Lines Matching +full:hi +full:- +full:z
28 * Constant-time division. The divisor must not be larger than 16 bits,
39 for (i = 16; i >= 0; i --) { in divrem16()
44 x -= (-ctl) & d; in divrem16()
55 br_i15_muladd_small(uint16_t *x, uint16_t z, const uint16_t *m) in br_i15_muladd_small() argument
58 * Constant-time: we accept to leak the exact bit length of the in br_i15_muladd_small()
63 uint32_t hi, a0, a, b, q; in br_i15_muladd_small() local
76 divrem16(((uint32_t)x[1] << 15) | z, m[1], &rem); in br_i15_muladd_small()
84 * Principle: we estimate the quotient (x*2^15+z)/m by in br_i15_muladd_small()
107 * u-2 <= q <= u in br_i15_muladd_small()
109 hi = x[mlen]; in br_i15_muladd_small()
112 memmove(x + 2, x + 1, (mlen - 1) * sizeof *x); in br_i15_muladd_small()
113 x[1] = z; in br_i15_muladd_small()
117 a0 = (x[mlen] << (15 - mblr)) | (x[mlen - 1] >> mblr); in br_i15_muladd_small()
118 memmove(x + 2, x + 1, (mlen - 1) * sizeof *x); in br_i15_muladd_small()
119 x[1] = z; in br_i15_muladd_small()
120 a = (a0 << 15) | (((x[mlen] << (15 - mblr)) in br_i15_muladd_small()
121 | (x[mlen - 1] >> mblr)) & 0x7FFF); in br_i15_muladd_small()
122 b = (m[mlen] << (15 - mblr)) | (m[mlen - 1] >> mblr); in br_i15_muladd_small()
128 * q-1 or q-2; moreover, the division may have returned a value in br_i15_muladd_small()
131 * that the "true" multiplier will be q+1, q or q-1, and q is in br_i15_muladd_small()
134 q = MUX(EQ(b, a0), 0x7FFF, q - 1 + ((q - 1) >> 31)); in br_i15_muladd_small()
137 * We subtract q*m from x (x has an extra high word of value 'hi'). in br_i15_muladd_small()
143 * 'hi' or the carry). in br_i15_muladd_small()
155 nxw = xw - zl; in br_i15_muladd_small()
163 * If we underestimated q, then either cc < hi (one extra bit in br_i15_muladd_small()
164 * beyond the top array word), or cc == hi and tb is true (no in br_i15_muladd_small()
167 * If we overestimated q, then cc > hi. in br_i15_muladd_small()
169 over = GT(cc, hi); in br_i15_muladd_small()
170 under = ~over & (tb | LT(cc, hi)); in br_i15_muladd_small()