| blob | d3c0b7bf22053e1afcd9a0185cfc155fe9edbd27 |
1 /* Schoenhage's fast multiplication modulo 2^N+1.
3 Contributed by Paul Zimmermann.
5 THE FUNCTIONS IN THIS FILE ARE INTERNAL WITH MUTABLE INTERFACES. IT IS ONLY
6 SAFE TO REACH THEM THROUGH DOCUMENTED INTERFACES. IN FACT, IT IS ALMOST
7 GUARANTEED THAT THEY WILL CHANGE OR DISAPPEAR IN A FUTURE GNU MP RELEASE.
9 Copyright 1998-2010, 2012, 2013 Free Software Foundation, Inc.
11 This file is part of the GNU MP Library.
13 The GNU MP Library is free software; you can redistribute it and/or modify
14 it under the terms of either:
16 * the GNU Lesser General Public License as published by the Free
17 Software Foundation; either version 3 of the License, or (at your
18 option) any later version.
20 or
22 * the GNU General Public License as published by the Free Software
23 Foundation; either version 2 of the License, or (at your option) any
24 later version.
26 or both in parallel, as here.
28 The GNU MP Library is distributed in the hope that it will be useful, but
29 WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
30 or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
31 for more details.
33 You should have received copies of the GNU General Public License and the
34 GNU Lesser General Public License along with the GNU MP Library. If not,
35 see https://www.gnu.org/licenses/. */
38 /* References:
40 Schnelle Multiplikation grosser Zahlen, by Arnold Schoenhage and Volker
41 Strassen, Computing 7, p. 281-292, 1971.
43 Asymptotically fast algorithms for the numerical multiplication and division
44 of polynomials with complex coefficients, by Arnold Schoenhage, Computer
45 Algebra, EUROCAM'82, LNCS 144, p. 3-15, 1982.
47 Tapes versus Pointers, a study in implementing fast algorithms, by Arnold
48 Schoenhage, Bulletin of the EATCS, 30, p. 23-32, 1986.
50 TODO:
52 Implement some of the tricks published at ISSAC'2007 by Gaudry, Kruppa, and
53 Zimmermann.
55 It might be possible to avoid a small number of MPN_COPYs by using a
56 rotating temporary or two.
58 Cleanup and simplify the code!
59 */
61 #ifdef TRACE
62 #undef TRACE
63 #define TRACE(x) x
64 #include <stdio.h>
65 #else
66 #define TRACE(x)
67 #endif
72 #ifdef WANT_ADDSUB
74 #define HAVE_NATIVE_mpn_add_n_sub_n 1
75 #endif
84 /* Find the best k to use for a mod 2^(m*GMP_NUMB_BITS)+1 FFT for m >= n.
85 We have sqr=0 if for a multiply, sqr=1 for a square.
86 There are three generations of this code; we keep the old ones as long as
87 some gmp-mparam.h is not updated. */
90 /*****************************************************************************/
92 #if TUNE_PROGRAM_BUILD || (defined (MUL_FFT_TABLE3) && defined (SQR_FFT_TABLE3))
95 #if defined (MUL_FFT_TABLE3_SIZE) && defined (SQR_FFT_TABLE3_SIZE)
96 #if MUL_FFT_TABLE3_SIZE > SQR_FFT_TABLE3_SIZE
97 #define FFT_TABLE3_SIZE MUL_FFT_TABLE3_SIZE
98 #else
99 #define FFT_TABLE3_SIZE SQR_FFT_TABLE3_SIZE
100 #endif
101 #endif
102 #endif
104 #ifndef FFT_TABLE3_SIZE
105 #define FFT_TABLE3_SIZE 200
106 #endif
109 {
110 MUL_FFT_TABLE3,
111 SQR_FFT_TABLE3
112 };
114 int
116 {
124 {
130 }
132 }
134 #define MPN_FFT_BEST_READY 1
135 #endif
137 /*****************************************************************************/
139 #if ! defined (MPN_FFT_BEST_READY)
141 {
142 MUL_FFT_TABLE,
143 SQR_FFT_TABLE
144 };
146 int
148 {
155 /* treat 4*last as one further entry */
158 else
160 }
161 #endif
163 /*****************************************************************************/
166 /* Returns smallest possible number of limbs >= pl for a fft of size 2^k,
167 i.e. smallest multiple of 2^k >= pl.
169 Don't declare static: needed by tuneup.
170 */
172 mp_size_t
174 {
177 }
180 /* Initialize l[i][j] with bitrev(j) */
181 static void
183 {
189 {
192 {
195 }
196 }
197 }
200 /* r <- a*2^d mod 2^(n*GMP_NUMB_BITS)+1 with a = {a, n+1}
201 Assumes a is semi-normalized, i.e. a[n] <= 1.
202 r and a must have n+1 limbs, and not overlap.
203 */
204 static void
206 {
208 mp_size_t m;
215 {
216 /* r[0..m-1] <-- lshift(a[n-m]..a[n-1], sh)
217 r[m..n-1] <-- -lshift(a[0]..a[n-m-1], sh) */
221 {
222 /* no out shift below since a[n] <= 1 */
226 }
227 else
228 {
233 }
235 /* add cc to r[0], and add rd to r[m] */
237 /* now add 1 in r[m], subtract 1 in r[n], i.e. add 1 in r[0] */
240 /* cc < 2^sh <= 2^(GMP_NUMB_BITS-1) thus no overflow here */
241 cc++;
244 rd++;
245 /* rd might overflow when sh=GMP_NUMB_BITS-1 */
249 }
250 else
251 {
252 /* r[0..m-1] <-- -lshift(a[n-m]..a[n-1], sh)
253 r[m..n-1] <-- lshift(a[0]..a[n-m-1], sh) */
255 {
256 /* no out bits below since a[n] <= 1 */
259 /* {r, m+1} = {a+n-m, m+1} << sh */
261 }
262 else
263 {
264 /* r[m] is not used below, but we save a test for m=0 */
269 }
271 /* now complement {r, m}, subtract cc from r[0], subtract rd from r[m] */
273 /* if m=0 we just have r[0]=a[n] << sh */
275 {
276 /* now add 1 in r[0], subtract 1 in r[m] */
280 /* add 1 to cc instead of rd since rd might overflow */
281 }
283 /* now subtract cc and rd from r[m..n] */
289 }
290 }
293 /* r <- a+b mod 2^(n*GMP_NUMB_BITS)+1.
294 Assumes a and b are semi-normalized.
295 */
298 {
302 /* 0 <= c <= 3 */
304 #if 1
305 /* GCC 4.1 outsmarts most expressions here, and generates a 50% branch. The
306 result is slower code, of course. But the following outsmarts GCC. */
310 #endif
311 #if 0
313 {
316 }
317 else
318 {
320 }
321 #endif
322 }
324 /* r <- a-b mod 2^(n*GMP_NUMB_BITS)+1.
325 Assumes a and b are semi-normalized.
326 */
329 {
333 /* -2 <= c <= 1 */
335 #if 1
336 /* GCC 4.1 outsmarts most expressions here, and generates a 50% branch. The
337 result is slower code, of course. But the following outsmarts GCC. */
341 #endif
342 #if 0
344 {
347 }
348 else
349 {
351 }
352 #endif
353 }
355 /* input: A[0] ... A[inc*(K-1)] are residues mod 2^N+1 where
356 N=n*GMP_NUMB_BITS, and 2^omega is a primitive root mod 2^N+1
357 output: A[inc*l[k][i]] <- \sum (2^omega)^(ij) A[inc*j] mod 2^N+1 */
359 static void
362 {
364 {
365 mp_limb_t cy;
366 #if HAVE_NATIVE_mpn_add_n_sub_n
368 #else
372 #endif
377 }
378 else
379 {
385 /* A[2*j*inc] <- A[2*j*inc] + omega^l[k][2*j*inc] A[(2j+1)inc]
386 A[(2j+1)inc] <- A[2*j*inc] + omega^l[k][(2j+1)inc] A[(2j+1)inc] */
388 {
389 /* Ap[inc] <- Ap[0] + Ap[inc] * 2^(lk[1] * omega)
390 Ap[0] <- Ap[0] + Ap[inc] * 2^(lk[0] * omega) */
394 }
395 }
396 }
398 /* input: A[0] ... A[inc*(K-1)] are residues mod 2^N+1 where
399 N=n*GMP_NUMB_BITS, and 2^omega is a primitive root mod 2^N+1
400 output: A[inc*l[k][i]] <- \sum (2^omega)^(ij) A[inc*j] mod 2^N+1
401 tp must have space for 2*(n+1) limbs.
402 */
405 /* Given ap[0..n] with ap[n]<=1, reduce it modulo 2^(n*GMP_NUMB_BITS)+1,
406 by subtracting that modulus if necessary.
408 If ap[0..n] is exactly 2^(n*GMP_NUMB_BITS) then mpn_sub_1 produces a
409 borrow and the limbs must be zeroed out again. This will occur very
410 infrequently. */
414 {
416 {
419 {
420 /* This happens with very low probability; we have yet to trigger it,
421 and thereby make sure this code is correct. */
424 }
425 else
427 }
428 }
430 /* a[i] <- a[i]*b[i] mod 2^(n*GMP_NUMB_BITS)+1 for 0 <= i < K */
431 static void
433 {
436 TMP_DECL;
438 TMP_MARK;
441 {
454 /* Nprime2 = ceil((2*M2+k+3)/maxLK)*maxLK*/
457 /* we should ensure that nprime2 is a multiple of the next K */
459 {
460 mp_size_t K3;
462 {
468 /* warning: since nprime2 changed, K3 may change too! */
469 }
470 }
483 {
486 }
493 {
494 mp_limb_t cy;
506 }
507 }
508 else
509 {
511 mp_limb_t cc;
517 {
522 else
526 else
531 {
532 /* FIXME: use MPN_INCR_U here, since carry is not expected. */
535 }
537 }
538 }
539 TMP_FREE;
540 }
543 /* input: A^[l[k][0]] A^[l[k][1]] ... A^[l[k][K-1]]
544 output: K*A[0] K*A[K-1] ... K*A[1].
545 Assumes the Ap[] are pseudo-normalized, i.e. 0 <= Ap[][n] <= 1.
546 This condition is also fulfilled at exit.
547 */
548 static void
550 {
552 {
553 mp_limb_t cy;
554 #if HAVE_NATIVE_mpn_add_n_sub_n
556 #else
560 #endif
565 }
566 else
567 {
572 /* A[j] <- A[j] + omega^j A[j+K/2]
573 A[j+K/2] <- A[j] + omega^(j+K/2) A[j+K/2] */
575 {
576 /* Ap[K2] <- Ap[0] + Ap[K2] * 2^((j + K2) * omega)
577 Ap[0] <- Ap[0] + Ap[K2] * 2^(j * omega) */
581 }
582 }
583 }
586 /* R <- A/2^k mod 2^(n*GMP_NUMB_BITS)+1 */
587 static void
589 {
590 mp_bitcnt_t i;
595 /* 1/2^k = 2^(2nL-k) mod 2^(n*GMP_NUMB_BITS)+1 */
596 /* normalize so that R < 2^(n*GMP_NUMB_BITS)+1 */
598 }
601 /* {rp,n} <- {ap,an} mod 2^(n*GMP_NUMB_BITS)+1, n <= an <= 3*n.
602 Returns carry out, i.e. 1 iff {ap,an} = -1 mod 2^(n*GMP_NUMB_BITS)+1,
603 then {rp,n}=0.
604 */
605 static mp_size_t
607 {
609 mp_limb_t cc;
614 {
616 /* add {ap, m} and {ap+2n, m} in {rp, m} */
618 /* copy {ap+m, n-m} to {rp+m, n-m} */
620 }
621 else
622 {
626 }
628 /* remains to subtract {ap+n, l} from {rp, n+1} */
634 }
636 /* store in A[0..nprime] the first M bits from {n, nl},
637 in A[nprime+1..] the following M bits, ...
638 Assumes M is a multiple of GMP_NUMB_BITS (M = l * GMP_NUMB_BITS).
639 T must have space for at least (nprime + 1) limbs.
640 We must have nl <= 2*K*l.
641 */
642 static void
645 mp_ptr T)
646 {
648 mp_ptr tmp;
650 TMP_DECL;
651 TMP_MARK;
654 {
656 mp_limb_signed_t cy;
661 {
668 /* now dif > 0 */
670 {
673 else
678 }
679 /* now dif <= Kl */
682 else
686 else
688 }
690 {
693 }
697 }
699 {
701 /* store the next M bits of n into A[0..nprime] */
703 {
710 }
711 else
714 }
716 TMP_FREE;
717 }
719 /* op <- n*m mod 2^N+1 with fft of size 2^k where N=pl*GMP_NUMB_BITS
720 op is pl limbs, its high bit is returned.
721 One must have pl = mpn_fft_next_size (pl, k).
722 T must have space for 2 * (nprime + 1) limbs.
723 */
725 static mp_limb_t
730 {
732 mp_ptr p;
733 mp_limb_t cc;
737 /* direct fft's */
742 /* term to term multiplications */
745 /* inverse fft's */
748 /* division of terms after inverse fft */
752 {
755 }
757 /* addition of terms in result p */
764 {
777 }
778 }
780 {
782 {
783 /* p[pla-pl]...p[pla-1] are all zero */
786 }
787 }
789 {
791 {
793 ;
794 }
795 else
796 {
799 }
800 }
801 else
804 /* here p < 2^(2M) [K 2^(M(K-1)) + (K-1) 2^(M(K-2)) + ... ]
805 < K 2^(2M) [2^(M(K-1)) + 2^(M(K-2)) + ... ]
806 < K 2^(2M) 2^(M(K-1))*2 = 2^(M*K+M+k+1) */
808 }
810 /* return the lcm of a and 2^k */
811 static mp_bitcnt_t
813 {
817 {
819 k --;
820 }
822 }
825 mp_limb_t
830 {
837 mp_limb_t h;
838 TMP_DECL;
843 TMP_MARK;
848 {
851 }
860 /* Nprime = ceil((2*M+k+3)/maxLK)*maxLK; */
864 /* we should ensure that recursively, nprime is a multiple of the next K */
866 {
867 mp_size_t K2;
869 {
875 /* warning: since nprime changed, K2 may change too! */
876 }
878 }
892 {
893 mp_size_t pla;
897 }
898 else
899 {
903 }
906 TMP_FREE;
908 }
910 #if WANT_OLD_FFT_FULL
911 /* multiply {n, nl} by {m, ml}, and put the result in {op, nl+ml} */
912 void
916 {
917 mp_ptr pad_op;
925 /* perform a fft mod 2^(2N)+1 and one mod 2^(3N)+1.
926 We must have pl3 = 3/2 * pl2, with pl2 a multiple of 2^k2, and
927 pl3 a multiple of 2^k3. Since k3 >= k2, both are multiples of 2^k2,
928 and pl2 must be an even multiple of 2^k2. Thus (pl2,pl3) =
929 (2*j*2^k2,3*j*2^k2), which works for 3*j <= pl/2^k2 <= 5*j.
930 We need that consecutive intervals overlap, i.e. 5*j >= 3*(j+1),
931 which requires j>=2. Thus this scheme requires pl >= 6 * 2^FFT_FIRST_K. */
933 /* ASSERT_ALWAYS(pl >= 6 * (1 << FFT_FIRST_K)); */
936 do
937 {
938 pl2++;
942 thus pl2 / 2 is exact */
944 }
956 /* 0 <= cc <= 1 */
965 /* now lambda-mu = {pad_op, pl2} - cc mod 2^(pl2*GMP_NUMB_BITS)+1 */
967 #if HAVE_NATIVE_mpn_add_n_sub_n
969 /* c2 & 1 is the borrow, c2 & 2 is the carry */
972 #else
973 {
974 mp_ptr tmp;
975 TMP_DECL;
977 TMP_MARK;
982 TMP_FREE;
983 }
984 #endif
986 /* first normalize {pad_op, pl2} before dividing by 2: c2 is the borrow
987 at pad_op + l, cc is the carry at pad_op + pl2 */
988 /* 0 <= cc <= 2 */
990 /* -1 <= cc <= 2 */
993 /* now -1 <= cc <= 0 */
996 /* now {pad_op, pl2} is normalized, with 0 <= cc <= 1 */
999 /* now 0 <= cc <= 2, but cc=2 cannot occur since it would give a carry
1000 out below */
1004 /* now {pad_op,pl2}-cc = (lambda-mu)/(1-2^(l*GMP_NUMB_BITS))
1005 mod 2^(pl2*GMP_NUMB_BITS) + 1 */
1007 /* since pl2+pl3 >= pl, necessary the extra limbs (including cc) are zero */
1011 /* since the final result has at most pl limbs, no carry out below */
1013 }
1014 #endif