div_qr_1n_pi1
Niels Möller
nisse at lysator.liu.se
Thu Jun 3 20:30:25 UTC 2021
nisse at lysator.liu.se (Niels Möller) writes:
> The current (METHOD == 2) code some somethign similar, it conditionally
> adds in B2 at the right place in the next iteration. It uses the
> name u2 for the carry that lives unti the next iteration,
>
> umul_ppmm (p1, p0, u1, B2);
> ADDC_LIMB (cy, u0, u0, u2 & B2);
> u0 -= (-cy) & d;
> add_mssaaaa (u2, u1, u0, u0, up[j], p1, p0);
[...]
> The drawback, in the context of div_qr_1n_pi1, is that the u2 input to
> the iteration makes the quotient production much more costly.
And the cost is basically an
add_ssaaaa (q2, q1, -u2, u2 & dinv, CNST_LIMB(0), u1);
so at least a sequence and, add, adc.
I think I've found a way to get rid of that, at the cost of more
side-channel leakage, by adding it into the multiplication by previous
u1 (which, unfortunately, may give another carry out). The iteration
would become something like
/* u recurrence, via u2, u1, u0 variables. */
umul_ppmm (p1, p0, u1, B2);
ADDC_LIMB (cy, u0, u0, u2 & B2);
u0 -= (-cy) & d;
q_u1 = u1; /* Save u1, for below quotient processing */
add_mssaaaa (u2, u1, u0, u0, up[j], p1, p0);
/* q recurrence, via q0 variable. Input is the sum of "old" u1 and
"new" u2. */
q_u1 -= u2;
if (UNLIKELY(q_u1 == 0) && u2)
{
/* The increment of q_u1 overflowed, handle specially. */
q0 += cy;
add_ssaaaa (q1, q2, CNST_LIMB(1), dinv, q0 < cy, q0);
q0 = 0;
}
else
{
umul_ppmm (p1, p0, q_u1, dinv);
ADDC_LIMB (q_2, q1, q_u1, q0);
add_ssaaaa (q_2, q_1, q_2, q_1, CNST_LIMB(0), p1 + cy);
q0 = p0;
}
... store q2 and q1 ...
The second multiplication now depends on the first, so may put some more
pressure on out-of-order execution.
> It would be nice if we could stay with this recurrency for u, but keep
> the other way of carry handling for q.
I've given it a quick try, so far without success.
I might play a bit more with microoptimizations of the current algorithm
before doing something more sophisticated. You're idea of conditonally
adding the invariant d * B2 at the right place is also interesting, I
don't think I understood it correctly at first reading.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
More information about the gmp-devel
mailing list