Impl Wrapping* traits from num-traits
#425
Conversation
|
Until now we've avoided these sort of panicking impls, requiring the selection of either Other PRs have added panics that brought the behavior more in-line with I'm not entirely sure I like it, to be honest, but it can be annoying not to have a convenient way to perform an operation you're sure won't overflow on e.g. a |
tarcieri
force-pushed
the
wrapping-traits
branch
from
12945f2 to
6cedf62
Compare
|
The main argument in favor of this PR is probably UX/approachability: we've had several complaints this library is hard-to-use, and the absence of the Adding them should make this library easier to learn because it will align the library with the |
Until now we have used traits defined in this crate, primarily because many of these traits are predicates that return `bool` and in constant-time code we want those to return `Choice`/`CtOption`. `Wrapping*` is an example of the sort of trait we'd want to incorporate unchanged, and there are potentially others, so this adds `num-traits` as a hard dependency (previously our only hard dependency was `subtle`). Note that `num-traits` itself has no transitive dependencies (or rather, they're optional but not enabled). The `Wrapping*` traits have bounds on the corresponding op traits being impl'd with `Self` operands e.g. `WrappingAdd: Add<Self, Output = Self>` so this PR also adds impls of those traits. We've previously avoided these as in `std` they panic on overflow/underflow in debug builds and silently wrap in release builds. This PR always panics. This required some changes to the `Mul` impls which were conditional on `ConcatMixed` and implicitly widened. To accomodate impls which are always available and require no bounds (in order to allow us to impl `WideningMul`), and renames the following: - `Uint::mul` -> `Uint::widening_mul` - `Uint::mul_wide` -> `Uint::widening_mul_split`
tarcieri
force-pushed
the
wrapping-traits
branch
from
6cedf62 to
a041038
Compare
Until now we have used traits defined in this crate, primarily because many of these traits are predicates that return
booland in constant-time code we want those to returnChoice/CtOption.Wrapping*is an example of the sort of trait we'd want to incorporate unchanged, and there are potentially others, so this addsnum-traitsas a hard dependency (previously our only hard dependency wassubtle). Note thatnum-traitsitself has no transitive dependencies (or rather, they're optional but not enabled).The
Wrapping*traits have bounds on the corresponding op traits being impl'd withSelfoperands e.g.WrappingAdd: Add<Self, Output = Self>so this PR also adds impls of those traits.We've previously avoided these as in
stdthey panic on overflow/underflow in debug builds and silently wrap in release builds. This PR always panics.This required some changes to the
Mulimpls which were conditional onConcatMixedand implicitly widened. To accomodate impls which are always available and require no bounds (in order to allow us to implWideningMul), and renames the following:Uint::mul->Uint::widening_mulUint::mul_wide->Uint::widening_mul_splitTODO:
WrappingNegWrappingShlWrappingShrcc @xuganyu96