[25] = x58; - out1[26] = x60; - out1[27] = x62; - out1[28] = x64; - out1[29] = x66; - out1[30] = x68; - out1[31] = x69; - out1[32] = x72; - out1[33] = x74; - out1[34] = x76; - out1[35] = x78; - out1[36] = x80; - out1[37] = x82; - out1[38] = x84; - out1[39] = x85; - out1[40] = x88; - out1[41] = x90; - out1[42] = x92; - out1[43] = x94; - out1[44] = x96; - out1[45] = x98; - out1[46] = x100; - out1[47] = x99; + out1[8] = x23; + out1[9] = x25; + out1[10] = x27; + out1[11] = x29; + out1[12] = x31; + out1[13] = x33; + out1[14] = x35; + out1[15] = x36; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x44; + out1[20] = x46; + out1[21] = x48; + out1[22] = x50; + out1[23] = x51; + out1[24] = x53; + out1[25] = x55; + out1[26] = x57; + out1[27] = x59; + out1[28] = x61; + out1[29] = x63; + out1[30] = x65; + out1[31] = x66; + out1[32] = x68; + out1[33] = x70; + out1[34] = x72; + out1[35] = x74; + out1[36] = x76; + out1[37] = x78; + out1[38] = x80; + out1[39] = x81; + out1[40] = x83; + out1[41] = x85; + out1[42] = x87; + out1[43] = x89; + out1[44] = x91; + out1[45] = x93; + out1[46] = x95; + out1[47] = x94; } /* @@ -2555,20 +2550,15 @@ static void fiat_p384_from_bytes(uint64_t out1[6], const uint8_t arg1[48]) { uint64_t x53 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); uint64_t x54 = (x32 + (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + x25))))))); uint64_t x55 = (x40 + (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + x33))))))); - uint64_t x56 = (0x0 + x55); - uint64_t x57 = (x56 & UINT64_C(0xffffffffffffffff)); - uint64_t x58 = (0x0 + x54); - uint64_t x59 = (x58 & UINT64_C(0xffffffffffffffff)); - uint64_t x60 = (0x0 + x53); - uint64_t x61 = (x60 & UINT64_C(0xffffffffffffffff)); - uint64_t x62 = (0x0 + x52); - uint64_t x63 = (x62 & UINT64_C(0xffffffffffffffff)); - uint64_t x64 = (0x0 + x51); + uint64_t x56 = (x55 & UINT64_C(0xffffffffffffffff)); + uint64_t x57 = (x54 & UINT64_C(0xffffffffffffffff)); + uint64_t x58 = (x53 & UINT64_C(0xffffffffffffffff)); + uint64_t x59 = (x52 & UINT64_C(0xffffffffffffffff)); out1[0] = x50; - out1[1] = x57; - out1[2] = x59; - out1[3] = x61; - out1[4] = x63; - out1[5] = x64; + out1[1] = x56; + out1[2] = x57; + out1[3] = x58; + out1[4] = x59; + out1[5] = x51; } diff --git a/p484_64.c b/p484_64.c index 399ada567f..4a86b216a5 100644 --- a/p484_64.c +++ b/p484_64.c @@ -2960,25 +2960,25 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { uint8_t x20 = (uint8_t)(x18 >> 8); uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint64_t x23 = (0x0 + x6); - uint64_t x24 = (x23 >> 8); - uint8_t x25 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x26 = (x24 >> 8); - uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); - uint64_t x28 = (x26 >> 8); - uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); - uint64_t x30 = (x28 >> 8); - uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); - uint64_t x32 = (x30 >> 8); - uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); - uint64_t x34 = (x32 >> 8); - uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); - uint8_t x36 = (uint8_t)(x34 >> 8); - uint8_t x37 = (uint8_t)(x34 & UINT8_C(0xff)); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); - uint64_t x39 = (0x0 + x5); - uint64_t x40 = (x39 >> 8); - uint8_t x41 = (uint8_t)(x39 & UINT8_C(0xff)); + uint64_t x23 = (x6 >> 8); + uint8_t x24 = (uint8_t)(x6 & UINT8_C(0xff)); + uint64_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint64_t x27 = (x25 >> 8); + uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); + uint64_t x29 = (x27 >> 8); + uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); + uint64_t x31 = (x29 >> 8); + uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); + uint64_t x33 = (x31 >> 8); + uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); + uint8_t x35 = (uint8_t)(x33 >> 8); + uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); + uint8_t x37 = (uint8_t)(x35 & UINT8_C(0xff)); + uint64_t x38 = (x5 >> 8); + uint8_t x39 = (uint8_t)(x5 & UINT8_C(0xff)); + uint64_t x40 = (x38 >> 8); + uint8_t x41 = (uint8_t)(x38 & UINT8_C(0xff)); uint64_t x42 = (x40 >> 8); uint8_t x43 = (uint8_t)(x40 & UINT8_C(0xff)); uint64_t x44 = (x42 >> 8); @@ -2987,73 +2987,67 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); uint64_t x48 = (x46 >> 8); uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); - uint64_t x50 = (x48 >> 8); + uint8_t x50 = (uint8_t)(x48 >> 8); uint8_t x51 = (uint8_t)(x48 & UINT8_C(0xff)); - uint8_t x52 = (uint8_t)(x50 >> 8); - uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); - uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint64_t x55 = (0x0 + x4); - uint64_t x56 = (x55 >> 8); - uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x58 = (x56 >> 8); - uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); - uint64_t x60 = (x58 >> 8); - uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); - uint64_t x62 = (x60 >> 8); - uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); - uint64_t x64 = (x62 >> 8); - uint8_t x65 = (uint8_t)(x62 & UINT8_C(0xff)); - uint64_t x66 = (x64 >> 8); - uint8_t x67 = (uint8_t)(x64 & UINT8_C(0xff)); - uint8_t x68 = (uint8_t)(x66 >> 8); - uint8_t x69 = (uint8_t)(x66 & UINT8_C(0xff)); - uint8_t x70 = (uint8_t)(x68 & UINT8_C(0xff)); - uint64_t x71 = (0x0 + x3); - uint64_t x72 = (x71 >> 8); - uint8_t x73 = (uint8_t)(x71 & UINT8_C(0xff)); + uint8_t x52 = (uint8_t)(x50 & UINT8_C(0xff)); + uint64_t x53 = (x4 >> 8); + uint8_t x54 = (uint8_t)(x4 & UINT8_C(0xff)); + uint64_t x55 = (x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint64_t x57 = (x55 >> 8); + uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); + uint64_t x59 = (x57 >> 8); + uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); + uint64_t x61 = (x59 >> 8); + uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); + uint64_t x63 = (x61 >> 8); + uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); + uint8_t x65 = (uint8_t)(x63 >> 8); + uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); + uint8_t x67 = (uint8_t)(x65 & UINT8_C(0xff)); + uint64_t x68 = (x3 >> 8); + uint8_t x69 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x70 = (x68 >> 8); + uint8_t x71 = (uint8_t)(x68 & UINT8_C(0xff)); + uint64_t x72 = (x70 >> 8); + uint8_t x73 = (uint8_t)(x70 & UINT8_C(0xff)); uint64_t x74 = (x72 >> 8); uint8_t x75 = (uint8_t)(x72 & UINT8_C(0xff)); uint64_t x76 = (x74 >> 8); uint8_t x77 = (uint8_t)(x74 & UINT8_C(0xff)); uint64_t x78 = (x76 >> 8); uint8_t x79 = (uint8_t)(x76 & UINT8_C(0xff)); - uint64_t x80 = (x78 >> 8); + uint8_t x80 = (uint8_t)(x78 >> 8); uint8_t x81 = (uint8_t)(x78 & UINT8_C(0xff)); - uint64_t x82 = (x80 >> 8); - uint8_t x83 = (uint8_t)(x80 & UINT8_C(0xff)); - uint8_t x84 = (uint8_t)(x82 >> 8); - uint8_t x85 = (uint8_t)(x82 & UINT8_C(0xff)); - uint8_t x86 = (uint8_t)(x84 & UINT8_C(0xff)); - uint64_t x87 = (0x0 + x2); - uint64_t x88 = (x87 >> 8); - uint8_t x89 = (uint8_t)(x87 & UINT8_C(0xff)); - uint64_t x90 = (x88 >> 8); - uint8_t x91 = (uint8_t)(x88 & UINT8_C(0xff)); - uint64_t x92 = (x90 >> 8); - uint8_t x93 = (uint8_t)(x90 & UINT8_C(0xff)); - uint64_t x94 = (x92 >> 8); - uint8_t x95 = (uint8_t)(x92 & UINT8_C(0xff)); - uint64_t x96 = (x94 >> 8); - uint8_t x97 = (uint8_t)(x94 & UINT8_C(0xff)); - uint64_t x98 = (x96 >> 8); - uint8_t x99 = (uint8_t)(x96 & UINT8_C(0xff)); - uint8_t x100 = (uint8_t)(x98 >> 8); + uint8_t x82 = (uint8_t)(x80 & UINT8_C(0xff)); + uint64_t x83 = (x2 >> 8); + uint8_t x84 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x85 = (x83 >> 8); + uint8_t x86 = (uint8_t)(x83 & UINT8_C(0xff)); + uint64_t x87 = (x85 >> 8); + uint8_t x88 = (uint8_t)(x85 & UINT8_C(0xff)); + uint64_t x89 = (x87 >> 8); + uint8_t x90 = (uint8_t)(x87 & UINT8_C(0xff)); + uint64_t x91 = (x89 >> 8); + uint8_t x92 = (uint8_t)(x89 & UINT8_C(0xff)); + uint64_t x93 = (x91 >> 8); + uint8_t x94 = (uint8_t)(x91 & UINT8_C(0xff)); + uint8_t x95 = (uint8_t)(x93 >> 8); + uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); + uint8_t x97 = (uint8_t)(x95 & UINT8_C(0xff)); + uint64_t x98 = (x1 >> 8); + uint8_t x99 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x100 = (x98 >> 8); uint8_t x101 = (uint8_t)(x98 & UINT8_C(0xff)); - uint8_t x102 = (uint8_t)(x100 & UINT8_C(0xff)); - uint64_t x103 = (0x0 + x1); - uint64_t x104 = (x103 >> 8); - uint8_t x105 = (uint8_t)(x103 & UINT8_C(0xff)); + uint64_t x102 = (x100 >> 8); + uint8_t x103 = (uint8_t)(x100 & UINT8_C(0xff)); + uint64_t x104 = (x102 >> 8); + uint8_t x105 = (uint8_t)(x102 & UINT8_C(0xff)); uint64_t x106 = (x104 >> 8); uint8_t x107 = (uint8_t)(x104 & UINT8_C(0xff)); - uint64_t x108 = (x106 >> 8); + uint8_t x108 = (uint8_t)(x106 >> 8); uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); - uint64_t x110 = (x108 >> 8); - uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); - uint64_t x112 = (x110 >> 8); - uint8_t x113 = (uint8_t)(x110 & UINT8_C(0xff)); - uint8_t x114 = (uint8_t)(x112 >> 8); - uint8_t x115 = (uint8_t)(x112 & UINT8_C(0xff)); - uint8_t x116 = (uint8_t)(x114 & UINT8_C(0xff)); + uint8_t x110 = (uint8_t)(x108 & UINT8_C(0xff)); out1[0] = x9; out1[1] = x11; out1[2] = x13; @@ -3062,53 +3056,53 @@ static void fiat_p484_to_bytes(uint8_t out1[56], const uint64_t arg1[7]) { out1[5] = x19; out1[6] = x21; out1[7] = x22; - out1[8] = x25; - out1[9] = x27; - out1[10] = x29; - out1[11] = x31; - out1[12] = x33; - out1[13] = x35; - out1[14] = x37; - out1[15] = x38; - out1[16] = x41; - out1[17] = x43; - out1[18] = x45; - out1[19] = x47; - out1[20] = x49; - out1[21] = x51; - out1[22] = x53; - out1[23] = x54; - out1[24] = x57; - out1[25] = x59; - out1[26] = x61; - out1[27] = x63; - out1[28] = x65; - out1[29] = x67; - out1[30] = x69; - out1[31] = x70; - out1[32] = x73; - out1[33] = x75; - out1[34] = x77; - out1[35] = x79; - out1[36] = x81; - out1[37] = x83; - out1[38] = x85; - out1[39] = x86; - out1[40] = x89; - out1[41] = x91; - out1[42] = x93; - out1[43] = x95; - out1[44] = x97; - out1[45] = x99; - out1[46] = x101; - out1[47] = x102; - out1[48] = x105; - out1[49] = x107; - out1[50] = x109; - out1[51] = x111; - out1[52] = x113; - out1[53] = x115; - out1[54] = x116; + out1[8] = x24; + out1[9] = x26; + out1[10] = x28; + out1[11] = x30; + out1[12] = x32; + out1[13] = x34; + out1[14] = x36; + out1[15] = x37; + out1[16] = x39; + out1[17] = x41; + out1[18] = x43; + out1[19] = x45; + out1[20] = x47; + out1[21] = x49; + out1[22] = x51; + out1[23] = x52; + out1[24] = x54; + out1[25] = x56; + out1[26] = x58; + out1[27] = x60; + out1[28] = x62; + out1[29] = x64; + out1[30] = x66; + out1[31] = x67; + out1[32] = x69; + out1[33] = x71; + out1[34] = x73; + out1[35] = x75; + out1[36] = x77; + out1[37] = x79; + out1[38] = x81; + out1[39] = x82; + out1[40] = x84; + out1[41] = x86; + out1[42] = x88; + out1[43] = x90; + out1[44] = x92; + out1[45] = x94; + out1[46] = x96; + out1[47] = x97; + out1[48] = x99; + out1[49] = x101; + out1[50] = x103; + out1[51] = x105; + out1[52] = x107; + out1[53] = x109; + out1[54] = x110; out1[55] = 0x0; } @@ -3176,29 +3170,23 @@ static void fiat_p484_from_bytes(uint64_t out1[7], const uint8_t arg1[56]) { uint8_t x55 = (arg1[0]); uint64_t x56 = (x55 + (x54 + (x53 + (x52 + (x51 + (x50 + (x49 + x48))))))); uint64_t x57 = (x56 & UINT64_C(0xffffffffffffffff)); - uint64_t x58 = (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + (x1 + (uint64_t)0x0))))))); + uint64_t x58 = (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1)))))); uint64_t x59 = (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + (x9 + x8))))))); uint64_t x60 = (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + (x17 + x16))))))); uint64_t x61 = (x31 + (x30 + (x29 + (x28 + (x27 + (x26 + (x25 + x24))))))); uint64_t x62 = (x39 + (x38 + (x37 + (x36 + (x35 + (x34 + (x33 + x32))))))); uint64_t x63 = (x47 + (x46 + (x45 + (x44 + (x43 + (x42 + (x41 + x40))))))); - uint64_t x64 = (0x0 + x63); - uint64_t x65 = (x64 & UINT64_C(0xffffffffffffffff)); - uint64_t x66 = (0x0 + x62); - uint64_t x67 = (x66 & UINT64_C(0xffffffffffffffff)); - uint64_t x68 = (0x0 + x61); - uint64_t x69 = (x68 & UINT64_C(0xffffffffffffffff)); - uint64_t x70 = (0x0 + x60); - uint64_t x71 = (x70 & UINT64_C(0xffffffffffffffff)); - uint64_t x72 = (0x0 + x59); - uint64_t x73 = (x72 & UINT64_C(0xffffffffffffffff)); - uint64_t x74 = (0x0 + x58); + uint64_t x64 = (x63 & UINT64_C(0xffffffffffffffff)); + uint64_t x65 = (x62 & UINT64_C(0xffffffffffffffff)); + uint64_t x66 = (x61 & UINT64_C(0xffffffffffffffff)); + uint64_t x67 = (x60 & UINT64_C(0xffffffffffffffff)); + uint64_t x68 = (x59 & UINT64_C(0xffffffffffffffff)); out1[0] = x57; - out1[1] = x65; - out1[2] = x67; - out1[3] = x69; - out1[4] = x71; - out1[5] = x73; - out1[6] = x74; + out1[1] = x64; + out1[2] = x65; + out1[3] = x66; + out1[4] = x67; + out1[5] = x68; + out1[6] = x58; } diff --git a/p521_32.c b/p521_32.c index b044dc804c..7d929b5846 100644 --- a/p521_32.c +++ b/p521_32.c @@ -1201,100 +1201,98 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint32_t arg1[17]) { uint8_t x131 = (uint8_t)(x129 >> 8); uint8_t x132 = (uint8_t)(x129 & UINT8_C(0xff)); uint8_t x133 = (uint8_t)(x131 & UINT8_C(0xff)); - uint32_t x134 = (0x0 + x48); - uint32_t x135 = (x134 >> 8); - uint8_t x136 = (uint8_t)(x134 & UINT8_C(0xff)); - uint32_t x137 = (x135 >> 8); - uint8_t x138 = (uint8_t)(x135 & UINT8_C(0xff)); - uint8_t x139 = (uint8_t)(x137 >> 8); - uint8_t x140 = (uint8_t)(x137 & UINT8_C(0xff)); - uint64_t x141 = (x139 + x78); - uint32_t x142 = (uint32_t)(x141 >> 8); - uint8_t x143 = (uint8_t)(x141 & UINT8_C(0xff)); - uint32_t x144 = (x142 >> 8); - uint8_t x145 = (uint8_t)(x142 & UINT8_C(0xff)); - uint32_t x146 = (x144 >> 8); - uint8_t x147 = (uint8_t)(x144 & UINT8_C(0xff)); - uint8_t x148 = (uint8_t)(x146 >> 8); - uint8_t x149 = (uint8_t)(x146 & UINT8_C(0xff)); - uint64_t x150 = (x148 + x77); - uint32_t x151 = (uint32_t)(x150 >> 8); - uint8_t x152 = (uint8_t)(x150 & UINT8_C(0xff)); - uint32_t x153 = (x151 >> 8); - uint8_t x154 = (uint8_t)(x151 & UINT8_C(0xff)); - uint32_t x155 = (x153 >> 8); - uint8_t x156 = (uint8_t)(x153 & UINT8_C(0xff)); - uint8_t x157 = (uint8_t)(x155 >> 8); - uint8_t x158 = (uint8_t)(x155 & UINT8_C(0xff)); - uint64_t x159 = (x157 + x76); - uint32_t x160 = (uint32_t)(x159 >> 8); - uint8_t x161 = (uint8_t)(x159 & UINT8_C(0xff)); - uint32_t x162 = (x160 >> 8); - uint8_t x163 = (uint8_t)(x160 & UINT8_C(0xff)); - uint32_t x164 = (x162 >> 8); - uint8_t x165 = (uint8_t)(x162 & UINT8_C(0xff)); - uint8_t x166 = (uint8_t)(x164 >> 8); - uint8_t x167 = (uint8_t)(x164 & UINT8_C(0xff)); - uint64_t x168 = (x166 + x75); - uint32_t x169 = (uint32_t)(x168 >> 8); - uint8_t x170 = (uint8_t)(x168 & UINT8_C(0xff)); - uint32_t x171 = (x169 >> 8); - uint8_t x172 = (uint8_t)(x169 & UINT8_C(0xff)); - uint32_t x173 = (x171 >> 8); - uint8_t x174 = (uint8_t)(x171 & UINT8_C(0xff)); - uint8_t x175 = (uint8_t)(x173 >> 8); - uint8_t x176 = (uint8_t)(x173 & UINT8_C(0xff)); - uint32_t x177 = (x175 + x74); - uint32_t x178 = (x177 >> 8); - uint8_t x179 = (uint8_t)(x177 & UINT8_C(0xff)); - uint32_t x180 = (x178 >> 8); - uint8_t x181 = (uint8_t)(x178 & UINT8_C(0xff)); - uint8_t x182 = (uint8_t)(x180 >> 8); - uint8_t x183 = (uint8_t)(x180 & UINT8_C(0xff)); - uint8_t x184 = (uint8_t)(x182 & UINT8_C(0xff)); - uint32_t x185 = (0x0 + x60); - uint32_t x186 = (x185 >> 8); - uint8_t x187 = (uint8_t)(x185 & UINT8_C(0xff)); - uint32_t x188 = (x186 >> 8); + uint32_t x134 = (x48 >> 8); + uint8_t x135 = (uint8_t)(x48 & UINT8_C(0xff)); + uint32_t x136 = (x134 >> 8); + uint8_t x137 = (uint8_t)(x134 & UINT8_C(0xff)); + uint8_t x138 = (uint8_t)(x136 >> 8); + uint8_t x139 = (uint8_t)(x136 & UINT8_C(0xff)); + uint64_t x140 = (x138 + x78); + uint32_t x141 = (uint32_t)(x140 >> 8); + uint8_t x142 = (uint8_t)(x140 & UINT8_C(0xff)); + uint32_t x143 = (x141 >> 8); + uint8_t x144 = (uint8_t)(x141 & UINT8_C(0xff)); + uint32_t x145 = (x143 >> 8); + uint8_t x146 = (uint8_t)(x143 & UINT8_C(0xff)); + uint8_t x147 = (uint8_t)(x145 >> 8); + uint8_t x148 = (uint8_t)(x145 & UINT8_C(0xff)); + uint64_t x149 = (x147 + x77); + uint32_t x150 = (uint32_t)(x149 >> 8); + uint8_t x151 = (uint8_t)(x149 & UINT8_C(0xff)); + uint32_t x152 = (x150 >> 8); + uint8_t x153 = (uint8_t)(x150 & UINT8_C(0xff)); + uint32_t x154 = (x152 >> 8); + uint8_t x155 = (uint8_t)(x152 & UINT8_C(0xff)); + uint8_t x156 = (uint8_t)(x154 >> 8); + uint8_t x157 = (uint8_t)(x154 & UINT8_C(0xff)); + uint64_t x158 = (x156 + x76); + uint32_t x159 = (uint32_t)(x158 >> 8); + uint8_t x160 = (uint8_t)(x158 & UINT8_C(0xff)); + uint32_t x161 = (x159 >> 8); + uint8_t x162 = (uint8_t)(x159 & UINT8_C(0xff)); + uint32_t x163 = (x161 >> 8); + uint8_t x164 = (uint8_t)(x161 & UINT8_C(0xff)); + uint8_t x165 = (uint8_t)(x163 >> 8); + uint8_t x166 = (uint8_t)(x163 & UINT8_C(0xff)); + uint64_t x167 = (x165 + x75); + uint32_t x168 = (uint32_t)(x167 >> 8); + uint8_t x169 = (uint8_t)(x167 & UINT8_C(0xff)); + uint32_t x170 = (x168 >> 8); + uint8_t x171 = (uint8_t)(x168 & UINT8_C(0xff)); + uint32_t x172 = (x170 >> 8); + uint8_t x173 = (uint8_t)(x170 & UINT8_C(0xff)); + uint8_t x174 = (uint8_t)(x172 >> 8); + uint8_t x175 = (uint8_t)(x172 & UINT8_C(0xff)); + uint32_t x176 = (x174 + x74); + uint32_t x177 = (x176 >> 8); + uint8_t x178 = (uint8_t)(x176 & UINT8_C(0xff)); + uint32_t x179 = (x177 >> 8); + uint8_t x180 = (uint8_t)(x177 & UINT8_C(0xff)); + uint8_t x181 = (uint8_t)(x179 >> 8); + uint8_t x182 = (uint8_t)(x179 & UINT8_C(0xff)); + uint8_t x183 = (uint8_t)(x181 & UINT8_C(0xff)); + uint32_t x184 = (x60 >> 8); + uint8_t x185 = (uint8_t)(x60 & UINT8_C(0xff)); + uint32_t x186 = (x184 >> 8); + uint8_t x187 = (uint8_t)(x184 & UINT8_C(0xff)); + uint8_t x188 = (uint8_t)(x186 >> 8); uint8_t x189 = (uint8_t)(x186 & UINT8_C(0xff)); - uint8_t x190 = (uint8_t)(x188 >> 8); - uint8_t x191 = (uint8_t)(x188 & UINT8_C(0xff)); - uint64_t x192 = (x190 + x73); - uint32_t x193 = (uint32_t)(x192 >> 8); - uint8_t x194 = (uint8_t)(x192 & UINT8_C(0xff)); + uint64_t x190 = (x188 + x73); + uint32_t x191 = (uint32_t)(x190 >> 8); + uint8_t x192 = (uint8_t)(x190 & UINT8_C(0xff)); + uint32_t x193 = (x191 >> 8); + uint8_t x194 = (uint8_t)(x191 & UINT8_C(0xff)); uint32_t x195 = (x193 >> 8); uint8_t x196 = (uint8_t)(x193 & UINT8_C(0xff)); - uint32_t x197 = (x195 >> 8); + uint8_t x197 = (uint8_t)(x195 >> 8); uint8_t x198 = (uint8_t)(x195 & UINT8_C(0xff)); - uint8_t x199 = (uint8_t)(x197 >> 8); - uint8_t x200 = (uint8_t)(x197 & UINT8_C(0xff)); - uint64_t x201 = (x199 + x72); - uint32_t x202 = (uint32_t)(x201 >> 8); - uint8_t x203 = (uint8_t)(x201 & UINT8_C(0xff)); + uint64_t x199 = (x197 + x72); + uint32_t x200 = (uint32_t)(x199 >> 8); + uint8_t x201 = (uint8_t)(x199 & UINT8_C(0xff)); + uint32_t x202 = (x200 >> 8); + uint8_t x203 = (uint8_t)(x200 & UINT8_C(0xff)); uint32_t x204 = (x202 >> 8); uint8_t x205 = (uint8_t)(x202 & UINT8_C(0xff)); - uint32_t x206 = (x204 >> 8); + uint8_t x206 = (uint8_t)(x204 >> 8); uint8_t x207 = (uint8_t)(x204 & UINT8_C(0xff)); - uint8_t x208 = (uint8_t)(x206 >> 8); - uint8_t x209 = (uint8_t)(x206 & UINT8_C(0xff)); - uint64_t x210 = (x208 + x71); - uint32_t x211 = (uint32_t)(x210 >> 8); - uint8_t x212 = (uint8_t)(x210 & UINT8_C(0xff)); + uint64_t x208 = (x206 + x71); + uint32_t x209 = (uint32_t)(x208 >> 8); + uint8_t x210 = (uint8_t)(x208 & UINT8_C(0xff)); + uint32_t x211 = (x209 >> 8); + uint8_t x212 = (uint8_t)(x209 & UINT8_C(0xff)); uint32_t x213 = (x211 >> 8); uint8_t x214 = (uint8_t)(x211 & UINT8_C(0xff)); - uint32_t x215 = (x213 >> 8); + uint8_t x215 = (uint8_t)(x213 >> 8); uint8_t x216 = (uint8_t)(x213 & UINT8_C(0xff)); - uint8_t x217 = (uint8_t)(x215 >> 8); - uint8_t x218 = (uint8_t)(x215 & UINT8_C(0xff)); - uint64_t x219 = (x217 + x70); - uint32_t x220 = (uint32_t)(x219 >> 8); - uint8_t x221 = (uint8_t)(x219 & UINT8_C(0xff)); + uint64_t x217 = (x215 + x70); + uint32_t x218 = (uint32_t)(x217 >> 8); + uint8_t x219 = (uint8_t)(x217 & UINT8_C(0xff)); + uint32_t x220 = (x218 >> 8); + uint8_t x221 = (uint8_t)(x218 & UINT8_C(0xff)); uint32_t x222 = (x220 >> 8); uint8_t x223 = (uint8_t)(x220 & UINT8_C(0xff)); - uint32_t x224 = (x222 >> 8); + fiat_p521_uint1 x224 = (fiat_p521_uint1)(x222 >> 8); uint8_t x225 = (uint8_t)(x222 & UINT8_C(0xff)); - fiat_p521_uint1 x226 = (fiat_p521_uint1)(x224 >> 8); - uint8_t x227 = (uint8_t)(x224 & UINT8_C(0xff)); out1[0] = x85; out1[1] = x87; out1[2] = x89; @@ -1318,49 +1316,49 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint32_t arg1[17]) { out1[20] = x130; out1[21] = x132; out1[22] = x133; - out1[23] = x136; - out1[24] = x138; - out1[25] = x140; - out1[26] = x143; - out1[27] = x145; - out1[28] = x147; - out1[29] = x149; - out1[30] = x152; - out1[31] = x154; - out1[32] = x156; - out1[33] = x158; - out1[34] = x161; - out1[35] = x163; - out1[36] = x165; - out1[37] = x167; - out1[38] = x170; - out1[39] = x172; - out1[40] = x174; - out1[41] = x176; - out1[42] = x179; - out1[43] = x181; - out1[44] = x183; - out1[45] = x184; - out1[46] = x187; - out1[47] = x189; - out1[48] = x191; - out1[49] = x194; - out1[50] = x196; - out1[51] = x198; - out1[52] = x200; - out1[53] = x203; - out1[54] = x205; - out1[55] = x207; - out1[56] = x209; - out1[57] = x212; - out1[58] = x214; - out1[59] = x216; - out1[60] = x218; - out1[61] = x221; - out1[62] = x223; - out1[63] = x225; - out1[64] = x227; - out1[65] = x226; + out1[23] = x135; + out1[24] = x137; + out1[25] = x139; + out1[26] = x142; + out1[27] = x144; + out1[28] = x146; + out1[29] = x148; + out1[30] = x151; + out1[31] = x153; + out1[32] = x155; + out1[33] = x157; + out1[34] = x160; + out1[35] = x162; + out1[36] = x164; + out1[37] = x166; + out1[38] = x169; + out1[39] = x171; + out1[40] = x173; + out1[41] = x175; + out1[42] = x178; + out1[43] = x180; + out1[44] = x182; + out1[45] = x183; + out1[46] = x185; + out1[47] = x187; + out1[48] = x189; + out1[49] = x192; + out1[50] = x194; + out1[51] = x196; + out1[52] = x198; + out1[53] = x201; + out1[54] = x203; + out1[55] = x205; + out1[56] = x207; + out1[57] = x210; + out1[58] = x212; + out1[59] = x214; + out1[60] = x216; + out1[61] = x219; + out1[62] = x221; + out1[63] = x223; + out1[64] = x225; + out1[65] = x224; } /* @@ -1469,52 +1467,50 @@ static void fiat_p521_from_bytes(uint32_t out1[17], const uint8_t arg1[66]) { uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x7fffffff)); uint32_t x98 = (x96 + x81); uint32_t x99 = (x98 & UINT32_C(0x3fffffff)); - uint32_t x100 = (0x0 + x80); - fiat_p521_uint1 x101 = (fiat_p521_uint1)(x100 >> 31); - uint32_t x102 = (x100 & UINT32_C(0x7fffffff)); - uint64_t x103 = (x101 + x79); - uint8_t x104 = (uint8_t)(x103 >> 31); - uint32_t x105 = (uint32_t)(x103 & UINT32_C(0x7fffffff)); - uint64_t x106 = (x104 + x78); - uint8_t x107 = (uint8_t)(x106 >> 30); - uint32_t x108 = (uint32_t)(x106 & UINT32_C(0x3fffffff)); - uint64_t x109 = (x107 + x77); - uint8_t x110 = (uint8_t)(x109 >> 31); - uint32_t x111 = (uint32_t)(x109 & UINT32_C(0x7fffffff)); - uint64_t x112 = (x110 + x76); - uint8_t x113 = (uint8_t)(x112 >> 31); - uint32_t x114 = (uint32_t)(x112 & UINT32_C(0x7fffffff)); - uint32_t x115 = (x113 + x75); - uint32_t x116 = (x115 & UINT32_C(0x3fffffff)); - uint32_t x117 = (0x0 + x74); - fiat_p521_uint1 x118 = (fiat_p521_uint1)(x117 >> 31); - uint32_t x119 = (x117 & UINT32_C(0x7fffffff)); - uint64_t x120 = (x118 + x73); - uint8_t x121 = (uint8_t)(x120 >> 31); - uint32_t x122 = (uint32_t)(x120 & UINT32_C(0x7fffffff)); - uint64_t x123 = (x121 + x72); - uint8_t x124 = (uint8_t)(x123 >> 30); - uint32_t x125 = (uint32_t)(x123 & UINT32_C(0x3fffffff)); - uint64_t x126 = (x124 + x71); - uint8_t x127 = (uint8_t)(x126 >> 31); - uint32_t x128 = (uint32_t)(x126 & UINT32_C(0x7fffffff)); - uint32_t x129 = (x127 + x70); + fiat_p521_uint1 x100 = (fiat_p521_uint1)(x80 >> 31); + uint32_t x101 = (x80 & UINT32_C(0x7fffffff)); + uint64_t x102 = (x100 + x79); + uint8_t x103 = (uint8_t)(x102 >> 31); + uint32_t x104 = (uint32_t)(x102 & UINT32_C(0x7fffffff)); + uint64_t x105 = (x103 + x78); + uint8_t x106 = (uint8_t)(x105 >> 30); + uint32_t x107 = (uint32_t)(x105 & UINT32_C(0x3fffffff)); + uint64_t x108 = (x106 + x77); + uint8_t x109 = (uint8_t)(x108 >> 31); + uint32_t x110 = (uint32_t)(x108 & UINT32_C(0x7fffffff)); + uint64_t x111 = (x109 + x76); + uint8_t x112 = (uint8_t)(x111 >> 31); + uint32_t x113 = (uint32_t)(x111 & UINT32_C(0x7fffffff)); + uint32_t x114 = (x112 + x75); + uint32_t x115 = (x114 & UINT32_C(0x3fffffff)); + fiat_p521_uint1 x116 = (fiat_p521_uint1)(x74 >> 31); + uint32_t x117 = (x74 & UINT32_C(0x7fffffff)); + uint64_t x118 = (x116 + x73); + uint8_t x119 = (uint8_t)(x118 >> 31); + uint32_t x120 = (uint32_t)(x118 & UINT32_C(0x7fffffff)); + uint64_t x121 = (x119 + x72); + uint8_t x122 = (uint8_t)(x121 >> 30); + uint32_t x123 = (uint32_t)(x121 & UINT32_C(0x3fffffff)); + uint64_t x124 = (x122 + x71); + uint8_t x125 = (uint8_t)(x124 >> 31); + uint32_t x126 = (uint32_t)(x124 & UINT32_C(0x7fffffff)); + uint32_t x127 = (x125 + x70); out1[0] = x69; out1[1] = x88; out1[2] = x91; out1[3] = x94; out1[4] = x97; out1[5] = x99; - out1[6] = x102; - out1[7] = x105; - out1[8] = x108; - out1[9] = x111; - out1[10] = x114; - out1[11] = x116; - out1[12] = x119; - out1[13] = x122; - out1[14] = x125; - out1[15] = x128; - out1[16] = x129; + out1[6] = x101; + out1[7] = x104; + out1[8] = x107; + out1[9] = x110; + out1[10] = x113; + out1[11] = x115; + out1[12] = x117; + out1[13] = x120; + out1[14] = x123; + out1[15] = x126; + out1[16] = x127; } diff --git a/p521_64.c b/p521_64.c index 08ba9e1b7f..503368e0d8 100644 --- a/p521_64.c +++ b/p521_64.c @@ -647,70 +647,70 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { uint8_t x101 = (uint8_t)(x99 >> 8); uint8_t x102 = (uint8_t)(x99 & UINT8_C(0xff)); uint8_t x103 = (uint8_t)(x101 & UINT8_C(0xff)); - uint64_t x104 = (0x0 + x28); - uint64_t x105 = (x104 >> 8); - uint8_t x106 = (uint8_t)(x104 & UINT8_C(0xff)); - uint64_t x107 = (x105 >> 8); - uint8_t x108 = (uint8_t)(x105 & UINT8_C(0xff)); - uint64_t x109 = (x107 >> 8); - uint8_t x110 = (uint8_t)(x107 & UINT8_C(0xff)); - uint64_t x111 = (x109 >> 8); - uint8_t x112 = (uint8_t)(x109 & UINT8_C(0xff)); - uint64_t x113 = (x111 >> 8); - uint8_t x114 = (uint8_t)(x111 & UINT8_C(0xff)); - uint64_t x115 = (x113 >> 8); - uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff)); - uint8_t x117 = (uint8_t)(x115 >> 8); - uint8_t x118 = (uint8_t)(x115 & UINT8_C(0xff)); - uint64_t x119 = (x117 + x40); - uint64_t x120 = (x119 >> 8); - uint8_t x121 = (uint8_t)(x119 & UINT8_C(0xff)); - uint64_t x122 = (x120 >> 8); - uint8_t x123 = (uint8_t)(x120 & UINT8_C(0xff)); - uint64_t x124 = (x122 >> 8); - uint8_t x125 = (uint8_t)(x122 & UINT8_C(0xff)); - uint64_t x126 = (x124 >> 8); - uint8_t x127 = (uint8_t)(x124 & UINT8_C(0xff)); - uint64_t x128 = (x126 >> 8); - uint8_t x129 = (uint8_t)(x126 & UINT8_C(0xff)); - uint64_t x130 = (x128 >> 8); - uint8_t x131 = (uint8_t)(x128 & UINT8_C(0xff)); - uint8_t x132 = (uint8_t)(x130 >> 8); - uint8_t x133 = (uint8_t)(x130 & UINT8_C(0xff)); - uint64_t x134 = (x132 + x39); - uint64_t x135 = (x134 >> 8); - uint8_t x136 = (uint8_t)(x134 & UINT8_C(0xff)); - uint64_t x137 = (x135 >> 8); - uint8_t x138 = (uint8_t)(x135 & UINT8_C(0xff)); - uint64_t x139 = (x137 >> 8); - uint8_t x140 = (uint8_t)(x137 & UINT8_C(0xff)); - uint64_t x141 = (x139 >> 8); - uint8_t x142 = (uint8_t)(x139 & UINT8_C(0xff)); - uint64_t x143 = (x141 >> 8); - uint8_t x144 = (uint8_t)(x141 & UINT8_C(0xff)); - uint64_t x145 = (x143 >> 8); - uint8_t x146 = (uint8_t)(x143 & UINT8_C(0xff)); - uint8_t x147 = (uint8_t)(x145 >> 8); - uint8_t x148 = (uint8_t)(x145 & UINT8_C(0xff)); - uint64_t x149 = (x147 + x38); - uint64_t x150 = (x149 >> 8); - uint8_t x151 = (uint8_t)(x149 & UINT8_C(0xff)); - uint64_t x152 = (x150 >> 8); - uint8_t x153 = (uint8_t)(x150 & UINT8_C(0xff)); - uint64_t x154 = (x152 >> 8); - uint8_t x155 = (uint8_t)(x152 & UINT8_C(0xff)); - uint64_t x156 = (x154 >> 8); - uint8_t x157 = (uint8_t)(x154 & UINT8_C(0xff)); - uint64_t x158 = (x156 >> 8); - uint8_t x159 = (uint8_t)(x156 & UINT8_C(0xff)); - uint64_t x160 = (x158 >> 8); - uint8_t x161 = (uint8_t)(x158 & UINT8_C(0xff)); - uint8_t x162 = (uint8_t)(x160 >> 8); - uint8_t x163 = (uint8_t)(x160 & UINT8_C(0xff)); - uint8_t x164 = (uint8_t)(x162 & UINT8_C(0xff)); - uint64_t x165 = (0x0 + x36); - uint64_t x166 = (x165 >> 8); - uint8_t x167 = (uint8_t)(x165 & UINT8_C(0xff)); + uint64_t x104 = (x28 >> 8); + uint8_t x105 = (uint8_t)(x28 & UINT8_C(0xff)); + uint64_t x106 = (x104 >> 8); + uint8_t x107 = (uint8_t)(x104 & UINT8_C(0xff)); + uint64_t x108 = (x106 >> 8); + uint8_t x109 = (uint8_t)(x106 & UINT8_C(0xff)); + uint64_t x110 = (x108 >> 8); + uint8_t x111 = (uint8_t)(x108 & UINT8_C(0xff)); + uint64_t x112 = (x110 >> 8); + uint8_t x113 = (uint8_t)(x110 & UINT8_C(0xff)); + uint64_t x114 = (x112 >> 8); + uint8_t x115 = (uint8_t)(x112 & UINT8_C(0xff)); + uint8_t x116 = (uint8_t)(x114 >> 8); + uint8_t x117 = (uint8_t)(x114 & UINT8_C(0xff)); + uint64_t x118 = (x116 + x40); + uint64_t x119 = (x118 >> 8); + uint8_t x120 = (uint8_t)(x118 & UINT8_C(0xff)); + uint64_t x121 = (x119 >> 8); + uint8_t x122 = (uint8_t)(x119 & UINT8_C(0xff)); + uint64_t x123 = (x121 >> 8); + uint8_t x124 = (uint8_t)(x121 & UINT8_C(0xff)); + uint64_t x125 = (x123 >> 8); + uint8_t x126 = (uint8_t)(x123 & UINT8_C(0xff)); + uint64_t x127 = (x125 >> 8); + uint8_t x128 = (uint8_t)(x125 & UINT8_C(0xff)); + uint64_t x129 = (x127 >> 8); + uint8_t x130 = (uint8_t)(x127 & UINT8_C(0xff)); + uint8_t x131 = (uint8_t)(x129 >> 8); + uint8_t x132 = (uint8_t)(x129 & UINT8_C(0xff)); + uint64_t x133 = (x131 + x39); + uint64_t x134 = (x133 >> 8); + uint8_t x135 = (uint8_t)(x133 & UINT8_C(0xff)); + uint64_t x136 = (x134 >> 8); + uint8_t x137 = (uint8_t)(x134 & UINT8_C(0xff)); + uint64_t x138 = (x136 >> 8); + uint8_t x139 = (uint8_t)(x136 & UINT8_C(0xff)); + uint64_t x140 = (x138 >> 8); + uint8_t x141 = (uint8_t)(x138 & UINT8_C(0xff)); + uint64_t x142 = (x140 >> 8); + uint8_t x143 = (uint8_t)(x140 & UINT8_C(0xff)); + uint64_t x144 = (x142 >> 8); + uint8_t x145 = (uint8_t)(x142 & UINT8_C(0xff)); + uint8_t x146 = (uint8_t)(x144 >> 8); + uint8_t x147 = (uint8_t)(x144 & UINT8_C(0xff)); + uint64_t x148 = (x146 + x38); + uint64_t x149 = (x148 >> 8); + uint8_t x150 = (uint8_t)(x148 & UINT8_C(0xff)); + uint64_t x151 = (x149 >> 8); + uint8_t x152 = (uint8_t)(x149 & UINT8_C(0xff)); + uint64_t x153 = (x151 >> 8); + uint8_t x154 = (uint8_t)(x151 & UINT8_C(0xff)); + uint64_t x155 = (x153 >> 8); + uint8_t x156 = (uint8_t)(x153 & UINT8_C(0xff)); + uint64_t x157 = (x155 >> 8); + uint8_t x158 = (uint8_t)(x155 & UINT8_C(0xff)); + uint64_t x159 = (x157 >> 8); + uint8_t x160 = (uint8_t)(x157 & UINT8_C(0xff)); + uint8_t x161 = (uint8_t)(x159 >> 8); + uint8_t x162 = (uint8_t)(x159 & UINT8_C(0xff)); + uint8_t x163 = (uint8_t)(x161 & UINT8_C(0xff)); + uint64_t x164 = (x36 >> 8); + uint8_t x165 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x166 = (x164 >> 8); + uint8_t x167 = (uint8_t)(x164 & UINT8_C(0xff)); uint64_t x168 = (x166 >> 8); uint8_t x169 = (uint8_t)(x166 & UINT8_C(0xff)); uint64_t x170 = (x168 >> 8); @@ -719,10 +719,8 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { uint8_t x173 = (uint8_t)(x170 & UINT8_C(0xff)); uint64_t x174 = (x172 >> 8); uint8_t x175 = (uint8_t)(x172 & UINT8_C(0xff)); - uint64_t x176 = (x174 >> 8); + fiat_p521_uint1 x176 = (fiat_p521_uint1)(x174 >> 8); uint8_t x177 = (uint8_t)(x174 & UINT8_C(0xff)); - fiat_p521_uint1 x178 = (fiat_p521_uint1)(x176 >> 8); - uint8_t x179 = (uint8_t)(x176 & UINT8_C(0xff)); out1[0] = x45; out1[1] = x47; out1[2] = x49; @@ -752,43 +750,43 @@ static void fiat_p521_to_bytes(uint8_t out1[66], const uint64_t arg1[9]) { out1[26] = x100; out1[27] = x102; out1[28] = x103; - out1[29] = x106; - out1[30] = x108; - out1[31] = x110; - out1[32] = x112; - out1[33] = x114; - out1[34] = x116; - out1[35] = x118; - out1[36] = x121; - out1[37] = x123; - out1[38] = x125; - out1[39] = x127; - out1[40] = x129; - out1[41] = x131; - out1[42] = x133; - out1[43] = x136; - out1[44] = x138; - out1[45] = x140; - out1[46] = x142; - out1[47] = x144; - out1[48] = x146; - out1[49] = x148; - out1[50] = x151; - out1[51] = x153; - out1[52] = x155; - out1[53] = x157; - out1[54] = x159; - out1[55] = x161; - out1[56] = x163; - out1[57] = x164; - out1[58] = x167; - out1[59] = x169; - out1[60] = x171; - out1[61] = x173; - out1[62] = x175; - out1[63] = x177; - out1[64] = x179; - out1[65] = x178; + out1[29] = x105; + out1[30] = x107; + out1[31] = x109; + out1[32] = x111; + out1[33] = x113; + out1[34] = x115; + out1[35] = x117; + out1[36] = x120; + out1[37] = x122; + out1[38] = x124; + out1[39] = x126; + out1[40] = x128; + out1[41] = x130; + out1[42] = x132; + out1[43] = x135; + out1[44] = x137; + out1[45] = x139; + out1[46] = x141; + out1[47] = x143; + out1[48] = x145; + out1[49] = x147; + out1[50] = x150; + out1[51] = x152; + out1[52] = x154; + out1[53] = x156; + out1[54] = x158; + out1[55] = x160; + out1[56] = x162; + out1[57] = x163; + out1[58] = x165; + out1[59] = x167; + out1[60] = x169; + out1[61] = x171; + out1[62] = x173; + out1[63] = x175; + out1[64] = x177; + out1[65] = x176; } /* @@ -883,26 +881,24 @@ static void fiat_p521_from_bytes(uint64_t out1[9], const uint8_t arg1[66]) { uint64_t x83 = (x81 & UINT64_C(0x3ffffffffffffff)); uint64_t x84 = (x82 + x75); uint64_t x85 = (x84 & UINT64_C(0x3ffffffffffffff)); - uint64_t x86 = (0x0 + x74); - uint8_t x87 = (uint8_t)(x86 >> 58); - uint64_t x88 = (x86 & UINT64_C(0x3ffffffffffffff)); - uint64_t x89 = (x87 + x73); - uint8_t x90 = (uint8_t)(x89 >> 58); - uint64_t x91 = (x89 & UINT64_C(0x3ffffffffffffff)); - uint64_t x92 = (x90 + x72); - uint8_t x93 = (uint8_t)(x92 >> 58); - uint64_t x94 = (x92 & UINT64_C(0x3ffffffffffffff)); - uint64_t x95 = (x93 + x71); - uint64_t x96 = (x95 & UINT64_C(0x3ffffffffffffff)); - uint64_t x97 = (0x0 + x70); + uint8_t x86 = (uint8_t)(x74 >> 58); + uint64_t x87 = (x74 & UINT64_C(0x3ffffffffffffff)); + uint64_t x88 = (x86 + x73); + uint8_t x89 = (uint8_t)(x88 >> 58); + uint64_t x90 = (x88 & UINT64_C(0x3ffffffffffffff)); + uint64_t x91 = (x89 + x72); + uint8_t x92 = (uint8_t)(x91 >> 58); + uint64_t x93 = (x91 & UINT64_C(0x3ffffffffffffff)); + uint64_t x94 = (x92 + x71); + uint64_t x95 = (x94 & UINT64_C(0x3ffffffffffffff)); out1[0] = x69; out1[1] = x80; out1[2] = x83; out1[3] = x85; - out1[4] = x88; - out1[5] = x91; - out1[6] = x94; - out1[7] = x96; - out1[8] = x97; + out1[4] = x87; + out1[5] = x90; + out1[6] = x93; + out1[7] = x95; + out1[8] = x70; } diff --git a/secp256k1_32.c b/secp256k1_32.c index a4015f1341..ec19bd1a94 100644 --- a/secp256k1_32.c +++ b/secp256k1_32.c @@ -3846,93 +3846,86 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint32_t arg1[8]) { uint8_t x13 = (uint8_t)(x11 >> 8); uint8_t x14 = (uint8_t)(x11 & UINT8_C(0xff)); uint8_t x15 = (uint8_t)(x13 & UINT8_C(0xff)); - uint32_t x16 = (0x0 + x7); - uint32_t x17 = (x16 >> 8); - uint8_t x18 = (uint8_t)(x16 & UINT8_C(0xff)); - uint32_t x19 = (x17 >> 8); - uint8_t x20 = (uint8_t)(x17 & UINT8_C(0xff)); - uint8_t x21 = (uint8_t)(x19 >> 8); - uint8_t x22 = (uint8_t)(x19 & UINT8_C(0xff)); - uint8_t x23 = (uint8_t)(x21 & UINT8_C(0xff)); - uint32_t x24 = (0x0 + x6); - uint32_t x25 = (x24 >> 8); - uint8_t x26 = (uint8_t)(x24 & UINT8_C(0xff)); - uint32_t x27 = (x25 >> 8); + uint32_t x16 = (x7 >> 8); + uint8_t x17 = (uint8_t)(x7 & UINT8_C(0xff)); + uint32_t x18 = (x16 >> 8); + uint8_t x19 = (uint8_t)(x16 & UINT8_C(0xff)); + uint8_t x20 = (uint8_t)(x18 >> 8); + uint8_t x21 = (uint8_t)(x18 & UINT8_C(0xff)); + uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); + uint32_t x23 = (x6 >> 8); + uint8_t x24 = (uint8_t)(x6 & UINT8_C(0xff)); + uint32_t x25 = (x23 >> 8); + uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); + uint8_t x27 = (uint8_t)(x25 >> 8); uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint8_t x29 = (uint8_t)(x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint8_t x31 = (uint8_t)(x29 & UINT8_C(0xff)); - uint32_t x32 = (0x0 + x5); - uint32_t x33 = (x32 >> 8); - uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); - uint32_t x35 = (x33 >> 8); - uint8_t x36 = (uint8_t)(x33 & UINT8_C(0xff)); - uint8_t x37 = (uint8_t)(x35 >> 8); - uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); - uint8_t x39 = (uint8_t)(x37 & UINT8_C(0xff)); - uint32_t x40 = (0x0 + x4); - uint32_t x41 = (x40 >> 8); - uint8_t x42 = (uint8_t)(x40 & UINT8_C(0xff)); - uint32_t x43 = (x41 >> 8); - uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); - uint8_t x45 = (uint8_t)(x43 >> 8); - uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); - uint8_t x47 = (uint8_t)(x45 & UINT8_C(0xff)); - uint32_t x48 = (0x0 + x3); - uint32_t x49 = (x48 >> 8); + uint8_t x29 = (uint8_t)(x27 & UINT8_C(0xff)); + uint32_t x30 = (x5 >> 8); + uint8_t x31 = (uint8_t)(x5 & UINT8_C(0xff)); + uint32_t x32 = (x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 >> 8); + uint8_t x35 = (uint8_t)(x32 & UINT8_C(0xff)); + uint8_t x36 = (uint8_t)(x34 & UINT8_C(0xff)); + uint32_t x37 = (x4 >> 8); + uint8_t x38 = (uint8_t)(x4 & UINT8_C(0xff)); + uint32_t x39 = (x37 >> 8); + uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); + uint8_t x41 = (uint8_t)(x39 >> 8); + uint8_t x42 = (uint8_t)(x39 & UINT8_C(0xff)); + uint8_t x43 = (uint8_t)(x41 & UINT8_C(0xff)); + uint32_t x44 = (x3 >> 8); + uint8_t x45 = (uint8_t)(x3 & UINT8_C(0xff)); + uint32_t x46 = (x44 >> 8); + uint8_t x47 = (uint8_t)(x44 & UINT8_C(0xff)); + uint8_t x48 = (uint8_t)(x46 >> 8); + uint8_t x49 = (uint8_t)(x46 & UINT8_C(0xff)); uint8_t x50 = (uint8_t)(x48 & UINT8_C(0xff)); - uint32_t x51 = (x49 >> 8); - uint8_t x52 = (uint8_t)(x49 & UINT8_C(0xff)); - uint8_t x53 = (uint8_t)(x51 >> 8); + uint32_t x51 = (x2 >> 8); + uint8_t x52 = (uint8_t)(x2 & UINT8_C(0xff)); + uint32_t x53 = (x51 >> 8); uint8_t x54 = (uint8_t)(x51 & UINT8_C(0xff)); - uint8_t x55 = (uint8_t)(x53 & UINT8_C(0xff)); - uint32_t x56 = (0x0 + x2); - uint32_t x57 = (x56 >> 8); - uint8_t x58 = (uint8_t)(x56 & UINT8_C(0xff)); - uint32_t x59 = (x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint8_t x61 = (uint8_t)(x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint8_t x63 = (uint8_t)(x61 & UINT8_C(0xff)); - uint32_t x64 = (0x0 + x1); - uint32_t x65 = (x64 >> 8); - uint8_t x66 = (uint8_t)(x64 & UINT8_C(0xff)); - uint32_t x67 = (x65 >> 8); - uint8_t x68 = (uint8_t)(x65 & UINT8_C(0xff)); - uint8_t x69 = (uint8_t)(x67 >> 8); - uint8_t x70 = (uint8_t)(x67 & UINT8_C(0xff)); + uint8_t x55 = (uint8_t)(x53 >> 8); + uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); + uint8_t x57 = (uint8_t)(x55 & UINT8_C(0xff)); + uint32_t x58 = (x1 >> 8); + uint8_t x59 = (uint8_t)(x1 & UINT8_C(0xff)); + uint32_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); out1[0] = x10; out1[1] = x12; out1[2] = x14; out1[3] = x15; - out1[4] = x18; - out1[5] = x20; - out1[6] = x22; - out1[7] = x23; - out1[8] = x26; - out1[9] = x28; - out1[10] = x30; - out1[11] = x31; - out1[12] = x34; - out1[13] = x36; - out1[14] = x38; - out1[15] = x39; - out1[16] = x42; - out1[17] = x44; - out1[18] = x46; - out1[19] = x47; - out1[20] = x50; - out1[21] = x52; - out1[22] = x54; - out1[23] = x55; - out1[24] = x58; - out1[25] = x60; - out1[26] = x62; - out1[27] = x63; - out1[28] = x66; - out1[29] = x68; - out1[30] = x70; - out1[31] = x69; + out1[4] = x17; + out1[5] = x19; + out1[6] = x21; + out1[7] = x22; + out1[8] = x24; + out1[9] = x26; + out1[10] = x28; + out1[11] = x29; + out1[12] = x31; + out1[13] = x33; + out1[14] = x35; + out1[15] = x36; + out1[16] = x38; + out1[17] = x40; + out1[18] = x42; + out1[19] = x43; + out1[20] = x45; + out1[21] = x47; + out1[22] = x49; + out1[23] = x50; + out1[24] = x52; + out1[25] = x54; + out1[26] = x56; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; } /* @@ -3983,26 +3976,19 @@ static void fiat_secp256k1_from_bytes(uint32_t out1[8], const uint8_t arg1[32]) uint32_t x39 = (x20 + (x19 + (x18 + x17))); uint32_t x40 = (x24 + (x23 + (x22 + x21))); uint32_t x41 = (x28 + (x27 + (x26 + x25))); - uint32_t x42 = (0x0 + x41); - uint32_t x43 = (x42 & UINT32_C(0xffffffff)); - uint32_t x44 = (0x0 + x40); - uint32_t x45 = (x44 & UINT32_C(0xffffffff)); - uint32_t x46 = (0x0 + x39); - uint32_t x47 = (x46 & UINT32_C(0xffffffff)); - uint32_t x48 = (0x0 + x38); - uint32_t x49 = (x48 & UINT32_C(0xffffffff)); - uint32_t x50 = (0x0 + x37); - uint32_t x51 = (x50 & UINT32_C(0xffffffff)); - uint32_t x52 = (0x0 + x36); - uint32_t x53 = (x52 & UINT32_C(0xffffffff)); - uint32_t x54 = (0x0 + x35); + uint32_t x42 = (x41 & UINT32_C(0xffffffff)); + uint32_t x43 = (x40 & UINT32_C(0xffffffff)); + uint32_t x44 = (x39 & UINT32_C(0xffffffff)); + uint32_t x45 = (x38 & UINT32_C(0xffffffff)); + uint32_t x46 = (x37 & UINT32_C(0xffffffff)); + uint32_t x47 = (x36 & UINT32_C(0xffffffff)); out1[0] = x34; - out1[1] = x43; - out1[2] = x45; - out1[3] = x47; - out1[4] = x49; - out1[5] = x51; - out1[6] = x53; - out1[7] = x54; + out1[1] = x42; + out1[2] = x43; + out1[3] = x44; + out1[4] = x45; + out1[5] = x46; + out1[6] = x47; + out1[7] = x35; } diff --git a/secp256k1_64.c b/secp256k1_64.c index a80485a4fd..0481fab650 100644 --- a/secp256k1_64.c +++ b/secp256k1_64.c @@ -1256,25 +1256,25 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x17 = (uint8_t)(x15 >> 8); uint8_t x18 = (uint8_t)(x15 & UINT8_C(0xff)); uint8_t x19 = (uint8_t)(x17 & UINT8_C(0xff)); - uint64_t x20 = (0x0 + x3); - uint64_t x21 = (x20 >> 8); - uint8_t x22 = (uint8_t)(x20 & UINT8_C(0xff)); - uint64_t x23 = (x21 >> 8); - uint8_t x24 = (uint8_t)(x21 & UINT8_C(0xff)); - uint64_t x25 = (x23 >> 8); - uint8_t x26 = (uint8_t)(x23 & UINT8_C(0xff)); - uint64_t x27 = (x25 >> 8); - uint8_t x28 = (uint8_t)(x25 & UINT8_C(0xff)); - uint64_t x29 = (x27 >> 8); - uint8_t x30 = (uint8_t)(x27 & UINT8_C(0xff)); - uint64_t x31 = (x29 >> 8); - uint8_t x32 = (uint8_t)(x29 & UINT8_C(0xff)); - uint8_t x33 = (uint8_t)(x31 >> 8); - uint8_t x34 = (uint8_t)(x31 & UINT8_C(0xff)); - uint8_t x35 = (uint8_t)(x33 & UINT8_C(0xff)); - uint64_t x36 = (0x0 + x2); - uint64_t x37 = (x36 >> 8); - uint8_t x38 = (uint8_t)(x36 & UINT8_C(0xff)); + uint64_t x20 = (x3 >> 8); + uint8_t x21 = (uint8_t)(x3 & UINT8_C(0xff)); + uint64_t x22 = (x20 >> 8); + uint8_t x23 = (uint8_t)(x20 & UINT8_C(0xff)); + uint64_t x24 = (x22 >> 8); + uint8_t x25 = (uint8_t)(x22 & UINT8_C(0xff)); + uint64_t x26 = (x24 >> 8); + uint8_t x27 = (uint8_t)(x24 & UINT8_C(0xff)); + uint64_t x28 = (x26 >> 8); + uint8_t x29 = (uint8_t)(x26 & UINT8_C(0xff)); + uint64_t x30 = (x28 >> 8); + uint8_t x31 = (uint8_t)(x28 & UINT8_C(0xff)); + uint8_t x32 = (uint8_t)(x30 >> 8); + uint8_t x33 = (uint8_t)(x30 & UINT8_C(0xff)); + uint8_t x34 = (uint8_t)(x32 & UINT8_C(0xff)); + uint64_t x35 = (x2 >> 8); + uint8_t x36 = (uint8_t)(x2 & UINT8_C(0xff)); + uint64_t x37 = (x35 >> 8); + uint8_t x38 = (uint8_t)(x35 & UINT8_C(0xff)); uint64_t x39 = (x37 >> 8); uint8_t x40 = (uint8_t)(x37 & UINT8_C(0xff)); uint64_t x41 = (x39 >> 8); @@ -1283,26 +1283,23 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { uint8_t x44 = (uint8_t)(x41 & UINT8_C(0xff)); uint64_t x45 = (x43 >> 8); uint8_t x46 = (uint8_t)(x43 & UINT8_C(0xff)); - uint64_t x47 = (x45 >> 8); + uint8_t x47 = (uint8_t)(x45 >> 8); uint8_t x48 = (uint8_t)(x45 & UINT8_C(0xff)); - uint8_t x49 = (uint8_t)(x47 >> 8); - uint8_t x50 = (uint8_t)(x47 & UINT8_C(0xff)); - uint8_t x51 = (uint8_t)(x49 & UINT8_C(0xff)); - uint64_t x52 = (0x0 + x1); - uint64_t x53 = (x52 >> 8); - uint8_t x54 = (uint8_t)(x52 & UINT8_C(0xff)); - uint64_t x55 = (x53 >> 8); - uint8_t x56 = (uint8_t)(x53 & UINT8_C(0xff)); - uint64_t x57 = (x55 >> 8); - uint8_t x58 = (uint8_t)(x55 & UINT8_C(0xff)); - uint64_t x59 = (x57 >> 8); - uint8_t x60 = (uint8_t)(x57 & UINT8_C(0xff)); - uint64_t x61 = (x59 >> 8); - uint8_t x62 = (uint8_t)(x59 & UINT8_C(0xff)); - uint64_t x63 = (x61 >> 8); - uint8_t x64 = (uint8_t)(x61 & UINT8_C(0xff)); - uint8_t x65 = (uint8_t)(x63 >> 8); - uint8_t x66 = (uint8_t)(x63 & UINT8_C(0xff)); + uint8_t x49 = (uint8_t)(x47 & UINT8_C(0xff)); + uint64_t x50 = (x1 >> 8); + uint8_t x51 = (uint8_t)(x1 & UINT8_C(0xff)); + uint64_t x52 = (x50 >> 8); + uint8_t x53 = (uint8_t)(x50 & UINT8_C(0xff)); + uint64_t x54 = (x52 >> 8); + uint8_t x55 = (uint8_t)(x52 & UINT8_C(0xff)); + uint64_t x56 = (x54 >> 8); + uint8_t x57 = (uint8_t)(x54 & UINT8_C(0xff)); + uint64_t x58 = (x56 >> 8); + uint8_t x59 = (uint8_t)(x56 & UINT8_C(0xff)); + uint64_t x60 = (x58 >> 8); + uint8_t x61 = (uint8_t)(x58 & UINT8_C(0xff)); + uint8_t x62 = (uint8_t)(x60 >> 8); + uint8_t x63 = (uint8_t)(x60 & UINT8_C(0xff)); out1[0] = x6; out1[1] = x8; out1[2] = x10; @@ -1311,30 +1308,30 @@ static void fiat_secp256k1_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) { out1[5] = x16; out1[6] = x18; out1[7] = x19; - out1[8] = x22; - out1[9] = x24; - out1[10] = x26; - out1[11] = x28; - out1[12] = x30; - out1[13] = x32; - out1[14] = x34; - out1[15] = x35; - out1[16] = x38; - out1[17] = x40; - out1[18] = x42; - out1[19] = x44; - out1[20] = x46; - out1[21] = x48; - out1[22] = x50; - out1[23] = x51; - out1[24] = x54; - out1[25] = x56; - out1[26] = x58; - out1[27] = x60; - out1[28] = x62; - out1[29] = x64; - out1[30] = x66; - out1[31] = x65; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x27; + out1[12] = x29; + out1[13] = x31; + out1[14] = x33; + out1[15] = x34; + out1[16] = x36; + out1[17] = x38; + out1[18] = x40; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x51; + out1[25] = x53; + out1[26] = x55; + out1[27] = x57; + out1[28] = x59; + out1[29] = x61; + out1[30] = x63; + out1[31] = x62; } /* @@ -1381,14 +1378,11 @@ static void fiat_secp256k1_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) uint64_t x35 = (x8 + (x7 + (x6 + (x5 + (x4 + (x3 + (x2 + x1))))))); uint64_t x36 = (x16 + (x15 + (x14 + (x13 + (x12 + (x11 + (x10 + x9))))))); uint64_t x37 = (x24 + (x23 + (x22 + (x21 + (x20 + (x19 + (x18 + x17))))))); - uint64_t x38 = (0x0 + x37); - uint64_t x39 = (x38 & UINT64_C(0xffffffffffffffff)); - uint64_t x40 = (0x0 + x36); - uint64_t x41 = (x40 & UINT64_C(0xffffffffffffffff)); - uint64_t x42 = (0x0 + x35); + uint64_t x38 = (x37 & UINT64_C(0xffffffffffffffff)); + uint64_t x39 = (x36 & UINT64_C(0xffffffffffffffff)); out1[0] = x34; - out1[1] = x39; - out1[2] = x41; - out1[3] = x42; + out1[1] = x38; + out1[2] = x39; + out1[3] = x35; } diff --git a/src/Rewriter.v b/src/Rewriter.v index 8bbf131732..fb14b31f09 100644 --- a/src/Rewriter.v +++ b/src/Rewriter.v @@ -1792,6 +1792,13 @@ Module Compilers. ; make_rewriteo (??') (fun r v => ##(lower r) when lower r =? upper r) + ; make_rewriteo + (#?ℤ +' ??') + (fun rp z rv v => cst rv v when (z =? 0) && (ZRange.normalize rv <=? ZRange.normalize rp)%zrange) + ; make_rewriteo + (??' +' #?ℤ ) + (fun rp rv v z => cst rv v when (z =? 0) && (ZRange.normalize rv <=? ZRange.normalize rp)%zrange) + ; make_rewriteo (#?ℤ - (-'??')) (fun z rnv rv v => cst rv v when (z =? 0) && (ZRange.normalize rv <=? -ZRange.normalize rnv)%zrange) diff --git a/src/arith_with_casts_rewrite_head.out b/src/arith_with_casts_rewrite_head.out index 053110d891..a179fff111 100644 --- a/src/arith_with_casts_rewrite_head.out +++ b/src/arith_with_casts_rewrite_head.out @@ -949,6 +949,126 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with else None | None => None end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t1 idc1) x2) => + args <- invert_bind_args idc1 Raw.ident.Z_cast; + args0 <- invert_bind_args idc0 Raw.ident.Literal; + _ <- invert_bind_args idc Raw.ident.Z_add; + match + pattern.type.unify_extracted_cps (ℤ -> ℤ)%ptype + ((projT1 args0) -> s1)%ptype option (fun x3 : option => x3) + with + | Some (_, _)%zrange => + if + type.type_beq base.type base.type.type_beq (ℤ -> ℤ)%ptype + ((projT1 args0) -> s1)%ptype + then + xv <- ident.unify pattern.ident.Literal ##(projT2 args0); + v <- type.try_make_transport_cps s1 ℤ; + fv <- (x3 <- (if + ((let (x3, _) := xv in x3) =? 0) && + (ZRange.normalize args <=? + ZRange.normalize range)%zrange + then + Some + (#(Z_cast args)%expr @ + v (Compile.reflect x2))%expr_pat + else None); + Some (Base x3)); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) (@expr.App _ _ _ s1 _ ($_)%expr _) | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) + (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _) | @expr.App _ _ _ s + _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) + (@expr.App _ _ _ s1 _ (_ @ _)%expr_pat _) | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) + (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) => None + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) #(_)%expr_pat | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) ($_)%expr | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) (@expr.Abs _ _ _ _ _ _) | @expr.App _ + _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Ident _ _ _ t0 idc0)) (@expr.LetIn _ _ _ _ _ _ _) => None + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t0 idc0) x2)) + (@expr.Ident _ _ _ t1 idc1) => + args <- invert_bind_args idc1 Raw.ident.Literal; + args0 <- invert_bind_args idc0 Raw.ident.Z_cast; + _ <- invert_bind_args idc Raw.ident.Z_add; + match + pattern.type.unify_extracted_cps (ℤ -> ℤ)%ptype + (s1 -> (projT1 args))%ptype option (fun x3 : option => x3) + with + | Some (_, _)%zrange => + if + type.type_beq base.type base.type.type_beq (ℤ -> ℤ)%ptype + (s1 -> (projT1 args))%ptype + then + v <- type.try_make_transport_cps s1 ℤ; + xv <- ident.unify pattern.ident.Literal ##(projT2 args); + fv <- (x3 <- (if + ((let (x3, _) := xv in x3) =? 0) && + (ZRange.normalize args0 <=? + ZRange.normalize range)%zrange + then + Some + (#(Z_cast args0)%expr @ + v (Compile.reflect x2))%expr_pat + else None); + Some (Base x3)); + Some (fv0 <-- fv; + Base fv0)%under_lets + else None + | None => None + end + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t0 idc0) x2)) ($_)%expr | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t0 idc0) x2)) + (@expr.Abs _ _ _ _ _ _) | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t0 idc0) x2)) + (_ @ _)%expr_pat | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t0 idc0) x2)) + (@expr.LetIn _ _ _ _ _ _ _) => None + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ ($_)%expr _)) _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.Abs _ _ _ _ _ _) _)) _ | @expr.App _ _ + _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (_ @ _)%expr_pat _)) _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _)) _ => None + | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) ($_)%expr) _ | + @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.Abs _ _ _ _ _ _)) _ | @expr.App _ _ _ s _ + (@expr.App _ _ _ s0 _ (@expr.Ident _ _ _ t idc) + (@expr.LetIn _ _ _ _ _ _ _)) _ => None | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (@expr.Ident _ _ _ t idc) x2) x1) x0 => @@ -985,8 +1105,7 @@ match idc in (Compilers.ident t) return (Compile.value' true t) with _ | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.App _ _ _ s1 _ (@expr.LetIn _ _ _ _ _ _ _) _) _) _ => None - | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ #(_)%expr_pat _) _ | - @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App + | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ ($_)%expr _) _ | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.Abs _ _ _ _ _ _) _) _ | @expr.App _ _ _ s _ (@expr.App _ _ _ s0 _ (@expr.LetIn _ _ _ _ _ _ _) _) _ => None