/ftp/gstreamer1-plugins-curl/

ne-lab?h=master' type='application/atom+xml'/>
aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/github.com/byzantine-lab
diff options
context:
space:
mode:
authorWei-Ning Huang <w@byzantine-lab.io>2019-06-12 17:31:08 +0800
committerWei-Ning Huang <w@byzantine-lab.io>2019-09-17 16:57:29 +0800
commitac088de6322fc16ebe75c2e5554be73754bf1fe2 (patch)
tree086b7827d46a4d07b834cd94be73beaabb77b734 /vendor/github.com/byzantine-lab
parent67d565f3f0e398e99bef96827f729e3e4b0edf31 (diff)
downloadgo-tangerine-ac088de6322fc16ebe75c2e5554be73754bf1fe2.tar.gz
go-tangerine-ac088de6322fc16ebe75c2e5554be73754bf1fe2.tar.zst
go-tangerine-ac088de6322fc16ebe75c2e5554be73754bf1fe2.zip
Rebrand as tangerine-network/go-tangerine
Diffstat (limited to 'vendor/github.com/byzantine-lab')
-rw-r--r--vendor/github.com/byzantine-lab/bls/.gitignore7
-rw-r--r--vendor/github.com/byzantine-lab/bls/.travis.yml39
-rw-r--r--vendor/github.com/byzantine-lab/bls/CMakeLists.txt33
-rw-r--r--vendor/github.com/byzantine-lab/bls/Makefile164
-rw-r--r--vendor/github.com/byzantine-lab/bls/bin/.emptydir0
-rw-r--r--vendor/github.com/byzantine-lab/bls/bls.sln30
-rw-r--r--vendor/github.com/byzantine-lab/bls/bls_smpl.py40
-rw-r--r--vendor/github.com/byzantine-lab/bls/common.props26
-rw-r--r--vendor/github.com/byzantine-lab/bls/debug.props14
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/App.config6
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/Properties/AssemblyInfo.cs36
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls.cs351
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls.csproj97
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls.sln25
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.cs298
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.csproj62
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.sln22
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls256_test.cs126
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/bls_test.cs176
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/readme-ja.md188
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/cs/readme.md185
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/go/bls/bls.go539
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/go/bls/callback.go12
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/go/bls/dummy.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/ffi/go/bls/mcl.go646
-rw-r--r--vendor/github.com/byzantine-lab/bls/images/bls-go-alpine/Dockerfile12
-rw-r--r--vendor/github.com/byzantine-lab/bls/include/bls/bls.h275
-rw-r--r--vendor/github.com/byzantine-lab/bls/include/bls/bls.hpp534
-rw-r--r--vendor/github.com/byzantine-lab/bls/lib/.emptydir0
-rw-r--r--vendor/github.com/byzantine-lab/bls/mk.bat20
-rwxr-xr-xvendor/github.com/byzantine-lab/bls/mkdll.bat8
-rw-r--r--vendor/github.com/byzantine-lab/bls/mklib.bat26
-rw-r--r--vendor/github.com/byzantine-lab/bls/obj/.emptydir0
-rw-r--r--vendor/github.com/byzantine-lab/bls/readme.md187
-rw-r--r--vendor/github.com/byzantine-lab/bls/release.props12
-rw-r--r--vendor/github.com/byzantine-lab/bls/sample/bls_smpl.cpp168
-rwxr-xr-xvendor/github.com/byzantine-lab/bls/setvar.bat6
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/bls_c256.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/bls_c384.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/bls_c384_256.cpp4
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/bls_c_impl.hpp614
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/proj/bls.vcxproj92
-rw-r--r--vendor/github.com/byzantine-lab/bls/src/qcoeff-bn254.hpp564
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls256_test.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls384_256_test.cpp4
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls384_test.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls_c256_test.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls_c384_256_test.cpp3
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls_c384_test.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls_c_test.hpp437
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/bls_test.hpp545
-rw-r--r--vendor/github.com/byzantine-lab/bls/test/proj/bls_test/bls_test.vcxproj88
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/LICENSE165
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/common/event.go101
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/common/logger.go134
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/common/types.go90
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/common/utils.go41
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-mgr.go676
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-state.go213
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/agreement.go797
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/blockchain.go681
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/interfaces.go70
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/level-db.go127
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/memory.go183
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/configuration-chain.go795
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/consensus.go1567
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/constant.go41
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/constant.go26
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/dkg.go637
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/utils.go92
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/ecdsa/ecdsa.go135
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/interfaces.go48
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/utils.go80
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/db/interfaces.go100
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/db/level-db.go573
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/db/memory.go262
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/dkg-tsig-protocol.go709
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/interfaces.go182
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/leader-selector.go149
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/nonblocking.go137
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/agreement.go301
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/consensus.go543
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/watch-cat.go156
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/ticker.go127
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/block-randomness.go44
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/block.go227
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/config.go75
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/dkg/dkg.go485
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/message.go24
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/node.go61
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/nodeset.go162
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/position.go51
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/types/vote.go100
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils.go255
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/crypto.go376
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/nodeset-cache.go245
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/penalty-helper.go131
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-based-config.go112
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-event.go358
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/signer.go154
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/utils.go207
-rw-r--r--vendor/github.com/byzantine-lab/dexon-consensus/core/utils/vote-filter.go72
-rw-r--r--vendor/github.com/byzantine-lab/mcl/.gitignore13
-rw-r--r--vendor/github.com/byzantine-lab/mcl/.travis.yml17
-rw-r--r--vendor/github.com/byzantine-lab/mcl/CMakeLists.txt119
-rw-r--r--vendor/github.com/byzantine-lab/mcl/COPYRIGHT47
-rw-r--r--vendor/github.com/byzantine-lab/mcl/Makefile373
-rw-r--r--vendor/github.com/byzantine-lab/mcl/bench.txt114
-rw-r--r--vendor/github.com/byzantine-lab/mcl/common.mk117
-rw-r--r--vendor/github.com/byzantine-lab/mcl/common.props26
-rw-r--r--vendor/github.com/byzantine-lab/mcl/debug.props14
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/App.config6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/Properties/AssemblyInfo.cs36
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.cs475
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.csproj62
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.sln22
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256_test.cs149
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl.go659
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl_test.go157
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/Bn256Test.java104
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/ElgamalTest.java144
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/Makefile64
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/bn256.i31
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_impl.hpp249
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_wrap.cxx1542
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal.i28
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_impl.hpp147
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_wrap.cxx1129
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/java.md95
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/make_wrap.bat23
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/run-bn256.bat9
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/run-elgamal.bat9
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/java/set-java-path.bat8
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/js/export-functions.py73
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/js/pre-mcl.js5
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/python/pairing.py80
-rw-r--r--vendor/github.com/byzantine-lab/mcl/ffi/python/she.py298
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/array.hpp197
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/atoi.hpp239
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/benchmark.hpp212
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/bit_operation.hpp139
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/critical_section.hpp60
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/crypto.hpp321
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/endian.hpp224
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/exception.hpp252
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/hash.hpp67
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/inttype.hpp163
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/itoa.hpp337
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/link_libeay32.hpp21
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/link_mpir.hpp18
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/link_ssleay32.hpp19
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/mutex.hpp141
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/option.hpp723
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/random_generator.hpp153
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/serializer.hpp363
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/sha2.hpp467
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/stream.hpp267
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/test.hpp373
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/unordered_map.hpp13
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/cybozu/xorshift.hpp189
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/aggregate_sig.hpp265
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/ahe.hpp76
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/array.hpp167
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bls12_381.hpp15
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bn.h428
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bn.hpp2261
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bn256.hpp15
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bn384.hpp15
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/bn512.hpp14
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/conversion.hpp495
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/curve_type.h35
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/ec.hpp1045
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.h105
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.hpp257
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/ecparam.hpp191
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/elgamal.hpp612
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/fp.hpp661
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/fp_tower.hpp1364
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/gmp_util.hpp954
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/impl/bn_c_impl.hpp643
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/lagrange.hpp107
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/op.hpp389
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/operator.hpp177
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/paillier.hpp84
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/randgen.hpp156
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/she.h270
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/she.hpp1939
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/util.hpp285
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/vint.hpp1987
-rw-r--r--vendor/github.com/byzantine-lab/mcl/include/mcl/window_method.hpp175
-rw-r--r--vendor/github.com/byzantine-lab/mcl/lib/.emptydir0
-rw-r--r--vendor/github.com/byzantine-lab/mcl/mcl.sln57
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/bench.txt21
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/karatsuba.cpp75
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/mul.cpp58
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/precompute.cpp30
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/bench.sh6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/bench4.txt99
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/bench6.txt99
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/bench8.txt99
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/nizkp.pdfbin0 -> 28787 bytes
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/she-api-ja.md314
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/she-api.md322
-rw-r--r--vendor/github.com/byzantine-lab/mcl/misc/she/she.pdfbin0 -> 25716 bytes
-rw-r--r--vendor/github.com/byzantine-lab/mcl/mk.bat20
-rw-r--r--vendor/github.com/byzantine-lab/mcl/mklib.bat39
-rw-r--r--vendor/github.com/byzantine-lab/mcl/obj/.emptydir0
-rw-r--r--vendor/github.com/byzantine-lab/mcl/readme.md457
-rw-r--r--vendor/github.com/byzantine-lab/mcl/release.props12
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/bench.cpp233
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/bls_sig.cpp70
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/ecdh.cpp64
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/large.cpp125
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/pairing.cpp56
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/pairing_c.c52
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/random.cpp29
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/rawbench.cpp180
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/she_make_dlp_table.cpp69
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/she_smpl.cpp125
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/tri-dh.cpp97
-rw-r--r--vendor/github.com/byzantine-lab/mcl/sample/vote.cpp206
-rw-r--r--vendor/github.com/byzantine-lab/mcl/setvar.bat2
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/aarch64.s13197
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/arm.s84189
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/low_arm.s154
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/low_x86-64.asm153
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/low_x86.asm0
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86-64.bmi2.s14155
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86-64.s16652
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86-64mac.bmi2.s13830
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86-64mac.s16313
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86.bmi2.s71547
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/asm/x86.s73785
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/bn_c256.cpp6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/bn_c384.cpp7
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/bn_c384_256.cpp7
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/bn_c512.cpp6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/bn_c_impl.hpp517
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/ecdsa_c.cpp110
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/fp.cpp646
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/fp_generator.hpp3885
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/gen.cpp999
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/llvm_gen.hpp616
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/low_func.hpp706
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/low_func_llvm.hpp94
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/proj/mcl.vcxproj92
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/proto.hpp81
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/she_c256.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/she_c384.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/she_c_impl.hpp681
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/xbyak/xbyak.h2611
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/xbyak/xbyak_mnemonic.h1972
-rw-r--r--vendor/github.com/byzantine-lab/mcl/src/xbyak/xbyak_util.h653
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/aggregate_sig_test.cpp74
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/array_test.cpp104
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/base_test.cpp392
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bench.hpp192
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bls12_test.cpp720
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn384_test.cpp83
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn512_test.cpp68
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_c256_test.cpp6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_c384_256_test.cpp7
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_c384_test.cpp6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_c512_test.cpp6
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_c_test.hpp699
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/bn_test.cpp408
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/conversion_test.cpp96
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/ec_test.cpp573
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/ecdsa_c_test.cpp51
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/ecdsa_test.cpp69
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/elgamal_test.cpp155
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/fp_generator_test.cpp207
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/fp_test.cpp1046
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/fp_tower_test.cpp477
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/fp_util_test.cpp270
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/glv_test.cpp209
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/gmp_test.cpp70
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/low_test.cpp73
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/mk32.sh1
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/modp_test.cpp37
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/mont_fp_test.cpp332
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/paillier_test.cpp24
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/proj/bn_test/bn_test.vcxproj88
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/proj/ec_test/ec_test.vcxproj88
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/proj/fp_test/fp_test.vcxproj88
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/proj/fp_tower_test/fp_tower_test.vcxproj88
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/she_c256_test.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/she_c384_test.cpp2
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/she_c_test.hpp535
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/she_test.cpp756
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/sq_test.cpp21
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/vint_test.cpp1353
-rw-r--r--vendor/github.com/byzantine-lab/mcl/test/window_method_test.cpp70
293 files changed, 376636 insertions, 0 deletions
diff --git a/vendor/github.com/byzantine-lab/bls/.gitignore b/vendor/github.com/byzantine-lab/bls/.gitignore
new file mode 100644
index 000000000..dacdfc906
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/.gitignore
@@ -0,0 +1,7 @@
+CVS
+bin/*.exe
+lib/*.a
+lib/*.so
+lib/*.dylib
+obj/*.d
+obj/*.o
diff --git a/vendor/github.com/byzantine-lab/bls/.travis.yml b/vendor/github.com/byzantine-lab/bls/.travis.yml
new file mode 100644
index 000000000..71a667a2e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/.travis.yml
@@ -0,0 +1,39 @@
+sudo: true
+dist: xenial
+services:
+- docker
+env:
+ global:
+ - IMAGE_TAG=dexonfoundation/bls-go-alpine
+ - DOCKER_USER=spiderpowadeploy
+ - secure: mqNCngWukyjE3UARxaPjqS0xgC1dsnWfmPhpH2mq7nR6S2cGfJ3xBfyiTS//Clz//7sAL+Tp62r3fxyMjDogrSHZUUssCAwf17RM6vnALqaVbc3wXcTNudiDB5cVKe9C9gZqn1Ivd+qbmtuCezSrOG5Xih1gh4bPTyiFvU1sp9C2icMHkJZkjsP0QqCbHlQrMeECSIPlEGIOXUUSp+WmrZAdi2rHezKeZxuaT73RX1+N/+1RfWXo2MR4ydQU3eALl5s5UA9JweQO+MYIVr8EEpGNqJRYUyURx/5G/Sy2v6Z3imUvXZv1J5aplW/UDls92Olla1JHuvFW6ptRO+PHITNwvEkhxPFj+HcOpqEuSISsdk9rkHUrM0wEYPv6A4vQPUjMHrLQs2tQShVCelM1HtNvDDjttKMmVyRLusFP9eS7uvmmXu2l6efJjsMSFkY5WKbu2U0MQ1j708KH9k2WunU6sjJ+b74PkkZVtkQMIqgTokC0IOqbbrnwh4I9PpVpHAQrewRimMH+lDHk+HlMUCWk7/IcIFUl+mh6RzW2vkZTTr2ctSBI6QzK5smdPmqQpp2lqkGv/hQCBp5ICzFSkU6Djqe3hG8ta3+/Zhi10fPU2HcHDi+gR79CG8dvy+iOeTS2csXZx+YoN2BVkfu9AnrjZ9Kjkf9BMay4CehBUWE=
+language: cpp
+compiler:
+- gcc
+- clang
+addons:
+ apt:
+ packages:
+ - libgmp-dev
+install:
+- git clone --depth 1 https://github.com/dexon-foundation/mcl.git $TRAVIS_BUILD_DIR/../mcl
+script:
+- make -j3
+- make test_ci DISABLE_THREAD_TEST=1
+- make test_go
+- env LD_LIBRARY_PATH=../mcl/lib bin/bls_c384_test.exe
+- make clean && make -C ../mcl clean
+- make -j3 MCL_USE_OPENSSL=0
+- make test_ci DISABLE_THREAD_TEST=1 MCL_USE_OPENSSL=0
+- docker build --tag "$IMAGE_TAG" . -f images/bls-go-alpine/Dockerfile --no-cache
+before_deploy:
+- echo "$DOCKER_PASS" | docker login -u "$DOCKER_USER" --password-stdin
+- git_commit="$(git rev-parse --short HEAD)"
+- docker tag "$IMAGE_TAG" "${IMAGE_TAG}:${git_commit}"
+- docker tag "$IMAGE_TAG" "${IMAGE_TAG}:latest"
+deploy:
+ provider: script
+ script: docker push "${IMAGE_TAG}:latest" && docker push "${IMAGE_TAG}:${git_commit}"
+ on:
+ branch: dev
+ condition: "$CC = gcc"
diff --git a/vendor/github.com/byzantine-lab/bls/CMakeLists.txt b/vendor/github.com/byzantine-lab/bls/CMakeLists.txt
new file mode 100644
index 000000000..30fb90fd5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/CMakeLists.txt
@@ -0,0 +1,33 @@
+cmake_minimum_required (VERSION 2.6)
+project(bls CXX ASM)
+
+set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
+
+set(LIBS mcl gmp)
+
+include_directories(include/)
+
+add_library(bls_c256 SHARED src/bls_c256.cpp)
+add_library(bls_c384 SHARED src/bls_c384.cpp)
+add_library(bls_c384_256 SHARED src/bls_c384_256.cpp)
+target_link_libraries(bls_c256 ${LIBS})
+target_link_libraries(bls_c384 ${LIBS})
+target_link_libraries(bls_c384_256 ${LIBS})
+
+file(GLOB BLS_HEADERS include/bls/bls.h include/bls/bls.hpp)
+
+install(TARGETS bls_c256 DESTINATION lib)
+install(TARGETS bls_c384 DESTINATION lib)
+install(TARGETS bls_c384_256 DESTINATION lib)
+install(FILES ${BLS_HEADERS} DESTINATION include/bls)
+
+set(TEST_LIBS pthread gmpxx)
+
+add_executable(bls_c256_test test/bls_c256_test.cpp)
+target_link_libraries(bls_c256_test bls_c256 ${TEST_LIBS})
+add_executable(bls_c384_test test/bls_c384_test.cpp)
+target_link_libraries(bls_c384_test bls_c384 ${TEST_LIBS})
+add_executable(bls_c384_256_test test/bls_c384_256_test.cpp)
+target_link_libraries(bls_c384_256_test bls_c384_256 ${TEST_LIBS})
diff --git a/vendor/github.com/byzantine-lab/bls/Makefile b/vendor/github.com/byzantine-lab/bls/Makefile
new file mode 100644
index 000000000..efea22274
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/Makefile
@@ -0,0 +1,164 @@
+ifeq ($(findstring MINGW64,$(shell uname -s)),MINGW64)
+ # cgo accepts not '/c/path' but 'c:/path'
+ PWD=$(shell pwd|sed s'@^/\([a-z]\)@\1:@')
+else
+ PWD=$(shell pwd)
+endif
+MCL_DIR?=$(PWD)/../mcl
+include $(MCL_DIR)/common.mk
+LIB_DIR=lib
+OBJ_DIR=obj
+EXE_DIR=bin
+CFLAGS += -std=c++11
+LDFLAGS += -lpthread
+
+SRC_SRC=bls_c256.cpp bls_c384.cpp bls_c384_256.cpp
+TEST_SRC=bls256_test.cpp bls384_test.cpp bls384_256_test.cpp bls_c256_test.cpp bls_c384_test.cpp bls_c384_256_test.cpp
+SAMPLE_SRC=bls256_smpl.cpp bls384_smpl.cpp
+
+CFLAGS+=-I$(MCL_DIR)/include
+ifneq ($(MCL_MAX_BIT_SIZE),)
+ CFLAGS+=-DMCL_MAX_BIT_SIZE=$(MCL_MAX_BIT_SIZE)
+endif
+ifeq ($(DISABLE_THREAD_TEST),1)
+ CFLAGS+=-DDISABLE_THREAD_TEST
+endif
+ifeq ($(BLS_SWAP_G),1)
+ CFLAGS+=-DBLS_SWAP_G
+endif
+
+BLS256_LIB=$(LIB_DIR)/libbls256.a
+BLS384_LIB=$(LIB_DIR)/libbls384.a
+BLS384_256_LIB=$(LIB_DIR)/libbls384_256.a
+BLS256_SNAME=bls256
+BLS384_SNAME=bls384
+BLS384_256_SNAME=bls384_256
+BLS256_SLIB=$(LIB_DIR)/lib$(BLS256_SNAME).$(LIB_SUF)
+BLS384_SLIB=$(LIB_DIR)/lib$(BLS384_SNAME).$(LIB_SUF)
+BLS384_256_SLIB=$(LIB_DIR)/lib$(BLS384_256_SNAME).$(LIB_SUF)
+all: $(BLS256_LIB) $(BLS256_SLIB) $(BLS384_LIB) $(BLS384_SLIB) $(BLS384_256_LIB) $(BLS384_256_SLIB)
+
+MCL_LIB=$(MCL_DIR)/lib/libmcl.a
+
+$(MCL_LIB):
+ $(MAKE) -C $(MCL_DIR)
+
+$(BLS256_LIB): $(OBJ_DIR)/bls_c256.o $(MCL_LIB)
+ $(AR) $@ $<
+$(BLS384_LIB): $(OBJ_DIR)/bls_c384.o $(MCL_LIB)
+ $(AR) $@ $<
+$(BLS384_256_LIB): $(OBJ_DIR)/bls_c384_256.o $(MCL_LIB)
+ $(AR) $@ $<
+
+ifneq ($(findstring $(OS),mac/mingw64),)
+ COMMON_LIB=$(GMP_LIB) $(OPENSSL_LIB) -lstdc++
+ BLS256_SLIB_LDFLAGS+=$(COMMON_LIB)
+ BLS384_SLIB_LDFLAGS+=$(COMMON_LIB)
+ BLS384_256_SLIB_LDFLAGS+=$(COMMON_LIB)
+endif
+ifeq ($(OS),mingw64)
+ CFLAGS+=-I$(MCL_DIR)
+ BLS256_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BLS256_SNAME).a
+ BLS384_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BLS384_SNAME).a
+ BLS384_256_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BLS384_256_SNAME).a
+endif
+$(BLS256_SLIB): $(OBJ_DIR)/bls_c256.o $(MCL_LIB)
+ $(PRE)$(CXX) -shared -o $@ $< -L$(MCL_DIR)/lib -lmcl $(BLS256_SLIB_LDFLAGS) $(LDFLAGS)
+$(BLS384_SLIB): $(OBJ_DIR)/bls_c384.o $(MCL_LIB)
+ $(PRE)$(CXX) -shared -o $@ $< -L$(MCL_DIR)/lib -lmcl $(BLS384_SLIB_LDFLAGS) $(LDFLAGS)
+$(BLS384_256_SLIB): $(OBJ_DIR)/bls_c384_256.o $(MCL_LIB)
+ $(PRE)$(CXX) -shared -o $@ $< -L$(MCL_DIR)/lib -lmcl $(BLS384_256_SLIB_LDFLAGS) $(LDFLAGS)
+
+VPATH=test sample src
+
+.SUFFIXES: .cpp .d .exe
+
+$(OBJ_DIR)/%.o: %.cpp
+ $(PRE)$(CXX) $(CFLAGS) -c $< -o $@ -MMD -MP -MF $(@:.o=.d)
+
+$(EXE_DIR)/%384_256_test.exe: $(OBJ_DIR)/%384_256_test.o $(BLS384_256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BLS384_256_LIB) -L$(MCL_DIR)/lib -lmcl $(LDFLAGS)
+
+$(EXE_DIR)/%384_test.exe: $(OBJ_DIR)/%384_test.o $(BLS384_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BLS384_LIB) -L$(MCL_DIR)/lib -lmcl $(LDFLAGS)
+
+$(EXE_DIR)/%256_test.exe: $(OBJ_DIR)/%256_test.o $(BLS256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BLS256_LIB) -L$(MCL_DIR)/lib -lmcl $(LDFLAGS)
+
+# sample exe links libbls256.a
+$(EXE_DIR)/%.exe: $(OBJ_DIR)/%.o $(BLS256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BLS256_LIB) -L$(MCL_DIR)/lib -lmcl $(LDFLAGS)
+ifeq ($(OS),mac)
+ install_name_tool bin/bls_smpl.exe -change lib/libmcl.dylib $(MCL_DIR)/lib/libmcl.dylib
+endif
+
+SAMPLE_EXE=$(addprefix $(EXE_DIR)/,$(SAMPLE_SRC:.cpp=.exe))
+sample: $(SAMPLE_EXE)
+
+TEST_EXE=$(addprefix $(EXE_DIR)/,$(TEST_SRC:.cpp=.exe))
+ifeq ($(OS),mac)
+ LIBPATH_KEY=DYLD_LIBRARY_PATH
+else
+ LIBPATH_KEY=LD_LIBRARY_PATH
+endif
+test_ci: $(TEST_EXE)
+ @sh -ec 'for i in $(TEST_EXE); do echo $$i; env PATH=$$PATH:../mcl/lib $(LIBPATH_KEY)=../mcl/lib LSAN_OPTIONS=verbosity=1 log_threads=1 $$i; done'
+ $(MAKE) sample_test
+
+test: $(TEST_EXE)
+ @echo test $(TEST_EXE)
+ @sh -ec 'for i in $(TEST_EXE); do env PATH=$$PATH:../mcl/lib $(LIBPATH_KEY)=../mcl/lib $$i|grep "ctest:name"; done' > result.txt
+ @grep -v "ng=0, exception=0" result.txt; if [ $$? -eq 1 ]; then echo "all unit tests succeed"; else exit 1; fi
+ $(MAKE) sample_test
+
+sample_test: $(EXE_DIR)/bls_smpl.exe
+ env PATH=$$PATH:../mcl/lib $(LIBPATH_KEY)=../mcl/lib python bls_smpl.py
+
+# PATH is for mingw, LD_LIBRARY_PATH is for linux, DYLD_LIBRARY_PATH is for mac
+COMMON_LIB_PATH="../../../lib:../../../../mcl/lib"
+PATH_VAL=$$PATH:$(COMMON_LIB_PATH) LD_LIBRARY_PATH=$(COMMON_LIB_PATH) DYLD_LIBRARY_PATH=$(COMMON_LIB_PATH)
+test_go256: ffi/go/bls/bls.go ffi/go/bls/bls_test.go $(BLS256_LIB)
+ cd ffi/go/bls && env PATH=$(PATH_VAL) go test -tags bn256 .
+test_go384: ffi/go/bls/bls.go ffi/go/bls/bls_test.go $(BLS384_LIB)
+ cd ffi/go/bls && env PATH=$(PATH_VAL) go test -tags bn384 .
+test_go384_256: ffi/go/bls/bls.go ffi/go/bls/bls_test.go $(BLS384_256_LIB)
+ cd ffi/go/bls && env PATH=$(PATH_VAL) go test -tags bn384_256 .
+
+test_go:
+ $(MAKE) test_go256
+ $(MAKE) test_go384
+ $(MAKE) test_go384_256
+
+EMCC_OPT=-I./include -I./src -I../mcl/include -I./ -Wall -Wextra
+EMCC_OPT+=-O3 -DNDEBUG
+EMCC_OPT+=-s WASM=1 -s NO_EXIT_RUNTIME=1 -s MODULARIZE=1 #-s ASSERTIONS=1
+EMCC_OPT+=-DCYBOZU_MINIMUM_EXCEPTION
+EMCC_OPT+=-s ABORTING_MALLOC=0
+EMCC_OPT+=-DMCLBN_FP_UNIT_SIZE=6
+JS_DEP=src/bls_c384.cpp ../mcl/src/fp.cpp Makefile
+
+../bls-wasm/bls_c.js: $(JS_DEP)
+ emcc -o $@ src/bls_c384.cpp ../mcl/src/fp.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=384 -DMCL_USE_WEB_CRYPTO_API -s DISABLE_EXCEPTION_CATCHING=1 -DCYBOZU_DONT_USE_EXCEPTION -DCYBOZU_DONT_USE_STRING -DMCL_DONT_USE_CSPRNG -fno-exceptions -MD -MP -MF obj/bls_c384.d
+
+bls-wasm:
+ $(MAKE) ../bls-wasm/bls_c.js
+
+clean:
+ $(RM) $(OBJ_DIR)/*.d $(OBJ_DIR)/*.o $(EXE_DIR)/*.exe $(GEN_EXE) $(ASM_SRC) $(ASM_OBJ) $(LLVM_SRC) $(BLS256_LIB) $(BLS256_SLIB) $(BLS384_LIB) $(BLS384_SLIB) $(BLS384_256_LIB) $(BLS384_256_SLIB)
+
+ALL_SRC=$(SRC_SRC) $(TEST_SRC) $(SAMPLE_SRC)
+DEPEND_FILE=$(addprefix $(OBJ_DIR)/, $(ALL_SRC:.cpp=.d))
+-include $(DEPEND_FILE)
+
+PREFIX?=/usr/local
+install: lib/libbls256.a lib/libbls256.$(LIB_SUF) lib/libbls384.a lib/libbls384.$(LIB_SUF) lib/libbls384_256.a lib/libbls384_256.$(LIB_SUF)
+ $(MKDIR) $(PREFIX)/include/bls
+ cp -a include/bls/ $(PREFIX)/include/
+ $(MKDIR) $(PREFIX)/lib
+ cp -a lib/libbls256.a lib/libbls256.$(LIB_SUF) lib/libbls384.a lib/libbls384.$(LIB_SUF) lib/libbls384_256.a lib/libbls384_256.$(LIB_SUF) $(PREFIX)/lib/
+
+.PHONY: test bls-wasm
+
+# don't remove these files automatically
+.SECONDARY: $(addprefix $(OBJ_DIR)/, $(ALL_SRC:.cpp=.o))
+
diff --git a/vendor/github.com/byzantine-lab/bls/bin/.emptydir b/vendor/github.com/byzantine-lab/bls/bin/.emptydir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/bin/.emptydir
diff --git a/vendor/github.com/byzantine-lab/bls/bls.sln b/vendor/github.com/byzantine-lab/bls/bls.sln
new file mode 100644
index 000000000..4889ec601
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/bls.sln
@@ -0,0 +1,30 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bls_test", "test\proj\bls_test\bls_test.vcxproj", "{51266DE6-B57B-4AE3-B85C-282F170E1728}"
+ ProjectSection(ProjectDependencies) = postProject
+ {1DBB979A-C212-45CD-9563-446A96F87F71} = {1DBB979A-C212-45CD-9563-446A96F87F71}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bls", "src\proj\bls.vcxproj", "{1DBB979A-C212-45CD-9563-446A96F87F71}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Debug|x64.ActiveCfg = Debug|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Debug|x64.Build.0 = Debug|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Release|x64.ActiveCfg = Release|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Release|x64.Build.0 = Release|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Debug|x64.ActiveCfg = Debug|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Debug|x64.Build.0 = Debug|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Release|x64.ActiveCfg = Release|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/vendor/github.com/byzantine-lab/bls/bls_smpl.py b/vendor/github.com/byzantine-lab/bls/bls_smpl.py
new file mode 100644
index 000000000..f834d80aa
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/bls_smpl.py
@@ -0,0 +1,40 @@
+import os, sys, subprocess
+
+EXE='bin/bls_smpl.exe'
+
+def init():
+ subprocess.check_call([EXE, "init"])
+
+def sign(m, i=0):
+ subprocess.check_call([EXE, "sign", "-m", m, "-id", str(i)])
+
+def verify(m, i=0):
+ subprocess.check_call([EXE, "verify", "-m", m, "-id", str(i)])
+
+def share(n, k):
+ subprocess.check_call([EXE, "share", "-n", str(n), "-k", str(k)])
+
+def recover(ids):
+ cmd = [EXE, "recover", "-ids"]
+ for i in ids:
+ cmd.append(str(i))
+ subprocess.check_call(cmd)
+
+def main():
+ m = "hello bls threshold signature"
+ n = 10
+ ids = [1, 5, 3, 7]
+ k = len(ids)
+ init()
+ sign(m)
+ verify(m)
+ share(n, k)
+ for i in ids:
+ sign(m, i)
+ verify(m, i)
+ subprocess.check_call(["rm", "sample/sign.txt"])
+ recover(ids)
+ verify(m)
+
+if __name__ == '__main__':
+ main()
diff --git a/vendor/github.com/byzantine-lab/bls/common.props b/vendor/github.com/byzantine-lab/bls/common.props
new file mode 100644
index 000000000..d6fdbb902
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/common.props
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup>
+ <OutDir>$(SolutionDir)bin\</OutDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <AdditionalIncludeDirectories>$(SolutionDir)../cybozulib/include;$(SolutionDir)../cybozulib_ext/include;$(SolutionDir)include;$(SolutionDir)../mcl/include</AdditionalIncludeDirectories>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <WarningLevel>Level4</WarningLevel>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <PrecompiledHeaderFile />
+ <PrecompiledHeaderOutputFile />
+ <PreprocessorDefinitions>_MBCS;%(PreprocessorDefinitions);NOMINMAX;BLS_MAX_OP_UNIT_SIZE=6</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <AdditionalLibraryDirectories>$(SolutionDir)../cybozulib_ext/lib;$(SolutionDir)../mcl/lib;$(SolutionDir)lib</AdditionalLibraryDirectories>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project>
diff --git a/vendor/github.com/byzantine-lab/bls/debug.props b/vendor/github.com/byzantine-lab/bls/debug.props
new file mode 100644
index 000000000..1553ae0dc
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/debug.props
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup>
+ <TargetName>$(ProjectName)d</TargetName>
+ </PropertyGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/App.config b/vendor/github.com/byzantine-lab/bls/ffi/cs/App.config
new file mode 100644
index 000000000..8d234373a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+ <startup>
+ <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2"/>
+ </startup>
+</configuration>
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/Properties/AssemblyInfo.cs b/vendor/github.com/byzantine-lab/bls/ffi/cs/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..201222c55
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// アセンブリã«é–¢ã™ã‚‹ä¸€èˆ¬æƒ…å ±ã¯ä»¥ä¸‹ã®å±žæ€§ã‚»ãƒƒãƒˆã‚’ã¨ãŠã—ã¦åˆ¶å¾¡ã•ã‚Œã¾ã™ã€‚
+// アセンブリã«é–¢é€£ä»˜ã‘られã¦ã„る情報を変更ã™ã‚‹ã«ã¯ã€
+// ã“れらã®å±žæ€§å€¤ã‚’変更ã—ã¦ãã ã•ã„。
+[assembly: AssemblyTitle("bls256")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("bls256")]
+[assembly: AssemblyCopyright("Copyright © 2017")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// ComVisible ã‚’ false ã«è¨­å®šã™ã‚‹ã¨ã€ãã®åž‹ã¯ã“ã®ã‚¢ã‚»ãƒ³ãƒ–リ内㧠COM コンãƒãƒ¼ãƒãƒ³ãƒˆã‹ã‚‰
+// å‚ç…§ä¸å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚COM ã‹ã‚‰ã“ã®ã‚¢ã‚»ãƒ³ãƒ–リ内ã®åž‹ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹å ´åˆã¯ã€
+// ãã®åž‹ã® ComVisible 属性を true ã«è¨­å®šã—ã¦ãã ã•ã„。
+[assembly: ComVisible(false)]
+
+// ã“ã®ãƒ—ロジェクト㌠COM ã«å…¬é–‹ã•ã‚Œã‚‹å ´åˆã€æ¬¡ã® GUID ㌠typelib ã® ID ã«ãªã‚Šã¾ã™
+[assembly: Guid("e9d06b1b-ea22-4ef4-ba4b-422f7625966c")]
+
+// アセンブリã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…å ±ã¯æ¬¡ã® 4 ã¤ã®å€¤ã§æ§‹æˆã•ã‚Œã¦ã„ã¾ã™:
+//
+// メジャー ãƒãƒ¼ã‚¸ãƒ§ãƒ³
+// マイナー ãƒãƒ¼ã‚¸ãƒ§ãƒ³
+// ビルド番å·
+// Revision
+//
+// ã™ã¹ã¦ã®å€¤ã‚’指定ã™ã‚‹ã‹ã€ä¸‹ã®ã‚ˆã†ã« '*' を使ã£ã¦ãƒ“ルドãŠã‚ˆã³ãƒªãƒ“ジョン番å·ã‚’
+// 既定値ã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.cs b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.cs
new file mode 100644
index 000000000..6bcaf07fb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.cs
@@ -0,0 +1,351 @@
+þ½Ž¿using System;
+using System.Text;
+using System.Runtime.InteropServices;
+
+namespace mcl
+{
+ class BLS
+ {
+ public const int BN254 = 0;
+ public const int BLS12_381 = 5;
+
+ const int IoEcComp = 512; // fixed byte representation
+ public const int FR_UNIT_SIZE = 4;
+ public const int FP_UNIT_SIZE = 6; // 4 if bls256.dll is used
+ public const int COMPILED_TIME_VAR = FR_UNIT_SIZE * 10 + FP_UNIT_SIZE;
+
+ public const int ID_UNIT_SIZE = FR_UNIT_SIZE;
+ public const int SECRETKEY_UNIT_SIZE = FR_UNIT_SIZE;
+ public const int PUBLICKEY_UNIT_SIZE = FP_UNIT_SIZE * 3 * 2;
+ public const int SIGNATURE_UNIT_SIZE = FP_UNIT_SIZE * 3;
+
+ public const int ID_SERIALIZE_SIZE = FR_UNIT_SIZE * 8;
+ public const int SECRETKEY_SERIALIZE_SIZE = FR_UNIT_SIZE * 8;
+ public const int PUBLICKEY_SERIALIZE_SIZE = FP_UNIT_SIZE * 8 * 2;
+ public const int SIGNATURE_SERIALIZE_SIZE = FP_UNIT_SIZE * 8;
+
+ public const string dllName = FP_UNIT_SIZE == 4 ? "bls256.dll" : "bls384_256.dll";
+ [DllImport(dllName)]
+ public static extern int blsInit(int curveType, int compiledTimeVar);
+
+ [DllImport(dllName)] public static extern void blsIdSetInt(ref Id id, int x);
+ [DllImport(dllName)] public static extern int blsIdSetDecStr(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport(dllName)] public static extern int blsIdSetHexStr(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsIdGetDecStr([Out]StringBuilder buf, ulong maxBufSize, in Id id);
+ [DllImport(dllName)] public static extern ulong blsIdGetHexStr([Out]StringBuilder buf, ulong maxBufSize, in Id id);
+
+ [DllImport(dllName)] public static extern ulong blsIdSerialize([Out]byte[] buf, ulong maxBufSize, in Id id);
+ [DllImport(dllName)] public static extern ulong blsSecretKeySerialize([Out]byte[] buf, ulong maxBufSize, in SecretKey sec);
+ [DllImport(dllName)] public static extern ulong blsPublicKeySerialize([Out]byte[] buf, ulong maxBufSize, in PublicKey pub);
+ [DllImport(dllName)] public static extern ulong blsSignatureSerialize([Out]byte[] buf, ulong maxBufSize, in Signature sig);
+ [DllImport(dllName)] public static extern ulong blsIdDeserialize(ref Id id, [In]byte[] buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsSecretKeyDeserialize(ref SecretKey sec, [In]byte[] buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsPublicKeyDeserialize(ref PublicKey pub, [In]byte[] buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsSignatureDeserialize(ref Signature sig, [In]byte[] buf, ulong bufSize);
+
+ [DllImport(dllName)] public static extern int blsIdIsEqual(in Id lhs, in Id rhs);
+ [DllImport(dllName)] public static extern int blsSecretKeyIsEqual(in SecretKey lhs, in SecretKey rhs);
+ [DllImport(dllName)] public static extern int blsPublicKeyIsEqual(in PublicKey lhs, in PublicKey rhs);
+ [DllImport(dllName)] public static extern int blsSignatureIsEqual(in Signature lhs, in Signature rhs);
+ // add
+ [DllImport(dllName)] public static extern void blsSecretKeyAdd(ref SecretKey sec, in SecretKey rhs);
+ [DllImport(dllName)] public static extern void blsPublicKeyAdd(ref PublicKey pub, in PublicKey rhs);
+ [DllImport(dllName)] public static extern void blsSignatureAdd(ref Signature sig, in Signature rhs);
+ // hash buf and set
+ [DllImport(dllName)] public static extern int blsHashToSecretKey(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ set secretKey if system has /dev/urandom or CryptGenRandom
+ return 0 if success else -1
+ */
+ [DllImport(dllName)] public static extern int blsSecretKeySetByCSPRNG(ref SecretKey sec);
+
+ [DllImport(dllName)] public static extern void blsGetPublicKey(ref PublicKey pub, in SecretKey sec);
+ [DllImport(dllName)] public static extern void blsGetPop(ref Signature sig, in SecretKey sec);
+
+ // return 0 if success
+ [DllImport(dllName)] public static extern int blsSecretKeyShare(ref SecretKey sec, in SecretKey msk, ulong k, in Id id);
+ [DllImport(dllName)] public static extern int blsPublicKeyShare(ref PublicKey pub, in PublicKey mpk, ulong k, in Id id);
+
+
+ [DllImport(dllName)] public static extern int blsSecretKeyRecover(ref SecretKey sec, in SecretKey secVec, in Id idVec, ulong n);
+ [DllImport(dllName)] public static extern int blsPublicKeyRecover(ref PublicKey pub, in PublicKey pubVec, in Id idVec, ulong n);
+ [DllImport(dllName)] public static extern int blsSignatureRecover(ref Signature sig, in Signature sigVec, in Id idVec, ulong n);
+
+ [DllImport(dllName)] public static extern void blsSign(ref Signature sig, in SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string m, ulong size);
+
+ // return 1 if valid
+ [DllImport(dllName)] public static extern int blsVerify(in Signature sig, in PublicKey pub, [In][MarshalAs(UnmanagedType.LPStr)] string m, ulong size);
+ [DllImport(dllName)] public static extern int blsVerifyPop(in Signature sig, in PublicKey pub);
+
+ //////////////////////////////////////////////////////////////////////////
+ // the following apis will be removed
+
+ // mask buf with (1 << (bitLen(r) - 1)) - 1 if buf >= r
+ [DllImport(dllName)] public static extern int blsIdSetLittleEndian(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ return written byte size if success else 0
+ */
+ [DllImport(dllName)] public static extern ulong blsIdGetLittleEndian([Out]StringBuilder buf, ulong maxBufSize, in Id id);
+
+ // return 0 if success
+ // mask buf with (1 << (bitLen(r) - 1)) - 1 if buf >= r
+ [DllImport(dllName)] public static extern int blsSecretKeySetLittleEndian(ref SecretKey sec, [In]byte[] buf, ulong bufSize);
+ [DllImport(dllName)] public static extern int blsSecretKeySetDecStr(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport(dllName)] public static extern int blsSecretKeySetHexStr(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ return written byte size if success else 0
+ */
+ [DllImport(dllName)] public static extern ulong blsSecretKeyGetLittleEndian([Out]byte[] buf, ulong maxBufSize, in SecretKey sec);
+ /*
+ return strlen(buf) if success else 0
+ buf is '\0' terminated
+ */
+ [DllImport(dllName)] public static extern ulong blsSecretKeyGetDecStr([Out]StringBuilder buf, ulong maxBufSize, in SecretKey sec);
+ [DllImport(dllName)] public static extern ulong blsSecretKeyGetHexStr([Out]StringBuilder buf, ulong maxBufSize, in SecretKey sec);
+ [DllImport(dllName)] public static extern int blsPublicKeySetHexStr(ref PublicKey pub, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsPublicKeyGetHexStr([Out]StringBuilder buf, ulong maxBufSize, in PublicKey pub);
+ [DllImport(dllName)] public static extern int blsSignatureSetHexStr(ref Signature sig, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport(dllName)] public static extern ulong blsSignatureGetHexStr([Out]StringBuilder buf, ulong maxBufSize, in Signature sig);
+
+ public static void Init(int curveType = BN254) {
+ if (!System.Environment.Is64BitProcess) {
+ throw new PlatformNotSupportedException("not 64-bit system");
+ }
+ int err = blsInit(curveType, COMPILED_TIME_VAR);
+ if (err != 0) {
+ throw new ArgumentException("blsInit");
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public unsafe struct Id
+ {
+ private fixed ulong v[ID_UNIT_SIZE];
+ public byte[] Serialize() {
+ byte[] buf = new byte[ID_SERIALIZE_SIZE];
+ ulong n = blsIdSerialize(buf, (ulong)buf.Length, this);
+ if (n == 0) {
+ throw new ArithmeticException("blsIdSerialize");
+ }
+ return buf;
+ }
+ public void Deserialize(byte[] buf) {
+ ulong n = blsIdDeserialize(ref this, buf, (ulong)buf.Length);
+ if (n == 0) {
+ throw new ArithmeticException("blsIdDeserialize");
+ }
+ }
+ public bool IsEqual(in Id rhs) {
+ return blsIdIsEqual(this, rhs) != 0;
+ }
+ public void SetDecStr(string s) {
+ if (blsIdSetDecStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsIdSetDecSt:" + s);
+ }
+ }
+ public void SetHexStr(string s) {
+ if (blsIdSetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsIdSetHexStr:" + s);
+ }
+ }
+ public void SetInt(int x) {
+ blsIdSetInt(ref this, x);
+ }
+ public string GetDecStr() {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsIdGetDecStr(sb, (ulong)sb.Capacity, this);
+ if (size == 0) {
+ throw new ArgumentException("blsIdGetDecStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public string GetHexStr() {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsIdGetHexStr(sb, (ulong)sb.Capacity, this);
+ if (size == 0) {
+ throw new ArgumentException("blsIdGetHexStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public unsafe struct SecretKey
+ {
+ private fixed ulong v[SECRETKEY_UNIT_SIZE];
+ public byte[] Serialize() {
+ byte[] buf = new byte[SECRETKEY_SERIALIZE_SIZE];
+ ulong n = blsSecretKeySerialize(buf, (ulong)buf.Length, this);
+ if (n == 0) {
+ throw new ArithmeticException("blsSecretKeySerialize");
+ }
+ return buf;
+ }
+ public void Deserialize(byte[] buf) {
+ ulong n = blsSecretKeyDeserialize(ref this, buf, (ulong)buf.Length);
+ if (n == 0) {
+ throw new ArithmeticException("blsSecretKeyDeserialize");
+ }
+ }
+ public bool IsEqual(in SecretKey rhs) {
+ return blsSecretKeyIsEqual(this, rhs) != 0;
+ }
+ public void SetHexStr(string s) {
+ if (blsSecretKeySetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsSecretKeySetHexStr:" + s);
+ }
+ }
+ public string GetHexStr() {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsSecretKeyGetHexStr(sb, (ulong)sb.Capacity, this);
+ if (size == 0) {
+ throw new ArgumentException("mclBnFr_getStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(in SecretKey rhs) {
+ blsSecretKeyAdd(ref this, rhs);
+ }
+ public void SetByCSPRNG() {
+ blsSecretKeySetByCSPRNG(ref this);
+ }
+ public void SetHashOf(string s) {
+ if (blsHashToSecretKey(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsHashToSecretKey");
+ }
+ }
+ public PublicKey GetPublicKey() {
+ PublicKey pub;
+ blsGetPublicKey(ref pub, this);
+ return pub;
+ }
+ public Signature Sign(string m) {
+ Signature sig;
+ blsSign(ref sig, this, m, (ulong)m.Length);
+ return sig;
+ }
+ public Signature GetPop() {
+ Signature sig;
+ blsGetPop(ref sig, this);
+ return sig;
+ }
+ }
+ // secretKey = sum_{i=0}^{msk.Length - 1} msk[i] * id^i
+ public static SecretKey ShareSecretKey(in SecretKey[] msk, in Id id) {
+ SecretKey sec;
+ if (blsSecretKeyShare(ref sec, msk[0], (ulong)msk.Length, id) != 0) {
+ throw new ArgumentException("GetSecretKeyForId:" + id.ToString());
+ }
+ return sec;
+ }
+ public static SecretKey RecoverSecretKey(in SecretKey[] secVec, in Id[] idVec) {
+ SecretKey sec;
+ if (blsSecretKeyRecover(ref sec, secVec[0], idVec[0], (ulong)secVec.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return sec;
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public unsafe struct PublicKey
+ {
+ private fixed ulong v[PUBLICKEY_UNIT_SIZE];
+ public byte[] Serialize() {
+ byte[] buf = new byte[PUBLICKEY_SERIALIZE_SIZE];
+ ulong n = blsPublicKeySerialize(buf, (ulong)buf.Length, this);
+ if (n == 0) {
+ throw new ArithmeticException("blsPublicKeySerialize");
+ }
+ return buf;
+ }
+ public void Deserialize(byte[] buf) {
+ ulong n = blsPublicKeyDeserialize(ref this, buf, (ulong)buf.Length);
+ if (n == 0) {
+ throw new ArithmeticException("blsPublicKeyDeserialize");
+ }
+ }
+ public bool IsEqual(in PublicKey rhs) {
+ return blsPublicKeyIsEqual(this, rhs) != 0;
+ }
+ public void SetStr(string s) {
+ if (blsPublicKeySetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsPublicKeySetStr:" + s);
+ }
+ }
+ public string GetHexStr() {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsPublicKeyGetHexStr(sb, (ulong)sb.Capacity, this);
+ if (size == 0) {
+ throw new ArgumentException("blsPublicKeyGetStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(in PublicKey rhs) {
+ blsPublicKeyAdd(ref this, rhs);
+ }
+ public bool Verify(in Signature sig, string m) {
+ return blsVerify(sig, this, m, (ulong)m.Length) == 1;
+ }
+ public bool VerifyPop(in Signature pop) {
+ return blsVerifyPop(pop, this) == 1;
+ }
+ }
+ // publicKey = sum_{i=0}^{mpk.Length - 1} mpk[i] * id^i
+ public static PublicKey SharePublicKey(in PublicKey[] mpk, in Id id) {
+ PublicKey pub;
+ if (blsPublicKeyShare(ref pub, mpk[0], (ulong)mpk.Length, id) != 0) {
+ throw new ArgumentException("GetPublicKeyForId:" + id.ToString());
+ }
+ return pub;
+ }
+ public static PublicKey RecoverPublicKey(in PublicKey[] pubVec, in Id[] idVec) {
+ PublicKey pub;
+ if (blsPublicKeyRecover(ref pub, pubVec[0], idVec[0], (ulong)pubVec.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return pub;
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public unsafe struct Signature
+ {
+ private fixed ulong v[SIGNATURE_UNIT_SIZE];
+ public byte[] Serialize() {
+ byte[] buf = new byte[SIGNATURE_SERIALIZE_SIZE];
+ ulong n = blsSignatureSerialize(buf, (ulong)buf.Length, this);
+ if (n == 0) {
+ throw new ArithmeticException("blsSignatureSerialize");
+ }
+ return buf;
+ }
+ public void Deserialize(byte[] buf) {
+ ulong n = blsSignatureDeserialize(ref this, buf, (ulong)buf.Length);
+ if (n == 0) {
+ throw new ArithmeticException("blsSignatureDeserialize");
+ }
+ }
+ public bool IsEqual(in Signature rhs) {
+ return blsSignatureIsEqual(this, rhs) != 0;
+ }
+ public void SetStr(string s) {
+ if (blsSignatureSetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsSignatureSetStr:" + s);
+ }
+ }
+ public string GetHexStr() {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsSignatureGetHexStr(sb, (ulong)sb.Capacity, this);
+ if (size == 0) {
+ throw new ArgumentException("blsSignatureGetStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(in Signature rhs) {
+ blsSignatureAdd(ref this, rhs);
+ }
+ }
+ public static Signature RecoverSign(in Signature[] sigVec, in Id[] idVec) {
+ Signature sig;
+ if (blsSignatureRecover(ref sig, sigVec[0], idVec[0], (ulong)sigVec.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return sig;
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.csproj b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.csproj
new file mode 100644
index 000000000..c03afa436
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.csproj
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+ <PropertyGroup>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <ProjectGuid>{E9D06B1B-EA22-4EF4-BA4B-422F7625966D}</ProjectGuid>
+ <OutputType>Exe</OutputType>
+ <AppDesignerFolder>Properties</AppDesignerFolder>
+ <RootNamespace>bls</RootNamespace>
+ <AssemblyName>bls</AssemblyName>
+ <TargetFrameworkVersion>v4.6.2</TargetFrameworkVersion>
+ <FileAlignment>512</FileAlignment>
+ <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+ <PublishUrl>publish\</PublishUrl>
+ <Install>true</Install>
+ <InstallFrom>Disk</InstallFrom>
+ <UpdateEnabled>false</UpdateEnabled>
+ <UpdateMode>Foreground</UpdateMode>
+ <UpdateInterval>7</UpdateInterval>
+ <UpdateIntervalUnits>Days</UpdateIntervalUnits>
+ <UpdatePeriodically>false</UpdatePeriodically>
+ <UpdateRequired>false</UpdateRequired>
+ <MapFileExtensions>true</MapFileExtensions>
+ <ApplicationRevision>0</ApplicationRevision>
+ <ApplicationVersion>1.0.0.%2a</ApplicationVersion>
+ <IsWebBootstrapper>false</IsWebBootstrapper>
+ <UseApplicationTrust>false</UseApplicationTrust>
+ <BootstrapperEnabled>true</BootstrapperEnabled>
+ <TargetFrameworkProfile />
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+ <DebugSymbols>true</DebugSymbols>
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>DEBUG;TRACE</DefineConstants>
+ <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+ <DebugType>full</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ <LangVersion>7.2</LangVersion>
+ <Prefer32Bit>false</Prefer32Bit>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>TRACE</DefineConstants>
+ <Optimize>true</Optimize>
+ <DebugType>pdbonly</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ <Prefer32Bit>false</Prefer32Bit>
+ <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+ <LangVersion>7.2</LangVersion>
+ </PropertyGroup>
+ <PropertyGroup>
+ <NoWin32Manifest>true</NoWin32Manifest>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="System" />
+ <Reference Include="System.Core" />
+ <Reference Include="System.Xml.Linq" />
+ <Reference Include="System.Data.DataSetExtensions" />
+ <Reference Include="Microsoft.CSharp" />
+ <Reference Include="System.Data" />
+ <Reference Include="System.Net.Http" />
+ <Reference Include="System.Xml" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="bls.cs" />
+ <Compile Include="bls_test.cs" />
+ <Compile Include="Properties\AssemblyInfo.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <None Include="App.config" />
+ </ItemGroup>
+ <ItemGroup>
+ <BootstrapperPackage Include=".NETFramework,Version=v4.5.2">
+ <Visible>False</Visible>
+ <ProductName>Microsoft .NET Framework 4.5.2 %28x86 ãŠã‚ˆã³ x64%29</ProductName>
+ <Install>true</Install>
+ </BootstrapperPackage>
+ <BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
+ <Visible>False</Visible>
+ <ProductName>.NET Framework 3.5 SP1</ProductName>
+ <Install>false</Install>
+ </BootstrapperPackage>
+ </ItemGroup>
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+ <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+ Other similar extension points exist, see Microsoft.Common.targets.
+ <Target Name="BeforeBuild">
+ </Target>
+ <Target Name="AfterBuild">
+ </Target>
+ -->
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.sln b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.sln
new file mode 100644
index 000000000..7c3dfba7b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls.sln
@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 15
+VisualStudioVersion = 15.0.28307.539
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "bls", "bls.csproj", "{E9D06B1B-EA22-4EF4-BA4B-422F7625966D}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966D}.Debug|x64.ActiveCfg = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966D}.Debug|x64.Build.0 = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966D}.Release|x64.ActiveCfg = Release|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966D}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+ GlobalSection(ExtensibilityGlobals) = postSolution
+ SolutionGuid = {1935C301-6478-4F82-9587-6A66B531E327}
+ EndGlobalSection
+EndGlobal
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.cs b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.cs
new file mode 100644
index 000000000..3ef5fab9a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.cs
@@ -0,0 +1,298 @@
+þ½Ž¿using System;
+using System.Text;
+using System.Runtime.InteropServices;
+
+namespace mcl {
+ class BLS256 {
+ const int IoEcComp = 512; // fixed byte representation
+ public const int MCLBN_FR_UNIT_SIZE = 4;
+ public const int MCLBN_FP_UNIT_SIZE = 4;
+ public const int MCLBN_COMPILED_TIME_VAR = MCLBN_FR_UNIT_SIZE * 10 + MCLBN_FP_UNIT_SIZE;
+ [DllImport("bls256.dll")]
+ public static extern int blsInit(int curve, int compiledTimeVar);
+
+ [DllImport("bls256.dll")] public static extern void blsIdSetInt(ref Id id, int x);
+ [DllImport("bls256.dll")] public static extern int blsIdSetDecStr(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsIdSetHexStr(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern ulong blsIdGetDecStr([Out]StringBuilder buf, ulong maxBufSize, ref Id id);
+ [DllImport("bls256.dll")] public static extern ulong blsIdGetHexStr([Out]StringBuilder buf, ulong maxBufSize, ref Id id);
+
+
+ [DllImport("bls256.dll")] public static extern ulong blsIdSerialize([Out]StringBuilder buf, ulong maxBufSize, ref Id id);
+ [DllImport("bls256.dll")] public static extern ulong blsSecretKeySerialize([Out]StringBuilder buf, ulong maxBufSize, ref SecretKey sec);
+ [DllImport("bls256.dll")] public static extern ulong blsPublicKeySerialize([Out]StringBuilder buf, ulong maxBufSize, ref PublicKey pub);
+ [DllImport("bls256.dll")] public static extern ulong blsSignatureSerialize([Out]StringBuilder buf, ulong maxBufSize, ref Signature sig);
+
+ [DllImport("bls256.dll")] public static extern int blsIdDeserialize(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsSecretKeyDeserialize(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsPublicKeyDeserialize(ref PublicKey pub, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsSignatureDeserialize(ref Signature sig, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+
+ [DllImport("bls256.dll")] public static extern int blsIdIsEqual(ref Id lhs, ref Id rhs);
+ [DllImport("bls256.dll")] public static extern int blsSecretKeyIsEqual(ref SecretKey lhs, ref SecretKey rhs);
+ [DllImport("bls256.dll")] public static extern int blsPublicKeyIsEqual(ref PublicKey lhs, ref PublicKey rhs);
+ [DllImport("bls256.dll")] public static extern int blsSignatureIsEqual(ref Signature lhs, ref Signature rhs);
+
+ // add
+ [DllImport("bls256.dll")] public static extern void blsSecretKeyAdd(ref SecretKey sec, ref SecretKey rhs);
+ [DllImport("bls256.dll")] public static extern void blsPublicKeyAdd(ref PublicKey pub, ref PublicKey rhs);
+ [DllImport("bls256.dll")] public static extern void blsSignatureAdd(ref Signature sig, ref Signature rhs);
+
+ // hash buf and set
+ [DllImport("bls256.dll")] public static extern int blsHashToSecretKey(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ set secretKey if system has /dev/urandom or CryptGenRandom
+ return 0 if success else -1
+ */
+ [DllImport("bls256.dll")] public static extern int blsSecretKeySetByCSPRNG(ref SecretKey sec);
+
+ [DllImport("bls256.dll")] public static extern void blsGetPublicKey(ref PublicKey pub, ref SecretKey sec);
+ [DllImport("bls256.dll")] public static extern void blsGetPop(ref Signature sig, ref SecretKey sec);
+
+ // return 0 if success
+ [DllImport("bls256.dll")] public static extern int blsSecretKeyShare(ref SecretKey sec, ref SecretKey msk, ulong k, ref Id id);
+ [DllImport("bls256.dll")] public static extern int blsPublicKeyShare(ref PublicKey pub, ref PublicKey mpk, ulong k, ref Id id);
+
+
+ [DllImport("bls256.dll")] public static extern int blsSecretKeyRecover(ref SecretKey sec, ref SecretKey secVec, ref Id idVec, ulong n);
+ [DllImport("bls256.dll")] public static extern int blsPublicKeyRecover(ref PublicKey pub, ref PublicKey pubVec, ref Id idVec, ulong n);
+ [DllImport("bls256.dll")] public static extern int blsSignatureRecover(ref Signature sig, ref Signature sigVec, ref Id idVec, ulong n);
+
+ [DllImport("bls256.dll")] public static extern void blsSign(ref Signature sig, ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string m, ulong size);
+
+ // return 1 if valid
+ [DllImport("bls256.dll")] public static extern int blsVerify(ref Signature sig, ref PublicKey pub, [In][MarshalAs(UnmanagedType.LPStr)] string m, ulong size);
+ [DllImport("bls256.dll")] public static extern int blsVerifyPop(ref Signature sig, ref PublicKey pub);
+
+ //////////////////////////////////////////////////////////////////////////
+ // the following apis will be removed
+
+ // mask buf with (1 << (bitLen(r) - 1)) - 1 if buf >= r
+ [DllImport("bls256.dll")] public static extern int blsIdSetLittleEndian(ref Id id, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ return written byte size if success else 0
+ */
+ [DllImport("bls256.dll")] public static extern ulong blsIdGetLittleEndian([Out]StringBuilder buf, ulong maxBufSize, ref Id id);
+
+ // return 0 if success
+ // mask buf with (1 << (bitLen(r) - 1)) - 1 if buf >= r
+ [DllImport("bls256.dll")] public static extern int blsSecretKeySetLittleEndian(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsSecretKeySetDecStr(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern int blsSecretKeySetHexStr(ref SecretKey sec, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ /*
+ return written byte size if success else 0
+ */
+ [DllImport("bls256.dll")] public static extern ulong blsSecretKeyGetLittleEndian([Out]StringBuilder buf, ulong maxBufSize, ref SecretKey sec);
+ /*
+ return strlen(buf) if success else 0
+ buf is '\0' terminated
+ */
+ [DllImport("bls256.dll")] public static extern ulong blsSecretKeyGetDecStr([Out]StringBuilder buf, ulong maxBufSize, ref SecretKey sec);
+ [DllImport("bls256.dll")] public static extern ulong blsSecretKeyGetHexStr([Out]StringBuilder buf, ulong maxBufSize, ref SecretKey sec);
+ [DllImport("bls256.dll")] public static extern int blsPublicKeySetHexStr(ref PublicKey pub, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern ulong blsPublicKeyGetHexStr([Out]StringBuilder buf, ulong maxBufSize, ref PublicKey pub);
+ [DllImport("bls256.dll")] public static extern int blsSignatureSetHexStr(ref Signature sig, [In][MarshalAs(UnmanagedType.LPStr)] string buf, ulong bufSize);
+ [DllImport("bls256.dll")] public static extern ulong blsSignatureGetHexStr([Out]StringBuilder buf, ulong maxBufSize, ref Signature sig);
+
+ public static void Init()
+ {
+ const int CurveFp254BNb = 0;
+ if (!System.Environment.Is64BitProcess) {
+ throw new PlatformNotSupportedException("not 64-bit system");
+ }
+ int err = blsInit(CurveFp254BNb, MCLBN_COMPILED_TIME_VAR);
+ if (err != 0) {
+ throw new ArgumentException("blsInit");
+ }
+ }
+
+ public struct Id {
+ private ulong v0, v1, v2, v3;
+ public bool IsEqual(Id rhs)
+ {
+ return blsIdIsEqual(ref this, ref rhs) != 0;
+ }
+ public void SetDecStr(String s)
+ {
+ if (blsIdSetDecStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsIdSetDecSt:" + s);
+ }
+ }
+ public void SetHexStr(String s)
+ {
+ if (blsIdSetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsIdSetHexStr:" + s);
+ }
+ }
+ public void SetInt(int x)
+ {
+ blsIdSetInt(ref this, x);
+ }
+ public string GetDecStr()
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsIdGetDecStr(sb, (ulong)sb.Capacity, ref this);
+ if (size == 0) {
+ throw new ArgumentException("blsIdGetDecStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public string GetHexStr()
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsIdGetHexStr(sb, (ulong)sb.Capacity, ref this);
+ if (size == 0) {
+ throw new ArgumentException("blsIdGetHexStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ }
+ public struct SecretKey {
+ private ulong v0, v1, v2, v3;
+ public bool IsEqual(SecretKey rhs)
+ {
+ return blsSecretKeyIsEqual(ref this, ref rhs) != 0;
+ }
+ public void SetHexStr(String s)
+ {
+ if (blsSecretKeySetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsSecretKeySetHexStr:" + s);
+ }
+ }
+ public string GetHexStr()
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsSecretKeyGetHexStr(sb, (ulong)sb.Capacity, ref this);
+ if (size == 0) {
+ throw new ArgumentException("mclBnFr_getStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(SecretKey rhs)
+ {
+ blsSecretKeyAdd(ref this, ref rhs);
+ }
+ public void SetByCSPRNG()
+ {
+ blsSecretKeySetByCSPRNG(ref this);
+ }
+ public void SetHashOf(string s)
+ {
+ if (blsHashToSecretKey(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsHashToSecretKey");
+ }
+ }
+ public PublicKey GetPublicKey()
+ {
+ PublicKey pub = new PublicKey();
+ blsGetPublicKey(ref pub, ref this);
+ return pub;
+ }
+ public Signature Signature(String m)
+ {
+ Signature Signature = new Signature();
+ blsSign(ref Signature, ref this, m, (ulong)m.Length);
+ return Signature;
+ }
+ }
+ // secretKey = sum_{i=0}^{msk.Length - 1} msk[i] * id^i
+ public static SecretKey ShareSecretKey(SecretKey[] msk, Id id)
+ {
+ SecretKey sec = new SecretKey();
+ if (blsSecretKeyShare(ref sec, ref msk[0], (ulong)msk.Length, ref id) != 0) {
+ throw new ArgumentException("GetSecretKeyForId:" + id.ToString());
+ }
+ return sec;
+ }
+ public static SecretKey RecoverSecretKey(SecretKey[] secs, Id[] ids)
+ {
+ SecretKey sec = new SecretKey();
+ if (blsSecretKeyRecover(ref sec, ref secs[0], ref ids[0], (ulong)secs.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return sec;
+ }
+ public struct PublicKey {
+ private ulong v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11;
+ private ulong v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23;
+ public bool IsEqual(PublicKey rhs)
+ {
+ return blsPublicKeyIsEqual(ref this, ref rhs) != 0;
+ }
+ public void SetStr(String s)
+ {
+ if (blsPublicKeySetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsPublicKeySetStr:" + s);
+ }
+ }
+ public string GetHexStr()
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsPublicKeyGetHexStr(sb, (ulong)sb.Capacity, ref this);
+ if (size == 0) {
+ throw new ArgumentException("blsPublicKeyGetStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(PublicKey rhs)
+ {
+ blsPublicKeyAdd(ref this, ref rhs);
+ }
+ public bool Verify(Signature Signature, string m)
+ {
+ return blsVerify(ref Signature, ref this, m, (ulong)m.Length) == 1;
+ }
+ }
+ // publicKey = sum_{i=0}^{mpk.Length - 1} mpk[i] * id^i
+ public static PublicKey SharePublicKey(PublicKey[] mpk, Id id)
+ {
+ PublicKey pub = new PublicKey();
+ if (blsPublicKeyShare(ref pub, ref mpk[0], (ulong)mpk.Length, ref id) != 0) {
+ throw new ArgumentException("GetPublicKeyForId:" + id.ToString());
+ }
+ return pub;
+ }
+ public static PublicKey RecoverPublicKey(PublicKey[] pubs, Id[] ids)
+ {
+ PublicKey pub = new PublicKey();
+ if (blsPublicKeyRecover(ref pub, ref pubs[0], ref ids[0], (ulong)pubs.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return pub;
+ }
+ public struct Signature {
+ private ulong v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11;
+ public bool IsEqual(Signature rhs)
+ {
+ return blsSignatureIsEqual(ref this, ref rhs) != 0;
+ }
+ public void SetStr(String s)
+ {
+ if (blsSignatureSetHexStr(ref this, s, (ulong)s.Length) != 0) {
+ throw new ArgumentException("blsSignatureSetStr:" + s);
+ }
+ }
+ public string GetHexStr()
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ ulong size = blsSignatureGetHexStr(sb, (ulong)sb.Capacity, ref this);
+ if (size == 0) {
+ throw new ArgumentException("blsSignatureGetStr");
+ }
+ return sb.ToString(0, (int)size);
+ }
+ public void Add(Signature rhs)
+ {
+ blsSignatureAdd(ref this, ref rhs);
+ }
+ }
+ public static Signature RecoverSign(Signature[] signs, Id[] ids)
+ {
+ Signature Signature = new Signature();
+ if (blsSignatureRecover(ref Signature, ref signs[0], ref ids[0], (ulong)signs.Length) != 0) {
+ throw new ArgumentException("Recover");
+ }
+ return Signature;
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.csproj b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.csproj
new file mode 100644
index 000000000..032a1d347
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.csproj
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+ <PropertyGroup>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <ProjectGuid>{E9D06B1B-EA22-4EF4-BA4B-422F7625966C}</ProjectGuid>
+ <OutputType>Exe</OutputType>
+ <AppDesignerFolder>Properties</AppDesignerFolder>
+ <RootNamespace>bls256</RootNamespace>
+ <AssemblyName>bls256</AssemblyName>
+ <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+ <FileAlignment>512</FileAlignment>
+ <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+ <DebugSymbols>true</DebugSymbols>
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>DEBUG;TRACE</DefineConstants>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <DebugType>full</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>TRACE</DefineConstants>
+ <Optimize>true</Optimize>
+ <DebugType>pdbonly</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ <Prefer32Bit>true</Prefer32Bit>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="System" />
+ <Reference Include="System.Core" />
+ <Reference Include="System.Xml.Linq" />
+ <Reference Include="System.Data.DataSetExtensions" />
+ <Reference Include="Microsoft.CSharp" />
+ <Reference Include="System.Data" />
+ <Reference Include="System.Net.Http" />
+ <Reference Include="System.Xml" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="bls256.cs" />
+ <Compile Include="bls256_test.cs" />
+ <Compile Include="Properties\AssemblyInfo.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <None Include="App.config" />
+ </ItemGroup>
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+ <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+ Other similar extension points exist, see Microsoft.Common.targets.
+ <Target Name="BeforeBuild">
+ </Target>
+ <Target Name="AfterBuild">
+ </Target>
+ -->
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.sln b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.sln
new file mode 100644
index 000000000..eb29af97b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBD}") = "bls256", "bls256.csproj", "{E9D06B1B-EA22-4EF4-BA4B-422F7625966C}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966C}.Debug|x64.ActiveCfg = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966C}.Debug|x64.Build.0 = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966C}.Release|x64.ActiveCfg = Release|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966C}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256_test.cs b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256_test.cs
new file mode 100644
index 000000000..989993e0f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls256_test.cs
@@ -0,0 +1,126 @@
+using System;
+
+namespace mcl {
+ using static BLS256;
+ class BLS256Test {
+ static int err = 0;
+ static void assert(string msg, bool b)
+ {
+ if (b) return;
+ Console.WriteLine("ERR {0}", msg);
+ err++;
+ }
+ static void TestId()
+ {
+ Console.WriteLine("TestId");
+ Id id = new Id();
+ id.SetDecStr("255");
+ assert("GetStr(10)", id.GetDecStr() == "255");
+ assert("GetStr(16)", id.GetHexStr() == "ff");
+ }
+ static void TestSecretKey()
+ {
+ Console.WriteLine("TestSecretKey");
+ SecretKey sec = new SecretKey();
+ sec.SetHexStr("ff");
+ assert("GetHexStr()", sec.GetHexStr() == "ff");
+ {
+ SecretKey sec2 = new SecretKey();
+ sec.SetHexStr("321");
+ sec2.SetHexStr("4000");
+ sec.Add(sec2);
+ assert("sec.Add", sec.GetHexStr() == "4321");
+ sec.SetByCSPRNG();
+ Console.WriteLine("sec.Init={0}", sec.GetHexStr());
+ }
+ }
+ static void TestPublicKey()
+ {
+ Console.WriteLine("TestPublicKey");
+ SecretKey sec = new SecretKey();
+ sec.SetByCSPRNG();
+ PublicKey pub = sec.GetPublicKey();
+ String s = pub.GetHexStr();
+ Console.WriteLine("pub={0}", s);
+ PublicKey pub2 = new PublicKey();
+ pub2.SetStr(s);
+ assert("pub.SetStr", pub.IsEqual(pub2));
+ }
+ static void TestSign()
+ {
+ Console.WriteLine("TestSign");
+ SecretKey sec = new SecretKey();
+ sec.SetByCSPRNG();
+ PublicKey pub = sec.GetPublicKey();
+ String m = "abc";
+ Signature sig = sec.Signature(m);
+ assert("verify", pub.Verify(sig, m));
+ assert("not verify", !pub.Verify(sig, m + "a"));
+ }
+ static void TestSharing()
+ {
+ Console.WriteLine("TestSharing");
+ int k = 5;
+ SecretKey[] msk = new SecretKey[k];
+ PublicKey[] mpk = new PublicKey[k];
+ // make master secretkey
+ for (int i = 0; i < k; i++) {
+ msk[i].SetByCSPRNG();
+ mpk[i] = msk[i].GetPublicKey();
+ }
+ int n = 30;
+ Id[] ids = new Id[n];
+ SecretKey[] secs = new SecretKey[n];
+ PublicKey[] pubs = new PublicKey[n];
+ for (int i = 0; i < n; i++) {
+ ids[i].SetInt(i * i + 123);
+ secs[i] = ShareSecretKey(msk, ids[i]);
+ pubs[i] = SharePublicKey(mpk, ids[i]);
+ assert("share publicKey", secs[i].GetPublicKey().IsEqual(pubs[i]));
+ }
+ string m = "doremi";
+ for (int i = 0; i < n; i++) {
+ Signature Signature = secs[i].Signature(m);
+ assert("Signature.Verify", pubs[i].Verify(Signature, m));
+ }
+ {
+ int[] idxTbl = { 0, 2, 5, 8, 10 };
+ assert("idxTbl.Length=k", idxTbl.Length == k);
+ Id[] subIds = new Id[k];
+ SecretKey[] subSecs = new SecretKey[k];
+ PublicKey[] subPubs = new PublicKey[k];
+ Signature[] subSigns = new Signature[k];
+ for (int i = 0; i < k; i++) {
+ int idx = idxTbl[i];
+ subIds[i] = ids[idx];
+ subSecs[i] = secs[idx];
+ subPubs[i] = pubs[idx];
+ subSigns[i] = secs[idx].Signature(m);
+ }
+ SecretKey sec = RecoverSecretKey(subSecs, subIds);
+ PublicKey pub = RecoverPublicKey(subPubs, subIds);
+ assert("check pub", pub.IsEqual(sec.GetPublicKey()));
+ Signature Signature = RecoverSign(subSigns, subIds);
+ assert("Signature.verify", pub.Verify(Signature, m));
+ }
+ }
+ static void Main(string[] args)
+ {
+ try {
+ Init();
+ TestId();
+ TestSecretKey();
+ TestPublicKey();
+ TestSign();
+ TestSharing();
+ if (err == 0) {
+ Console.WriteLine("all tests succeed");
+ } else {
+ Console.WriteLine("err={0}", err);
+ }
+ } catch (Exception e) {
+ Console.WriteLine("ERR={0}", e);
+ }
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/bls_test.cs b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls_test.cs
new file mode 100644
index 000000000..2eb451ba9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/bls_test.cs
@@ -0,0 +1,176 @@
+using System;
+
+namespace mcl
+{
+ using static BLS;
+ class BLSTest
+ {
+ static int err = 0;
+ static void assert(string msg, bool b) {
+ if (b) return;
+ Console.WriteLine("ERR {0}", msg);
+ err++;
+ }
+ static void TestId() {
+ Console.WriteLine("TestId");
+ Id id1;
+ id1.SetDecStr("255");
+ assert("GetStr(10)", id1.GetDecStr() == "255");
+ assert("GetStr(16)", id1.GetHexStr() == "ff");
+ Id id2;
+ id2.SetInt(255);
+ assert("IsEqual", id1.IsEqual(id2));
+ }
+ static void TestSecretKey() {
+ Console.WriteLine("TestSecretKey");
+ SecretKey sec;
+ sec.SetHexStr("ff");
+ assert("GetHexStr()", sec.GetHexStr() == "ff");
+ {
+ SecretKey sec2;
+ sec.SetHexStr("321");
+ sec2.SetHexStr("4000");
+ sec.Add(sec2);
+ assert("sec.Add", sec.GetHexStr() == "4321");
+ sec.SetByCSPRNG();
+ Console.WriteLine("sec.Init={0}", sec.GetHexStr());
+ }
+ {
+ SecretKey sec2;
+ byte[] buf = sec.Serialize();
+ sec2.Deserialize(buf);
+ assert("serialize", sec2.IsEqual(sec));
+ }
+ }
+ static void TestPublicKey() {
+ Console.WriteLine("TestPublicKey");
+ SecretKey sec;
+ sec.SetByCSPRNG();
+ PublicKey pub = sec.GetPublicKey();
+ string s = pub.GetHexStr();
+ Console.WriteLine("pub={0}", s);
+ {
+ PublicKey pub2;
+ pub2.SetStr(s);
+ assert("pub.SetStr", pub.IsEqual(pub2));
+ }
+ {
+ PublicKey pub2;
+ byte[] buf = pub.Serialize();
+ pub2.Deserialize(buf);
+ assert("serialize", pub2.IsEqual(pub));
+ }
+ }
+ static void TestSign() {
+ Console.WriteLine("TestSign");
+ SecretKey sec;
+ sec.SetByCSPRNG();
+ PublicKey pub = sec.GetPublicKey();
+ string m = "abc";
+ Signature sig = sec.Sign(m);
+ Console.WriteLine("sig={0}", sig.GetHexStr());
+ assert("verify", pub.Verify(sig, m));
+ assert("not verify", !pub.Verify(sig, m + "a"));
+ {
+ Signature sig2;
+ byte[] buf = sig.Serialize();
+ sig2.Deserialize(buf);
+ assert("serialize", sig2.IsEqual(sig));
+ }
+ }
+ static void TestSharing() {
+ Console.WriteLine("TestSharing");
+ int k = 5;
+ SecretKey[] msk = new SecretKey[k];
+ PublicKey[] mpk = new PublicKey[k];
+ // make master secretkey
+ for (int i = 0; i < k; i++) {
+ msk[i].SetByCSPRNG();
+ mpk[i] = msk[i].GetPublicKey();
+ }
+ int n = 30;
+ Id[] ids = new Id[n];
+ SecretKey[] secs = new SecretKey[n];
+ PublicKey[] pubs = new PublicKey[n];
+ for (int i = 0; i < n; i++) {
+ ids[i].SetInt(i * i + 123);
+ secs[i] = ShareSecretKey(msk, ids[i]);
+ pubs[i] = SharePublicKey(mpk, ids[i]);
+ assert("share publicKey", secs[i].GetPublicKey().IsEqual(pubs[i]));
+ }
+ string m = "doremi";
+ for (int i = 0; i < n; i++) {
+ Signature Signature = secs[i].Sign(m);
+ assert("Signature.Verify", pubs[i].Verify(Signature, m));
+ }
+ {
+ int[] idxTbl = { 0, 2, 5, 8, 10 };
+ assert("idxTbl.Length=k", idxTbl.Length == k);
+ Id[] subIds = new Id[k];
+ SecretKey[] subSecs = new SecretKey[k];
+ PublicKey[] subPubs = new PublicKey[k];
+ Signature[] subSigns = new Signature[k];
+ for (int i = 0; i < k; i++) {
+ int idx = idxTbl[i];
+ subIds[i] = ids[idx];
+ subSecs[i] = secs[idx];
+ subPubs[i] = pubs[idx];
+ subSigns[i] = secs[idx].Sign(m);
+ }
+ SecretKey sec = RecoverSecretKey(subSecs, subIds);
+ PublicKey pub = RecoverPublicKey(subPubs, subIds);
+ assert("check pub", pub.IsEqual(sec.GetPublicKey()));
+ Signature Signature = RecoverSign(subSigns, subIds);
+ assert("Signature.verify", pub.Verify(Signature, m));
+ }
+ }
+ static void TestAggregate() {
+ Console.WriteLine("TestAggregate");
+ const int n = 10;
+ const string m = "abc";
+ SecretKey[] secVec = new SecretKey[n];
+ PublicKey[] pubVec = new PublicKey[n];
+ Signature[] popVec = new Signature[n];
+ Signature[] sigVec = new Signature[n];
+ for (int i = 0; i < n; i++) {
+ secVec[i].SetByCSPRNG();
+ pubVec[i] = secVec[i].GetPublicKey();
+ popVec[i] = secVec[i].GetPop();
+ sigVec[i] = secVec[i].Sign(m);
+ }
+ SecretKey secAgg;
+ PublicKey pubAgg;
+ Signature sigAgg;
+ for (int i = 0; i < n; i++) {
+ secAgg.Add(secVec[i]);
+ assert("verify pop", pubVec[i].VerifyPop(popVec[i]));
+ pubAgg.Add(pubVec[i]);
+ sigAgg.Add(sigVec[i]);
+ }
+ assert("aggregate sec", secAgg.Sign(m).IsEqual(sigAgg));
+ assert("aggregate", pubAgg.Verify(sigAgg, m));
+ }
+ static void Main(string[] args) {
+ try {
+ int[] curveTypeTbl = { BN254, BLS12_381 };
+ foreach (int curveType in curveTypeTbl) {
+ Console.WriteLine("curveType={0}", curveType);
+ Init(curveType);
+ TestId();
+ TestSecretKey();
+ TestPublicKey();
+ TestSign();
+ TestSharing();
+ TestAggregate();
+ if (err == 0) {
+ Console.WriteLine("all tests succeed");
+ } else {
+ Console.WriteLine("err={0}", err);
+ }
+ }
+ } catch (Exception e) {
+ Console.WriteLine("ERR={0}", e);
+ }
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/readme-ja.md b/vendor/github.com/byzantine-lab/bls/ffi/cs/readme-ja.md
new file mode 100644
index 000000000..199135725
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/readme-ja.md
@@ -0,0 +1,188 @@
+# BLSç½²åã®C#ãƒã‚¤ãƒ³ãƒ‡ã‚£ãƒ³ã‚°
+
+# å¿…è¦ç’°å¢ƒ
+
+* Visual Studio 2017(x64) or later
+* C# 7.2 or later
+* .NET Framework 4.5.2 or later
+
+# DLLã®ãƒ“ルド方法
+
+Visual Studio 2017ã®64bit用コマンドプロンプトを開ã„ã¦
+```
+md work
+cd work
+git clone https://github.com/herumi/cybozulib_ext
+git clone https://github.com/herumi/mcl
+git clone https://github.com/herumi/bls
+cd bls
+mklib dll
+```
+`bls/bin/*.dll`ãŒä½œæˆã•ã‚Œã‚‹ã€‚
+
+# サンプルã®ãƒ“ルド方法
+
+bls/ffi/cs/bls.slnã‚’é–‹ã„ã¦å®Ÿè¡Œã™ã‚‹ã€‚
+
+* æ³¨æ„ bls256.slnã¯å¤ã„ãŸã‚使ã‚ãªã„ã§ãã ã•ã„。
+
+# クラスã¨API
+
+## API
+
+* `Init(int curveType = BN254);`
+ * ライブラリを曲線curveTypeã§åˆæœŸåŒ–ã™ã‚‹ã€‚
+ * curveType = BN254 or BLS12_381
+* `SecretKey ShareSecretKey(in SecretKey[] msk, in Id id);`
+ * マスター秘密éµã®åˆ—mskã«å¯¾ã™ã‚‹idã®ç§˜å¯†éµã‚’生æˆ(共有)ã™ã‚‹ã€‚
+* `SecretKey RecoverSecretKey(in SecretKey[] secVec, in Id[] idVec);`
+ * 秘密éµsecVecã¨ID idVecã®ãƒšã‚¢ã‹ã‚‰ç§˜å¯†éµã‚’復元ã™ã‚‹ã€‚
+* `PublicKey SharePublicKey(in PublicKey[] mpk, in Id id);`
+ * マスター公開éµã®åˆ—mpkã«å¯¾ã™ã‚‹idã®å…¬é–‹éµã‚’生æˆ(共有)ã™ã‚‹ã€‚
+* `PublicKey RecoverPublicKey(in PublicKey[] pubVec, in Id[] idVec);`
+ * 公開éµpubVecã¨ID idVecã®ãƒšã‚¢ã‹ã‚‰å…¬é–‹éµã‚’復元ã™ã‚‹ã€‚
+* `Signature RecoverSign(in Signature[] sigVec, in Id[] idVec);`
+ * ç½²åsigVecã¨ID idVecã®ãƒšã‚¢ã‹ã‚‰ç½²åを復元ã™ã‚‹ã€‚
+
+## Id
+
+識別å­ã‚¯ãƒ©ã‚¹
+
+* `byte[] Serialize();`
+ * Idをシリアライズã™ã‚‹ã€‚
+* `void Deserialize(byte[] buf);`
+ * ãƒã‚¤ãƒˆåˆ—bufã‹ã‚‰Idをデシリアライズã™ã‚‹ã€‚
+* `bool IsEqual(in Id rhs);`
+ * åŒå€¤åˆ¤å®šã€‚
+* `void SetDecStr(string s);`
+ * 10進数文字列を設定ã™ã‚‹ã€‚
+* `void SetHexStr(string s);`
+ * 16進数文字列を設定ã™ã‚‹ã€‚
+* `void SetInt(int x);`
+ * æ•´æ•°xを設定ã™ã‚‹ã€‚
+* `string GetDecStr();`
+ * 10進数表記をå–å¾—ã™ã‚‹ã€‚
+* `string GetHexStr();`
+ * 16進数表記をå–å¾—ã™ã‚‹ã€‚
+
+## SecretKey
+
+* `byte[] Serialize();`
+ * Idをシリアライズã™ã‚‹ã€‚
+* `void Deserialize(byte[] buf);`
+ * ãƒã‚¤ãƒˆåˆ—bufã‹ã‚‰SecretKeyをデシリアライズã™ã‚‹ã€‚
+* `bool IsEqual(in SecretKey rhs);`
+ * åŒå€¤åˆ¤å®šã€‚
+* `void SetHexStr(string s);`
+ * 16進数文字列を設定ã™ã‚‹ã€‚
+* `string GetHexStr();`
+ * 16進数表記をå–å¾—ã™ã‚‹ã€‚
+* `void Add(in SecretKey rhs);`
+ * 秘密éµrhsを加算ã™ã‚‹ã€‚
+* `void SetByCSPRNG();`
+ * æš—å·å­¦çš„乱数ã§è¨­å®šã™ã‚‹ã€‚
+* `void SetHashOf(string s);`
+ * 文字列sã®ãƒãƒƒã‚·ãƒ¥å€¤ã‚’設定ã™ã‚‹ã€‚
+* `PublicKey GetPublicKey();`
+ * 対応ã™ã‚‹å…¬é–‹éµã‚’å–å¾—ã™ã‚‹ã€‚
+* `Signature Sign(string m);`
+ * 文字列mã®ç½²åを生æˆã™ã‚‹ã€‚
+* `Signature GetPop();`
+ * 自身ã®ç§˜å¯†éµã«ã‚ˆã‚‹ç½²å(Proof Of Posession)を生æˆã™ã‚‹ã€‚
+
+## PublicKey
+
+* `byte[] Serialize();`
+ * PublicKeyをシリアライズã™ã‚‹ã€‚
+* `void Deserialize(byte[] buf);`
+ * ãƒã‚¤ãƒˆåˆ—bufã‹ã‚‰PublicKeyをデシリアライズã™ã‚‹ã€‚
+* `bool IsEqual(in PublicKey rhs);`
+ * åŒå€¤åˆ¤å®šã€‚
+* `void Add(in PublicKey rhs);`
+ * 公開éµrhsを加算ã™ã‚‹ã€‚
+* `void SetHexStr(string s);`
+ * 16進数文字列を設定ã™ã‚‹ã€‚
+* `string GetHexStr();`
+ * 16進数表記をå–å¾—ã™ã‚‹ã€‚
+* `bool Verify(in Signature sig, string m);`
+ * 文字列mã«å¯¾ã™ã‚‹ç½²åsigã®æ­£å½“性を確èªã™ã‚‹ã€‚
+* `bool VerifyPop(in Signature pop);`
+ * PoPã®æ­£å½“性を確èªã™ã‚‹ã€‚
+
+## Signature
+
+* `byte[] Serialize();`
+ * Signatureをシリアライズã™ã‚‹ã€‚
+* `void Deserialize(byte[] buf);`
+ * ãƒã‚¤ãƒˆåˆ—bufã‹ã‚‰Signatureをデシリアライズã™ã‚‹ã€‚
+* `bool IsEqual(in Signature rhs);`
+ * åŒå€¤åˆ¤å®šã€‚
+* `void Add(in Signature rhs);`
+ * ç½²århsを加算ã™ã‚‹ã€‚
+* `void SetHexStr(string s);`
+ * 16進数文字列を設定ã™ã‚‹ã€‚
+* `string GetHexStr();`
+ * 16進数表記をå–å¾—ã™ã‚‹ã€‚
+
+## 使ã„æ–¹
+
+### 最å°ã‚µãƒ³ãƒ—ル
+
+```
+using static BLS;
+
+Init(BN254); // ライブラリåˆæœŸåŒ–
+SecretKey sec;
+sec.SetByCSPRNG(); // 秘密éµã®åˆæœŸåŒ–
+PublicKey pub = sec.GetPublicKey(); // 公開éµã®å–å¾—
+string m = "abc";
+Signature sig = sec.Sign(m); // ç½²åã®ä½œæˆ
+if (pub.Verify(sig, m))) {
+ // ç½²åã®ç¢ºèª
+}
+```
+
+### 集約署å
+```
+Init(BN254); // ライブラリåˆæœŸåŒ–
+const int n = 10;
+const string m = "abc";
+SecretKey[] secVec = new SecretKey[n];
+PublicKey[] pubVec = new PublicKey[n];
+Signature[] popVec = new Signature[n];
+Signature[] sigVec = new Signature[n];
+
+for (int i = 0; i < n; i++) {
+ secVec[i].SetByCSPRNG(); // 秘密éµã®åˆæœŸåŒ–
+ pubVec[i] = secVec[i].GetPublicKey(); // 公開éµã®å–å¾—
+ popVec[i] = secVec[i].GetPop(); // 所有(PoP)ã®è¨¼æ˜Ž
+ sigVec[i] = secVec[i].Sign(m); // ç½²å
+}
+
+SecretKey secAgg;
+PublicKey pubAgg;
+Signature sigAgg;
+for (int i = 0; i < n; i++) {
+ // PoPã®ç¢ºèª
+ if (pubVec[i].VerifyPop(popVec[i]))) {
+ // エラー
+ return;
+ }
+ pubAgg.Add(pubVec[i]); // 公開éµã®é›†ç´„
+ sigAgg.Add(sigVec[i]); // ç½²åã®é›†ç´„
+}
+if (pubAgg.Verify(sigAgg, m)) {
+ // ç½²åã®ç¢ºèª
+}
+```
+
+# ライセンス
+
+modified new BSD License
+http://opensource.org/licenses/BSD-3-Clause
+
+# 著者
+
+(C)2019 å…‰æˆæ»‹ç”Ÿ MITSUNARI Shigeo(herumi@nifty.com) All rights reserved.
+本コンテンツã®è‘—作権ã€ãŠã‚ˆã³æœ¬ã‚³ãƒ³ãƒ†ãƒ³ãƒ„中ã«å‡ºã¦ãる商標権ã€å›£ä½“åã€ãƒ­ã‚´ã€è£½å“ã€
+サービスãªã©ã¯ãã‚Œãžã‚Œã€å„権利ä¿æœ‰è€…ã«å¸°å±žã—ã¾ã™
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/cs/readme.md b/vendor/github.com/byzantine-lab/bls/ffi/cs/readme.md
new file mode 100644
index 000000000..2b7191871
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/cs/readme.md
@@ -0,0 +1,185 @@
+# C# binding of BLS threshold signature library
+
+# Installation Requirements
+
+* Visual Studio 2017 or later
+* C# 7.2 or later
+* .NET Framework 4.5.2 or later
+
+# How to build
+
+```
+md work
+cd work
+git clone https://github.com/herumi/cybozulib_ext
+git clone https://github.com/herumi/mcl
+git clone https://github.com/herumi/bls
+cd bls
+mklib dll
+```
+bls/bin/*.dll are created
+
+# How to build a sample
+
+Open bls/ffi/cs/bls.sln and exec it.
+
+* Remark. bls256 is obsolete. Please use bls.sln.
+
+# class and API
+
+## API
+
+* `Init(int curveType = BN254);`
+ * initialize this library with a curve `curveType`.
+ * curveType = BN254 or BLS12_381
+* `SecretKey ShareSecretKey(in SecretKey[] msk, in Id id);`
+ * generate the shared secret key from a sequence of master secret keys msk and Id.
+* `SecretKey RecoverSecretKey(in SecretKey[] secVec, in Id[] idVec);`
+ * recover the secret key from a sequence of secret keys secVec and idVec.
+* `PublicKey SharePublicKey(in PublicKey[] mpk, in Id id);`
+ * generate the shared public key from a sequence of master public keys mpk and Id.
+* `PublicKey RecoverPublicKey(in PublicKey[] pubVec, in Id[] idVec);`
+ * recover the public key from a sequence of public keys pubVec and idVec.
+* `Signature RecoverSign(in Signature[] sigVec, in Id[] idVec);`
+ * recover the signature from a sequence of signatures siVec and idVec.
+
+## Id
+
+Identifier class
+
+* `byte[] Serialize();`
+ * serialize Id
+* `void Deserialize(byte[] buf);`
+ * deserialize from byte[] buf
+* `bool IsEqual(in Id rhs);`
+ * equality
+* `void SetDecStr(string s);`
+ * set by a decimal string s
+* `void SetHexStr(string s);`
+ * set by a hexadecimal string s
+* `void SetInt(int x);`
+ * set an integer x
+* `string GetDecStr();`
+ * get a decimal string
+* `string GetHexStr();`
+ * get a hexadecimal string
+
+## SecretKey
+
+* `byte[] Serialize();`
+ * serialize SecretKey
+* `void Deserialize(byte[] buf);`
+ * deserialize from byte[] buf
+* `bool IsEqual(in SecretKey rhs);`
+ * equality
+* `string GetDecStr();`
+ * get a decimal string
+* `string GetHexStr();`
+ * get a hexadecimal string
+* `void Add(in SecretKey rhs);`
+ * add a secret key rhs
+* `void SetByCSPRNG();`
+ * set a secret key by cryptographically secure pseudo random number generator
+* `void SetHashOf(string s);`
+ * set a secret key by a hash of string s
+* `PublicKey GetPublicKey();`
+ * get the corresponding public key to a secret key
+* `Signature Sign(string m);`
+ * sign a string m
+* `Signature GetPop();`
+ * get a PoP (Proof Of Posession) for a secret key
+
+## PublicKey
+
+* `byte[] Serialize();`
+ * serialize PublicKey
+* `void Deserialize(byte[] buf);`
+ * deserialize from byte[] buf
+* `bool IsEqual(in PublicKey rhs);`
+ * equality
+* `void Add(in PublicKey rhs);`
+ * add a public key rhs
+* `string GetDecStr();`
+ * get a decimal string
+* `string GetHexStr();`
+ * get a hexadecimal string
+* `bool Verify(in Signature sig, string m);`
+ * verify the validness of the sig with m
+* `bool VerifyPop(in Signature pop);`
+ * verify the validness of PoP
+
+## Signature
+
+* `byte[] Serialize();`
+ * serialize Signature
+* `void Deserialize(byte[] buf);`
+ * deserialize from byte[] buf
+* `bool IsEqual(in Signature rhs);`
+ * equality
+* `void Add(in Signature rhs);`
+ * add a signature key rhs
+* `string GetDecStr();`
+ * get a decimal string
+* `string GetHexStr();`
+ * get a hexadecimal string
+
+## How to use
+
+### A minimum sample
+
+```
+using static BLS;
+
+Init(BN254); // init library
+SecretKey sec;
+sec.SetByCSPRNG(); // init secret key
+PublicKey pub = sec.GetPublicKey(); // get public key
+string m = "abc";
+Signature sig = sec.Sign(m); // create signature
+if (pub.Verify(sig, m))) {
+ // signature is verified
+}
+```
+
+### Aggregate signature
+```
+Init(BN254); // init library
+const int n = 10;
+const string m = "abc";
+SecretKey[] secVec = new SecretKey[n];
+PublicKey[] pubVec = new PublicKey[n];
+Signature[] popVec = new Signature[n];
+Signature[] sigVec = new Signature[n];
+
+for (int i = 0; i < n; i++) {
+ secVec[i].SetByCSPRNG(); // init secret key
+ pubVec[i] = secVec[i].GetPublicKey(); // get public key
+ popVec[i] = secVec[i].GetPop(); // get a proof of Possesion (PoP)
+ sigVec[i] = secVec[i].Sign(m); // create signature
+}
+
+SecretKey secAgg;
+PublicKey pubAgg;
+Signature sigAgg;
+for (int i = 0; i < n; i++) {
+ // verify PoP
+ if (pubVec[i].VerifyPop(popVec[i]))) {
+ // error
+ return;
+ }
+ pubAgg.Add(pubVec[i]); // aggregate public key
+ sigAgg.Add(sigVec[i]); // aggregate signature
+}
+if (pubAgg.Verify(sigAgg, m)) {
+ // aggregated signature is verified
+}
+```
+
+# License
+
+modified new BSD License
+http://opensource.org/licenses/BSD-3-Clause
+
+# Author
+
+(C)2019 MITSUNARI Shigeo(herumi@nifty.com) All rights reserved.
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/go/bls/bls.go b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/bls.go
new file mode 100644
index 000000000..56bf08039
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/bls.go
@@ -0,0 +1,539 @@
+package bls
+
+/*
+#cgo bn256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=4
+#cgo bn256 LDFLAGS:${SRCDIR}/../../../lib/libbls256.a
+#cgo bn384 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6
+#cgo bn384 LDFLAGS:${SRCDIR}/../../../lib/libbls384.a
+#cgo bn384_256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6 -DMCLBN_FR_UNIT_SIZE=4
+#cgo bn384_256 LDFLAGS:${SRCDIR}/../../../lib/libbls384_256.a
+#cgo !bn256,!bn384,!bn384_256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6
+#cgo !bn256,!bn384,!bn384_256 LDFLAGS:${SRCDIR}/../../../lib/libbls384.a
+#cgo CFLAGS:-I${SRCDIR}/../../../include -I${SRCDIR}/../../../../mcl/include
+#cgo LDFLAGS:${SRCDIR}/../../../../mcl/lib/libmcl.a -lgmpxx -lgmp
+#cgo static LDFLAGS:-static
+typedef unsigned int (*ReadRandFunc)(void *, void *, unsigned int);
+int wrapReadRandCgo(void *self, void *buf, unsigned int n);
+#include <bls/bls.h>
+*/
+import "C"
+import "fmt"
+import "unsafe"
+import "io"
+import "encoding/json"
+
+// Init --
+// call this function before calling all the other operations
+// this function is not thread safe
+func Init(curve int) error {
+ err := C.blsInit(C.int(curve), C.MCLBN_COMPILED_TIME_VAR)
+ if err != 0 {
+ return fmt.Errorf("ERR Init curve=%d", curve)
+ }
+ return nil
+}
+
+// ID --
+type ID struct {
+ v Fr
+}
+
+// getPointer --
+func (id *ID) getPointer() (p *C.blsId) {
+ // #nosec
+ return (*C.blsId)(unsafe.Pointer(id))
+}
+
+// GetLittleEndian --
+func (id *ID) GetLittleEndian() []byte {
+ return id.v.Serialize()
+}
+
+// SetLittleEndian --
+func (id *ID) SetLittleEndian(buf []byte) error {
+ return id.v.SetLittleEndian(buf)
+}
+
+// GetHexString --
+func (id *ID) GetHexString() string {
+ return id.v.GetString(16)
+}
+
+// GetDecString --
+func (id *ID) GetDecString() string {
+ return id.v.GetString(10)
+}
+
+// SetHexString --
+func (id *ID) SetHexString(s string) error {
+ return id.v.SetString(s, 16)
+}
+
+// SetDecString --
+func (id *ID) SetDecString(s string) error {
+ return id.v.SetString(s, 10)
+}
+
+// IsEqual --
+func (id *ID) IsEqual(rhs *ID) bool {
+ if id == nil || rhs == nil {
+ return false
+ }
+ return id.v.IsEqual(&rhs.v)
+}
+
+// MarshalJSON implements json.Marshaller.
+func (id *ID) MarshalJSON() ([]byte, error) {
+ return json.Marshal(&struct {
+ ID []byte `json:"id"`
+ }{
+ id.GetLittleEndian(),
+ })
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (id *ID) UnmarshalJSON(data []byte) error {
+ aux := &struct {
+ ID []byte `json:"id"`
+ }{}
+ if err := json.Unmarshal(data, &aux); err != nil {
+ return err
+ }
+ if err := id.SetLittleEndian(aux.ID); err != nil {
+ return err
+ }
+ return nil
+}
+
+// SecretKey --
+type SecretKey struct {
+ v Fr
+}
+
+// getPointer --
+func (sec *SecretKey) getPointer() (p *C.blsSecretKey) {
+ // #nosec
+ return (*C.blsSecretKey)(unsafe.Pointer(sec))
+}
+
+// GetLittleEndian --
+func (sec *SecretKey) GetLittleEndian() []byte {
+ return sec.v.Serialize()
+}
+
+// SetLittleEndian --
+func (sec *SecretKey) SetLittleEndian(buf []byte) error {
+ return sec.v.SetLittleEndian(buf)
+}
+
+// SerializeToHexStr --
+func (sec *SecretKey) SerializeToHexStr() string {
+ return sec.v.GetString(IoSerializeHexStr)
+}
+
+// DeserializeHexStr --
+func (sec *SecretKey) DeserializeHexStr(s string) error {
+ return sec.v.SetString(s, IoSerializeHexStr)
+}
+
+// GetHexString --
+func (sec *SecretKey) GetHexString() string {
+ return sec.v.GetString(16)
+}
+
+// GetDecString --
+func (sec *SecretKey) GetDecString() string {
+ return sec.v.GetString(10)
+}
+
+// SetHexString --
+func (sec *SecretKey) SetHexString(s string) error {
+ return sec.v.SetString(s, 16)
+}
+
+// SetDecString --
+func (sec *SecretKey) SetDecString(s string) error {
+ return sec.v.SetString(s, 10)
+}
+
+// IsEqual --
+func (sec *SecretKey) IsEqual(rhs *SecretKey) bool {
+ if sec == nil || rhs == nil {
+ return false
+ }
+ return sec.v.IsEqual(&rhs.v)
+}
+
+// SetByCSPRNG --
+func (sec *SecretKey) SetByCSPRNG() {
+ sec.v.SetByCSPRNG()
+}
+
+// Add --
+func (sec *SecretKey) Add(rhs *SecretKey) {
+ FrAdd(&sec.v, &sec.v, &rhs.v)
+}
+
+// GetMasterSecretKey --
+func (sec *SecretKey) GetMasterSecretKey(k int) (msk []SecretKey) {
+ msk = make([]SecretKey, k)
+ msk[0] = *sec
+ for i := 1; i < k; i++ {
+ msk[i].SetByCSPRNG()
+ }
+ return msk
+}
+
+// MarshalJSON implements json.Marshaller.
+func (sec *SecretKey) MarshalJSON() ([]byte, error) {
+ return json.Marshal(&struct {
+ SecretKey []byte `json:"secret_key"`
+ }{
+ sec.GetLittleEndian(),
+ })
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (sec *SecretKey) UnmarshalJSON(data []byte) error {
+ aux := &struct {
+ SecretKey []byte `json:"secret_key"`
+ }{}
+ if err := json.Unmarshal(data, &aux); err != nil {
+ return err
+ }
+ if err := sec.SetLittleEndian(aux.SecretKey); err != nil {
+ return err
+ }
+ return nil
+}
+
+// GetMasterPublicKey --
+func GetMasterPublicKey(msk []SecretKey) (mpk []PublicKey) {
+ n := len(msk)
+ mpk = make([]PublicKey, n)
+ for i := 0; i < n; i++ {
+ mpk[i] = *msk[i].GetPublicKey()
+ }
+ return mpk
+}
+
+// Set --
+func (sec *SecretKey) Set(msk []SecretKey, id *ID) error {
+ // #nosec
+ return FrEvaluatePolynomial(&sec.v, *(*[]Fr)(unsafe.Pointer(&msk)), &id.v)
+}
+
+// Recover --
+func (sec *SecretKey) Recover(secVec []SecretKey, idVec []ID) error {
+ // #nosec
+ return FrLagrangeInterpolation(&sec.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]Fr)(unsafe.Pointer(&secVec)))
+}
+
+// GetPop --
+func (sec *SecretKey) GetPop() (sign *Sign) {
+ sign = new(Sign)
+ C.blsGetPop(sign.getPointer(), sec.getPointer())
+ return sign
+}
+
+// PublicKey --
+type PublicKey struct {
+ v G2
+}
+
+// getPointer --
+func (pub *PublicKey) getPointer() (p *C.blsPublicKey) {
+ // #nosec
+ return (*C.blsPublicKey)(unsafe.Pointer(pub))
+}
+
+// Serialize --
+func (pub *PublicKey) Serialize() []byte {
+ return pub.v.Serialize()
+}
+
+// Deserialize --
+func (pub *PublicKey) Deserialize(buf []byte) error {
+ return pub.v.Deserialize(buf)
+}
+
+// SerializeToHexStr --
+func (pub *PublicKey) SerializeToHexStr() string {
+ return pub.v.GetString(IoSerializeHexStr)
+}
+
+// DeserializeHexStr --
+func (pub *PublicKey) DeserializeHexStr(s string) error {
+ return pub.v.SetString(s, IoSerializeHexStr)
+}
+
+// GetHexString --
+func (pub *PublicKey) GetHexString() string {
+ return pub.v.GetString(16)
+}
+
+// SetHexString --
+func (pub *PublicKey) SetHexString(s string) error {
+ return pub.v.SetString(s, 16)
+}
+
+// IsEqual --
+func (pub *PublicKey) IsEqual(rhs *PublicKey) bool {
+ if pub == nil || rhs == nil {
+ return false
+ }
+ return pub.v.IsEqual(&rhs.v)
+}
+
+// Add --
+func (pub *PublicKey) Add(rhs *PublicKey) {
+ G2Add(&pub.v, &pub.v, &rhs.v)
+}
+
+// Set --
+func (pub *PublicKey) Set(mpk []PublicKey, id *ID) error {
+ // #nosec
+ return G2EvaluatePolynomial(&pub.v, *(*[]G2)(unsafe.Pointer(&mpk)), &id.v)
+}
+
+// Recover --
+func (pub *PublicKey) Recover(pubVec []PublicKey, idVec []ID) error {
+ // #nosec
+ return G2LagrangeInterpolation(&pub.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]G2)(unsafe.Pointer(&pubVec)))
+}
+
+// MarshalJSON implements json.Marshaller.
+func (pub *PublicKey) MarshalJSON() ([]byte, error) {
+ return json.Marshal(&struct {
+ PublicKey []byte `json:"public_key"`
+ }{
+ pub.Serialize(),
+ })
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (pub *PublicKey) UnmarshalJSON(data []byte) error {
+ aux := &struct {
+ PublicKey []byte `json:"public_key"`
+ }{}
+ if err := json.Unmarshal(data, &aux); err != nil {
+ return err
+ }
+ if err := pub.Deserialize(aux.PublicKey); err != nil {
+ return err
+ }
+ return nil
+}
+
+// Sign --
+type Sign struct {
+ v G1
+}
+
+// getPointer --
+func (sign *Sign) getPointer() (p *C.blsSignature) {
+ // #nosec
+ return (*C.blsSignature)(unsafe.Pointer(sign))
+}
+
+// Serialize --
+func (sign *Sign) Serialize() []byte {
+ return sign.v.Serialize()
+}
+
+// Deserialize --
+func (sign *Sign) Deserialize(buf []byte) error {
+ return sign.v.Deserialize(buf)
+}
+
+// SerializeToHexStr --
+func (sign *Sign) SerializeToHexStr() string {
+ return sign.v.GetString(IoSerializeHexStr)
+}
+
+// DeserializeHexStr --
+func (sign *Sign) DeserializeHexStr(s string) error {
+ return sign.v.SetString(s, IoSerializeHexStr)
+}
+
+// GetHexString --
+func (sign *Sign) GetHexString() string {
+ return sign.v.GetString(16)
+}
+
+// SetHexString --
+func (sign *Sign) SetHexString(s string) error {
+ return sign.v.SetString(s, 16)
+}
+
+// IsEqual --
+func (sign *Sign) IsEqual(rhs *Sign) bool {
+ if sign == nil || rhs == nil {
+ return false
+ }
+ return sign.v.IsEqual(&rhs.v)
+}
+
+// GetPublicKey --
+func (sec *SecretKey) GetPublicKey() (pub *PublicKey) {
+ pub = new(PublicKey)
+ C.blsGetPublicKey(pub.getPointer(), sec.getPointer())
+ return pub
+}
+
+// Sign -- Constant Time version
+func (sec *SecretKey) Sign(m string) (sign *Sign) {
+ sign = new(Sign)
+ buf := []byte(m)
+ // #nosec
+ C.blsSign(sign.getPointer(), sec.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ return sign
+}
+
+// Add --
+func (sign *Sign) Add(rhs *Sign) {
+ C.blsSignatureAdd(sign.getPointer(), rhs.getPointer())
+}
+
+// Recover --
+func (sign *Sign) Recover(signVec []Sign, idVec []ID) error {
+ // #nosec
+ return G1LagrangeInterpolation(&sign.v, *(*[]Fr)(unsafe.Pointer(&idVec)), *(*[]G1)(unsafe.Pointer(&signVec)))
+}
+
+// Verify --
+func (sign *Sign) Verify(pub *PublicKey, m string) bool {
+ buf := []byte(m)
+ // #nosec
+ return C.blsVerify(sign.getPointer(), pub.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) == 1
+}
+
+// VerifyPop --
+func (sign *Sign) VerifyPop(pub *PublicKey) bool {
+ if pub.getPointer() == nil {
+ return false
+ }
+ return C.blsVerifyPop(sign.getPointer(), pub.getPointer()) == 1
+}
+
+// MarshalJSON implements json.Marshaller.
+func (sign *Sign) MarshalJSON() ([]byte, error) {
+ return json.Marshal(&struct {
+ Sign []byte `json:"sign"`
+ }{
+ sign.Serialize(),
+ })
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (sign *Sign) UnmarshalJSON(data []byte) error {
+ aux := &struct {
+ Sign []byte `json:"sign"`
+ }{}
+ if err := json.Unmarshal(data, &aux); err != nil {
+ return err
+ }
+ if err := sign.Deserialize(aux.Sign); err != nil {
+ return err
+ }
+ return nil
+}
+
+// DHKeyExchange --
+func DHKeyExchange(sec *SecretKey, pub *PublicKey) (out PublicKey) {
+ C.blsDHKeyExchange(out.getPointer(), sec.getPointer(), pub.getPointer())
+ return out
+}
+
+// HashAndMapToSignature --
+func HashAndMapToSignature(buf []byte) *Sign {
+ sig := new(Sign)
+ err := sig.v.HashAndMapTo(buf)
+ if err == nil {
+ return sig
+ } else {
+ return nil
+ }
+}
+
+// VerifyPairing --
+func VerifyPairing(X *Sign, Y *Sign, pub *PublicKey) bool {
+ if X.getPointer() == nil || Y.getPointer() == nil || pub.getPointer() == nil {
+ return false
+ }
+ return C.blsVerifyPairing(X.getPointer(), Y.getPointer(), pub.getPointer()) == 1
+}
+
+// SignHash --
+func (sec *SecretKey) SignHash(hash []byte) (sign *Sign) {
+ sign = new(Sign)
+ // #nosec
+ err := C.blsSignHash(sign.getPointer(), sec.getPointer(), unsafe.Pointer(&hash[0]), C.size_t(len(hash)))
+ if err == 0 {
+ return sign
+ } else {
+ return nil
+ }
+}
+
+// VerifyHash --
+func (sign *Sign) VerifyHash(pub *PublicKey, hash []byte) bool {
+ if pub.getPointer() == nil {
+ return false
+ }
+ // #nosec
+ return C.blsVerifyHash(sign.getPointer(), pub.getPointer(), unsafe.Pointer(&hash[0]), C.size_t(len(hash))) == 1
+}
+
+func Min(x, y int) int {
+ if x < y {
+ return x
+ }
+ return y
+}
+
+// VerifyAggregateHashes --
+func (sign *Sign) VerifyAggregateHashes(pubVec []PublicKey, hash [][]byte) bool {
+ hashByte := GetOpUnitSize() * 8
+ n := len(hash)
+ h := make([]byte, n*hashByte)
+ for i := 0; i < n; i++ {
+ hn := len(hash[i])
+ copy(h[i*hashByte:(i+1)*hashByte], hash[i][0:Min(hn, hashByte)])
+ }
+ if pubVec[0].getPointer() == nil {
+ return false
+ }
+ return C.blsVerifyAggregatedHashes(sign.getPointer(), pubVec[0].getPointer(), unsafe.Pointer(&h[0]), C.size_t(hashByte), C.size_t(n)) == 1
+}
+
+///
+
+var s_randReader io.Reader
+
+func createSlice(buf *C.char, n C.uint) []byte {
+ size := int(n)
+ return (*[1 << 30]byte)(unsafe.Pointer(buf))[:size:size]
+}
+
+// this function can't be put in callback.go
+//export wrapReadRandGo
+func wrapReadRandGo(buf *C.char, n C.uint) C.uint {
+ slice := createSlice(buf, n)
+ ret, err := s_randReader.Read(slice)
+ if ret == int(n) && err == nil {
+ return n
+ }
+ return 0
+}
+
+// SetRandFunc --
+func SetRandFunc(randReader io.Reader) {
+ s_randReader = randReader
+ if randReader != nil {
+ C.blsSetRandFunc(nil, C.ReadRandFunc(unsafe.Pointer(C.wrapReadRandCgo)))
+ } else {
+ // use default random generator
+ C.blsSetRandFunc(nil, C.ReadRandFunc(unsafe.Pointer(nil)))
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/go/bls/callback.go b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/callback.go
new file mode 100644
index 000000000..ba73a5e15
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/callback.go
@@ -0,0 +1,12 @@
+package bls
+
+/*
+// exported from bls.go
+unsigned int wrapReadRandGo(void *buf, unsigned int n);
+int wrapReadRandCgo(void *self, void *buf, unsigned int n)
+{
+ (void)self;
+ return wrapReadRandGo(buf, n);
+}
+*/
+import "C"
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/go/bls/dummy.cpp b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/dummy.cpp
new file mode 100644
index 000000000..a5103a1c5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/dummy.cpp
@@ -0,0 +1,3 @@
+// This is a dummy source file which forces cgo to use the C++ linker instead
+// of the default C linker. We can therefore eliminate non-portable linker
+// flags such as -lstdc++, which is likely to break on FreeBSD and OpenBSD.
diff --git a/vendor/github.com/byzantine-lab/bls/ffi/go/bls/mcl.go b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/mcl.go
new file mode 100644
index 000000000..ca8d7f02b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/ffi/go/bls/mcl.go
@@ -0,0 +1,646 @@
+package bls
+
+/*
+#cgo bn256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=4
+#cgo bn384 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6
+#cgo bn384_256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6 -DMCLBN_FR_UNIT_SIZE=4
+#cgo !bn256,!bn384,!bn384_256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6
+#include <mcl/bn.h>
+*/
+import "C"
+import "fmt"
+import "unsafe"
+
+// CurveFp254BNb -- 254 bit curve
+const CurveFp254BNb = C.mclBn_CurveFp254BNb
+
+// CurveFp382_1 -- 382 bit curve 1
+const CurveFp382_1 = C.mclBn_CurveFp382_1
+
+// CurveFp382_2 -- 382 bit curve 2
+const CurveFp382_2 = C.mclBn_CurveFp382_2
+
+// BLS12_381
+const BLS12_381 = C.MCL_BLS12_381
+
+// IoSerializeHexStr
+const IoSerializeHexStr = C.MCLBN_IO_SERIALIZE_HEX_STR
+
+// GetFrUnitSize() --
+func GetFrUnitSize() int {
+ return int(C.MCLBN_FR_UNIT_SIZE)
+}
+
+// GetFpUnitSize() --
+// same as GetMaxOpUnitSize()
+func GetFpUnitSize() int {
+ return int(C.MCLBN_FP_UNIT_SIZE)
+}
+
+// GetMaxOpUnitSize --
+func GetMaxOpUnitSize() int {
+ return int(C.MCLBN_FP_UNIT_SIZE)
+}
+
+// GetOpUnitSize --
+// the length of Fr is GetOpUnitSize() * 8 bytes
+func GetOpUnitSize() int {
+ return int(C.mclBn_getOpUnitSize())
+}
+
+// GetCurveOrder --
+// return the order of G1
+func GetCurveOrder() string {
+ buf := make([]byte, 1024)
+ // #nosec
+ n := C.mclBn_getCurveOrder((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)))
+ if n == 0 {
+ panic("implementation err. size of buf is small")
+ }
+ return string(buf[:n])
+}
+
+// GetFieldOrder --
+// return the characteristic of the field where a curve is defined
+func GetFieldOrder() string {
+ buf := make([]byte, 1024)
+ // #nosec
+ n := C.mclBn_getFieldOrder((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)))
+ if n == 0 {
+ panic("implementation err. size of buf is small")
+ }
+ return string(buf[:n])
+}
+
+// Fr --
+type Fr struct {
+ v C.mclBnFr
+}
+
+// getPointer --
+func (x *Fr) getPointer() (p *C.mclBnFr) {
+ // #nosec
+ return (*C.mclBnFr)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *Fr) Clear() {
+ // #nosec
+ C.mclBnFr_clear(x.getPointer())
+}
+
+// SetInt64 --
+func (x *Fr) SetInt64(v int64) {
+ // #nosec
+ C.mclBnFr_setInt(x.getPointer(), C.int64_t(v))
+}
+
+// SetString --
+func (x *Fr) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnFr_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnFr_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *Fr) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnFr_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnFr_deserialize %x", buf)
+ }
+ return nil
+}
+
+// SetLittleEndian --
+func (x *Fr) SetLittleEndian(buf []byte) error {
+ // #nosec
+ err := C.mclBnFr_setLittleEndian(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnFr_setLittleEndian %x", err)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *Fr) IsEqual(rhs *Fr) bool {
+ return C.mclBnFr_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *Fr) IsZero() bool {
+ return C.mclBnFr_isZero(x.getPointer()) == 1
+}
+
+// IsOne --
+func (x *Fr) IsOne() bool {
+ return C.mclBnFr_isOne(x.getPointer()) == 1
+}
+
+// SetByCSPRNG --
+func (x *Fr) SetByCSPRNG() {
+ err := C.mclBnFr_setByCSPRNG(x.getPointer())
+ if err != 0 {
+ panic("err mclBnFr_setByCSPRNG")
+ }
+}
+
+// SetHashOf --
+func (x *Fr) SetHashOf(buf []byte) bool {
+ // #nosec
+ return C.mclBnFr_setHashOf(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) == 0
+}
+
+// GetString --
+func (x *Fr) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnFr_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnFr_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *Fr) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnFr_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnFr_serialize")
+ }
+ return buf[:n]
+}
+
+// FrNeg --
+func FrNeg(out *Fr, x *Fr) {
+ C.mclBnFr_neg(out.getPointer(), x.getPointer())
+}
+
+// FrInv --
+func FrInv(out *Fr, x *Fr) {
+ C.mclBnFr_inv(out.getPointer(), x.getPointer())
+}
+
+// FrAdd --
+func FrAdd(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrSub --
+func FrSub(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrMul --
+func FrMul(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrDiv --
+func FrDiv(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_div(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1 --
+type G1 struct {
+ v C.mclBnG1
+}
+
+// getPointer --
+func (x *G1) getPointer() (p *C.mclBnG1) {
+ // #nosec
+ return (*C.mclBnG1)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *G1) Clear() {
+ // #nosec
+ C.mclBnG1_clear(x.getPointer())
+}
+
+// SetString --
+func (x *G1) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnG1_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG1_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *G1) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnG1_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnG1_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *G1) IsEqual(rhs *G1) bool {
+ return C.mclBnG1_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *G1) IsZero() bool {
+ return C.mclBnG1_isZero(x.getPointer()) == 1
+}
+
+// HashAndMapTo --
+func (x *G1) HashAndMapTo(buf []byte) error {
+ // #nosec
+ err := C.mclBnG1_hashAndMapTo(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG1_hashAndMapTo %x", err)
+ }
+ return nil
+}
+
+// GetString --
+func (x *G1) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG1_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnG1_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *G1) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG1_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnG1_serialize")
+ }
+ return buf[:n]
+}
+
+// G1Neg --
+func G1Neg(out *G1, x *G1) {
+ C.mclBnG1_neg(out.getPointer(), x.getPointer())
+}
+
+// G1Dbl --
+func G1Dbl(out *G1, x *G1) {
+ C.mclBnG1_dbl(out.getPointer(), x.getPointer())
+}
+
+// G1Add --
+func G1Add(out *G1, x *G1, y *G1) {
+ C.mclBnG1_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1Sub --
+func G1Sub(out *G1, x *G1, y *G1) {
+ C.mclBnG1_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1Mul --
+func G1Mul(out *G1, x *G1, y *Fr) {
+ C.mclBnG1_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1MulCT -- constant time (depending on bit lengh of y)
+func G1MulCT(out *G1, x *G1, y *Fr) {
+ C.mclBnG1_mulCT(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2 --
+type G2 struct {
+ v C.mclBnG2
+}
+
+// getPointer --
+func (x *G2) getPointer() (p *C.mclBnG2) {
+ // #nosec
+ return (*C.mclBnG2)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *G2) Clear() {
+ // #nosec
+ C.mclBnG2_clear(x.getPointer())
+}
+
+// SetString --
+func (x *G2) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnG2_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG2_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *G2) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnG2_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnG2_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *G2) IsEqual(rhs *G2) bool {
+ return C.mclBnG2_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *G2) IsZero() bool {
+ return C.mclBnG2_isZero(x.getPointer()) == 1
+}
+
+// HashAndMapTo --
+func (x *G2) HashAndMapTo(buf []byte) error {
+ // #nosec
+ err := C.mclBnG2_hashAndMapTo(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG2_hashAndMapTo %x", err)
+ }
+ return nil
+}
+
+// GetString --
+func (x *G2) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG2_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnG2_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *G2) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG2_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnG2_serialize")
+ }
+ return buf[:n]
+}
+
+// G2Neg --
+func G2Neg(out *G2, x *G2) {
+ C.mclBnG2_neg(out.getPointer(), x.getPointer())
+}
+
+// G2Dbl --
+func G2Dbl(out *G2, x *G2) {
+ C.mclBnG2_dbl(out.getPointer(), x.getPointer())
+}
+
+// G2Add --
+func G2Add(out *G2, x *G2, y *G2) {
+ C.mclBnG2_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2Sub --
+func G2Sub(out *G2, x *G2, y *G2) {
+ C.mclBnG2_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2Mul --
+func G2Mul(out *G2, x *G2, y *Fr) {
+ C.mclBnG2_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GT --
+type GT struct {
+ v C.mclBnGT
+}
+
+// getPointer --
+func (x *GT) getPointer() (p *C.mclBnGT) {
+ // #nosec
+ return (*C.mclBnGT)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *GT) Clear() {
+ // #nosec
+ C.mclBnGT_clear(x.getPointer())
+}
+
+// SetInt64 --
+func (x *GT) SetInt64(v int64) {
+ // #nosec
+ C.mclBnGT_setInt(x.getPointer(), C.int64_t(v))
+}
+
+// SetString --
+func (x *GT) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnGT_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnGT_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *GT) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnGT_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnGT_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *GT) IsEqual(rhs *GT) bool {
+ return C.mclBnGT_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *GT) IsZero() bool {
+ return C.mclBnGT_isZero(x.getPointer()) == 1
+}
+
+// IsOne --
+func (x *GT) IsOne() bool {
+ return C.mclBnGT_isOne(x.getPointer()) == 1
+}
+
+// GetString --
+func (x *GT) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnGT_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnGT_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *GT) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnGT_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnGT_serialize")
+ }
+ return buf[:n]
+}
+
+// GTNeg --
+func GTNeg(out *GT, x *GT) {
+ C.mclBnGT_neg(out.getPointer(), x.getPointer())
+}
+
+// GTInv --
+func GTInv(out *GT, x *GT) {
+ C.mclBnGT_inv(out.getPointer(), x.getPointer())
+}
+
+// GTAdd --
+func GTAdd(out *GT, x *GT, y *GT) {
+ C.mclBnGT_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTSub --
+func GTSub(out *GT, x *GT, y *GT) {
+ C.mclBnGT_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTMul --
+func GTMul(out *GT, x *GT, y *GT) {
+ C.mclBnGT_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTDiv --
+func GTDiv(out *GT, x *GT, y *GT) {
+ C.mclBnGT_div(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTPow --
+func GTPow(out *GT, x *GT, y *Fr) {
+ C.mclBnGT_pow(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// Pairing --
+func Pairing(out *GT, x *G1, y *G2) {
+ C.mclBn_pairing(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FinalExp --
+func FinalExp(out *GT, x *GT) {
+ C.mclBn_finalExp(out.getPointer(), x.getPointer())
+}
+
+// MillerLoop --
+func MillerLoop(out *GT, x *G1, y *G2) {
+ C.mclBn_millerLoop(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GetUint64NumToPrecompute --
+func GetUint64NumToPrecompute() int {
+ return int(C.mclBn_getUint64NumToPrecompute())
+}
+
+// PrecomputeG2 --
+func PrecomputeG2(Qbuf []uint64, Q *G2) {
+ // #nosec
+ C.mclBn_precomputeG2((*C.uint64_t)(unsafe.Pointer(&Qbuf[0])), Q.getPointer())
+}
+
+// PrecomputedMillerLoop --
+func PrecomputedMillerLoop(out *GT, P *G1, Qbuf []uint64) {
+ // #nosec
+ C.mclBn_precomputedMillerLoop(out.getPointer(), P.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Qbuf[0])))
+}
+
+// PrecomputedMillerLoop2 --
+func PrecomputedMillerLoop2(out *GT, P1 *G1, Q1buf []uint64, P2 *G1, Q2buf []uint64) {
+ // #nosec
+ C.mclBn_precomputedMillerLoop2(out.getPointer(), P1.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Q1buf[0])), P1.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Q1buf[0])))
+}
+
+// FrEvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func FrEvaluatePolynomial(y *Fr, c []Fr, x *Fr) error {
+ // #nosec
+ err := C.mclBn_FrEvaluatePolynomial(y.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_FrEvaluatePolynomial")
+ }
+ return nil
+}
+
+// G1EvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func G1EvaluatePolynomial(y *G1, c []G1, x *Fr) error {
+ // #nosec
+ err := C.mclBn_G1EvaluatePolynomial(y.getPointer(), (*C.mclBnG1)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_G1EvaluatePolynomial")
+ }
+ return nil
+}
+
+// G2EvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func G2EvaluatePolynomial(y *G2, c []G2, x *Fr) error {
+ // #nosec
+ err := C.mclBn_G2EvaluatePolynomial(y.getPointer(), (*C.mclBnG2)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_G2EvaluatePolynomial")
+ }
+ return nil
+}
+
+// FrLagrangeInterpolation --
+func FrLagrangeInterpolation(out *Fr, xVec []Fr, yVec []Fr) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err FrLagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_FrLagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnFr)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err FrLagrangeInterpolation")
+ }
+ return nil
+}
+
+// G1LagrangeInterpolation --
+func G1LagrangeInterpolation(out *G1, xVec []Fr, yVec []G1) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err G1LagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_G1LagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnG1)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err G1LagrangeInterpolation")
+ }
+ return nil
+}
+
+// G2LagrangeInterpolation --
+func G2LagrangeInterpolation(out *G2, xVec []Fr, yVec []G2) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err G2LagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_G2LagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnG2)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err G2LagrangeInterpolation")
+ }
+ return nil
+}
diff --git a/vendor/github.com/byzantine-lab/bls/images/bls-go-alpine/Dockerfile b/vendor/github.com/byzantine-lab/bls/images/bls-go-alpine/Dockerfile
new file mode 100644
index 000000000..edd49eb4b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/images/bls-go-alpine/Dockerfile
@@ -0,0 +1,12 @@
+FROM golang:alpine
+MAINTAINER Jimmy Hu <jimmy.hu@dexon.org>
+
+# Install dependencies
+RUN apk add --update-cache build-base gmp-dev openssl-dev git
+
+# Build bls library
+RUN mkdir work ; cd work
+RUN git clone --depth 1 git://github.com/dexon-foundation/mcl.git
+RUN mkdir bls
+COPY . bls/
+RUN cd bls ; make clean && make test_go DOCKER=alpine -j && cp lib/* /usr/lib/
diff --git a/vendor/github.com/byzantine-lab/bls/include/bls/bls.h b/vendor/github.com/byzantine-lab/bls/include/bls/bls.h
new file mode 100644
index 000000000..cb300bc49
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/include/bls/bls.h
@@ -0,0 +1,275 @@
+#pragma once
+/**
+ @file
+ @brief C interface of bls.hpp
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/bn.h>
+
+#ifdef BLS_SWAP_G
+ /*
+ error if BLS_SWAP_G is inconsistently used between library and exe
+ */
+ #undef MCLBN_COMPILED_TIME_VAR
+ #define MCLBN_COMPILED_TIME_VAR ((MCLBN_FR_UNIT_SIZE) * 10 + (MCLBN_FP_UNIT_SIZE) + 100)
+#endif
+
+#ifdef _MSC_VER
+ #ifdef BLS_DONT_EXPORT
+ #define BLS_DLL_API
+ #else
+ #ifdef BLS_DLL_EXPORT
+ #define BLS_DLL_API __declspec(dllexport)
+ #else
+ #define BLS_DLL_API __declspec(dllimport)
+ #endif
+ #endif
+ #ifndef BLS_NO_AUTOLINK
+ #if MCLBN_FP_UNIT_SIZE == 4
+ #pragma comment(lib, "bls256.lib")
+ #elif (MCLBN_FP_UNIT_SIZE == 6) && (MCLBN_FR_UNIT_SIZE == 4)
+ #pragma comment(lib, "bls384_256.lib")
+ #elif (MCLBN_FP_UNIT_SIZE == 6) && (MCLBN_FR_UNIT_SIZE == 6)
+ #pragma comment(lib, "bls384.lib")
+ #endif
+ #endif
+#elif defined(__EMSCRIPTEN__) && !defined(BLS_DONT_EXPORT)
+ #define BLS_DLL_API __attribute__((used))
+#elif defined(__wasm__) && !defined(BLS_DONT_EXPORT)
+ #define BLS_DLL_API __attribute__((visibility("default")))
+#else
+ #define BLS_DLL_API
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+ mclBnFr v;
+} blsId;
+
+typedef struct {
+ mclBnFr v;
+} blsSecretKey;
+
+typedef struct {
+#ifdef BLS_SWAP_G
+ mclBnG1 v;
+#else
+ mclBnG2 v;
+#endif
+} blsPublicKey;
+
+typedef struct {
+#ifdef BLS_SWAP_G
+ mclBnG2 v;
+#else
+ mclBnG1 v;
+#endif
+} blsSignature;
+
+/*
+ initialize this library
+ call this once before using the other functions
+ @param curve [in] enum value defined in mcl/bn.h
+ @param compiledTimeVar [in] specify MCLBN_COMPILED_TIME_VAR,
+ which macro is used to make sure that the values
+ are the same when the library is built and used
+ @return 0 if success
+ @note blsInit() is thread safe and serialized if it is called simultaneously
+ but don't call it while using other functions.
+*/
+BLS_DLL_API int blsInit(int curve, int compiledTimeVar);
+
+BLS_DLL_API void blsIdSetInt(blsId *id, int x);
+
+// sec = buf & (1 << bitLen(r)) - 1
+// if (sec >= r) sec &= (1 << (bitLen(r) - 1)) - 1
+// always return 0
+BLS_DLL_API int blsSecretKeySetLittleEndian(blsSecretKey *sec, const void *buf, mclSize bufSize);
+// return 0 if success (bufSize <= 64) else -1
+// set (buf mod r) to sec
+BLS_DLL_API int blsSecretKeySetLittleEndianMod(blsSecretKey *sec, const void *buf, mclSize bufSize);
+
+BLS_DLL_API void blsGetPublicKey(blsPublicKey *pub, const blsSecretKey *sec);
+
+// calculate the has of m and sign the hash
+BLS_DLL_API void blsSign(blsSignature *sig, const blsSecretKey *sec, const void *m, mclSize size);
+
+// return 1 if valid
+BLS_DLL_API int blsVerify(const blsSignature *sig, const blsPublicKey *pub, const void *m, mclSize size);
+
+// return written byte size if success else 0
+BLS_DLL_API mclSize blsIdSerialize(void *buf, mclSize maxBufSize, const blsId *id);
+BLS_DLL_API mclSize blsSecretKeySerialize(void *buf, mclSize maxBufSize, const blsSecretKey *sec);
+BLS_DLL_API mclSize blsPublicKeySerialize(void *buf, mclSize maxBufSize, const blsPublicKey *pub);
+BLS_DLL_API mclSize blsSignatureSerialize(void *buf, mclSize maxBufSize, const blsSignature *sig);
+
+// return read byte size if success else 0
+BLS_DLL_API mclSize blsIdDeserialize(blsId *id, const void *buf, mclSize bufSize);
+BLS_DLL_API mclSize blsSecretKeyDeserialize(blsSecretKey *sec, const void *buf, mclSize bufSize);
+BLS_DLL_API mclSize blsPublicKeyDeserialize(blsPublicKey *pub, const void *buf, mclSize bufSize);
+BLS_DLL_API mclSize blsSignatureDeserialize(blsSignature *sig, const void *buf, mclSize bufSize);
+
+// return 1 if same else 0
+BLS_DLL_API int blsIdIsEqual(const blsId *lhs, const blsId *rhs);
+BLS_DLL_API int blsSecretKeyIsEqual(const blsSecretKey *lhs, const blsSecretKey *rhs);
+BLS_DLL_API int blsPublicKeyIsEqual(const blsPublicKey *lhs, const blsPublicKey *rhs);
+BLS_DLL_API int blsSignatureIsEqual(const blsSignature *lhs, const blsSignature *rhs);
+
+// return 0 if success
+BLS_DLL_API int blsSecretKeyShare(blsSecretKey *sec, const blsSecretKey* msk, mclSize k, const blsId *id);
+BLS_DLL_API int blsPublicKeyShare(blsPublicKey *pub, const blsPublicKey *mpk, mclSize k, const blsId *id);
+
+BLS_DLL_API int blsSecretKeyRecover(blsSecretKey *sec, const blsSecretKey *secVec, const blsId *idVec, mclSize n);
+BLS_DLL_API int blsPublicKeyRecover(blsPublicKey *pub, const blsPublicKey *pubVec, const blsId *idVec, mclSize n);
+BLS_DLL_API int blsSignatureRecover(blsSignature *sig, const blsSignature *sigVec, const blsId *idVec, mclSize n);
+
+// add
+BLS_DLL_API void blsSecretKeyAdd(blsSecretKey *sec, const blsSecretKey *rhs);
+BLS_DLL_API void blsPublicKeyAdd(blsPublicKey *pub, const blsPublicKey *rhs);
+BLS_DLL_API void blsSignatureAdd(blsSignature *sig, const blsSignature *rhs);
+
+/*
+ verify whether a point of an elliptic curve has order r
+ This api affetcs setStr(), deserialize() for G2 on BN or G1/G2 on BLS12
+ @param doVerify [in] does not verify if zero(default 1)
+ Signature = G1, PublicKey = G2
+*/
+BLS_DLL_API void blsSignatureVerifyOrder(int doVerify);
+BLS_DLL_API void blsPublicKeyVerifyOrder(int doVerify);
+// deserialize under VerifyOrder(true) = deserialize under VerifyOrder(false) + IsValidOrder
+BLS_DLL_API int blsSignatureIsValidOrder(const blsSignature *sig);
+BLS_DLL_API int blsPublicKeyIsValidOrder(const blsPublicKey *pub);
+
+#ifndef BLS_MINIMUM_API
+
+/*
+ verify X == sY by checking e(X, sQ) = e(Y, Q)
+ @param X [in]
+ @param Y [in]
+ @param pub [in] pub = sQ
+ @return 1 if e(X, pub) = e(Y, Q) else 0
+*/
+BLS_DLL_API int blsVerifyPairing(const blsSignature *X, const blsSignature *Y, const blsPublicKey *pub);
+
+/*
+ sign the hash
+ use the low (bitSize of r) - 1 bit of h
+ return 0 if success else -1
+ NOTE : return false if h is zero or c1 or -c1 value for BN254. see hashTest() in test/bls_test.hpp
+*/
+BLS_DLL_API int blsSignHash(blsSignature *sig, const blsSecretKey *sec, const void *h, mclSize size);
+// return 1 if valid
+BLS_DLL_API int blsVerifyHash(const blsSignature *sig, const blsPublicKey *pub, const void *h, mclSize size);
+
+/*
+ verify aggSig with pubVec[0, n) and hVec[0, n)
+ e(aggSig, Q) = prod_i e(hVec[i], pubVec[i])
+ return 1 if valid
+ @note do not check duplication of hVec
+*/
+BLS_DLL_API int blsVerifyAggregatedHashes(const blsSignature *aggSig, const blsPublicKey *pubVec, const void *hVec, size_t sizeofHash, mclSize n);
+
+// sub
+BLS_DLL_API void blsSecretKeySub(blsSecretKey *sec, const blsSecretKey *rhs);
+BLS_DLL_API void blsPublicKeySub(blsPublicKey *pub, const blsPublicKey *rhs);
+BLS_DLL_API void blsSignatureSub(blsSignature *sig, const blsSignature *rhs);
+
+// not thread safe version (old blsInit)
+BLS_DLL_API int blsInitNotThreadSafe(int curve, int compiledTimeVar);
+
+BLS_DLL_API mclSize blsGetOpUnitSize(void);
+// return strlen(buf) if success else 0
+BLS_DLL_API int blsGetCurveOrder(char *buf, mclSize maxBufSize);
+BLS_DLL_API int blsGetFieldOrder(char *buf, mclSize maxBufSize);
+
+// return bytes for serialized G1(=Fp)
+BLS_DLL_API int blsGetG1ByteSize(void);
+
+// return bytes for serialized Fr
+BLS_DLL_API int blsGetFrByteSize(void);
+
+#ifdef BLS_SWAP_G
+// get a generator of G1
+BLS_DLL_API void blsGetGeneratorOfG1(blsPublicKey *pub);
+#else
+// get a generator of G2
+BLS_DLL_API void blsGetGeneratorOfG2(blsPublicKey *pub);
+#endif
+
+// return 0 if success
+BLS_DLL_API int blsIdSetDecStr(blsId *id, const char *buf, mclSize bufSize);
+BLS_DLL_API int blsIdSetHexStr(blsId *id, const char *buf, mclSize bufSize);
+
+/*
+ return strlen(buf) if success else 0
+ buf is '\0' terminated
+*/
+BLS_DLL_API mclSize blsIdGetDecStr(char *buf, mclSize maxBufSize, const blsId *id);
+BLS_DLL_API mclSize blsIdGetHexStr(char *buf, mclSize maxBufSize, const blsId *id);
+
+// hash buf and set
+BLS_DLL_API int blsHashToSecretKey(blsSecretKey *sec, const void *buf, mclSize bufSize);
+#ifndef MCL_DONT_USE_CSPRNG
+/*
+ set secretKey if system has /dev/urandom or CryptGenRandom
+ return 0 if success else -1
+*/
+BLS_DLL_API int blsSecretKeySetByCSPRNG(blsSecretKey *sec);
+/*
+ set user-defined random function for setByCSPRNG
+ @param self [in] user-defined pointer
+ @param readFunc [in] user-defined function,
+ which writes random bufSize bytes to buf and returns bufSize if success else returns 0
+ @note if self == 0 and readFunc == 0 then set default random function
+ @note not threadsafe
+*/
+BLS_DLL_API void blsSetRandFunc(void *self, unsigned int (*readFunc)(void *self, void *buf, unsigned int bufSize));
+#endif
+
+BLS_DLL_API void blsGetPop(blsSignature *sig, const blsSecretKey *sec);
+
+BLS_DLL_API int blsVerifyPop(const blsSignature *sig, const blsPublicKey *pub);
+//////////////////////////////////////////////////////////////////////////
+// the following apis will be removed
+
+// mask buf with (1 << (bitLen(r) - 1)) - 1 if buf >= r
+BLS_DLL_API int blsIdSetLittleEndian(blsId *id, const void *buf, mclSize bufSize);
+/*
+ return written byte size if success else 0
+*/
+BLS_DLL_API mclSize blsIdGetLittleEndian(void *buf, mclSize maxBufSize, const blsId *id);
+
+// return 0 if success
+BLS_DLL_API int blsSecretKeySetDecStr(blsSecretKey *sec, const char *buf, mclSize bufSize);
+BLS_DLL_API int blsSecretKeySetHexStr(blsSecretKey *sec, const char *buf, mclSize bufSize);
+/*
+ return written byte size if success else 0
+*/
+BLS_DLL_API mclSize blsSecretKeyGetLittleEndian(void *buf, mclSize maxBufSize, const blsSecretKey *sec);
+/*
+ return strlen(buf) if success else 0
+ buf is '\0' terminated
+*/
+BLS_DLL_API mclSize blsSecretKeyGetDecStr(char *buf, mclSize maxBufSize, const blsSecretKey *sec);
+BLS_DLL_API mclSize blsSecretKeyGetHexStr(char *buf, mclSize maxBufSize, const blsSecretKey *sec);
+BLS_DLL_API int blsPublicKeySetHexStr(blsPublicKey *pub, const char *buf, mclSize bufSize);
+BLS_DLL_API mclSize blsPublicKeyGetHexStr(char *buf, mclSize maxBufSize, const blsPublicKey *pub);
+BLS_DLL_API int blsSignatureSetHexStr(blsSignature *sig, const char *buf, mclSize bufSize);
+BLS_DLL_API mclSize blsSignatureGetHexStr(char *buf, mclSize maxBufSize, const blsSignature *sig);
+
+/*
+ Diffie Hellman key exchange
+ out = sec * pub
+*/
+BLS_DLL_API void blsDHKeyExchange(blsPublicKey *out, const blsSecretKey *sec, const blsPublicKey *pub);
+
+#endif // BLS_MINIMUM_API
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/vendor/github.com/byzantine-lab/bls/include/bls/bls.hpp b/vendor/github.com/byzantine-lab/bls/include/bls/bls.hpp
new file mode 100644
index 000000000..741334555
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/include/bls/bls.hpp
@@ -0,0 +1,534 @@
+#pragma once
+/**
+ @file
+ @brief BLS threshold signature on BN curve
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <bls/bls.h>
+#include <stdexcept>
+#include <vector>
+#include <string>
+#include <iosfwd>
+#include <stdint.h>
+
+namespace bls {
+
+// same value with IoMode of mcl/op.hpp
+enum {
+ IoBin = 2, // binary number
+ IoDec = 10, // decimal number
+ IoHex = 16, // hexadecimal number
+ IoPrefix = 128, // append '0b'(bin) or '0x'(hex)
+ IoSerialize = 512,
+ IoFixedByteSeq = IoSerialize // fixed byte representation
+};
+
+/*
+ BLS signature
+ e : G2 x G1 -> Fp12
+ Q in G2 ; fixed global parameter
+ H : {str} -> G1
+ s : secret key
+ sQ ; public key
+ s H(m) ; signature of m
+ verify ; e(sQ, H(m)) = e(Q, s H(m))
+*/
+
+/*
+ initialize this library
+ call this once before using the other method
+ @param curve [in] type of curve
+ @param compiledTimevar [in] use the default value
+ @note init() is not thread safe
+*/
+inline void init(int curve = mclBn_CurveFp254BNb, int compiledTimeVar = MCLBN_COMPILED_TIME_VAR)
+{
+ if (blsInit(curve, compiledTimeVar) != 0) throw std::invalid_argument("blsInit");
+}
+inline size_t getOpUnitSize() { return blsGetOpUnitSize(); }
+
+inline void getCurveOrder(std::string& str)
+{
+ str.resize(1024);
+ mclSize n = blsGetCurveOrder(&str[0], str.size());
+ if (n == 0) throw std::runtime_error("blsGetCurveOrder");
+ str.resize(n);
+}
+inline void getFieldOrder(std::string& str)
+{
+ str.resize(1024);
+ mclSize n = blsGetFieldOrder(&str[0], str.size());
+ if (n == 0) throw std::runtime_error("blsGetFieldOrder");
+ str.resize(n);
+}
+inline int getG1ByteSize() { return blsGetG1ByteSize(); }
+inline int getFrByteSize() { return blsGetFrByteSize(); }
+
+namespace local {
+/*
+ the value of secretKey and Id must be less than
+ r = 0x2523648240000001ba344d8000000007ff9f800000000010a10000000000000d
+ sizeof(uint64_t) * keySize byte
+*/
+const size_t keySize = MCLBN_FP_UNIT_SIZE;
+}
+
+class SecretKey;
+class PublicKey;
+class Signature;
+class Id;
+
+typedef std::vector<SecretKey> SecretKeyVec;
+typedef std::vector<PublicKey> PublicKeyVec;
+typedef std::vector<Signature> SignatureVec;
+typedef std::vector<Id> IdVec;
+
+class Id {
+ blsId self_;
+ friend class PublicKey;
+ friend class SecretKey;
+ friend class Signature;
+public:
+ Id(unsigned int id = 0)
+ {
+ blsIdSetInt(&self_, id);
+ }
+ bool operator==(const Id& rhs) const
+ {
+ return blsIdIsEqual(&self_, &rhs.self_) == 1;
+ }
+ bool operator!=(const Id& rhs) const { return !(*this == rhs); }
+ friend std::ostream& operator<<(std::ostream& os, const Id& id)
+ {
+ std::string str;
+ id.getStr(str, 16|IoPrefix);
+ return os << str;
+ }
+ friend std::istream& operator>>(std::istream& is, Id& id)
+ {
+ std::string str;
+ is >> str;
+ id.setStr(str, 16);
+ return is;
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.resize(1024);
+ size_t n = mclBnFr_getStr(&str[0], str.size(), &self_.v, ioMode);
+ if (n == 0) throw std::runtime_error("mclBnFr_getStr");
+ str.resize(n);
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ int ret = mclBnFr_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+ if (ret != 0) throw std::runtime_error("mclBnFr_setStr");
+ }
+ bool isZero() const
+ {
+ return mclBnFr_isZero(&self_.v) == 1;
+ }
+ /*
+ set p[0, .., keySize)
+ @note the value must be less than r
+ */
+ void set(const uint64_t *p)
+ {
+ setLittleEndian(p, local::keySize * sizeof(uint64_t));
+ }
+ // bufSize is truncted/zero extended to keySize
+ void setLittleEndian(const void *buf, size_t bufSize)
+ {
+ mclBnFr_setLittleEndian(&self_.v, buf, bufSize);
+ }
+};
+
+/*
+ s ; secret key
+*/
+class SecretKey {
+ blsSecretKey self_;
+public:
+ bool operator==(const SecretKey& rhs) const
+ {
+ return blsSecretKeyIsEqual(&self_, &rhs.self_) == 1;
+ }
+ bool operator!=(const SecretKey& rhs) const { return !(*this == rhs); }
+ friend std::ostream& operator<<(std::ostream& os, const SecretKey& sec)
+ {
+ std::string str;
+ sec.getStr(str, 16|IoPrefix);
+ return os << str;
+ }
+ friend std::istream& operator>>(std::istream& is, SecretKey& sec)
+ {
+ std::string str;
+ is >> str;
+ sec.setStr(str);
+ return is;
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.resize(1024);
+ size_t n = mclBnFr_getStr(&str[0], str.size(), &self_.v, ioMode);
+ if (n == 0) throw std::runtime_error("mclBnFr_getStr");
+ str.resize(n);
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ int ret = mclBnFr_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+ if (ret != 0) throw std::runtime_error("mclBnFr_setStr");
+ }
+ /*
+ initialize secretKey with random number
+ */
+ void init()
+ {
+ int ret = blsSecretKeySetByCSPRNG(&self_);
+ if (ret != 0) throw std::runtime_error("blsSecretKeySetByCSPRNG");
+ }
+ /*
+ set secretKey with p[0, .., keySize) and set id = 0
+ @note the value must be less than r
+ */
+ void set(const uint64_t *p)
+ {
+ setLittleEndian(p, local::keySize * sizeof(uint64_t));
+ }
+ // bufSize is truncted/zero extended to keySize
+ void setLittleEndian(const void *buf, size_t bufSize)
+ {
+ mclBnFr_setLittleEndian(&self_.v, buf, bufSize);
+ }
+ // set hash of buf
+ void setHashOf(const void *buf, size_t bufSize)
+ {
+ int ret = mclBnFr_setHashOf(&self_.v, buf, bufSize);
+ if (ret != 0) throw std::runtime_error("mclBnFr_setHashOf");
+ }
+ void getPublicKey(PublicKey& pub) const;
+ // constant time sign
+ // sign hash(m)
+ void sign(Signature& sig, const void *m, size_t size) const;
+ void sign(Signature& sig, const std::string& m) const
+ {
+ sign(sig, m.c_str(), m.size());
+ }
+ // sign hashed value
+ void signHash(Signature& sig, const void *h, size_t size) const;
+ void signHash(Signature& sig, const std::string& h) const
+ {
+ signHash(sig, h.c_str(), h.size());
+ }
+ /*
+ make Pop(Proof of Possesion)
+ pop = prv.sign(pub)
+ */
+ void getPop(Signature& pop) const;
+ /*
+ make [s_0, ..., s_{k-1}] to prepare k-out-of-n secret sharing
+ */
+ void getMasterSecretKey(SecretKeyVec& msk, size_t k) const
+ {
+ if (k <= 1) throw std::invalid_argument("getMasterSecretKey");
+ msk.resize(k);
+ msk[0] = *this;
+ for (size_t i = 1; i < k; i++) {
+ msk[i].init();
+ }
+ }
+ /*
+ set a secret key for id > 0 from msk
+ */
+ void set(const SecretKeyVec& msk, const Id& id)
+ {
+ set(msk.data(), msk.size(), id);
+ }
+ /*
+ recover secretKey from k secVec
+ */
+ void recover(const SecretKeyVec& secVec, const IdVec& idVec)
+ {
+ if (secVec.size() != idVec.size()) throw std::invalid_argument("SecretKey:recover");
+ recover(secVec.data(), idVec.data(), idVec.size());
+ }
+ /*
+ add secret key
+ */
+ void add(const SecretKey& rhs);
+
+ // the following methods are for C api
+ /*
+ the size of msk must be k
+ */
+ void set(const SecretKey *msk, size_t k, const Id& id)
+ {
+ int ret = blsSecretKeyShare(&self_, &msk->self_, k, &id.self_);
+ if (ret != 0) throw std::runtime_error("blsSecretKeyShare");
+ }
+ void recover(const SecretKey *secVec, const Id *idVec, size_t n)
+ {
+ int ret = blsSecretKeyRecover(&self_, &secVec->self_, &idVec->self_, n);
+ if (ret != 0) throw std::runtime_error("blsSecretKeyRecover:same id");
+ }
+};
+
+/*
+ sQ ; public key
+*/
+class PublicKey {
+ blsPublicKey self_;
+ friend class SecretKey;
+ friend class Signature;
+public:
+ bool operator==(const PublicKey& rhs) const
+ {
+ return blsPublicKeyIsEqual(&self_, &rhs.self_) == 1;
+ }
+ bool operator!=(const PublicKey& rhs) const { return !(*this == rhs); }
+ friend std::ostream& operator<<(std::ostream& os, const PublicKey& pub)
+ {
+ std::string str;
+ pub.getStr(str, 16|IoPrefix);
+ return os << str;
+ }
+ friend std::istream& operator>>(std::istream& is, PublicKey& pub)
+ {
+ std::string str;
+ is >> str;
+ if (str != "0") {
+ // 1 <x.a> <x.b> <y.a> <y.b>
+ std::string t;
+#ifdef BLS_SWAP_G
+ const int elemNum = 2;
+#else
+ const int elemNum = 4;
+#endif
+ for (int i = 0; i < elemNum; i++) {
+ is >> t;
+ str += ' ';
+ str += t;
+ }
+ }
+ pub.setStr(str, 16);
+ return is;
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.resize(1024);
+#ifdef BLS_SWAP_G
+ size_t n = mclBnG1_getStr(&str[0], str.size(), &self_.v, ioMode);
+#else
+ size_t n = mclBnG2_getStr(&str[0], str.size(), &self_.v, ioMode);
+#endif
+ if (n == 0) throw std::runtime_error("PublicKey:getStr");
+ str.resize(n);
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+#ifdef BLS_SWAP_G
+ int ret = mclBnG1_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+#else
+ int ret = mclBnG2_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+#endif
+ if (ret != 0) throw std::runtime_error("PublicKey:setStr");
+ }
+ /*
+ set public for id from mpk
+ */
+ void set(const PublicKeyVec& mpk, const Id& id)
+ {
+ set(mpk.data(), mpk.size(), id);
+ }
+ /*
+ recover publicKey from k pubVec
+ */
+ void recover(const PublicKeyVec& pubVec, const IdVec& idVec)
+ {
+ if (pubVec.size() != idVec.size()) throw std::invalid_argument("PublicKey:recover");
+ recover(pubVec.data(), idVec.data(), idVec.size());
+ }
+ /*
+ add public key
+ */
+ void add(const PublicKey& rhs)
+ {
+ blsPublicKeyAdd(&self_, &rhs.self_);
+ }
+
+ // the following methods are for C api
+ void set(const PublicKey *mpk, size_t k, const Id& id)
+ {
+ int ret = blsPublicKeyShare(&self_, &mpk->self_, k, &id.self_);
+ if (ret != 0) throw std::runtime_error("blsPublicKeyShare");
+ }
+ void recover(const PublicKey *pubVec, const Id *idVec, size_t n)
+ {
+ int ret = blsPublicKeyRecover(&self_, &pubVec->self_, &idVec->self_, n);
+ if (ret != 0) throw std::runtime_error("blsPublicKeyRecover");
+ }
+};
+
+/*
+ s H(m) ; signature
+*/
+class Signature {
+ blsSignature self_;
+ friend class SecretKey;
+public:
+ bool operator==(const Signature& rhs) const
+ {
+ return blsSignatureIsEqual(&self_, &rhs.self_) == 1;
+ }
+ bool operator!=(const Signature& rhs) const { return !(*this == rhs); }
+ friend std::ostream& operator<<(std::ostream& os, const Signature& sig)
+ {
+ std::string str;
+ sig.getStr(str, 16|IoPrefix);
+ return os << str;
+ }
+ friend std::istream& operator>>(std::istream& is, Signature& sig)
+ {
+ std::string str;
+ is >> str;
+ if (str != "0") {
+ // 1 <x> <y>
+ std::string t;
+#ifdef BLS_SWAP_G
+ const int elemNum = 4;
+#else
+ const int elemNum = 2;
+#endif
+ for (int i = 0; i < elemNum; i++) {
+ is >> t;
+ str += ' ';
+ str += t;
+ }
+ }
+ sig.setStr(str, 16);
+ return is;
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.resize(1024);
+#ifdef BLS_SWAP_G
+ size_t n = mclBnG2_getStr(&str[0], str.size(), &self_.v, ioMode);
+#else
+ size_t n = mclBnG1_getStr(&str[0], str.size(), &self_.v, ioMode);
+#endif
+ if (n == 0) throw std::runtime_error("Signature:tgetStr");
+ str.resize(n);
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+#ifdef BLS_SWAP_G
+ int ret = mclBnG2_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+#else
+ int ret = mclBnG1_setStr(&self_.v, str.c_str(), str.size(), ioMode);
+#endif
+ if (ret != 0) throw std::runtime_error("Signature:setStr");
+ }
+ bool verify(const PublicKey& pub, const void *m, size_t size) const
+ {
+ return blsVerify(&self_, &pub.self_, m, size) == 1;
+ }
+ bool verify(const PublicKey& pub, const std::string& m) const
+ {
+ return verify(pub, m.c_str(), m.size());
+ }
+ bool verifyHash(const PublicKey& pub, const void *h, size_t size) const
+ {
+ return blsVerifyHash(&self_, &pub.self_, h, size) == 1;
+ }
+ bool verifyHash(const PublicKey& pub, const std::string& h) const
+ {
+ return verifyHash(pub, h.c_str(), h.size());
+ }
+ bool verifyAggregatedHashes(const PublicKey *pubVec, const void *hVec, size_t sizeofHash, size_t n) const
+ {
+ return blsVerifyAggregatedHashes(&self_, &pubVec[0].self_, hVec, sizeofHash, n) == 1;
+ }
+ /*
+ verify self(pop) with pub
+ */
+ bool verify(const PublicKey& pub) const
+ {
+ std::string str;
+ pub.getStr(str);
+ return verify(pub, str);
+ }
+ /*
+ recover sig from k sigVec
+ */
+ void recover(const SignatureVec& sigVec, const IdVec& idVec)
+ {
+ if (sigVec.size() != idVec.size()) throw std::invalid_argument("Signature:recover");
+ recover(sigVec.data(), idVec.data(), idVec.size());
+ }
+ /*
+ add signature
+ */
+ void add(const Signature& rhs)
+ {
+ blsSignatureAdd(&self_, &rhs.self_);
+ }
+
+ // the following methods are for C api
+ void recover(const Signature* sigVec, const Id *idVec, size_t n)
+ {
+ int ret = blsSignatureRecover(&self_, &sigVec->self_, &idVec->self_, n);
+ if (ret != 0) throw std::runtime_error("blsSignatureRecover:same id");
+ }
+};
+
+/*
+ make master public key [s_0 Q, ..., s_{k-1} Q] from msk
+*/
+inline void getMasterPublicKey(PublicKeyVec& mpk, const SecretKeyVec& msk)
+{
+ const size_t n = msk.size();
+ mpk.resize(n);
+ for (size_t i = 0; i < n; i++) {
+ msk[i].getPublicKey(mpk[i]);
+ }
+}
+
+inline void SecretKey::getPublicKey(PublicKey& pub) const
+{
+ blsGetPublicKey(&pub.self_, &self_);
+}
+inline void SecretKey::sign(Signature& sig, const void *m, size_t size) const
+{
+ blsSign(&sig.self_, &self_, m, size);
+}
+inline void SecretKey::signHash(Signature& sig, const void *h, size_t size) const
+{
+ if (blsSignHash(&sig.self_, &self_, h, size) != 0) throw std::runtime_error("bad h");
+}
+inline void SecretKey::getPop(Signature& pop) const
+{
+ PublicKey pub;
+ getPublicKey(pub);
+ std::string m;
+ pub.getStr(m);
+ sign(pop, m);
+}
+
+/*
+ make pop from msk and mpk
+*/
+inline void getPopVec(SignatureVec& popVec, const SecretKeyVec& msk)
+{
+ const size_t n = msk.size();
+ popVec.resize(n);
+ for (size_t i = 0; i < n; i++) {
+ msk[i].getPop(popVec[i]);
+ }
+}
+
+inline Signature operator+(const Signature& a, const Signature& b) { Signature r(a); r.add(b); return r; }
+inline PublicKey operator+(const PublicKey& a, const PublicKey& b) { PublicKey r(a); r.add(b); return r; }
+inline SecretKey operator+(const SecretKey& a, const SecretKey& b) { SecretKey r(a); r.add(b); return r; }
+
+} //bls
diff --git a/vendor/github.com/byzantine-lab/bls/lib/.emptydir b/vendor/github.com/byzantine-lab/bls/lib/.emptydir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/lib/.emptydir
diff --git a/vendor/github.com/byzantine-lab/bls/mk.bat b/vendor/github.com/byzantine-lab/bls/mk.bat
new file mode 100644
index 000000000..9bf8dd9e6
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/mk.bat
@@ -0,0 +1,20 @@
+@echo off
+if "%1"=="-s" (
+ echo use static lib
+ set CFLAGS=%CFLAGS% /DMCLBN_NO_AUTOLINK /DBLS_DONT_EXPORT
+) else if "%1"=="-d" (
+ echo use dynamic lib
+) else (
+ echo "mk (-s|-d) <source file>"
+ goto exit
+)
+set CFLAGS=%CFLAGS% -I../mcl/include
+set SRC=%2
+set EXE=%SRC:.cpp=.exe%
+set EXE=%EXE:.c=.exe%
+set EXE=%EXE:test\=bin\%
+set EXE=%EXE:sample\=bin\%
+echo cl %CFLAGS% %2 /Fe:%EXE% /link %LDFLAGS%
+cl %CFLAGS% %2 /Fe:%EXE% /link %LDFLAGS%
+
+:exit
diff --git a/vendor/github.com/byzantine-lab/bls/mkdll.bat b/vendor/github.com/byzantine-lab/bls/mkdll.bat
new file mode 100755
index 000000000..17e934f92
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/mkdll.bat
@@ -0,0 +1,8 @@
+rem @echo off
+
+call setvar.bat dll
+echo make bls384.dll
+cl /c %CFLAGS% /DBLS_NO_AUTOLINK /Foobj/bls_c.obj src/bls_c.cpp
+cl /c %CFLAGS% /DBLS_NO_AUTOLINK /Foobj/fp.obj ../mcl/src/fp.cpp
+lib /OUT:lib/bls384.lib /nodefaultlib obj/bls_c.obj obj/fp.obj %LDFLAGS%
+cl /LD /MT obj/bls_c.obj obj/fp.obj %CFLAGS% /link /out:bin/bls384.dll %LDFLAGS%
diff --git a/vendor/github.com/byzantine-lab/bls/mklib.bat b/vendor/github.com/byzantine-lab/bls/mklib.bat
new file mode 100644
index 000000000..4a60d7196
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/mklib.bat
@@ -0,0 +1,26 @@
+@echo off
+call ..\mcl\setvar.bat
+if "%1"=="dll" (
+ echo make dynamic library DLL
+) else (
+ echo make static library LIB
+)
+call setvar.bat
+
+if "%1"=="dll" (
+ cl /c %CFLAGS% /Foobj/bls_c256.obj src/bls_c256.cpp /DBLS_NO_AUTOLINK
+ cl /c %CFLAGS% /Foobj/bls_c384.obj src/bls_c384.cpp /DBLS_NO_AUTOLINK
+ cl /c %CFLAGS% /Foobj/bls_c384_256.obj src/bls_c384_256.cpp /DBLS_NO_AUTOLINK
+ cl /c %CFLAGS% /Foobj/fp.obj ../mcl/src/fp.cpp
+ link /nologo /DLL /OUT:bin\bls256.dll obj\bls_c256.obj obj\fp.obj %LDFLAGS% /implib:lib\bls256.lib
+ link /nologo /DLL /OUT:bin\bls384.dll obj\bls_c384.obj obj\fp.obj %LDFLAGS% /implib:lib\bls384.lib
+ link /nologo /DLL /OUT:bin\bls384_256.dll obj\bls_c384_256.obj obj\fp.obj %LDFLAGS% /implib:lib\bls384_256.lib
+) else (
+ cl /c %CFLAGS% /Foobj/bls_c256.obj src/bls_c256.cpp
+ cl /c %CFLAGS% /Foobj/bls_c384.obj src/bls_c384.cpp
+ cl /c %CFLAGS% /Foobj/bls_c384_256.obj src/bls_c384_256.cpp
+ cl /c %CFLAGS% /Foobj/fp.obj ../mcl/src/fp.cpp /DMCLBN_DONT_EXPORT
+ lib /OUT:lib/bls256.lib /nodefaultlib obj/bls_c256.obj obj/fp.obj %LDFLAGS%
+ lib /OUT:lib/bls384.lib /nodefaultlib obj/bls_c384.obj obj/fp.obj %LDFLAGS%
+ lib /OUT:lib/bls384_256.lib /nodefaultlib obj/bls_c384_256.obj obj/fp.obj %LDFLAGS%
+)
diff --git a/vendor/github.com/byzantine-lab/bls/obj/.emptydir b/vendor/github.com/byzantine-lab/bls/obj/.emptydir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/obj/.emptydir
diff --git a/vendor/github.com/byzantine-lab/bls/readme.md b/vendor/github.com/byzantine-lab/bls/readme.md
new file mode 100644
index 000000000..b1efb3f36
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/readme.md
@@ -0,0 +1,187 @@
+[![Build Status](https://travis-ci.com/dexon-foundation/bls.png?branch=dev)](https://travis-ci.com/dexon-foundation/bls)
+
+# BLS threshold signature
+
+An implementation of BLS threshold signature
+
+# Installation Requirements
+
+Create a working directory (e.g., work) and clone the following repositories.
+```
+mkdir work
+cd work
+git clone git://github.com/dexon-foundation/mcl.git
+git clone git://github.com/dexon-foundation/bls.git
+git clone git://github.com/herumi/cybozulib_ext ; for only Windows
+```
+
+# News
+* (Break backward compatibility) The suffix `_dy` of library name is removed and bls\*.a requires libmcl.so set LD_LIBRARY_PATH to the directory.
+* -tags option for Go bindings
+ * -tags bn256
+ * -tags bn384\_256
+ * -tags bn384 ; default mode
+* Support swap of G1 and G2
+ * `make BLS_SWAP_G=1` then G1 is assigned to PublicKey and G2 is assigned to Signature.
+ * golang binding does not support this feature yet.
+* Build option without GMP
+ * `make MCL_USE_GMP=0`
+* Build option without OpenSSL
+ * `make MCL_USE_OPENSSL=0`
+* Build option to specify `mcl` directory
+ * `make MCL_DIR=<mcl directory>`
+
+* (old) libbls.a for C++ interface(bls/bls.hpp) is removed
+Link `lib/libbls256.a` or `lib/libbls384.a` to use `bls/bls.hpp` according to MCLBN_FP_UNIT_SIZE = 4 or 6.
+
+# Build and test for Linux
+To make and test, run
+```
+cd bls
+make test
+```
+To make sample programs, run
+```
+make sample_test
+```
+
+# Build and test for Windows
+1) make static library and use it
+```
+mklib
+mk -s test\bls_c384_test.cpp
+bin\bls_c384_test.exe
+```
+
+2) make dynamic library and use it
+```
+mklib dll
+mk -d test\bls_c384_test.cpp
+bin\bls_c384_test.exe
+```
+
+# Library
+* libbls256.a/libbls256.so ; for BN254 compiled with MCLBN_FP_UNIT_SIZE=4
+* libbls384.a/libbls384.so ; for BN254/BN381_1/BLS12_381 compiled with MCLBN_FP_UNIT_SIZE=6
+* libbls384_256.a/libbls384_256.so ; for BN254/BLS12_381 compiled with MCLBN_FP_UNIT_SIZE=6 and MCLBN_FR_UNIT_SIZE=4
+
+See `mcl/include/curve_type.h` for curve parameter
+
+# API
+
+## Basic API
+
+BLS signature
+```
+e : G2 x G1 -> Fp12 ; optimal ate pairing over BN curve
+Q in G2 ; fixed global parameter
+H : {str} -> G1
+s in Fr: secret key
+sQ in G2; public key
+s H(m) in G1; signature of m
+verify ; e(sQ, H(m)) = e(Q, s H(m))
+```
+
+```
+void bls::init();
+```
+
+Initialize this library. Call this once to use the other api.
+
+```
+void SecretKey::init();
+```
+
+Initialize the instance of SecretKey. `s` is a random number.
+
+```
+void SecretKey::getPublicKey(PublicKey& pub) const;
+```
+
+Get public key `sQ` for the secret key `s`.
+
+```
+void SecretKey::sign(Sign& sign, const std::string& m) const;
+```
+
+Make sign `s H(m)` from message m.
+
+```
+bool Sign::verify(const PublicKey& pub, const std::string& m) const;
+```
+
+Verify sign with pub and m and return true if it is valid.
+
+```
+e(sQ, H(m)) == e(Q, s H(m))
+```
+
+### Secret Sharing API
+
+```
+void SecretKey::getMasterSecretKey(SecretKeyVec& msk, size_t k) const;
+```
+
+Prepare k-out-of-n secret sharing for the secret key.
+`msk[0]` is the original secret key `s` and `msk[i]` for i > 0 are random secret key.
+
+```
+void SecretKey::set(const SecretKeyVec& msk, const Id& id);
+```
+
+Make secret key f(id) from msk and id where f(x) = msk[0] + msk[1] x + ... + msk[k-1] x^{k-1}.
+
+You can make a public key `f(id)Q` from each secret key f(id) for id != 0 and sign a message.
+
+```
+void Sign::recover(const SignVec& signVec, const IdVec& idVec);
+```
+
+Collect k pair of sign `f(id) H(m)` and `id` for a message m and recover the original signature `s H(m)` for the secret key `s`.
+
+### PoP (Proof of Possesion)
+
+```
+void SecretKey::getPop(Sign& pop) const;
+```
+
+Sign pub and make a pop `s H(sQ)`
+
+```
+bool Sign::verify(const PublicKey& pub) const;
+```
+
+Verify a public key by pop.
+
+# Check the order of a point
+
+deserializer functions check whether a point has correct order and
+the cost is heavy for especially G2.
+If you do not want to check it, then call
+```
+void blsSignatureVerifyOrder(false);
+void blsPublicKeyVerifyOrder(false);
+```
+
+cf. subgroup attack
+
+# Go
+```
+make test_go
+```
+
+# WASM(WebAssembly)
+```
+mkdir ../bls-wasm
+make bls-wasm
+```
+see [BLS signature demo on browser](https://herumi.github.io/bls-wasm/bls-demo.html)
+
+# License
+
+modified new BSD License
+http://opensource.org/licenses/BSD-3-Clause
+
+# Author
+
+MITSUNARI Shigeo(herumi@nifty.com)
diff --git a/vendor/github.com/byzantine-lab/bls/release.props b/vendor/github.com/byzantine-lab/bls/release.props
new file mode 100644
index 000000000..886ce6890
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/release.props
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup />
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/bls/sample/bls_smpl.cpp b/vendor/github.com/byzantine-lab/bls/sample/bls_smpl.cpp
new file mode 100644
index 000000000..e812cd500
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/sample/bls_smpl.cpp
@@ -0,0 +1,168 @@
+#define MCLBN_FP_UNIT_SIZE 4
+#include <bls/bls.hpp>
+#include <cybozu/option.hpp>
+#include <cybozu/itoa.hpp>
+#include <fstream>
+
+const std::string pubFile = "sample/publickey";
+const std::string secFile = "sample/secretkey";
+const std::string signFile = "sample/sign";
+
+std::string makeName(const std::string& name, const bls::Id& id)
+{
+ const std::string suf = ".txt";
+ if (id.isZero()) return name + suf;
+ std::ostringstream os;
+ os << name << '.' << id << suf;
+ return os.str();
+}
+
+template<class T>
+void save(const std::string& file, const T& t, const bls::Id& id = 0)
+{
+ const std::string name = makeName(file, id);
+ std::ofstream ofs(name.c_str(), std::ios::binary);
+ if (!(ofs << t)) {
+ throw cybozu::Exception("can't save") << name;
+ }
+}
+
+template<class T>
+void load(T& t, const std::string& file, const bls::Id& id = 0)
+{
+ const std::string name = makeName(file, id);
+ std::ifstream ifs(name.c_str(), std::ios::binary);
+ if (!(ifs >> t)) {
+ throw cybozu::Exception("can't load") << name;
+ }
+}
+
+int init()
+{
+ printf("make %s and %s files\n", secFile.c_str(), pubFile.c_str());
+ bls::SecretKey sec;
+ sec.init();
+ save(secFile, sec);
+ bls::PublicKey pub;
+ sec.getPublicKey(pub);
+ save(pubFile, pub);
+ return 0;
+}
+
+int sign(const std::string& m, int id)
+{
+ printf("sign message `%s` by id=%d\n", m.c_str(), id);
+ bls::SecretKey sec;
+ load(sec, secFile, id);
+ bls::Signature s;
+ sec.sign(s, m);
+ save(signFile, s, id);
+ return 0;
+}
+
+int verify(const std::string& m, int id)
+{
+ printf("verify message `%s` by id=%d\n", m.c_str(), id);
+ bls::PublicKey pub;
+ load(pub, pubFile, id);
+ bls::Signature s;
+ load(s, signFile, id);
+ if (s.verify(pub, m)) {
+ puts("verify ok");
+ return 0;
+ } else {
+ puts("verify err");
+ return 1;
+ }
+}
+
+int share(size_t n, size_t k)
+{
+ printf("%d-out-of-%d threshold sharing\n", (int)k, (int)n);
+ bls::SecretKey sec;
+ load(sec, secFile);
+ bls::SecretKeyVec msk;
+ sec.getMasterSecretKey(msk, k);
+ bls::SecretKeyVec secVec(n);
+ bls::IdVec ids(n);
+ for (size_t i = 0; i < n; i++) {
+ int id = i + 1;
+ ids[i] = id;
+ secVec[i].set(msk, id);
+ }
+ for (size_t i = 0; i < n; i++) {
+ save(secFile, secVec[i], ids[i]);
+ bls::PublicKey pub;
+ secVec[i].getPublicKey(pub);
+ save(pubFile, pub, ids[i]);
+ }
+ return 0;
+}
+
+int recover(const bls::IdVec& ids)
+{
+ printf("recover from");
+ for (size_t i = 0; i < ids.size(); i++) {
+ std::cout << ' ' << ids[i];
+ }
+ printf("\n");
+ bls::SignatureVec sigVec(ids.size());
+ for (size_t i = 0; i < sigVec.size(); i++) {
+ load(sigVec[i], signFile, ids[i]);
+ }
+ bls::Signature s;
+ s.recover(sigVec, ids);
+ save(signFile, s);
+ return 0;
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ bls::init(); // use BN254
+
+ std::string mode;
+ std::string m;
+ size_t n;
+ size_t k;
+ int id;
+ bls::IdVec ids;
+
+ cybozu::Option opt;
+ opt.appendParam(&mode, "init|sign|verify|share|recover");
+ opt.appendOpt(&n, 10, "n", ": k-out-of-n threshold");
+ opt.appendOpt(&k, 3, "k", ": k-out-of-n threshold");
+ opt.appendOpt(&m, "", "m", ": message to be signed");
+ opt.appendOpt(&id, 0, "id", ": id of secretKey");
+ opt.appendVec(&ids, "ids", ": select k id in [0, n). this option should be last");
+ opt.appendHelp("h");
+ if (!opt.parse(argc, argv)) {
+ goto ERR_EXIT;
+ }
+
+ if (mode == "init") {
+ return init();
+ } else if (mode == "sign") {
+ if (m.empty()) goto ERR_EXIT;
+ return sign(m, id);
+ } else if (mode == "verify") {
+ if (m.empty()) goto ERR_EXIT;
+ return verify(m, id);
+ } else if (mode == "share") {
+ return share(n, k);
+ } else if (mode == "recover") {
+ if (ids.empty()) {
+ fprintf(stderr, "use -ids option. ex. share -ids 1 3 5\n");
+ goto ERR_EXIT;
+ }
+ return recover(ids);
+ } else {
+ fprintf(stderr, "bad mode %s\n", mode.c_str());
+ }
+ERR_EXIT:
+ opt.usage();
+ return 1;
+} catch (std::exception& e) {
+ fprintf(stderr, "ERR %s\n", e.what());
+ return 1;
+}
diff --git a/vendor/github.com/byzantine-lab/bls/setvar.bat b/vendor/github.com/byzantine-lab/bls/setvar.bat
new file mode 100755
index 000000000..0ff286ab8
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/setvar.bat
@@ -0,0 +1,6 @@
+@echo off
+call ..\mcl\setvar.bat
+set CFLAGS=%CFLAGS% /I ..\mcl\include /I ./
+set LDFLAGS=%LDFLAGS% /LIBPATH:..\mcl\lib
+echo CFLAGS=%CFLAGS%
+echo LDFLAGS=%LDFLAGS%
diff --git a/vendor/github.com/byzantine-lab/bls/src/bls_c256.cpp b/vendor/github.com/byzantine-lab/bls/src/bls_c256.cpp
new file mode 100644
index 000000000..a9f3412ea
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/bls_c256.cpp
@@ -0,0 +1,3 @@
+#define MCLBN_FP_UNIT_SIZE 4
+#include "bls_c_impl.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/src/bls_c384.cpp b/vendor/github.com/byzantine-lab/bls/src/bls_c384.cpp
new file mode 100644
index 000000000..d28f8547b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/bls_c384.cpp
@@ -0,0 +1,3 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#include "bls_c_impl.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/src/bls_c384_256.cpp b/vendor/github.com/byzantine-lab/bls/src/bls_c384_256.cpp
new file mode 100644
index 000000000..3dcb3e7d7
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/bls_c384_256.cpp
@@ -0,0 +1,4 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#define MCLBN_FR_UNIT_SIZE 4
+#include "bls_c_impl.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/src/bls_c_impl.hpp b/vendor/github.com/byzantine-lab/bls/src/bls_c_impl.hpp
new file mode 100644
index 000000000..b38c1ad06
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/bls_c_impl.hpp
@@ -0,0 +1,614 @@
+#define MCLBN_DONT_EXPORT
+#define BLS_DLL_EXPORT
+
+#include <bls/bls.h>
+
+#if 1
+#include "mcl/impl/bn_c_impl.hpp"
+#else
+#if MCLBN_FP_UNIT_SIZE == 4 && MCLBN_FR_UNIT_SIZE == 4
+#include <mcl/bn256.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 6
+#include <mcl/bn384.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 4
+#include <mcl/bls12_381.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 8 && MCLBN_FR_UNIT_SIZE == 8
+#include <mcl/bn512.hpp>
+#else
+ #error "not supported size"
+#endif
+#include <mcl/lagrange.hpp>
+using namespace mcl::bn;
+inline Fr *cast(mclBnFr *p) { return reinterpret_cast<Fr*>(p); }
+inline const Fr *cast(const mclBnFr *p) { return reinterpret_cast<const Fr*>(p); }
+
+inline G1 *cast(mclBnG1 *p) { return reinterpret_cast<G1*>(p); }
+inline const G1 *cast(const mclBnG1 *p) { return reinterpret_cast<const G1*>(p); }
+
+inline G2 *cast(mclBnG2 *p) { return reinterpret_cast<G2*>(p); }
+inline const G2 *cast(const mclBnG2 *p) { return reinterpret_cast<const G2*>(p); }
+
+inline Fp12 *cast(mclBnGT *p) { return reinterpret_cast<Fp12*>(p); }
+inline const Fp12 *cast(const mclBnGT *p) { return reinterpret_cast<const Fp12*>(p); }
+
+inline Fp6 *cast(uint64_t *p) { return reinterpret_cast<Fp6*>(p); }
+inline const Fp6 *cast(const uint64_t *p) { return reinterpret_cast<const Fp6*>(p); }
+#endif
+
+void Gmul(G1& z, const G1& x, const Fr& y) { G1::mul(z, x, y); }
+void Gmul(G2& z, const G2& x, const Fr& y) { G2::mul(z, x, y); }
+void GmulCT(G1& z, const G1& x, const Fr& y) { G1::mulCT(z, x, y); }
+void GmulCT(G2& z, const G2& x, const Fr& y) { G2::mulCT(z, x, y); }
+
+/*
+ BLS signature
+ e : G1 x G2 -> GT
+ Q in G2 ; fixed global parameter
+ H : {str} -> G1
+ s : secret key
+ sQ ; public key
+ s H(m) ; signature of m
+ verify ; e(sQ, H(m)) = e(Q, s H(m))
+
+ swap G1 and G2 if BLS_SWAP_G is defined
+ @note the current implementation does not support precomputed miller loop
+*/
+
+#ifdef BLS_SWAP_G
+static G1 g_P;
+inline const G1& getBasePoint() { return g_P; }
+#else
+static G2 g_Q;
+const size_t maxQcoeffN = 128;
+static mcl::FixedArray<Fp6, maxQcoeffN> g_Qcoeff; // precomputed Q
+inline const G2& getBasePoint() { return g_Q; }
+inline const mcl::FixedArray<Fp6, maxQcoeffN>& getQcoeff() { return g_Qcoeff; }
+#endif
+
+int blsInitNotThreadSafe(int curve, int compiledTimeVar)
+{
+ if (compiledTimeVar != MCLBN_COMPILED_TIME_VAR) {
+ return -(compiledTimeVar | (MCLBN_COMPILED_TIME_VAR * 100));
+ }
+ const mcl::CurveParam& cp = mcl::getCurveParam(curve);
+ bool b;
+ initPairing(&b, cp);
+ if (!b) return -1;
+
+#ifdef BLS_SWAP_G
+ mapToG1(&b, g_P, 1);
+#else
+
+ if (curve == MCL_BN254) {
+ const char *Qx_BN254 = "11ccb44e77ac2c5dc32a6009594dbe331ec85a61290d6bbac8cc7ebb2dceb128 f204a14bbdac4a05be9a25176de827f2e60085668becdd4fc5fa914c9ee0d9a";
+ const char *Qy_BN254 = "7c13d8487903ee3c1c5ea327a3a52b6cc74796b1760d5ba20ed802624ed19c8 8f9642bbaacb73d8c89492528f58932f2de9ac3e80c7b0e41f1a84f1c40182";
+ g_Q.x.setStr(&b, Qx_BN254, 16);
+ g_Q.y.setStr(&b, Qy_BN254, 16);
+ g_Q.z = 1;
+ } else {
+ mapToG2(&b, g_Q, 1);
+ }
+ if (!b) return -100;
+ if (curve == MCL_BN254) {
+ #include "./qcoeff-bn254.hpp"
+ g_Qcoeff.resize(BN::param.precomputedQcoeffSize);
+ assert(g_Qcoeff.size() == CYBOZU_NUM_OF_ARRAY(QcoeffTblBN254));
+ for (size_t i = 0; i < g_Qcoeff.size(); i++) {
+ Fp6& x6 = g_Qcoeff[i];
+ for (size_t j = 0; j < 6; j++) {
+ Fp& x = x6.getFp0()[j];
+ mcl::fp::Unit *p = const_cast<mcl::fp::Unit*>(x.getUnit());
+ for (size_t k = 0; k < 4; k++) {
+ p[k] = QcoeffTblBN254[i][j][k];
+ }
+ }
+ }
+ } else {
+ precomputeG2(&b, g_Qcoeff, getBasePoint());
+ }
+#endif
+ if (!b) return -101;
+ return 0;
+}
+
+#ifdef __EMSCRIPTEN__
+extern "C" BLS_DLL_API void *blsMalloc(size_t n)
+{
+ return malloc(n);
+}
+extern "C" BLS_DLL_API void blsFree(void *p)
+{
+ free(p);
+}
+#endif
+
+#if !defined(__EMSCRIPTEN__) && !defined(__wasm__)
+ #if defined(CYBOZU_CPP_VERSION) && CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+ #include <mutex>
+ #define USE_STD_MUTEX
+ #else
+ #include <cybozu/mutex.hpp>
+ #define USE_CYBOZU_MUTEX
+ #endif
+#endif
+
+int blsInit(int curve, int compiledTimeVar)
+{
+ int ret = 0;
+#ifdef USE_STD_MUTEX
+ static std::mutex m;
+ std::lock_guard<std::mutex> lock(m);
+#elif defined(USE_CYBOZU_MUTEX)
+ static cybozu::Mutex m;
+ cybozu::AutoLock lock(m);
+#endif
+ static int g_curve = -1;
+ if (g_curve != curve) {
+ ret = blsInitNotThreadSafe(curve, compiledTimeVar);
+ g_curve = curve;
+ }
+ return ret;
+}
+
+static inline const mclBnG1 *cast(const G1* x) { return (const mclBnG1*)x; }
+static inline const mclBnG2 *cast(const G2* x) { return (const mclBnG2*)x; }
+
+void blsIdSetInt(blsId *id, int x)
+{
+ *cast(&id->v) = x;
+}
+
+int blsSecretKeySetLittleEndian(blsSecretKey *sec, const void *buf, mclSize bufSize)
+{
+ cast(&sec->v)->setArrayMask((const char *)buf, bufSize);
+ return 0;
+}
+int blsSecretKeySetLittleEndianMod(blsSecretKey *sec, const void *buf, mclSize bufSize)
+{
+ bool b;
+ cast(&sec->v)->setArray(&b, (const char *)buf, bufSize, mcl::fp::Mod);
+ return b ? 0 : -1;
+}
+
+void blsGetPublicKey(blsPublicKey *pub, const blsSecretKey *sec)
+{
+ Gmul(*cast(&pub->v), getBasePoint(), *cast(&sec->v));
+}
+
+void blsSign(blsSignature *sig, const blsSecretKey *sec, const void *m, mclSize size)
+{
+#ifdef BLS_SWAP_G
+ G2 Hm;
+ hashAndMapToG2(Hm, m, size);
+#else
+ G1 Hm;
+ hashAndMapToG1(Hm, m, size);
+#endif
+ GmulCT(*cast(&sig->v), Hm, *cast(&sec->v));
+}
+
+#ifdef BLS_SWAP_G
+/*
+ e(P, sHm) == e(sP, Hm)
+ <=> finalExp(ML(P, sHm) * e(-sP, Hm)) == 1
+*/
+bool isEqualTwoPairings(const G2& sHm, const G1& sP, const G2& Hm)
+{
+ GT e1, e2;
+ millerLoop(e1, getBasePoint(), sHm);
+ G1 neg_sP;
+ G1::neg(neg_sP, sP);
+ millerLoop(e2, neg_sP, Hm);
+ e1 *= e2;
+ finalExp(e1, e1);
+ return e1.isOne();
+}
+#else
+/*
+ e(P1, Q1) == e(P2, Q2)
+ <=> finalExp(ML(P1, Q1)) == finalExp(ML(P2, Q2))
+ <=> finalExp(ML(P1, Q1) / ML(P2, Q2)) == 1
+ <=> finalExp(ML(P1, Q1) * ML(-P2, Q2)) == 1
+ Q1 is precomputed
+*/
+bool isEqualTwoPairings(const G1& P1, const Fp6* Q1coeff, const G1& P2, const G2& Q2)
+{
+ GT e;
+ precomputedMillerLoop2mixed(e, P2, Q2, -P1, Q1coeff);
+ finalExp(e, e);
+ return e.isOne();
+}
+#endif
+
+int blsVerify(const blsSignature *sig, const blsPublicKey *pub, const void *m, mclSize size)
+{
+#ifdef BLS_SWAP_G
+ G2 Hm;
+ hashAndMapToG2(Hm, m, size);
+ return isEqualTwoPairings(*cast(&sig->v), *cast(&pub->v), Hm);
+#else
+ G1 Hm;
+ hashAndMapToG1(Hm, m, size);
+ /*
+ e(sHm, Q) = e(Hm, sQ)
+ e(sig, Q) = e(Hm, pub)
+ */
+ return isEqualTwoPairings(*cast(&sig->v), getQcoeff().data(), Hm, *cast(&pub->v));
+#endif
+}
+
+mclSize blsIdSerialize(void *buf, mclSize maxBufSize, const blsId *id)
+{
+ return cast(&id->v)->serialize(buf, maxBufSize);
+}
+
+mclSize blsSecretKeySerialize(void *buf, mclSize maxBufSize, const blsSecretKey *sec)
+{
+ return cast(&sec->v)->serialize(buf, maxBufSize);
+}
+
+mclSize blsPublicKeySerialize(void *buf, mclSize maxBufSize, const blsPublicKey *pub)
+{
+ return cast(&pub->v)->serialize(buf, maxBufSize);
+}
+
+mclSize blsSignatureSerialize(void *buf, mclSize maxBufSize, const blsSignature *sig)
+{
+ return cast(&sig->v)->serialize(buf, maxBufSize);
+}
+
+mclSize blsIdDeserialize(blsId *id, const void *buf, mclSize bufSize)
+{
+ return cast(&id->v)->deserialize(buf, bufSize);
+}
+
+mclSize blsSecretKeyDeserialize(blsSecretKey *sec, const void *buf, mclSize bufSize)
+{
+ return cast(&sec->v)->deserialize(buf, bufSize);
+}
+
+mclSize blsPublicKeyDeserialize(blsPublicKey *pub, const void *buf, mclSize bufSize)
+{
+ return cast(&pub->v)->deserialize(buf, bufSize);
+}
+
+mclSize blsSignatureDeserialize(blsSignature *sig, const void *buf, mclSize bufSize)
+{
+ return cast(&sig->v)->deserialize(buf, bufSize);
+}
+
+int blsIdIsEqual(const blsId *lhs, const blsId *rhs)
+{
+ return *cast(&lhs->v) == *cast(&rhs->v);
+}
+
+int blsSecretKeyIsEqual(const blsSecretKey *lhs, const blsSecretKey *rhs)
+{
+ return *cast(&lhs->v) == *cast(&rhs->v);
+}
+
+int blsPublicKeyIsEqual(const blsPublicKey *lhs, const blsPublicKey *rhs)
+{
+ return *cast(&lhs->v) == *cast(&rhs->v);
+}
+
+int blsSignatureIsEqual(const blsSignature *lhs, const blsSignature *rhs)
+{
+ return *cast(&lhs->v) == *cast(&rhs->v);
+}
+
+int blsSecretKeyShare(blsSecretKey *sec, const blsSecretKey* msk, mclSize k, const blsId *id)
+{
+ bool b;
+ mcl::evaluatePolynomial(&b, *cast(&sec->v), cast(&msk->v), k, *cast(&id->v));
+ return b ? 0 : -1;
+}
+
+int blsPublicKeyShare(blsPublicKey *pub, const blsPublicKey *mpk, mclSize k, const blsId *id)
+{
+ bool b;
+ mcl::evaluatePolynomial(&b, *cast(&pub->v), cast(&mpk->v), k, *cast(&id->v));
+ return b ? 0 : -1;
+}
+
+int blsSecretKeyRecover(blsSecretKey *sec, const blsSecretKey *secVec, const blsId *idVec, mclSize n)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(&sec->v), cast(&idVec->v), cast(&secVec->v), n);
+ return b ? 0 : -1;
+}
+
+int blsPublicKeyRecover(blsPublicKey *pub, const blsPublicKey *pubVec, const blsId *idVec, mclSize n)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(&pub->v), cast(&idVec->v), cast(&pubVec->v), n);
+ return b ? 0 : -1;
+}
+
+int blsSignatureRecover(blsSignature *sig, const blsSignature *sigVec, const blsId *idVec, mclSize n)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(&sig->v), cast(&idVec->v), cast(&sigVec->v), n);
+ return b ? 0 : -1;
+}
+
+void blsSecretKeyAdd(blsSecretKey *sec, const blsSecretKey *rhs)
+{
+ *cast(&sec->v) += *cast(&rhs->v);
+}
+
+void blsPublicKeyAdd(blsPublicKey *pub, const blsPublicKey *rhs)
+{
+ *cast(&pub->v) += *cast(&rhs->v);
+}
+
+void blsSignatureAdd(blsSignature *sig, const blsSignature *rhs)
+{
+ *cast(&sig->v) += *cast(&rhs->v);
+}
+
+void blsSignatureVerifyOrder(int doVerify)
+{
+#ifdef BLS_SWAP_G
+ verifyOrderG2(doVerify != 0);
+#else
+ verifyOrderG1(doVerify != 0);
+#endif
+}
+void blsPublicKeyVerifyOrder(int doVerify)
+{
+#ifdef BLS_SWAP_G
+ verifyOrderG1(doVerify != 0);
+#else
+ verifyOrderG2(doVerify != 0);
+#endif
+}
+int blsSignatureIsValidOrder(const blsSignature *sig)
+{
+ return cast(&sig->v)->isValidOrder();
+}
+int blsPublicKeyIsValidOrder(const blsPublicKey *pub)
+{
+ return cast(&pub->v)->isValidOrder();
+}
+
+#ifndef BLS_MINIMUM_API
+template<class G>
+inline bool toG(G& Hm, const void *h, mclSize size)
+{
+ Fp t;
+ t.setArrayMask((const char *)h, size);
+ bool b;
+#ifdef BLS_SWAP_G
+ BN::mapToG2(&b, Hm, Fp2(t, 0));
+#else
+ BN::mapToG1(&b, Hm, t);
+#endif
+ return b;
+}
+
+int blsVerifyAggregatedHashes(const blsSignature *aggSig, const blsPublicKey *pubVec, const void *hVec, size_t sizeofHash, mclSize n)
+{
+ if (n == 0) return 0;
+ GT e1, e2;
+ const char *ph = (const char*)hVec;
+#ifdef BLS_SWAP_G
+ millerLoop(e1, getBasePoint(), -*cast(&aggSig->v));
+ G2 h;
+ if (!toG(h, &ph[0], sizeofHash)) return 0;
+ BN::millerLoop(e2, *cast(&pubVec[0].v), h);
+ e1 *= e2;
+ for (size_t i = 1; i < n; i++) {
+ if (!toG(h, &ph[i * sizeofHash], sizeofHash)) return 0;
+ millerLoop(e2, *cast(&pubVec[i].v), h);
+ e1 *= e2;
+ }
+#else
+ /*
+ e(aggSig, Q) = prod_i e(hVec[i], pubVec[i])
+ <=> finalExp(ML(-aggSig, Q) * prod_i ML(hVec[i], pubVec[i])) == 1
+ */
+ BN::precomputedMillerLoop(e1, -*cast(&aggSig->v), g_Qcoeff.data());
+ G1 h;
+ if (!toG(h, &ph[0], sizeofHash)) return 0;
+ BN::millerLoop(e2, h, *cast(&pubVec[0].v));
+ e1 *= e2;
+ for (size_t i = 1; i < n; i++) {
+ if (!toG(h, &ph[i * sizeofHash], sizeofHash)) return 0;
+ BN::millerLoop(e2, h, *cast(&pubVec[i].v));
+ e1 *= e2;
+ }
+#endif
+ BN::finalExp(e1, e1);
+ return e1.isOne();
+}
+
+int blsSignHash(blsSignature *sig, const blsSecretKey *sec, const void *h, mclSize size)
+{
+#ifdef BLS_SWAP_G
+ G2 Hm;
+#else
+ G1 Hm;
+#endif
+ if (!toG(Hm, h, size)) return -1;
+ GmulCT(*cast(&sig->v), Hm, *cast(&sec->v));
+ return 0;
+}
+
+int blsVerifyPairing(const blsSignature *X, const blsSignature *Y, const blsPublicKey *pub)
+{
+#ifdef BLS_SWAP_G
+ return isEqualTwoPairings(*cast(&X->v), *cast(&pub->v), *cast(&Y->v));
+#else
+ return isEqualTwoPairings(*cast(&X->v), getQcoeff().data(), *cast(&Y->v), *cast(&pub->v));
+#endif
+}
+
+int blsVerifyHash(const blsSignature *sig, const blsPublicKey *pub, const void *h, mclSize size)
+{
+ blsSignature Hm;
+ if (!toG(*cast(&Hm.v), h, size)) return 0;
+ return blsVerifyPairing(sig, &Hm, pub);
+}
+
+void blsSecretKeySub(blsSecretKey *sec, const blsSecretKey *rhs)
+{
+ *cast(&sec->v) -= *cast(&rhs->v);
+}
+
+void blsPublicKeySub(blsPublicKey *pub, const blsPublicKey *rhs)
+{
+ *cast(&pub->v) -= *cast(&rhs->v);
+}
+
+void blsSignatureSub(blsSignature *sig, const blsSignature *rhs)
+{
+ *cast(&sig->v) -= *cast(&rhs->v);
+}
+
+mclSize blsGetOpUnitSize() // FpUint64Size
+{
+ return Fp::getUnitSize() * sizeof(mcl::fp::Unit) / sizeof(uint64_t);
+}
+
+int blsGetCurveOrder(char *buf, mclSize maxBufSize)
+{
+ return (int)Fr::getModulo(buf, maxBufSize);
+}
+
+int blsGetFieldOrder(char *buf, mclSize maxBufSize)
+{
+ return (int)Fp::getModulo(buf, maxBufSize);
+}
+
+int blsGetG1ByteSize()
+{
+ return (int)Fp::getByteSize();
+}
+
+int blsGetFrByteSize()
+{
+ return (int)Fr::getByteSize();
+}
+
+#ifdef BLS_SWAP_G
+void blsGetGeneratorOfG1(blsPublicKey *pub)
+{
+ *cast(&pub->v) = getBasePoint();
+}
+#else
+void blsGetGeneratorOfG2(blsPublicKey *pub)
+{
+ *cast(&pub->v) = getBasePoint();
+}
+#endif
+
+int blsIdSetDecStr(blsId *id, const char *buf, mclSize bufSize)
+{
+ return cast(&id->v)->deserialize(buf, bufSize, 10) > 0 ? 0 : -1;
+}
+int blsIdSetHexStr(blsId *id, const char *buf, mclSize bufSize)
+{
+ return cast(&id->v)->deserialize(buf, bufSize, 16) > 0 ? 0 : -1;
+}
+
+int blsIdSetLittleEndian(blsId *id, const void *buf, mclSize bufSize)
+{
+ cast(&id->v)->setArrayMask((const char *)buf, bufSize);
+ return 0;
+}
+
+mclSize blsIdGetDecStr(char *buf, mclSize maxBufSize, const blsId *id)
+{
+ return cast(&id->v)->getStr(buf, maxBufSize, 10);
+}
+
+mclSize blsIdGetHexStr(char *buf, mclSize maxBufSize, const blsId *id)
+{
+ return cast(&id->v)->getStr(buf, maxBufSize, 16);
+}
+
+int blsHashToSecretKey(blsSecretKey *sec, const void *buf, mclSize bufSize)
+{
+ cast(&sec->v)->setHashOf(buf, bufSize);
+ return 0;
+}
+
+#ifndef MCL_DONT_USE_CSPRNG
+int blsSecretKeySetByCSPRNG(blsSecretKey *sec)
+{
+ bool b;
+ cast(&sec->v)->setByCSPRNG(&b);
+ return b ? 0 : -1;
+}
+void blsSetRandFunc(void *self, unsigned int (*readFunc)(void *self, void *buf, unsigned int bufSize))
+{
+ mcl::fp::RandGen::setRandFunc(self, readFunc);
+}
+#endif
+
+void blsGetPop(blsSignature *sig, const blsSecretKey *sec)
+{
+ blsPublicKey pub;
+ blsGetPublicKey(&pub, sec);
+ char buf[1024];
+ mclSize n = cast(&pub.v)->serialize(buf, sizeof(buf));
+ assert(n);
+ blsSign(sig, sec, buf, n);
+}
+
+int blsVerifyPop(const blsSignature *sig, const blsPublicKey *pub)
+{
+ char buf[1024];
+ mclSize n = cast(&pub->v)->serialize(buf, sizeof(buf));
+ if (n == 0) return 0;
+ return blsVerify(sig, pub, buf, n);
+}
+
+mclSize blsIdGetLittleEndian(void *buf, mclSize maxBufSize, const blsId *id)
+{
+ return cast(&id->v)->serialize(buf, maxBufSize);
+}
+int blsSecretKeySetDecStr(blsSecretKey *sec, const char *buf, mclSize bufSize)
+{
+ return cast(&sec->v)->deserialize(buf, bufSize, 10) > 0 ? 0 : -1;
+}
+int blsSecretKeySetHexStr(blsSecretKey *sec, const char *buf, mclSize bufSize)
+{
+ return cast(&sec->v)->deserialize(buf, bufSize, 16) > 0 ? 0 : -1;
+}
+mclSize blsSecretKeyGetLittleEndian(void *buf, mclSize maxBufSize, const blsSecretKey *sec)
+{
+ return cast(&sec->v)->serialize(buf, maxBufSize);
+}
+mclSize blsSecretKeyGetDecStr(char *buf, mclSize maxBufSize, const blsSecretKey *sec)
+{
+ return cast(&sec->v)->getStr(buf, maxBufSize, 10);
+}
+mclSize blsSecretKeyGetHexStr(char *buf, mclSize maxBufSize, const blsSecretKey *sec)
+{
+ return cast(&sec->v)->getStr(buf, maxBufSize, 16);
+}
+int blsPublicKeySetHexStr(blsPublicKey *pub, const char *buf, mclSize bufSize)
+{
+ return cast(&pub->v)->deserialize(buf, bufSize, 16) > 0 ? 0 : -1;
+}
+mclSize blsPublicKeyGetHexStr(char *buf, mclSize maxBufSize, const blsPublicKey *pub)
+{
+ return cast(&pub->v)->getStr(buf, maxBufSize, 16);
+}
+int blsSignatureSetHexStr(blsSignature *sig, const char *buf, mclSize bufSize)
+{
+ return cast(&sig->v)->deserialize(buf, bufSize, 16) > 0 ? 0 : -1;
+}
+mclSize blsSignatureGetHexStr(char *buf, mclSize maxBufSize, const blsSignature *sig)
+{
+ return cast(&sig->v)->getStr(buf, maxBufSize, 16);
+}
+void blsDHKeyExchange(blsPublicKey *out, const blsSecretKey *sec, const blsPublicKey *pub)
+{
+ GmulCT(*cast(&out->v), *cast(&pub->v), *cast(&sec->v));
+}
+
+#endif
+
diff --git a/vendor/github.com/byzantine-lab/bls/src/proj/bls.vcxproj b/vendor/github.com/byzantine-lab/bls/src/proj/bls.vcxproj
new file mode 100644
index 000000000..b78c97919
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/proj/bls.vcxproj
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{1DBB979A-C212-45CD-9563-446A96F87F71}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>ec_test</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>StaticLibrary</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>v140</PlatformToolset>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="$(SolutionDir)common.props" />
+ <Import Project="$(SolutionDir)debug.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="$(SolutionDir)common.props" />
+ <Import Project="$(SolutionDir)release.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ <TargetExt>.lib</TargetExt>
+ <OutDir>$(SolutionDir)lib\</OutDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ <TargetExt>.lib</TargetExt>
+ <OutDir>$(SolutionDir)lib\</OutDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <ClCompile Include="$(SolutionDir)src\bls.cpp" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/bls/src/qcoeff-bn254.hpp b/vendor/github.com/byzantine-lab/bls/src/qcoeff-bn254.hpp
new file mode 100644
index 000000000..18d169568
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/src/qcoeff-bn254.hpp
@@ -0,0 +1,564 @@
+#if MCL_SIZEOF_UNIT == 8
+static const uint64_t QcoeffTblBN254[][6][4] = {
+ {
+ {0x8c5c1b842e501310ull,0x6a418cdaced77710ull,0xf5ad725dd0d9a5ffull,0x012d501f32362f48ull,},
+ {0xb8a8a8c11e51dc62ull,0xeaeb87e0f25a8611ull,0x9ba8738e4483d511ull,0x0664a4e36d64379eull,},
+ {0x4a5af38c0aa5930aull,0x189fef61a74c388dull,0x83cc3225c7748527ull,0x2107491582310dc6ull,},
+ {0x43aef621120a524aull,0x359d06a56e339486ull,0xdf5ab35e2222d9b1ull,0x20968bac939743acull,},
+ {0xe8e4c0bb65cd67b8ull,0x255a0859bc55ff2cull,0xf1c57d1da3c060c6ull,0x138d83468f42cc0eull,},
+ {0xdf985e5f768c149cull,0xa059c65c4b5da3ffull,0xed3d38d9f77bb968ull,0x02281f01255a850cull,},
+ },
+ {
+ {0xe3f53d8cfb4866a0ull,0xa0f9a16a21c159aaull,0x647fc210c7edf3a9ull,0x0db92f588c73caf9ull,},
+ {0x6e9349b777bc2cf1ull,0x4fd987eb22e2469cull,0x666644a8e61b0a0eull,0x02f5bf9aae96c0deull,},
+ {0xd5fd6288342479ebull,0x74022b671c6c8d8eull,0xda32d1b497cac7b2ull,0x0abecf35a19b5c7eull,},
+ {0x1500891565b5f9aaull,0x4b7ce141cd7f4361ull,0xadf3447c534846c1ull,0x078b36a30d45de5full,},
+ {0x37f172cff76e4b77ull,0x696d093b3ee37e4aull,0x2193797b7da56c6eull,0x1f5fc9efcbbb93e7ull,},
+ {0x4c7d799b765b8f44ull,0x7adfd285e906edd8ull,0x79d68eaaf88a0885ull,0x20707d672be892cbull,},
+ },
+ {
+ {0x84bbf3849c691e74ull,0xeeb90e1efc3e3436ull,0xd9d9bb6257bf19e4ull,0x1b37ef04ea7d6f85ull,},
+ {0xa6bdbbe0895ba12aull,0x58cade2ad0f1aa84ull,0xe0bb325678a2c748ull,0x23d1992e977c788cull,},
+ {0x44559f0b0f4bb2ccull,0xe61b479bc88980eeull,0x2a70aa9df3e28c92ull,0x18039bee97722b74ull,},
+ {0x9e5667da3db8e9e6ull,0x826ba07eb28c31f8ull,0x3f8b4eeb463d6923ull,0x1af85c2b10d3a2f0ull,},
+ {0x8783f372684ea930ull,0x1aa0d9e436f41ea7ull,0xc84a3fc56af9f624ull,0x0d02698756cd5a2cull,},
+ {0xe47407ede7b7c2afull,0x7d665c59e37ee7a7ull,0x542b91f12e0fa2a7ull,0x2084e73dc21f415eull,},
+ },
+ {
+ {0x2aebe318f3d167c6ull,0x5a2b2364b3abc614ull,0x31b2cdfd847e0053ull,0x04f0f63eed2a2f8cull,},
+ {0x0573d320ee14ecf4ull,0x4e0dc9d92e543ddeull,0x58a280570cac8d36ull,0x16226935e8e9f9bdull,},
+ {0x2d51a89174717a26ull,0x7341be7f883d0806ull,0xc9b4ee66364066ceull,0x018c79b95f127b49ull,},
+ {0xe5420d2f4210dbd7ull,0x179c22d607a5c801ull,0xe3aae016e739bcc8ull,0x20c554233ddd50caull,},
+ {0x6c5c4b29c77bb152ull,0xc30df398c85f0f2cull,0x5d5096a07ed6a257ull,0x0790d485c22a3639ull,},
+ {0x8aadc7bbf2cb348eull,0xc339d87c2118c2cfull,0x8f49e0eb46961ca9ull,0x24740f0ee2134c2cull,},
+ },
+ {
+ {0x3b80354a061dbf06ull,0x961e0dfd74b84147ull,0xeb4b27dbde455fc1ull,0x100da22e6baf58b5ull,},
+ {0xb156ffc78a60a8acull,0xc873bf776b8daaeeull,0x5a702f5446bf83fdull,0x1fce59e50222949bull,},
+ {0x32d7640c0f717812ull,0xc58d05abdc19ceedull,0x1e63c2a492849373ull,0x23443ce8fb2d6feaull,},
+ {0x870f2d1a2e39f52eull,0x7aa53cb06541429aull,0xee7b80b7031f23beull,0x0a8a095b3fdf2cf6ull,},
+ {0x4e489bd278487a58ull,0xa914d93e5ed31065ull,0x6720c32ae140db7aull,0x0c22020e6a97031full,},
+ {0x7535115a15420cceull,0x2cd019bac6256080ull,0x8234c3b61757e461ull,0x24d65e78c88298b2ull,},
+ },
+ {
+ {0x1f0bdc2cae53aa21ull,0x263506a6526641afull,0xacd41097fab7f62full,0x0b2c92453d474a86ull,},
+ {0x2d23a58a46d63e3aull,0xa65ff6f1f716fe37ull,0xb86dc831f970fb2dull,0x0bc3cf38a191e63aull,},
+ {0xeb0ca4fdeba41bbaull,0x969cf610e1a3a009ull,0x93c5d1bad6c7240bull,0x20ad29c9a9f1d6d6ull,},
+ {0x006a12a187464b7aull,0xe354d9be0ec65202ull,0x9dff5c227947f5b7ull,0x24e3dc2833ba4d2full,},
+ {0x9350693ebfdfb4c6ull,0x07d8abf27abb8fc3ull,0x58f5ab0b518e5113ull,0x125f2d7d40ed8650ull,},
+ {0xc9fd435af6e86f34ull,0x04dc07374f373455ull,0xd040d286d71db00dull,0x141a1253f3bc2a50ull,},
+ },
+ {
+ {0xbcfee5dad6ad33b7ull,0x8cd72df36c5b56daull,0xc2949399ad52da69ull,0x0f6ffe6d68a398d6ull,},
+ {0x777dc689b038aaf4ull,0xf7a8f41c7c04e9f1ull,0xcdab24ebcea39892ull,0x0178d69b1b935d81ull,},
+ {0x65a001a22be563c6ull,0xfc1b2634dc76eafeull,0xed4f6ea19949392full,0x0e4e9127957d60e7ull,},
+ {0x919a1c91a123e003ull,0x23f8ec239ef8a15dull,0x0470cb40e520d6f5ull,0x0be9b58098cd0f01ull,},
+ {0x735e236220cf1152ull,0x82e68710903f65b1ull,0x6c932338d29169ccull,0x0e204d6a8c7d5034ull,},
+ {0xac47692ec8245f1full,0x125db7c68d7e7a9bull,0x6ead9899d3150beaull,0x1957068d4a3da4b8ull,},
+ },
+ {
+ {0x45c168b2bce7b4daull,0x63afa3b276f9f910ull,0x60af02b6be9889a6ull,0x1adad7fa35385ae7ull,},
+ {0x8d35cd7e7df59aa6ull,0x13cf29589f4b84b1ull,0xec6ecff2e1540013ull,0x0ecbf75abda6eb1dull,},
+ {0xf6ce05fc3becfc23ull,0xe4ac8d257a7bf44eull,0x4c12510765eeaa43ull,0x06c870a377df50e4ull,},
+ {0x2f6871bdc1d62dd7ull,0x80591505c1279cb7ull,0x1322088b2719ecd2ull,0x222e71f8f5995a2bull,},
+ {0x2d1a1ab198363dfbull,0x35635c96cfa670ceull,0x7d5034dd7a26c656ull,0x003bf0608625abedull,},
+ {0x98ca35cf5ed8716cull,0x2265e1237bc6df23ull,0x403b67933e14f23bull,0x17bd2dadc39729fdull,},
+ },
+ {
+ {0x73eaf26576b3ee71ull,0x1e385de29d896044ull,0x25a0f40f08a59317ull,0x19849935bfbebeeaull,},
+ {0xc124cb642102cadcull,0x15bc408ad6ca7826ull,0x2d7fb7c9392b5314ull,0x191fe8471669f053ull,},
+ {0x4519ddbccb6a7c26ull,0xf93bd195baec8228ull,0xacd754a721948defull,0x12f17b60c7e426bdull,},
+ {0xcf447b92b04c15dbull,0xfcb7da793167f250ull,0xcbabb4ee570c4306ull,0x190ab94c6e5c81ceull,},
+ {0x66edbe6740930cfcull,0x00c8c644983a181full,0xfe9e80b984c44209ull,0x1dd6f530584a7ffaull,},
+ {0x14c61214aa1a9038ull,0xc34e5e23426cf8b6ull,0x89fca910ec46ae5full,0x04f1b9161a0f7c1dull,},
+ },
+ {
+ {0x60c3a79ac91ab4deull,0x541e051ca71a1a2bull,0x490abafd41a5d25cull,0x126275c8a46cf343ull,},
+ {0xe5da0fcfffccd2b6ull,0xe3820301b166bb43ull,0xc6599e01bed6085dull,0x226548dff57c5cfbull,},
+ {0x36428b1296882728ull,0xe08312e604299b9aull,0x5a15c889ce55478dull,0x172710198cd7c270ull,},
+ {0x2450f291477cc1ddull,0xcb0f85c9d92d1bc3ull,0x86325c11cfe0e296ull,0x13ff03a4bd5be082ull,},
+ {0x74298091e426bf55ull,0xbed700b48330ccdfull,0xb1ec45894f74fb11ull,0x1716d956bea958b0ull,},
+ {0x91b29e513e9a4114ull,0xcdb3b373910c02fdull,0x268e148f9431fa75ull,0x1288ec8fde3009bdull,},
+ },
+ {
+ {0x02ae4c95e0afb8caull,0x8e7aec631cf8f5dfull,0xdfd9373259eca3c3ull,0x1fed34fb88af7224ull,},
+ {0xc47e420205b5c88full,0x7207ef7451d1c567ull,0x53262358433f5294ull,0x193248ecf07ad085ull,},
+ {0x49de15f9bb694200ull,0xc35f531086b5c242ull,0x95a1903858cd5140ull,0x032a4992511b1f97ull,},
+ {0x42ee2c4def1faaa7ull,0xf6ca28bc9d99cd60ull,0x83c60d620a1e004cull,0x024ccf0ba1568759ull,},
+ {0x6122291bf42e7d82ull,0x0866090d368a8205ull,0x11f04812ad6ec708ull,0x14cdebecb4ec13edull,},
+ {0x535e8fd1ac15390dull,0xb37b579abb1773daull,0xbace0a295cd4b579ull,0x215e20d42270bcb0ull,},
+ },
+ {
+ {0x400bdbc644ac1d92ull,0x6d856667d971f595ull,0x03343816a1bd40f7ull,0x0361ad7534821a43ull,},
+ {0x824222acf8437091ull,0x79141c3205b1032full,0x6b4d331fc9974530ull,0x1bf965a7ba2bade5ull,},
+ {0x0bf66d1afdad6063ull,0xfe6571464fe71527ull,0x3ec25815cc90ab9bull,0x132ca2d9d51c3b56ull,},
+ {0x37e3ae17fb5ac815ull,0x2dfedb4efe3f37c0ull,0x4b086ea5032745a4ull,0x0f966cabdd479e9full,},
+ {0xb5266c229b7ebe0dull,0xc6717a5442929826ull,0xad22a19d8892adf1ull,0x172da87fcc14d4f9ull,},
+ {0xae0d9866d891bb59ull,0xc500c36e3fe7d354ull,0xc2b582f2929b23abull,0x11428eb730dd4e8full,},
+ },
+ {
+ {0x81538fef8e07dae0ull,0x3c05274665489b39ull,0x36e4401350ceb55bull,0x23822f2029f31339ull,},
+ {0x9a946e7c30090ad9ull,0x5bbc4c8c656ea3fdull,0x3cc2cecb7ec7227full,0x075a6fe87014899full,},
+ {0x504b2ff7fbb0366bull,0xdbf315791bc3d5e8ull,0x34b16de185c8c4faull,0x0c722a3dffe0761cull,},
+ {0xe1b2c1fc3b33c383ull,0xce84d3e5182665f5ull,0xbcedf2f72de4d795ull,0x1a84c62c0c4a6f6full,},
+ {0x85ebabd309ae9553ull,0x1330ec03b0ac91f7ull,0x8f42ba9c8c1ae123ull,0x24c230fae89db4b9ull,},
+ {0x63ba534e151566b6ull,0x7e44c5bd39e6334full,0x06921595325d11dfull,0x217f3a4e9d6413deull,},
+ },
+ {
+ {0x25ac71f16a82e592ull,0x47846dfdcc378ef2ull,0x75c53c75b38260a2ull,0x039b9da33bf9b997ull,},
+ {0x53d30cb619b09dfeull,0x566d6a55a184cd91ull,0xa589c53ae28a8e0full,0x13c05b500d5f285eull,},
+ {0xd22faf3af0a087b6ull,0xd5e538653ca52380ull,0x42c893b42092e080ull,0x18f7a1bdd3badfbbull,},
+ {0xdba4e6c94bb0a0b2ull,0x323d4769578ee4deull,0xbaedb0f8e01fdb15ull,0x21ca037715dcfe00ull,},
+ {0xe6ccc0bc06afac14ull,0xfb943c10916b581cull,0x2d5694a4c968aff2ull,0x054a1b209a812e31ull,},
+ {0x1983e59a45dcb02cull,0x71dcb184a30af740ull,0xb75b69bd5ae155acull,0x13c7fc9ace199224ull,},
+ },
+ {
+ {0xddbd6b95067516b5ull,0x29ca0360372d54e8ull,0x3e2955c1d6748678ull,0x1f8b276aafcd2c7dull,},
+ {0x893187796c272ab6ull,0xc843325fc53fa37eull,0xbe658fac833007a3ull,0x04bdf08356fbd83full,},
+ {0xa0863d3fd012aa1cull,0xb1b2c2c3c2fa879eull,0x4cd718b80433407dull,0x1e1ff82d0a23f609ull,},
+ {0x0c72fdbda5da70b5ull,0xfa2ad5a7dafb202bull,0xa63ce1e889feffefull,0x030b328f5fa93e0full,},
+ {0xc4a01585dc609f7eull,0xade61ef3353eda34ull,0xfa884e9a73d65e8eull,0x24750424a4543a02ull,},
+ {0x54f07e883bbe27b6ull,0xfb41ed1660623383ull,0xe112647feeae3cabull,0x055cf71a930304b0ull,},
+ },
+ {
+ {0xcc5f813b041ba372ull,0x1b892909c069bfd9ull,0xdfac1a47d46ba3dcull,0x1bc553fdedaa97e3ull,},
+ {0x623da812c8d71640ull,0x59b3b84486ab96c5ull,0xd77a7d970676d563ull,0x09473f20b0087846ull,},
+ {0x9214acc8a6ad6f76ull,0x53e9b1713dffaa0aull,0xe66631ab33f6477cull,0x16792dc3fd2138d9ull,},
+ {0x612c9ffc45facb86ull,0xd43cb433555b3da3ull,0xb0ca697731e8202dull,0x141ac2b6bfa546e5ull,},
+ {0x51b480946640c6a2ull,0xc71f677b6d96bb2bull,0x7e0377527663c0beull,0x036b2f551e8c7db8ull,},
+ {0x09610b7524482b53ull,0x65196312af7438ccull,0x7050f94a8a70305eull,0x06fde0d46e6c059eull,},
+ },
+ {
+ {0x707927b8fc061859ull,0xd9e38cc9ebbd94ddull,0x96eba99c855f975full,0x0c12d088d263d28aull,},
+ {0xfa236e22ee58216aull,0x470b1efa73ec6699ull,0x4c5457a04dbf7553ull,0x1a1dc4cbd3ccec1aull,},
+ {0x9a327665f6db6d31ull,0x6443a4f683536914ull,0x58eff845741ae1d6ull,0x0b784f2a8c259646ull,},
+ {0x08cfd913a263ce94ull,0xe58aab8c6b488744ull,0x335fa717116557daull,0x137bf0016a4e4c17ull,},
+ {0x0c14566b7ca1106full,0xb5fac75743cf44ddull,0xe87d1d95b95cba63ull,0x1d2823802dac3d01ull,},
+ {0x445099d6807bd76cull,0x41b66837529eb51bull,0x84267670e2264913ull,0x0ed84664bb37032eull,},
+ },
+ {
+ {0x938964e622d307e8ull,0x2edeb24656039ea6ull,0x642dd6f7e2144be3ull,0x1d31590cb07cb098ull,},
+ {0xe57bf1b8729263c1ull,0x48f9b371fd250d79ull,0x670ce0ee36513b90ull,0x1b908986cbfec7f1ull,},
+ {0x9fc8ffb876636effull,0xd57385d67c117698ull,0x4813753691eeba7full,0x0e36785e030209eaull,},
+ {0xeef1935cb4c5e8f1ull,0x1b8726a75ab06681ull,0xee973c5cd718bf31ull,0x026910b1fafe0208ull,},
+ {0x8c1826b08792fd9bull,0x00325e83cb419665ull,0x9cf44c5b81265badull,0x2462a8c0fc4f85f9ull,},
+ {0xa4068de0bcf85b4cull,0x5292433f89646bedull,0x05b4bdd364d3bc53ull,0x1e25be7fab47bf9aull,},
+ },
+ {
+ {0x51c27ca3424bdf72ull,0x167926750fe4d445ull,0x41985a737513c6e8ull,0x070056ab60d56287ull,},
+ {0x0a23d1344dfd91a0ull,0x6c518fef27a24e64ull,0x059a8c49360f8730ull,0x0f1d38b2c12772f2ull,},
+ {0xaa2a1e60b126566eull,0x1ed2add1bb218007ull,0x71385f0a8fabe78eull,0x024c0880d7c0fd5aull,},
+ {0xeef5704923a38ff1ull,0x34506a9872581fa9ull,0x78152bc691cbac5dull,0x0c41086d97a7fccaull,},
+ {0xb0c0d854ad72b6b6ull,0xb38455c3e3e5f457ull,0xfe665f1f4ddafb6dull,0x10373cbf9ca2add9ull,},
+ {0x8a306e7799aa2605ull,0x5dbca515ad2f9733ull,0x9b8b80da928edeb0ull,0x0052a2d2f8f7b1e2ull,},
+ },
+ {
+ {0x13e3e3df198f8864ull,0xc80f05cd02b931f3ull,0x8826debe7162b2f6ull,0x1d319ece62ae45e7ull,},
+ {0x313e17d4fa80fd67ull,0x82c5f606bfe97eabull,0x66f092bfa6b46100ull,0x16fde5bd28d86353ull,},
+ {0xcd4e7dfcd19cfb45ull,0x026d1e42ed44630bull,0x8d6b54119bc07918ull,0x1eff361145a4818bull,},
+ {0xc80d511a9a448566ull,0x9df3e33a28a32065ull,0x5a5860db779cc4aaull,0x1c226a0a4bf8c193ull,},
+ {0xfe0fa440138c1ebcull,0xc32c16bd93c71daaull,0x5e053ef1a9d73a8eull,0x2105d2d85afe7c65ull,},
+ {0x553c6840e4d14fdfull,0x600506d781612ff5ull,0x3ab288079ba2da8full,0x19b8f14b3e9cefeaull,},
+ },
+ {
+ {0x101f9567b577f4ccull,0x9d7dfbbb95010b1eull,0x1801c3f5ef323a26ull,0x08066f8c302be6e0ull,},
+ {0x301f867187aa8cc4ull,0xdcb504ccd5deb64bull,0x7a19b8838cf066e1ull,0x1ce06a9c35aa0809ull,},
+ {0x010a732bda3f076eull,0xf36ad54eeb0df727ull,0xe7e3ba3699eb12eeull,0x1d65654037809723ull,},
+ {0xb8ff82aa0c8f9e89ull,0x39fd76e872772dd1ull,0xd0a9a0cf7b300237ull,0x21cdd8098a877d70ull,},
+ {0xfff1cbe2921532d7ull,0xe919f4cbb2b62082ull,0x43858e6488e4d9f3ull,0x227d32cd853e2a11ull,},
+ {0xdd7807401672de18ull,0x7e3167a195002069ull,0xef20051461812a1full,0x1ee6ee09899caca3ull,},
+ },
+ {
+ {0x18dcb2c8d68bcf3dull,0x55c30335c441d056ull,0xddcda87759df1c4cull,0x0bd72b9d00117407ull,},
+ {0x53759bf204dc6ee2ull,0x5a491198ccc07fb6ull,0x21023e765d4b082bull,0x052467582f570a64ull,},
+ {0xc71f8479e69bc9efull,0x1a8b07f3a7f9f4e4ull,0x4898f9336938503bull,0x210b416bb55f686dull,},
+ {0x2ea76a804a514216ull,0xaed1c043402cba72ull,0x8e96b191c8508968ull,0x0a6845487a544d0cull,},
+ {0x20f8a88abe36a0fbull,0xf7be80390c4df565ull,0xb4d6ae73ab0ac7b4ull,0x03dee2bd150d75caull,},
+ {0x31f41f54a9d5ba23ull,0x32d8a838645e8303ull,0x1ce68866725d4d63ull,0x16eff9d7d55f24a6ull,},
+ },
+ {
+ {0xc9ef98de3048fe85ull,0x91d247303ba2cc5dull,0xfeebf32febfe0c50ull,0x12193bd2dfc7cbaaull,},
+ {0x05545cc46d6e2f10ull,0x0c1885bd6a173fe0ull,0x19192206ce77ae4dull,0x21bc567dedda3bcaull,},
+ {0x0289985f4f8a3e0eull,0x46a6f360ff57d0beull,0x8ecf6d8914a57a28ull,0x16fad252e99a0f5dull,},
+ {0xa1ce7650862f87aaull,0x624601ad20a0a754ull,0x181fa95e1dceca7aull,0x04c7063bf6031512ull,},
+ {0x47221f77cb9dead6ull,0x0b0a1f41bf04b7daull,0x1285ec2ea904f669ull,0x05d815fd67d084b4ull,},
+ {0x2f4621c7c48ac6bfull,0x6c94a7fc7433ddc8ull,0xbfbc34ad00dc77bdull,0x0d420c22daa0e425ull,},
+ },
+ {
+ {0xa125bb06b8f5ae5cull,0xf130e54b42e247baull,0xa7d5d0e59b914ac6ull,0x071f28cba94510baull,},
+ {0x23781cfd40419519ull,0x2ea1f31e32e9865dull,0xb81d3422cdc1a049ull,0x09b4ecf31bed5dadull,},
+ {0x7cad0528d1f2ffbdull,0x4aac3a0629f7f4f7ull,0xffa90428bf6d62ffull,0x1e313094fa295c2eull,},
+ {0xac9d8af47d98869cull,0x8ecebc8bdf6c41e8ull,0x859d29cb97f9f264ull,0x0c9223c674634d76ull,},
+ {0x5adcabb24bf08460ull,0xbc91aaa43338b671ull,0x7abcd2f2031ec66dull,0x19b3dbaaf6fb5a1bull,},
+ {0x00b0c3d6c69380bbull,0x044a0a413e3aaea9ull,0x48d820b0f17d1ac2ull,0x1745bb82ed277652ull,},
+ },
+ {
+ {0xd921b459e78504aeull,0x79ef5733fecdb405ull,0x04020f6200148defull,0x1163b626e015e688ull,},
+ {0x0781fcc9b627e44bull,0x5d8c6c8944d557a6ull,0x5493d9920c1d32fcull,0x0ecdc7510a2f454aull,},
+ {0x7086854c556b47fdull,0x4ec3f6dd8ad274dbull,0x274e92925edf85deull,0x09e6aa987250022full,},
+ {0xa63453a7eb3a8fb5ull,0xbd83f1e026f71f82ull,0x1386ec55e6450e3full,0x00873f000047164eull,},
+ {0x179dbc93073fcb3aull,0x592c5c9b8baf6411ull,0x4b81a7b27b4d9070ull,0x1d26ead51df9a20eull,},
+ {0x6a244f14dc36671cull,0xd1e9d82e3c5bea31ull,0xbd883c1283d17771ull,0x1e09e59618c6163full,},
+ },
+ {
+ {0xc1b0578027cdeed9ull,0x7ad19ad5cb04d6e5ull,0xee6f7f36d5ed1465ull,0x01d616ac45e80f5full,},
+ {0x2c0c7df57e945feeull,0x9709cf12715b87afull,0xa6e99327a9e2f868ull,0x1dc75e316e45b2aeull,},
+ {0xa7bc3e0832276f4bull,0x36ed99677fa22ffaull,0x89da95557e5dd91eull,0x0c1f4bf5d672d3b9ull,},
+ {0x25624941c1047a5full,0x463ccb3bd3fce3b1ull,0xd115fc8570096682ull,0x17145e34ff1d0e9aull,},
+ {0x4a3a34676a6a378full,0xac89a12198b0ca1cull,0xb97a2d982319e20eull,0x0caf54593dcf42e9ull,},
+ {0x7a07a3d321faf4daull,0x6a062e2ec939fd56ull,0xfd7ac47f692009a9ull,0x1121561f1c332cd7ull,},
+ },
+ {
+ {0xcfb495c8f564f52cull,0x39665331e96c838bull,0x42c49998a1446b14ull,0x03cc4e294cff3ff7ull,},
+ {0xd41d69b42b557d10ull,0x98dab8bd722a39a0ull,0xd4e24c4add54c81aull,0x1344527908d19fa6ull,},
+ {0xe9648caa7c8da128ull,0x8497aa165fdee967ull,0xf437d75fab691b76ull,0x052cbd6eb6436a4bull,},
+ {0x389f7092e280920bull,0x9b8625c09555310bull,0xe91f49f9d9031898ull,0x1c95a9d881b18be8ull,},
+ {0xe8605b4d2212b1fbull,0xb1c4f57736dbf0c3ull,0x8a90c4bcc09cad9eull,0x12f03ba47d2620d4ull,},
+ {0xcbd4494a5830ba3cull,0xb5a5d7b6b635fb6dull,0x154076781060c57aull,0x14e27241d5bdbe5dull,},
+ },
+ {
+ {0x5545df3af64ec9c4ull,0xff2adbc37d224acdull,0xcf02fc8672ce69ffull,0x0a7fcfe0b85478f0ull,},
+ {0x402246e5d134054cull,0x0bd5980440304ad7ull,0x3df09979193914b6ull,0x22610927d3977e51ull,},
+ {0x08235659dbd58c8full,0xd159c4e705d2f6d9ull,0x3c5ae22b53836251ull,0x137039c4b43f1c9dull,},
+ {0x4ee6c2b196d188bbull,0x54ecda987459243eull,0xb3a9cfbf1aea2748ull,0x234243a4a87cf61eull,},
+ {0x248eec552d9a5ef7ull,0xc8a98bee264e9e26ull,0xf3bcd8c268d0c073ull,0x16e365499a23e913ull,},
+ {0xbb406c86a8f7f2d7ull,0x03426cc36d053972ull,0x047915ec9f472c4dull,0x2318c0030bfcee73ull,},
+ },
+ {
+ {0x3c783caa5308c82dull,0x81bcacdec8f45662ull,0xe169822ce2c0837cull,0x09c179836e05b980ull,},
+ {0xf5d882cd842d337full,0x861761db32052e52ull,0xd6721854e7e686f2ull,0x0d22ec35de13a291ull,},
+ {0xd9dd477876f2c6d0ull,0x5ef6dd9d6e4eb6b3ull,0xa22e8bf49d19a102ull,0x1fb12cb296762e6aull,},
+ {0x8372df5211227b55ull,0xc3994286779c5c02ull,0xa302f7b3be87ac5bull,0x22b842b9b918d821ull,},
+ {0x2cb75b8cb17911a1ull,0x5cd8f56c7f4dacf8ull,0x09874f95dd87d8d6ull,0x15b92554f1bdb068ull,},
+ {0x4786ec1f88a80264ull,0x91dc53364f6aec54ull,0xbd9bd414e46eb290ull,0x1b27b7fd99d5e212ull,},
+ },
+ {
+ {0xbb40271789b4bb9cull,0xddf3b8f645386314ull,0xce090cc4ffeabe23ull,0x0c3920ea76b361f4ull,},
+ {0x14c64e1eed2b5edeull,0x99c5289af2511b43ull,0x5de1d7b1dccb2575ull,0x0b5e4419ad2e1c52ull,},
+ {0x0c04995f7bb764c0ull,0xbd9eb56e1c742072ull,0x9009271bd281dfd1ull,0x2464821365b75205ull,},
+ {0x49724e13fe376d0cull,0x189fb55cbe1abfc2ull,0x80162bfa5b8980d5ull,0x1a96550a3916c5caull,},
+ {0xcd79e4d9633065d2ull,0x2b51887668a49a0aull,0x8785b375ac581035ull,0x10a5547822c082bfull,},
+ {0xb98da2585b65ccd3ull,0xa8015a03bee86a26ull,0x2eb6a1e1bd1cdf1bull,0x07bf364897d1c8b8ull,},
+ },
+ {
+ {0xb791c26545931abcull,0x9a1ad86e4fda79aeull,0x06855828328d0314ull,0x116650fafca899dcull,},
+ {0x28a52543d8cb599cull,0xbdd390c86fa4fb40ull,0x903fff92c56629c6ull,0x0b496e3e73b93100ull,},
+ {0x0f5622574884b369ull,0x48dc4ad8ee6e6c07ull,0x9bf8705b75932345ull,0x12fdae5ddc53fccbull,},
+ {0xffbab25f3f4dbcc5ull,0x2e29054e3b0c795bull,0x4e42d9554507c4a9ull,0x0100c6ddccafa66full,},
+ {0xd070c555e094dddeull,0xc33dd5eda3c03e59ull,0xaf83e343a270dd9aull,0x098aee3da1fa8162ull,},
+ {0xad02918dc6d1048aull,0xf04903a09f8c1e95ull,0x51622aaf4848d918ull,0x1ded54a06c3901a3ull,},
+ },
+ {
+ {0x407e49d022ba5897ull,0xdb8d26843eab7b0full,0xf976a1b95413e184ull,0x0aec3abccfa3f870ull,},
+ {0x5a796987e2623f7bull,0xf9ab67105d5e1b46ull,0x9d9d00cfaddf51aeull,0x1be8e30f8202ab70ull,},
+ {0x793be4982c00e681ull,0x903759a9286f8a57ull,0x16a3daf170f851afull,0x13cf0c29956077fdull,},
+ {0xfb5787f1092904dcull,0x9a7422c14149238aull,0xe8e61be7e9ad1fc9ull,0x10029d3e967eff2full,},
+ {0x4a4887f39a050b1bull,0x2b7f2e2d718b7fa5ull,0xdcf39f9d5e4ccc87ull,0x0e9ae22b93f3c46cull,},
+ {0xe2085144d647649full,0xbb22757ff04f1a8dull,0x39c323e34631d9f7ull,0x04865b0a1462c9b9ull,},
+ },
+ {
+ {0x684266fdd1482bdbull,0x49a7895fd6b87933ull,0x28476e848c17b925ull,0x19e95e89691c4ea5ull,},
+ {0xe9a6a6bccaf53a2dull,0x479cccded58ddaccull,0x16049a3fd6291256ull,0x07364abc39086c40ull,},
+ {0xf24da0fc6d7e4b82ull,0x29591202c08178e9ull,0xf9b5dff7dc07aae1ull,0x0ed06afda0a02f78ull,},
+ {0xcac1c41fcc1f702cull,0x52b029719b5224f2ull,0xc838b665539d0364ull,0x246b61674cf835aaull,},
+ {0x44068b26b9dce8e0ull,0x6b3a0b0e83a7c8b9ull,0x03feca47fb021110ull,0x10d9d6e7fbc944eaull,},
+ {0x3a39ad7da63fd6fcull,0xaf3e9dde8885823full,0x31511af0a15648cfull,0x19de25d493f0200aull,},
+ },
+ {
+ {0xd4fff38e62012c13ull,0xae59ef30122850ffull,0x9d23a0381a012cf6ull,0x120ae1d814828c1full,},
+ {0x42eb1c5dfbf07103ull,0xd254f031490046f0ull,0xb47882ae239b8ae8ull,0x11158120470a13baull,},
+ {0xd5144f9267a09051ull,0x66da90aae84bab57ull,0x586fcfe6e1dfc445ull,0x221e49ed2a16e941ull,},
+ {0xf467fe034d6cbdccull,0x7ac29c1d1e5e20feull,0xa110e6e05eb1585aull,0x23d954fcdf786a64ull,},
+ {0xc1ae9be330026938ull,0x874b19ab11339205ull,0x0964cbafa59f62aeull,0x1e6167f38349f253ull,},
+ {0x23efb445bd9ef627ull,0x897335bf70b7bcaeull,0xa00f86ae69e47650ull,0x2509e8fa87d5670bull,},
+ },
+ {
+ {0x22a00ec33abc6b8eull,0x09620addb21d394full,0xb965fdcb7ee143dfull,0x1febe6994e628a7bull,},
+ {0x1c710a901e98b013ull,0x2801fd688f4dddf6ull,0x0abcab0ebadf8343ull,0x10f0cfd199338d92ull,},
+ {0xd599e818b6e83ff6ull,0xb88539365c679f3eull,0x0313ce19b529a51dull,0x21f5f0b9f1cf3415ull,},
+ {0xb59034f3ef13e954ull,0x6883ab623a40da9dull,0x94faebf81576de70ull,0x14d2247af37a0cceull,},
+ {0x99757d5184162b77ull,0xf79b9dc74871c5dbull,0x608ad4501b03300bull,0x074149d915458798ull,},
+ {0xa3252b36c3eda717ull,0xc1ded9f245002540ull,0x14b5755b56dac7b3ull,0x19308239f6756bf4ull,},
+ },
+ {
+ {0x07f4f5a6f26b067eull,0x32d2eb865477dbdfull,0x6945cbc86ac200a0ull,0x1e6311fd6ef61d2bull,},
+ {0xa0d0920425c68e5cull,0x683d1987c8fe9e5aull,0xd7228b5e41a381faull,0x114a05f6a9f409b5ull,},
+ {0xf677d47e68eeea17ull,0x87f50243b30d3112ull,0x084cf054770d8dc4ull,0x0bc9fe9990a74fb5ull,},
+ {0xf22bdc5dc2eec0d2ull,0x3bae3de98c595ff4ull,0xc95e53073fd0b23bull,0x11a7e2b2d55a6ea2ull,},
+ {0x8ddcbdbb83b870baull,0x728950ad96866c71ull,0xd145c1d31fae9c5cull,0x0547d0e831e70104ull,},
+ {0xead79bef2b2433d9ull,0x0647d5966623bf56ull,0x4fb0056ba69d7958ull,0x1a0983813c5d2e9eull,},
+ },
+ {
+ {0x215a5a20e15d19d2ull,0xae9ceafe33084b69ull,0x80f85025ca380f77ull,0x1c19066c196d1a00ull,},
+ {0x359cfc6bc545de2full,0x7339f8704a758d60ull,0x64eca98cd5f2d7edull,0x248ba44255247839ull,},
+ {0xc2c6e70b389e8492ull,0xc9b97f7a19d874c9ull,0x87d7b9a332957727ull,0x0119950fe431afe3ull,},
+ {0x51eeee98aaf4581cull,0x081de6981f8512e1ull,0x4bb18cf097ac6997ull,0x21e465b23c21951bull,},
+ {0xe5bc584a9a1f5a1aull,0x1ccc4b14286b7ad9ull,0x435b382aeb470e64ull,0x1f9ae9143c5b987bull,},
+ {0x990eccb3248cd3d9ull,0xe6cfbcdbd8c8fd0bull,0xb48de18c5009802full,0x198d98c5412a6213ull,},
+ },
+ {
+ {0x43cd5d8c9073ea61ull,0x5174db54059acdffull,0x45e871c04aa7a2ddull,0x05e16d3199d840a0ull,},
+ {0x9ad1091f764df938ull,0x67637f20a74490b7ull,0xdbd73b8487d04861ull,0x15a139abaa8b478eull,},
+ {0x1b10547972b4d507ull,0xf641d3763db1a739ull,0x15597787c5b84ec3ull,0x0134b78ebf335c12ull,},
+ {0xf6b7a9d4052963daull,0x2d806855d9466783ull,0x623658a8a2d743dcull,0x00de0208fc0298b1ull,},
+ {0x1b67ee84e8c40714ull,0x620107f4c2393038ull,0x96441ca3a07baeeeull,0x0b27368271b0f683ull,},
+ {0xa65922c66ed876ebull,0xdc21179aa8971bdbull,0x9309a00b5206e041ull,0x088fc38497bf88ebull,},
+ },
+ {
+ {0xee8bf43d2fc34584ull,0x4ff6772e8da82b6bull,0xa7ae3c97dc955a78ull,0x09651f34f9ad7ab5ull,},
+ {0x103de2e1906f8fd3ull,0x046ca4e6b276642full,0x220398cd397af5fdull,0x07b984811b0df962ull,},
+ {0xd0519e42b872b7aaull,0x164acb4f7d9df94dull,0x54cd157448c94337ull,0x04c636efd3f59641ull,},
+ {0x7cf41f52f0acc90eull,0x54dff80755d46315ull,0x83a7e3f528daec19ull,0x0039b02577bb91e6ull,},
+ {0x828eb12b537a9732ull,0xd81ce0f79c6211ccull,0xcd2fd2f2e35379adull,0x1e84fa2068841dd3ull,},
+ {0x931aef70f9a3a06dull,0x71abc5af88fa12caull,0xa70ddb3102a75247ull,0x14a049c881169cceull,},
+ },
+ {
+ {0xa9975bec6d3f0412ull,0x72feab9fdc81092full,0x49f533cdb7ae9d66ull,0x18632a2c4c5b4d2dull,},
+ {0xaa9f81eeb706ca09ull,0xb1065065a3fe5198ull,0x3381765974ac94a8ull,0x0ec5d52c65b1f5e0ull,},
+ {0xfe465050a5cd7ab1ull,0x5059fae63d47120aull,0x49ad1fd731ef0aebull,0x1e018673e33f45e5ull,},
+ {0x6eebdeb52c24d248ull,0xa43988a55ccc8d10ull,0xe997fafe55d0ff64ull,0x233675abd5ad14e6ull,},
+ {0x8b5530b175fbeaadull,0x27ba08984164ed08ull,0x94a9507d0189809dull,0x12fb832d1d13901cull,},
+ {0x912ff6e6cf0c29f4ull,0x54d7a43121bcd1afull,0xcdf9fb448a1e2185ull,0x02aac1a8e253b8f9ull,},
+ },
+ {
+ {0x26a581d7ca270a84ull,0x989bddaaecea533cull,0xda7993327a4b8cddull,0x0c1637ca7d045160ull,},
+ {0x6213cd9db7a6d076ull,0xc03037d124aded7bull,0x32d9e1bd41523d2bull,0x008ea641abbe75edull,},
+ {0x7d3c23b227774f03ull,0x4a5e7805e6f9a14dull,0x1c24f1a43d487e79ull,0x18eafaffc703509bull,},
+ {0xe146113f559bd9efull,0xe56825b1a7fcf7f5ull,0xa93689399f819fceull,0x14fa96013c5a6638ull,},
+ {0x81c625bff8857fe7ull,0xc98edd68e7203a68ull,0xc88c3a681a3f1ac1ull,0x0bd4fa57e9b6d9f4ull,},
+ {0x2dd6eb21127b1fefull,0x91b039a57e0f6233ull,0xd02548bc3dc3c783ull,0x0e8a4d19a777a688ull,},
+ },
+ {
+ {0x025c54533652a519ull,0xb3bcbf01559e8920ull,0x5c53eb97c55f25fbull,0x22322b9402949dccull,},
+ {0x260ef92c70dd5c11ull,0x9e27626b6cd441acull,0xc6661507ed6f5d61ull,0x0fac1fb2f6bb53edull,},
+ {0x5511ab3bd7ea4c51ull,0x6562a46409240916ull,0x83a5e441731b870dull,0x205c0c853ef83501ull,},
+ {0x7c8ae57f4deec828ull,0x349dd08555bea497ull,0xcb5d3234c7b839bdull,0x153259da7d31993eull,},
+ {0x964b508f6fa5bb3full,0x82b5262f18242750ull,0x970156d1896d43c2ull,0x028fc28439e44783ull,},
+ {0xda5afd0f1a7d7fcaull,0xddb473f9a75a7a4cull,0x180c169ed34f6781ull,0x0cde138f3279be8bull,},
+ },
+ {
+ {0x63de6da225c321ddull,0x4832886b582d3833ull,0xb0dee708e55cb53bull,0x06c9e933c223ec30ull,},
+ {0xdab1fab5dd78e263ull,0x3e658d3d9ec3bb7full,0x3d0a56ca4a1b088cull,0x008ce74540e8386dull,},
+ {0x0b0ee452fc9bca4bull,0xfd0b0e032d16b266ull,0xfaeea7076b32cc91ull,0x1823f6048f88ea5cull,},
+ {0x3966dc6553a5ff08ull,0x85192338024e75e5ull,0xff2cc296f92beee4ull,0x229caca8d4f809ffull,},
+ {0x7702729e0d1f5157ull,0x1a3ac2432384d0bcull,0xd006954b39b11e9cull,0x118a5126dec2a2faull,},
+ {0x2e9bfe6eaf026413ull,0xc720a61aef11d653ull,0x6ea67c87c36691a3ull,0x18f925014f9c61d4ull,},
+ },
+ {
+ {0xd3b27621ad1dd1abull,0xf97b0f55f22f18c9ull,0xb6113e8be6db1114ull,0x1a8a1ae8f65ead1aull,},
+ {0x0007a32980115669ull,0x605196cb02f760a8ull,0xfbd2085c8671df43ull,0x0c381e59ea5960d2ull,},
+ {0x94116d83a9603b67ull,0x92b23f61ccedfbbcull,0x50e0fc7e78727f5eull,0x23fc01a1d8cc7e65ull,},
+ {0xd1b8a0d5024aff36ull,0x2b25d1cf4ab60e92ull,0x8dbbaf91e20c91fbull,0x185a985f30c061fcull,},
+ {0x06fe112b333faa7aull,0x9323dbd6f08549bfull,0xcf5e43f668844df0ull,0x10df0c27f29e1637ull,},
+ {0xf2afbd9928527e7dull,0xd856c6d7448b34ddull,0xc5e025621b375c86ull,0x01b0fe70c9b177dcull,},
+ },
+ {
+ {0xf09e65fdda5bf41cull,0x59ef2a8eb45985f0ull,0xfec4facae20ae75full,0x019f623d519953a8ull,},
+ {0xd5dc50c38c7e165eull,0x62fc39995a53fcf4ull,0x557a7e55f3ae1284ull,0x0fde40ac729d9ca2ull,},
+ {0x4b49ba1f5fcea25aull,0x631dbbd1d4e3cea5ull,0x7069fcd00919239full,0x09c559fb76aa0dbcull,},
+ {0xbb6348d2d3a8d733ull,0x460c7255ba85e5c1ull,0x42e7d9808787c01cull,0x22c0fd2eef2261e2ull,},
+ {0x19833887b93cc3abull,0x2cee6551569164daull,0x1c44fdcd7b0c79dbull,0x1807ed58575a7b33ull,},
+ {0x30713388923e3b7eull,0x6d541ffc75d914c7ull,0xbbb50245851f0f6eull,0x1df0abdb9048edc2ull,},
+ },
+ {
+ {0x62788c325d2b0f0bull,0x33744819eb512733ull,0x83ff060d6ff7309cull,0x18829912bda99968ull,},
+ {0xe09edb24cdbdfc6bull,0x099200c5850fc442ull,0x967790a56049a66bull,0x011cd382712b1d77ull,},
+ {0x8df4e975f64427d7ull,0x2e3901a3a7b0f55dull,0x641ec6f45805e402ull,0x06e1d0db4022cd43ull,},
+ {0x440dbd8590564164ull,0x6aa7d9c34c053da4ull,0xe0da2752be2f5aaaull,0x2264f00ad93d3d4aull,},
+ {0x716e5f9a7e68031full,0x1bcb15653094bebaull,0xf84ac39bc138e963ull,0x1d7a1fc06adf5b63ull,},
+ {0x8835962eb2e3079dull,0xc3d7c9d41261e319ull,0x30c0c53b9353bf58ull,0x03bf957dd1541c99ull,},
+ },
+ {
+ {0xe77e8891944694ccull,0x04efd57869ed85ceull,0xe9de08ffa6a88729ull,0x1d062265f1d299d3ull,},
+ {0x387dab533dc83cc8ull,0xf7fa09c0bbdf31b7ull,0x59b84e1a3762d3b9ull,0x01b32660eab7f6beull,},
+ {0xf7daf1d596d17df2ull,0xcd931e51341e0ebbull,0x51710bb172705525ull,0x244d6b81dbc7d273ull,},
+ {0xe7a144e6eefd2dc8ull,0xf5c76e992d995cabull,0x477afe1374a66f3cull,0x1aebe5717b54fe53ull,},
+ {0x541a0d7dc825c3b1ull,0x93a0cab475598133ull,0x096efa1eb12a99feull,0x17a85ece29f273fbull,},
+ {0xa36f4f86b5bc5c1bull,0x1b4a0fc57947e76bull,0xaf302e3f7838388eull,0x06aadb4991feff1full,},
+ },
+ {
+ {0xd6afd4710167605eull,0x1897263cb81c98e1ull,0x90e133c23eb0207eull,0x0718643da3a96ba2ull,},
+ {0x8344e521afad71f8ull,0x66af04f81ad9f156ull,0x5ecd25d48f404733ull,0x0234ffcdbb42d141ull,},
+ {0x8a50c65ef686166dull,0x34cdda95694e0cacull,0xa8add01d08d2dbaaull,0x1ce98a7c6ceb5696ull,},
+ {0xb1702710fa0af484ull,0xe30a4eb2f39aa3f1ull,0x7409d5afcd96441eull,0x1e0168166b2894d7ull,},
+ {0x8cfa29792abed76aull,0x75d7bfbcee2073efull,0x7c0372e7080fdaedull,0x1ee8cc19eb967336ull,},
+ {0x2a265f9eb8f2265eull,0x48f9b13b07b728f5ull,0x7b915e1225774e84ull,0x0d4eff23e23d5ae3ull,},
+ },
+ {
+ {0x13cc952b1ef56e58ull,0xeb3870335e75a7c9ull,0x2fe15087e3c0845bull,0x1011a2007bc71f04ull,},
+ {0x472e18f407707bbbull,0x053d1dd70cceea98ull,0xe200cdc8798603d2ull,0x0bddb233bffdfc1aull,},
+ {0xec920181b8484410ull,0xc6b9a9b74e18f513ull,0x84c1695c77cf9fc1ull,0x01005eda69cae7ceull,},
+ {0x7c668bd94e95d9f5ull,0xbaf12b0a06fcd749ull,0x674b2e2824d6029aull,0x23c9d63fdca6307aull,},
+ {0x92bd96dd3a545dceull,0xccb9355edd49cadcull,0xf49ca3d068b74eb3ull,0x1d9461936f823b86ull,},
+ {0x6a2fa39fa7e93bb3ull,0x468fac8c8f151f41ull,0xd12e0aec4bb21bbeull,0x2326bbeb4405b3ebull,},
+ },
+ {
+ {0x1e029295309f1347ull,0x6589babde3a80cdbull,0x74de96ccf73da639ull,0x125810442f8c9fbaull,},
+ {0x47d63700da3a6cefull,0x59c3fd0f2b9b6f35ull,0x66f1979c84873b7eull,0x02770c35ac617c99ull,},
+ {0xa757e064e4f9edb2ull,0x46eb13ddfbda28f5ull,0x519177520a694aabull,0x04f6097d775debf9ull,},
+ {0x072be9865dd6841dull,0x4d9d5c0fa6d6a7b1ull,0x1749ea911a952c21ull,0x15e98445e982607eull,},
+ {0x6fb1b6845ce93f6dull,0x52d5387b1a0f8405ull,0xd6a11cff22d72a42ull,0x2283db33f8496ec9ull,},
+ {0x77bae4ccdf2e5bf6ull,0x21812c170f736a30ull,0x5a8477a3203036fbull,0x1e667d8ca4a419f4ull,},
+ },
+ {
+ {0xfc925115198c93d4ull,0x0aebd45cf3b16db7ull,0x2f7c3d2ab0f16732ull,0x1c4b48273365c9bcull,},
+ {0x2a26617f1f00e47full,0x828f68381a20ae68ull,0x0221e65b7f01b6e8ull,0x19e45e14ca4e5650ull,},
+ {0x231de599fda4c7e2ull,0x55e6d0d3df2457abull,0x34f961f715fddd4aull,0x0e97e5f5fbfe6aecull,},
+ {0x8f1f1a8b1b687949ull,0xbcbdae7ed35524edull,0xd7c78090035aa0b8ull,0x19f2a0d7fb844166ull,},
+ {0xc397557bba8fe6a4ull,0x366daf415604f8f6ull,0xa9b99d86ac93e705ull,0x21fb72d548929de6ull,},
+ {0x6a2ff9d0392aedf0ull,0xb0a90a0d10fb8fb2ull,0x5ef8e1768350ba26ull,0x24aca64027557318ull,},
+ },
+ {
+ {0x18e3eeb6b8937690ull,0x7c87ee4ffda9eb41ull,0x59d0d9e9eb070efdull,0x10b64beb52f348f5ull,},
+ {0x60cb09b15da28d99ull,0xde4b5aaff3981423ull,0x7429b4169dfddfb9ull,0x199eb1a7a6de0f9full,},
+ {0x450661858d54325eull,0x338439f5a896f88cull,0x9d41086dd111bec0ull,0x146d0b19b0b567ddull,},
+ {0x93a470115d0544ceull,0xdbec88b263d6ba96ull,0x4162857e9d97ef77ull,0x07a4e45e194880aaull,},
+ {0x7279bdde87e7ecb8ull,0xbfcc34d54c72df15ull,0x57d3ff1a2476f6c9ull,0x0f0da2351d32d405ull,},
+ {0xffee1be1efc73104ull,0xb873a987a8076cb4ull,0xce026a94aa6b71f0ull,0x15d4bd558bf59554ull,},
+ },
+ {
+ {0xae631a8d76bd7f86ull,0x7e7d9176acbc845eull,0xea421fd87eb8808aull,0x20aaae552a029015ull,},
+ {0x5c1c015cfce07393ull,0xc678b97a85aea9b0ull,0x1eea5259304f0a23ull,0x1464e4d058ceb8caull,},
+ {0xc65d3f2d4e51915cull,0xeedd92d9fe368d68ull,0xc8df47e3a123fc9eull,0x0a40dfad54ccd6aaull,},
+ {0x09a262e9428a05f8ull,0xa0510048ec69ab80ull,0x335a295aecb01ddbull,0x05d9e955d5b1a89full,},
+ {0x5eb68ea11c52c37aull,0xe444556824dd8a88ull,0x8e380018a6aeef10ull,0x0442ce4eda39623dull,},
+ {0xa77e431b883ec5b0ull,0xac34fb82921e9c20ull,0xa8cfc2d08ef8cfc0ull,0x24ae732a4db3bb4full,},
+ },
+ {
+ {0xd5563857f984777bull,0x538e5c618a4be3c1ull,0x5f8eff3fbeab5a7eull,0x017bdafb790e0102ull,},
+ {0x6a62e076dc44c251ull,0xd4743cd8eb4cb3dfull,0x98f0d5617f07650full,0x0ef52eb4c0151010ull,},
+ {0x516284d618713c13ull,0xe651d8c5769b47dfull,0x27fb0f16b90bfbdaull,0x10e729bd4403fe24ull,},
+ {0x7770b670be42c842ull,0x6a9d9db10a3626b9ull,0x17676416c44a62ebull,0x2155a03fd59945caull,},
+ {0xcd58941a2ba1e208ull,0x2d5e3caf14827df1ull,0x6e8dbafadc4e1635ull,0x03bbd3e6d397465aull,},
+ {0x451703d643a411bbull,0xcca0c1d97355c175ull,0xc5074f56618aa2f1ull,0x04c8acdd37ef602full,},
+ },
+ {
+ {0x3f7e0caeff75a1d9ull,0x1b753ba68a2b8451ull,0xf46aeda408dbf4f5ull,0x11652b99c4365b3full,},
+ {0x3f8bf5f03132d146ull,0x0b527b11a12d2424ull,0xd587034aa3632352ull,0x13ffef8175d1a563ull,},
+ {0x2a30747e4ac8eeaaull,0x0aea36171552eed3ull,0x04e341313ec7b422ull,0x1fb62ea6d5e86357ull,},
+ {0x13c69094d2dcc5aaull,0x54573685ddc44032ull,0xd95abdd392375f10ull,0x13a501913c2f1d0full,},
+ {0x343cc1b0318577b8ull,0x98776ba96045eb10ull,0x5492dba5b5936d5dull,0x1d1bb567d6a602e6ull,},
+ {0xccf58e05f8b305bdull,0x3fee26e8419548ceull,0x62c64af67fc27dc8ull,0x08456a814b2fe18bull,},
+ },
+ {
+ {0x47f8ccf69457895aull,0x66d08f143ca062fdull,0x8f0df2e2a97b4518ull,0x0cac6d2b34b243d6ull,},
+ {0x758f56a94a45e6beull,0x63ed30c20cf6721cull,0x20e942550629c9ccull,0x167acfffb8203274ull,},
+ {0x8e727dabacc57eb3ull,0xa2f85144ebbe15f3ull,0x7fc17e7a0a6a4291ull,0x1793c43f349e48b8ull,},
+ {0xed2f91d056a5c2d3ull,0x30433d773122e8ddull,0x2c3fef6399c4f9deull,0x099b39a0e3e524f2ull,},
+ {0x4cddac568a4b563cull,0xdcd1c44d3983138dull,0x2f421d9f8d71a88aull,0x01a02cb6459cdb12ull,},
+ {0x68c09ced7ae8977dull,0x76cb2bf3a933cdaeull,0x6390cd95c4f85d40ull,0x1cad79870e6b2c2cull,},
+ },
+ {
+ {0xfd754584dcb80db2ull,0xb73ea36e2df2b8c0ull,0x3ca5645bffb60c04ull,0x1280d1e1f4dd4da6ull,},
+ {0x75a069b69ae4403aull,0xbbf6c5ded1f82c60ull,0x34919f2295d7b5b4ull,0x1f7bc94e3a96507bull,},
+ {0x9255ca27cb288f9dull,0x760719cfb400f56full,0x291bfbf807781368ull,0x15fa25b272fee67eull,},
+ {0x6054f038190f5f6cull,0xe0978a57792a09bdull,0x1ed22ba69556fe50ull,0x20ba270b20baf856ull,},
+ {0x55de530a1af249d0ull,0x249e57b2414ceb2cull,0xd98bdcde7f16edfcull,0x0ee1bfb7da744ae4ull,},
+ {0x01b24c4d0bb96ddfull,0x32239e98244d75f0ull,0x20dc68759c157d45ull,0x0120769b781bc14eull,},
+ },
+ {
+ {0x4f93886e58c4695full,0x85d6a1914aba1d04ull,0x65bb00f8cf495806ull,0x22a2413c698ae97aull,},
+ {0x5e7928222bb02f69ull,0x93a92c850ce1dfb0ull,0xab3eda670f968b1aull,0x1d80886e0fba63ffull,},
+ {0x672372572dbdeb59ull,0xba4cd6dd6cb11489ull,0xc74f1c6e3b714d1bull,0x1680ad98da380987ull,},
+ {0xbad24d644fd9ab88ull,0x5c817abf11d3ce46ull,0x50587e12664ad6ebull,0x13505c240ec7b092ull,},
+ {0x69ade81d2b6d1284ull,0xdd1d9aacd53d3f77ull,0x0888b2de31545a07ull,0x110788f6944c78e4ull,},
+ {0x81032f6ea72116caull,0xfcb0253b20bea779ull,0x3d0a38d424eba36eull,0x07bdfcb51526c1e5ull,},
+ },
+ {
+ {0xebb80cf2cf44bfbeull,0xb8d559e318097038ull,0x212ed4c3d148be8eull,0x07028dcc862fbbb7ull,},
+ {0x91e0a395d89f04d4ull,0xf777ae0142ff07c1ull,0x546b9b47f738fa6eull,0x01c284ef516920c6ull,},
+ {0x2042edb5a4eb2cdcull,0xc69cefe0a36a7068ull,0x54471d65b3238311ull,0x077562b3344b4304ull,},
+ {0xdb85089b11ece88dull,0x5c27780550f90569ull,0xb9607c12434a6b3dull,0x0d02a6324718f932ull,},
+ {0x22ef9b5c8b453c5dull,0x6fdc3875e9247830ull,0x20e375065f9e593aull,0x2351c044ce0d933aull,},
+ {0xfa0fcb482093eacbull,0xf8d695e8413f5acdull,0xc7020d8c84a2d773ull,0x11bf7584e5283fa1ull,},
+ },
+ {
+ {0xc6b304aa2adf2dfcull,0x19aac2d5544ee834ull,0xb7966f8cd629c330ull,0x1bc72a08a8bf8f9bull,},
+ {0x18a5f463799112c7ull,0x4f14db51e967ebc3ull,0xa5ddb48f64db5e8eull,0x15b4fdd8610f3a32ull,},
+ {0xe7b86b479d7e2293ull,0x931034487abf490dull,0x8c40ab7dfd28a196ull,0x1d981d3918fdc3b5ull,},
+ {0x00797000c2afd324ull,0xf2954f0f86622806ull,0x8464fe0995cd3a7dull,0x0f0a74df4ca00cc3ull,},
+ {0x639707b1839c8330ull,0x9c8d491ad7d779a9ull,0x576b7e0f24ce5f46ull,0x21fbdcc42ccd04c2ull,},
+ {0x4578db4bdfd55434ull,0x1126933c97e9f4dcull,0xe64529a8921d7415ull,0x12e48bab87ea1fe3ull,},
+ },
+ {
+ {0x3f6d2fd04bd5ed75ull,0x65e464cdac7d235bull,0x45903a63a3608961ull,0x1f60c825bccd55c9ull,},
+ {0x36b33d0fb8528047ull,0xc8d1f1ad82683baeull,0x78f4b80065c2e4c6ull,0x2066f32874bd1228ull,},
+ {0x8b6d6a4b986e8d4cull,0x58f6f275f1d020f4ull,0xe4f3c16209e87ad5ull,0x1cdc33d41ad30173ull,},
+ {0x9ec18a6cba3fb3ecull,0x31fc74b68ac834c6ull,0x256788ece76e37b0ull,0x13de6919841928e1ull,},
+ {0xae46aa08773971f6ull,0xacd04d9698d47643ull,0x3667178a594f2153ull,0x19a0cadfa3cb7fa0ull,},
+ {0x228420456325e079ull,0x3e4ec53c418fdae9ull,0xb9fee919e867c6f1ull,0x2272413f3e989842ull,},
+ },
+ {
+ {0x6420ee94e7c764dcull,0x87b3c986d488deecull,0x11dc3e6b59de7ffbull,0x14bb613bce5792e2ull,},
+ {0xcc0b60cd4e352976ull,0x794b585f70a5b463ull,0x415cb954036ba631ull,0x1e521f8201ca4258ull,},
+ {0xd707ac91ecd5dbdaull,0x08ffd44e5fd83cc6ull,0xa5f39e0f8dff5afcull,0x02315f6a55599212ull,},
+ {0x2cdbd9f11596e797ull,0x7c560adedcf2cb25ull,0xdc474409e5650d9dull,0x158bc955e7e492e2ull,},
+ {0xd6023b14352a1766ull,0xd5c271d942b6541dull,0x5dc4d1c72d25258full,0x0753f065a4cb028eull,},
+ {0x11b4229a4c62010aull,0x2949cb6b089b3aa9ull,0x01b8bdc50766366dull,0x1094dfda1e2e5e57ull,},
+ },
+ {
+ {0x773cc6e1ac12f73eull,0x77686f8d75a83e9eull,0x7ce94b7ef1bd53a0ull,0x005a7d3e75c16332ull,},
+ {0xafdc64df2ceca388ull,0x15be551bbca0e367ull,0x62d9b7608cf3b8a2ull,0x11ddfe7a0a96af25ull,},
+ {0x5d23851a77554f67ull,0xa0f51815094e8050ull,0x930af7569c7850d7ull,0x108eb034eeda1460ull,},
+ {0x28a80b277688cae3ull,0xd09ef5d30ec9b193ull,0xb6c554e32540d421ull,0x1da12923355fd2faull,},
+ {0x9db6509d0130494dull,0xe28936417c250459ull,0xde8b4491aa8d1dc1ull,0x194b8e7bfc005322ull,},
+ {0x7aaeb4f2f941741bull,0xf9d7b55b452158f8ull,0x17e172a187f68105ull,0x02f620bde277950aull,},
+ },
+ {
+ {0xf555a7766ac21481ull,0x82b12050c9449770ull,0x7bd16da27eff49fcull,0x06d1ad9a6cd69b71ull,},
+ {0xa059542aa0f64e9full,0x93671f16b269a351ull,0x795262fddcb7cc3eull,0x199f355d6263cf86ull,},
+ {0x0cbf707f1f8f73aeull,0xf483501e15982b44ull,0x2456aaa4d84d80c0ull,0x0d0ffb5393f7dd0aull,},
+ {0x62999996c09097e2ull,0x1b87e828f9fc66e4ull,0x6b17eb3166967f57ull,0x1603601303478f52ull,},
+ {0xfb776d4fd407d485ull,0xac03efdb746bf127ull,0x57bde58a5671a601ull,0x0cfbfa20d141f05cull,},
+ {0x625ac1161752cbe2ull,0xe3348570b6ad71bcull,0x155b3911f5335f75ull,0x1679ec68122edc64ull,},
+ },
+ {
+ {0x9334b4c82aee3ef8ull,0x7ea393af9d865ce4ull,0x0f4ee0906b864850ull,0x1d9e34461e27cc61ull,},
+ {0x921b1a6aa179a081ull,0xcca25db2d609388dull,0x816b69ad9a56a314ull,0x00eb3f6388c4d375ull,},
+ {0x04e25f4225e50e72ull,0x59a20b6edf897f2aull,0x0842d5f5823535b4ull,0x0dceaf5ae8e50885ull,},
+ {0xac6598257175aa0aull,0x1d5d21e8129f2efaull,0xe81dcc9497cb17fdull,0x11327c40c92dff80ull,},
+ {0x149e4b2c0a3bfd81ull,0xb8efe68c475436ebull,0x3a8bf06e9ca15cd8ull,0x152d72639c6e5308ull,},
+ {0x217e0e34f3f76b8bull,0x5c722d926b596985ull,0x45417905be08807bull,0x1e6132b54ad5595eull,},
+ },
+ {
+ {0xe5b541097726667dull,0x5583dfb4ade471adull,0x1840bff44a2faef2ull,0x093c23f8028fe3b9ull,},
+ {0xe1e3347370f6e6c7ull,0x8dd7352c4dcc2a17ull,0x3cade218210f9e29ull,0x190ff57eac6e8b87ull,},
+ {0x34905e72c173fdc3ull,0x59f8c6f4373c834eull,0x1bd9feabed806c99ull,0x1f209a7935a8ba38ull,},
+ {0xe44f080023c83b49ull,0xfd2006276058693cull,0x44b43b6e462a32cbull,0x0942a0ed8e4657ebull,},
+ {0xf7e53796340fd772ull,0xf8219ede4152370full,0x548b9b002c19940cull,0x1d0aaff93f50f52full,},
+ {0xb5987eb545462ddaull,0xe0f29867116336edull,0xcc75a11c3ff8374aull,0x144d0b8fda0a44a9ull,},
+ },
+ {
+ {0x676408d2ff1a7593ull,0xc96a8077d911776full,0x9efff30500904c63ull,0x100a6093df2ae343ull,},
+ {0xf1f92502b846cf30ull,0x57888806036aec6cull,0x310ceb0b04caaa7cull,0x1192819a3058307bull,},
+ {0xbbf882b39fec7883ull,0x4079d241f7e6e0efull,0xb3090a69b3c7261full,0x16440a02d7fb5d2dull,},
+ {0x70e9c8a88422df45ull,0x48fa15635ca49bd9ull,0x0430c461bfb96d16ull,0x0a29a4007c99f6d1ull,},
+ {0x643a2bdb308a297cull,0xe4a5bca158e65ff6ull,0xc8dd1579abdeb9e5ull,0x1ee4a94b3d6c775cull,},
+ {0xc085b2622b5c4480ull,0x8c69048c5fcded96ull,0x418ba7bd3260d85dull,0x0b22158bb6c29f9eull,},
+ },
+ {
+ {0xf661abe667e83f01ull,0x41068a7e95fd10c0ull,0xc9c4cc186cb3eb72ull,0x1a95a93a30592461ull,},
+ {0x78dfc65c7280895eull,0xb9f1514b98add459ull,0xc7d713fd92025a11ull,0x0dbe6c1ceabcf73full,},
+ {0xe35368a946428244ull,0x990da5e2783a2762ull,0x686b61b7775fb02cull,0x1a79e39b78922172ull,},
+ {0xbf8ca28c8d95600full,0x0f56487a909e51cbull,0xfa1da11e3018a2faull,0x07a32571b231773cull,},
+ {0x46c84d812bce56f5ull,0x84aa8d8bfe2b498cull,0x699ad1f34e22d74cull,0x0ad743bd99c458dbull,},
+ {0xa8d16c7e09aa59b0ull,0x59ba8cbe75f31d51ull,0x5c68705d7838ff4eull,0x1c863feb5090e87eull,},
+ },
+ {
+ {0x86af66313ed193baull,0xa0902147163778b5ull,0xa101fcdc6b2d6191ull,0x12fbff4713e6eb10ull,},
+ {0x9e1abdaf6e329c66ull,0xd8de2fb4db8e7554ull,0xb4374e1e93a0171bull,0x0ba2ecd00749208full,},
+ {0x0cad8f57c02ce090ull,0xcac04eddadd338ecull,0x7ee5c235934f9918ull,0x24db5a9b0ad7ed64ull,},
+ {0x46288ad8e01c5063ull,0x4b4c58654226c44aull,0xc4974aaf56ae42dfull,0x173e64cdd5661536ull,},
+ {0x58b3450781e7e080ull,0x14ab3a25a5e64bbcull,0x3f9f91743276d2f5ull,0x0e101d0b89b81cdcull,},
+ {0xa6bca5fbe99b2b7full,0x5fb8817e670ef40eull,0xb44cbcb05de76cb3ull,0x17110ed4912babb5ull,},
+ },
+ {
+ {0x6745e77f4e05d8edull,0xed278e7875ebb5fdull,0x3662f60864a8ccd2ull,0x028104ffc0a31868ull,},
+ {0x740b76d64f25c9f0ull,0xb519a415132160e7ull,0x550a38ed829c5f68ull,0x04ea27d6deefcfabull,},
+ {0x32d82ea897185651ull,0x04a8f5b63a90573aull,0x2c88fdfba241b62full,0x0285780fe0b77687ull,},
+ {0xfb6ebce4f4b20f13ull,0x8ce24ff3dad1a3c7ull,0x716f93b316af50c2ull,0x0a09e678713447efull,},
+ {0x6868a19728642ca6ull,0x4be5579c08e0a30cull,0xbd630b8f9c3d1552ull,0x0f277cf26c8e60f2ull,},
+ {0x1a105d54bc290b18ull,0xa7e1a7c716529370ull,0x6e5a6c5b44350fd0ull,0x1fd2ae638488fccbull,},
+ },
+};
+#endif
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls256_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls256_test.cpp
new file mode 100644
index 000000000..e53a87057
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls256_test.cpp
@@ -0,0 +1,3 @@
+#define MCLBN_FP_UNIT_SIZE 4
+#include "bls_test.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls384_256_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls384_256_test.cpp
new file mode 100644
index 000000000..ea8126567
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls384_256_test.cpp
@@ -0,0 +1,4 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#define MCLBN_FR_UNIT_SIZE 4
+#include "bls_test.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls384_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls384_test.cpp
new file mode 100644
index 000000000..2212f8e6b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls384_test.cpp
@@ -0,0 +1,3 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#include "bls_test.hpp"
+
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls_c256_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls_c256_test.cpp
new file mode 100644
index 000000000..8613720b4
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls_c256_test.cpp
@@ -0,0 +1,2 @@
+#define MCLBN_FP_UNIT_SIZE 4
+#include "bls_c_test.hpp"
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls_c384_256_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls_c384_256_test.cpp
new file mode 100644
index 000000000..6f153f9d8
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls_c384_256_test.cpp
@@ -0,0 +1,3 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#define MCLBN_FR_UNIT_SIZE 4
+#include "bls_c_test.hpp"
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls_c384_test.cpp b/vendor/github.com/byzantine-lab/bls/test/bls_c384_test.cpp
new file mode 100644
index 000000000..b6886dd04
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls_c384_test.cpp
@@ -0,0 +1,2 @@
+#define MCLBN_FP_UNIT_SIZE 6
+#include "bls_c_test.hpp"
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls_c_test.hpp b/vendor/github.com/byzantine-lab/bls/test/bls_c_test.hpp
new file mode 100644
index 000000000..e9b6e6302
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls_c_test.hpp
@@ -0,0 +1,437 @@
+#include <cybozu/test.hpp>
+#include <cybozu/inttype.hpp>
+#include <bls/bls.h>
+#include <string.h>
+#include <cybozu/benchmark.hpp>
+#include <mcl/gmp_util.hpp>
+
+size_t pubSize(size_t FrSize)
+{
+#ifdef BLS_SWAP_G
+ return FrSize;
+#else
+ return FrSize * 2;
+#endif
+}
+size_t sigSize(size_t FrSize)
+{
+#ifdef BLS_SWAP_G
+ return FrSize * 2;
+#else
+ return FrSize;
+#endif
+}
+
+void bls_use_stackTest()
+{
+ blsSecretKey sec;
+ blsPublicKey pub;
+ blsSignature sig;
+ const char *msg = "this is a pen";
+ const size_t msgSize = strlen(msg);
+
+ blsSecretKeySetByCSPRNG(&sec);
+
+ blsGetPublicKey(&pub, &sec);
+
+ blsSign(&sig, &sec, msg, msgSize);
+
+ CYBOZU_TEST_ASSERT(blsVerify(&sig, &pub, msg, msgSize));
+}
+
+void blsDataTest()
+{
+ const char *msg = "test test";
+ const size_t msgSize = strlen(msg);
+ const size_t FrSize = blsGetFrByteSize();
+ const size_t FpSize = blsGetG1ByteSize();
+ blsSecretKey sec1, sec2;
+ blsSecretKeySetByCSPRNG(&sec1);
+ char buf[1024];
+ size_t n;
+ size_t ret;
+ n = blsSecretKeyGetHexStr(buf, sizeof(buf), &sec1);
+ CYBOZU_TEST_ASSERT(0 < n && n <= FrSize * 2);
+ ret = blsSecretKeySetHexStr(&sec2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+
+ memset(&sec2, 0, sizeof(sec2));
+ n = blsSecretKeySerialize(buf, sizeof(buf), &sec1);
+ CYBOZU_TEST_EQUAL(n, FrSize);
+ ret = blsSecretKeyDeserialize(&sec2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+
+ blsPublicKey pub1, pub2;
+ blsGetPublicKey(&pub1, &sec1);
+ n = blsPublicKeySerialize(buf, sizeof(buf), &pub1);
+ CYBOZU_TEST_EQUAL(n, pubSize(FpSize));
+ ret = blsPublicKeyDeserialize(&pub2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub1, &pub2));
+ blsSignature sig1, sig2;
+ blsSign(&sig1, &sec1, msg, msgSize);
+ n = blsSignatureSerialize(buf, sizeof(buf), &sig1);
+ CYBOZU_TEST_EQUAL(n, sigSize(FpSize));
+ ret = blsSignatureDeserialize(&sig2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSignatureIsEqual(&sig1, &sig2));
+}
+
+void blsOrderTest(const char *curveOrder/*Fr*/, const char *fieldOrder/*Fp*/)
+{
+ char buf[1024];
+ size_t len;
+ len = blsGetCurveOrder(buf, sizeof(buf));
+ CYBOZU_TEST_ASSERT(len > 0);
+ CYBOZU_TEST_EQUAL(buf, curveOrder);
+ len = blsGetFieldOrder(buf, sizeof(buf));
+ CYBOZU_TEST_ASSERT(len > 0);
+ CYBOZU_TEST_EQUAL(buf, fieldOrder);
+}
+
+#if !defined(DISABLE_THREAD_TEST) || defined(__clang__)
+#if defined(CYBOZU_CPP_VERSION) && CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+#include <thread>
+#include <vector>
+struct Thread {
+ std::unique_ptr<std::thread> t;
+ Thread() : t() {}
+ ~Thread()
+ {
+ if (t) {
+ t->join();
+ }
+ }
+ template<class F>
+ void run(F func, int p1, int p2)
+ {
+ t.reset(new std::thread(func, p1, p2));
+ }
+};
+
+CYBOZU_TEST_AUTO(multipleInit)
+{
+ const size_t n = 100;
+ {
+ std::vector<Thread> vt(n);
+ for (size_t i = 0; i < n; i++) {
+ vt[i].run(blsInit, MCL_BN254, MCLBN_COMPILED_TIME_VAR);
+ }
+ }
+ CYBOZU_TEST_EQUAL(blsGetOpUnitSize(), 4u);
+#if MCLBN_FP_UNIT_SIZE == 6
+ {
+ std::vector<Thread> vt(n);
+ for (size_t i = 0; i < n; i++) {
+ vt[i].run(blsInit, MCL_BLS12_381, MCLBN_COMPILED_TIME_VAR);
+ }
+ }
+ CYBOZU_TEST_EQUAL(blsGetOpUnitSize(), 6u);
+#endif
+}
+#endif
+#endif
+
+void blsSerializeTest()
+{
+ const size_t FrSize = blsGetFrByteSize();
+ const size_t FpSize = blsGetG1ByteSize();
+ printf("FrSize=%d, FpSize=%d\n", (int)FrSize, (int)FpSize);
+ blsId id1, id2;
+ blsSecretKey sec1, sec2;
+ blsPublicKey pub1, pub2;
+ blsSignature sig1, sig2;
+ char buf[1024];
+ size_t n;
+ size_t expectSize;
+ size_t ret;
+ const char dummyChar = '1';
+
+ // Id
+ expectSize = FrSize;
+ blsIdSetInt(&id1, -1);
+ n = blsIdSerialize(buf, sizeof(buf), &id1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+
+ ret = blsIdDeserialize(&id2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsIdIsEqual(&id1, &id2));
+
+ ret = blsIdDeserialize(&id2, buf, n - 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+
+ memset(&id2, 0, sizeof(id2));
+ buf[n] = dummyChar;
+ ret = blsIdDeserialize(&id2, buf, n + 1);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsIdIsEqual(&id1, &id2));
+
+ n = blsIdSerialize(buf, expectSize, &id1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+
+ // SecretKey
+ expectSize = FrSize;
+ blsSecretKeySetDecStr(&sec1, "-1", 2);
+ n = blsSecretKeySerialize(buf, sizeof(buf), &sec1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+
+ ret = blsSecretKeyDeserialize(&sec2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+
+ ret = blsSecretKeyDeserialize(&sec2, buf, n - 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+
+ memset(&sec2, 0, sizeof(sec2));
+ buf[n] = dummyChar;
+ ret = blsSecretKeyDeserialize(&sec2, buf, n + 1);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+
+ n = blsSecretKeySerialize(buf, expectSize, &sec1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+
+ // PublicKey
+ expectSize = pubSize(FpSize);
+ blsGetPublicKey(&pub1, &sec1);
+ n = blsPublicKeySerialize(buf, sizeof(buf), &pub1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsValidOrder(&pub1));
+
+ ret = blsPublicKeyDeserialize(&pub2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub1, &pub2));
+
+ ret = blsPublicKeyDeserialize(&pub2, buf, n - 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+
+ memset(&pub2, 0, sizeof(pub2));
+ buf[n] = dummyChar;
+ ret = blsPublicKeyDeserialize(&pub2, buf, n + 1);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub1, &pub2));
+
+ n = blsPublicKeySerialize(buf, expectSize, &pub1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+
+ // Signature
+#ifdef BLS_SWAP_G
+ expectSize = FpSize * 2;
+#else
+ expectSize = FpSize;
+#endif
+ blsSign(&sig1, &sec1, "abc", 3);
+ n = blsSignatureSerialize(buf, sizeof(buf), &sig1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+ CYBOZU_TEST_ASSERT(blsSignatureIsValidOrder(&sig1));
+
+ ret = blsSignatureDeserialize(&sig2, buf, n);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSignatureIsEqual(&sig1, &sig2));
+
+ ret = blsSignatureDeserialize(&sig2, buf, n - 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+
+ memset(&sig2, 0, sizeof(sig2));
+ buf[n] = dummyChar;
+ ret = blsSignatureDeserialize(&sig2, buf, n + 1);
+ CYBOZU_TEST_EQUAL(ret, n);
+ CYBOZU_TEST_ASSERT(blsSignatureIsEqual(&sig1, &sig2));
+
+ n = blsSignatureSerialize(buf, expectSize, &sig1);
+ CYBOZU_TEST_EQUAL(n, expectSize);
+}
+
+void blsVerifyOrderTest()
+{
+ puts("blsVerifyOrderTest");
+#ifdef BLS_SWAP_G
+ const uint8_t Qs[] =
+#else
+ const uint8_t Ps[] =
+#endif
+ {
+0x7b, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+ };
+#ifdef BLS_SWAP_G
+ const uint8_t Ps[] =
+#else
+ const uint8_t Qs[] =
+#endif
+ {
+0x7c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+ };
+ size_t n;
+ blsPublicKey pub;
+ n = blsPublicKeyDeserialize(&pub, Ps, sizeof(Ps));
+ CYBOZU_TEST_EQUAL(n, 0);
+ blsPublicKeyVerifyOrder(0);
+ n = blsPublicKeyDeserialize(&pub, Ps, sizeof(Ps));
+ CYBOZU_TEST_ASSERT(n > 0);
+ CYBOZU_TEST_ASSERT(!blsPublicKeyIsValidOrder(&pub));
+ blsPublicKeyVerifyOrder(1);
+
+ blsSignature sig;
+ n = blsSignatureDeserialize(&sig, Qs, sizeof(Qs));
+ CYBOZU_TEST_EQUAL(n, 0);
+ blsSignatureVerifyOrder(0);
+ n = blsSignatureDeserialize(&sig, Qs, sizeof(Qs));
+ CYBOZU_TEST_ASSERT(n > 0);
+ CYBOZU_TEST_ASSERT(!blsSignatureIsValidOrder(&sig));
+ blsSignatureVerifyOrder(1);
+}
+
+void blsAddSubTest()
+{
+ blsSecretKey sec[3];
+ blsPublicKey pub[3];
+ blsSignature sig[3];
+ const char *msg = "this is a pen";
+ const size_t msgSize = strlen(msg);
+
+ const char *secHexStr[8] = { "12", "34" };
+ for (int i = 0; i < 2; i++) {
+ blsSecretKeySetHexStr(&sec[i], secHexStr[i], strlen(secHexStr[i]));
+ blsGetPublicKey(&pub[i], &sec[i]);
+ blsSign(&sig[i], &sec[i], msg, msgSize);
+ }
+ sec[2] = sec[0];
+ blsSecretKeyAdd(&sec[2], &sec[1]);
+ char buf[1024];
+ size_t n = blsSecretKeyGetHexStr(buf, sizeof(buf), &sec[2]);
+ CYBOZU_TEST_EQUAL(n, 2);
+ CYBOZU_TEST_EQUAL(buf, "46"); // "12" + "34"
+
+ pub[2] = pub[0];
+ blsPublicKeyAdd(&pub[2], &pub[1]);
+ sig[2] = sig[0];
+ blsSignatureAdd(&sig[2], &sig[1]); // sig[2] = sig[0] + sig[1]
+ blsSignature sig2;
+ blsSign(&sig2, &sec[2], msg, msgSize); // sig2 = signature by sec[2]
+ CYBOZU_TEST_ASSERT(blsSignatureIsEqual(&sig2, &sig[2]));
+ CYBOZU_TEST_ASSERT(blsVerify(&sig[2], &pub[2], msg, msgSize)); // verify by pub[2]
+
+ blsSecretKeySub(&sec[2], &sec[1]);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec[2], &sec[0]));
+ blsPublicKeySub(&pub[2], &pub[1]);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub[2], &pub[0]));
+ blsSignatureSub(&sig[2], &sig[1]);
+ CYBOZU_TEST_ASSERT(blsSignatureIsEqual(&sig[2], &sig[0]));
+}
+
+void blsTrivialShareTest()
+{
+ blsSecretKey sec1, sec2;
+ blsPublicKey pub1, pub2;
+ blsId id;
+ blsIdSetInt(&id, 123);
+
+ blsSecretKeySetByCSPRNG(&sec1);
+ blsGetPublicKey(&pub1, &sec1);
+ int ret;
+
+ memset(&sec2, 0, sizeof(sec2));
+ ret = blsSecretKeyShare(&sec2, &sec1, 1, &id);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+ memset(&sec2, 0, sizeof(sec2));
+ ret = blsSecretKeyRecover(&sec2, &sec1, &id, 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ CYBOZU_TEST_ASSERT(blsSecretKeyIsEqual(&sec1, &sec2));
+
+ memset(&pub2, 0, sizeof(pub2));
+ ret = blsPublicKeyShare(&pub2, &pub1, 1, &id);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub1, &pub2));
+ memset(&pub2, 0, sizeof(pub2));
+ ret = blsPublicKeyRecover(&pub2, &pub1, &id, 1);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ CYBOZU_TEST_ASSERT(blsPublicKeyIsEqual(&pub1, &pub2));
+}
+
+void modTest(const char *rStr)
+{
+ unsigned char buf[1024] = {};
+ int ret;
+ blsSecretKey sec;
+ const size_t maxByte = 64; // 512-bit
+ memset(buf, 0xff, maxByte);
+ ret = blsSecretKeySetLittleEndianMod(&sec, buf, maxByte);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ const mpz_class x = (mpz_class(1) << (maxByte * 8)) - 1; // 512-bit 0xff....ff
+ const mpz_class r(rStr);
+ size_t n = blsSecretKeySerialize(buf, sizeof(buf), &sec);
+ CYBOZU_TEST_ASSERT(n > 0);
+ // serialized data to mpz_class
+ mpz_class y = 0;
+ for (size_t i = 0; i < n; i++) {
+ y <<= 8;
+ y += buf[n - 1 - i];
+ }
+ CYBOZU_TEST_EQUAL(y, x % r);
+}
+
+void blsBench()
+{
+ blsSecretKey sec;
+ blsPublicKey pub;
+ blsSignature sig;
+ const char *msg = "this is a pen";
+ const size_t msgSize = strlen(msg);
+
+ blsSecretKeySetByCSPRNG(&sec);
+
+ blsGetPublicKey(&pub, &sec);
+
+ CYBOZU_BENCH_C("sign", 10000, blsSign, &sig, &sec, msg, msgSize);
+ CYBOZU_BENCH_C("verify", 1000, blsVerify, &sig, &pub, msg, msgSize);
+}
+
+CYBOZU_TEST_AUTO(all)
+{
+ const struct {
+ int curveType;
+ const char *r;
+ const char *p;
+ } tbl[] = {
+ {
+ MCL_BN254,
+ "16798108731015832284940804142231733909759579603404752749028378864165570215949",
+ "16798108731015832284940804142231733909889187121439069848933715426072753864723",
+ },
+#if MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 6
+ {
+ MCL_BN381_1,
+ "5540996953667913971058039301942914304734176495422447785042938606876043190415948413757785063597439175372845535461389",
+ "5540996953667913971058039301942914304734176495422447785045292539108217242186829586959562222833658991069414454984723",
+ },
+#endif
+#if MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE >= 4
+ {
+ MCL_BLS12_381,
+ "52435875175126190479447740508185965837690552500527637822603658699938581184513",
+ "4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787",
+ },
+#endif
+ };
+ for (size_t i = 0; i < sizeof(tbl) / sizeof(tbl[0]); i++) {
+ printf("i=%d\n", (int)i);
+ int ret = blsInit(tbl[i].curveType, MCLBN_COMPILED_TIME_VAR);
+ CYBOZU_TEST_EQUAL(ret, 0);
+ if (ret) {
+ printf("ERR %d\n", ret);
+ exit(1);
+ }
+ bls_use_stackTest();
+ blsDataTest();
+ blsOrderTest(tbl[i].r, tbl[i].p);
+ blsSerializeTest();
+ if (tbl[i].curveType == MCL_BLS12_381) blsVerifyOrderTest();
+ blsAddSubTest();
+ blsTrivialShareTest();
+ modTest(tbl[i].r);
+ blsBench();
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/test/bls_test.hpp b/vendor/github.com/byzantine-lab/bls/test/bls_test.hpp
new file mode 100644
index 000000000..346fafe15
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/bls_test.hpp
@@ -0,0 +1,545 @@
+#include <bls/bls.hpp>
+#include <cybozu/test.hpp>
+#include <cybozu/inttype.hpp>
+#include <iostream>
+#include <sstream>
+#include <cybozu/benchmark.hpp>
+#include <cybozu/sha2.hpp>
+
+template<class T>
+void streamTest(const T& t)
+{
+ std::ostringstream oss;
+ oss << t;
+ std::istringstream iss(oss.str());
+ T t2;
+ iss >> t2;
+ CYBOZU_TEST_EQUAL(t, t2);
+}
+
+template<class T>
+void testSetForBN254()
+{
+ /*
+ mask value to be less than r if the value >= (1 << (192 + 62))
+ */
+ const uint64_t fff = uint64_t(-1);
+ const uint64_t one = uint64_t(1);
+ const struct {
+ uint64_t in;
+ uint64_t expected;
+ } tbl[] = {
+ { fff, (one << 61) - 1 }, // masked with (1 << 61) - 1
+ { one << 62, 0 }, // masked
+ { (one << 62) | (one << 61), (one << 61) }, // masked
+ { (one << 61) - 1, (one << 61) - 1 }, // same
+ };
+ T t1, t2;
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ uint64_t v1[] = { fff, fff, fff, tbl[i].in };
+ uint64_t v2[] = { fff, fff, fff, tbl[i].expected };
+ t1.set(v1);
+ t2.set(v2);
+ CYBOZU_TEST_EQUAL(t1, t2);
+ }
+}
+
+void testForBN254()
+{
+ CYBOZU_TEST_EQUAL(bls::getOpUnitSize(), 4);
+ bls::Id id;
+ CYBOZU_TEST_ASSERT(id.isZero());
+ id = 5;
+ CYBOZU_TEST_EQUAL(id, 5);
+ {
+ const uint64_t id1[] = { 1, 2, 3, 4 };
+ id.set(id1);
+ std::ostringstream os;
+ os << id;
+ CYBOZU_TEST_EQUAL(os.str(), "0x4000000000000000300000000000000020000000000000001");
+ }
+ testSetForBN254<bls::Id>();
+ testSetForBN254<bls::SecretKey>();
+}
+
+void hashTest(int type)
+{
+ bls::SecretKey sec;
+ sec.init();
+ bls::PublicKey pub;
+ sec.getPublicKey(pub);
+ const std::string h = "\x01\x02\x03";
+ bls::Signature sig;
+ sec.signHash(sig, h);
+ CYBOZU_TEST_ASSERT(sig.verifyHash(pub, h));
+ CYBOZU_TEST_ASSERT(!sig.verifyHash(pub, "\x01\x02\04"));
+ if (type == MCL_BN254) {
+ CYBOZU_TEST_EXCEPTION(sec.signHash(sig, "", 0), std::exception);
+ CYBOZU_TEST_EXCEPTION(sec.signHash(sig, "\x00", 1), std::exception);
+ CYBOZU_TEST_EXCEPTION(sec.signHash(sig, "\x00\x00", 2), std::exception);
+#ifndef BLS_SWAP_G
+ const uint64_t c1[] = { 0x0c00000000000004ull, 0xcf0f000000000006ull, 0x26cd890000000003ull, 0x2523648240000001ull };
+ const uint64_t mc1[] = { 0x9b0000000000000full, 0x921200000000000dull, 0x9366c48000000004ull };
+ CYBOZU_TEST_EXCEPTION(sec.signHash(sig, c1, 32), std::exception);
+ CYBOZU_TEST_EXCEPTION(sec.signHash(sig, mc1, 24), std::exception);
+#endif
+ }
+}
+
+void blsTest()
+{
+ bls::SecretKey sec;
+ sec.init();
+ streamTest(sec);
+ bls::PublicKey pub;
+ sec.getPublicKey(pub);
+ streamTest(pub);
+ for (int i = 0; i < 5; i++) {
+ std::string m = "hello";
+ m += char('0' + i);
+ bls::Signature sig;
+ sec.sign(sig, m);
+ CYBOZU_TEST_ASSERT(sig.verify(pub, m));
+ CYBOZU_TEST_ASSERT(!sig.verify(pub, m + "a"));
+ streamTest(sig);
+ CYBOZU_BENCH_C("sign", 10000, sec.sign, sig, m);
+ CYBOZU_BENCH_C("verify", 1000, sig.verify, pub, m);
+ }
+}
+
+void k_of_nTest()
+{
+ const std::string m = "abc";
+ const int n = 5;
+ const int k = 3;
+ bls::SecretKey sec0;
+ sec0.init();
+ bls::Signature sig0;
+ sec0.sign(sig0, m);
+ bls::PublicKey pub0;
+ sec0.getPublicKey(pub0);
+ CYBOZU_TEST_ASSERT(sig0.verify(pub0, m));
+
+ bls::SecretKeyVec msk;
+ sec0.getMasterSecretKey(msk, k);
+
+ bls::SecretKeyVec allPrvVec(n);
+ bls::IdVec allIdVec(n);
+ for (int i = 0; i < n; i++) {
+ int id = i + 1;
+ allPrvVec[i].set(msk, id);
+ allIdVec[i] = id;
+
+ bls::SecretKey p;
+ p.set(msk.data(), k, id);
+ CYBOZU_TEST_EQUAL(allPrvVec[i], p);
+ }
+
+ bls::SignatureVec allSigVec(n);
+ for (int i = 0; i < n; i++) {
+ CYBOZU_TEST_ASSERT(allPrvVec[i] != sec0);
+ allPrvVec[i].sign(allSigVec[i], m);
+ bls::PublicKey pub;
+ allPrvVec[i].getPublicKey(pub);
+ CYBOZU_TEST_ASSERT(pub != pub0);
+ CYBOZU_TEST_ASSERT(allSigVec[i].verify(pub, m));
+ }
+
+ /*
+ 3-out-of-n
+ can recover
+ */
+ bls::SecretKeyVec secVec(3);
+ bls::IdVec idVec(3);
+ for (int a = 0; a < n; a++) {
+ secVec[0] = allPrvVec[a];
+ idVec[0] = allIdVec[a];
+ for (int b = a + 1; b < n; b++) {
+ secVec[1] = allPrvVec[b];
+ idVec[1] = allIdVec[b];
+ for (int c = b + 1; c < n; c++) {
+ secVec[2] = allPrvVec[c];
+ idVec[2] = allIdVec[c];
+ bls::SecretKey sec;
+ sec.recover(secVec, idVec);
+ CYBOZU_TEST_EQUAL(sec, sec0);
+ bls::SecretKey sec2;
+ sec2.recover(secVec.data(), idVec.data(), secVec.size());
+ CYBOZU_TEST_EQUAL(sec, sec2);
+ }
+ }
+ }
+ {
+ secVec[0] = allPrvVec[0];
+ secVec[1] = allPrvVec[1];
+ secVec[2] = allPrvVec[0]; // same of secVec[0]
+ idVec[0] = allIdVec[0];
+ idVec[1] = allIdVec[1];
+ idVec[2] = allIdVec[0];
+ bls::SecretKey sec;
+ CYBOZU_TEST_EXCEPTION_MESSAGE(sec.recover(secVec, idVec), std::exception, "same id");
+ }
+ {
+ /*
+ n-out-of-n
+ can recover
+ */
+ bls::SecretKey sec;
+ sec.recover(allPrvVec, allIdVec);
+ CYBOZU_TEST_EQUAL(sec, sec0);
+ }
+ /*
+ 2-out-of-n
+ can't recover
+ */
+ secVec.resize(2);
+ idVec.resize(2);
+ for (int a = 0; a < n; a++) {
+ secVec[0] = allPrvVec[a];
+ idVec[0] = allIdVec[a];
+ for (int b = a + 1; b < n; b++) {
+ secVec[1] = allPrvVec[b];
+ idVec[1] = allIdVec[b];
+ bls::SecretKey sec;
+ sec.recover(secVec, idVec);
+ CYBOZU_TEST_ASSERT(sec != sec0);
+ }
+ }
+ /*
+ 3-out-of-n
+ can recover
+ */
+ bls::SignatureVec sigVec(3);
+ idVec.resize(3);
+ for (int a = 0; a < n; a++) {
+ sigVec[0] = allSigVec[a];
+ idVec[0] = allIdVec[a];
+ for (int b = a + 1; b < n; b++) {
+ sigVec[1] = allSigVec[b];
+ idVec[1] = allIdVec[b];
+ for (int c = b + 1; c < n; c++) {
+ sigVec[2] = allSigVec[c];
+ idVec[2] = allIdVec[c];
+ bls::Signature sig;
+ sig.recover(sigVec, idVec);
+ CYBOZU_TEST_EQUAL(sig, sig0);
+ }
+ }
+ }
+ {
+ sigVec[0] = allSigVec[1]; idVec[0] = allIdVec[1];
+ sigVec[1] = allSigVec[4]; idVec[1] = allIdVec[4];
+ sigVec[2] = allSigVec[3]; idVec[2] = allIdVec[3];
+ bls::Signature sig;
+ CYBOZU_BENCH_C("sig.recover", 100, sig.recover, sigVec, idVec);
+ }
+ {
+ /*
+ n-out-of-n
+ can recover
+ */
+ bls::Signature sig;
+ sig.recover(allSigVec, allIdVec);
+ CYBOZU_TEST_EQUAL(sig, sig0);
+ }
+ /*
+ 2-out-of-n
+ can't recover
+ */
+ sigVec.resize(2);
+ idVec.resize(2);
+ for (int a = 0; a < n; a++) {
+ sigVec[0] = allSigVec[a];
+ idVec[0] = allIdVec[a];
+ for (int b = a + 1; b < n; b++) {
+ sigVec[1] = allSigVec[b];
+ idVec[1] = allIdVec[b];
+ bls::Signature sig;
+ sig.recover(sigVec, idVec);
+ CYBOZU_TEST_ASSERT(sig != sig0);
+ }
+ }
+ // return same value if n = 1
+ sigVec.resize(1);
+ idVec.resize(1);
+ sigVec[0] = allSigVec[0];
+ idVec[0] = allIdVec[0];
+ {
+ bls::Signature sig;
+ sig.recover(sigVec, idVec);
+ CYBOZU_TEST_EQUAL(sig, sigVec[0]);
+ }
+ // share and recover publicKey
+ {
+ bls::PublicKeyVec pubVec(k);
+ idVec.resize(k);
+ // select [0, k) publicKey
+ for (int i = 0; i < k; i++) {
+ allPrvVec[i].getPublicKey(pubVec[i]);
+ idVec[i] = allIdVec[i];
+ }
+ bls::PublicKey pub;
+ pub.recover(pubVec, idVec);
+ CYBOZU_TEST_EQUAL(pub, pub0);
+ bls::PublicKey pub2;
+ pub2.recover(pubVec.data(), idVec.data(), pubVec.size());
+ CYBOZU_TEST_EQUAL(pub, pub2);
+ }
+}
+
+void popTest()
+{
+ const size_t k = 3;
+ const size_t n = 6;
+ const std::string m = "pop test";
+ bls::SecretKey sec0;
+ sec0.init();
+ bls::PublicKey pub0;
+ sec0.getPublicKey(pub0);
+ bls::Signature sig0;
+ sec0.sign(sig0, m);
+ CYBOZU_TEST_ASSERT(sig0.verify(pub0, m));
+
+ bls::SecretKeyVec msk;
+ sec0.getMasterSecretKey(msk, k);
+
+ bls::PublicKeyVec mpk;
+ bls::getMasterPublicKey(mpk, msk);
+ bls::SignatureVec popVec;
+ bls::getPopVec(popVec, msk);
+
+ for (size_t i = 0; i < popVec.size(); i++) {
+ CYBOZU_TEST_ASSERT(popVec[i].verify(mpk[i]));
+ }
+
+ const int idTbl[n] = {
+ 3, 5, 193, 22, 15
+ };
+ bls::SecretKeyVec secVec(n);
+ bls::PublicKeyVec pubVec(n);
+ bls::SignatureVec sVec(n);
+ for (size_t i = 0; i < n; i++) {
+ int id = idTbl[i];
+ secVec[i].set(msk, id);
+ secVec[i].getPublicKey(pubVec[i]);
+ bls::PublicKey pub;
+ pub.set(mpk, id);
+ CYBOZU_TEST_EQUAL(pubVec[i], pub);
+
+ bls::Signature pop;
+ secVec[i].getPop(pop);
+ CYBOZU_TEST_ASSERT(pop.verify(pubVec[i]));
+
+ secVec[i].sign(sVec[i], m);
+ CYBOZU_TEST_ASSERT(sVec[i].verify(pubVec[i], m));
+ }
+ secVec.resize(k);
+ sVec.resize(k);
+ bls::IdVec idVec(k);
+ for (size_t i = 0; i < k; i++) {
+ idVec[i] = idTbl[i];
+ }
+ bls::SecretKey sec;
+ sec.recover(secVec, idVec);
+ CYBOZU_TEST_EQUAL(sec, sec0);
+ bls::Signature sig;
+ sig.recover(sVec, idVec);
+ CYBOZU_TEST_EQUAL(sig, sig0);
+ bls::Signature sig2;
+ sig2.recover(sVec.data(), idVec.data(), sVec.size());
+ CYBOZU_TEST_EQUAL(sig, sig2);
+}
+
+void addTest()
+{
+ bls::SecretKey sec1, sec2;
+ sec1.init();
+ sec2.init();
+ CYBOZU_TEST_ASSERT(sec1 != sec2);
+
+ bls::PublicKey pub1, pub2;
+ sec1.getPublicKey(pub1);
+ sec2.getPublicKey(pub2);
+
+ const std::string m = "doremi";
+ bls::Signature sig1, sig2;
+ sec1.sign(sig1, m);
+ sec2.sign(sig2, m);
+ CYBOZU_TEST_ASSERT((sig1 + sig2).verify(pub1 + pub2, m));
+}
+
+void aggregateTest()
+{
+ const size_t n = 10;
+ bls::SecretKey secs[n];
+ bls::PublicKey pubs[n], pub;
+ bls::Signature sigs[n], sig;
+ const std::string m = "abc";
+ for (size_t i = 0; i < n; i++) {
+ secs[i].init();
+ secs[i].getPublicKey(pubs[i]);
+ secs[i].sign(sigs[i], m);
+ }
+ pub = pubs[0];
+ sig = sigs[0];
+ for (size_t i = 1; i < n; i++) {
+ pub.add(pubs[i]);
+ sig.add(sigs[i]);
+ }
+ CYBOZU_TEST_ASSERT(sig.verify(pub, m));
+}
+
+void dataTest()
+{
+ const size_t FrSize = bls::getFrByteSize();
+ const size_t FpSize = bls::getG1ByteSize();
+ bls::SecretKey sec;
+ sec.init();
+ std::string str;
+ sec.getStr(str, bls::IoFixedByteSeq);
+ {
+ CYBOZU_TEST_EQUAL(str.size(), FrSize);
+ bls::SecretKey sec2;
+ sec2.setStr(str, bls::IoFixedByteSeq);
+ CYBOZU_TEST_EQUAL(sec, sec2);
+ }
+ bls::PublicKey pub;
+ sec.getPublicKey(pub);
+ pub.getStr(str, bls::IoFixedByteSeq);
+ {
+#ifdef BLS_SWAP_G
+ CYBOZU_TEST_EQUAL(str.size(), FpSize);
+#else
+ CYBOZU_TEST_EQUAL(str.size(), FpSize * 2);
+#endif
+ bls::PublicKey pub2;
+ pub2.setStr(str, bls::IoFixedByteSeq);
+ CYBOZU_TEST_EQUAL(pub, pub2);
+ }
+ std::string m = "abc";
+ bls::Signature sign;
+ sec.sign(sign, m);
+ sign.getStr(str, bls::IoFixedByteSeq);
+ {
+#ifdef BLS_SWAP_G
+ CYBOZU_TEST_EQUAL(str.size(), FpSize * 2);
+#else
+ CYBOZU_TEST_EQUAL(str.size(), FpSize);
+#endif
+ bls::Signature sign2;
+ sign2.setStr(str, bls::IoFixedByteSeq);
+ CYBOZU_TEST_EQUAL(sign, sign2);
+ }
+ bls::Id id;
+ const uint64_t v[] = { 1, 2, 3, 4, 5, 6, };
+ id.set(v);
+ id.getStr(str, bls::IoFixedByteSeq);
+ {
+ CYBOZU_TEST_EQUAL(str.size(), FrSize);
+ bls::Id id2;
+ id2.setStr(str, bls::IoFixedByteSeq);
+ CYBOZU_TEST_EQUAL(id, id2);
+ }
+}
+
+void verifyAggregateTest()
+{
+ const size_t n = 10;
+ bls::SecretKey secs[n];
+ bls::PublicKey pubs[n];
+ bls::Signature sigs[n], sig;
+ const size_t sizeofHash = 32;
+ struct Hash { char data[sizeofHash]; };
+ std::vector<Hash> h(n);
+ for (size_t i = 0; i < n; i++) {
+ char msg[128];
+ CYBOZU_SNPRINTF(msg, sizeof(msg), "abc-%d", (int)i);
+ const size_t msgSize = strlen(msg);
+ cybozu::Sha256().digest(h[i].data, sizeofHash, msg, msgSize);
+ secs[i].init();
+ secs[i].getPublicKey(pubs[i]);
+ secs[i].signHash(sigs[i], h[i].data, sizeofHash);
+ }
+ sig = sigs[0];
+ for (size_t i = 1; i < n; i++) {
+ sig.add(sigs[i]);
+ }
+ CYBOZU_TEST_ASSERT(sig.verifyAggregatedHashes(pubs, h.data(), sizeofHash, n));
+ bls::Signature invalidSig = sigs[0] + sigs[1];
+ CYBOZU_TEST_ASSERT(!invalidSig.verifyAggregatedHashes(pubs, h.data(), sizeofHash, n));
+ h[0].data[0]++;
+ CYBOZU_TEST_ASSERT(!sig.verifyAggregatedHashes(pubs, h.data(), sizeofHash, n));
+}
+
+unsigned int writeSeq(void *self, void *buf, unsigned int bufSize)
+{
+ int& seq = *(int*)self;
+ char *p = (char *)buf;
+ for (unsigned int i = 0; i < bufSize; i++) {
+ p[i] = char(seq++);
+ }
+ return bufSize;
+}
+
+void setRandFuncTest()
+{
+ blsSecretKey sec;
+ const int seqInit1 = 5;
+ int seq = seqInit1;
+ blsSetRandFunc(&seq, writeSeq);
+ blsSecretKeySetByCSPRNG(&sec);
+ unsigned char buf[128];
+ size_t n = blsSecretKeySerialize(buf, sizeof(buf), &sec);
+ CYBOZU_TEST_ASSERT(n > 0);
+ for (size_t i = 0; i < n - 1; i++) {
+ // ommit buf[n - 1] because it may be masked
+ CYBOZU_TEST_EQUAL(buf[i], seqInit1 + i);
+ }
+ // use default CSPRNG
+ blsSetRandFunc(0, 0);
+ blsSecretKeySetByCSPRNG(&sec);
+ n = blsSecretKeySerialize(buf, sizeof(buf), &sec);
+ CYBOZU_TEST_ASSERT(n > 0);
+ printf("sec=");
+ for (size_t i = 0; i < n; i++) {
+ printf("%02x", buf[i]);
+ }
+ printf("\n");
+}
+
+void testAll()
+{
+ blsTest();
+ k_of_nTest();
+ popTest();
+ addTest();
+ dataTest();
+ aggregateTest();
+ verifyAggregateTest();
+ setRandFuncTest();
+}
+CYBOZU_TEST_AUTO(all)
+{
+ const struct {
+ int type;
+ const char *name;
+ } tbl[] = {
+ { MCL_BN254, "BN254" },
+#if MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 6
+ { MCL_BN381_1, "BN381_1" },
+#endif
+#if MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 4
+ { MCL_BLS12_381, "BLS12_381" },
+#endif
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ printf("curve=%s\n", tbl[i].name);
+ int type = tbl[i].type;
+ bls::init(type);
+ if (type == MCL_BN254) {
+ testForBN254();
+ }
+ testAll();
+ hashTest(type);
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/bls/test/proj/bls_test/bls_test.vcxproj b/vendor/github.com/byzantine-lab/bls/test/proj/bls_test/bls_test.vcxproj
new file mode 100644
index 000000000..1755135fb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/bls/test/proj/bls_test/bls_test.vcxproj
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="14.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{51266DE6-B57B-4AE3-B85C-282F170E1728}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>fp_test</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <PlatformToolset>v140</PlatformToolset>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <PlatformToolset>v140</PlatformToolset>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>MultiByte</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="$(SolutionDir)common.props" />
+ <Import Project="$(SolutionDir)debug.props" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ <Import Project="$(SolutionDir)common.props" />
+ <Import Project="$(SolutionDir)release.props" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <PrecompiledHeader>
+ </PrecompiledHeader>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup>
+ <ClCompile Include="$(SolutionDir)test\\bls_test.cpp" />
+ </ItemGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/LICENSE b/vendor/github.com/byzantine-lab/dexon-consensus/LICENSE
new file mode 100644
index 000000000..0a041280b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/LICENSE
@@ -0,0 +1,165 @@
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 3, 29 June 2007
+
+ Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+
+ This version of the GNU Lesser General Public License incorporates
+the terms and conditions of version 3 of the GNU General Public
+License, supplemented by the additional permissions listed below.
+
+ 0. Additional Definitions.
+
+ As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the GNU
+General Public License.
+
+ "The Library" refers to a covered work governed by this License,
+other than an Application or a Combined Work as defined below.
+
+ An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+ A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+ The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+ The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+ 1. Exception to Section 3 of the GNU GPL.
+
+ You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+ 2. Conveying Modified Versions.
+
+ If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+ a) under this License, provided that you make a good faith effort to
+ ensure that, in the event an Application does not supply the
+ function or data, the facility still operates, and performs
+ whatever part of its purpose remains meaningful, or
+
+ b) under the GNU GPL, with none of the additional permissions of
+ this License applicable to that copy.
+
+ 3. Object Code Incorporating Material from Library Header Files.
+
+ The object code form of an Application may incorporate material from
+a header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+ a) Give prominent notice with each copy of the object code that the
+ Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the object code with a copy of the GNU GPL and this license
+ document.
+
+ 4. Combined Works.
+
+ You may convey a Combined Work under terms of your choice that,
+taken together, effectively do not restrict modification of the
+portions of the Library contained in the Combined Work and reverse
+engineering for debugging such modifications, if you also do each of
+the following:
+
+ a) Give prominent notice with each copy of the Combined Work that
+ the Library is used in it and that the Library and its use are
+ covered by this License.
+
+ b) Accompany the Combined Work with a copy of the GNU GPL and this license
+ document.
+
+ c) For a Combined Work that displays copyright notices during
+ execution, include the copyright notice for the Library among
+ these notices, as well as a reference directing the user to the
+ copies of the GNU GPL and this license document.
+
+ d) Do one of the following:
+
+ 0) Convey the Minimal Corresponding Source under the terms of this
+ License, and the Corresponding Application Code in a form
+ suitable for, and under terms that permit, the user to
+ recombine or relink the Application with a modified version of
+ the Linked Version to produce a modified Combined Work, in the
+ manner specified by section 6 of the GNU GPL for conveying
+ Corresponding Source.
+
+ 1) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (a) uses at run time
+ a copy of the Library already present on the user's computer
+ system, and (b) will operate properly with a modified version
+ of the Library that is interface-compatible with the Linked
+ Version.
+
+ e) Provide Installation Information, but only if you would otherwise
+ be required to provide such information under section 6 of the
+ GNU GPL, and only to the extent that such information is
+ necessary to install and execute a modified version of the
+ Combined Work produced by recombining or relinking the
+ Application with a modified version of the Linked Version. (If
+ you use option 4d0, the Installation Information must accompany
+ the Minimal Corresponding Source and Corresponding Application
+ Code. If you use option 4d1, you must provide the Installation
+ Information in the manner specified by section 6 of the GNU GPL
+ for conveying Corresponding Source.)
+
+ 5. Combined Libraries.
+
+ You may place library facilities that are a work based on the
+Library side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+ a) Accompany the combined library with a copy of the same work based
+ on the Library, uncombined with any other library facilities,
+ conveyed under the terms of this License.
+
+ b) Give prominent notice with the combined library that part of it
+ is a work based on the Library, and explaining where to find the
+ accompanying uncombined form of the same work.
+
+ 6. Revised Versions of the GNU Lesser General Public License.
+
+ The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Library as you received it specifies that a certain numbered version
+of the GNU Lesser General Public License "or any later version"
+applies to it, you have the option of following the terms and
+conditions either of that published version or of any later version
+published by the Free Software Foundation. If the Library as you
+received it does not specify a version number of the GNU Lesser
+General Public License, you may choose any version of the GNU Lesser
+General Public License ever published by the Free Software Foundation.
+
+ If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/common/event.go b/vendor/github.com/byzantine-lab/dexon-consensus/common/event.go
new file mode 100644
index 000000000..4e4e23bf3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/common/event.go
@@ -0,0 +1,101 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package common
+
+import (
+ "container/heap"
+ "sync"
+)
+
+type heightEventFn func(uint64)
+
+type heightEvent struct {
+ h uint64
+ fn heightEventFn
+}
+
+// heightEvents implements a Min-Heap structure.
+type heightEvents []heightEvent
+
+func (h heightEvents) Len() int { return len(h) }
+func (h heightEvents) Less(i, j int) bool { return h[i].h < h[j].h }
+func (h heightEvents) Swap(i, j int) { h[i], h[j] = h[j], h[i] }
+func (h *heightEvents) Push(x interface{}) {
+ *h = append(*h, x.(heightEvent))
+}
+func (h *heightEvents) Pop() interface{} {
+ old := *h
+ n := len(old)
+ x := old[n-1]
+ *h = old[0 : n-1]
+ return x
+}
+
+// Event implements the Observer pattern.
+type Event struct {
+ heightEvents heightEvents
+ heightEventsLock sync.Mutex
+}
+
+// NewEvent creates a new event instance.
+func NewEvent() *Event {
+ he := heightEvents{}
+ heap.Init(&he)
+ return &Event{
+ heightEvents: he,
+ }
+}
+
+// RegisterHeight to get notified on a specific height.
+func (e *Event) RegisterHeight(h uint64, fn heightEventFn) {
+ e.heightEventsLock.Lock()
+ defer e.heightEventsLock.Unlock()
+ heap.Push(&e.heightEvents, heightEvent{
+ h: h,
+ fn: fn,
+ })
+}
+
+// NotifyHeight and trigger function callback.
+func (e *Event) NotifyHeight(h uint64) {
+ fns := func() (fns []heightEventFn) {
+ e.heightEventsLock.Lock()
+ defer e.heightEventsLock.Unlock()
+ if len(e.heightEvents) == 0 {
+ return
+ }
+ for h >= e.heightEvents[0].h {
+ he := heap.Pop(&e.heightEvents).(heightEvent)
+ fns = append(fns, he.fn)
+ if len(e.heightEvents) == 0 {
+ return
+ }
+ }
+ return
+ }()
+ for _, fn := range fns {
+ fn(h)
+ }
+}
+
+// Reset clears all pending event
+func (e *Event) Reset() {
+ e.heightEventsLock.Lock()
+ defer e.heightEventsLock.Unlock()
+ e.heightEvents = heightEvents{}
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/common/logger.go b/vendor/github.com/byzantine-lab/dexon-consensus/common/logger.go
new file mode 100644
index 000000000..3328e939a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/common/logger.go
@@ -0,0 +1,134 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package common
+
+import "log"
+
+// Logger define the way to receive logs from Consensus instance.
+// NOTE: parameter in 'ctx' should be paired as key-value mapping. For example,
+// to log an error with message:
+// logger.Error("some message", "error", err)
+// which is similar to loggers with context:
+// logger.Error("some message", map[string]interface{}{
+// "error": err,
+// })
+type Logger interface {
+ // Info logs info level logs.
+ Trace(msg string, ctx ...interface{})
+ Debug(msg string, ctx ...interface{})
+ Info(msg string, ctx ...interface{})
+ Warn(msg string, ctx ...interface{})
+ Error(msg string, ctx ...interface{})
+}
+
+// NullLogger logs nothing.
+type NullLogger struct{}
+
+// Trace implements Logger interface.
+func (logger *NullLogger) Trace(msg string, ctx ...interface{}) {
+}
+
+// Debug implements Logger interface.
+func (logger *NullLogger) Debug(msg string, ctx ...interface{}) {
+}
+
+// Info implements Logger interface.
+func (logger *NullLogger) Info(msg string, ctx ...interface{}) {
+}
+
+// Warn implements Logger interface.
+func (logger *NullLogger) Warn(msg string, ctx ...interface{}) {
+}
+
+// Error implements Logger interface.
+func (logger *NullLogger) Error(msg string, ctx ...interface{}) {
+}
+
+// SimpleLogger logs everything.
+type SimpleLogger struct{}
+
+// composeVargs makes (msg, ctx...) could be pass to log.Println
+func composeVargs(msg string, ctxs []interface{}) []interface{} {
+ args := []interface{}{msg}
+ for _, c := range ctxs {
+ args = append(args, c)
+ }
+ return args
+}
+
+// Trace implements Logger interface.
+func (logger *SimpleLogger) Trace(msg string, ctx ...interface{}) {
+ log.Println(composeVargs(msg, ctx)...)
+}
+
+// Debug implements Logger interface.
+func (logger *SimpleLogger) Debug(msg string, ctx ...interface{}) {
+ log.Println(composeVargs(msg, ctx)...)
+}
+
+// Info implements Logger interface.
+func (logger *SimpleLogger) Info(msg string, ctx ...interface{}) {
+ log.Println(composeVargs(msg, ctx)...)
+}
+
+// Warn implements Logger interface.
+func (logger *SimpleLogger) Warn(msg string, ctx ...interface{}) {
+ log.Println(composeVargs(msg, ctx)...)
+}
+
+// Error implements Logger interface.
+func (logger *SimpleLogger) Error(msg string, ctx ...interface{}) {
+ log.Println(composeVargs(msg, ctx)...)
+}
+
+// CustomLogger logs everything.
+type CustomLogger struct {
+ logger *log.Logger
+}
+
+// NewCustomLogger creates a new custom logger.
+func NewCustomLogger(logger *log.Logger) *CustomLogger {
+ return &CustomLogger{
+ logger: logger,
+ }
+}
+
+// Trace implements Logger interface.
+func (logger *CustomLogger) Trace(msg string, ctx ...interface{}) {
+ logger.logger.Println(composeVargs(msg, ctx)...)
+}
+
+// Debug implements Logger interface.
+func (logger *CustomLogger) Debug(msg string, ctx ...interface{}) {
+ logger.logger.Println(composeVargs(msg, ctx)...)
+}
+
+// Info implements Logger interface.
+func (logger *CustomLogger) Info(msg string, ctx ...interface{}) {
+ logger.logger.Println(composeVargs(msg, ctx)...)
+}
+
+// Warn implements Logger interface.
+func (logger *CustomLogger) Warn(msg string, ctx ...interface{}) {
+ logger.logger.Println(composeVargs(msg, ctx)...)
+}
+
+// Error implements Logger interface.
+func (logger *CustomLogger) Error(msg string, ctx ...interface{}) {
+ logger.logger.Println(composeVargs(msg, ctx)...)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/common/types.go b/vendor/github.com/byzantine-lab/dexon-consensus/common/types.go
new file mode 100644
index 000000000..883492bf3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/common/types.go
@@ -0,0 +1,90 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package common
+
+import (
+ "bytes"
+ "encoding/hex"
+ "sort"
+ "time"
+)
+
+const (
+ // HashLength is the length of a hash in DEXON.
+ HashLength = 32
+)
+
+// Hash is the basic hash type in DEXON.
+type Hash [HashLength]byte
+
+func (h Hash) String() string {
+ return hex.EncodeToString([]byte(h[:]))
+}
+
+// Bytes return the hash as slice of bytes.
+func (h Hash) Bytes() []byte {
+ return h[:]
+}
+
+// Equal compares if two hashes are the same.
+func (h Hash) Equal(hp Hash) bool {
+ return h == hp
+}
+
+// Less compares if current hash is lesser.
+func (h Hash) Less(hp Hash) bool {
+ return bytes.Compare(h[:], hp[:]) < 0
+}
+
+// MarshalText implements the encoding.TextMarhsaler interface.
+func (h Hash) MarshalText() ([]byte, error) {
+ result := make([]byte, hex.EncodedLen(HashLength))
+ hex.Encode(result, h[:])
+ return result, nil
+}
+
+// UnmarshalText implements the encoding.TextUnmarshaler interface.
+func (h *Hash) UnmarshalText(text []byte) error {
+ _, err := hex.Decode(h[:], text)
+ return err
+}
+
+// Hashes is for sorting hashes.
+type Hashes []Hash
+
+func (hs Hashes) Len() int { return len(hs) }
+func (hs Hashes) Less(i, j int) bool { return hs[i].Less(hs[j]) }
+func (hs Hashes) Swap(i, j int) { hs[i], hs[j] = hs[j], hs[i] }
+
+// SortedHashes is a slice of hashes sorted in ascending order.
+type SortedHashes Hashes
+
+// NewSortedHashes converts a slice of hashes to a sorted one. It's a
+// firewall to prevent us from assigning unsorted hashes to a variable
+// declared as SortedHashes directly.
+func NewSortedHashes(hs Hashes) SortedHashes {
+ sort.Sort(hs)
+ return SortedHashes(hs)
+}
+
+// ByTime implements sort.Interface for time.Time.
+type ByTime []time.Time
+
+func (t ByTime) Len() int { return len(t) }
+func (t ByTime) Swap(i, j int) { t[i], t[j] = t[j], t[i] }
+func (t ByTime) Less(i, j int) bool { return t[i].Before(t[j]) }
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/common/utils.go b/vendor/github.com/byzantine-lab/dexon-consensus/common/utils.go
new file mode 100644
index 000000000..0e847900f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/common/utils.go
@@ -0,0 +1,41 @@
+package common
+
+import (
+ "math/rand"
+ "time"
+)
+
+var random *rand.Rand
+
+func init() {
+ random = rand.New(rand.NewSource(time.Now().Unix()))
+}
+
+// NewRandomHash returns a random Hash-like value.
+func NewRandomHash() Hash {
+ x := Hash{}
+ for i := 0; i < HashLength; i++ {
+ x[i] = byte(random.Int() % 256)
+ }
+ return x
+}
+
+// GenerateRandomBytes generates bytes randomly.
+func GenerateRandomBytes() []byte {
+ randomness := make([]byte, 32)
+ _, err := rand.Read(randomness)
+ if err != nil {
+ panic(err)
+ }
+ return randomness
+}
+
+// CopyBytes copies byte slice.
+func CopyBytes(src []byte) (dst []byte) {
+ if len(src) == 0 {
+ return
+ }
+ dst = make([]byte, len(src))
+ copy(dst, src)
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-mgr.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-mgr.go
new file mode 100644
index 000000000..cdbfadf13
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-mgr.go
@@ -0,0 +1,676 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "context"
+ "errors"
+ "math"
+ "sync"
+ "time"
+
+ lru "github.com/hashicorp/golang-lru"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors returned from BA modules
+var (
+ ErrPreviousRoundIsNotFinished = errors.New("previous round is not finished")
+ ErrRoundOutOfRange = errors.New("round out of range")
+ ErrInvalidBlock = errors.New("invalid block")
+ ErrNoValidLeader = errors.New("no valid leader")
+ ErrIncorrectCRSSignature = errors.New("incorrect CRS signature")
+ ErrBlockTooOld = errors.New("block too old")
+)
+
+const maxResultCache = 100
+const settingLimit = 3
+
+// genValidLeader generate a validLeader function for agreement modules.
+func genValidLeader(
+ mgr *agreementMgr) validLeaderFn {
+ return func(block *types.Block, crs common.Hash) (bool, error) {
+ if block.Timestamp.After(time.Now()) {
+ return false, nil
+ }
+ if block.Position.Round >= DKGDelayRound {
+ if mgr.recv.npks == nil {
+ return false, nil
+ }
+ if block.Position.Round > mgr.recv.npks.Round {
+ return false, nil
+ }
+ if block.Position.Round < mgr.recv.npks.Round {
+ return false, ErrBlockTooOld
+ }
+ }
+ if !utils.VerifyCRSSignature(block, crs, mgr.recv.npks) {
+ return false, ErrIncorrectCRSSignature
+ }
+ if err := mgr.bcModule.sanityCheck(block); err != nil {
+ if err == ErrRetrySanityCheckLater {
+ return false, nil
+ }
+ return false, err
+ }
+ mgr.logger.Debug("Calling Application.VerifyBlock", "block", block)
+ switch mgr.app.VerifyBlock(block) {
+ case types.VerifyInvalidBlock:
+ return false, ErrInvalidBlock
+ case types.VerifyRetryLater:
+ return false, nil
+ default:
+ }
+ return true, nil
+ }
+}
+
+type agreementMgrConfig struct {
+ utils.RoundBasedConfig
+
+ notarySetSize uint32
+ lambdaBA time.Duration
+ crs common.Hash
+}
+
+func (c *agreementMgrConfig) from(
+ round uint64, config *types.Config, crs common.Hash) {
+ c.notarySetSize = config.NotarySetSize
+ c.lambdaBA = config.LambdaBA
+ c.crs = crs
+ c.SetupRoundBasedFields(round, config)
+}
+
+func newAgreementMgrConfig(prev agreementMgrConfig, config *types.Config,
+ crs common.Hash) (c agreementMgrConfig) {
+ c = agreementMgrConfig{}
+ c.from(prev.RoundID()+1, config, crs)
+ c.AppendTo(prev.RoundBasedConfig)
+ return
+}
+
+type baRoundSetting struct {
+ round uint64
+ dkgSet map[types.NodeID]struct{}
+ threshold int
+ ticker Ticker
+ crs common.Hash
+}
+
+type agreementMgr struct {
+ // TODO(mission): unbound Consensus instance from this module.
+ con *Consensus
+ ID types.NodeID
+ app Application
+ gov Governance
+ network Network
+ logger common.Logger
+ cache *utils.NodeSetCache
+ signer *utils.Signer
+ bcModule *blockChain
+ ctx context.Context
+ configs []agreementMgrConfig
+ baModule *agreement
+ recv *consensusBAReceiver
+ processedBAResult map[types.Position]struct{}
+ voteFilter *utils.VoteFilter
+ settingCache *lru.Cache
+ curRoundSetting *baRoundSetting
+ waitGroup sync.WaitGroup
+ isRunning bool
+ lock sync.RWMutex
+}
+
+func newAgreementMgr(con *Consensus) (mgr *agreementMgr, err error) {
+ settingCache, _ := lru.New(settingLimit)
+ mgr = &agreementMgr{
+ con: con,
+ ID: con.ID,
+ app: con.app,
+ gov: con.gov,
+ network: con.network,
+ logger: con.logger,
+ cache: con.nodeSetCache,
+ signer: con.signer,
+ bcModule: con.bcModule,
+ ctx: con.ctx,
+ processedBAResult: make(map[types.Position]struct{}, maxResultCache),
+ voteFilter: utils.NewVoteFilter(),
+ settingCache: settingCache,
+ }
+ mgr.recv = &consensusBAReceiver{
+ consensus: con,
+ restartNotary: make(chan types.Position, 1),
+ }
+ return mgr, nil
+}
+
+func (mgr *agreementMgr) prepare() {
+ round := mgr.bcModule.tipRound()
+ agr := newAgreement(
+ mgr.ID,
+ mgr.recv,
+ newLeaderSelector(genValidLeader(mgr), mgr.logger),
+ mgr.signer,
+ mgr.logger)
+ setting := mgr.generateSetting(round)
+ if setting == nil {
+ mgr.logger.Warn("Unable to prepare init setting", "round", round)
+ return
+ }
+ mgr.curRoundSetting = setting
+ agr.notarySet = mgr.curRoundSetting.dkgSet
+ // Hacky way to make agreement module self contained.
+ mgr.recv.agreementModule = agr
+ mgr.baModule = agr
+ if round >= DKGDelayRound {
+ if _, exist := setting.dkgSet[mgr.ID]; exist {
+ mgr.logger.Debug("Preparing signer and npks.", "round", round)
+ npk, signer, err := mgr.con.cfgModule.getDKGInfo(round, false)
+ if err != nil {
+ mgr.logger.Error("Failed to prepare signer and npks.",
+ "round", round,
+ "error", err)
+ }
+ mgr.logger.Debug("Prepared signer and npks.",
+ "round", round, "signer", signer != nil, "npks", npk != nil)
+ }
+ }
+ return
+}
+
+func (mgr *agreementMgr) run() {
+ mgr.lock.Lock()
+ defer mgr.lock.Unlock()
+ if mgr.isRunning {
+ return
+ }
+ mgr.isRunning = true
+ mgr.waitGroup.Add(1)
+ go func() {
+ defer mgr.waitGroup.Done()
+ mgr.runBA(mgr.bcModule.tipRound())
+ }()
+}
+
+func (mgr *agreementMgr) calcLeader(
+ dkgSet map[types.NodeID]struct{},
+ crs common.Hash, pos types.Position) (
+ types.NodeID, error) {
+ nodeSet := types.NewNodeSetFromMap(dkgSet)
+ leader := nodeSet.GetSubSet(1, types.NewNodeLeaderTarget(
+ crs, pos.Height))
+ for nID := range leader {
+ return nID, nil
+ }
+ return types.NodeID{}, ErrNoValidLeader
+}
+
+func (mgr *agreementMgr) config(round uint64) *agreementMgrConfig {
+ mgr.lock.RLock()
+ defer mgr.lock.RUnlock()
+ if round < mgr.configs[0].RoundID() {
+ panic(ErrRoundOutOfRange)
+ }
+ roundIndex := round - mgr.configs[0].RoundID()
+ if roundIndex >= uint64(len(mgr.configs)) {
+ return nil
+ }
+ return &mgr.configs[roundIndex]
+}
+
+func (mgr *agreementMgr) notifyRoundEvents(evts []utils.RoundEventParam) error {
+ mgr.lock.Lock()
+ defer mgr.lock.Unlock()
+ apply := func(e utils.RoundEventParam) error {
+ if len(mgr.configs) > 0 {
+ lastCfg := mgr.configs[len(mgr.configs)-1]
+ if e.BeginHeight != lastCfg.RoundEndHeight() {
+ return ErrInvalidBlockHeight
+ }
+ if lastCfg.RoundID() == e.Round {
+ mgr.configs[len(mgr.configs)-1].ExtendLength()
+ } else if lastCfg.RoundID()+1 == e.Round {
+ mgr.configs = append(mgr.configs, newAgreementMgrConfig(
+ lastCfg, e.Config, e.CRS))
+ } else {
+ return ErrInvalidRoundID
+ }
+ } else {
+ c := agreementMgrConfig{}
+ c.from(e.Round, e.Config, e.CRS)
+ c.SetRoundBeginHeight(e.BeginHeight)
+ mgr.configs = append(mgr.configs, c)
+ }
+ return nil
+ }
+ for _, e := range evts {
+ if err := apply(e); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (mgr *agreementMgr) checkProposer(
+ round uint64, proposerID types.NodeID) error {
+ if round == mgr.curRoundSetting.round {
+ if _, exist := mgr.curRoundSetting.dkgSet[proposerID]; !exist {
+ return ErrNotInNotarySet
+ }
+ } else if round == mgr.curRoundSetting.round+1 {
+ setting := mgr.generateSetting(round)
+ if setting == nil {
+ return ErrConfigurationNotReady
+ }
+ if _, exist := setting.dkgSet[proposerID]; !exist {
+ return ErrNotInNotarySet
+ }
+ }
+ return nil
+}
+
+func (mgr *agreementMgr) processVote(v *types.Vote) (err error) {
+ if !mgr.recv.isNotary {
+ return nil
+ }
+ if mgr.voteFilter.Filter(v) {
+ return nil
+ }
+ if err := mgr.checkProposer(v.Position.Round, v.ProposerID); err != nil {
+ return err
+ }
+ if err = mgr.baModule.processVote(v); err == nil {
+ mgr.baModule.updateFilter(mgr.voteFilter)
+ mgr.voteFilter.AddVote(v)
+ }
+ if err == ErrSkipButNoError {
+ err = nil
+ }
+ return
+}
+
+func (mgr *agreementMgr) processBlock(b *types.Block) error {
+ if err := mgr.checkProposer(b.Position.Round, b.ProposerID); err != nil {
+ return err
+ }
+ return mgr.baModule.processBlock(b)
+}
+
+func (mgr *agreementMgr) touchAgreementResult(
+ result *types.AgreementResult) (first bool) {
+ // DO NOT LOCK THIS FUNCTION!!!!!!!! YOU WILL REGRET IT!!!!!
+ if _, exist := mgr.processedBAResult[result.Position]; !exist {
+ first = true
+ if len(mgr.processedBAResult) > maxResultCache {
+ for k := range mgr.processedBAResult {
+ // Randomly drop one element.
+ delete(mgr.processedBAResult, k)
+ break
+ }
+ }
+ mgr.processedBAResult[result.Position] = struct{}{}
+ }
+ return
+}
+
+func (mgr *agreementMgr) untouchAgreementResult(
+ result *types.AgreementResult) {
+ // DO NOT LOCK THIS FUNCTION!!!!!!!! YOU WILL REGRET IT!!!!!
+ delete(mgr.processedBAResult, result.Position)
+}
+
+func (mgr *agreementMgr) processAgreementResult(
+ result *types.AgreementResult) error {
+ aID := mgr.baModule.agreementID()
+ if isStop(aID) {
+ return nil
+ }
+ if result.Position == aID && !mgr.baModule.confirmed() {
+ mgr.logger.Info("Syncing BA", "position", result.Position)
+ if result.Position.Round >= DKGDelayRound {
+ return mgr.baModule.processAgreementResult(result)
+ }
+ for key := range result.Votes {
+ if err := mgr.baModule.processVote(&result.Votes[key]); err != nil {
+ return err
+ }
+ }
+ } else if result.Position.Newer(aID) {
+ mgr.logger.Info("Fast syncing BA", "position", result.Position)
+ if result.Position.Round < DKGDelayRound {
+ mgr.logger.Debug("Calling Network.PullBlocks for fast syncing BA",
+ "hash", result.BlockHash)
+ mgr.network.PullBlocks(common.Hashes{result.BlockHash})
+ for key := range result.Votes {
+ if err := mgr.baModule.processVote(&result.Votes[key]); err != nil {
+ return err
+ }
+ }
+ }
+ setting := mgr.generateSetting(result.Position.Round)
+ if setting == nil {
+ mgr.logger.Warn("unable to get setting", "round",
+ result.Position.Round)
+ return ErrConfigurationNotReady
+ }
+ mgr.curRoundSetting = setting
+ leader, err := mgr.calcLeader(setting.dkgSet, setting.crs, result.Position)
+ if err != nil {
+ return err
+ }
+ mgr.baModule.restart(
+ setting.dkgSet, setting.threshold,
+ result.Position, leader, setting.crs)
+ if result.Position.Round >= DKGDelayRound {
+ return mgr.baModule.processAgreementResult(result)
+ }
+ }
+ return nil
+}
+
+func (mgr *agreementMgr) processFinalizedBlock(block *types.Block) error {
+ aID := mgr.baModule.agreementID()
+ if block.Position.Older(aID) {
+ return nil
+ }
+ mgr.baModule.processFinalizedBlock(block)
+ return nil
+}
+
+func (mgr *agreementMgr) stop() {
+ // Stop all running agreement modules.
+ func() {
+ mgr.lock.Lock()
+ defer mgr.lock.Unlock()
+ mgr.baModule.stop()
+ }()
+ // Block until all routines are done.
+ mgr.waitGroup.Wait()
+}
+
+func (mgr *agreementMgr) generateSetting(round uint64) *baRoundSetting {
+ if setting, exist := mgr.settingCache.Get(round); exist {
+ return setting.(*baRoundSetting)
+ }
+ curConfig := mgr.config(round)
+ if curConfig == nil {
+ return nil
+ }
+ var dkgSet map[types.NodeID]struct{}
+ if round >= DKGDelayRound {
+ _, qualidifed, err := typesDKG.CalcQualifyNodes(
+ mgr.gov.DKGMasterPublicKeys(round),
+ mgr.gov.DKGComplaints(round),
+ utils.GetDKGThreshold(mgr.gov.Configuration(round)),
+ )
+ if err != nil {
+ mgr.logger.Error("Failed to get gpk", "round", round, "error", err)
+ return nil
+ }
+ dkgSet = qualidifed
+ }
+ if len(dkgSet) == 0 {
+ var err error
+ dkgSet, err = mgr.cache.GetNotarySet(round)
+ if err != nil {
+ mgr.logger.Error("Failed to get notarySet", "round", round, "error", err)
+ return nil
+ }
+ }
+ setting := &baRoundSetting{
+ crs: curConfig.crs,
+ dkgSet: dkgSet,
+ round: round,
+ threshold: utils.GetBAThreshold(&types.Config{
+ NotarySetSize: curConfig.notarySetSize}),
+ }
+ mgr.settingCache.Add(round, setting)
+ return setting
+}
+
+func (mgr *agreementMgr) runBA(initRound uint64) {
+ // These are round based variables.
+ var (
+ currentRound uint64
+ nextRound = initRound
+ curConfig = mgr.config(initRound)
+ setting = &baRoundSetting{}
+ tickDuration time.Duration
+ ticker Ticker
+ )
+
+ // Check if this routine needs to awake in this round and prepare essential
+ // variables when yes.
+ checkRound := func() (isDKG bool) {
+ defer func() {
+ currentRound = nextRound
+ nextRound++
+ }()
+ // Wait until the configuartion for next round is ready.
+ for {
+ if setting = mgr.generateSetting(nextRound); setting != nil {
+ break
+ } else {
+ mgr.logger.Debug("Round is not ready", "round", nextRound)
+ time.Sleep(1 * time.Second)
+ }
+ }
+ _, isDKG = setting.dkgSet[mgr.ID]
+ if isDKG {
+ mgr.logger.Info("Selected as dkg set",
+ "ID", mgr.ID,
+ "round", nextRound)
+ } else {
+ mgr.logger.Info("Not selected as dkg set",
+ "ID", mgr.ID,
+ "round", nextRound)
+ }
+ // Setup ticker
+ if tickDuration != curConfig.lambdaBA {
+ if ticker != nil {
+ ticker.Stop()
+ }
+ ticker = newTicker(mgr.gov, nextRound, TickerBA)
+ tickDuration = curConfig.lambdaBA
+ }
+ setting.ticker = ticker
+ return
+ }
+Loop:
+ for {
+ select {
+ case <-mgr.ctx.Done():
+ break Loop
+ default:
+ }
+ mgr.recv.isNotary = checkRound()
+ mgr.voteFilter = utils.NewVoteFilter()
+ mgr.voteFilter.Position.Round = currentRound
+ mgr.recv.emptyBlockHashMap = &sync.Map{}
+ if currentRound >= DKGDelayRound && mgr.recv.isNotary {
+ var err error
+ mgr.recv.npks, mgr.recv.psigSigner, err =
+ mgr.con.cfgModule.getDKGInfo(currentRound, false)
+ if err != nil {
+ mgr.logger.Warn("cannot get dkg info",
+ "round", currentRound, "error", err)
+ }
+ } else {
+ mgr.recv.npks = nil
+ mgr.recv.psigSigner = nil
+ }
+ // Run BA for this round.
+ mgr.recv.restartNotary <- types.Position{
+ Round: currentRound,
+ Height: math.MaxUint64,
+ }
+ if err := mgr.baRoutineForOneRound(setting); err != nil {
+ mgr.logger.Error("BA routine failed",
+ "error", err,
+ "nodeID", mgr.ID)
+ break Loop
+ }
+ }
+}
+
+func (mgr *agreementMgr) baRoutineForOneRound(
+ setting *baRoundSetting) (err error) {
+ agr := mgr.baModule
+ recv := mgr.recv
+ oldPos := agr.agreementID()
+ restart := func(restartPos types.Position) (breakLoop bool, err error) {
+ if !isStop(restartPos) {
+ if restartPos.Height+1 >= mgr.config(setting.round).RoundEndHeight() {
+ for {
+ select {
+ case <-mgr.ctx.Done():
+ break
+ default:
+ }
+ tipRound := mgr.bcModule.tipRound()
+ if tipRound > setting.round {
+ break
+ } else {
+ mgr.logger.Debug("Waiting blockChain to change round...",
+ "curRound", setting.round,
+ "tipRound", tipRound)
+ }
+ time.Sleep(100 * time.Millisecond)
+ }
+ // This round is finished.
+ breakLoop = true
+ return
+ }
+ if restartPos.Older(oldPos) {
+ // The restartNotary event is triggered by 'BlockConfirmed'
+ // of some older block.
+ return
+ }
+ }
+ var nextHeight uint64
+ var nextTime time.Time
+ for {
+ // Make sure we are stoppable.
+ select {
+ case <-mgr.ctx.Done():
+ breakLoop = true
+ return
+ default:
+ }
+ nextHeight, nextTime = mgr.bcModule.nextBlock()
+ if nextHeight != notReadyHeight {
+ if isStop(restartPos) {
+ break
+ }
+ if nextHeight > restartPos.Height {
+ break
+ }
+ }
+ mgr.logger.Debug("BlockChain not ready!!!",
+ "old", oldPos, "restart", restartPos, "next", nextHeight)
+ time.Sleep(100 * time.Millisecond)
+ }
+ nextPos := types.Position{
+ Round: setting.round,
+ Height: nextHeight,
+ }
+ oldPos = nextPos
+ var leader types.NodeID
+ leader, err = mgr.calcLeader(setting.dkgSet, setting.crs, nextPos)
+ if err != nil {
+ return
+ }
+ time.Sleep(nextTime.Sub(time.Now()))
+ setting.ticker.Restart()
+ agr.restart(setting.dkgSet, setting.threshold, nextPos, leader, setting.crs)
+ return
+ }
+Loop:
+ for {
+ select {
+ case <-mgr.ctx.Done():
+ break Loop
+ default:
+ }
+ if agr.confirmed() {
+ // Block until receive restartPos
+ select {
+ case restartPos := <-recv.restartNotary:
+ breakLoop, err := restart(restartPos)
+ if err != nil {
+ return err
+ }
+ if breakLoop {
+ break Loop
+ }
+ case <-mgr.ctx.Done():
+ break Loop
+ }
+ }
+ select {
+ case restartPos := <-recv.restartNotary:
+ breakLoop, err := restart(restartPos)
+ if err != nil {
+ return err
+ }
+ if breakLoop {
+ break Loop
+ }
+ default:
+ }
+ if !mgr.recv.isNotary {
+ select {
+ case <-setting.ticker.Tick():
+ continue Loop
+ case <-mgr.ctx.Done():
+ break Loop
+ }
+ }
+ if err = agr.nextState(); err != nil {
+ mgr.logger.Error("Failed to proceed to next state",
+ "nodeID", mgr.ID.String(),
+ "error", err)
+ break Loop
+ }
+ if agr.pullVotes() {
+ pos := agr.agreementID()
+ mgr.logger.Debug("Calling Network.PullVotes for syncing votes",
+ "position", pos)
+ mgr.network.PullVotes(pos)
+ }
+ for i := 0; i < agr.clocks(); i++ {
+ // Priority select for agreement.done().
+ select {
+ case <-agr.done():
+ continue Loop
+ default:
+ }
+ select {
+ case <-agr.done():
+ continue Loop
+ case <-setting.ticker.Tick():
+ }
+ }
+ }
+ return nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-state.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-state.go
new file mode 100644
index 000000000..fc2b6f3d5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement-state.go
@@ -0,0 +1,213 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+// Errors for agreement state module.
+var (
+ ErrNoEnoughVoteInPrepareState = fmt.Errorf("no enough vote in prepare state")
+ ErrNoEnoughVoteInAckState = fmt.Errorf("no enough vote in ack state")
+)
+
+// agreementStateType is the state of agreement
+type agreementStateType int
+
+// agreementStateType enum.
+const (
+ stateFast agreementStateType = iota
+ stateFastVote
+ stateInitial
+ statePreCommit
+ stateCommit
+ stateForward
+ statePullVote
+ stateSleep
+)
+
+type agreementState interface {
+ state() agreementStateType
+ nextState() (agreementState, error)
+ clocks() int
+}
+
+//----- FastState -----
+type fastState struct {
+ a *agreementData
+}
+
+func newFastState(a *agreementData) *fastState {
+ return &fastState{a: a}
+}
+
+func (s *fastState) state() agreementStateType { return stateFast }
+func (s *fastState) clocks() int { return 0 }
+func (s *fastState) nextState() (agreementState, error) {
+ if func() bool {
+ s.a.lock.Lock()
+ defer s.a.lock.Unlock()
+ return s.a.isLeader
+ }() {
+ hash := s.a.recv.ProposeBlock()
+ if hash != types.NullBlockHash {
+ s.a.lock.Lock()
+ defer s.a.lock.Unlock()
+ s.a.recv.ProposeVote(types.NewVote(types.VoteFast, hash, s.a.period))
+ }
+ }
+ return newFastVoteState(s.a), nil
+}
+
+//----- FastVoteState -----
+type fastVoteState struct {
+ a *agreementData
+}
+
+func newFastVoteState(a *agreementData) *fastVoteState {
+ return &fastVoteState{a: a}
+}
+
+func (s *fastVoteState) state() agreementStateType { return stateFastVote }
+func (s *fastVoteState) clocks() int { return 3 }
+func (s *fastVoteState) nextState() (agreementState, error) {
+ return newInitialState(s.a), nil
+}
+
+//----- InitialState -----
+type initialState struct {
+ a *agreementData
+}
+
+func newInitialState(a *agreementData) *initialState {
+ return &initialState{a: a}
+}
+
+func (s *initialState) state() agreementStateType { return stateInitial }
+func (s *initialState) clocks() int { return 0 }
+func (s *initialState) nextState() (agreementState, error) {
+ if func() bool {
+ s.a.lock.Lock()
+ defer s.a.lock.Unlock()
+ return !s.a.isLeader
+ }() {
+ // Leader already proposed block in fastState.
+ hash := s.a.recv.ProposeBlock()
+ s.a.lock.Lock()
+ defer s.a.lock.Unlock()
+ s.a.recv.ProposeVote(types.NewVote(types.VoteInit, hash, s.a.period))
+ }
+ return newPreCommitState(s.a), nil
+}
+
+//----- PreCommitState -----
+type preCommitState struct {
+ a *agreementData
+}
+
+func newPreCommitState(a *agreementData) *preCommitState {
+ return &preCommitState{a: a}
+}
+
+func (s *preCommitState) state() agreementStateType { return statePreCommit }
+func (s *preCommitState) clocks() int { return 2 }
+func (s *preCommitState) nextState() (agreementState, error) {
+ s.a.lock.RLock()
+ defer s.a.lock.RUnlock()
+ if s.a.lockValue == types.SkipBlockHash ||
+ s.a.lockValue == types.NullBlockHash {
+ hash := s.a.leader.leaderBlockHash()
+ s.a.recv.ProposeVote(types.NewVote(types.VotePreCom, hash, s.a.period))
+ } else {
+ s.a.recv.ProposeVote(types.NewVote(
+ types.VotePreCom, s.a.lockValue, s.a.period))
+ }
+ return newCommitState(s.a), nil
+}
+
+//----- CommitState -----
+type commitState struct {
+ a *agreementData
+}
+
+func newCommitState(a *agreementData) *commitState {
+ return &commitState{a: a}
+}
+
+func (s *commitState) state() agreementStateType { return stateCommit }
+func (s *commitState) clocks() int { return 2 }
+func (s *commitState) nextState() (agreementState, error) {
+ s.a.lock.Lock()
+ defer s.a.lock.Unlock()
+ s.a.recv.ProposeVote(types.NewVote(types.VoteCom, s.a.lockValue, s.a.period))
+ return newForwardState(s.a), nil
+}
+
+// ----- ForwardState -----
+type forwardState struct {
+ a *agreementData
+}
+
+func newForwardState(a *agreementData) *forwardState {
+ return &forwardState{a: a}
+}
+
+func (s *forwardState) state() agreementStateType { return stateForward }
+func (s *forwardState) clocks() int { return 4 }
+
+func (s *forwardState) nextState() (agreementState, error) {
+ return newPullVoteState(s.a), nil
+}
+
+// ----- PullVoteState -----
+// pullVoteState is a special state to ensure the assumption in the consensus
+// algorithm that every vote will eventually arrive for all nodes.
+type pullVoteState struct {
+ a *agreementData
+}
+
+func newPullVoteState(a *agreementData) *pullVoteState {
+ return &pullVoteState{a: a}
+}
+
+func (s *pullVoteState) state() agreementStateType { return statePullVote }
+func (s *pullVoteState) clocks() int { return 4 }
+
+func (s *pullVoteState) nextState() (agreementState, error) {
+ return s, nil
+}
+
+// ----- SleepState -----
+// sleepState is a special state after BA has output and waits for restart.
+type sleepState struct {
+ a *agreementData
+}
+
+func newSleepState(a *agreementData) *sleepState {
+ return &sleepState{a: a}
+}
+
+func (s *sleepState) state() agreementStateType { return stateSleep }
+func (s *sleepState) clocks() int { return 65536 }
+
+func (s *sleepState) nextState() (agreementState, error) {
+ return s, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement.go
new file mode 100644
index 000000000..bad6afa2b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/agreement.go
@@ -0,0 +1,797 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "fmt"
+ "math"
+ "sync"
+ "sync/atomic"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// closedchan is a reusable closed channel.
+var closedchan = make(chan struct{})
+
+func init() {
+ close(closedchan)
+}
+
+// Errors for agreement module.
+var (
+ ErrInvalidVote = fmt.Errorf("invalid vote")
+ ErrNotInNotarySet = fmt.Errorf("not in notary set")
+ ErrIncorrectVoteSignature = fmt.Errorf("incorrect vote signature")
+ ErrIncorrectVotePartialSignature = fmt.Errorf("incorrect vote psig")
+ ErrMismatchBlockPosition = fmt.Errorf("mismatch block position")
+)
+
+// ErrFork for fork error in agreement.
+type ErrFork struct {
+ nID types.NodeID
+ old, new common.Hash
+}
+
+func (e *ErrFork) Error() string {
+ return fmt.Sprintf("fork is found for %s, old %s, new %s",
+ e.nID.String(), e.old, e.new)
+}
+
+// ErrForkVote for fork vote error in agreement.
+type ErrForkVote struct {
+ nID types.NodeID
+ old, new *types.Vote
+}
+
+func (e *ErrForkVote) Error() string {
+ return fmt.Sprintf("fork vote is found for %s, old %s, new %s",
+ e.nID.String(), e.old, e.new)
+}
+
+func newVoteListMap() []map[types.NodeID]*types.Vote {
+ listMap := make([]map[types.NodeID]*types.Vote, types.MaxVoteType)
+ for idx := range listMap {
+ listMap[idx] = make(map[types.NodeID]*types.Vote)
+ }
+ return listMap
+}
+
+// agreementReceiver is the interface receiving agreement event.
+type agreementReceiver interface {
+ ProposeVote(vote *types.Vote)
+ ProposeBlock() common.Hash
+ // ConfirmBlock is called with lock hold. User can safely use all data within
+ // agreement module.
+ ConfirmBlock(common.Hash, map[types.NodeID]*types.Vote)
+ PullBlocks(common.Hashes)
+ ReportForkVote(v1, v2 *types.Vote)
+ ReportForkBlock(b1, b2 *types.Block)
+ VerifyPartialSignature(vote *types.Vote) (bool, bool)
+}
+
+type pendingBlock struct {
+ block *types.Block
+ receivedTime time.Time
+}
+
+type pendingVote struct {
+ vote *types.Vote
+ receivedTime time.Time
+}
+
+// agreementData is the data for agreementState.
+type agreementData struct {
+ recv agreementReceiver
+
+ ID types.NodeID
+ isLeader bool
+ leader *leaderSelector
+ lockValue common.Hash
+ lockIter uint64
+ period uint64
+ requiredVote int
+ votes map[uint64][]map[types.NodeID]*types.Vote
+ lock sync.RWMutex
+ blocks map[types.NodeID]*types.Block
+ blocksLock sync.Mutex
+}
+
+// agreement is the agreement protocal describe in the Crypto Shuffle Algorithm.
+type agreement struct {
+ state agreementState
+ data *agreementData
+ aID *atomic.Value
+ doneChan chan struct{}
+ notarySet map[types.NodeID]struct{}
+ hasVoteFast bool
+ hasOutput bool
+ lock sync.RWMutex
+ pendingBlock []pendingBlock
+ pendingVote []pendingVote
+ pendingAgreementResult map[types.Position]*types.AgreementResult
+ candidateBlock map[common.Hash]*types.Block
+ fastForward chan uint64
+ signer *utils.Signer
+ logger common.Logger
+}
+
+// newAgreement creates a agreement instance.
+func newAgreement(
+ ID types.NodeID,
+ recv agreementReceiver,
+ leader *leaderSelector,
+ signer *utils.Signer,
+ logger common.Logger) *agreement {
+ agreement := &agreement{
+ data: &agreementData{
+ recv: recv,
+ ID: ID,
+ leader: leader,
+ },
+ aID: &atomic.Value{},
+ pendingAgreementResult: make(map[types.Position]*types.AgreementResult),
+ candidateBlock: make(map[common.Hash]*types.Block),
+ fastForward: make(chan uint64, 1),
+ signer: signer,
+ logger: logger,
+ }
+ agreement.stop()
+ return agreement
+}
+
+// restart the agreement
+func (a *agreement) restart(
+ notarySet map[types.NodeID]struct{},
+ threshold int, aID types.Position, leader types.NodeID,
+ crs common.Hash) {
+ if !func() bool {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ if !isStop(aID) {
+ oldAID := a.agreementID()
+ if !isStop(oldAID) && !aID.Newer(oldAID) {
+ return false
+ }
+ }
+ a.logger.Debug("Restarting BA",
+ "notarySet", notarySet, "position", aID, "leader", leader)
+ a.data.lock.Lock()
+ defer a.data.lock.Unlock()
+ a.data.blocksLock.Lock()
+ defer a.data.blocksLock.Unlock()
+ a.data.votes = make(map[uint64][]map[types.NodeID]*types.Vote)
+ a.data.votes[1] = newVoteListMap()
+ a.data.period = 2
+ a.data.blocks = make(map[types.NodeID]*types.Block)
+ a.data.requiredVote = threshold
+ a.data.leader.restart(crs)
+ a.data.lockValue = types.SkipBlockHash
+ a.data.lockIter = 0
+ a.data.isLeader = a.data.ID == leader
+ if a.doneChan != nil {
+ close(a.doneChan)
+ }
+ a.doneChan = make(chan struct{})
+ a.fastForward = make(chan uint64, 1)
+ a.hasVoteFast = false
+ a.hasOutput = false
+ a.state = newFastState(a.data)
+ a.notarySet = notarySet
+ a.candidateBlock = make(map[common.Hash]*types.Block)
+ a.aID.Store(struct {
+ pos types.Position
+ leader types.NodeID
+ }{aID, leader})
+ return true
+ }() {
+ return
+ }
+
+ if isStop(aID) {
+ return
+ }
+
+ var result *types.AgreementResult
+ func() {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ newPendingAgreementResult := make(
+ map[types.Position]*types.AgreementResult)
+ for pos, agr := range a.pendingAgreementResult {
+ if pos.Newer(aID) {
+ newPendingAgreementResult[pos] = agr
+ } else if pos == aID {
+ result = agr
+ }
+ }
+ a.pendingAgreementResult = newPendingAgreementResult
+ }()
+
+ expireTime := time.Now().Add(-10 * time.Second)
+ replayBlock := make([]*types.Block, 0)
+ func() {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ newPendingBlock := make([]pendingBlock, 0)
+ for _, pending := range a.pendingBlock {
+ if aID.Newer(pending.block.Position) {
+ continue
+ } else if pending.block.Position == aID {
+ if result == nil ||
+ result.Position.Round < DKGDelayRound ||
+ result.BlockHash == pending.block.Hash {
+ replayBlock = append(replayBlock, pending.block)
+ }
+ } else if pending.receivedTime.After(expireTime) {
+ newPendingBlock = append(newPendingBlock, pending)
+ }
+ }
+ a.pendingBlock = newPendingBlock
+ }()
+
+ replayVote := make([]*types.Vote, 0)
+ func() {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ newPendingVote := make([]pendingVote, 0)
+ for _, pending := range a.pendingVote {
+ if aID.Newer(pending.vote.Position) {
+ continue
+ } else if pending.vote.Position == aID {
+ if result == nil || result.Position.Round < DKGDelayRound {
+ replayVote = append(replayVote, pending.vote)
+ }
+ } else if pending.receivedTime.After(expireTime) {
+ newPendingVote = append(newPendingVote, pending)
+ }
+ }
+ a.pendingVote = newPendingVote
+ }()
+
+ for _, block := range replayBlock {
+ if err := a.processBlock(block); err != nil {
+ a.logger.Error("Failed to process block when restarting agreement",
+ "block", block)
+ }
+ }
+
+ if result != nil {
+ if err := a.processAgreementResult(result); err != nil {
+ a.logger.Error("Failed to process agreement result when retarting",
+ "result", result)
+ }
+ }
+
+ for _, vote := range replayVote {
+ if err := a.processVote(vote); err != nil {
+ a.logger.Error("Failed to process vote when restarting agreement",
+ "vote", vote)
+ }
+ }
+}
+
+func (a *agreement) stop() {
+ a.restart(make(map[types.NodeID]struct{}), int(math.MaxInt32),
+ types.Position{
+ Height: math.MaxUint64,
+ },
+ types.NodeID{}, common.Hash{})
+}
+
+func isStop(aID types.Position) bool {
+ return aID.Height == math.MaxUint64
+}
+
+// clocks returns how many time this state is required.
+func (a *agreement) clocks() int {
+ a.data.lock.RLock()
+ defer a.data.lock.RUnlock()
+ scale := int(a.data.period) - 1
+ if a.state.state() == stateForward {
+ scale = 1
+ }
+ if scale < 1 {
+ // just in case.
+ scale = 1
+ }
+ // 10 is a magic number derived from many years of experience.
+ if scale > 10 {
+ scale = 10
+ }
+ return a.state.clocks() * scale
+}
+
+// pullVotes returns if current agreement requires more votes to continue.
+func (a *agreement) pullVotes() bool {
+ a.data.lock.RLock()
+ defer a.data.lock.RUnlock()
+ return a.state.state() == statePullVote ||
+ a.state.state() == stateInitial ||
+ (a.state.state() == statePreCommit && (a.data.period%3) == 0)
+}
+
+// agreementID returns the current agreementID.
+func (a *agreement) agreementID() types.Position {
+ return a.aID.Load().(struct {
+ pos types.Position
+ leader types.NodeID
+ }).pos
+}
+
+// leader returns the current leader.
+func (a *agreement) leader() types.NodeID {
+ return a.aID.Load().(struct {
+ pos types.Position
+ leader types.NodeID
+ }).leader
+}
+
+// nextState is called at the specific clock time.
+func (a *agreement) nextState() (err error) {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ if a.hasOutput {
+ a.state = newSleepState(a.data)
+ return
+ }
+ a.state, err = a.state.nextState()
+ return
+}
+
+func (a *agreement) sanityCheck(vote *types.Vote) error {
+ if vote.Type >= types.MaxVoteType {
+ return ErrInvalidVote
+ }
+ ok, err := utils.VerifyVoteSignature(vote)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectVoteSignature
+ }
+ if vote.Position.Round != a.agreementID().Round {
+ // TODO(jimmy): maybe we can verify partial signature at agreement-mgr.
+ return nil
+ }
+ if ok, report := a.data.recv.VerifyPartialSignature(vote); !ok {
+ if report {
+ return ErrIncorrectVotePartialSignature
+ }
+ return ErrSkipButNoError
+ }
+ return nil
+}
+
+func (a *agreement) checkForkVote(vote *types.Vote) (
+ alreadyExist bool, err error) {
+ a.data.lock.RLock()
+ defer a.data.lock.RUnlock()
+ if votes, exist := a.data.votes[vote.Period]; exist {
+ if oldVote, exist := votes[vote.Type][vote.ProposerID]; exist {
+ alreadyExist = true
+ if vote.BlockHash != oldVote.BlockHash {
+ a.data.recv.ReportForkVote(oldVote, vote)
+ err = &ErrForkVote{vote.ProposerID, oldVote, vote}
+ return
+ }
+ }
+ }
+ return
+}
+
+// prepareVote prepares a vote.
+func (a *agreement) prepareVote(vote *types.Vote) (err error) {
+ vote.Position = a.agreementID()
+ err = a.signer.SignVote(vote)
+ return
+}
+
+func (a *agreement) updateFilter(filter *utils.VoteFilter) {
+ if isStop(a.agreementID()) {
+ return
+ }
+ a.lock.RLock()
+ defer a.lock.RUnlock()
+ a.data.lock.RLock()
+ defer a.data.lock.RUnlock()
+ filter.Confirm = a.hasOutput
+ filter.LockIter = a.data.lockIter
+ filter.Period = a.data.period
+ filter.Position.Height = a.agreementID().Height
+}
+
+// processVote is the entry point for processing Vote.
+func (a *agreement) processVote(vote *types.Vote) error {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ if err := a.sanityCheck(vote); err != nil {
+ return err
+ }
+ aID := a.agreementID()
+
+ // Agreement module has stopped.
+ if isStop(aID) {
+ // Hacky way to not drop first votes when round just begins.
+ if vote.Position.Round == aID.Round {
+ a.pendingVote = append(a.pendingVote, pendingVote{
+ vote: vote,
+ receivedTime: time.Now().UTC(),
+ })
+ return nil
+ }
+ return ErrSkipButNoError
+ }
+ if vote.Position != aID {
+ if aID.Newer(vote.Position) {
+ return nil
+ }
+ a.pendingVote = append(a.pendingVote, pendingVote{
+ vote: vote,
+ receivedTime: time.Now().UTC(),
+ })
+ return nil
+ }
+ exist, err := a.checkForkVote(vote)
+ if err != nil {
+ return err
+ }
+ if exist {
+ return nil
+ }
+
+ a.data.lock.Lock()
+ defer a.data.lock.Unlock()
+ if _, exist := a.data.votes[vote.Period]; !exist {
+ a.data.votes[vote.Period] = newVoteListMap()
+ }
+ if _, exist := a.data.votes[vote.Period][vote.Type][vote.ProposerID]; exist {
+ return nil
+ }
+ a.data.votes[vote.Period][vote.Type][vote.ProposerID] = vote
+ if !a.hasOutput &&
+ (vote.Type == types.VoteCom ||
+ vote.Type == types.VoteFast ||
+ vote.Type == types.VoteFastCom) {
+ if hash, ok := a.data.countVoteNoLock(vote.Period, vote.Type); ok &&
+ hash != types.SkipBlockHash {
+ if vote.Type == types.VoteFast {
+ if !a.hasVoteFast {
+ if a.state.state() == stateFast ||
+ a.state.state() == stateFastVote {
+ a.data.recv.ProposeVote(
+ types.NewVote(types.VoteFastCom, hash, vote.Period))
+ a.hasVoteFast = true
+
+ }
+ if a.data.lockIter == 0 {
+ a.data.lockValue = hash
+ a.data.lockIter = 1
+ }
+ }
+ } else {
+ a.hasOutput = true
+ a.data.recv.ConfirmBlock(hash,
+ a.data.votes[vote.Period][vote.Type])
+ if a.doneChan != nil {
+ close(a.doneChan)
+ a.doneChan = nil
+ }
+ }
+ return nil
+ }
+ } else if a.hasOutput {
+ return nil
+ }
+
+ // Check if the agreement requires fast-forwarding.
+ if len(a.fastForward) > 0 {
+ return nil
+ }
+ if vote.Type == types.VotePreCom {
+ if vote.Period < a.data.lockIter {
+ // This PreCom is useless for us.
+ return nil
+ }
+ if hash, ok := a.data.countVoteNoLock(vote.Period, vote.Type); ok &&
+ hash != types.SkipBlockHash {
+ // Condition 1.
+ if vote.Period > a.data.lockIter {
+ a.data.lockValue = hash
+ a.data.lockIter = vote.Period
+ }
+ // Condition 2.
+ if vote.Period > a.data.period {
+ a.fastForward <- vote.Period
+ if a.doneChan != nil {
+ close(a.doneChan)
+ a.doneChan = nil
+ }
+ return nil
+ }
+ }
+ }
+ // Condition 3.
+ if vote.Type == types.VoteCom && vote.Period >= a.data.period &&
+ len(a.data.votes[vote.Period][types.VoteCom]) >= a.data.requiredVote {
+ hashes := common.Hashes{}
+ addPullBlocks := func(voteType types.VoteType) {
+ for _, vote := range a.data.votes[vote.Period][voteType] {
+ if vote.BlockHash == types.NullBlockHash ||
+ vote.BlockHash == types.SkipBlockHash {
+ continue
+ }
+ if _, found := a.findCandidateBlockNoLock(vote.BlockHash); !found {
+ hashes = append(hashes, vote.BlockHash)
+ }
+ }
+ }
+ addPullBlocks(types.VotePreCom)
+ addPullBlocks(types.VoteCom)
+ if len(hashes) > 0 {
+ a.data.recv.PullBlocks(hashes)
+ }
+ a.fastForward <- vote.Period + 1
+ if a.doneChan != nil {
+ close(a.doneChan)
+ a.doneChan = nil
+ }
+ return nil
+ }
+ return nil
+}
+
+func (a *agreement) processFinalizedBlock(block *types.Block) {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ if a.hasOutput {
+ return
+ }
+ aID := a.agreementID()
+ if aID.Older(block.Position) {
+ return
+ }
+ a.addCandidateBlockNoLock(block)
+ a.hasOutput = true
+ a.data.lock.Lock()
+ defer a.data.lock.Unlock()
+ a.data.recv.ConfirmBlock(block.Hash, nil)
+ if a.doneChan != nil {
+ close(a.doneChan)
+ a.doneChan = nil
+ }
+}
+
+func (a *agreement) processAgreementResult(result *types.AgreementResult) error {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ aID := a.agreementID()
+ if result.Position.Older(aID) {
+ return nil
+ } else if result.Position.Newer(aID) {
+ a.pendingAgreementResult[result.Position] = result
+ return nil
+ }
+ if a.hasOutput {
+ return nil
+ }
+ a.data.lock.Lock()
+ defer a.data.lock.Unlock()
+ if _, exist := a.findCandidateBlockNoLock(result.BlockHash); !exist {
+ a.data.recv.PullBlocks(common.Hashes{result.BlockHash})
+ }
+ a.hasOutput = true
+ a.data.recv.ConfirmBlock(result.BlockHash, nil)
+ if a.doneChan != nil {
+ close(a.doneChan)
+ a.doneChan = nil
+ }
+ return nil
+}
+
+func (a *agreement) done() <-chan struct{} {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ select {
+ case period := <-a.fastForward:
+ a.data.lock.Lock()
+ defer a.data.lock.Unlock()
+ if period <= a.data.period {
+ break
+ }
+ a.data.setPeriod(period)
+ a.state = newPreCommitState(a.data)
+ a.doneChan = make(chan struct{})
+ return closedchan
+ default:
+ }
+ if a.doneChan == nil {
+ return closedchan
+ }
+ return a.doneChan
+}
+
+func (a *agreement) confirmed() bool {
+ a.lock.RLock()
+ defer a.lock.RUnlock()
+ return a.confirmedNoLock()
+}
+
+func (a *agreement) confirmedNoLock() bool {
+ return a.hasOutput
+}
+
+// processBlock is the entry point for processing Block.
+func (a *agreement) processBlock(block *types.Block) error {
+ checkSkip := func() bool {
+ aID := a.agreementID()
+ if block.Position != aID {
+ // Agreement module has stopped.
+ if !isStop(aID) {
+ if aID.Newer(block.Position) {
+ return true
+ }
+ }
+ }
+ return false
+ }
+ if checkSkip() {
+ return nil
+ }
+ if err := utils.VerifyBlockSignature(block); err != nil {
+ return err
+ }
+
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ a.data.blocksLock.Lock()
+ defer a.data.blocksLock.Unlock()
+ aID := a.agreementID()
+ // a.agreementID might change during lock, so we need to checkSkip again.
+ if checkSkip() {
+ return nil
+ } else if aID != block.Position {
+ a.pendingBlock = append(a.pendingBlock, pendingBlock{
+ block: block,
+ receivedTime: time.Now().UTC(),
+ })
+ return nil
+ } else if a.confirmedNoLock() {
+ return nil
+ }
+ if b, exist := a.data.blocks[block.ProposerID]; exist {
+ if b.Hash != block.Hash {
+ a.data.recv.ReportForkBlock(b, block)
+ return &ErrFork{block.ProposerID, b.Hash, block.Hash}
+ }
+ return nil
+ }
+ if err := a.data.leader.processBlock(block); err != nil {
+ return err
+ }
+ a.data.blocks[block.ProposerID] = block
+ a.addCandidateBlockNoLock(block)
+ if block.ProposerID != a.data.ID &&
+ (a.state.state() == stateFast || a.state.state() == stateFastVote) &&
+ block.ProposerID == a.leader() {
+ go func() {
+ for func() bool {
+ if aID != a.agreementID() {
+ return false
+ }
+ a.lock.RLock()
+ defer a.lock.RUnlock()
+ if a.state.state() != stateFast && a.state.state() != stateFastVote {
+ return false
+ }
+ a.data.lock.RLock()
+ defer a.data.lock.RUnlock()
+ a.data.blocksLock.Lock()
+ defer a.data.blocksLock.Unlock()
+ block, exist := a.data.blocks[a.leader()]
+ if !exist {
+ return true
+ }
+ ok, err := a.data.leader.validLeader(block, a.data.leader.hashCRS)
+ if err != nil {
+ fmt.Println("Error checking validLeader for Fast BA",
+ "error", err, "block", block)
+ return false
+ }
+ if ok {
+ a.data.recv.ProposeVote(
+ types.NewVote(types.VoteFast, block.Hash, a.data.period))
+ return false
+ }
+ return true
+ }() {
+ // TODO(jimmy): retry interval should be related to configurations.
+ time.Sleep(250 * time.Millisecond)
+ }
+ }()
+ }
+ return nil
+}
+
+func (a *agreement) addCandidateBlock(block *types.Block) {
+ a.lock.Lock()
+ defer a.lock.Unlock()
+ a.addCandidateBlockNoLock(block)
+}
+
+func (a *agreement) addCandidateBlockNoLock(block *types.Block) {
+ a.candidateBlock[block.Hash] = block
+}
+
+func (a *agreement) findCandidateBlockNoLock(
+ hash common.Hash) (*types.Block, bool) {
+ b, e := a.candidateBlock[hash]
+ return b, e
+}
+
+// find a block in both candidate blocks and pending blocks in leader-selector.
+// A block might be confirmed by others while we can't verify its validity.
+func (a *agreement) findBlockNoLock(hash common.Hash) (*types.Block, bool) {
+ b, e := a.findCandidateBlockNoLock(hash)
+ if !e {
+ b, e = a.data.leader.findPendingBlock(hash)
+ }
+ return b, e
+}
+
+func (a *agreementData) countVote(period uint64, voteType types.VoteType) (
+ blockHash common.Hash, ok bool) {
+ a.lock.RLock()
+ defer a.lock.RUnlock()
+ return a.countVoteNoLock(period, voteType)
+}
+
+func (a *agreementData) countVoteNoLock(
+ period uint64, voteType types.VoteType) (blockHash common.Hash, ok bool) {
+ votes, exist := a.votes[period]
+ if !exist {
+ return
+ }
+ candidate := make(map[common.Hash]int)
+ for _, vote := range votes[voteType] {
+ if _, exist := candidate[vote.BlockHash]; !exist {
+ candidate[vote.BlockHash] = 0
+ }
+ candidate[vote.BlockHash]++
+ }
+ for candidateHash, votes := range candidate {
+ if votes >= a.requiredVote {
+ blockHash = candidateHash
+ ok = true
+ return
+ }
+ }
+ return
+}
+
+func (a *agreementData) setPeriod(period uint64) {
+ for i := a.period + 1; i <= period; i++ {
+ if _, exist := a.votes[i]; !exist {
+ a.votes[i] = newVoteListMap()
+ }
+ }
+ a.period = period
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/blockchain.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockchain.go
new file mode 100644
index 000000000..579ccd44c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockchain.go
@@ -0,0 +1,681 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "math"
+ "sort"
+ "sync"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors for sanity check error.
+var (
+ ErrBlockFromOlderPosition = errors.New("block from older position")
+ ErrNotGenesisBlock = errors.New("not a genesis block")
+ ErrIsGenesisBlock = errors.New("is a genesis block")
+ ErrIncorrectParentHash = errors.New("incorrect parent hash")
+ ErrInvalidBlockHeight = errors.New("invalid block height")
+ ErrInvalidRoundID = errors.New("invalid round id")
+ ErrInvalidTimestamp = errors.New("invalid timestamp")
+ ErrNotFollowTipPosition = errors.New("not follow tip position")
+ ErrDuplicatedPendingBlock = errors.New("duplicated pending block")
+ ErrRetrySanityCheckLater = errors.New("retry sanity check later")
+ ErrRoundNotSwitch = errors.New("round not switch")
+ ErrIncorrectAgreementResult = errors.New(
+ "incorrect block randomness result")
+ ErrMissingRandomness = errors.New("missing block randomness")
+)
+
+const notReadyHeight uint64 = math.MaxUint64
+
+type pendingBlockRecord struct {
+ position types.Position
+ block *types.Block
+}
+
+type pendingBlockRecords []pendingBlockRecord
+
+func (pb *pendingBlockRecords) insert(p pendingBlockRecord) error {
+ idx := sort.Search(len(*pb), func(i int) bool {
+ return !(*pb)[i].position.Older(p.position)
+ })
+ switch idx {
+ case len(*pb):
+ *pb = append(*pb, p)
+ default:
+ if (*pb)[idx].position.Equal(p.position) {
+ // Allow to overwrite pending block record for empty blocks, we may
+ // need to pull that block from others when its parent is not found
+ // locally.
+ if (*pb)[idx].block == nil && p.block != nil {
+ (*pb)[idx].block = p.block
+ return nil
+ }
+ return ErrDuplicatedPendingBlock
+ }
+ // Insert the value to that index.
+ *pb = append((*pb), pendingBlockRecord{})
+ copy((*pb)[idx+1:], (*pb)[idx:])
+ (*pb)[idx] = p
+ }
+ return nil
+}
+
+func (pb pendingBlockRecords) searchByHeight(h uint64) (
+ pendingBlockRecord, bool) {
+ idx := sort.Search(len(pb), func(i int) bool {
+ return pb[i].position.Height >= h
+ })
+ if idx == len(pb) || pb[idx].position.Height != h {
+ return pendingBlockRecord{}, false
+ }
+ return pb[idx], true
+}
+
+func (pb pendingBlockRecords) searchByPosition(p types.Position) (
+ pendingBlockRecord, bool) {
+ idx := sort.Search(len(pb), func(i int) bool {
+ return !pb[i].block.Position.Older(p)
+ })
+ if idx == len(pb) || !pb[idx].position.Equal(p) {
+ return pendingBlockRecord{}, false
+ }
+ return pb[idx], true
+}
+
+type blockChainConfig struct {
+ utils.RoundBasedConfig
+
+ minBlockInterval time.Duration
+}
+
+func (c *blockChainConfig) fromConfig(round uint64, config *types.Config) {
+ c.minBlockInterval = config.MinBlockInterval
+ c.SetupRoundBasedFields(round, config)
+}
+
+func newBlockChainConfig(prev blockChainConfig, config *types.Config) (
+ c blockChainConfig) {
+ c = blockChainConfig{}
+ c.fromConfig(prev.RoundID()+1, config)
+ c.AppendTo(prev.RoundBasedConfig)
+ return
+}
+
+type tsigVerifierGetter interface {
+ UpdateAndGet(uint64) (TSigVerifier, bool, error)
+ Purge(uint64)
+}
+
+type blockChain struct {
+ lock sync.RWMutex
+ ID types.NodeID
+ lastConfirmed *types.Block
+ lastDelivered *types.Block
+ signer *utils.Signer
+ vGetter tsigVerifierGetter
+ app Application
+ logger common.Logger
+ pendingRandomnesses map[types.Position][]byte
+ configs []blockChainConfig
+ pendingBlocks pendingBlockRecords
+ confirmedBlocks types.BlocksByPosition
+ dMoment time.Time
+
+ // Do not access this variable besides processAgreementResult.
+ lastPosition types.Position
+}
+
+func newBlockChain(nID types.NodeID, dMoment time.Time, initBlock *types.Block,
+ app Application, vGetter tsigVerifierGetter, signer *utils.Signer,
+ logger common.Logger) *blockChain {
+ return &blockChain{
+ ID: nID,
+ lastConfirmed: initBlock,
+ lastDelivered: initBlock,
+ signer: signer,
+ vGetter: vGetter,
+ app: app,
+ logger: logger,
+ dMoment: dMoment,
+ pendingRandomnesses: make(
+ map[types.Position][]byte),
+ }
+}
+
+func (bc *blockChain) notifyRoundEvents(evts []utils.RoundEventParam) error {
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ apply := func(e utils.RoundEventParam) error {
+ if len(bc.configs) > 0 {
+ lastCfg := bc.configs[len(bc.configs)-1]
+ if e.BeginHeight != lastCfg.RoundEndHeight() {
+ return ErrInvalidBlockHeight
+ }
+ if lastCfg.RoundID() == e.Round {
+ bc.configs[len(bc.configs)-1].ExtendLength()
+ } else if lastCfg.RoundID()+1 == e.Round {
+ bc.configs = append(bc.configs, newBlockChainConfig(
+ lastCfg, e.Config))
+ } else {
+ return ErrInvalidRoundID
+ }
+ } else {
+ c := blockChainConfig{}
+ c.fromConfig(e.Round, e.Config)
+ c.SetRoundBeginHeight(e.BeginHeight)
+ if bc.lastConfirmed == nil {
+ if c.RoundID() != 0 {
+ panic(fmt.Errorf(
+ "genesis config should from round 0, but %d",
+ c.RoundID()))
+ }
+ } else {
+ if c.RoundID() != bc.lastConfirmed.Position.Round {
+ panic(fmt.Errorf("incompatible config/block round %s %d",
+ bc.lastConfirmed, c.RoundID()))
+ }
+ if !c.Contains(bc.lastConfirmed.Position.Height) {
+ panic(fmt.Errorf(
+ "unmatched round-event with block %s %d %d %d",
+ bc.lastConfirmed, e.Round, e.Reset, e.BeginHeight))
+ }
+ }
+ bc.configs = append(bc.configs, c)
+ }
+ return nil
+ }
+ for _, e := range evts {
+ if err := apply(e); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
+func (bc *blockChain) proposeBlock(position types.Position,
+ proposeTime time.Time, isEmpty bool) (b *types.Block, err error) {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ return bc.prepareBlock(position, proposeTime, isEmpty)
+}
+
+func (bc *blockChain) extractBlocks() (ret []*types.Block) {
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ for len(bc.confirmedBlocks) > 0 {
+ c := bc.confirmedBlocks[0]
+ if c.Position.Round >= DKGDelayRound &&
+ len(c.Randomness) == 0 &&
+ !bc.setRandomnessFromPending(c) {
+ break
+ }
+ c, bc.confirmedBlocks = bc.confirmedBlocks[0], bc.confirmedBlocks[1:]
+ ret = append(ret, c)
+ bc.lastDelivered = c
+ }
+ return
+}
+
+func (bc *blockChain) sanityCheck(b *types.Block) error {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ if bc.lastConfirmed == nil {
+ // It should be a genesis block.
+ if !b.IsGenesis() {
+ return ErrNotGenesisBlock
+ }
+ if b.Timestamp.Before(bc.dMoment.Add(bc.configs[0].minBlockInterval)) {
+ return ErrInvalidTimestamp
+ }
+ return nil
+ }
+ if b.IsGenesis() {
+ return ErrIsGenesisBlock
+ }
+ if b.Position.Height != bc.lastConfirmed.Position.Height+1 {
+ if b.Position.Height > bc.lastConfirmed.Position.Height {
+ return ErrRetrySanityCheckLater
+ }
+ return ErrInvalidBlockHeight
+ }
+ tipConfig := bc.tipConfig()
+ if tipConfig.IsLastBlock(bc.lastConfirmed) {
+ if b.Position.Round != bc.lastConfirmed.Position.Round+1 {
+ return ErrRoundNotSwitch
+ }
+ } else {
+ if b.Position.Round != bc.lastConfirmed.Position.Round {
+ return ErrInvalidRoundID
+ }
+ }
+ if !b.ParentHash.Equal(bc.lastConfirmed.Hash) {
+ return ErrIncorrectParentHash
+ }
+ if b.Timestamp.Before(bc.lastConfirmed.Timestamp.Add(
+ tipConfig.minBlockInterval)) {
+ return ErrInvalidTimestamp
+ }
+ if err := utils.VerifyBlockSignature(b); err != nil {
+ return err
+ }
+ return nil
+}
+
+// addEmptyBlock is called when an empty block is confirmed by BA.
+func (bc *blockChain) addEmptyBlock(position types.Position) (
+ *types.Block, error) {
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ add := func() *types.Block {
+ emptyB, err := bc.prepareBlock(position, time.Time{}, true)
+ if err != nil || emptyB == nil {
+ // This helper is expected to be called when an empty block is ready
+ // to be confirmed.
+ panic(err)
+ }
+ bc.confirmBlock(emptyB)
+ bc.checkIfBlocksConfirmed()
+ return emptyB
+ }
+ if bc.lastConfirmed != nil {
+ if !position.Newer(bc.lastConfirmed.Position) {
+ bc.logger.Warn("Dropping empty block: older than tip",
+ "position", &position,
+ "last-confirmed", bc.lastConfirmed)
+ return nil, ErrBlockFromOlderPosition
+ }
+ if bc.lastConfirmed.Position.Height+1 == position.Height {
+ return add(), nil
+ }
+ } else if position.Height == types.GenesisHeight && position.Round == 0 {
+ return add(), nil
+ } else {
+ return nil, ErrInvalidBlockHeight
+ }
+ return nil, bc.addPendingBlockRecord(pendingBlockRecord{position, nil})
+}
+
+// addBlock should be called when the block is confirmed by BA, we won't perform
+// sanity check against this block, it's ok to add block with skipping height.
+func (bc *blockChain) addBlock(b *types.Block) error {
+ if b.Position.Round >= DKGDelayRound &&
+ len(b.Randomness) == 0 &&
+ !bc.setRandomnessFromPending(b) {
+ return ErrMissingRandomness
+ }
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ confirmed := false
+ if bc.lastConfirmed != nil {
+ if !b.Position.Newer(bc.lastConfirmed.Position) {
+ bc.logger.Warn("Dropping block: older than tip",
+ "block", b, "last-confirmed", bc.lastConfirmed)
+ return nil
+ }
+ if bc.lastConfirmed.Position.Height+1 == b.Position.Height {
+ confirmed = true
+ }
+ } else if b.IsGenesis() {
+ confirmed = true
+ }
+ delete(bc.pendingRandomnesses, b.Position)
+ if !confirmed {
+ return bc.addPendingBlockRecord(pendingBlockRecord{b.Position, b})
+ }
+ bc.confirmBlock(b)
+ bc.checkIfBlocksConfirmed()
+ return nil
+}
+
+func (bc *blockChain) tipRound() uint64 {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ if bc.lastConfirmed == nil {
+ return 0
+ }
+ offset, tipConfig := uint64(0), bc.tipConfig()
+ if tipConfig.IsLastBlock(bc.lastConfirmed) {
+ offset++
+ }
+ return bc.lastConfirmed.Position.Round + offset
+}
+
+func (bc *blockChain) confirmed(h uint64) bool {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ if bc.lastConfirmed != nil && bc.lastConfirmed.Position.Height >= h {
+ return true
+ }
+ r, found := bc.pendingBlocks.searchByHeight(h)
+ if !found {
+ return false
+ }
+ return r.block != nil
+}
+
+func (bc *blockChain) nextBlock() (uint64, time.Time) {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ // It's ok to access tip config directly without checking the existence of
+ // lastConfirmed block in the scenario of "nextBlock" method.
+ tip, config := bc.lastConfirmed, bc.configs[0]
+ if tip == nil {
+ return types.GenesisHeight, bc.dMoment
+ }
+ if tip != bc.lastDelivered {
+ // If tip is not delivered, we should not proceed to next block.
+ return notReadyHeight, time.Time{}
+ }
+ return tip.Position.Height + 1, tip.Timestamp.Add(config.minBlockInterval)
+}
+
+func (bc *blockChain) pendingBlocksWithoutRandomness() []*types.Block {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ blocks := make([]*types.Block, 0)
+ for _, b := range bc.confirmedBlocks {
+ if b.Position.Round < DKGDelayRound ||
+ len(b.Randomness) > 0 ||
+ bc.setRandomnessFromPending(b) {
+ continue
+ }
+ blocks = append(blocks, b)
+ }
+ for _, r := range bc.pendingBlocks {
+ if r.position.Round < DKGDelayRound {
+ continue
+ }
+ if r.block != nil &&
+ len(r.block.Randomness) == 0 &&
+ !bc.setRandomnessFromPending(r.block) {
+ blocks = append(blocks, r.block)
+ }
+ }
+ return blocks
+}
+
+func (bc *blockChain) lastDeliveredBlock() *types.Block {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ return bc.lastDelivered
+}
+
+func (bc *blockChain) lastPendingBlock() *types.Block {
+ bc.lock.RLock()
+ defer bc.lock.RUnlock()
+ if len(bc.confirmedBlocks) == 0 {
+ return nil
+ }
+ return bc.confirmedBlocks[0]
+}
+
+/////////////////////////////////////////////
+//
+// internal helpers
+//
+/////////////////////////////////////////////
+
+// findPendingBlock is a helper to find a block in either pending or confirmed
+// state by position.
+func (bc *blockChain) findPendingBlock(p types.Position) *types.Block {
+ if idx := sort.Search(len(bc.confirmedBlocks), func(i int) bool {
+ return !bc.confirmedBlocks[i].Position.Older(p)
+ }); idx != len(bc.confirmedBlocks) &&
+ bc.confirmedBlocks[idx].Position.Equal(p) {
+ return bc.confirmedBlocks[idx]
+ }
+ pendingRec, _ := bc.pendingBlocks.searchByPosition(p)
+ return pendingRec.block
+}
+
+func (bc *blockChain) addPendingBlockRecord(p pendingBlockRecord) error {
+ if err := bc.pendingBlocks.insert(p); err != nil {
+ if err == ErrDuplicatedPendingBlock {
+ // We need to ignore this error because BA might confirm duplicated
+ // blocks in position.
+ err = nil
+ }
+ return err
+ }
+ return nil
+}
+
+func (bc *blockChain) checkIfBlocksConfirmed() {
+ var err error
+ for len(bc.pendingBlocks) > 0 {
+ if bc.pendingBlocks[0].position.Height <
+ bc.lastConfirmed.Position.Height+1 {
+ panic(fmt.Errorf("unexpected case %s %s", bc.lastConfirmed,
+ bc.pendingBlocks[0].position))
+ }
+ if bc.pendingBlocks[0].position.Height >
+ bc.lastConfirmed.Position.Height+1 {
+ break
+ }
+ var pending pendingBlockRecord
+ pending, bc.pendingBlocks = bc.pendingBlocks[0], bc.pendingBlocks[1:]
+ nextTip := pending.block
+ if nextTip == nil {
+ if nextTip, err = bc.prepareBlock(
+ pending.position, time.Time{}, true); err != nil {
+ // It should not be error when prepare empty block for correct
+ // position.
+ panic(err)
+ }
+ }
+ bc.confirmBlock(nextTip)
+ }
+}
+
+func (bc *blockChain) purgeConfig() {
+ for bc.configs[0].RoundID() < bc.lastConfirmed.Position.Round {
+ bc.configs = bc.configs[1:]
+ }
+ if bc.configs[0].RoundID() != bc.lastConfirmed.Position.Round {
+ panic(fmt.Errorf("mismatched tip config: %d %d",
+ bc.configs[0].RoundID(), bc.lastConfirmed.Position.Round))
+ }
+}
+
+func (bc *blockChain) verifyRandomness(
+ blockHash common.Hash, round uint64, randomness []byte) (bool, error) {
+ if round < DKGDelayRound {
+ return bytes.Compare(randomness, NoRand) == 0, nil
+ }
+ v, ok, err := bc.vGetter.UpdateAndGet(round)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, ErrTSigNotReady
+ }
+ return v.VerifySignature(blockHash, crypto.Signature{
+ Type: "bls",
+ Signature: randomness}), nil
+}
+
+func (bc *blockChain) prepareBlock(position types.Position,
+ proposeTime time.Time, empty bool) (b *types.Block, err error) {
+ b = &types.Block{Position: position, Timestamp: proposeTime}
+ tip := bc.lastConfirmed
+ // Make sure we can propose a block at expected position for callers.
+ if tip == nil {
+ if bc.configs[0].RoundID() != uint64(0) {
+ panic(fmt.Errorf(
+ "Genesis config should be ready when preparing genesis: %d",
+ bc.configs[0].RoundID()))
+ }
+ // It should be the case for genesis block.
+ if !position.Equal(types.Position{Height: types.GenesisHeight}) {
+ b, err = nil, ErrNotGenesisBlock
+ return
+ }
+ minExpectedTime := bc.dMoment.Add(bc.configs[0].minBlockInterval)
+ if empty {
+ b.Timestamp = minExpectedTime
+ } else {
+ bc.logger.Debug("Calling genesis Application.PreparePayload")
+ if b.Payload, err = bc.app.PreparePayload(b.Position); err != nil {
+ b = nil
+ return
+ }
+ bc.logger.Debug("Calling genesis Application.PrepareWitness")
+ if b.Witness, err = bc.app.PrepareWitness(0); err != nil {
+ b = nil
+ return
+ }
+ if proposeTime.Before(minExpectedTime) {
+ b.Timestamp = minExpectedTime
+ }
+ }
+ } else {
+ tipConfig := bc.tipConfig()
+ if tip.Position.Height+1 != position.Height {
+ b, err = nil, ErrNotFollowTipPosition
+ return
+ }
+ if tipConfig.IsLastBlock(tip) {
+ if tip.Position.Round+1 != position.Round {
+ b, err = nil, ErrRoundNotSwitch
+ return
+ }
+ } else {
+ if tip.Position.Round != position.Round {
+ b, err = nil, ErrInvalidRoundID
+ return
+ }
+ }
+ minExpectedTime := tip.Timestamp.Add(bc.configs[0].minBlockInterval)
+ b.ParentHash = tip.Hash
+ if !empty {
+ bc.logger.Debug("Calling Application.PreparePayload",
+ "position", b.Position)
+ if b.Payload, err = bc.app.PreparePayload(b.Position); err != nil {
+ b = nil
+ return
+ }
+ bc.logger.Debug("Calling Application.PrepareWitness",
+ "height", tip.Witness.Height)
+ if b.Witness, err = bc.app.PrepareWitness(
+ tip.Witness.Height); err != nil {
+ b = nil
+ return
+ }
+ if b.Timestamp.Before(minExpectedTime) {
+ b.Timestamp = minExpectedTime
+ }
+ } else {
+ b.Witness.Height = tip.Witness.Height
+ b.Witness.Data = make([]byte, len(tip.Witness.Data))
+ copy(b.Witness.Data, tip.Witness.Data)
+ b.Timestamp = minExpectedTime
+ }
+ }
+ if empty {
+ if b.Hash, err = utils.HashBlock(b); err != nil {
+ b = nil
+ return
+ }
+ } else {
+ if err = bc.signer.SignBlock(b); err != nil {
+ b = nil
+ return
+ }
+ }
+ return
+}
+
+func (bc *blockChain) tipConfig() blockChainConfig {
+ if bc.lastConfirmed == nil {
+ panic(fmt.Errorf("attempting to access config without tip"))
+ }
+ if bc.lastConfirmed.Position.Round != bc.configs[0].RoundID() {
+ panic(fmt.Errorf("inconsist config and tip: %d %d",
+ bc.lastConfirmed.Position.Round, bc.configs[0].RoundID()))
+ }
+ return bc.configs[0]
+}
+
+func (bc *blockChain) confirmBlock(b *types.Block) {
+ if bc.lastConfirmed != nil &&
+ bc.lastConfirmed.Position.Height+1 != b.Position.Height {
+ panic(fmt.Errorf("confirmed blocks not continuous in height: %s %s",
+ bc.lastConfirmed, b))
+ }
+ bc.logger.Debug("Calling Application.BlockConfirmed", "block", b)
+ bc.app.BlockConfirmed(*b)
+ bc.lastConfirmed = b
+ bc.confirmedBlocks = append(bc.confirmedBlocks, b)
+ bc.purgeConfig()
+}
+
+func (bc *blockChain) setRandomnessFromPending(b *types.Block) bool {
+ if r, exist := bc.pendingRandomnesses[b.Position]; exist {
+ b.Randomness = r
+ delete(bc.pendingRandomnesses, b.Position)
+ return true
+ }
+ return false
+}
+
+func (bc *blockChain) processAgreementResult(result *types.AgreementResult) error {
+ if result.Position.Round < DKGDelayRound {
+ return nil
+ }
+ if !result.Position.Newer(bc.lastPosition) {
+ return ErrSkipButNoError
+ }
+ ok, err := bc.verifyRandomness(
+ result.BlockHash, result.Position.Round, result.Randomness)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectAgreementResult
+ }
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ if !result.Position.Newer(bc.lastDelivered.Position) {
+ return nil
+ }
+ bc.pendingRandomnesses[result.Position] = result.Randomness
+ bc.lastPosition = bc.lastDelivered.Position
+ return nil
+}
+
+func (bc *blockChain) addBlockRandomness(pos types.Position, rand []byte) {
+ if pos.Round < DKGDelayRound {
+ return
+ }
+ bc.lock.Lock()
+ defer bc.lock.Unlock()
+ if !pos.Newer(bc.lastDelivered.Position) {
+ return
+ }
+ bc.pendingRandomnesses[pos] = rand
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/interfaces.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/interfaces.go
new file mode 100644
index 000000000..c85630775
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/interfaces.go
@@ -0,0 +1,70 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package blockdb
+
+import (
+ "errors"
+ "fmt"
+
+ "github.com/dexon-foundation/dexon-consensus/common"
+ "github.com/dexon-foundation/dexon-consensus/core/types"
+)
+
+var (
+ // ErrBlockExists is the error when block eixsts.
+ ErrBlockExists = errors.New("block exists")
+ // ErrBlockDoesNotExist is the error when block does not eixst.
+ ErrBlockDoesNotExist = errors.New("block does not exist")
+ // ErrIterationFinished is the error to check if the iteration is finished.
+ ErrIterationFinished = errors.New("iteration finished")
+ // ErrEmptyPath is the error when the required path is empty.
+ ErrEmptyPath = fmt.Errorf("empty path")
+ // ErrClosed is the error when using DB after it's closed.
+ ErrClosed = fmt.Errorf("db closed")
+ // ErrNotImplemented is the error that some interface is not implemented.
+ ErrNotImplemented = fmt.Errorf("not implemented")
+)
+
+// BlockDatabase is the interface for a BlockDatabase.
+type BlockDatabase interface {
+ Reader
+ Writer
+
+ // Close allows database implementation able to
+ // release resource when finishing.
+ Close() error
+}
+
+// Reader defines the interface for reading blocks into DB.
+type Reader interface {
+ Has(hash common.Hash) bool
+ Get(hash common.Hash) (types.Block, error)
+ GetAll() (BlockIterator, error)
+}
+
+// Writer defines the interface for writing blocks into DB.
+type Writer interface {
+ Update(block types.Block) error
+ Put(block types.Block) error
+}
+
+// BlockIterator defines an iterator on blocks hold
+// in a DB.
+type BlockIterator interface {
+ Next() (types.Block, error)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/level-db.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/level-db.go
new file mode 100644
index 000000000..76730fc9c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/level-db.go
@@ -0,0 +1,127 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package blockdb
+
+import (
+ "encoding/json"
+
+ "github.com/syndtr/goleveldb/leveldb"
+
+ "github.com/dexon-foundation/dexon-consensus/common"
+ "github.com/dexon-foundation/dexon-consensus/core/types"
+)
+
+// LevelDBBackedBlockDB is a leveldb backed BlockDB implementation.
+type LevelDBBackedBlockDB struct {
+ db *leveldb.DB
+}
+
+// NewLevelDBBackedBlockDB initialize a leveldb-backed block database.
+func NewLevelDBBackedBlockDB(
+ path string) (lvl *LevelDBBackedBlockDB, err error) {
+
+ db, err := leveldb.OpenFile(path, nil)
+ if err != nil {
+ return
+ }
+ lvl = &LevelDBBackedBlockDB{db: db}
+ return
+}
+
+// Close implement Closer interface, which would release allocated resource.
+func (lvl *LevelDBBackedBlockDB) Close() error {
+ return lvl.db.Close()
+}
+
+// Has implements the Reader.Has method.
+func (lvl *LevelDBBackedBlockDB) Has(hash common.Hash) bool {
+ exists, err := lvl.db.Has([]byte(hash[:]), nil)
+ if err != nil {
+ // TODO(missionliao): Modify the interface to return error.
+ panic(err)
+ }
+ return exists
+}
+
+// Get implements the Reader.Get method.
+func (lvl *LevelDBBackedBlockDB) Get(
+ hash common.Hash) (block types.Block, err error) {
+
+ queried, err := lvl.db.Get([]byte(hash[:]), nil)
+ if err != nil {
+ if err == leveldb.ErrNotFound {
+ err = ErrBlockDoesNotExist
+ }
+ return
+ }
+ err = json.Unmarshal(queried, &block)
+ if err != nil {
+ return
+ }
+ return
+}
+
+// Update implements the Writer.Update method.
+func (lvl *LevelDBBackedBlockDB) Update(block types.Block) (err error) {
+ // NOTE: we didn't handle changes of block hash (and it
+ // should not happen).
+ marshaled, err := json.Marshal(&block)
+ if err != nil {
+ return
+ }
+
+ if !lvl.Has(block.Hash) {
+ err = ErrBlockDoesNotExist
+ return
+ }
+ err = lvl.db.Put(
+ []byte(block.Hash[:]),
+ marshaled,
+ nil)
+ if err != nil {
+ return
+ }
+ return
+}
+
+// Put implements the Writer.Put method.
+func (lvl *LevelDBBackedBlockDB) Put(block types.Block) (err error) {
+ marshaled, err := json.Marshal(&block)
+ if err != nil {
+ return
+ }
+ if lvl.Has(block.Hash) {
+ err = ErrBlockExists
+ return
+ }
+ err = lvl.db.Put(
+ []byte(block.Hash[:]),
+ marshaled,
+ nil)
+ if err != nil {
+ return
+ }
+ return
+}
+
+// GetAll implements Reader.GetAll method, which allows callers
+// to retrieve all blocks in DB.
+func (lvl *LevelDBBackedBlockDB) GetAll() (BlockIterator, error) {
+ // TODO (mission): Implement this part via goleveldb's iterator.
+ return nil, ErrNotImplemented
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/memory.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/memory.go
new file mode 100644
index 000000000..b45af229b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/blockdb/memory.go
@@ -0,0 +1,183 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package blockdb
+
+import (
+ "encoding/json"
+ "io/ioutil"
+ "os"
+ "sync"
+
+ "github.com/dexon-foundation/dexon-consensus/common"
+ "github.com/dexon-foundation/dexon-consensus/core/types"
+)
+
+type seqIterator struct {
+ idx int
+ db *MemBackedBlockDB
+}
+
+func (seq *seqIterator) Next() (types.Block, error) {
+ curIdx := seq.idx
+ seq.idx++
+ return seq.db.getByIndex(curIdx)
+}
+
+// MemBackedBlockDB is a memory backed BlockDB implementation.
+type MemBackedBlockDB struct {
+ blocksMutex sync.RWMutex
+ blockHashSequence common.Hashes
+ blocksByHash map[common.Hash]*types.Block
+ persistantFilePath string
+}
+
+// NewMemBackedBlockDB initialize a memory-backed block database.
+func NewMemBackedBlockDB(persistantFilePath ...string) (db *MemBackedBlockDB, err error) {
+ db = &MemBackedBlockDB{
+ blockHashSequence: common.Hashes{},
+ blocksByHash: make(map[common.Hash]*types.Block),
+ }
+ if len(persistantFilePath) == 0 || len(persistantFilePath[0]) == 0 {
+ return
+ }
+ db.persistantFilePath = persistantFilePath[0]
+ buf, err := ioutil.ReadFile(db.persistantFilePath)
+ if err != nil {
+ if !os.IsNotExist(err) {
+ // Something unexpected happened.
+ return
+ }
+ // It's expected behavior that file doesn't exists, we should not
+ // report error on it.
+ err = nil
+ return
+ }
+
+ // Init this instance by file content, it's a temporary way
+ // to export those private field for JSON encoding.
+ toLoad := struct {
+ Sequence common.Hashes
+ ByHash map[common.Hash]*types.Block
+ }{}
+ err = json.Unmarshal(buf, &toLoad)
+ if err != nil {
+ return
+ }
+ db.blockHashSequence = toLoad.Sequence
+ db.blocksByHash = toLoad.ByHash
+ return
+}
+
+// Has returns wheter or not the DB has a block identified with the hash.
+func (m *MemBackedBlockDB) Has(hash common.Hash) bool {
+ m.blocksMutex.RLock()
+ defer m.blocksMutex.RUnlock()
+
+ _, ok := m.blocksByHash[hash]
+ return ok
+}
+
+// Get returns a block given a hash.
+func (m *MemBackedBlockDB) Get(hash common.Hash) (types.Block, error) {
+ m.blocksMutex.RLock()
+ defer m.blocksMutex.RUnlock()
+
+ return m.internalGet(hash)
+}
+
+func (m *MemBackedBlockDB) internalGet(hash common.Hash) (types.Block, error) {
+ b, ok := m.blocksByHash[hash]
+ if !ok {
+ return types.Block{}, ErrBlockDoesNotExist
+ }
+ return *b, nil
+}
+
+// Put inserts a new block into the database.
+func (m *MemBackedBlockDB) Put(block types.Block) error {
+ if m.Has(block.Hash) {
+ return ErrBlockExists
+ }
+
+ m.blocksMutex.Lock()
+ defer m.blocksMutex.Unlock()
+
+ m.blockHashSequence = append(m.blockHashSequence, block.Hash)
+ m.blocksByHash[block.Hash] = &block
+ return nil
+}
+
+// Update updates a block in the database.
+func (m *MemBackedBlockDB) Update(block types.Block) error {
+ if !m.Has(block.Hash) {
+ return ErrBlockDoesNotExist
+ }
+
+ m.blocksMutex.Lock()
+ defer m.blocksMutex.Unlock()
+
+ m.blocksByHash[block.Hash] = &block
+ return nil
+}
+
+// Close implement Closer interface, which would release allocated resource.
+func (m *MemBackedBlockDB) Close() (err error) {
+ // Save internal state to a pretty-print json file. It's a temporary way
+ // to dump private file via JSON encoding.
+ if len(m.persistantFilePath) == 0 {
+ return
+ }
+
+ m.blocksMutex.RLock()
+ defer m.blocksMutex.RUnlock()
+
+ toDump := struct {
+ Sequence common.Hashes
+ ByHash map[common.Hash]*types.Block
+ }{
+ Sequence: m.blockHashSequence,
+ ByHash: m.blocksByHash,
+ }
+
+ // Dump to JSON with 2-space indent.
+ buf, err := json.Marshal(&toDump)
+ if err != nil {
+ return
+ }
+
+ err = ioutil.WriteFile(m.persistantFilePath, buf, 0644)
+ return
+}
+
+func (m *MemBackedBlockDB) getByIndex(idx int) (types.Block, error) {
+ m.blocksMutex.RLock()
+ defer m.blocksMutex.RUnlock()
+
+ if idx >= len(m.blockHashSequence) {
+ return types.Block{}, ErrIterationFinished
+ }
+
+ hash := m.blockHashSequence[idx]
+ return m.internalGet(hash)
+}
+
+// GetAll implement Reader.GetAll method, which allows caller
+// to retrieve all blocks in DB.
+func (m *MemBackedBlockDB) GetAll() (BlockIterator, error) {
+ return &seqIterator{db: m}, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/configuration-chain.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/configuration-chain.go
new file mode 100644
index 000000000..0f1400cb5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/configuration-chain.go
@@ -0,0 +1,795 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "context"
+ "fmt"
+ "sync"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/db"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors for configuration chain..
+var (
+ ErrDKGNotRegistered = fmt.Errorf(
+ "not yet registered in DKG protocol")
+ ErrTSigAlreadyRunning = fmt.Errorf(
+ "tsig is already running")
+ ErrDKGNotReady = fmt.Errorf(
+ "DKG is not ready")
+ ErrSkipButNoError = fmt.Errorf(
+ "skip but no error")
+ ErrDKGAborted = fmt.Errorf(
+ "DKG is aborted")
+)
+
+// ErrMismatchDKG represent an attempt to run DKG protocol is failed because
+// the register DKG protocol is mismatched, interms of round and resetCount.
+type ErrMismatchDKG struct {
+ expectRound, expectReset uint64
+ actualRound, actualReset uint64
+}
+
+func (e ErrMismatchDKG) Error() string {
+ return fmt.Sprintf(
+ "mismatch DKG, abort running: expect(%d %d) actual(%d %d)",
+ e.expectRound, e.expectReset, e.actualRound, e.actualReset)
+}
+
+type dkgStepFn func(round uint64, reset uint64) error
+
+type configurationChain struct {
+ ID types.NodeID
+ recv dkgReceiver
+ gov Governance
+ dkg *dkgProtocol
+ dkgRunPhases []dkgStepFn
+ logger common.Logger
+ dkgLock sync.RWMutex
+ dkgSigner map[uint64]*dkgShareSecret
+ npks map[uint64]*typesDKG.NodePublicKeys
+ complaints []*typesDKG.Complaint
+ dkgResult sync.RWMutex
+ tsig map[common.Hash]*tsigProtocol
+ tsigTouched map[common.Hash]struct{}
+ tsigReady *sync.Cond
+ cache *utils.NodeSetCache
+ db db.Database
+ notarySet map[types.NodeID]struct{}
+ mpkReady bool
+ pendingPrvShare map[types.NodeID]*typesDKG.PrivateShare
+ // TODO(jimmy-dexon): add timeout to pending psig.
+ pendingPsig map[common.Hash][]*typesDKG.PartialSignature
+ prevHash common.Hash
+ dkgCtx context.Context
+ dkgCtxCancel context.CancelFunc
+ dkgRunning bool
+}
+
+func newConfigurationChain(
+ ID types.NodeID,
+ recv dkgReceiver,
+ gov Governance,
+ cache *utils.NodeSetCache,
+ dbInst db.Database,
+ logger common.Logger) *configurationChain {
+ configurationChain := &configurationChain{
+ ID: ID,
+ recv: recv,
+ gov: gov,
+ logger: logger,
+ dkgSigner: make(map[uint64]*dkgShareSecret),
+ npks: make(map[uint64]*typesDKG.NodePublicKeys),
+ tsig: make(map[common.Hash]*tsigProtocol),
+ tsigTouched: make(map[common.Hash]struct{}),
+ tsigReady: sync.NewCond(&sync.Mutex{}),
+ cache: cache,
+ db: dbInst,
+ pendingPsig: make(map[common.Hash][]*typesDKG.PartialSignature),
+ }
+ configurationChain.initDKGPhasesFunc()
+ return configurationChain
+}
+
+func (cc *configurationChain) abortDKG(
+ parentCtx context.Context,
+ round, reset uint64) bool {
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if cc.dkg != nil {
+ return cc.abortDKGNoLock(parentCtx, round, reset)
+ }
+ return false
+}
+
+func (cc *configurationChain) abortDKGNoLock(
+ ctx context.Context,
+ round, reset uint64) bool {
+ if cc.dkg.round > round ||
+ (cc.dkg.round == round && cc.dkg.reset > reset) {
+ cc.logger.Error("Newer DKG already is registered",
+ "round", round,
+ "reset", reset)
+ return false
+ }
+ cc.logger.Error("Previous DKG is not finished",
+ "round", round,
+ "reset", reset,
+ "previous-round", cc.dkg.round,
+ "previous-reset", cc.dkg.reset)
+ // Abort DKG routine in previous round.
+ cc.logger.Error("Aborting DKG in previous round",
+ "round", round,
+ "previous-round", cc.dkg.round)
+ // Notify current running DKG protocol to abort.
+ if cc.dkgCtxCancel != nil {
+ cc.dkgCtxCancel()
+ }
+ cc.dkgLock.Unlock()
+ // Wait for current running DKG protocol aborting.
+ for {
+ cc.dkgLock.Lock()
+ if cc.dkgRunning == false {
+ cc.dkg = nil
+ break
+ }
+ select {
+ case <-ctx.Done():
+ return false
+ case <-time.After(100 * time.Millisecond):
+ }
+ cc.dkgLock.Unlock()
+ }
+ cc.logger.Error("Previous DKG aborted",
+ "round", round,
+ "reset", reset)
+ return cc.dkg == nil
+}
+
+func (cc *configurationChain) registerDKG(
+ parentCtx context.Context,
+ round, reset uint64,
+ threshold int) {
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if cc.dkg != nil {
+ // Make sure we only proceed when cc.dkg is nil.
+ if !cc.abortDKGNoLock(parentCtx, round, reset) {
+ return
+ }
+ select {
+ case <-parentCtx.Done():
+ return
+ default:
+ }
+ if cc.dkg != nil {
+ // This panic would only raise when multiple attampts to register
+ // a DKG protocol at the same time.
+ panic(ErrMismatchDKG{
+ expectRound: round,
+ expectReset: reset,
+ actualRound: cc.dkg.round,
+ actualReset: cc.dkg.reset,
+ })
+ }
+ }
+ notarySet, err := cc.cache.GetNotarySet(round)
+ if err != nil {
+ cc.logger.Error("Error getting notary set from cache", "error", err)
+ return
+ }
+ cc.notarySet = notarySet
+ cc.pendingPrvShare = make(map[types.NodeID]*typesDKG.PrivateShare)
+ cc.mpkReady = false
+ cc.dkg, err = recoverDKGProtocol(cc.ID, cc.recv, round, reset, cc.db)
+ cc.dkgCtx, cc.dkgCtxCancel = context.WithCancel(parentCtx)
+ if err != nil {
+ panic(err)
+ }
+ if cc.dkg == nil {
+ cc.dkg = newDKGProtocol(
+ cc.ID,
+ cc.recv,
+ round,
+ reset,
+ threshold)
+
+ err = cc.db.PutOrUpdateDKGProtocol(cc.dkg.toDKGProtocolInfo())
+ if err != nil {
+ cc.logger.Error("Error put or update DKG protocol", "error",
+ err)
+ return
+ }
+ }
+
+ go func() {
+ ticker := newTicker(cc.gov, round, TickerDKG)
+ defer ticker.Stop()
+ <-ticker.Tick()
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if cc.dkg != nil && cc.dkg.round == round && cc.dkg.reset == reset {
+ cc.dkg.proposeMPKReady()
+ }
+ }()
+}
+
+func (cc *configurationChain) runDKGPhaseOne(round uint64, reset uint64) error {
+ if cc.dkg.round < round ||
+ (cc.dkg.round == round && cc.dkg.reset < reset) {
+ return ErrDKGNotRegistered
+ }
+ if cc.dkg.round != round || cc.dkg.reset != reset {
+ cc.logger.Warn("DKG canceled", "round", round, "reset", reset)
+ return ErrSkipButNoError
+ }
+ cc.logger.Debug("Calling Governance.IsDKGFinal", "round", round)
+ if cc.gov.IsDKGFinal(round) {
+ cc.logger.Warn("DKG already final", "round", round)
+ return ErrSkipButNoError
+ }
+ cc.logger.Debug("Calling Governance.IsDKGMPKReady", "round", round)
+ var err error
+ for err == nil && !cc.gov.IsDKGMPKReady(round) {
+ cc.dkgLock.Unlock()
+ cc.logger.Debug("DKG MPKs are not ready yet. Try again later...",
+ "nodeID", cc.ID,
+ "round", round)
+ select {
+ case <-cc.dkgCtx.Done():
+ err = ErrDKGAborted
+ case <-time.After(500 * time.Millisecond):
+ }
+ cc.dkgLock.Lock()
+ }
+ return err
+}
+
+func (cc *configurationChain) runDKGPhaseTwoAndThree(
+ round uint64, reset uint64) error {
+ // Check if this node successfully join the protocol.
+ cc.logger.Debug("Calling Governance.DKGMasterPublicKeys", "round", round)
+ mpks := cc.gov.DKGMasterPublicKeys(round)
+ inProtocol := false
+ for _, mpk := range mpks {
+ if mpk.ProposerID == cc.ID {
+ inProtocol = true
+ break
+ }
+ }
+ if !inProtocol {
+ cc.logger.Warn("Failed to join DKG protocol",
+ "round", round,
+ "reset", reset)
+ return ErrSkipButNoError
+ }
+ // Phase 2(T = 0): Exchange DKG secret key share.
+ if err := cc.dkg.processMasterPublicKeys(mpks); err != nil {
+ cc.logger.Error("Failed to process master public key",
+ "round", round,
+ "reset", reset,
+ "error", err)
+ }
+ cc.mpkReady = true
+ // The time to process private share might be long, check aborting before
+ // get into that loop.
+ select {
+ case <-cc.dkgCtx.Done():
+ return ErrDKGAborted
+ default:
+ }
+ for _, prvShare := range cc.pendingPrvShare {
+ if err := cc.dkg.processPrivateShare(prvShare); err != nil {
+ cc.logger.Error("Failed to process private share",
+ "round", round,
+ "reset", reset,
+ "error", err)
+ }
+ }
+
+ // Phase 3(T = 0~λ): Propose complaint.
+ // Propose complaint is done in `processMasterPublicKeys`.
+ return nil
+}
+
+func (cc *configurationChain) runDKGPhaseFour() {
+ // Phase 4(T = λ): Propose nack complaints.
+ cc.dkg.proposeNackComplaints()
+}
+
+func (cc *configurationChain) runDKGPhaseFiveAndSix(round uint64, reset uint64) {
+ // Phase 5(T = 2λ): Propose Anti nack complaint.
+ cc.logger.Debug("Calling Governance.DKGComplaints", "round", round)
+ cc.complaints = cc.gov.DKGComplaints(round)
+ if err := cc.dkg.processNackComplaints(cc.complaints); err != nil {
+ cc.logger.Error("Failed to process NackComplaint",
+ "round", round,
+ "reset", reset,
+ "error", err)
+ }
+
+ // Phase 6(T = 3λ): Rebroadcast anti nack complaint.
+ // Rebroadcast is done in `processPrivateShare`.
+}
+
+func (cc *configurationChain) runDKGPhaseSeven() {
+ // Phase 7(T = 4λ): Enforce complaints and nack complaints.
+ cc.dkg.enforceNackComplaints(cc.complaints)
+ // Enforce complaint is done in `processPrivateShare`.
+}
+
+func (cc *configurationChain) runDKGPhaseEight() {
+ // Phase 8(T = 5λ): DKG finalize.
+ cc.dkg.proposeFinalize()
+}
+
+func (cc *configurationChain) runDKGPhaseNine(round uint64, reset uint64) error {
+ // Phase 9(T = 6λ): DKG is ready.
+ // Normally, IsDKGFinal would return true here. Use this for in case of
+ // unexpected network fluctuation and ensure the robustness of DKG protocol.
+ cc.logger.Debug("Calling Governance.IsDKGFinal", "round", round)
+ var err error
+ for err == nil && !cc.gov.IsDKGFinal(round) {
+ cc.dkgLock.Unlock()
+ cc.logger.Debug("DKG is not ready yet. Try again later...",
+ "nodeID", cc.ID.String()[:6],
+ "round", round,
+ "reset", reset)
+ select {
+ case <-cc.dkgCtx.Done():
+ err = ErrDKGAborted
+ case <-time.After(500 * time.Millisecond):
+ }
+ cc.dkgLock.Lock()
+ }
+ if err != nil {
+ return err
+ }
+ cc.logger.Debug("Calling Governance.DKGMasterPublicKeys", "round", round)
+ cc.logger.Debug("Calling Governance.DKGComplaints", "round", round)
+ npks, err := typesDKG.NewNodePublicKeys(round,
+ cc.gov.DKGMasterPublicKeys(round),
+ cc.gov.DKGComplaints(round),
+ cc.dkg.threshold)
+ if err != nil {
+ return err
+ }
+ qualifies := ""
+ for nID := range npks.QualifyNodeIDs {
+ qualifies += fmt.Sprintf("%s ", nID.String()[:6])
+ }
+ cc.logger.Info("Qualify Nodes",
+ "nodeID", cc.ID,
+ "round", round,
+ "reset", reset,
+ "count", len(npks.QualifyIDs),
+ "qualifies", qualifies)
+ if _, exist := npks.QualifyNodeIDs[cc.ID]; !exist {
+ cc.logger.Warn("Self is not in Qualify Nodes",
+ "round", round,
+ "reset", reset)
+ return nil
+ }
+ signer, err := cc.dkg.recoverShareSecret(npks.QualifyIDs)
+ if err != nil {
+ return err
+ }
+ // Save private shares to DB.
+ if err =
+ cc.db.PutDKGPrivateKey(round, reset, *signer.privateKey); err != nil {
+ return err
+ }
+ cc.dkg.proposeSuccess()
+ cc.dkgResult.Lock()
+ defer cc.dkgResult.Unlock()
+ cc.dkgSigner[round] = signer
+ cc.npks[round] = npks
+ return nil
+}
+
+func (cc *configurationChain) initDKGPhasesFunc() {
+ cc.dkgRunPhases = []dkgStepFn{
+ func(round uint64, reset uint64) error {
+ return cc.runDKGPhaseOne(round, reset)
+ },
+ func(round uint64, reset uint64) error {
+ return cc.runDKGPhaseTwoAndThree(round, reset)
+ },
+ func(round uint64, reset uint64) error {
+ cc.runDKGPhaseFour()
+ return nil
+ },
+ func(round uint64, reset uint64) error {
+ cc.runDKGPhaseFiveAndSix(round, reset)
+ return nil
+ },
+ func(round uint64, reset uint64) error {
+ cc.runDKGPhaseSeven()
+ return nil
+ },
+ func(round uint64, reset uint64) error {
+ cc.runDKGPhaseEight()
+ return nil
+ },
+ func(round uint64, reset uint64) error {
+ return cc.runDKGPhaseNine(round, reset)
+ },
+ }
+}
+
+func (cc *configurationChain) runDKG(
+ round uint64, reset uint64, event *common.Event,
+ dkgBeginHeight, dkgHeight uint64) (err error) {
+ // Check if corresponding DKG signer is ready.
+ if _, _, err = cc.getDKGInfo(round, false); err == nil {
+ return ErrSkipButNoError
+ }
+ cfg := utils.GetConfigWithPanic(cc.gov, round, cc.logger)
+ phaseHeight := uint64(
+ cfg.LambdaDKG.Nanoseconds() / cfg.MinBlockInterval.Nanoseconds())
+ skipPhase := int(dkgHeight / phaseHeight)
+ cc.logger.Info("Skipping DKG phase", "phase", skipPhase)
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if cc.dkg == nil {
+ return ErrDKGNotRegistered
+ }
+ // Make sure the existed dkgProtocol is expected one.
+ if cc.dkg.round != round || cc.dkg.reset != reset {
+ return ErrMismatchDKG{
+ expectRound: round,
+ expectReset: reset,
+ actualRound: cc.dkg.round,
+ actualReset: cc.dkg.reset,
+ }
+ }
+ if cc.dkgRunning {
+ panic(fmt.Errorf("duplicated call to runDKG: %d %d", round, reset))
+ }
+ cc.dkgRunning = true
+ defer func() {
+ // Here we should hold the cc.dkgLock, reset cc.dkg to nil when done.
+ if cc.dkg != nil {
+ cc.dkg = nil
+ }
+ cc.dkgRunning = false
+ }()
+ wg := sync.WaitGroup{}
+ var dkgError error
+ // Make a copy of cc.dkgCtx so each phase function can refer to the correct
+ // context.
+ ctx := cc.dkgCtx
+ cc.dkg.step = skipPhase
+ for i := skipPhase; i < len(cc.dkgRunPhases); i++ {
+ wg.Add(1)
+ event.RegisterHeight(dkgBeginHeight+phaseHeight*uint64(i), func(uint64) {
+ go func() {
+ defer wg.Done()
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if dkgError != nil {
+ return
+ }
+ select {
+ case <-ctx.Done():
+ dkgError = ErrDKGAborted
+ return
+ default:
+ }
+
+ err := cc.dkgRunPhases[cc.dkg.step](round, reset)
+ if err == nil || err == ErrSkipButNoError {
+ err = nil
+ cc.dkg.step++
+ err = cc.db.PutOrUpdateDKGProtocol(cc.dkg.toDKGProtocolInfo())
+ if err != nil {
+ cc.logger.Error("Failed to save DKG Protocol",
+ "step", cc.dkg.step,
+ "error", err)
+ }
+ }
+ if err != nil && dkgError == nil {
+ dkgError = err
+ }
+ }()
+ })
+ }
+ cc.dkgLock.Unlock()
+ wgChan := make(chan struct{}, 1)
+ go func() {
+ wg.Wait()
+ wgChan <- struct{}{}
+ }()
+ select {
+ case <-cc.dkgCtx.Done():
+ case <-wgChan:
+ }
+ cc.dkgLock.Lock()
+ select {
+ case <-cc.dkgCtx.Done():
+ return ErrDKGAborted
+ default:
+ }
+ return dkgError
+}
+
+func (cc *configurationChain) isDKGFinal(round uint64) bool {
+ if !cc.gov.IsDKGFinal(round) {
+ return false
+ }
+ _, _, err := cc.getDKGInfo(round, false)
+ return err == nil
+}
+
+func (cc *configurationChain) getDKGInfo(
+ round uint64, ignoreSigner bool) (
+ *typesDKG.NodePublicKeys, *dkgShareSecret, error) {
+ getFromCache := func() (*typesDKG.NodePublicKeys, *dkgShareSecret) {
+ cc.dkgResult.RLock()
+ defer cc.dkgResult.RUnlock()
+ npks := cc.npks[round]
+ signer := cc.dkgSigner[round]
+ return npks, signer
+ }
+ npks, signer := getFromCache()
+ if npks == nil || (!ignoreSigner && signer == nil) {
+ if err := cc.recoverDKGInfo(round, ignoreSigner); err != nil {
+ return nil, nil, err
+ }
+ npks, signer = getFromCache()
+ }
+ if npks == nil || (!ignoreSigner && signer == nil) {
+ return nil, nil, ErrDKGNotReady
+ }
+ return npks, signer, nil
+}
+
+func (cc *configurationChain) recoverDKGInfo(
+ round uint64, ignoreSigner bool) error {
+ var npksExists, signerExists bool
+ func() {
+ cc.dkgResult.Lock()
+ defer cc.dkgResult.Unlock()
+ _, signerExists = cc.dkgSigner[round]
+ _, npksExists = cc.npks[round]
+ }()
+ if signerExists && npksExists {
+ return nil
+ }
+ if !cc.gov.IsDKGFinal(round) {
+ return ErrDKGNotReady
+ }
+
+ threshold := utils.GetDKGThreshold(
+ utils.GetConfigWithPanic(cc.gov, round, cc.logger))
+ cc.logger.Debug("Calling Governance.DKGMasterPublicKeys for recoverDKGInfo",
+ "round", round)
+ mpk := cc.gov.DKGMasterPublicKeys(round)
+ cc.logger.Debug("Calling Governance.DKGComplaints for recoverDKGInfo",
+ "round", round)
+ comps := cc.gov.DKGComplaints(round)
+ qualifies, _, err := typesDKG.CalcQualifyNodes(mpk, comps, threshold)
+ if err != nil {
+ return err
+ }
+ if len(qualifies) <
+ utils.GetDKGValidThreshold(utils.GetConfigWithPanic(
+ cc.gov, round, cc.logger)) {
+ return typesDKG.ErrNotReachThreshold
+ }
+
+ if !npksExists {
+ npks, err := typesDKG.NewNodePublicKeys(round,
+ cc.gov.DKGMasterPublicKeys(round),
+ cc.gov.DKGComplaints(round),
+ threshold)
+ if err != nil {
+ cc.logger.Warn("Failed to create DKGNodePublicKeys",
+ "round", round, "error", err)
+ return err
+ }
+ func() {
+ cc.dkgResult.Lock()
+ defer cc.dkgResult.Unlock()
+ cc.npks[round] = npks
+ }()
+ }
+ if !signerExists && !ignoreSigner {
+ reset := cc.gov.DKGResetCount(round)
+ // Check if we have private shares in DB.
+ prvKey, err := cc.db.GetDKGPrivateKey(round, reset)
+ if err != nil {
+ cc.logger.Warn("Failed to create DKGPrivateKey",
+ "round", round, "error", err)
+ dkgProtocolInfo, err := cc.db.GetDKGProtocol()
+ if err != nil {
+ cc.logger.Warn("Unable to recover DKGProtocolInfo",
+ "round", round, "error", err)
+ return err
+ }
+ if dkgProtocolInfo.Round != round {
+ cc.logger.Warn("DKGProtocolInfo round mismatch",
+ "round", round, "infoRound", dkgProtocolInfo.Round)
+ return err
+ }
+ prvKeyRecover, err :=
+ dkgProtocolInfo.PrvShares.RecoverPrivateKey(qualifies)
+ if err != nil {
+ cc.logger.Warn("Failed to recover DKGPrivateKey",
+ "round", round, "error", err)
+ return err
+ }
+ if err = cc.db.PutDKGPrivateKey(
+ round, reset, *prvKeyRecover); err != nil {
+ cc.logger.Warn("Failed to save DKGPrivateKey",
+ "round", round, "error", err)
+ }
+ prvKey = *prvKeyRecover
+ }
+ func() {
+ cc.dkgResult.Lock()
+ defer cc.dkgResult.Unlock()
+ cc.dkgSigner[round] = &dkgShareSecret{
+ privateKey: &prvKey,
+ }
+ }()
+ }
+ return nil
+}
+
+func (cc *configurationChain) preparePartialSignature(
+ round uint64, hash common.Hash) (*typesDKG.PartialSignature, error) {
+ _, signer, _ := cc.getDKGInfo(round, false)
+ if signer == nil {
+ return nil, ErrDKGNotReady
+ }
+ return &typesDKG.PartialSignature{
+ ProposerID: cc.ID,
+ Round: round,
+ Hash: hash,
+ PartialSignature: signer.sign(hash),
+ }, nil
+}
+
+func (cc *configurationChain) touchTSigHash(hash common.Hash) (first bool) {
+ cc.tsigReady.L.Lock()
+ defer cc.tsigReady.L.Unlock()
+ _, exist := cc.tsigTouched[hash]
+ cc.tsigTouched[hash] = struct{}{}
+ return !exist
+}
+
+func (cc *configurationChain) untouchTSigHash(hash common.Hash) {
+ cc.tsigReady.L.Lock()
+ defer cc.tsigReady.L.Unlock()
+ delete(cc.tsigTouched, hash)
+}
+
+func (cc *configurationChain) runTSig(
+ round uint64, hash common.Hash, wait time.Duration) (
+ crypto.Signature, error) {
+ npks, _, _ := cc.getDKGInfo(round, false)
+ if npks == nil {
+ return crypto.Signature{}, ErrDKGNotReady
+ }
+ cc.tsigReady.L.Lock()
+ defer cc.tsigReady.L.Unlock()
+ if _, exist := cc.tsig[hash]; exist {
+ return crypto.Signature{}, ErrTSigAlreadyRunning
+ }
+ cc.tsig[hash] = newTSigProtocol(npks, hash)
+ pendingPsig := cc.pendingPsig[hash]
+ delete(cc.pendingPsig, hash)
+ go func() {
+ for _, psig := range pendingPsig {
+ if err := cc.processPartialSignature(psig); err != nil {
+ cc.logger.Error("Failed to process partial signature",
+ "nodeID", cc.ID,
+ "error", err)
+ }
+ }
+ }()
+ timeout := make(chan struct{}, 1)
+ go func() {
+ time.Sleep(wait)
+ timeout <- struct{}{}
+ cc.tsigReady.Broadcast()
+ }()
+ var signature crypto.Signature
+ var err error
+ for func() bool {
+ signature, err = cc.tsig[hash].signature()
+ select {
+ case <-timeout:
+ return false
+ default:
+ }
+ return err == ErrNotEnoughtPartialSignatures
+ }() {
+ cc.tsigReady.Wait()
+ }
+ delete(cc.tsig, hash)
+ if err != nil {
+ return crypto.Signature{}, err
+ }
+ return signature, nil
+}
+
+func (cc *configurationChain) runCRSTSig(
+ round uint64, crs common.Hash) ([]byte, error) {
+ sig, err := cc.runTSig(round, crs, cc.gov.Configuration(round).LambdaDKG*5)
+ cc.logger.Info("CRS",
+ "nodeID", cc.ID,
+ "round", round+1,
+ "signature", sig)
+ return sig.Signature[:], err
+}
+
+func (cc *configurationChain) processPrivateShare(
+ prvShare *typesDKG.PrivateShare) error {
+ cc.dkgLock.Lock()
+ defer cc.dkgLock.Unlock()
+ if cc.dkg == nil {
+ return nil
+ }
+ if _, exist := cc.notarySet[prvShare.ProposerID]; !exist {
+ return ErrNotDKGParticipant
+ }
+ if !cc.mpkReady {
+ // TODO(jimmy-dexon): remove duplicated signature check in dkg module.
+ ok, err := utils.VerifyDKGPrivateShareSignature(prvShare)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectPrivateShareSignature
+ }
+ cc.pendingPrvShare[prvShare.ProposerID] = prvShare
+ return nil
+ }
+ return cc.dkg.processPrivateShare(prvShare)
+}
+
+func (cc *configurationChain) processPartialSignature(
+ psig *typesDKG.PartialSignature) error {
+ cc.tsigReady.L.Lock()
+ defer cc.tsigReady.L.Unlock()
+ if _, exist := cc.tsig[psig.Hash]; !exist {
+ ok, err := utils.VerifyDKGPartialSignatureSignature(psig)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectPartialSignatureSignature
+ }
+ cc.pendingPsig[psig.Hash] = append(cc.pendingPsig[psig.Hash], psig)
+ return nil
+ }
+ if err := cc.tsig[psig.Hash].processPartialSignature(psig); err != nil {
+ return err
+ }
+ cc.tsigReady.Broadcast()
+ return nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/consensus.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/consensus.go
new file mode 100644
index 000000000..8b2b9a048
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/consensus.go
@@ -0,0 +1,1567 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "context"
+ "encoding/hex"
+ "fmt"
+ "sync"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ cryptoDKG "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/db"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors for consensus core.
+var (
+ ErrProposerNotInNodeSet = fmt.Errorf(
+ "proposer is not in node set")
+ ErrIncorrectHash = fmt.Errorf(
+ "hash of block is incorrect")
+ ErrIncorrectSignature = fmt.Errorf(
+ "signature of block is incorrect")
+ ErrUnknownBlockProposed = fmt.Errorf(
+ "unknown block is proposed")
+ ErrIncorrectAgreementResultPosition = fmt.Errorf(
+ "incorrect agreement result position")
+ ErrNotEnoughVotes = fmt.Errorf(
+ "not enought votes")
+ ErrCRSNotReady = fmt.Errorf(
+ "CRS not ready")
+ ErrConfigurationNotReady = fmt.Errorf(
+ "Configuration not ready")
+ ErrIncorrectBlockRandomness = fmt.Errorf(
+ "randomness of block is incorrect")
+ ErrCannotVerifyBlockRandomness = fmt.Errorf(
+ "cannot verify block randomness")
+)
+
+type selfAgreementResult types.AgreementResult
+
+// consensusBAReceiver implements agreementReceiver.
+type consensusBAReceiver struct {
+ consensus *Consensus
+ agreementModule *agreement
+ emptyBlockHashMap *sync.Map
+ isNotary bool
+ restartNotary chan types.Position
+ npks *typesDKG.NodePublicKeys
+ psigSigner *dkgShareSecret
+}
+
+func (recv *consensusBAReceiver) emptyBlockHash(pos types.Position) (
+ common.Hash, error) {
+ hashVal, ok := recv.emptyBlockHashMap.Load(pos)
+ if ok {
+ return hashVal.(common.Hash), nil
+ }
+ emptyBlock, err := recv.consensus.bcModule.prepareBlock(
+ pos, time.Time{}, true)
+ if err != nil {
+ return common.Hash{}, err
+ }
+ hash, err := utils.HashBlock(emptyBlock)
+ if err != nil {
+ return common.Hash{}, err
+ }
+ recv.emptyBlockHashMap.Store(pos, hash)
+ return hash, nil
+}
+
+func (recv *consensusBAReceiver) VerifyPartialSignature(vote *types.Vote) (
+ bool, bool) {
+ if vote.Position.Round >= DKGDelayRound && vote.BlockHash != types.SkipBlockHash {
+ if vote.Type == types.VoteCom || vote.Type == types.VoteFastCom {
+ if recv.npks == nil {
+ recv.consensus.logger.Debug(
+ "Unable to verify psig, npks is nil",
+ "vote", vote)
+ return false, false
+ }
+ if vote.Position.Round != recv.npks.Round {
+ recv.consensus.logger.Debug(
+ "Unable to verify psig, round of npks mismatch",
+ "vote", vote,
+ "npksRound", recv.npks.Round)
+ return false, false
+ }
+ pubKey, exist := recv.npks.PublicKeys[vote.ProposerID]
+ if !exist {
+ recv.consensus.logger.Debug(
+ "Unable to verify psig, proposer is not qualified",
+ "vote", vote)
+ return false, true
+ }
+ blockHash := vote.BlockHash
+ if blockHash == types.NullBlockHash {
+ var err error
+ blockHash, err = recv.emptyBlockHash(vote.Position)
+ if err != nil {
+ recv.consensus.logger.Error(
+ "Failed to verify vote for empty block",
+ "position", vote.Position,
+ "error", err)
+ return false, true
+ }
+ }
+ return pubKey.VerifySignature(
+ blockHash, crypto.Signature(vote.PartialSignature)), true
+ }
+ }
+ return len(vote.PartialSignature.Signature) == 0, true
+}
+
+func (recv *consensusBAReceiver) ProposeVote(vote *types.Vote) {
+ if !recv.isNotary {
+ return
+ }
+ if recv.psigSigner != nil &&
+ vote.BlockHash != types.SkipBlockHash {
+ if vote.Type == types.VoteCom || vote.Type == types.VoteFastCom {
+ if vote.BlockHash == types.NullBlockHash {
+ hash, err := recv.emptyBlockHash(vote.Position)
+ if err != nil {
+ recv.consensus.logger.Error(
+ "Failed to propose vote for empty block",
+ "position", vote.Position,
+ "error", err)
+ return
+ }
+ vote.PartialSignature = recv.psigSigner.sign(hash)
+ } else {
+ vote.PartialSignature = recv.psigSigner.sign(vote.BlockHash)
+ }
+ }
+ }
+ if err := recv.agreementModule.prepareVote(vote); err != nil {
+ recv.consensus.logger.Error("Failed to prepare vote", "error", err)
+ return
+ }
+ go func() {
+ if err := recv.agreementModule.processVote(vote); err != nil {
+ recv.consensus.logger.Error("Failed to process self vote",
+ "error", err,
+ "vote", vote)
+ return
+ }
+ recv.consensus.logger.Debug("Calling Network.BroadcastVote",
+ "vote", vote)
+ recv.consensus.network.BroadcastVote(vote)
+ }()
+}
+
+func (recv *consensusBAReceiver) ProposeBlock() common.Hash {
+ if !recv.isNotary {
+ return common.Hash{}
+ }
+ block, err := recv.consensus.proposeBlock(recv.agreementModule.agreementID())
+ if err != nil || block == nil {
+ recv.consensus.logger.Error("Unable to propose block", "error", err)
+ return types.NullBlockHash
+ }
+ go func() {
+ if err := recv.consensus.preProcessBlock(block); err != nil {
+ recv.consensus.logger.Error("Failed to pre-process block", "error", err)
+ return
+ }
+ recv.consensus.logger.Debug("Calling Network.BroadcastBlock",
+ "block", block)
+ recv.consensus.network.BroadcastBlock(block)
+ }()
+ return block.Hash
+}
+
+func (recv *consensusBAReceiver) ConfirmBlock(
+ hash common.Hash, votes map[types.NodeID]*types.Vote) {
+ var (
+ block *types.Block
+ aID = recv.agreementModule.agreementID()
+ )
+
+ isEmptyBlockConfirmed := hash == common.Hash{}
+ if isEmptyBlockConfirmed {
+ recv.consensus.logger.Info("Empty block is confirmed", "position", aID)
+ var err error
+ block, err = recv.consensus.bcModule.addEmptyBlock(aID)
+ if err != nil {
+ recv.consensus.logger.Error("Add position for empty failed",
+ "error", err)
+ return
+ }
+ if block == nil {
+ // The empty block's parent is not found locally, thus we can't
+ // propose it at this moment.
+ //
+ // We can only rely on block pulling upon receiving
+ // types.AgreementResult from the next position.
+ recv.consensus.logger.Warn(
+ "An empty block is confirmed without its parent",
+ "position", aID)
+ return
+ }
+ } else {
+ var exist bool
+ block, exist = recv.agreementModule.findBlockNoLock(hash)
+ if !exist {
+ recv.consensus.logger.Debug("Unknown block confirmed",
+ "hash", hash.String()[:6])
+ ch := make(chan *types.Block)
+ func() {
+ recv.consensus.lock.Lock()
+ defer recv.consensus.lock.Unlock()
+ recv.consensus.baConfirmedBlock[hash] = ch
+ }()
+ go func() {
+ hashes := common.Hashes{hash}
+ PullBlockLoop:
+ for {
+ recv.consensus.logger.Debug("Calling Network.PullBlock for BA block",
+ "hash", hash)
+ recv.consensus.network.PullBlocks(hashes)
+ select {
+ case block = <-ch:
+ break PullBlockLoop
+ case <-time.After(1 * time.Second):
+ }
+ }
+ recv.consensus.logger.Debug("Receive unknown block",
+ "hash", hash.String()[:6],
+ "position", block.Position)
+ recv.agreementModule.addCandidateBlock(block)
+ recv.agreementModule.lock.Lock()
+ defer recv.agreementModule.lock.Unlock()
+ recv.ConfirmBlock(block.Hash, votes)
+ }()
+ return
+ }
+ }
+
+ if len(votes) == 0 && len(block.Randomness) == 0 {
+ recv.consensus.logger.Error("No votes to recover randomness",
+ "block", block)
+ } else if votes != nil {
+ voteList := make([]types.Vote, 0, len(votes))
+ IDs := make(cryptoDKG.IDs, 0, len(votes))
+ psigs := make([]cryptoDKG.PartialSignature, 0, len(votes))
+ for _, vote := range votes {
+ if vote.BlockHash != hash {
+ continue
+ }
+ if block.Position.Round >= DKGDelayRound {
+ ID, exist := recv.npks.IDMap[vote.ProposerID]
+ if !exist {
+ continue
+ }
+ IDs = append(IDs, ID)
+ psigs = append(psigs, vote.PartialSignature)
+ } else {
+ voteList = append(voteList, *vote)
+ }
+ }
+ if block.Position.Round >= DKGDelayRound {
+ rand, err := cryptoDKG.RecoverSignature(psigs, IDs)
+ if err != nil {
+ recv.consensus.logger.Warn("Unable to recover randomness",
+ "block", block,
+ "error", err)
+ } else {
+ block.Randomness = rand.Signature[:]
+ }
+ } else {
+ block.Randomness = NoRand
+ }
+
+ if recv.isNotary {
+ result := &types.AgreementResult{
+ BlockHash: block.Hash,
+ Position: block.Position,
+ Votes: voteList,
+ IsEmptyBlock: isEmptyBlockConfirmed,
+ Randomness: block.Randomness,
+ }
+ // touchAgreementResult does not support concurrent access.
+ go func() {
+ recv.consensus.priorityMsgChan <- (*selfAgreementResult)(result)
+ }()
+ recv.consensus.logger.Debug("Broadcast AgreementResult",
+ "result", result)
+ recv.consensus.network.BroadcastAgreementResult(result)
+ if block.IsEmpty() {
+ recv.consensus.bcModule.addBlockRandomness(
+ block.Position, block.Randomness)
+ }
+ if block.Position.Round >= DKGDelayRound {
+ recv.consensus.logger.Debug(
+ "Broadcast finalized block",
+ "block", block)
+ recv.consensus.network.BroadcastBlock(block)
+ }
+ }
+ }
+
+ if !block.IsGenesis() &&
+ !recv.consensus.bcModule.confirmed(block.Position.Height-1) {
+ go func(hash common.Hash) {
+ parentHash := hash
+ for {
+ recv.consensus.logger.Warn("Parent block not confirmed",
+ "parent-hash", parentHash.String()[:6],
+ "cur-position", block.Position)
+ ch := make(chan *types.Block)
+ if !func() bool {
+ recv.consensus.lock.Lock()
+ defer recv.consensus.lock.Unlock()
+ if _, exist := recv.consensus.baConfirmedBlock[parentHash]; exist {
+ return false
+ }
+ recv.consensus.baConfirmedBlock[parentHash] = ch
+ return true
+ }() {
+ return
+ }
+ var block *types.Block
+ PullBlockLoop:
+ for {
+ recv.consensus.logger.Debug("Calling Network.PullBlock for parent",
+ "hash", parentHash)
+ recv.consensus.network.PullBlocks(common.Hashes{parentHash})
+ select {
+ case block = <-ch:
+ break PullBlockLoop
+ case <-time.After(1 * time.Second):
+ }
+ }
+ recv.consensus.logger.Info("Receive parent block",
+ "parent-hash", block.ParentHash.String()[:6],
+ "cur-position", block.Position)
+ if !block.IsFinalized() {
+ // TODO(jimmy): use a seperate message to pull finalized
+ // block. Here, we pull it again as workaround.
+ continue
+ }
+ recv.consensus.processBlockChan <- block
+ parentHash = block.ParentHash
+ if block.IsGenesis() || recv.consensus.bcModule.confirmed(
+ block.Position.Height-1) {
+ return
+ }
+ }
+ }(block.ParentHash)
+ }
+ if !block.IsEmpty() {
+ recv.consensus.processBlockChan <- block
+ }
+ // Clean the restartNotary channel so BA will not stuck by deadlock.
+CleanChannelLoop:
+ for {
+ select {
+ case <-recv.restartNotary:
+ default:
+ break CleanChannelLoop
+ }
+ }
+ recv.restartNotary <- block.Position
+}
+
+func (recv *consensusBAReceiver) PullBlocks(hashes common.Hashes) {
+ if !recv.isNotary {
+ return
+ }
+ recv.consensus.logger.Debug("Calling Network.PullBlocks", "hashes", hashes)
+ recv.consensus.network.PullBlocks(hashes)
+}
+
+func (recv *consensusBAReceiver) ReportForkVote(v1, v2 *types.Vote) {
+ recv.consensus.gov.ReportForkVote(v1, v2)
+}
+
+func (recv *consensusBAReceiver) ReportForkBlock(b1, b2 *types.Block) {
+ b1Clone := b1.Clone()
+ b2Clone := b2.Clone()
+ b1Clone.Payload = []byte{}
+ b2Clone.Payload = []byte{}
+ recv.consensus.gov.ReportForkBlock(b1Clone, b2Clone)
+}
+
+// consensusDKGReceiver implements dkgReceiver.
+type consensusDKGReceiver struct {
+ ID types.NodeID
+ gov Governance
+ signer *utils.Signer
+ nodeSetCache *utils.NodeSetCache
+ cfgModule *configurationChain
+ network Network
+ logger common.Logger
+}
+
+// ProposeDKGComplaint proposes a DKGComplaint.
+func (recv *consensusDKGReceiver) ProposeDKGComplaint(
+ complaint *typesDKG.Complaint) {
+ if err := recv.signer.SignDKGComplaint(complaint); err != nil {
+ recv.logger.Error("Failed to sign DKG complaint", "error", err)
+ return
+ }
+ recv.logger.Debug("Calling Governace.AddDKGComplaint",
+ "complaint", complaint)
+ recv.gov.AddDKGComplaint(complaint)
+}
+
+// ProposeDKGMasterPublicKey propose a DKGMasterPublicKey.
+func (recv *consensusDKGReceiver) ProposeDKGMasterPublicKey(
+ mpk *typesDKG.MasterPublicKey) {
+ if err := recv.signer.SignDKGMasterPublicKey(mpk); err != nil {
+ recv.logger.Error("Failed to sign DKG master public key", "error", err)
+ return
+ }
+ recv.logger.Debug("Calling Governance.AddDKGMasterPublicKey", "key", mpk)
+ recv.gov.AddDKGMasterPublicKey(mpk)
+}
+
+// ProposeDKGPrivateShare propose a DKGPrivateShare.
+func (recv *consensusDKGReceiver) ProposeDKGPrivateShare(
+ prv *typesDKG.PrivateShare) {
+ if err := recv.signer.SignDKGPrivateShare(prv); err != nil {
+ recv.logger.Error("Failed to sign DKG private share", "error", err)
+ return
+ }
+ receiverPubKey, exists := recv.nodeSetCache.GetPublicKey(prv.ReceiverID)
+ if !exists {
+ recv.logger.Error("Public key for receiver not found",
+ "receiver", prv.ReceiverID.String()[:6])
+ return
+ }
+ if prv.ReceiverID == recv.ID {
+ go func() {
+ if err := recv.cfgModule.processPrivateShare(prv); err != nil {
+ recv.logger.Error("Failed to process self private share", "prvShare", prv)
+ }
+ }()
+ } else {
+ recv.logger.Debug("Calling Network.SendDKGPrivateShare",
+ "receiver", hex.EncodeToString(receiverPubKey.Bytes()))
+ recv.network.SendDKGPrivateShare(receiverPubKey, prv)
+ }
+}
+
+// ProposeDKGAntiNackComplaint propose a DKGPrivateShare as an anti complaint.
+func (recv *consensusDKGReceiver) ProposeDKGAntiNackComplaint(
+ prv *typesDKG.PrivateShare) {
+ if prv.ProposerID == recv.ID {
+ if err := recv.signer.SignDKGPrivateShare(prv); err != nil {
+ recv.logger.Error("Failed sign DKG private share", "error", err)
+ return
+ }
+ }
+ recv.logger.Debug("Calling Network.BroadcastDKGPrivateShare", "share", prv)
+ recv.network.BroadcastDKGPrivateShare(prv)
+}
+
+// ProposeDKGMPKReady propose a DKGMPKReady message.
+func (recv *consensusDKGReceiver) ProposeDKGMPKReady(ready *typesDKG.MPKReady) {
+ if err := recv.signer.SignDKGMPKReady(ready); err != nil {
+ recv.logger.Error("Failed to sign DKG ready", "error", err)
+ return
+ }
+ recv.logger.Debug("Calling Governance.AddDKGMPKReady", "ready", ready)
+ recv.gov.AddDKGMPKReady(ready)
+}
+
+// ProposeDKGFinalize propose a DKGFinalize message.
+func (recv *consensusDKGReceiver) ProposeDKGFinalize(final *typesDKG.Finalize) {
+ if err := recv.signer.SignDKGFinalize(final); err != nil {
+ recv.logger.Error("Failed to sign DKG finalize", "error", err)
+ return
+ }
+ recv.logger.Debug("Calling Governance.AddDKGFinalize", "final", final)
+ recv.gov.AddDKGFinalize(final)
+}
+
+// ProposeDKGSuccess propose a DKGSuccess message.
+func (recv *consensusDKGReceiver) ProposeDKGSuccess(success *typesDKG.Success) {
+ if err := recv.signer.SignDKGSuccess(success); err != nil {
+ recv.logger.Error("Failed to sign DKG successize", "error", err)
+ return
+ }
+ recv.logger.Debug("Calling Governance.AddDKGSuccess", "success", success)
+ recv.gov.AddDKGSuccess(success)
+}
+
+// Consensus implements DEXON Consensus algorithm.
+type Consensus struct {
+ // Node Info.
+ ID types.NodeID
+ signer *utils.Signer
+
+ // BA.
+ baMgr *agreementMgr
+ baConfirmedBlock map[common.Hash]chan<- *types.Block
+
+ // DKG.
+ dkgRunning int32
+ dkgReady *sync.Cond
+ cfgModule *configurationChain
+
+ // Interfaces.
+ db db.Database
+ app Application
+ debugApp Debug
+ gov Governance
+ network Network
+
+ // Misc.
+ bcModule *blockChain
+ dMoment time.Time
+ nodeSetCache *utils.NodeSetCache
+ tsigVerifierCache *TSigVerifierCache
+ lock sync.RWMutex
+ ctx context.Context
+ ctxCancel context.CancelFunc
+ event *common.Event
+ roundEvent *utils.RoundEvent
+ logger common.Logger
+ resetDeliveryGuardTicker chan struct{}
+ msgChan chan types.Msg
+ priorityMsgChan chan interface{}
+ waitGroup sync.WaitGroup
+ processBlockChan chan *types.Block
+
+ // Context of Dummy receiver during switching from syncer.
+ dummyCancel context.CancelFunc
+ dummyFinished <-chan struct{}
+ dummyMsgBuffer []types.Msg
+}
+
+// NewConsensus construct an Consensus instance.
+func NewConsensus(
+ dMoment time.Time,
+ app Application,
+ gov Governance,
+ db db.Database,
+ network Network,
+ prv crypto.PrivateKey,
+ logger common.Logger) *Consensus {
+ return newConsensusForRound(
+ nil, dMoment, app, gov, db, network, prv, logger, true)
+}
+
+// NewConsensusForSimulation creates an instance of Consensus for simulation,
+// the only difference with NewConsensus is nonblocking of app.
+func NewConsensusForSimulation(
+ dMoment time.Time,
+ app Application,
+ gov Governance,
+ db db.Database,
+ network Network,
+ prv crypto.PrivateKey,
+ logger common.Logger) *Consensus {
+ return newConsensusForRound(
+ nil, dMoment, app, gov, db, network, prv, logger, false)
+}
+
+// NewConsensusFromSyncer constructs an Consensus instance from information
+// provided from syncer.
+//
+// You need to provide the initial block for this newly created Consensus
+// instance to bootstrap with. A proper choice is the last finalized block you
+// delivered to syncer.
+//
+// NOTE: those confirmed blocks should be organized by chainID and sorted by
+// their positions, in ascending order.
+func NewConsensusFromSyncer(
+ initBlock *types.Block,
+ startWithEmpty bool,
+ dMoment time.Time,
+ app Application,
+ gov Governance,
+ db db.Database,
+ networkModule Network,
+ prv crypto.PrivateKey,
+ confirmedBlocks []*types.Block,
+ cachedMessages []types.Msg,
+ logger common.Logger) (*Consensus, error) {
+ // Setup Consensus instance.
+ con := newConsensusForRound(initBlock, dMoment, app, gov, db,
+ networkModule, prv, logger, true)
+ // Launch a dummy receiver before we start receiving from network module.
+ con.dummyMsgBuffer = cachedMessages
+ con.dummyCancel, con.dummyFinished = utils.LaunchDummyReceiver(
+ con.ctx, networkModule.ReceiveChan(), func(msg types.Msg) {
+ con.dummyMsgBuffer = append(con.dummyMsgBuffer, msg)
+ })
+ // Dump all BA-confirmed blocks to the consensus instance, make sure these
+ // added blocks forming a DAG.
+ refBlock := initBlock
+ for _, b := range confirmedBlocks {
+ // Only when its parent block is already added to lattice, we can
+ // then add this block. If not, our pulling mechanism would stop at
+ // the block we added, and lost its parent block forever.
+ if b.Position.Height != refBlock.Position.Height+1 {
+ break
+ }
+ if err := con.processBlock(b); err != nil {
+ return nil, err
+ }
+ refBlock = b
+ }
+ if startWithEmpty {
+ emptyPos := types.Position{
+ Round: con.bcModule.tipRound(),
+ Height: initBlock.Position.Height + 1,
+ }
+ _, err := con.bcModule.addEmptyBlock(emptyPos)
+ if err != nil {
+ panic(err)
+ }
+ }
+ return con, nil
+}
+
+// newConsensusForRound creates a Consensus instance.
+func newConsensusForRound(
+ initBlock *types.Block,
+ dMoment time.Time,
+ app Application,
+ gov Governance,
+ db db.Database,
+ network Network,
+ prv crypto.PrivateKey,
+ logger common.Logger,
+ usingNonBlocking bool) *Consensus {
+ // TODO(w): load latest blockHeight from DB, and use config at that height.
+ nodeSetCache := utils.NewNodeSetCache(gov)
+ // Setup signer module.
+ signer := utils.NewSigner(prv)
+ // Check if the application implement Debug interface.
+ var debugApp Debug
+ if a, ok := app.(Debug); ok {
+ debugApp = a
+ }
+ // Get configuration for bootstrap round.
+ initPos := types.Position{
+ Round: 0,
+ Height: types.GenesisHeight,
+ }
+ if initBlock != nil {
+ initPos = initBlock.Position
+ }
+ // Init configuration chain.
+ ID := types.NewNodeID(prv.PublicKey())
+ recv := &consensusDKGReceiver{
+ ID: ID,
+ gov: gov,
+ signer: signer,
+ nodeSetCache: nodeSetCache,
+ network: network,
+ logger: logger,
+ }
+ cfgModule := newConfigurationChain(ID, recv, gov, nodeSetCache, db, logger)
+ recv.cfgModule = cfgModule
+ signer.SetBLSSigner(
+ func(round uint64, hash common.Hash) (crypto.Signature, error) {
+ _, signer, err := cfgModule.getDKGInfo(round, false)
+ if err != nil {
+ return crypto.Signature{}, err
+ }
+ return crypto.Signature(signer.sign(hash)), nil
+ })
+ appModule := app
+ if usingNonBlocking {
+ appModule = newNonBlocking(app, debugApp)
+ }
+ tsigVerifierCache := NewTSigVerifierCache(gov, 7)
+ bcModule := newBlockChain(ID, dMoment, initBlock, appModule,
+ tsigVerifierCache, signer, logger)
+ // Construct Consensus instance.
+ con := &Consensus{
+ ID: ID,
+ app: appModule,
+ debugApp: debugApp,
+ gov: gov,
+ db: db,
+ network: network,
+ baConfirmedBlock: make(map[common.Hash]chan<- *types.Block),
+ dkgReady: sync.NewCond(&sync.Mutex{}),
+ cfgModule: cfgModule,
+ bcModule: bcModule,
+ dMoment: dMoment,
+ nodeSetCache: nodeSetCache,
+ tsigVerifierCache: tsigVerifierCache,
+ signer: signer,
+ event: common.NewEvent(),
+ logger: logger,
+ resetDeliveryGuardTicker: make(chan struct{}),
+ msgChan: make(chan types.Msg, 1024),
+ priorityMsgChan: make(chan interface{}, 1024),
+ processBlockChan: make(chan *types.Block, 1024),
+ }
+ con.ctx, con.ctxCancel = context.WithCancel(context.Background())
+ var err error
+ con.roundEvent, err = utils.NewRoundEvent(con.ctx, gov, logger, initPos,
+ ConfigRoundShift)
+ if err != nil {
+ panic(err)
+ }
+ if con.baMgr, err = newAgreementMgr(con); err != nil {
+ panic(err)
+ }
+ if err = con.prepare(initBlock); err != nil {
+ panic(err)
+ }
+ return con
+}
+
+// prepare the Consensus instance to be ready for blocks after 'initBlock'.
+// 'initBlock' could be either:
+// - nil
+// - the last finalized block
+func (con *Consensus) prepare(initBlock *types.Block) (err error) {
+ // Trigger the round validation method for the next round of the first
+ // round.
+ // The block past from full node should be delivered already or known by
+ // full node. We don't have to notify it.
+ initRound := uint64(0)
+ if initBlock != nil {
+ initRound = initBlock.Position.Round
+ }
+ if initRound == 0 {
+ if DKGDelayRound == 0 {
+ panic("not implemented yet")
+ }
+ }
+ // Measure time elapse for each handler of round events.
+ elapse := func(what string, lastE utils.RoundEventParam) func() {
+ start := time.Now()
+ con.logger.Info("Handle round event",
+ "what", what,
+ "event", lastE)
+ return func() {
+ con.logger.Info("Finish round event",
+ "what", what,
+ "event", lastE,
+ "elapse", time.Since(start))
+ }
+ }
+ // Register round event handler to purge cached node set. To make sure each
+ // modules see the up-to-date node set, we need to make sure this action
+ // should be taken as the first one.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ defer elapse("purge-cache", evts[len(evts)-1])()
+ for _, e := range evts {
+ if e.Reset == 0 {
+ continue
+ }
+ con.nodeSetCache.Purge(e.Round + 1)
+ con.tsigVerifierCache.Purge(e.Round + 1)
+ }
+ })
+ // Register round event handler to abort previous running DKG if any.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ e := evts[len(evts)-1]
+ go func() {
+ defer elapse("abort-DKG", e)()
+ if e.Reset > 0 {
+ aborted := con.cfgModule.abortDKG(con.ctx, e.Round+1, e.Reset-1)
+ con.logger.Info("DKG aborting result",
+ "round", e.Round+1,
+ "reset", e.Reset-1,
+ "aborted", aborted)
+ }
+ }()
+ })
+ // Register round event handler to update BA and BC modules.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ defer elapse("append-config", evts[len(evts)-1])()
+ // Always updates newer configs to the later modules first in the data
+ // flow.
+ if err := con.bcModule.notifyRoundEvents(evts); err != nil {
+ panic(err)
+ }
+ if err := con.baMgr.notifyRoundEvents(evts); err != nil {
+ panic(err)
+ }
+ })
+ // Register round event handler to reset DKG if the DKG set for next round
+ // failed to setup.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ e := evts[len(evts)-1]
+ defer elapse("reset-DKG", e)()
+ nextRound := e.Round + 1
+ if nextRound < DKGDelayRound {
+ return
+ }
+ curNotarySet, err := con.nodeSetCache.GetNotarySet(e.Round)
+ if err != nil {
+ con.logger.Error("Error getting notary set when proposing CRS",
+ "round", e.Round,
+ "error", err)
+ return
+ }
+ if _, exist := curNotarySet[con.ID]; !exist {
+ return
+ }
+ con.event.RegisterHeight(e.NextDKGResetHeight(), func(uint64) {
+ if ok, _ := utils.IsDKGValid(
+ con.gov, con.logger, nextRound, e.Reset); ok {
+ return
+ }
+ // Aborting all previous running DKG protocol instance if any.
+ go con.runCRS(e.Round, utils.Rehash(e.CRS, uint(e.Reset+1)), true)
+ })
+ })
+ // Register round event handler to propose new CRS.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ // We don't have to propose new CRS during DKG reset, the reset of DKG
+ // would be done by the notary set in previous round.
+ e := evts[len(evts)-1]
+ defer elapse("propose-CRS", e)()
+ if e.Reset != 0 || e.Round < DKGDelayRound {
+ return
+ }
+ if curNotarySet, err := con.nodeSetCache.GetNotarySet(e.Round); err != nil {
+ con.logger.Error("Error getting notary set when proposing CRS",
+ "round", e.Round,
+ "error", err)
+ } else {
+ if _, exist := curNotarySet[con.ID]; !exist {
+ return
+ }
+ con.event.RegisterHeight(e.NextCRSProposingHeight(), func(uint64) {
+ con.logger.Debug(
+ "Calling Governance.CRS to check if already proposed",
+ "round", e.Round+1)
+ if (con.gov.CRS(e.Round+1) != common.Hash{}) {
+ con.logger.Debug("CRS already proposed", "round", e.Round+1)
+ return
+ }
+ go con.runCRS(e.Round, e.CRS, false)
+ })
+ }
+ })
+ // Touch nodeSetCache for next round.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ e := evts[len(evts)-1]
+ defer elapse("touch-NodeSetCache", e)()
+ con.event.RegisterHeight(e.NextTouchNodeSetCacheHeight(), func(uint64) {
+ if e.Reset == 0 {
+ return
+ }
+ go func() {
+ nextRound := e.Round + 1
+ if err := con.nodeSetCache.Touch(nextRound); err != nil {
+ con.logger.Warn("Failed to update nodeSetCache",
+ "round", nextRound,
+ "error", err)
+ }
+ }()
+ })
+ })
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ e := evts[len(evts)-1]
+ if e.Reset != 0 {
+ return
+ }
+ defer elapse("touch-DKGCache", e)()
+ go func() {
+ if _, err :=
+ con.tsigVerifierCache.Update(e.Round); err != nil {
+ con.logger.Warn("Failed to update tsig cache",
+ "round", e.Round,
+ "error", err)
+ }
+ }()
+ go func() {
+ threshold := utils.GetDKGThreshold(
+ utils.GetConfigWithPanic(con.gov, e.Round, con.logger))
+ // Restore group public key.
+ con.logger.Debug(
+ "Calling Governance.DKGMasterPublicKeys for recoverDKGInfo",
+ "round", e.Round)
+ con.logger.Debug(
+ "Calling Governance.DKGComplaints for recoverDKGInfo",
+ "round", e.Round)
+ _, qualifies, err := typesDKG.CalcQualifyNodes(
+ con.gov.DKGMasterPublicKeys(e.Round),
+ con.gov.DKGComplaints(e.Round),
+ threshold)
+ if err != nil {
+ con.logger.Warn("Failed to calculate dkg set",
+ "round", e.Round,
+ "error", err)
+ return
+ }
+ if _, exist := qualifies[con.ID]; !exist {
+ return
+ }
+ if _, _, err :=
+ con.cfgModule.getDKGInfo(e.Round, true); err != nil {
+ con.logger.Warn("Failed to recover DKG info",
+ "round", e.Round,
+ "error", err)
+ }
+ }()
+ })
+ // checkCRS is a generator of checker to check if CRS for that round is
+ // ready or not.
+ checkCRS := func(round uint64) func() bool {
+ return func() bool {
+ nextCRS := con.gov.CRS(round)
+ if (nextCRS != common.Hash{}) {
+ return true
+ }
+ con.logger.Debug("CRS is not ready yet. Try again later...",
+ "nodeID", con.ID,
+ "round", round)
+ return false
+ }
+ }
+ // Trigger round validation method for next period.
+ con.roundEvent.Register(func(evts []utils.RoundEventParam) {
+ e := evts[len(evts)-1]
+ defer elapse("next-round", e)()
+ // Register a routine to trigger round events.
+ con.event.RegisterHeight(e.NextRoundValidationHeight(),
+ utils.RoundEventRetryHandlerGenerator(con.roundEvent, con.event))
+ // Register a routine to register next DKG.
+ con.event.RegisterHeight(e.NextDKGRegisterHeight(), func(uint64) {
+ nextRound := e.Round + 1
+ if nextRound < DKGDelayRound {
+ con.logger.Info("Skip runDKG for round",
+ "round", nextRound,
+ "reset", e.Reset)
+ return
+ }
+ go func() {
+ // Normally, gov.CRS would return non-nil. Use this for in case
+ // of unexpected network fluctuation and ensure the robustness.
+ if !checkWithCancel(
+ con.ctx, 500*time.Millisecond, checkCRS(nextRound)) {
+ con.logger.Debug("unable to prepare CRS for notary set",
+ "round", nextRound,
+ "reset", e.Reset)
+ return
+ }
+ nextNotarySet, err := con.nodeSetCache.GetNotarySet(nextRound)
+ if err != nil {
+ con.logger.Error("Error getting notary set for next round",
+ "round", nextRound,
+ "reset", e.Reset,
+ "error", err)
+ return
+ }
+ if _, exist := nextNotarySet[con.ID]; !exist {
+ con.logger.Info("Not selected as notary set",
+ "round", nextRound,
+ "reset", e.Reset)
+ return
+ }
+ con.logger.Info("Selected as notary set",
+ "round", nextRound,
+ "reset", e.Reset)
+ nextConfig := utils.GetConfigWithPanic(con.gov, nextRound,
+ con.logger)
+ con.cfgModule.registerDKG(con.ctx, nextRound, e.Reset,
+ utils.GetDKGThreshold(nextConfig))
+ con.event.RegisterHeight(e.NextDKGPreparationHeight(),
+ func(h uint64) {
+ func() {
+ con.dkgReady.L.Lock()
+ defer con.dkgReady.L.Unlock()
+ con.dkgRunning = 0
+ }()
+ // We want to skip some of the DKG phases when started.
+ dkgCurrentHeight := h - e.NextDKGPreparationHeight()
+ con.runDKG(
+ nextRound, e.Reset,
+ e.NextDKGPreparationHeight(), dkgCurrentHeight)
+ })
+ }()
+ })
+ })
+ con.roundEvent.TriggerInitEvent()
+ if initBlock != nil {
+ con.event.NotifyHeight(initBlock.Position.Height)
+ }
+ con.baMgr.prepare()
+ return
+}
+
+// Run starts running DEXON Consensus.
+func (con *Consensus) Run() {
+ // There may have emptys block in blockchain added by force sync.
+ blocksWithoutRandomness := con.bcModule.pendingBlocksWithoutRandomness()
+ // Launch BA routines.
+ con.baMgr.run()
+ // Launch network handler.
+ con.logger.Debug("Calling Network.ReceiveChan")
+ con.waitGroup.Add(1)
+ go con.deliverNetworkMsg()
+ con.waitGroup.Add(1)
+ go con.processMsg()
+ go con.processBlockLoop()
+ // Stop dummy receiver if launched.
+ if con.dummyCancel != nil {
+ con.logger.Trace("Stop dummy receiver")
+ con.dummyCancel()
+ <-con.dummyFinished
+ // Replay those cached messages.
+ con.logger.Trace("Dummy receiver stoped, start dumping cached messages",
+ "count", len(con.dummyMsgBuffer))
+ for _, msg := range con.dummyMsgBuffer {
+ loop:
+ for {
+ select {
+ case con.msgChan <- msg:
+ break loop
+ case <-time.After(50 * time.Millisecond):
+ con.logger.Debug(
+ "internal message channel is full when syncing")
+ }
+ }
+ }
+ con.logger.Trace("Finish dumping cached messages")
+ }
+ con.generateBlockRandomness(blocksWithoutRandomness)
+ // Sleep until dMoment come.
+ time.Sleep(con.dMoment.Sub(time.Now().UTC()))
+ // Take some time to bootstrap.
+ time.Sleep(3 * time.Second)
+ con.waitGroup.Add(1)
+ go con.deliveryGuard()
+ // Block until done.
+ select {
+ case <-con.ctx.Done():
+ }
+}
+
+func (con *Consensus) generateBlockRandomness(blocks []*types.Block) {
+ con.logger.Debug("Start generating block randomness", "blocks", blocks)
+ isNotarySet := make(map[uint64]bool)
+ for _, block := range blocks {
+ if block.Position.Round < DKGDelayRound {
+ continue
+ }
+ doRun, exist := isNotarySet[block.Position.Round]
+ if !exist {
+ curNotarySet, err := con.nodeSetCache.GetNotarySet(block.Position.Round)
+ if err != nil {
+ con.logger.Error("Error getting notary set when generate block tsig",
+ "round", block.Position.Round,
+ "error", err)
+ continue
+ }
+ _, exist := curNotarySet[con.ID]
+ isNotarySet[block.Position.Round] = exist
+ doRun = exist
+ }
+ if !doRun {
+ continue
+ }
+ go func(block *types.Block) {
+ psig, err := con.cfgModule.preparePartialSignature(
+ block.Position.Round, block.Hash)
+ if err != nil {
+ con.logger.Error("Failed to prepare partial signature",
+ "block", block,
+ "error", err)
+ } else if err = con.signer.SignDKGPartialSignature(psig); err != nil {
+ con.logger.Error("Failed to sign DKG partial signature",
+ "block", block,
+ "error", err)
+ } else if err = con.cfgModule.processPartialSignature(psig); err != nil {
+ con.logger.Error("Failed to process partial signature",
+ "block", block,
+ "error", err)
+ } else {
+ con.logger.Debug("Calling Network.BroadcastDKGPartialSignature",
+ "proposer", psig.ProposerID,
+ "block", block)
+ con.network.BroadcastDKGPartialSignature(psig)
+ sig, err := con.cfgModule.runTSig(
+ block.Position.Round,
+ block.Hash,
+ 60*time.Minute,
+ )
+ if err != nil {
+ con.logger.Error("Failed to run Block Tsig",
+ "block", block,
+ "error", err)
+ return
+ }
+ result := &types.AgreementResult{
+ BlockHash: block.Hash,
+ Position: block.Position,
+ Randomness: sig.Signature[:],
+ }
+ con.bcModule.addBlockRandomness(block.Position, sig.Signature[:])
+ con.logger.Debug("Broadcast BlockRandomness",
+ "block", block,
+ "result", result)
+ con.network.BroadcastAgreementResult(result)
+ if err := con.deliverFinalizedBlocks(); err != nil {
+ con.logger.Error("Failed to deliver finalized block",
+ "error", err)
+ }
+ }
+ }(block)
+ }
+}
+
+// runDKG starts running DKG protocol.
+func (con *Consensus) runDKG(
+ round, reset, dkgBeginHeight, dkgHeight uint64) {
+ con.dkgReady.L.Lock()
+ defer con.dkgReady.L.Unlock()
+ if con.dkgRunning != 0 {
+ return
+ }
+ con.dkgRunning = 1
+ go func() {
+ defer func() {
+ con.dkgReady.L.Lock()
+ defer con.dkgReady.L.Unlock()
+ con.dkgReady.Broadcast()
+ con.dkgRunning = 2
+ }()
+ if err :=
+ con.cfgModule.runDKG(
+ round, reset,
+ con.event, dkgBeginHeight, dkgHeight); err != nil {
+ con.logger.Error("Failed to runDKG", "error", err)
+ }
+ }()
+}
+
+func (con *Consensus) runCRS(round uint64, hash common.Hash, reset bool) {
+ // Start running next round CRS.
+ psig, err := con.cfgModule.preparePartialSignature(round, hash)
+ if err != nil {
+ con.logger.Error("Failed to prepare partial signature", "error", err)
+ } else if err = con.signer.SignDKGPartialSignature(psig); err != nil {
+ con.logger.Error("Failed to sign DKG partial signature", "error", err)
+ } else if err = con.cfgModule.processPartialSignature(psig); err != nil {
+ con.logger.Error("Failed to process partial signature", "error", err)
+ } else {
+ con.logger.Debug("Calling Network.BroadcastDKGPartialSignature",
+ "proposer", psig.ProposerID,
+ "round", psig.Round,
+ "hash", psig.Hash)
+ con.network.BroadcastDKGPartialSignature(psig)
+ con.logger.Debug("Calling Governance.CRS", "round", round)
+ crs, err := con.cfgModule.runCRSTSig(round, hash)
+ if err != nil {
+ con.logger.Error("Failed to run CRS Tsig", "error", err)
+ } else {
+ if reset {
+ con.logger.Debug("Calling Governance.ResetDKG",
+ "round", round+1,
+ "crs", hex.EncodeToString(crs))
+ con.gov.ResetDKG(crs)
+ } else {
+ con.logger.Debug("Calling Governance.ProposeCRS",
+ "round", round+1,
+ "crs", hex.EncodeToString(crs))
+ con.gov.ProposeCRS(round+1, crs)
+ }
+ }
+ }
+}
+
+// Stop the Consensus core.
+func (con *Consensus) Stop() {
+ con.ctxCancel()
+ con.baMgr.stop()
+ con.event.Reset()
+ con.waitGroup.Wait()
+ if nbApp, ok := con.app.(*nonBlocking); ok {
+ nbApp.wait()
+ }
+}
+
+func (con *Consensus) deliverNetworkMsg() {
+ defer con.waitGroup.Done()
+ recv := con.network.ReceiveChan()
+ for {
+ select {
+ case <-con.ctx.Done():
+ return
+ default:
+ }
+ select {
+ case msg := <-recv:
+ innerLoop:
+ for {
+ select {
+ case con.msgChan <- msg:
+ break innerLoop
+ case <-time.After(500 * time.Millisecond):
+ con.logger.Debug("internal message channel is full",
+ "pending", msg)
+ }
+ }
+ case <-con.ctx.Done():
+ return
+ }
+ }
+}
+
+func (con *Consensus) processMsg() {
+ defer con.waitGroup.Done()
+MessageLoop:
+ for {
+ select {
+ case <-con.ctx.Done():
+ return
+ default:
+ }
+ var msg, peer interface{}
+ select {
+ case msg = <-con.priorityMsgChan:
+ default:
+ }
+ if msg == nil {
+ select {
+ case message := <-con.msgChan:
+ msg, peer = message.Payload, message.PeerID
+ case msg = <-con.priorityMsgChan:
+ case <-con.ctx.Done():
+ return
+ }
+ }
+ switch val := msg.(type) {
+ case *selfAgreementResult:
+ con.baMgr.touchAgreementResult((*types.AgreementResult)(val))
+ case *types.Block:
+ if ch, exist := func() (chan<- *types.Block, bool) {
+ con.lock.RLock()
+ defer con.lock.RUnlock()
+ ch, e := con.baConfirmedBlock[val.Hash]
+ return ch, e
+ }(); exist {
+ if val.IsEmpty() {
+ hash, err := utils.HashBlock(val)
+ if err != nil {
+ con.logger.Error("Error verifying empty block hash",
+ "block", val,
+ "error, err")
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ if hash != val.Hash {
+ con.logger.Error("Incorrect confirmed empty block hash",
+ "block", val,
+ "hash", hash)
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ if _, err := con.bcModule.proposeBlock(
+ val.Position, time.Time{}, true); err != nil {
+ con.logger.Error("Error adding empty block",
+ "block", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ } else {
+ if !val.IsFinalized() {
+ con.logger.Warn("Ignore not finalized block",
+ "block", val)
+ continue MessageLoop
+ }
+ ok, err := con.bcModule.verifyRandomness(
+ val.Hash, val.Position.Round, val.Randomness)
+ if err != nil {
+ con.logger.Error("Error verifying confirmed block randomness",
+ "block", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ if !ok {
+ con.logger.Error("Incorrect confirmed block randomness",
+ "block", val)
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ if err := utils.VerifyBlockSignature(val); err != nil {
+ con.logger.Error("VerifyBlockSignature failed",
+ "block", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ continue MessageLoop
+ }
+ }
+ func() {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ // In case of multiple delivered block.
+ if _, exist := con.baConfirmedBlock[val.Hash]; !exist {
+ return
+ }
+ delete(con.baConfirmedBlock, val.Hash)
+ ch <- val
+ }()
+ } else if val.IsFinalized() {
+ if err := con.processFinalizedBlock(val); err != nil {
+ con.logger.Error("Failed to process finalized block",
+ "block", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+ } else {
+ if err := con.preProcessBlock(val); err != nil {
+ con.logger.Error("Failed to pre process block",
+ "block", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+ }
+ case *types.Vote:
+ if err := con.ProcessVote(val); err != nil {
+ con.logger.Error("Failed to process vote",
+ "vote", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+ case *types.AgreementResult:
+ if err := con.ProcessAgreementResult(val); err != nil {
+ con.logger.Error("Failed to process agreement result",
+ "result", val,
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+ case *typesDKG.PrivateShare:
+ if err := con.cfgModule.processPrivateShare(val); err != nil {
+ con.logger.Error("Failed to process private share",
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+
+ case *typesDKG.PartialSignature:
+ if err := con.cfgModule.processPartialSignature(val); err != nil {
+ con.logger.Error("Failed to process partial signature",
+ "error", err)
+ con.network.ReportBadPeerChan() <- peer
+ }
+ }
+ }
+}
+
+// ProcessVote is the entry point to submit ont vote to a Consensus instance.
+func (con *Consensus) ProcessVote(vote *types.Vote) (err error) {
+ err = con.baMgr.processVote(vote)
+ return
+}
+
+// ProcessAgreementResult processes the randomness request.
+func (con *Consensus) ProcessAgreementResult(
+ rand *types.AgreementResult) error {
+ if !con.baMgr.touchAgreementResult(rand) {
+ return nil
+ }
+ // Sanity Check.
+ if err := VerifyAgreementResult(rand, con.nodeSetCache); err != nil {
+ con.baMgr.untouchAgreementResult(rand)
+ return err
+ }
+ if err := con.bcModule.processAgreementResult(rand); err != nil {
+ con.baMgr.untouchAgreementResult(rand)
+ if err == ErrSkipButNoError {
+ return nil
+ }
+ return err
+ }
+ // Syncing BA Module.
+ if err := con.baMgr.processAgreementResult(rand); err != nil {
+ con.baMgr.untouchAgreementResult(rand)
+ return err
+ }
+
+ con.logger.Debug("Rebroadcast AgreementResult",
+ "result", rand)
+ con.network.BroadcastAgreementResult(rand)
+
+ return con.deliverFinalizedBlocks()
+}
+
+// preProcessBlock performs Byzantine Agreement on the block.
+func (con *Consensus) preProcessBlock(b *types.Block) (err error) {
+ err = con.baMgr.processBlock(b)
+ if err == nil && con.debugApp != nil {
+ con.debugApp.BlockReceived(b.Hash)
+ }
+ return
+}
+
+func (con *Consensus) processFinalizedBlock(b *types.Block) (err error) {
+ if b.Position.Round < DKGDelayRound {
+ return
+ }
+ if err = utils.VerifyBlockSignature(b); err != nil {
+ return
+ }
+ verifier, ok, err := con.tsigVerifierCache.UpdateAndGet(b.Position.Round)
+ if err != nil {
+ return
+ }
+ if !ok {
+ err = ErrCannotVerifyBlockRandomness
+ return
+ }
+ if !verifier.VerifySignature(b.Hash, crypto.Signature{
+ Type: "bls",
+ Signature: b.Randomness,
+ }) {
+ err = ErrIncorrectBlockRandomness
+ return
+ }
+ err = con.baMgr.processFinalizedBlock(b)
+ if err == nil && con.debugApp != nil {
+ con.debugApp.BlockReceived(b.Hash)
+ }
+ return
+}
+
+func (con *Consensus) deliveryGuard() {
+ defer con.waitGroup.Done()
+ select {
+ case <-con.ctx.Done():
+ case <-time.After(con.dMoment.Sub(time.Now())):
+ }
+ // Node takes time to start.
+ select {
+ case <-con.ctx.Done():
+ case <-time.After(60 * time.Second):
+ }
+ for {
+ select {
+ case <-con.ctx.Done():
+ return
+ default:
+ }
+ select {
+ case <-con.ctx.Done():
+ return
+ case <-con.resetDeliveryGuardTicker:
+ case <-time.After(60 * time.Second):
+ con.logger.Error("No blocks delivered for too long", "ID", con.ID)
+ panic(fmt.Errorf("No blocks delivered for too long"))
+ }
+ }
+}
+
+// deliverBlock deliver a block to application layer.
+func (con *Consensus) deliverBlock(b *types.Block) {
+ select {
+ case con.resetDeliveryGuardTicker <- struct{}{}:
+ default:
+ }
+ if err := con.db.PutBlock(*b); err != nil {
+ panic(err)
+ }
+ if err := con.db.PutCompactionChainTipInfo(b.Hash,
+ b.Position.Height); err != nil {
+ panic(err)
+ }
+ con.logger.Debug("Calling Application.BlockDelivered", "block", b)
+ con.app.BlockDelivered(b.Hash, b.Position, common.CopyBytes(b.Randomness))
+ if con.debugApp != nil {
+ con.debugApp.BlockReady(b.Hash)
+ }
+}
+
+// deliverFinalizedBlocks extracts and delivers finalized blocks to application
+// layer.
+func (con *Consensus) deliverFinalizedBlocks() error {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ return con.deliverFinalizedBlocksWithoutLock()
+}
+
+func (con *Consensus) deliverFinalizedBlocksWithoutLock() (err error) {
+ deliveredBlocks := con.bcModule.extractBlocks()
+ con.logger.Debug("Last blocks in compaction chain",
+ "delivered", con.bcModule.lastDeliveredBlock(),
+ "pending", con.bcModule.lastPendingBlock())
+ for _, b := range deliveredBlocks {
+ con.deliverBlock(b)
+ con.event.NotifyHeight(b.Position.Height)
+ }
+ return
+}
+
+func (con *Consensus) processBlockLoop() {
+ for {
+ select {
+ case <-con.ctx.Done():
+ return
+ default:
+ }
+ select {
+ case <-con.ctx.Done():
+ return
+ case block := <-con.processBlockChan:
+ if err := con.processBlock(block); err != nil {
+ con.logger.Error("Error processing block",
+ "block", block,
+ "error", err)
+ }
+ }
+ }
+}
+
+// processBlock is the entry point to submit one block to a Consensus instance.
+func (con *Consensus) processBlock(block *types.Block) (err error) {
+ // Block processed by blockChain can be out-of-order. But the output from
+ // blockChain (deliveredBlocks) cannot, thus we need to protect the part
+ // below with writer lock.
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ if err = con.bcModule.addBlock(block); err != nil {
+ return
+ }
+ if err = con.deliverFinalizedBlocksWithoutLock(); err != nil {
+ return
+ }
+ return
+}
+
+// PrepareBlock would setup header fields of block based on its ProposerID.
+func (con *Consensus) proposeBlock(position types.Position) (
+ *types.Block, error) {
+ b, err := con.bcModule.proposeBlock(position, time.Now().UTC(), false)
+ if err != nil {
+ return nil, err
+ }
+ con.logger.Debug("Calling Governance.CRS", "round", b.Position.Round)
+ crs := con.gov.CRS(b.Position.Round)
+ if crs.Equal(common.Hash{}) {
+ con.logger.Error("CRS for round is not ready, unable to prepare block",
+ "position", &b.Position)
+ return nil, ErrCRSNotReady
+ }
+ if err = con.signer.SignCRS(b, crs); err != nil {
+ return nil, err
+ }
+ return b, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/constant.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/constant.go
new file mode 100644
index 000000000..51b95a3c0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/constant.go
@@ -0,0 +1,41 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import "github.com/byzantine-lab/dexon-consensus/core/utils"
+
+// ConfigRoundShift refers to the difference between block's round and config
+// round derived from its state.
+//
+// For example, when round shift is 2, a block in round 0 should derive config
+// for round 2.
+const ConfigRoundShift uint64 = 2
+
+// DKGDelayRound refers to the round that first DKG is run.
+//
+// For example, when delay round is 1, new DKG will run at round 1. Round 0 will
+// have neither DKG nor CRS.
+const DKGDelayRound uint64 = 1
+
+// NoRand is the magic placeholder for randomness field in blocks for blocks
+// proposed before DKGDelayRound.
+var NoRand = []byte("norand")
+
+func init() {
+ utils.SetDKGDelayRound(DKGDelayRound)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/constant.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/constant.go
new file mode 100644
index 000000000..3f6627b92
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/constant.go
@@ -0,0 +1,26 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package dkg
+
+import (
+ "github.com/byzantine-lab/bls/ffi/go/bls"
+)
+
+const (
+ curve = bls.BLS12_381
+)
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/dkg.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/dkg.go
new file mode 100644
index 000000000..b9dd038ce
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/dkg.go
@@ -0,0 +1,637 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package dkg
+
+import (
+ "encoding/json"
+ "fmt"
+ "io"
+ "sync"
+ "sync/atomic"
+
+ "github.com/byzantine-lab/bls/ffi/go/bls"
+ "github.com/byzantine-lab/go-tangerine/rlp"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+var (
+ // ErrDuplicatedShare is reported when adding an private key share of same id.
+ ErrDuplicatedShare = fmt.Errorf("invalid share")
+ // ErrNoIDToRecover is reported when no id is provided for recovering private
+ // key.
+ ErrNoIDToRecover = fmt.Errorf("no id to recover private key")
+ // ErrShareNotFound is reported when the private key share of id is not found
+ // when recovering private key.
+ ErrShareNotFound = fmt.Errorf("share not found")
+)
+
+const cryptoType = "bls"
+
+var publicKeyLength int
+
+func init() {
+ if err := bls.Init(curve); err != nil {
+ panic(err)
+ }
+
+ pubKey := &bls.PublicKey{}
+ publicKeyLength = len(pubKey.Serialize())
+}
+
+// PrivateKey represents a private key structure implments
+// Crypto.PrivateKey interface.
+type PrivateKey struct {
+ privateKey bls.SecretKey
+ publicKey PublicKey
+}
+
+// EncodeRLP implements rlp.Encoder
+func (prv *PrivateKey) EncodeRLP(w io.Writer) error {
+ return rlp.Encode(w, prv.Bytes())
+}
+
+// DecodeRLP implements rlp.Decoder
+func (prv *PrivateKey) DecodeRLP(s *rlp.Stream) error {
+ var b []byte
+ if err := s.Decode(&b); err != nil {
+ return err
+ }
+ return prv.SetBytes(b)
+}
+
+// MarshalJSON implements json.Marshaller.
+func (prv *PrivateKey) MarshalJSON() ([]byte, error) {
+ return json.Marshal(&prv.privateKey)
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (prv *PrivateKey) UnmarshalJSON(data []byte) error {
+ return json.Unmarshal(data, &prv.privateKey)
+}
+
+// ID is the id for DKG protocol.
+type ID = bls.ID
+
+// IDs is an array of ID.
+type IDs []ID
+
+// PublicKey represents a public key structure implements
+// Crypto.PublicKey interface.
+type PublicKey struct {
+ publicKey bls.PublicKey
+}
+
+// PrivateKeyShares represents a private key shares for DKG protocol.
+type PrivateKeyShares struct {
+ shares []PrivateKey
+ shareIndex map[ID]int
+ masterPrivateKey []bls.SecretKey
+}
+
+// Equal check equality between two PrivateKeyShares instances.
+func (prvs *PrivateKeyShares) Equal(other *PrivateKeyShares) bool {
+ // Check shares.
+ if len(prvs.shareIndex) != len(other.shareIndex) {
+ return false
+ }
+ for dID, idx := range prvs.shareIndex {
+ otherIdx, exists := other.shareIndex[dID]
+ if !exists {
+ return false
+ }
+ if !prvs.shares[idx].privateKey.IsEqual(
+ &other.shares[otherIdx].privateKey) {
+ return false
+ }
+ }
+ // Check master private keys.
+ if len(prvs.masterPrivateKey) != len(other.masterPrivateKey) {
+ return false
+ }
+ for idx, m := range prvs.masterPrivateKey {
+ if m.GetHexString() != other.masterPrivateKey[idx].GetHexString() {
+ return false
+ }
+ }
+ return true
+}
+
+// EncodeRLP implements rlp.Encoder
+func (prvs *PrivateKeyShares) EncodeRLP(w io.Writer) error {
+ data := make([][][]byte, 3)
+ shares := make([][]byte, len(prvs.shares))
+ for i, s := range prvs.shares {
+ shares[i] = s.Bytes()
+ }
+ data[0] = shares
+
+ shareIndex := make([][]byte, 0)
+ for k, v := range prvs.shareIndex {
+ shareIndex = append(shareIndex, k.GetLittleEndian())
+
+ vBytes, err := rlp.EncodeToBytes(uint64(v))
+ if err != nil {
+ return err
+ }
+ shareIndex = append(shareIndex, vBytes)
+ }
+ data[1] = shareIndex
+
+ mpks := make([][]byte, len(prvs.masterPrivateKey))
+ for i, m := range prvs.masterPrivateKey {
+ mpks[i] = m.GetLittleEndian()
+ }
+ data[2] = mpks
+ return rlp.Encode(w, data)
+}
+
+// DecodeRLP implements rlp.Decoder
+func (prvs *PrivateKeyShares) DecodeRLP(s *rlp.Stream) error {
+ *prvs = PrivateKeyShares{}
+ var dec [][][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ var shares []PrivateKey
+ for _, bs := range dec[0] {
+ var key PrivateKey
+ err := key.SetBytes(bs)
+ if err != nil {
+ return err
+ }
+ shares = append(shares, key)
+ }
+ (*prvs).shares = shares
+
+ sharesIndex := map[ID]int{}
+ for i := 0; i < len(dec[1]); i += 2 {
+ var key ID
+ err := key.SetLittleEndian(dec[1][i])
+ if err != nil {
+ return err
+ }
+
+ var value uint64
+ err = rlp.DecodeBytes(dec[1][i+1], &value)
+ if err != nil {
+ return err
+ }
+
+ sharesIndex[key] = int(value)
+ }
+ (*prvs).shareIndex = sharesIndex
+
+ var mpks []bls.SecretKey
+ for _, bs := range dec[2] {
+ var key bls.SecretKey
+ if err := key.SetLittleEndian(bs); err != nil {
+ return err
+ }
+ mpks = append(mpks, key)
+ }
+ (*prvs).masterPrivateKey = mpks
+
+ return nil
+}
+
+type publicKeySharesCache struct {
+ share []PublicKey
+ index map[ID]int
+}
+
+// PublicKeyShares represents a public key shares for DKG protocol.
+type PublicKeyShares struct {
+ cache atomic.Value
+ lock sync.Mutex
+ masterPublicKey []bls.PublicKey
+}
+
+// Equal checks equality of two PublicKeyShares instance.
+func (pubs *PublicKeyShares) Equal(other *PublicKeyShares) bool {
+ cache := pubs.cache.Load().(*publicKeySharesCache)
+ cacheOther := other.cache.Load().(*publicKeySharesCache)
+ // Check shares.
+ for dID, idx := range cache.index {
+ otherIdx, exists := cacheOther.index[dID]
+ if !exists {
+ continue
+ }
+ if !cache.share[idx].publicKey.IsEqual(
+ &cacheOther.share[otherIdx].publicKey) {
+ return false
+ }
+ }
+ // Check master public keys.
+ if len(pubs.masterPublicKey) != len(other.masterPublicKey) {
+ return false
+ }
+ for idx, m := range pubs.masterPublicKey {
+ if m.GetHexString() != other.masterPublicKey[idx].GetHexString() {
+ return false
+ }
+ }
+ return true
+}
+
+// EncodeRLP implements rlp.Encoder
+func (pubs *PublicKeyShares) EncodeRLP(w io.Writer) error {
+ mpks := make([][]byte, len(pubs.masterPublicKey))
+ for i, m := range pubs.masterPublicKey {
+ mpks[i] = m.Serialize()
+ }
+ return rlp.Encode(w, mpks)
+}
+
+// DecodeRLP implements rlp.Decoder
+func (pubs *PublicKeyShares) DecodeRLP(s *rlp.Stream) error {
+ var dec [][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ ps := NewEmptyPublicKeyShares()
+ for _, k := range dec {
+ var key bls.PublicKey
+ if err := key.Deserialize(k); err != nil {
+ return err
+ }
+ ps.masterPublicKey = append(ps.masterPublicKey, key)
+ }
+
+ *pubs = *ps.Move()
+ return nil
+}
+
+// MarshalJSON implements json.Marshaller.
+func (pubs *PublicKeyShares) MarshalJSON() ([]byte, error) {
+ type Alias PublicKeyShares
+ data := &struct {
+ MasterPublicKeys []*bls.PublicKey `json:"master_public_keys"`
+ }{
+ make([]*bls.PublicKey, len(pubs.masterPublicKey)),
+ }
+ for i := range pubs.masterPublicKey {
+ data.MasterPublicKeys[i] = &pubs.masterPublicKey[i]
+ }
+ return json.Marshal(data)
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (pubs *PublicKeyShares) UnmarshalJSON(data []byte) error {
+ type Alias PublicKeyShares
+ aux := &struct {
+ MasterPublicKeys []*bls.PublicKey `json:"master_public_keys"`
+ }{}
+ if err := json.Unmarshal(data, &aux); err != nil {
+ return err
+ }
+ mpk := make([]bls.PublicKey, len(aux.MasterPublicKeys))
+ for i, pk := range aux.MasterPublicKeys {
+ mpk[i] = *pk
+ }
+ pubs.masterPublicKey = mpk
+ return nil
+}
+
+// Clone clones every fields of PublicKeyShares. This method is mainly
+// for testing purpose thus would panic when error.
+func (pubs *PublicKeyShares) Clone() *PublicKeyShares {
+ b, err := rlp.EncodeToBytes(pubs)
+ if err != nil {
+ panic(err)
+ }
+ pubsCopy := NewEmptyPublicKeyShares()
+ if err := rlp.DecodeBytes(b, pubsCopy); err != nil {
+ panic(err)
+ }
+ return pubsCopy
+}
+
+// NewID creates a ew ID structure.
+func NewID(id []byte) ID {
+ var blsID bls.ID
+ // #nosec G104
+ blsID.SetLittleEndian(id)
+ return blsID
+}
+
+// BytesID creates a new ID structure,
+// It returns err if the byte slice is not valid.
+func BytesID(id []byte) (ID, error) {
+ var blsID bls.ID
+ // #nosec G104
+ err := blsID.SetLittleEndian(id)
+ return blsID, err
+}
+
+// NewPrivateKey creates a new PrivateKey structure.
+func NewPrivateKey() *PrivateKey {
+ var key bls.SecretKey
+ key.SetByCSPRNG()
+ return &PrivateKey{
+ privateKey: key,
+ publicKey: *newPublicKey(&key),
+ }
+}
+
+// NewPrivateKeyShares creates a DKG private key shares of threshold t.
+func NewPrivateKeyShares(t int) (*PrivateKeyShares, *PublicKeyShares) {
+ var prv bls.SecretKey
+ prv.SetByCSPRNG()
+ msk := prv.GetMasterSecretKey(t)
+ mpk := bls.GetMasterPublicKey(msk)
+ pubShare := NewEmptyPublicKeyShares()
+ pubShare.masterPublicKey = mpk
+ return &PrivateKeyShares{
+ masterPrivateKey: msk,
+ shareIndex: make(map[ID]int),
+ }, pubShare
+}
+
+// NewEmptyPrivateKeyShares creates an empty private key shares.
+func NewEmptyPrivateKeyShares() *PrivateKeyShares {
+ return &PrivateKeyShares{
+ shareIndex: make(map[ID]int),
+ }
+}
+
+// SetParticipants sets the DKG participants.
+func (prvs *PrivateKeyShares) SetParticipants(IDs IDs) {
+ prvs.shares = make([]PrivateKey, len(IDs))
+ prvs.shareIndex = make(map[ID]int, len(IDs))
+ for idx, ID := range IDs {
+ // #nosec G104
+ prvs.shares[idx].privateKey.Set(prvs.masterPrivateKey, &ID)
+ prvs.shareIndex[ID] = idx
+ }
+}
+
+// AddShare adds a share.
+func (prvs *PrivateKeyShares) AddShare(ID ID, share *PrivateKey) error {
+ if idx, exist := prvs.shareIndex[ID]; exist {
+ if !share.privateKey.IsEqual(&prvs.shares[idx].privateKey) {
+ return ErrDuplicatedShare
+ }
+ return nil
+ }
+ prvs.shareIndex[ID] = len(prvs.shares)
+ prvs.shares = append(prvs.shares, *share)
+ return nil
+}
+
+// RecoverPrivateKey recovers private key from the shares.
+func (prvs *PrivateKeyShares) RecoverPrivateKey(qualifyIDs IDs) (
+ *PrivateKey, error) {
+ var prv PrivateKey
+ if len(qualifyIDs) == 0 {
+ return nil, ErrNoIDToRecover
+ }
+ for i, ID := range qualifyIDs {
+ idx, exist := prvs.shareIndex[ID]
+ if !exist {
+ return nil, ErrShareNotFound
+ }
+ if i == 0 {
+ prv.privateKey = prvs.shares[idx].privateKey
+ continue
+ }
+ prv.privateKey.Add(&prvs.shares[idx].privateKey)
+ }
+ return &prv, nil
+}
+
+// RecoverPublicKey recovers public key from the shares.
+func (prvs *PrivateKeyShares) RecoverPublicKey(qualifyIDs IDs) (
+ *PublicKey, error) {
+ var pub PublicKey
+ if len(qualifyIDs) == 0 {
+ return nil, ErrNoIDToRecover
+ }
+ for i, ID := range qualifyIDs {
+ idx, exist := prvs.shareIndex[ID]
+ if !exist {
+ return nil, ErrShareNotFound
+ }
+ if i == 0 {
+ pub.publicKey = *prvs.shares[idx].privateKey.GetPublicKey()
+ continue
+ }
+ pub.publicKey.Add(prvs.shares[idx].privateKey.GetPublicKey())
+ }
+ return &pub, nil
+}
+
+// Share returns the share for the ID.
+func (prvs *PrivateKeyShares) Share(ID ID) (*PrivateKey, bool) {
+ idx, exist := prvs.shareIndex[ID]
+ if !exist {
+ return nil, false
+ }
+ return &prvs.shares[idx], true
+}
+
+// NewEmptyPublicKeyShares creates an empty public key shares.
+func NewEmptyPublicKeyShares() *PublicKeyShares {
+ pubShares := &PublicKeyShares{}
+ pubShares.cache.Store(&publicKeySharesCache{
+ index: make(map[ID]int),
+ })
+ return pubShares
+}
+
+// Move will invalidate itself. Do not access to original reference.
+func (pubs *PublicKeyShares) Move() *PublicKeyShares {
+ return pubs
+}
+
+// Share returns the share for the ID.
+func (pubs *PublicKeyShares) Share(ID ID) (*PublicKey, error) {
+ cache := pubs.cache.Load().(*publicKeySharesCache)
+ idx, exist := cache.index[ID]
+ if exist {
+ return &cache.share[idx], nil
+ }
+ var pk PublicKey
+ if err := pk.publicKey.Set(pubs.masterPublicKey, &ID); err != nil {
+ return nil, err
+ }
+ if err := pubs.AddShare(ID, &pk); err != nil {
+ return nil, err
+ }
+ return &pk, nil
+}
+
+// AddShare adds a share.
+func (pubs *PublicKeyShares) AddShare(shareID ID, share *PublicKey) error {
+ cache := pubs.cache.Load().(*publicKeySharesCache)
+ if idx, exist := cache.index[shareID]; exist {
+ if !share.publicKey.IsEqual(&cache.share[idx].publicKey) {
+ return ErrDuplicatedShare
+ }
+ return nil
+ }
+ pubs.lock.Lock()
+ defer pubs.lock.Unlock()
+ cache = pubs.cache.Load().(*publicKeySharesCache)
+ newCache := &publicKeySharesCache{
+ index: make(map[ID]int, len(cache.index)+1),
+ share: make([]PublicKey, len(cache.share), len(cache.share)+1),
+ }
+ for k, v := range cache.index {
+ newCache.index[k] = v
+ }
+ copy(newCache.share, cache.share)
+ newCache.index[shareID] = len(newCache.share)
+ newCache.share = append(newCache.share, *share)
+ pubs.cache.Store(newCache)
+ return nil
+}
+
+// VerifyPrvShare verifies if the private key shares is valid.
+func (pubs *PublicKeyShares) VerifyPrvShare(ID ID, share *PrivateKey) (
+ bool, error) {
+ var pk bls.PublicKey
+ if err := pk.Set(pubs.masterPublicKey, &ID); err != nil {
+ return false, err
+ }
+ return pk.IsEqual(share.privateKey.GetPublicKey()), nil
+}
+
+// VerifyPubShare verifies if the public key shares is valid.
+func (pubs *PublicKeyShares) VerifyPubShare(ID ID, share *PublicKey) (
+ bool, error) {
+ var pk bls.PublicKey
+ if err := pk.Set(pubs.masterPublicKey, &ID); err != nil {
+ return false, err
+ }
+ return pk.IsEqual(&share.publicKey), nil
+}
+
+// RecoverPublicKey recovers private key from the shares.
+func (pubs *PublicKeyShares) RecoverPublicKey(qualifyIDs IDs) (
+ *PublicKey, error) {
+ var pub PublicKey
+ if len(qualifyIDs) == 0 {
+ return nil, ErrNoIDToRecover
+ }
+ for i, ID := range qualifyIDs {
+ pk, err := pubs.Share(ID)
+ if err != nil {
+ return nil, err
+ }
+ if i == 0 {
+ pub.publicKey = pk.publicKey
+ continue
+ }
+ pub.publicKey.Add(&pk.publicKey)
+ }
+ return &pub, nil
+}
+
+// MasterKeyBytes returns []byte representation of master public key.
+func (pubs *PublicKeyShares) MasterKeyBytes() []byte {
+ bytes := make([]byte, 0, len(pubs.masterPublicKey)*publicKeyLength)
+ for _, pk := range pubs.masterPublicKey {
+ bytes = append(bytes, pk.Serialize()...)
+ }
+ return bytes
+}
+
+// newPublicKey creates a new PublicKey structure.
+func newPublicKey(prvKey *bls.SecretKey) *PublicKey {
+ return &PublicKey{
+ publicKey: *prvKey.GetPublicKey(),
+ }
+}
+
+// newPublicKeyFromBytes create a new PublicKey structure
+// from bytes representation of bls.PublicKey
+func newPublicKeyFromBytes(b []byte) (*PublicKey, error) {
+ var pub PublicKey
+ err := pub.publicKey.Deserialize(b)
+ return &pub, err
+}
+
+// PublicKey returns the public key associate this private key.
+func (prv *PrivateKey) PublicKey() crypto.PublicKey {
+ return prv.publicKey
+}
+
+// Sign calculates a signature.
+func (prv *PrivateKey) Sign(hash common.Hash) (crypto.Signature, error) {
+ msg := string(hash[:])
+ sign := prv.privateKey.Sign(msg)
+ return crypto.Signature{
+ Type: cryptoType,
+ Signature: sign.Serialize(),
+ }, nil
+}
+
+// Bytes returns []byte representation of private key.
+func (prv *PrivateKey) Bytes() []byte {
+ return prv.privateKey.GetLittleEndian()
+}
+
+// SetBytes sets the private key data to []byte.
+func (prv *PrivateKey) SetBytes(bytes []byte) error {
+ var key bls.SecretKey
+ if err := key.SetLittleEndian(bytes); err != nil {
+ return err
+ }
+ prv.privateKey = key
+ prv.publicKey = *newPublicKey(&prv.privateKey)
+ return nil
+}
+
+// String returns string representation of privat key.
+func (prv *PrivateKey) String() string {
+ return prv.privateKey.GetHexString()
+}
+
+// VerifySignature checks that the given public key created signature over hash.
+func (pub PublicKey) VerifySignature(
+ hash common.Hash, signature crypto.Signature) bool {
+ if len(signature.Signature) == 0 {
+ return false
+ }
+ var sig bls.Sign
+ if err := sig.Deserialize(signature.Signature[:]); err != nil {
+ fmt.Println(err)
+ return false
+ }
+ msg := string(hash[:])
+ return sig.Verify(&pub.publicKey, msg)
+}
+
+// Bytes returns []byte representation of public key.
+func (pub PublicKey) Bytes() []byte {
+ return pub.publicKey.Serialize()
+}
+
+// Serialize return bytes representation of public key.
+func (pub *PublicKey) Serialize() []byte {
+ return pub.publicKey.Serialize()
+}
+
+// Deserialize parses bytes representation of public key.
+func (pub *PublicKey) Deserialize(b []byte) error {
+ return pub.publicKey.Deserialize(b)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/utils.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/utils.go
new file mode 100644
index 000000000..589480a3b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/dkg/utils.go
@@ -0,0 +1,92 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package dkg
+
+import (
+ "encoding/binary"
+ "fmt"
+ "math/rand"
+
+ "github.com/byzantine-lab/bls/ffi/go/bls"
+
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+// PartialSignature is a partial signature in DKG+TSIG protocol.
+type PartialSignature crypto.Signature
+
+var (
+ // ErrEmptySignature is reported if the signature is empty.
+ ErrEmptySignature = fmt.Errorf("invalid empty signature")
+)
+
+// RecoverSignature recovers TSIG signature.
+func RecoverSignature(sigs []PartialSignature, signerIDs IDs) (
+ crypto.Signature, error) {
+ blsSigs := make([]bls.Sign, len(sigs))
+ for i, sig := range sigs {
+ if len(sig.Signature) == 0 {
+ return crypto.Signature{}, ErrEmptySignature
+ }
+ if err := blsSigs[i].Deserialize([]byte(sig.Signature)); err != nil {
+ return crypto.Signature{}, err
+ }
+ }
+ var recoverSig bls.Sign
+ if err := recoverSig.Recover(blsSigs, []bls.ID(signerIDs)); err != nil {
+ return crypto.Signature{}, err
+ }
+ return crypto.Signature{
+ Type: cryptoType,
+ Signature: recoverSig.Serialize()}, nil
+}
+
+// RecoverGroupPublicKey recovers group public key.
+func RecoverGroupPublicKey(pubShares []*PublicKeyShares) *PublicKey {
+ var pub *PublicKey
+ for _, pubShare := range pubShares {
+ pk0 := pubShare.masterPublicKey[0]
+ if pub == nil {
+ pub = &PublicKey{
+ publicKey: pk0,
+ }
+ } else {
+ pub.publicKey.Add(&pk0)
+ }
+ }
+ return pub
+}
+
+// NewRandomPrivateKeyShares constructs a private key shares randomly.
+func NewRandomPrivateKeyShares() *PrivateKeyShares {
+ // Generate IDs.
+ rndIDs := make(IDs, 0, 10)
+ for i := range rndIDs {
+ id := make([]byte, 8)
+ binary.LittleEndian.PutUint64(id, rand.Uint64())
+ rndIDs[i] = NewID(id)
+ }
+ prvShares := NewEmptyPrivateKeyShares()
+ prvShares.SetParticipants(rndIDs)
+ for _, id := range rndIDs {
+ if err := prvShares.AddShare(id, NewPrivateKey()); err != nil {
+ panic(err)
+ }
+ }
+ return prvShares
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/ecdsa/ecdsa.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/ecdsa/ecdsa.go
new file mode 100644
index 000000000..5c3bf96bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/ecdsa/ecdsa.go
@@ -0,0 +1,135 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package ecdsa
+
+import (
+ "crypto/ecdsa"
+
+ dexCrypto "github.com/byzantine-lab/go-tangerine/crypto"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+const cryptoType = "ecdsa"
+
+func init() {
+ if err := crypto.RegisterSigToPub(cryptoType, SigToPub); err != nil {
+ panic(err)
+ }
+}
+
+// PrivateKey represents a private key structure used in geth and implments
+// Crypto.PrivateKey interface.
+type PrivateKey struct {
+ privateKey *ecdsa.PrivateKey
+}
+
+// PublicKey represents a public key structure used in geth and implements
+// Crypto.PublicKey interface.
+type PublicKey struct {
+ publicKey *ecdsa.PublicKey
+}
+
+// NewPrivateKey creates a new PrivateKey structure.
+func NewPrivateKey() (*PrivateKey, error) {
+ key, err := dexCrypto.GenerateKey()
+ if err != nil {
+ return nil, err
+ }
+ return &PrivateKey{privateKey: key}, nil
+}
+
+// NewPrivateKeyFromECDSA creates a new PrivateKey structure from
+// ecdsa.PrivateKey.
+func NewPrivateKeyFromECDSA(key *ecdsa.PrivateKey) *PrivateKey {
+ return &PrivateKey{privateKey: key}
+}
+
+// NewPublicKeyFromECDSA creates a new PublicKey structure from
+// ecdsa.PublicKey.
+func NewPublicKeyFromECDSA(key *ecdsa.PublicKey) *PublicKey {
+ return &PublicKey{publicKey: key}
+}
+
+// NewPublicKeyFromByteSlice constructs an eth.publicKey instance from
+// a byte slice.
+func NewPublicKeyFromByteSlice(b []byte) (crypto.PublicKey, error) {
+ pub, err := dexCrypto.UnmarshalPubkey(b)
+ if err != nil {
+ return &PublicKey{}, err
+ }
+ return &PublicKey{publicKey: pub}, nil
+}
+
+// PublicKey returns the public key associate this private key.
+func (prv *PrivateKey) PublicKey() crypto.PublicKey {
+ return NewPublicKeyFromECDSA(&(prv.privateKey.PublicKey))
+}
+
+// Sign calculates an ECDSA signature.
+//
+// This function is susceptible to chosen plaintext attacks that can leak
+// information about the private key that is used for signing. Callers must
+// be aware that the given hash cannot be chosen by an adversery. Common
+// solution is to hash any input before calculating the signature.
+//
+// The produced signature is in the [R || S || V] format where V is 0 or 1.
+func (prv *PrivateKey) Sign(hash common.Hash) (
+ sig crypto.Signature, err error) {
+ s, err := dexCrypto.Sign(hash[:], prv.privateKey)
+ sig = crypto.Signature{
+ Type: cryptoType,
+ Signature: s,
+ }
+ return
+}
+
+// VerifySignature checks that the given public key created signature over hash.
+// The public key should be in compressed (33 bytes) or uncompressed (65 bytes)
+// format.
+// The signature should have the 64 byte [R || S] format.
+func (pub *PublicKey) VerifySignature(
+ hash common.Hash, signature crypto.Signature) bool {
+ sig := signature.Signature
+ if len(sig) == 65 {
+ // The last byte is for ecrecover.
+ sig = sig[:64]
+ }
+ return dexCrypto.VerifySignature(pub.Bytes(), hash[:], sig)
+}
+
+// Compress encodes a public key to the 33-byte compressed format.
+func (pub *PublicKey) Compress() []byte {
+ return dexCrypto.CompressPubkey(pub.publicKey)
+}
+
+// Bytes returns the []byte representation of uncompressed public key. (65 bytes)
+func (pub *PublicKey) Bytes() []byte {
+ return dexCrypto.FromECDSAPub(pub.publicKey)
+}
+
+// SigToPub returns the PublicKey that created the given signature.
+func SigToPub(
+ hash common.Hash, signature crypto.Signature) (crypto.PublicKey, error) {
+ key, err := dexCrypto.SigToPub(hash[:], signature.Signature[:])
+ if err != nil {
+ return &PublicKey{}, err
+ }
+ return &PublicKey{publicKey: key}, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/interfaces.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/interfaces.go
new file mode 100644
index 000000000..9fe47f7dc
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/interfaces.go
@@ -0,0 +1,48 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package crypto
+
+import (
+ "github.com/byzantine-lab/dexon-consensus/common"
+)
+
+// Signature is the basic signature type in DEXON.
+type Signature struct {
+ Type string
+ Signature []byte
+}
+
+// PrivateKey describes the asymmetric cryptography interface that interacts
+// with the private key.
+type PrivateKey interface {
+ // PublicKey returns the public key associate this private key.
+ PublicKey() PublicKey
+
+ // Sign calculates a signature.
+ Sign(hash common.Hash) (Signature, error)
+}
+
+// PublicKey describes the asymmetric cryptography interface that interacts
+// with the public key.
+type PublicKey interface {
+ // VerifySignature checks that the given public key created signature over hash.
+ VerifySignature(hash common.Hash, signature Signature) bool
+
+ // Bytes returns the []byte representation of public key.
+ Bytes() []byte
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/utils.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/utils.go
new file mode 100644
index 000000000..744be3e5f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/crypto/utils.go
@@ -0,0 +1,80 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package crypto
+
+import (
+ "encoding/hex"
+ "fmt"
+
+ "github.com/byzantine-lab/go-tangerine/crypto"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+)
+
+var (
+ // ErrSigToPubTypeNotFound is reported if the type is already used.
+ ErrSigToPubTypeNotFound = fmt.Errorf("type of sigToPub is not found")
+
+ // ErrSigToPubTypeAlreadyExist is reported if the type is already used.
+ ErrSigToPubTypeAlreadyExist = fmt.Errorf("type of sigToPub is already exist")
+)
+
+// SigToPubFn is a function to recover public key from signature.
+type SigToPubFn func(hash common.Hash, signature Signature) (PublicKey, error)
+
+var sigToPubCB map[string]SigToPubFn
+
+func init() {
+ sigToPubCB = make(map[string]SigToPubFn)
+}
+
+// Keccak256Hash calculates and returns the Keccak256 hash of the input data,
+// converting it to an internal Hash data structure.
+func Keccak256Hash(data ...[]byte) (h common.Hash) {
+ return common.Hash(crypto.Keccak256Hash(data...))
+}
+
+// Clone returns a deep copy of a signature.
+func (sig Signature) Clone() Signature {
+ return Signature{
+ Type: sig.Type,
+ Signature: sig.Signature[:],
+ }
+}
+
+func (sig Signature) String() string {
+ return hex.EncodeToString([]byte(sig.Signature[:]))
+}
+
+// RegisterSigToPub registers a sigToPub function of type.
+func RegisterSigToPub(sigType string, sigToPub SigToPubFn) error {
+ if _, exist := sigToPubCB[sigType]; exist {
+ return ErrSigToPubTypeAlreadyExist
+ }
+ sigToPubCB[sigType] = sigToPub
+ return nil
+}
+
+// SigToPub recovers public key from signature.
+func SigToPub(hash common.Hash, signature Signature) (PublicKey, error) {
+ sigToPub, exist := sigToPubCB[signature.Type]
+ if !exist {
+ return nil, ErrSigToPubTypeNotFound
+ }
+ return sigToPub(hash, signature)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/db/interfaces.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/interfaces.go
new file mode 100644
index 000000000..1d15c68a0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/interfaces.go
@@ -0,0 +1,100 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package db
+
+import (
+ "errors"
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+var (
+ // ErrBlockExists is the error when block eixsts.
+ ErrBlockExists = errors.New("block exists")
+ // ErrBlockDoesNotExist is the error when block does not eixst.
+ ErrBlockDoesNotExist = errors.New("block does not exist")
+ // ErrIterationFinished is the error to check if the iteration is finished.
+ ErrIterationFinished = errors.New("iteration finished")
+ // ErrEmptyPath is the error when the required path is empty.
+ ErrEmptyPath = fmt.Errorf("empty path")
+ // ErrClosed is the error when using DB after it's closed.
+ ErrClosed = fmt.Errorf("db closed")
+ // ErrNotImplemented is the error that some interface is not implemented.
+ ErrNotImplemented = fmt.Errorf("not implemented")
+ // ErrInvalidCompactionChainTipHeight means the newly updated height of
+ // the tip of compaction chain is invalid, usually means it's smaller than
+ // current cached one.
+ ErrInvalidCompactionChainTipHeight = fmt.Errorf(
+ "invalid compaction chain tip height")
+ // ErrDKGPrivateKeyExists raised when attempting to save DKG private key
+ // that already saved.
+ ErrDKGPrivateKeyExists = errors.New("dkg private key exists")
+ // ErrDKGPrivateKeyDoesNotExist raised when the DKG private key of the
+ // requested round does not exists.
+ ErrDKGPrivateKeyDoesNotExist = errors.New("dkg private key does not exists")
+ // ErrDKGProtocolExists raised when attempting to save DKG protocol
+ // that already saved.
+ ErrDKGProtocolExists = errors.New("dkg protocol exists")
+ // ErrDKGProtocolDoesNotExist raised when the DKG protocol of the
+ // requested round does not exists.
+ ErrDKGProtocolDoesNotExist = errors.New("dkg protocol does not exists")
+)
+
+// Database is the interface for a Database.
+type Database interface {
+ Reader
+ Writer
+
+ // Close allows database implementation able to
+ // release resource when finishing.
+ Close() error
+}
+
+// Reader defines the interface for reading blocks into DB.
+type Reader interface {
+ HasBlock(hash common.Hash) bool
+ GetBlock(hash common.Hash) (types.Block, error)
+ GetAllBlocks() (BlockIterator, error)
+
+ // GetCompactionChainTipInfo returns the block hash and finalization height
+ // of the tip block of compaction chain. Empty hash and zero height means
+ // the compaction chain is empty.
+ GetCompactionChainTipInfo() (common.Hash, uint64)
+
+ // DKG Private Key related methods.
+ GetDKGPrivateKey(round, reset uint64) (dkg.PrivateKey, error)
+ GetDKGProtocol() (dkgProtocol DKGProtocolInfo, err error)
+}
+
+// Writer defines the interface for writing blocks into DB.
+type Writer interface {
+ UpdateBlock(block types.Block) error
+ PutBlock(block types.Block) error
+ PutCompactionChainTipInfo(common.Hash, uint64) error
+ PutDKGPrivateKey(round, reset uint64, pk dkg.PrivateKey) error
+ PutOrUpdateDKGProtocol(dkgProtocol DKGProtocolInfo) error
+}
+
+// BlockIterator defines an iterator on blocks hold
+// in a DB.
+type BlockIterator interface {
+ NextBlock() (types.Block, error)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/db/level-db.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/level-db.go
new file mode 100644
index 000000000..9e3564b50
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/level-db.go
@@ -0,0 +1,573 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package db
+
+import (
+ "encoding/binary"
+ "io"
+
+ "github.com/syndtr/goleveldb/leveldb"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/go-tangerine/rlp"
+)
+
+var (
+ blockKeyPrefix = []byte("b-")
+ compactionChainTipInfoKey = []byte("cc-tip")
+ dkgPrivateKeyKeyPrefix = []byte("dkg-prvs")
+ dkgProtocolInfoKeyPrefix = []byte("dkg-protocol-info")
+)
+
+type compactionChainTipInfo struct {
+ Height uint64 `json:"height"`
+ Hash common.Hash `json:"hash"`
+}
+
+// DKGProtocolInfo DKG protocol info.
+type DKGProtocolInfo struct {
+ ID types.NodeID
+ Round uint64
+ Threshold uint64
+ IDMap NodeIDToDKGID
+ MpkMap NodeIDToPubShares
+ MasterPrivateShare dkg.PrivateKeyShares
+ IsMasterPrivateShareEmpty bool
+ PrvShares dkg.PrivateKeyShares
+ IsPrvSharesEmpty bool
+ PrvSharesReceived NodeID
+ NodeComplained NodeID
+ AntiComplaintReceived NodeIDToNodeIDs
+ Step uint64
+ Reset uint64
+}
+
+type dkgPrivateKey struct {
+ PK dkg.PrivateKey
+ Reset uint64
+}
+
+// Equal compare with target DKGProtocolInfo.
+func (info *DKGProtocolInfo) Equal(target *DKGProtocolInfo) bool {
+ if !info.ID.Equal(target.ID) ||
+ info.Round != target.Round ||
+ info.Threshold != target.Threshold ||
+ info.IsMasterPrivateShareEmpty != target.IsMasterPrivateShareEmpty ||
+ info.IsPrvSharesEmpty != target.IsPrvSharesEmpty ||
+ info.Step != target.Step ||
+ info.Reset != target.Reset ||
+ !info.MasterPrivateShare.Equal(&target.MasterPrivateShare) ||
+ !info.PrvShares.Equal(&target.PrvShares) {
+ return false
+ }
+
+ if len(info.IDMap) != len(target.IDMap) {
+ return false
+ }
+ for k, v := range info.IDMap {
+ tV, exist := target.IDMap[k]
+ if !exist {
+ return false
+ }
+
+ if !v.IsEqual(&tV) {
+ return false
+ }
+ }
+
+ if len(info.MpkMap) != len(target.MpkMap) {
+ return false
+ }
+ for k, v := range info.MpkMap {
+ tV, exist := target.MpkMap[k]
+ if !exist {
+ return false
+ }
+
+ if !v.Equal(tV) {
+ return false
+ }
+ }
+
+ if len(info.PrvSharesReceived) != len(target.PrvSharesReceived) {
+ return false
+ }
+ for k := range info.PrvSharesReceived {
+ _, exist := target.PrvSharesReceived[k]
+ if !exist {
+ return false
+ }
+ }
+
+ if len(info.NodeComplained) != len(target.NodeComplained) {
+ return false
+ }
+ for k := range info.NodeComplained {
+ _, exist := target.NodeComplained[k]
+ if !exist {
+ return false
+ }
+ }
+
+ if len(info.AntiComplaintReceived) != len(target.AntiComplaintReceived) {
+ return false
+ }
+ for k, v := range info.AntiComplaintReceived {
+ tV, exist := target.AntiComplaintReceived[k]
+ if !exist {
+ return false
+ }
+
+ if len(v) != len(tV) {
+ return false
+ }
+ for kk := range v {
+ _, exist := tV[kk]
+ if !exist {
+ return false
+ }
+ }
+ }
+
+ return true
+}
+
+// NodeIDToNodeIDs the map with NodeID to NodeIDs.
+type NodeIDToNodeIDs map[types.NodeID]map[types.NodeID]struct{}
+
+// EncodeRLP implements rlp.Encoder
+func (m NodeIDToNodeIDs) EncodeRLP(w io.Writer) error {
+ var allBytes [][][]byte
+ for k, v := range m {
+ kBytes, err := k.MarshalText()
+ if err != nil {
+ return err
+ }
+ allBytes = append(allBytes, [][]byte{kBytes})
+
+ var vBytes [][]byte
+ for subK := range v {
+ bytes, err := subK.MarshalText()
+ if err != nil {
+ return err
+ }
+ vBytes = append(vBytes, bytes)
+ }
+ allBytes = append(allBytes, vBytes)
+ }
+
+ return rlp.Encode(w, allBytes)
+}
+
+// DecodeRLP implements rlp.Encoder
+func (m *NodeIDToNodeIDs) DecodeRLP(s *rlp.Stream) error {
+ *m = make(NodeIDToNodeIDs)
+ var dec [][][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ for i := 0; i < len(dec); i += 2 {
+ key := types.NodeID{}
+ err := key.UnmarshalText(dec[i][0])
+ if err != nil {
+ return err
+ }
+
+ valueMap := map[types.NodeID]struct{}{}
+ for _, v := range dec[i+1] {
+ value := types.NodeID{}
+ err := value.UnmarshalText(v)
+ if err != nil {
+ return err
+ }
+
+ valueMap[value] = struct{}{}
+ }
+
+ (*m)[key] = valueMap
+ }
+
+ return nil
+}
+
+// NodeID the map with NodeID.
+type NodeID map[types.NodeID]struct{}
+
+// EncodeRLP implements rlp.Encoder
+func (m NodeID) EncodeRLP(w io.Writer) error {
+ var allBytes [][]byte
+ for k := range m {
+ kBytes, err := k.MarshalText()
+ if err != nil {
+ return err
+ }
+ allBytes = append(allBytes, kBytes)
+ }
+
+ return rlp.Encode(w, allBytes)
+}
+
+// DecodeRLP implements rlp.Encoder
+func (m *NodeID) DecodeRLP(s *rlp.Stream) error {
+ *m = make(NodeID)
+ var dec [][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ for i := 0; i < len(dec); i++ {
+ key := types.NodeID{}
+ err := key.UnmarshalText(dec[i])
+ if err != nil {
+ return err
+ }
+
+ (*m)[key] = struct{}{}
+ }
+
+ return nil
+}
+
+// NodeIDToPubShares the map with NodeID to PublicKeyShares.
+type NodeIDToPubShares map[types.NodeID]*dkg.PublicKeyShares
+
+// EncodeRLP implements rlp.Encoder
+func (m NodeIDToPubShares) EncodeRLP(w io.Writer) error {
+ var allBytes [][]byte
+ for k, v := range m {
+ kBytes, err := k.MarshalText()
+ if err != nil {
+ return err
+ }
+ allBytes = append(allBytes, kBytes)
+
+ bytes, err := rlp.EncodeToBytes(v)
+ if err != nil {
+ return err
+ }
+ allBytes = append(allBytes, bytes)
+ }
+
+ return rlp.Encode(w, allBytes)
+}
+
+// DecodeRLP implements rlp.Encoder
+func (m *NodeIDToPubShares) DecodeRLP(s *rlp.Stream) error {
+ *m = make(NodeIDToPubShares)
+ var dec [][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ for i := 0; i < len(dec); i += 2 {
+ key := types.NodeID{}
+ err := key.UnmarshalText(dec[i])
+ if err != nil {
+ return err
+ }
+
+ value := dkg.PublicKeyShares{}
+ err = rlp.DecodeBytes(dec[i+1], &value)
+ if err != nil {
+ return err
+ }
+
+ (*m)[key] = &value
+ }
+
+ return nil
+}
+
+// NodeIDToDKGID the map with NodeID to DKGID.
+type NodeIDToDKGID map[types.NodeID]dkg.ID
+
+// EncodeRLP implements rlp.Encoder
+func (m NodeIDToDKGID) EncodeRLP(w io.Writer) error {
+ var allBytes [][]byte
+ for k, v := range m {
+ kBytes, err := k.MarshalText()
+ if err != nil {
+ return err
+ }
+ allBytes = append(allBytes, kBytes)
+ allBytes = append(allBytes, v.GetLittleEndian())
+ }
+
+ return rlp.Encode(w, allBytes)
+}
+
+// DecodeRLP implements rlp.Encoder
+func (m *NodeIDToDKGID) DecodeRLP(s *rlp.Stream) error {
+ *m = make(NodeIDToDKGID)
+ var dec [][]byte
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ for i := 0; i < len(dec); i += 2 {
+ key := types.NodeID{}
+ err := key.UnmarshalText(dec[i])
+ if err != nil {
+ return err
+ }
+
+ value := dkg.ID{}
+ err = value.SetLittleEndian(dec[i+1])
+ if err != nil {
+ return err
+ }
+
+ (*m)[key] = value
+ }
+
+ return nil
+}
+
+// LevelDBBackedDB is a leveldb backed DB implementation.
+type LevelDBBackedDB struct {
+ db *leveldb.DB
+}
+
+// NewLevelDBBackedDB initialize a leveldb-backed database.
+func NewLevelDBBackedDB(
+ path string) (lvl *LevelDBBackedDB, err error) {
+
+ dbInst, err := leveldb.OpenFile(path, nil)
+ if err != nil {
+ return
+ }
+ lvl = &LevelDBBackedDB{db: dbInst}
+ return
+}
+
+// Close implement Closer interface, which would release allocated resource.
+func (lvl *LevelDBBackedDB) Close() error {
+ return lvl.db.Close()
+}
+
+// HasBlock implements the Reader.Has method.
+func (lvl *LevelDBBackedDB) HasBlock(hash common.Hash) bool {
+ exists, err := lvl.internalHasBlock(lvl.getBlockKey(hash))
+ if err != nil {
+ panic(err)
+ }
+ return exists
+}
+
+func (lvl *LevelDBBackedDB) internalHasBlock(key []byte) (bool, error) {
+ return lvl.db.Has(key, nil)
+}
+
+// GetBlock implements the Reader.GetBlock method.
+func (lvl *LevelDBBackedDB) GetBlock(
+ hash common.Hash) (block types.Block, err error) {
+ queried, err := lvl.db.Get(lvl.getBlockKey(hash), nil)
+ if err != nil {
+ if err == leveldb.ErrNotFound {
+ err = ErrBlockDoesNotExist
+ }
+ return
+ }
+ err = rlp.DecodeBytes(queried, &block)
+ return
+}
+
+// UpdateBlock implements the Writer.UpdateBlock method.
+func (lvl *LevelDBBackedDB) UpdateBlock(block types.Block) (err error) {
+ // NOTE: we didn't handle changes of block hash (and it
+ // should not happen).
+ marshaled, err := rlp.EncodeToBytes(&block)
+ if err != nil {
+ return
+ }
+ blockKey := lvl.getBlockKey(block.Hash)
+ exists, err := lvl.internalHasBlock(blockKey)
+ if err != nil {
+ return
+ }
+ if !exists {
+ err = ErrBlockDoesNotExist
+ return
+ }
+ err = lvl.db.Put(blockKey, marshaled, nil)
+ return
+}
+
+// PutBlock implements the Writer.PutBlock method.
+func (lvl *LevelDBBackedDB) PutBlock(block types.Block) (err error) {
+ marshaled, err := rlp.EncodeToBytes(&block)
+ if err != nil {
+ return
+ }
+ blockKey := lvl.getBlockKey(block.Hash)
+ exists, err := lvl.internalHasBlock(blockKey)
+ if err != nil {
+ return
+ }
+ if exists {
+ err = ErrBlockExists
+ return
+ }
+ err = lvl.db.Put(blockKey, marshaled, nil)
+ return
+}
+
+// GetAllBlocks implements Reader.GetAllBlocks method, which allows callers
+// to retrieve all blocks in DB.
+func (lvl *LevelDBBackedDB) GetAllBlocks() (BlockIterator, error) {
+ return nil, ErrNotImplemented
+}
+
+// PutCompactionChainTipInfo saves tip of compaction chain into the database.
+func (lvl *LevelDBBackedDB) PutCompactionChainTipInfo(
+ blockHash common.Hash, height uint64) error {
+ marshaled, err := rlp.EncodeToBytes(&compactionChainTipInfo{
+ Hash: blockHash,
+ Height: height,
+ })
+ if err != nil {
+ return err
+ }
+ // Check current cached tip info to make sure the one to be updated is
+ // valid.
+ info, err := lvl.internalGetCompactionChainTipInfo()
+ if err != nil {
+ return err
+ }
+ if info.Height+1 != height {
+ return ErrInvalidCompactionChainTipHeight
+ }
+ return lvl.db.Put(compactionChainTipInfoKey, marshaled, nil)
+}
+
+func (lvl *LevelDBBackedDB) internalGetCompactionChainTipInfo() (
+ info compactionChainTipInfo, err error) {
+ queried, err := lvl.db.Get(compactionChainTipInfoKey, nil)
+ if err != nil {
+ if err == leveldb.ErrNotFound {
+ err = nil
+ }
+ return
+ }
+ err = rlp.DecodeBytes(queried, &info)
+ return
+}
+
+// GetCompactionChainTipInfo get the tip info of compaction chain into the
+// database.
+func (lvl *LevelDBBackedDB) GetCompactionChainTipInfo() (
+ hash common.Hash, height uint64) {
+ info, err := lvl.internalGetCompactionChainTipInfo()
+ if err != nil {
+ panic(err)
+ }
+ hash, height = info.Hash, info.Height
+ return
+}
+
+// GetDKGPrivateKey get DKG private key of one round.
+func (lvl *LevelDBBackedDB) GetDKGPrivateKey(round, reset uint64) (
+ prv dkg.PrivateKey, err error) {
+ queried, err := lvl.db.Get(lvl.getDKGPrivateKeyKey(round), nil)
+ if err != nil {
+ if err == leveldb.ErrNotFound {
+ err = ErrDKGPrivateKeyDoesNotExist
+ }
+ return
+ }
+ pk := dkgPrivateKey{}
+ err = rlp.DecodeBytes(queried, &pk)
+ if pk.Reset != reset {
+ err = ErrDKGPrivateKeyDoesNotExist
+ return
+ }
+ prv = pk.PK
+ return
+}
+
+// PutDKGPrivateKey save DKG private key of one round.
+func (lvl *LevelDBBackedDB) PutDKGPrivateKey(
+ round, reset uint64, prv dkg.PrivateKey) error {
+ // Check existence.
+ _, err := lvl.GetDKGPrivateKey(round, reset)
+ if err == nil {
+ return ErrDKGPrivateKeyExists
+ }
+ if err != ErrDKGPrivateKeyDoesNotExist {
+ return err
+ }
+ pk := &dkgPrivateKey{
+ PK: prv,
+ Reset: reset,
+ }
+ marshaled, err := rlp.EncodeToBytes(&pk)
+ if err != nil {
+ return err
+ }
+ return lvl.db.Put(
+ lvl.getDKGPrivateKeyKey(round), marshaled, nil)
+}
+
+// GetDKGProtocol get DKG protocol.
+func (lvl *LevelDBBackedDB) GetDKGProtocol() (
+ info DKGProtocolInfo, err error) {
+ queried, err := lvl.db.Get(lvl.getDKGProtocolInfoKey(), nil)
+ if err != nil {
+ if err == leveldb.ErrNotFound {
+ err = ErrDKGProtocolDoesNotExist
+ }
+ return
+ }
+
+ err = rlp.DecodeBytes(queried, &info)
+ return
+}
+
+// PutOrUpdateDKGProtocol save DKG protocol.
+func (lvl *LevelDBBackedDB) PutOrUpdateDKGProtocol(info DKGProtocolInfo) error {
+ marshaled, err := rlp.EncodeToBytes(&info)
+ if err != nil {
+ return err
+ }
+ return lvl.db.Put(lvl.getDKGProtocolInfoKey(), marshaled, nil)
+}
+
+func (lvl *LevelDBBackedDB) getBlockKey(hash common.Hash) (ret []byte) {
+ ret = make([]byte, len(blockKeyPrefix)+len(hash[:]))
+ copy(ret, blockKeyPrefix)
+ copy(ret[len(blockKeyPrefix):], hash[:])
+ return
+}
+
+func (lvl *LevelDBBackedDB) getDKGPrivateKeyKey(
+ round uint64) (ret []byte) {
+ ret = make([]byte, len(dkgPrivateKeyKeyPrefix)+8)
+ copy(ret, dkgPrivateKeyKeyPrefix)
+ binary.LittleEndian.PutUint64(
+ ret[len(dkgPrivateKeyKeyPrefix):], round)
+ return
+}
+
+func (lvl *LevelDBBackedDB) getDKGProtocolInfoKey() (ret []byte) {
+ ret = make([]byte, len(dkgProtocolInfoKeyPrefix)+8)
+ copy(ret, dkgProtocolInfoKeyPrefix)
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/db/memory.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/memory.go
new file mode 100644
index 000000000..2ad5cda9e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/db/memory.go
@@ -0,0 +1,262 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package db
+
+import (
+ "encoding/json"
+ "io/ioutil"
+ "os"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+type blockSeqIterator struct {
+ idx int
+ db *MemBackedDB
+}
+
+// NextBlock implemenets BlockIterator.NextBlock method.
+func (seq *blockSeqIterator) NextBlock() (types.Block, error) {
+ curIdx := seq.idx
+ seq.idx++
+ return seq.db.getBlockByIndex(curIdx)
+}
+
+// MemBackedDB is a memory backed DB implementation.
+type MemBackedDB struct {
+ blocksLock sync.RWMutex
+ blockHashSequence common.Hashes
+ blocksByHash map[common.Hash]*types.Block
+ compactionChainTipLock sync.RWMutex
+ compactionChainTipHash common.Hash
+ compactionChainTipHeight uint64
+ dkgPrivateKeysLock sync.RWMutex
+ dkgPrivateKeys map[uint64]*dkgPrivateKey
+ dkgProtocolLock sync.RWMutex
+ dkgProtocolInfo *DKGProtocolInfo
+ persistantFilePath string
+}
+
+// NewMemBackedDB initialize a memory-backed database.
+func NewMemBackedDB(persistantFilePath ...string) (
+ dbInst *MemBackedDB, err error) {
+ dbInst = &MemBackedDB{
+ blockHashSequence: common.Hashes{},
+ blocksByHash: make(map[common.Hash]*types.Block),
+ dkgPrivateKeys: make(map[uint64]*dkgPrivateKey),
+ }
+ if len(persistantFilePath) == 0 || len(persistantFilePath[0]) == 0 {
+ return
+ }
+ dbInst.persistantFilePath = persistantFilePath[0]
+ buf, err := ioutil.ReadFile(dbInst.persistantFilePath)
+ if err != nil {
+ if !os.IsNotExist(err) {
+ // Something unexpected happened.
+ return
+ }
+ // It's expected behavior that file doesn't exists, we should not
+ // report error on it.
+ err = nil
+ return
+ }
+
+ // Init this instance by file content, it's a temporary way
+ // to export those private field for JSON encoding.
+ toLoad := struct {
+ Sequence common.Hashes
+ ByHash map[common.Hash]*types.Block
+ }{}
+ err = json.Unmarshal(buf, &toLoad)
+ if err != nil {
+ return
+ }
+ dbInst.blockHashSequence = toLoad.Sequence
+ dbInst.blocksByHash = toLoad.ByHash
+ return
+}
+
+// HasBlock returns wheter or not the DB has a block identified with the hash.
+func (m *MemBackedDB) HasBlock(hash common.Hash) bool {
+ m.blocksLock.RLock()
+ defer m.blocksLock.RUnlock()
+
+ _, ok := m.blocksByHash[hash]
+ return ok
+}
+
+// GetBlock returns a block given a hash.
+func (m *MemBackedDB) GetBlock(hash common.Hash) (types.Block, error) {
+ m.blocksLock.RLock()
+ defer m.blocksLock.RUnlock()
+
+ return m.internalGetBlock(hash)
+}
+
+func (m *MemBackedDB) internalGetBlock(hash common.Hash) (types.Block, error) {
+ b, ok := m.blocksByHash[hash]
+ if !ok {
+ return types.Block{}, ErrBlockDoesNotExist
+ }
+ return *b, nil
+}
+
+// PutBlock inserts a new block into the database.
+func (m *MemBackedDB) PutBlock(block types.Block) error {
+ if m.HasBlock(block.Hash) {
+ return ErrBlockExists
+ }
+
+ m.blocksLock.Lock()
+ defer m.blocksLock.Unlock()
+
+ m.blockHashSequence = append(m.blockHashSequence, block.Hash)
+ m.blocksByHash[block.Hash] = &block
+ return nil
+}
+
+// UpdateBlock updates a block in the database.
+func (m *MemBackedDB) UpdateBlock(block types.Block) error {
+ if !m.HasBlock(block.Hash) {
+ return ErrBlockDoesNotExist
+ }
+
+ m.blocksLock.Lock()
+ defer m.blocksLock.Unlock()
+
+ m.blocksByHash[block.Hash] = &block
+ return nil
+}
+
+// PutCompactionChainTipInfo saves tip of compaction chain into the database.
+func (m *MemBackedDB) PutCompactionChainTipInfo(
+ blockHash common.Hash, height uint64) error {
+ m.compactionChainTipLock.Lock()
+ defer m.compactionChainTipLock.Unlock()
+ if m.compactionChainTipHeight+1 != height {
+ return ErrInvalidCompactionChainTipHeight
+ }
+ m.compactionChainTipHeight = height
+ m.compactionChainTipHash = blockHash
+ return nil
+}
+
+// GetCompactionChainTipInfo get the tip info of compaction chain into the
+// database.
+func (m *MemBackedDB) GetCompactionChainTipInfo() (
+ hash common.Hash, height uint64) {
+ m.compactionChainTipLock.RLock()
+ defer m.compactionChainTipLock.RUnlock()
+ return m.compactionChainTipHash, m.compactionChainTipHeight
+}
+
+// GetDKGPrivateKey get DKG private key of one round.
+func (m *MemBackedDB) GetDKGPrivateKey(round, reset uint64) (
+ dkg.PrivateKey, error) {
+ m.dkgPrivateKeysLock.RLock()
+ defer m.dkgPrivateKeysLock.RUnlock()
+ if prv, exists := m.dkgPrivateKeys[round]; exists && prv.Reset == reset {
+ return prv.PK, nil
+ }
+ return dkg.PrivateKey{}, ErrDKGPrivateKeyDoesNotExist
+}
+
+// PutDKGPrivateKey save DKG private key of one round.
+func (m *MemBackedDB) PutDKGPrivateKey(
+ round, reset uint64, prv dkg.PrivateKey) error {
+ m.dkgPrivateKeysLock.Lock()
+ defer m.dkgPrivateKeysLock.Unlock()
+ if prv, exists := m.dkgPrivateKeys[round]; exists && prv.Reset == reset {
+ return ErrDKGPrivateKeyExists
+ }
+ m.dkgPrivateKeys[round] = &dkgPrivateKey{
+ PK: prv,
+ Reset: reset,
+ }
+ return nil
+}
+
+// GetDKGProtocol get DKG protocol.
+func (m *MemBackedDB) GetDKGProtocol() (
+ DKGProtocolInfo, error) {
+ m.dkgProtocolLock.RLock()
+ defer m.dkgProtocolLock.RUnlock()
+ if m.dkgProtocolInfo == nil {
+ return DKGProtocolInfo{}, ErrDKGProtocolDoesNotExist
+ }
+
+ return *m.dkgProtocolInfo, nil
+}
+
+// PutOrUpdateDKGProtocol save DKG protocol.
+func (m *MemBackedDB) PutOrUpdateDKGProtocol(dkgProtocol DKGProtocolInfo) error {
+ m.dkgProtocolLock.Lock()
+ defer m.dkgProtocolLock.Unlock()
+ m.dkgProtocolInfo = &dkgProtocol
+ return nil
+}
+
+// Close implement Closer interface, which would release allocated resource.
+func (m *MemBackedDB) Close() (err error) {
+ // Save internal state to a pretty-print json file. It's a temporary way
+ // to dump private file via JSON encoding.
+ if len(m.persistantFilePath) == 0 {
+ return
+ }
+
+ m.blocksLock.RLock()
+ defer m.blocksLock.RUnlock()
+
+ toDump := struct {
+ Sequence common.Hashes
+ ByHash map[common.Hash]*types.Block
+ }{
+ Sequence: m.blockHashSequence,
+ ByHash: m.blocksByHash,
+ }
+
+ // Dump to JSON with 2-space indent.
+ buf, err := json.Marshal(&toDump)
+ if err != nil {
+ return
+ }
+
+ err = ioutil.WriteFile(m.persistantFilePath, buf, 0644)
+ return
+}
+
+func (m *MemBackedDB) getBlockByIndex(idx int) (types.Block, error) {
+ m.blocksLock.RLock()
+ defer m.blocksLock.RUnlock()
+
+ if idx >= len(m.blockHashSequence) {
+ return types.Block{}, ErrIterationFinished
+ }
+
+ hash := m.blockHashSequence[idx]
+ return m.internalGetBlock(hash)
+}
+
+// GetAllBlocks implement Reader.GetAllBlocks method, which allows caller
+// to retrieve all blocks in DB.
+func (m *MemBackedDB) GetAllBlocks() (BlockIterator, error) {
+ return &blockSeqIterator{db: m}, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/dkg-tsig-protocol.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/dkg-tsig-protocol.go
new file mode 100644
index 000000000..38739da4e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/dkg-tsig-protocol.go
@@ -0,0 +1,709 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "fmt"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/db"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors for dkg module.
+var (
+ ErrNotDKGParticipant = fmt.Errorf(
+ "not a DKG participant")
+ ErrNotQualifyDKGParticipant = fmt.Errorf(
+ "not a qualified DKG participant")
+ ErrIDShareNotFound = fmt.Errorf(
+ "private share not found for specific ID")
+ ErrIncorrectPrivateShareSignature = fmt.Errorf(
+ "incorrect private share signature")
+ ErrMismatchPartialSignatureHash = fmt.Errorf(
+ "mismatch partialSignature hash")
+ ErrIncorrectPartialSignatureSignature = fmt.Errorf(
+ "incorrect partialSignature signature")
+ ErrIncorrectPartialSignature = fmt.Errorf(
+ "incorrect partialSignature")
+ ErrNotEnoughtPartialSignatures = fmt.Errorf(
+ "not enough of partial signatures")
+ ErrRoundAlreadyPurged = fmt.Errorf(
+ "cache of round already been purged")
+ ErrTSigNotReady = fmt.Errorf(
+ "tsig not ready")
+ ErrSelfMPKNotRegister = fmt.Errorf(
+ "self mpk not registered")
+ ErrUnableGetSelfPrvShare = fmt.Errorf(
+ "unable to get self DKG PrivateShare")
+ ErrSelfPrvShareMismatch = fmt.Errorf(
+ "self privateShare does not match mpk registered")
+)
+
+// ErrUnexpectedDKGResetCount represents receiving a DKG message with unexpected
+// DKG reset count.
+type ErrUnexpectedDKGResetCount struct {
+ expect, actual uint64
+ proposerID types.NodeID
+}
+
+func (e ErrUnexpectedDKGResetCount) Error() string {
+ return fmt.Sprintf(
+ "unexpected DKG reset count, from:%s expect:%d actual:%d",
+ e.proposerID.String()[:6], e.expect, e.actual)
+}
+
+// ErrUnexpectedRound represents receiving a DKG message with unexpected round.
+type ErrUnexpectedRound struct {
+ expect, actual uint64
+ proposerID types.NodeID
+}
+
+func (e ErrUnexpectedRound) Error() string {
+ return fmt.Sprintf("unexpected round, from:%s expect:%d actual:%d",
+ e.proposerID.String()[:6], e.expect, e.actual)
+}
+
+type dkgReceiver interface {
+ // ProposeDKGComplaint proposes a DKGComplaint.
+ ProposeDKGComplaint(complaint *typesDKG.Complaint)
+
+ // ProposeDKGMasterPublicKey propose a DKGMasterPublicKey.
+ ProposeDKGMasterPublicKey(mpk *typesDKG.MasterPublicKey)
+
+ // ProposeDKGPrivateShare propose a DKGPrivateShare.
+ ProposeDKGPrivateShare(prv *typesDKG.PrivateShare)
+
+ // ProposeDKGAntiNackComplaint propose a DKGPrivateShare as an anti complaint.
+ ProposeDKGAntiNackComplaint(prv *typesDKG.PrivateShare)
+
+ // ProposeDKGMPKReady propose a DKGMPKReady message.
+ ProposeDKGMPKReady(ready *typesDKG.MPKReady)
+
+ // ProposeDKGFinalize propose a DKGFinalize message.
+ ProposeDKGFinalize(final *typesDKG.Finalize)
+
+ // ProposeDKGSuccess propose a DKGSuccess message.
+ ProposeDKGSuccess(final *typesDKG.Success)
+}
+
+type dkgProtocol struct {
+ ID types.NodeID
+ recv dkgReceiver
+ round uint64
+ reset uint64
+ threshold int
+ idMap map[types.NodeID]dkg.ID
+ mpkMap map[types.NodeID]*dkg.PublicKeyShares
+ masterPrivateShare *dkg.PrivateKeyShares
+ prvShares *dkg.PrivateKeyShares
+ prvSharesReceived map[types.NodeID]struct{}
+ nodeComplained map[types.NodeID]struct{}
+ // Complaint[from][to]'s anti is saved to antiComplaint[from][to].
+ antiComplaintReceived map[types.NodeID]map[types.NodeID]struct{}
+ // The completed step in `runDKG`.
+ step int
+}
+
+func (d *dkgProtocol) convertFromInfo(info db.DKGProtocolInfo) {
+ d.ID = info.ID
+ d.idMap = info.IDMap
+ d.round = info.Round
+ d.threshold = int(info.Threshold)
+ d.idMap = info.IDMap
+ d.mpkMap = info.MpkMap
+ d.prvSharesReceived = info.PrvSharesReceived
+ d.nodeComplained = info.NodeComplained
+ d.antiComplaintReceived = info.AntiComplaintReceived
+ d.step = int(info.Step)
+ d.reset = info.Reset
+ if info.IsMasterPrivateShareEmpty {
+ d.masterPrivateShare = nil
+ } else {
+ d.masterPrivateShare = &info.MasterPrivateShare
+ }
+
+ if info.IsPrvSharesEmpty {
+ d.prvShares = nil
+ } else {
+ d.prvShares = &info.PrvShares
+ }
+}
+
+func (d *dkgProtocol) toDKGProtocolInfo() db.DKGProtocolInfo {
+ info := db.DKGProtocolInfo{
+ ID: d.ID,
+ Round: d.round,
+ Threshold: uint64(d.threshold),
+ IDMap: d.idMap,
+ MpkMap: d.mpkMap,
+ PrvSharesReceived: d.prvSharesReceived,
+ NodeComplained: d.nodeComplained,
+ AntiComplaintReceived: d.antiComplaintReceived,
+ Step: uint64(d.step),
+ Reset: d.reset,
+ }
+
+ if d.masterPrivateShare != nil {
+ info.MasterPrivateShare = *d.masterPrivateShare
+ } else {
+ info.IsMasterPrivateShareEmpty = true
+ }
+
+ if d.prvShares != nil {
+ info.PrvShares = *d.prvShares
+ } else {
+ info.IsPrvSharesEmpty = true
+ }
+
+ return info
+}
+
+type dkgShareSecret struct {
+ privateKey *dkg.PrivateKey
+}
+
+// TSigVerifier is the interface verifying threshold signature.
+type TSigVerifier interface {
+ VerifySignature(hash common.Hash, sig crypto.Signature) bool
+}
+
+// TSigVerifierCacheInterface specifies interface used by TSigVerifierCache.
+type TSigVerifierCacheInterface interface {
+ // Configuration returns the configuration at a given round.
+ // Return the genesis configuration if round == 0.
+ Configuration(round uint64) *types.Config
+
+ // DKGComplaints gets all the DKGComplaints of round.
+ DKGComplaints(round uint64) []*typesDKG.Complaint
+
+ // DKGMasterPublicKeys gets all the DKGMasterPublicKey of round.
+ DKGMasterPublicKeys(round uint64) []*typesDKG.MasterPublicKey
+
+ // IsDKGFinal checks if DKG is final.
+ IsDKGFinal(round uint64) bool
+}
+
+// TSigVerifierCache is the cache for TSigVerifier.
+type TSigVerifierCache struct {
+ intf TSigVerifierCacheInterface
+ verifier map[uint64]TSigVerifier
+ minRound uint64
+ cacheSize int
+ lock sync.RWMutex
+}
+
+type tsigProtocol struct {
+ nodePublicKeys *typesDKG.NodePublicKeys
+ hash common.Hash
+ sigs map[dkg.ID]dkg.PartialSignature
+ threshold int
+}
+
+func newDKGProtocol(
+ ID types.NodeID,
+ recv dkgReceiver,
+ round uint64,
+ reset uint64,
+ threshold int) *dkgProtocol {
+
+ prvShare, pubShare := dkg.NewPrivateKeyShares(threshold)
+
+ recv.ProposeDKGMasterPublicKey(&typesDKG.MasterPublicKey{
+ Round: round,
+ Reset: reset,
+ DKGID: typesDKG.NewID(ID),
+ PublicKeyShares: *pubShare.Move(),
+ })
+
+ return &dkgProtocol{
+ ID: ID,
+ recv: recv,
+ round: round,
+ reset: reset,
+ threshold: threshold,
+ idMap: make(map[types.NodeID]dkg.ID),
+ mpkMap: make(map[types.NodeID]*dkg.PublicKeyShares),
+ masterPrivateShare: prvShare,
+ prvShares: dkg.NewEmptyPrivateKeyShares(),
+ prvSharesReceived: make(map[types.NodeID]struct{}),
+ nodeComplained: make(map[types.NodeID]struct{}),
+ antiComplaintReceived: make(map[types.NodeID]map[types.NodeID]struct{}),
+ }
+}
+
+func recoverDKGProtocol(
+ ID types.NodeID,
+ recv dkgReceiver,
+ round uint64,
+ reset uint64,
+ coreDB db.Database) (*dkgProtocol, error) {
+ dkgProtocolInfo, err := coreDB.GetDKGProtocol()
+ if err != nil {
+ if err == db.ErrDKGProtocolDoesNotExist {
+ return nil, nil
+ }
+ return nil, err
+ }
+
+ dkgProtocol := dkgProtocol{
+ recv: recv,
+ }
+ dkgProtocol.convertFromInfo(dkgProtocolInfo)
+
+ if dkgProtocol.ID != ID || dkgProtocol.round != round || dkgProtocol.reset != reset {
+ return nil, nil
+ }
+
+ return &dkgProtocol, nil
+}
+
+func (d *dkgProtocol) processMasterPublicKeys(
+ mpks []*typesDKG.MasterPublicKey) (err error) {
+ d.idMap = make(map[types.NodeID]dkg.ID, len(mpks))
+ d.mpkMap = make(map[types.NodeID]*dkg.PublicKeyShares, len(mpks))
+ d.prvSharesReceived = make(map[types.NodeID]struct{}, len(mpks))
+ ids := make(dkg.IDs, len(mpks))
+ for i := range mpks {
+ if mpks[i].Reset != d.reset {
+ return ErrUnexpectedDKGResetCount{
+ expect: d.reset,
+ actual: mpks[i].Reset,
+ proposerID: mpks[i].ProposerID,
+ }
+ }
+ nID := mpks[i].ProposerID
+ d.idMap[nID] = mpks[i].DKGID
+ d.mpkMap[nID] = &mpks[i].PublicKeyShares
+ ids[i] = mpks[i].DKGID
+ }
+ d.masterPrivateShare.SetParticipants(ids)
+ if err = d.verifySelfPrvShare(); err != nil {
+ return
+ }
+ for _, mpk := range mpks {
+ share, ok := d.masterPrivateShare.Share(mpk.DKGID)
+ if !ok {
+ err = ErrIDShareNotFound
+ continue
+ }
+ d.recv.ProposeDKGPrivateShare(&typesDKG.PrivateShare{
+ ReceiverID: mpk.ProposerID,
+ Round: d.round,
+ Reset: d.reset,
+ PrivateShare: *share,
+ })
+ }
+ return
+}
+
+func (d *dkgProtocol) verifySelfPrvShare() error {
+ selfMPK, exist := d.mpkMap[d.ID]
+ if !exist {
+ return ErrSelfMPKNotRegister
+ }
+ share, ok := d.masterPrivateShare.Share(d.idMap[d.ID])
+ if !ok {
+ return ErrUnableGetSelfPrvShare
+ }
+ ok, err := selfMPK.VerifyPrvShare(
+ d.idMap[d.ID], share)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrSelfPrvShareMismatch
+ }
+ return nil
+}
+
+func (d *dkgProtocol) proposeNackComplaints() {
+ for nID := range d.mpkMap {
+ if _, exist := d.prvSharesReceived[nID]; exist {
+ continue
+ }
+ d.recv.ProposeDKGComplaint(&typesDKG.Complaint{
+ Round: d.round,
+ Reset: d.reset,
+ PrivateShare: typesDKG.PrivateShare{
+ ProposerID: nID,
+ Round: d.round,
+ Reset: d.reset,
+ },
+ })
+ }
+}
+
+func (d *dkgProtocol) processNackComplaints(complaints []*typesDKG.Complaint) (
+ err error) {
+ if err = d.verifySelfPrvShare(); err != nil {
+ return
+ }
+ for _, complaint := range complaints {
+ if !complaint.IsNack() {
+ continue
+ }
+ if complaint.Reset != d.reset {
+ continue
+ }
+ if complaint.PrivateShare.ProposerID != d.ID {
+ continue
+ }
+ id, exist := d.idMap[complaint.ProposerID]
+ if !exist {
+ err = ErrNotDKGParticipant
+ continue
+ }
+ share, ok := d.masterPrivateShare.Share(id)
+ if !ok {
+ err = ErrIDShareNotFound
+ continue
+ }
+ d.recv.ProposeDKGAntiNackComplaint(&typesDKG.PrivateShare{
+ ProposerID: d.ID,
+ ReceiverID: complaint.ProposerID,
+ Round: d.round,
+ Reset: d.reset,
+ PrivateShare: *share,
+ })
+ }
+ return
+}
+
+func (d *dkgProtocol) enforceNackComplaints(complaints []*typesDKG.Complaint) {
+ complained := make(map[types.NodeID]struct{})
+ // Do not propose nack complaint to itself.
+ complained[d.ID] = struct{}{}
+ for _, complaint := range complaints {
+ if d.round != complaint.Round || d.reset != complaint.Reset {
+ continue
+ }
+ if !complaint.IsNack() {
+ continue
+ }
+ if complaint.Reset != d.reset {
+ continue
+ }
+ to := complaint.PrivateShare.ProposerID
+ if _, exist := complained[to]; exist {
+ continue
+ }
+ from := complaint.ProposerID
+ // Nack complaint is already proposed.
+ if from == d.ID {
+ continue
+ }
+ if _, exist :=
+ d.antiComplaintReceived[from][to]; !exist {
+ complained[to] = struct{}{}
+ d.recv.ProposeDKGComplaint(&typesDKG.Complaint{
+ Round: d.round,
+ Reset: d.reset,
+ PrivateShare: typesDKG.PrivateShare{
+ ProposerID: to,
+ Round: d.round,
+ Reset: d.reset,
+ },
+ })
+ }
+ }
+}
+
+func (d *dkgProtocol) sanityCheck(prvShare *typesDKG.PrivateShare) error {
+ if d.round != prvShare.Round {
+ return ErrUnexpectedRound{
+ expect: d.round,
+ actual: prvShare.Round,
+ proposerID: prvShare.ProposerID,
+ }
+ }
+ if d.reset != prvShare.Reset {
+ return ErrUnexpectedDKGResetCount{
+ expect: d.reset,
+ actual: prvShare.Reset,
+ proposerID: prvShare.ProposerID,
+ }
+ }
+ if _, exist := d.idMap[prvShare.ProposerID]; !exist {
+ return ErrNotDKGParticipant
+ }
+ ok, err := utils.VerifyDKGPrivateShareSignature(prvShare)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectPrivateShareSignature
+ }
+ return nil
+}
+
+func (d *dkgProtocol) processPrivateShare(
+ prvShare *typesDKG.PrivateShare) error {
+ receiverID, exist := d.idMap[prvShare.ReceiverID]
+ // This node is not a DKG participant, ignore the private share.
+ if !exist {
+ return nil
+ }
+ if prvShare.ReceiverID == d.ID {
+ if _, exist := d.prvSharesReceived[prvShare.ProposerID]; exist {
+ return nil
+ }
+ } else {
+ if _, exist := d.antiComplaintReceived[prvShare.ReceiverID]; exist {
+ if _, exist :=
+ d.antiComplaintReceived[prvShare.ReceiverID][prvShare.ProposerID]; exist {
+ return nil
+ }
+ }
+ }
+ if err := d.sanityCheck(prvShare); err != nil {
+ return err
+ }
+ mpk := d.mpkMap[prvShare.ProposerID]
+ ok, err := mpk.VerifyPrvShare(receiverID, &prvShare.PrivateShare)
+ if err != nil {
+ return err
+ }
+ if prvShare.ReceiverID == d.ID {
+ d.prvSharesReceived[prvShare.ProposerID] = struct{}{}
+ }
+ if !ok {
+ if _, exist := d.nodeComplained[prvShare.ProposerID]; exist {
+ return nil
+ }
+ complaint := &typesDKG.Complaint{
+ Round: d.round,
+ Reset: d.reset,
+ PrivateShare: *prvShare,
+ }
+ d.nodeComplained[prvShare.ProposerID] = struct{}{}
+ d.recv.ProposeDKGComplaint(complaint)
+ } else if prvShare.ReceiverID == d.ID {
+ sender := d.idMap[prvShare.ProposerID]
+ if err := d.prvShares.AddShare(sender, &prvShare.PrivateShare); err != nil {
+ return err
+ }
+ } else {
+ // The prvShare is an anti complaint.
+ if _, exist := d.antiComplaintReceived[prvShare.ReceiverID]; !exist {
+ d.antiComplaintReceived[prvShare.ReceiverID] =
+ make(map[types.NodeID]struct{})
+ }
+ if _, exist :=
+ d.antiComplaintReceived[prvShare.ReceiverID][prvShare.ProposerID]; !exist {
+ d.recv.ProposeDKGAntiNackComplaint(prvShare)
+ d.antiComplaintReceived[prvShare.ReceiverID][prvShare.ProposerID] =
+ struct{}{}
+ }
+ }
+ return nil
+}
+
+func (d *dkgProtocol) proposeMPKReady() {
+ d.recv.ProposeDKGMPKReady(&typesDKG.MPKReady{
+ ProposerID: d.ID,
+ Round: d.round,
+ Reset: d.reset,
+ })
+}
+
+func (d *dkgProtocol) proposeFinalize() {
+ d.recv.ProposeDKGFinalize(&typesDKG.Finalize{
+ ProposerID: d.ID,
+ Round: d.round,
+ Reset: d.reset,
+ })
+}
+
+func (d *dkgProtocol) proposeSuccess() {
+ d.recv.ProposeDKGSuccess(&typesDKG.Success{
+ ProposerID: d.ID,
+ Round: d.round,
+ Reset: d.reset,
+ })
+}
+
+func (d *dkgProtocol) recoverShareSecret(qualifyIDs dkg.IDs) (
+ *dkgShareSecret, error) {
+ if len(qualifyIDs) < d.threshold {
+ return nil, typesDKG.ErrNotReachThreshold
+ }
+ prvKey, err := d.prvShares.RecoverPrivateKey(qualifyIDs)
+ if err != nil {
+ return nil, err
+ }
+ return &dkgShareSecret{
+ privateKey: prvKey,
+ }, nil
+}
+
+func (ss *dkgShareSecret) sign(hash common.Hash) dkg.PartialSignature {
+ // DKG sign will always success.
+ sig, _ := ss.privateKey.Sign(hash)
+ return dkg.PartialSignature(sig)
+}
+
+// NewTSigVerifierCache creats a TSigVerifierCache instance.
+func NewTSigVerifierCache(
+ intf TSigVerifierCacheInterface, cacheSize int) *TSigVerifierCache {
+ return &TSigVerifierCache{
+ intf: intf,
+ verifier: make(map[uint64]TSigVerifier),
+ cacheSize: cacheSize,
+ }
+}
+
+// UpdateAndGet calls Update and then Get.
+func (tc *TSigVerifierCache) UpdateAndGet(round uint64) (
+ TSigVerifier, bool, error) {
+ ok, err := tc.Update(round)
+ if err != nil {
+ return nil, false, err
+ }
+ if !ok {
+ return nil, false, nil
+ }
+ v, ok := tc.Get(round)
+ return v, ok, nil
+}
+
+// Purge the cache.
+func (tc *TSigVerifierCache) Purge(round uint64) {
+ tc.lock.Lock()
+ defer tc.lock.Unlock()
+ delete(tc.verifier, round)
+}
+
+// Update the cache and returns if success.
+func (tc *TSigVerifierCache) Update(round uint64) (bool, error) {
+ tc.lock.Lock()
+ defer tc.lock.Unlock()
+ if round < tc.minRound {
+ return false, ErrRoundAlreadyPurged
+ }
+ if _, exist := tc.verifier[round]; exist {
+ return true, nil
+ }
+ if !tc.intf.IsDKGFinal(round) {
+ return false, nil
+ }
+ gpk, err := typesDKG.NewGroupPublicKey(round,
+ tc.intf.DKGMasterPublicKeys(round),
+ tc.intf.DKGComplaints(round),
+ utils.GetDKGThreshold(utils.GetConfigWithPanic(tc.intf, round, nil)))
+ if err != nil {
+ return false, err
+ }
+ if len(tc.verifier) == 0 {
+ tc.minRound = round
+ }
+ tc.verifier[round] = gpk
+ if len(tc.verifier) > tc.cacheSize {
+ delete(tc.verifier, tc.minRound)
+ }
+ for {
+ if _, exist := tc.verifier[tc.minRound]; !exist {
+ tc.minRound++
+ } else {
+ break
+ }
+ }
+ return true, nil
+}
+
+// Delete the cache of given round.
+func (tc *TSigVerifierCache) Delete(round uint64) {
+ tc.lock.Lock()
+ defer tc.lock.Unlock()
+ delete(tc.verifier, round)
+}
+
+// Get the TSigVerifier of round and returns if it exists.
+func (tc *TSigVerifierCache) Get(round uint64) (TSigVerifier, bool) {
+ tc.lock.RLock()
+ defer tc.lock.RUnlock()
+ verifier, exist := tc.verifier[round]
+ return verifier, exist
+}
+
+func newTSigProtocol(
+ npks *typesDKG.NodePublicKeys,
+ hash common.Hash) *tsigProtocol {
+ return &tsigProtocol{
+ nodePublicKeys: npks,
+ hash: hash,
+ sigs: make(map[dkg.ID]dkg.PartialSignature, npks.Threshold+1),
+ }
+}
+
+func (tsig *tsigProtocol) sanityCheck(psig *typesDKG.PartialSignature) error {
+ _, exist := tsig.nodePublicKeys.PublicKeys[psig.ProposerID]
+ if !exist {
+ return ErrNotQualifyDKGParticipant
+ }
+ ok, err := utils.VerifyDKGPartialSignatureSignature(psig)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectPartialSignatureSignature
+ }
+ if psig.Hash != tsig.hash {
+ return ErrMismatchPartialSignatureHash
+ }
+ return nil
+}
+
+func (tsig *tsigProtocol) processPartialSignature(
+ psig *typesDKG.PartialSignature) error {
+ if psig.Round != tsig.nodePublicKeys.Round {
+ return nil
+ }
+ id, exist := tsig.nodePublicKeys.IDMap[psig.ProposerID]
+ if !exist {
+ return ErrNotQualifyDKGParticipant
+ }
+ if err := tsig.sanityCheck(psig); err != nil {
+ return err
+ }
+ pubKey := tsig.nodePublicKeys.PublicKeys[psig.ProposerID]
+ if !pubKey.VerifySignature(
+ tsig.hash, crypto.Signature(psig.PartialSignature)) {
+ return ErrIncorrectPartialSignature
+ }
+ tsig.sigs[id] = psig.PartialSignature
+ return nil
+}
+
+func (tsig *tsigProtocol) signature() (crypto.Signature, error) {
+ if len(tsig.sigs) < tsig.nodePublicKeys.Threshold {
+ return crypto.Signature{}, ErrNotEnoughtPartialSignatures
+ }
+ ids := make(dkg.IDs, 0, len(tsig.sigs))
+ psigs := make([]dkg.PartialSignature, 0, len(tsig.sigs))
+ for id, psig := range tsig.sigs {
+ ids = append(ids, id)
+ psigs = append(psigs, psig)
+ }
+ return dkg.RecoverSignature(psigs, ids)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/interfaces.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/interfaces.go
new file mode 100644
index 000000000..3adcf78c9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/interfaces.go
@@ -0,0 +1,182 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+// Application describes the application interface that interacts with DEXON
+// consensus core.
+type Application interface {
+ // PreparePayload is called when consensus core is preparing a block.
+ PreparePayload(position types.Position) ([]byte, error)
+
+ // PrepareWitness will return the witness data no lower than consensusHeight.
+ PrepareWitness(consensusHeight uint64) (types.Witness, error)
+
+ // VerifyBlock verifies if the block is valid.
+ VerifyBlock(block *types.Block) types.BlockVerifyStatus
+
+ // BlockConfirmed is called when a block is confirmed and added to lattice.
+ BlockConfirmed(block types.Block)
+
+ // BlockDelivered is called when a block is added to the compaction chain.
+ BlockDelivered(hash common.Hash, position types.Position, rand []byte)
+}
+
+// Debug describes the application interface that requires
+// more detailed consensus execution.
+type Debug interface {
+ // BlockReceived is called when the block received in agreement.
+ BlockReceived(common.Hash)
+ // BlockReady is called when the block's randomness is ready.
+ BlockReady(common.Hash)
+}
+
+// Network describs the network interface that interacts with DEXON consensus
+// core.
+type Network interface {
+ // PullBlocks tries to pull blocks from the DEXON network.
+ PullBlocks(hashes common.Hashes)
+
+ // PullVotes tries to pull votes from the DEXON network.
+ PullVotes(position types.Position)
+
+ // BroadcastVote broadcasts vote to all nodes in DEXON network.
+ BroadcastVote(vote *types.Vote)
+
+ // BroadcastBlock broadcasts block to all nodes in DEXON network.
+ BroadcastBlock(block *types.Block)
+
+ // BroadcastAgreementResult broadcasts agreement result to DKG set.
+ BroadcastAgreementResult(randRequest *types.AgreementResult)
+
+ // SendDKGPrivateShare sends PrivateShare to a DKG participant.
+ SendDKGPrivateShare(pub crypto.PublicKey, prvShare *typesDKG.PrivateShare)
+
+ // BroadcastDKGPrivateShare broadcasts PrivateShare to all DKG participants.
+ BroadcastDKGPrivateShare(prvShare *typesDKG.PrivateShare)
+
+ // BroadcastDKGPartialSignature broadcasts partialSignature to all
+ // DKG participants.
+ BroadcastDKGPartialSignature(psig *typesDKG.PartialSignature)
+
+ // ReceiveChan returns a channel to receive messages from DEXON network.
+ ReceiveChan() <-chan types.Msg
+
+ // ReportBadPeerChan returns a channel to report bad peer.
+ ReportBadPeerChan() chan<- interface{}
+}
+
+// Governance interface specifies interface to control the governance contract.
+// Note that there are a lot more methods in the governance contract, that this
+// interface only define those that are required to run the consensus algorithm.
+type Governance interface {
+ // Configuration returns the configuration at a given round.
+ // Return the genesis configuration if round == 0.
+ Configuration(round uint64) *types.Config
+
+ // CRS returns the CRS for a given round. Return the genesis CRS if
+ // round == 0.
+ //
+ // The CRS returned is the proposed or latest reseted one, it would be
+ // changed later if corresponding DKG set failed to generate group public
+ // key.
+ CRS(round uint64) common.Hash
+
+ // Propose a CRS of round.
+ ProposeCRS(round uint64, signedCRS []byte)
+
+ // NodeSet returns the node set at a given round.
+ // Return the genesis node set if round == 0.
+ NodeSet(round uint64) []crypto.PublicKey
+
+ // Get the begin height of a round.
+ GetRoundHeight(round uint64) uint64
+
+ //// DKG-related methods.
+
+ // AddDKGComplaint adds a DKGComplaint.
+ AddDKGComplaint(complaint *typesDKG.Complaint)
+
+ // DKGComplaints gets all the DKGComplaints of round.
+ DKGComplaints(round uint64) []*typesDKG.Complaint
+
+ // AddDKGMasterPublicKey adds a DKGMasterPublicKey.
+ AddDKGMasterPublicKey(masterPublicKey *typesDKG.MasterPublicKey)
+
+ // DKGMasterPublicKeys gets all the DKGMasterPublicKey of round.
+ DKGMasterPublicKeys(round uint64) []*typesDKG.MasterPublicKey
+
+ // AddDKGMPKReady adds a DKG ready message.
+ AddDKGMPKReady(ready *typesDKG.MPKReady)
+
+ // IsDKGMPKReady checks if DKG's master public key preparation is ready.
+ IsDKGMPKReady(round uint64) bool
+
+ // AddDKGFinalize adds a DKG finalize message.
+ AddDKGFinalize(final *typesDKG.Finalize)
+
+ // IsDKGFinal checks if DKG is final.
+ IsDKGFinal(round uint64) bool
+
+ // AddDKGSuccess adds a DKG success message.
+ AddDKGSuccess(success *typesDKG.Success)
+
+ // IsDKGSuccess checks if DKG is success.
+ IsDKGSuccess(round uint64) bool
+
+ // ReportForkVote reports a node for forking votes.
+ ReportForkVote(vote1, vote2 *types.Vote)
+
+ // ReportForkBlock reports a node for forking blocks.
+ ReportForkBlock(block1, block2 *types.Block)
+
+ // ResetDKG resets latest DKG data and propose new CRS.
+ ResetDKG(newSignedCRS []byte)
+
+ // DKGResetCount returns the reset count for DKG of given round.
+ DKGResetCount(round uint64) uint64
+}
+
+// Ticker define the capability to tick by interval.
+type Ticker interface {
+ // Tick would return a channel, which would be triggered until next tick.
+ Tick() <-chan time.Time
+
+ // Stop the ticker.
+ Stop()
+
+ // Retart the ticker and clear all internal data.
+ Restart()
+}
+
+// Recovery interface for interacting with recovery information.
+type Recovery interface {
+ // ProposeSkipBlock proposes a skip block.
+ ProposeSkipBlock(height uint64) error
+
+ // Votes gets the number of votes of given height.
+ Votes(height uint64) (uint64, error)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/leader-selector.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/leader-selector.go
new file mode 100644
index 000000000..9e3d406a7
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/leader-selector.go
@@ -0,0 +1,149 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "math/big"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+type validLeaderFn func(block *types.Block, crs common.Hash) (bool, error)
+
+// Some constant value.
+var (
+ maxHash *big.Int
+ one *big.Rat
+)
+
+func init() {
+ hash := make([]byte, common.HashLength)
+ for i := range hash {
+ hash[i] = 0xff
+ }
+ maxHash = big.NewInt(0).SetBytes(hash)
+ one = big.NewRat(1, 1)
+}
+
+type leaderSelector struct {
+ hashCRS common.Hash
+ numCRS *big.Int
+ minCRSBlock *big.Int
+ minBlockHash common.Hash
+ pendingBlocks map[common.Hash]*types.Block
+ validLeader validLeaderFn
+ lock sync.Mutex
+ logger common.Logger
+}
+
+func newLeaderSelector(
+ validLeader validLeaderFn, logger common.Logger) *leaderSelector {
+ return &leaderSelector{
+ minCRSBlock: maxHash,
+ validLeader: validLeader,
+ logger: logger,
+ }
+}
+
+func (l *leaderSelector) distance(sig crypto.Signature) *big.Int {
+ hash := crypto.Keccak256Hash(sig.Signature[:])
+ num := big.NewInt(0)
+ num.SetBytes(hash[:])
+ num.Abs(num.Sub(l.numCRS, num))
+ return num
+}
+
+func (l *leaderSelector) probability(sig crypto.Signature) float64 {
+ dis := l.distance(sig)
+ prob := big.NewRat(1, 1).SetFrac(dis, maxHash)
+ p, _ := prob.Sub(one, prob).Float64()
+ return p
+}
+
+func (l *leaderSelector) restart(crs common.Hash) {
+ numCRS := big.NewInt(0)
+ numCRS.SetBytes(crs[:])
+ l.lock.Lock()
+ defer l.lock.Unlock()
+ l.numCRS = numCRS
+ l.hashCRS = crs
+ l.minCRSBlock = maxHash
+ l.minBlockHash = types.NullBlockHash
+ l.pendingBlocks = make(map[common.Hash]*types.Block)
+}
+
+func (l *leaderSelector) leaderBlockHash() common.Hash {
+ l.lock.Lock()
+ defer l.lock.Unlock()
+ for _, b := range l.pendingBlocks {
+ ok, dist := l.potentialLeader(b)
+ if !ok {
+ continue
+ }
+ ok, err := l.validLeader(b, l.hashCRS)
+ if err != nil {
+ l.logger.Error("Error checking validLeader", "error", err, "block", b)
+ delete(l.pendingBlocks, b.Hash)
+ continue
+ }
+ if ok {
+ l.updateLeader(b, dist)
+ delete(l.pendingBlocks, b.Hash)
+ }
+ }
+ return l.minBlockHash
+}
+
+func (l *leaderSelector) processBlock(block *types.Block) error {
+ l.lock.Lock()
+ defer l.lock.Unlock()
+ ok, dist := l.potentialLeader(block)
+ if !ok {
+ return nil
+ }
+ ok, err := l.validLeader(block, l.hashCRS)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ l.pendingBlocks[block.Hash] = block
+ return nil
+ }
+ l.updateLeader(block, dist)
+ return nil
+}
+
+func (l *leaderSelector) potentialLeader(block *types.Block) (bool, *big.Int) {
+ dist := l.distance(block.CRSSignature)
+ cmp := l.minCRSBlock.Cmp(dist)
+ return (cmp > 0 || (cmp == 0 && block.Hash.Less(l.minBlockHash))), dist
+}
+
+func (l *leaderSelector) updateLeader(block *types.Block, dist *big.Int) {
+ l.minCRSBlock = dist
+ l.minBlockHash = block.Hash
+}
+
+func (l *leaderSelector) findPendingBlock(
+ hash common.Hash) (*types.Block, bool) {
+ b, e := l.pendingBlocks[hash]
+ return b, e
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/nonblocking.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/nonblocking.go
new file mode 100644
index 000000000..516138a63
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/nonblocking.go
@@ -0,0 +1,137 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "fmt"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+type blockConfirmedEvent struct {
+ block *types.Block
+}
+
+type blockDeliveredEvent struct {
+ blockHash common.Hash
+ blockPosition types.Position
+ rand []byte
+}
+
+// nonBlocking implements these interfaces and is a decorator for
+// them that makes the methods to be non-blocking.
+// - Application
+// - Debug
+// - It also provides nonblockig for db update.
+type nonBlocking struct {
+ app Application
+ debug Debug
+ eventChan chan interface{}
+ events []interface{}
+ eventsChange *sync.Cond
+ running sync.WaitGroup
+}
+
+func newNonBlocking(app Application, debug Debug) *nonBlocking {
+ nonBlockingModule := &nonBlocking{
+ app: app,
+ debug: debug,
+ eventChan: make(chan interface{}, 6),
+ events: make([]interface{}, 0, 100),
+ eventsChange: sync.NewCond(&sync.Mutex{}),
+ }
+ go nonBlockingModule.run()
+ return nonBlockingModule
+}
+
+func (nb *nonBlocking) addEvent(event interface{}) {
+ nb.eventsChange.L.Lock()
+ defer nb.eventsChange.L.Unlock()
+ nb.events = append(nb.events, event)
+ nb.eventsChange.Broadcast()
+}
+
+func (nb *nonBlocking) run() {
+ // This go routine consume the first event from events and call the
+ // corresponding methods of Application/Debug/db.
+ for {
+ var event interface{}
+ func() {
+ nb.eventsChange.L.Lock()
+ defer nb.eventsChange.L.Unlock()
+ for len(nb.events) == 0 {
+ nb.eventsChange.Wait()
+ }
+ event = nb.events[0]
+ nb.events = nb.events[1:]
+ nb.running.Add(1)
+ }()
+ switch e := event.(type) {
+ case blockConfirmedEvent:
+ nb.app.BlockConfirmed(*e.block)
+ case blockDeliveredEvent:
+ nb.app.BlockDelivered(e.blockHash, e.blockPosition, e.rand)
+ default:
+ fmt.Printf("Unknown event %v.", e)
+ }
+ nb.running.Done()
+ nb.eventsChange.Broadcast()
+ }
+}
+
+// wait will wait for all event in events finishes.
+func (nb *nonBlocking) wait() {
+ nb.eventsChange.L.Lock()
+ defer nb.eventsChange.L.Unlock()
+ for len(nb.events) > 0 {
+ nb.eventsChange.Wait()
+ }
+ nb.running.Wait()
+}
+
+// PreparePayload cannot be non-blocking.
+func (nb *nonBlocking) PreparePayload(position types.Position) ([]byte, error) {
+ return nb.app.PreparePayload(position)
+}
+
+// PrepareWitness cannot be non-blocking.
+func (nb *nonBlocking) PrepareWitness(height uint64) (types.Witness, error) {
+ return nb.app.PrepareWitness(height)
+}
+
+// VerifyBlock cannot be non-blocking.
+func (nb *nonBlocking) VerifyBlock(block *types.Block) types.BlockVerifyStatus {
+ return nb.app.VerifyBlock(block)
+}
+
+// BlockConfirmed is called when a block is confirmed and added to lattice.
+func (nb *nonBlocking) BlockConfirmed(block types.Block) {
+ nb.addEvent(blockConfirmedEvent{&block})
+}
+
+// BlockDelivered is called when a block is add to the compaction chain.
+func (nb *nonBlocking) BlockDelivered(blockHash common.Hash,
+ blockPosition types.Position, rand []byte) {
+ nb.addEvent(blockDeliveredEvent{
+ blockHash: blockHash,
+ blockPosition: blockPosition,
+ rand: rand,
+ })
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/agreement.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/agreement.go
new file mode 100644
index 000000000..274cbfc79
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/agreement.go
@@ -0,0 +1,301 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus-core library.
+//
+// The dexon-consensus-core library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus-core library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus-core library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package syncer
+
+import (
+ "bytes"
+ "context"
+ "fmt"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Struct agreement implements struct of BA (Byzantine Agreement) protocol
+// needed in syncer, which only receives agreement results.
+type agreement struct {
+ chainTip uint64
+ cache *utils.NodeSetCache
+ tsigVerifierCache *core.TSigVerifierCache
+ inputChan chan interface{}
+ outputChan chan<- *types.Block
+ pullChan chan<- common.Hash
+ blocks map[types.Position]map[common.Hash]*types.Block
+ agreementResults map[common.Hash][]byte
+ latestCRSRound uint64
+ pendingAgrs map[uint64]map[common.Hash]*types.AgreementResult
+ pendingBlocks map[uint64]map[common.Hash]*types.Block
+ logger common.Logger
+ confirmedBlocks map[common.Hash]struct{}
+ ctx context.Context
+ ctxCancel context.CancelFunc
+}
+
+// newAgreement creates a new agreement instance.
+func newAgreement(chainTip uint64,
+ ch chan<- *types.Block, pullChan chan<- common.Hash,
+ cache *utils.NodeSetCache, verifier *core.TSigVerifierCache,
+ logger common.Logger) *agreement {
+ a := &agreement{
+ chainTip: chainTip,
+ cache: cache,
+ tsigVerifierCache: verifier,
+ inputChan: make(chan interface{}, 1000),
+ outputChan: ch,
+ pullChan: pullChan,
+ blocks: make(map[types.Position]map[common.Hash]*types.Block),
+ agreementResults: make(map[common.Hash][]byte),
+ logger: logger,
+ pendingAgrs: make(
+ map[uint64]map[common.Hash]*types.AgreementResult),
+ pendingBlocks: make(
+ map[uint64]map[common.Hash]*types.Block),
+ confirmedBlocks: make(map[common.Hash]struct{}),
+ }
+ a.ctx, a.ctxCancel = context.WithCancel(context.Background())
+ return a
+}
+
+// run starts the agreement, this does not start a new routine, go a new
+// routine explicitly in the caller.
+func (a *agreement) run() {
+ defer a.ctxCancel()
+ for {
+ select {
+ case val, ok := <-a.inputChan:
+ if !ok {
+ // InputChan is closed by network when network ends.
+ return
+ }
+ switch v := val.(type) {
+ case *types.Block:
+ if v.Position.Round >= core.DKGDelayRound && v.IsFinalized() {
+ a.processFinalizedBlock(v)
+ } else {
+ a.processBlock(v)
+ }
+ case *types.AgreementResult:
+ a.processAgreementResult(v)
+ case uint64:
+ a.processNewCRS(v)
+ }
+ }
+ }
+}
+
+func (a *agreement) processBlock(b *types.Block) {
+ if _, exist := a.confirmedBlocks[b.Hash]; exist {
+ return
+ }
+ if rand, exist := a.agreementResults[b.Hash]; exist {
+ if len(b.Randomness) == 0 {
+ b.Randomness = rand
+ }
+ a.confirm(b)
+ } else {
+ if _, exist := a.blocks[b.Position]; !exist {
+ a.blocks[b.Position] = make(map[common.Hash]*types.Block)
+ }
+ a.blocks[b.Position][b.Hash] = b
+ }
+}
+
+func (a *agreement) processFinalizedBlock(block *types.Block) {
+ // Cache those results that CRS is not ready yet.
+ if _, exists := a.confirmedBlocks[block.Hash]; exists {
+ a.logger.Trace("finalized block already confirmed", "block", block)
+ return
+ }
+ if block.Position.Round > a.latestCRSRound {
+ pendingsForRound, exists := a.pendingBlocks[block.Position.Round]
+ if !exists {
+ pendingsForRound = make(map[common.Hash]*types.Block)
+ a.pendingBlocks[block.Position.Round] = pendingsForRound
+ }
+ pendingsForRound[block.Hash] = block
+ a.logger.Trace("finalized block cached", "block", block)
+ return
+ }
+ if err := utils.VerifyBlockSignature(block); err != nil {
+ return
+ }
+ verifier, ok, err := a.tsigVerifierCache.UpdateAndGet(
+ block.Position.Round)
+ if err != nil {
+ a.logger.Error("error verifying block randomness",
+ "block", block,
+ "error", err)
+ return
+ }
+ if !ok {
+ a.logger.Error("cannot verify block randomness", "block", block)
+ return
+ }
+ if !verifier.VerifySignature(block.Hash, crypto.Signature{
+ Type: "bls",
+ Signature: block.Randomness,
+ }) {
+ a.logger.Error("incorrect block randomness", "block", block)
+ return
+ }
+ a.confirm(block)
+}
+
+func (a *agreement) processAgreementResult(r *types.AgreementResult) {
+ // Cache those results that CRS is not ready yet.
+ if _, exists := a.confirmedBlocks[r.BlockHash]; exists {
+ a.logger.Trace("Agreement result already confirmed", "result", r)
+ return
+ }
+ if r.Position.Round > a.latestCRSRound {
+ pendingsForRound, exists := a.pendingAgrs[r.Position.Round]
+ if !exists {
+ pendingsForRound = make(map[common.Hash]*types.AgreementResult)
+ a.pendingAgrs[r.Position.Round] = pendingsForRound
+ }
+ pendingsForRound[r.BlockHash] = r
+ a.logger.Trace("Agreement result cached", "result", r)
+ return
+ }
+ if err := core.VerifyAgreementResult(r, a.cache); err != nil {
+ a.logger.Error("Agreement result verification failed",
+ "result", r,
+ "error", err)
+ return
+ }
+ if r.Position.Round >= core.DKGDelayRound {
+ verifier, ok, err := a.tsigVerifierCache.UpdateAndGet(r.Position.Round)
+ if err != nil {
+ a.logger.Error("error verifying agreement result randomness",
+ "result", r,
+ "error", err)
+ return
+ }
+ if !ok {
+ a.logger.Error("cannot verify agreement result randomness", "result", r)
+ return
+ }
+ if !verifier.VerifySignature(r.BlockHash, crypto.Signature{
+ Type: "bls",
+ Signature: r.Randomness,
+ }) {
+ a.logger.Error("incorrect agreement result randomness", "result", r)
+ return
+ }
+ } else {
+ // Special case for rounds before DKGDelayRound.
+ if bytes.Compare(r.Randomness, core.NoRand) != 0 {
+ a.logger.Error("incorrect agreement result randomness", "result", r)
+ return
+ }
+ }
+ if r.IsEmptyBlock {
+ b := &types.Block{
+ Position: r.Position,
+ Randomness: r.Randomness,
+ }
+ // Empty blocks should be confirmed directly, they won't be sent over
+ // the wire.
+ a.confirm(b)
+ return
+ }
+ if bs, exist := a.blocks[r.Position]; exist {
+ if b, exist := bs[r.BlockHash]; exist {
+ b.Randomness = r.Randomness
+ a.confirm(b)
+ return
+ }
+ }
+ a.agreementResults[r.BlockHash] = r.Randomness
+loop:
+ for {
+ select {
+ case a.pullChan <- r.BlockHash:
+ break loop
+ case <-a.ctx.Done():
+ a.logger.Error("Pull request is not sent",
+ "position", &r.Position,
+ "hash", r.BlockHash.String()[:6])
+ return
+ case <-time.After(500 * time.Millisecond):
+ a.logger.Debug("Pull request is unable to send",
+ "position", &r.Position,
+ "hash", r.BlockHash.String()[:6])
+ }
+ }
+}
+
+func (a *agreement) processNewCRS(round uint64) {
+ if round <= a.latestCRSRound {
+ return
+ }
+ prevRound := a.latestCRSRound + 1
+ a.latestCRSRound = round
+ // Verify all pending results.
+ for r := prevRound; r <= a.latestCRSRound; r++ {
+ pendingsForRound := a.pendingAgrs[r]
+ if pendingsForRound == nil {
+ continue
+ }
+ delete(a.pendingAgrs, r)
+ for _, res := range pendingsForRound {
+ if err := core.VerifyAgreementResult(res, a.cache); err != nil {
+ a.logger.Error("Invalid agreement result",
+ "result", res,
+ "error", err)
+ continue
+ }
+ a.logger.Error("Flush agreement result", "result", res)
+ a.processAgreementResult(res)
+ break
+ }
+ }
+}
+
+// confirm notifies consensus the confirmation of a block in BA.
+func (a *agreement) confirm(b *types.Block) {
+ if !b.IsFinalized() {
+ panic(fmt.Errorf("confirm a block %s without randomness", b))
+ }
+ if _, exist := a.confirmedBlocks[b.Hash]; !exist {
+ delete(a.blocks, b.Position)
+ delete(a.agreementResults, b.Hash)
+ loop:
+ for {
+ select {
+ case a.outputChan <- b:
+ break loop
+ case <-a.ctx.Done():
+ a.logger.Error("Confirmed block is not sent", "block", b)
+ return
+ case <-time.After(500 * time.Millisecond):
+ a.logger.Debug("Agreement output channel is full", "block", b)
+ }
+ }
+ a.confirmedBlocks[b.Hash] = struct{}{}
+ }
+ if b.Position.Height > a.chainTip+1 {
+ if _, exist := a.confirmedBlocks[b.ParentHash]; !exist {
+ a.pullChan <- b.ParentHash
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/consensus.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/consensus.go
new file mode 100644
index 000000000..d12dc4863
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/consensus.go
@@ -0,0 +1,543 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package syncer
+
+import (
+ "context"
+ "fmt"
+ "sort"
+ "sync"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/db"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+var (
+ // ErrAlreadySynced is reported when syncer is synced.
+ ErrAlreadySynced = fmt.Errorf("already synced")
+ // ErrNotSynced is reported when syncer is not synced yet.
+ ErrNotSynced = fmt.Errorf("not synced yet")
+ // ErrGenesisBlockReached is reported when genesis block reached.
+ ErrGenesisBlockReached = fmt.Errorf("genesis block reached")
+ // ErrInvalidBlockOrder is reported when SyncBlocks receives unordered
+ // blocks.
+ ErrInvalidBlockOrder = fmt.Errorf("invalid block order")
+ // ErrInvalidSyncingHeight raised when the blocks to sync is not following
+ // the compaction chain tip in database.
+ ErrInvalidSyncingHeight = fmt.Errorf("invalid syncing height")
+)
+
+// Consensus is for syncing consensus module.
+type Consensus struct {
+ db db.Database
+ gov core.Governance
+ dMoment time.Time
+ logger common.Logger
+ app core.Application
+ prv crypto.PrivateKey
+ network core.Network
+ nodeSetCache *utils.NodeSetCache
+ tsigVerifier *core.TSigVerifierCache
+
+ blocks types.BlocksByPosition
+ agreementModule *agreement
+ agreementRoundCut uint64
+ heightEvt *common.Event
+ roundEvt *utils.RoundEvent
+
+ // lock for accessing all fields.
+ lock sync.RWMutex
+ duringBuffering bool
+ latestCRSRound uint64
+ waitGroup sync.WaitGroup
+ agreementWaitGroup sync.WaitGroup
+ pullChan chan common.Hash
+ receiveChan chan *types.Block
+ ctx context.Context
+ ctxCancel context.CancelFunc
+ syncedLastBlock *types.Block
+ syncedConsensus *core.Consensus
+ syncedSkipNext bool
+ dummyCancel context.CancelFunc
+ dummyFinished <-chan struct{}
+ dummyMsgBuffer []types.Msg
+ initChainTipHeight uint64
+}
+
+// NewConsensus creates an instance for Consensus (syncer consensus).
+func NewConsensus(
+ initHeight uint64,
+ dMoment time.Time,
+ app core.Application,
+ gov core.Governance,
+ db db.Database,
+ network core.Network,
+ prv crypto.PrivateKey,
+ logger common.Logger) *Consensus {
+
+ con := &Consensus{
+ dMoment: dMoment,
+ app: app,
+ gov: gov,
+ db: db,
+ network: network,
+ nodeSetCache: utils.NewNodeSetCache(gov),
+ tsigVerifier: core.NewTSigVerifierCache(gov, 7),
+ prv: prv,
+ logger: logger,
+ receiveChan: make(chan *types.Block, 1000),
+ pullChan: make(chan common.Hash, 1000),
+ heightEvt: common.NewEvent(),
+ }
+ con.ctx, con.ctxCancel = context.WithCancel(context.Background())
+ _, con.initChainTipHeight = db.GetCompactionChainTipInfo()
+ con.agreementModule = newAgreement(
+ con.initChainTipHeight,
+ con.receiveChan,
+ con.pullChan,
+ con.nodeSetCache,
+ con.tsigVerifier,
+ con.logger)
+ con.agreementWaitGroup.Add(1)
+ go func() {
+ defer con.agreementWaitGroup.Done()
+ con.agreementModule.run()
+ }()
+ if err := con.deliverPendingBlocks(initHeight); err != nil {
+ panic(err)
+ }
+ return con
+}
+
+func (con *Consensus) deliverPendingBlocks(height uint64) error {
+ if height >= con.initChainTipHeight {
+ return nil
+ }
+ blocks := make([]*types.Block, 0, con.initChainTipHeight-height)
+ hash, _ := con.db.GetCompactionChainTipInfo()
+ for {
+ block, err := con.db.GetBlock(hash)
+ if err != nil {
+ return err
+ }
+ if block.Position.Height == height {
+ break
+ }
+ blocks = append(blocks, &block)
+ hash = block.ParentHash
+ }
+ sort.Sort(types.BlocksByPosition(blocks))
+ for _, b := range blocks {
+ con.logger.Debug("Syncer BlockConfirmed", "block", b)
+ con.app.BlockConfirmed(*b)
+ con.logger.Debug("Syncer BlockDelivered", "block", b)
+ con.app.BlockDelivered(b.Hash, b.Position, b.Randomness)
+ }
+ return nil
+}
+
+func (con *Consensus) assureBuffering() {
+ if func() bool {
+ con.lock.RLock()
+ defer con.lock.RUnlock()
+ return con.duringBuffering
+ }() {
+ return
+ }
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ if con.duringBuffering {
+ return
+ }
+ con.duringBuffering = true
+ // Get latest block to prepare utils.RoundEvent.
+ var (
+ err error
+ blockHash, height = con.db.GetCompactionChainTipInfo()
+ )
+ if height == 0 {
+ con.roundEvt, err = utils.NewRoundEvent(con.ctx, con.gov, con.logger,
+ types.Position{}, core.ConfigRoundShift)
+ } else {
+ var b types.Block
+ if b, err = con.db.GetBlock(blockHash); err == nil {
+ con.roundEvt, err = utils.NewRoundEvent(con.ctx, con.gov,
+ con.logger, b.Position, core.ConfigRoundShift)
+ }
+ }
+ if err != nil {
+ panic(err)
+ }
+ // Make sure con.roundEvt stopped before stopping con.agreementModule.
+ con.waitGroup.Add(1)
+ // Register a round event handler to reset node set cache, this handler
+ // should be the highest priority.
+ con.roundEvt.Register(func(evts []utils.RoundEventParam) {
+ for _, e := range evts {
+ if e.Reset == 0 {
+ continue
+ }
+ con.nodeSetCache.Purge(e.Round + 1)
+ con.tsigVerifier.Purge(e.Round + 1)
+ }
+ })
+ // Register a round event handler to notify CRS to agreementModule.
+ con.roundEvt.Register(func(evts []utils.RoundEventParam) {
+ con.waitGroup.Add(1)
+ go func() {
+ defer con.waitGroup.Done()
+ for _, e := range evts {
+ select {
+ case <-con.ctx.Done():
+ return
+ default:
+ }
+ for func() bool {
+ select {
+ case <-con.ctx.Done():
+ return false
+ case con.agreementModule.inputChan <- e.Round:
+ return false
+ case <-time.After(500 * time.Millisecond):
+ con.logger.Warn(
+ "Agreement input channel is full when notifying new round",
+ "round", e.Round,
+ )
+ return true
+ }
+ }() {
+ }
+ }
+ }()
+ })
+ // Register a round event handler to validate next round.
+ con.roundEvt.Register(func(evts []utils.RoundEventParam) {
+ con.heightEvt.RegisterHeight(
+ evts[len(evts)-1].NextRoundValidationHeight(),
+ utils.RoundEventRetryHandlerGenerator(con.roundEvt, con.heightEvt),
+ )
+ })
+ con.roundEvt.TriggerInitEvent()
+ con.startAgreement()
+ con.startNetwork()
+}
+
+func (con *Consensus) checkIfSynced(blocks []*types.Block) (synced bool) {
+ con.lock.RLock()
+ defer con.lock.RUnlock()
+ defer func() {
+ con.logger.Debug("Syncer synced status",
+ "last-block", blocks[len(blocks)-1],
+ "synced", synced,
+ )
+ }()
+ if len(con.blocks) == 0 || len(blocks) == 0 {
+ return
+ }
+ synced = !blocks[len(blocks)-1].Position.Older(con.blocks[0].Position)
+ return
+}
+
+func (con *Consensus) buildAllEmptyBlocks() {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ // Clean empty blocks on tips of chains.
+ for len(con.blocks) > 0 && con.isEmptyBlock(con.blocks[0]) {
+ con.blocks = con.blocks[1:]
+ }
+ // Build empty blocks.
+ for i, b := range con.blocks {
+ if con.isEmptyBlock(b) {
+ if con.blocks[i-1].Position.Height+1 == b.Position.Height {
+ con.buildEmptyBlock(b, con.blocks[i-1])
+ }
+ }
+ }
+}
+
+// ForceSync forces syncer to become synced.
+func (con *Consensus) ForceSync(lastPos types.Position, skip bool) {
+ if con.syncedLastBlock != nil {
+ return
+ }
+ hash, height := con.db.GetCompactionChainTipInfo()
+ if height < lastPos.Height {
+ panic(fmt.Errorf("compaction chain not synced height %d, tip %d",
+ lastPos.Height, height))
+ } else if height > lastPos.Height {
+ skip = false
+ }
+ block, err := con.db.GetBlock(hash)
+ if err != nil {
+ panic(err)
+ }
+ con.syncedLastBlock = &block
+ con.stopBuffering()
+ // We might call stopBuffering without calling assureBuffering.
+ if con.dummyCancel == nil {
+ con.dummyCancel, con.dummyFinished = utils.LaunchDummyReceiver(
+ context.Background(), con.network.ReceiveChan(),
+ func(msg types.Msg) {
+ con.dummyMsgBuffer = append(con.dummyMsgBuffer, msg)
+ })
+ }
+ con.syncedSkipNext = skip
+ con.logger.Info("Force Sync", "block", &block, "skip", skip)
+}
+
+// SyncBlocks syncs blocks from compaction chain, latest is true if the caller
+// regards the blocks are the latest ones. Notice that latest can be true for
+// many times.
+// NOTICE: parameter "blocks" should be consecutive in compaction height.
+// NOTICE: this method is not expected to be called concurrently.
+func (con *Consensus) SyncBlocks(
+ blocks []*types.Block, latest bool) (synced bool, err error) {
+ defer func() {
+ con.logger.Debug("SyncBlocks returned",
+ "synced", synced,
+ "error", err,
+ "last-block", con.syncedLastBlock,
+ )
+ }()
+ if con.syncedLastBlock != nil {
+ synced, err = true, ErrAlreadySynced
+ return
+ }
+ if len(blocks) == 0 {
+ return
+ }
+ // Check if blocks are consecutive.
+ for i := 1; i < len(blocks); i++ {
+ if blocks[i].Position.Height != blocks[i-1].Position.Height+1 {
+ err = ErrInvalidBlockOrder
+ return
+ }
+ }
+ // Make sure the first block is the next block of current compaction chain
+ // tip in DB.
+ _, tipHeight := con.db.GetCompactionChainTipInfo()
+ if blocks[0].Position.Height != tipHeight+1 {
+ con.logger.Error("Mismatched block height",
+ "now", blocks[0].Position.Height,
+ "expected", tipHeight+1,
+ )
+ err = ErrInvalidSyncingHeight
+ return
+ }
+ con.logger.Trace("SyncBlocks",
+ "position", &blocks[0].Position,
+ "len", len(blocks),
+ "latest", latest,
+ )
+ for _, b := range blocks {
+ if err = con.db.PutBlock(*b); err != nil {
+ // A block might be put into db when confirmed by BA, but not
+ // finalized yet.
+ if err == db.ErrBlockExists {
+ err = con.db.UpdateBlock(*b)
+ }
+ if err != nil {
+ return
+ }
+ }
+ if err = con.db.PutCompactionChainTipInfo(
+ b.Hash, b.Position.Height); err != nil {
+ return
+ }
+ con.heightEvt.NotifyHeight(b.Position.Height)
+ }
+ if latest {
+ con.assureBuffering()
+ con.buildAllEmptyBlocks()
+ // Check if compaction and agreements' blocks are overlapped. The
+ // overlapping of compaction chain and BA's oldest blocks means the
+ // syncing is done.
+ if con.checkIfSynced(blocks) {
+ con.stopBuffering()
+ con.syncedLastBlock = blocks[len(blocks)-1]
+ synced = true
+ }
+ }
+ return
+}
+
+// GetSyncedConsensus returns the core.Consensus instance after synced.
+func (con *Consensus) GetSyncedConsensus() (*core.Consensus, error) {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ if con.syncedConsensus != nil {
+ return con.syncedConsensus, nil
+ }
+ if con.syncedLastBlock == nil {
+ return nil, ErrNotSynced
+ }
+ // flush all blocks in con.blocks into core.Consensus, and build
+ // core.Consensus from syncer.
+ con.dummyCancel()
+ <-con.dummyFinished
+ var err error
+ con.syncedConsensus, err = core.NewConsensusFromSyncer(
+ con.syncedLastBlock,
+ con.syncedSkipNext,
+ con.dMoment,
+ con.app,
+ con.gov,
+ con.db,
+ con.network,
+ con.prv,
+ con.blocks,
+ con.dummyMsgBuffer,
+ con.logger)
+ return con.syncedConsensus, err
+}
+
+// stopBuffering stops the syncer buffering routines.
+//
+// This method is mainly for caller to stop the syncer before synced, the syncer
+// would call this method automatically after being synced.
+func (con *Consensus) stopBuffering() {
+ if func() (notBuffering bool) {
+ con.lock.RLock()
+ defer con.lock.RUnlock()
+ notBuffering = !con.duringBuffering
+ return
+ }() {
+ return
+ }
+ if func() (alreadyCanceled bool) {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ if !con.duringBuffering {
+ alreadyCanceled = true
+ return
+ }
+ con.duringBuffering = false
+ con.logger.Trace("Syncer is about to stop")
+ // Stop network and CRS routines, wait until they are all stoped.
+ con.ctxCancel()
+ return
+ }() {
+ return
+ }
+ con.logger.Trace("Stop syncer modules")
+ con.roundEvt.Stop()
+ con.waitGroup.Done()
+ // Wait for all routines depends on con.agreementModule stopped.
+ con.waitGroup.Wait()
+ // Since there is no one waiting for the receive channel of fullnode, we
+ // need to launch a dummy receiver right away.
+ con.dummyCancel, con.dummyFinished = utils.LaunchDummyReceiver(
+ context.Background(), con.network.ReceiveChan(),
+ func(msg types.Msg) {
+ con.dummyMsgBuffer = append(con.dummyMsgBuffer, msg)
+ })
+ // Stop agreements.
+ con.logger.Trace("Stop syncer agreement modules")
+ con.stopAgreement()
+ con.logger.Trace("Syncer stopped")
+ return
+}
+
+// isEmptyBlock checks if a block is an empty block by both its hash and parent
+// hash are empty.
+func (con *Consensus) isEmptyBlock(b *types.Block) bool {
+ return b.Hash == common.Hash{} && b.ParentHash == common.Hash{}
+}
+
+// buildEmptyBlock builds an empty block in agreement.
+func (con *Consensus) buildEmptyBlock(b *types.Block, parent *types.Block) {
+ cfg := utils.GetConfigWithPanic(con.gov, b.Position.Round, con.logger)
+ b.Timestamp = parent.Timestamp.Add(cfg.MinBlockInterval)
+ b.Witness.Height = parent.Witness.Height
+ b.Witness.Data = make([]byte, len(parent.Witness.Data))
+ copy(b.Witness.Data, parent.Witness.Data)
+}
+
+// startAgreement starts agreements for receiving votes and agreements.
+func (con *Consensus) startAgreement() {
+ // Start a routine for listening receive channel and pull block channel.
+ go func() {
+ for {
+ select {
+ case b, ok := <-con.receiveChan:
+ if !ok {
+ return
+ }
+ func() {
+ con.lock.Lock()
+ defer con.lock.Unlock()
+ if len(con.blocks) > 0 &&
+ !b.Position.Newer(con.blocks[0].Position) {
+ return
+ }
+ con.blocks = append(con.blocks, b)
+ sort.Sort(con.blocks)
+ }()
+ case h, ok := <-con.pullChan:
+ if !ok {
+ return
+ }
+ con.network.PullBlocks(common.Hashes{h})
+ }
+ }
+ }()
+}
+
+// startNetwork starts network for receiving blocks and agreement results.
+func (con *Consensus) startNetwork() {
+ con.waitGroup.Add(1)
+ go func() {
+ defer con.waitGroup.Done()
+ loop:
+ for {
+ select {
+ case val := <-con.network.ReceiveChan():
+ switch v := val.Payload.(type) {
+ case *types.Block:
+ case *types.AgreementResult:
+ // Avoid byzantine nodes attack by broadcasting older
+ // agreement results. Normal nodes might report 'synced'
+ // while still fall behind other nodes.
+ if v.Position.Height <= con.initChainTipHeight {
+ continue loop
+ }
+ default:
+ continue loop
+ }
+ con.agreementModule.inputChan <- val.Payload
+ case <-con.ctx.Done():
+ break loop
+ }
+ }
+ }()
+}
+
+func (con *Consensus) stopAgreement() {
+ if con.agreementModule.inputChan != nil {
+ close(con.agreementModule.inputChan)
+ }
+ con.agreementWaitGroup.Wait()
+ con.agreementModule.inputChan = nil
+ close(con.receiveChan)
+ close(con.pullChan)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/watch-cat.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/watch-cat.go
new file mode 100644
index 000000000..e5ba911a7
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/syncer/watch-cat.go
@@ -0,0 +1,156 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus-core library.
+//
+// The dexon-consensus-core library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus-core library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus-core library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package syncer
+
+import (
+ "context"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+type configReader interface {
+ Configuration(round uint64) *types.Config
+}
+
+// WatchCat is reponsible for signaling if syncer object should be terminated.
+type WatchCat struct {
+ recovery core.Recovery
+ timeout time.Duration
+ configReader configReader
+ feed chan types.Position
+ lastPosition types.Position
+ polling time.Duration
+ ctx context.Context
+ cancel context.CancelFunc
+ logger common.Logger
+}
+
+// NewWatchCat creats a new WatchCat 🱠object.
+func NewWatchCat(
+ recovery core.Recovery,
+ configReader configReader,
+ polling time.Duration,
+ timeout time.Duration,
+ logger common.Logger) *WatchCat {
+ wc := &WatchCat{
+ recovery: recovery,
+ timeout: timeout,
+ configReader: configReader,
+ feed: make(chan types.Position),
+ polling: polling,
+ logger: logger,
+ }
+ return wc
+}
+
+// Feed the WatchCat so it won't produce the termination signal.
+func (wc *WatchCat) Feed(position types.Position) {
+ wc.feed <- position
+}
+
+// Start the WatchCat.
+func (wc *WatchCat) Start() {
+ wc.Stop()
+ wc.lastPosition = types.Position{}
+ wc.ctx, wc.cancel = context.WithCancel(context.Background())
+ go func() {
+ var lastPos types.Position
+ MonitorLoop:
+ for {
+ select {
+ case <-wc.ctx.Done():
+ return
+ default:
+ }
+ select {
+ case <-wc.ctx.Done():
+ return
+ case pos := <-wc.feed:
+ if !pos.Newer(lastPos) {
+ wc.logger.Warn("Feed with older height",
+ "pos", pos, "lastPos", lastPos)
+ continue
+ }
+ lastPos = pos
+ case <-time.After(wc.timeout):
+ break MonitorLoop
+ }
+ }
+ go func() {
+ for {
+ select {
+ case <-wc.ctx.Done():
+ return
+ case <-wc.feed:
+ }
+ }
+ }()
+ defer wc.cancel()
+ proposed := false
+ threshold := uint64(
+ utils.GetConfigWithPanic(wc.configReader, lastPos.Round, wc.logger).
+ NotarySetSize / 2)
+ wc.logger.Info("Threshold for recovery", "votes", threshold)
+ ResetLoop:
+ for {
+ if !proposed {
+ wc.logger.Info("Calling Recovery.ProposeSkipBlock",
+ "height", lastPos.Height)
+ if err := wc.recovery.ProposeSkipBlock(lastPos.Height); err != nil {
+ wc.logger.Warn("Failed to proposeSkipBlock", "height", lastPos.Height, "error", err)
+ } else {
+ proposed = true
+ }
+ }
+ votes, err := wc.recovery.Votes(lastPos.Height)
+ if err != nil {
+ wc.logger.Error("Failed to get recovery votes", "height", lastPos.Height, "error", err)
+ } else if votes > threshold {
+ wc.logger.Info("Threshold for recovery reached!")
+ wc.lastPosition = lastPos
+ break ResetLoop
+ }
+ select {
+ case <-wc.ctx.Done():
+ return
+ case <-time.After(wc.polling):
+ }
+ }
+ }()
+}
+
+// Stop the WatchCat.
+func (wc *WatchCat) Stop() {
+ if wc.cancel != nil {
+ wc.cancel()
+ }
+}
+
+// Meow return a closed channel if syncer should be terminated.
+func (wc *WatchCat) Meow() <-chan struct{} {
+ return wc.ctx.Done()
+}
+
+// LastPosition returns the last position for recovery.
+func (wc *WatchCat) LastPosition() types.Position {
+ return wc.lastPosition
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/ticker.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/ticker.go
new file mode 100644
index 000000000..aba56ef9f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/ticker.go
@@ -0,0 +1,127 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "context"
+ "fmt"
+ "sync"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// TickerType is the type of ticker.
+type TickerType int
+
+// TickerType enum.
+const (
+ TickerBA TickerType = iota
+ TickerDKG
+ TickerCRS
+)
+
+// defaultTicker is a wrapper to implement ticker interface based on
+// time.Ticker.
+type defaultTicker struct {
+ ticker *time.Ticker
+ tickerChan chan time.Time
+ duration time.Duration
+ ctx context.Context
+ ctxCancel context.CancelFunc
+ waitGroup sync.WaitGroup
+}
+
+// newDefaultTicker constructs an defaultTicker instance by giving an interval.
+func newDefaultTicker(lambda time.Duration) *defaultTicker {
+ ticker := &defaultTicker{duration: lambda}
+ ticker.init()
+ return ticker
+}
+
+// Tick implements Tick method of ticker interface.
+func (t *defaultTicker) Tick() <-chan time.Time {
+ return t.tickerChan
+}
+
+// Stop implements Stop method of ticker interface.
+func (t *defaultTicker) Stop() {
+ t.ticker.Stop()
+ t.ctxCancel()
+ t.waitGroup.Wait()
+ t.ctx = nil
+ t.ctxCancel = nil
+ close(t.tickerChan)
+ t.tickerChan = nil
+}
+
+// Restart implements Stop method of ticker interface.
+func (t *defaultTicker) Restart() {
+ t.Stop()
+ t.init()
+}
+
+func (t *defaultTicker) init() {
+ t.ticker = time.NewTicker(t.duration)
+ t.tickerChan = make(chan time.Time)
+ t.ctx, t.ctxCancel = context.WithCancel(context.Background())
+ t.waitGroup.Add(1)
+ go t.monitor()
+}
+
+func (t *defaultTicker) monitor() {
+ defer t.waitGroup.Done()
+loop:
+ for {
+ select {
+ case <-t.ctx.Done():
+ break loop
+ case v := <-t.ticker.C:
+ select {
+ case t.tickerChan <- v:
+ default:
+ }
+ }
+ }
+}
+
+// newTicker is a helper to setup a ticker by giving an Governance. If
+// the governace object implements a ticker generator, a ticker from that
+// generator would be returned, else constructs a default one.
+func newTicker(gov Governance, round uint64, tickerType TickerType) (t Ticker) {
+ type tickerGenerator interface {
+ NewTicker(TickerType) Ticker
+ }
+
+ if gen, ok := gov.(tickerGenerator); ok {
+ t = gen.NewTicker(tickerType)
+ }
+ if t == nil {
+ var duration time.Duration
+ switch tickerType {
+ case TickerBA:
+ duration = utils.GetConfigWithPanic(gov, round, nil).LambdaBA
+ case TickerDKG:
+ duration = utils.GetConfigWithPanic(gov, round, nil).LambdaDKG
+ default:
+ panic(fmt.Errorf("unknown ticker type: %d", tickerType))
+ }
+ t = newDefaultTicker(duration)
+ }
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block-randomness.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block-randomness.go
new file mode 100644
index 000000000..b97188705
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block-randomness.go
@@ -0,0 +1,44 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "encoding/hex"
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+)
+
+// AgreementResult describes an agremeent result.
+type AgreementResult struct {
+ BlockHash common.Hash `json:"block_hash"`
+ Position Position `json:"position"`
+ Votes []Vote `json:"votes"`
+ IsEmptyBlock bool `json:"is_empty_block"`
+ Randomness []byte `json:"randomness"`
+}
+
+func (r *AgreementResult) String() string {
+ if len(r.Randomness) == 0 {
+ return fmt.Sprintf("agreementResult{Block:%s Pos:%s}",
+ r.BlockHash.String()[:6], r.Position)
+ }
+ return fmt.Sprintf("agreementResult{Block:%s Pos:%s Rand:%s}",
+ r.BlockHash.String()[:6], r.Position,
+ hex.EncodeToString(r.Randomness)[:6])
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block.go
new file mode 100644
index 000000000..bc92211b9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/block.go
@@ -0,0 +1,227 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+// TODO(jimmy-dexon): remove comments of WitnessAck before open source.
+
+package types
+
+import (
+ "bytes"
+ "fmt"
+ "io"
+ "time"
+
+ "github.com/byzantine-lab/go-tangerine/rlp"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+// GenesisHeight refers to the initial height the genesis block should be.
+const GenesisHeight uint64 = 1
+
+// BlockVerifyStatus is the return code for core.Application.VerifyBlock
+type BlockVerifyStatus int
+
+// Enums for return value of core.Application.VerifyBlock.
+const (
+ // VerifyOK: Block is verified.
+ VerifyOK BlockVerifyStatus = iota
+ // VerifyRetryLater: Block is unable to be verified at this moment.
+ // Try again later.
+ VerifyRetryLater
+ // VerifyInvalidBlock: Block is an invalid one.
+ VerifyInvalidBlock
+)
+
+type rlpTimestamp struct {
+ time.Time
+}
+
+func (t *rlpTimestamp) EncodeRLP(w io.Writer) error {
+ return rlp.Encode(w, uint64(t.UTC().UnixNano()))
+}
+
+func (t *rlpTimestamp) DecodeRLP(s *rlp.Stream) error {
+ var nano uint64
+ err := s.Decode(&nano)
+ if err == nil {
+ sec := int64(nano) / 1000000000
+ nsec := int64(nano) % 1000000000
+ t.Time = time.Unix(sec, nsec).UTC()
+ }
+ return err
+}
+
+// Witness represents the consensus information on the compaction chain.
+type Witness struct {
+ Height uint64 `json:"height"`
+ Data []byte `json:"data"`
+}
+
+// Block represents a single event broadcasted on the network.
+type Block struct {
+ ProposerID NodeID `json:"proposer_id"`
+ ParentHash common.Hash `json:"parent_hash"`
+ Hash common.Hash `json:"hash"`
+ Position Position `json:"position"`
+ Timestamp time.Time `json:"timestamp"`
+ Payload []byte `json:"payload"`
+ PayloadHash common.Hash `json:"payload_hash"`
+ Witness Witness `json:"witness"`
+ Randomness []byte `json:"randomness"`
+ Signature crypto.Signature `json:"signature"`
+
+ CRSSignature crypto.Signature `json:"crs_signature"`
+}
+
+type rlpBlock struct {
+ ProposerID NodeID
+ ParentHash common.Hash
+ Hash common.Hash
+ Position Position
+ Timestamp *rlpTimestamp
+ Payload []byte
+ PayloadHash common.Hash
+ Witness *Witness
+ Randomness []byte
+ Signature crypto.Signature
+
+ CRSSignature crypto.Signature
+}
+
+// EncodeRLP implements rlp.Encoder
+func (b *Block) EncodeRLP(w io.Writer) error {
+ return rlp.Encode(w, rlpBlock{
+ ProposerID: b.ProposerID,
+ ParentHash: b.ParentHash,
+ Hash: b.Hash,
+ Position: b.Position,
+ Timestamp: &rlpTimestamp{b.Timestamp},
+ Payload: b.Payload,
+ PayloadHash: b.PayloadHash,
+ Witness: &b.Witness,
+ Randomness: b.Randomness,
+ Signature: b.Signature,
+ CRSSignature: b.CRSSignature,
+ })
+}
+
+// DecodeRLP implements rlp.Decoder
+func (b *Block) DecodeRLP(s *rlp.Stream) error {
+ var dec rlpBlock
+ err := s.Decode(&dec)
+ if err == nil {
+ *b = Block{
+ ProposerID: dec.ProposerID,
+ ParentHash: dec.ParentHash,
+ Hash: dec.Hash,
+ Position: dec.Position,
+ Timestamp: dec.Timestamp.Time,
+ Payload: dec.Payload,
+ PayloadHash: dec.PayloadHash,
+ Witness: *dec.Witness,
+ Randomness: dec.Randomness,
+ Signature: dec.Signature,
+ CRSSignature: dec.CRSSignature,
+ }
+ }
+ return err
+}
+
+func (b *Block) String() string {
+ return fmt.Sprintf("Block{Hash:%v %s}", b.Hash.String()[:6], b.Position)
+}
+
+// Clone returns a deep copy of a block.
+func (b *Block) Clone() (bcopy *Block) {
+ bcopy = &Block{}
+ bcopy.ProposerID = b.ProposerID
+ bcopy.ParentHash = b.ParentHash
+ bcopy.Hash = b.Hash
+ bcopy.Position.Round = b.Position.Round
+ bcopy.Position.Height = b.Position.Height
+ bcopy.Signature = b.Signature.Clone()
+ bcopy.CRSSignature = b.CRSSignature.Clone()
+ bcopy.Witness.Height = b.Witness.Height
+ bcopy.Witness.Data = common.CopyBytes(b.Witness.Data)
+ bcopy.Timestamp = b.Timestamp
+ bcopy.Payload = common.CopyBytes(b.Payload)
+ bcopy.PayloadHash = b.PayloadHash
+ bcopy.Randomness = common.CopyBytes(b.Randomness)
+ return
+}
+
+// IsGenesis checks if the block is a genesisBlock
+func (b *Block) IsGenesis() bool {
+ return b.Position.Height == GenesisHeight && b.ParentHash == common.Hash{}
+}
+
+// IsFinalized checks if the block is finalized.
+func (b *Block) IsFinalized() bool {
+ return len(b.Randomness) > 0
+}
+
+// IsEmpty checks if the block is an 'empty block'.
+func (b *Block) IsEmpty() bool {
+ return b.ProposerID.Hash == common.Hash{}
+}
+
+// ByHash is the helper type for sorting slice of blocks by hash.
+type ByHash []*Block
+
+func (b ByHash) Len() int {
+ return len(b)
+}
+
+func (b ByHash) Less(i int, j int) bool {
+ return bytes.Compare([]byte(b[i].Hash[:]), []byte(b[j].Hash[:])) == -1
+}
+
+func (b ByHash) Swap(i int, j int) {
+ b[i], b[j] = b[j], b[i]
+}
+
+// BlocksByPosition is the helper type for sorting slice of blocks by position.
+type BlocksByPosition []*Block
+
+// Len implements Len method in sort.Sort interface.
+func (bs BlocksByPosition) Len() int {
+ return len(bs)
+}
+
+// Less implements Less method in sort.Sort interface.
+func (bs BlocksByPosition) Less(i int, j int) bool {
+ return bs[j].Position.Newer(bs[i].Position)
+}
+
+// Swap implements Swap method in sort.Sort interface.
+func (bs BlocksByPosition) Swap(i int, j int) {
+ bs[i], bs[j] = bs[j], bs[i]
+}
+
+// Push implements Push method in heap interface.
+func (bs *BlocksByPosition) Push(x interface{}) {
+ *bs = append(*bs, x.(*Block))
+}
+
+// Pop implements Pop method in heap interface.
+func (bs *BlocksByPosition) Pop() (ret interface{}) {
+ n := len(*bs)
+ *bs, ret = (*bs)[0:n-1], (*bs)[n-1]
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/config.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/config.go
new file mode 100644
index 000000000..dce38369e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/config.go
@@ -0,0 +1,75 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "encoding/binary"
+ "time"
+)
+
+// Config stands for Current Configuration Parameters.
+type Config struct {
+ // Lambda related.
+ LambdaBA time.Duration
+ LambdaDKG time.Duration
+
+ // Set related.
+ NotarySetSize uint32
+
+ // Time related.
+ RoundLength uint64
+ MinBlockInterval time.Duration
+}
+
+// Clone return a copied configuration.
+func (c *Config) Clone() *Config {
+ return &Config{
+ LambdaBA: c.LambdaBA,
+ LambdaDKG: c.LambdaDKG,
+ NotarySetSize: c.NotarySetSize,
+ RoundLength: c.RoundLength,
+ MinBlockInterval: c.MinBlockInterval,
+ }
+}
+
+// Bytes returns []byte representation of Config.
+func (c *Config) Bytes() []byte {
+ binaryLambdaBA := make([]byte, 8)
+ binary.LittleEndian.PutUint64(
+ binaryLambdaBA, uint64(c.LambdaBA.Nanoseconds()))
+ binaryLambdaDKG := make([]byte, 8)
+ binary.LittleEndian.PutUint64(
+ binaryLambdaDKG, uint64(c.LambdaDKG.Nanoseconds()))
+
+ binaryNotarySetSize := make([]byte, 4)
+ binary.LittleEndian.PutUint32(binaryNotarySetSize, c.NotarySetSize)
+
+ binaryRoundLength := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRoundLength, c.RoundLength)
+ binaryMinBlockInterval := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryMinBlockInterval,
+ uint64(c.MinBlockInterval.Nanoseconds()))
+
+ enc := make([]byte, 0, 40)
+ enc = append(enc, binaryLambdaBA...)
+ enc = append(enc, binaryLambdaDKG...)
+ enc = append(enc, binaryNotarySetSize...)
+ enc = append(enc, binaryRoundLength...)
+ enc = append(enc, binaryMinBlockInterval...)
+ return enc
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/dkg/dkg.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/dkg/dkg.go
new file mode 100644
index 000000000..6c2b777cd
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/dkg/dkg.go
@@ -0,0 +1,485 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package dkg
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "io"
+
+ "github.com/byzantine-lab/go-tangerine/rlp"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ cryptoDKG "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+// Errors for typesDKG package.
+var (
+ ErrNotReachThreshold = fmt.Errorf("threshold not reach")
+ ErrInvalidThreshold = fmt.Errorf("invalid threshold")
+)
+
+// NewID creates a DKGID from NodeID.
+func NewID(ID types.NodeID) cryptoDKG.ID {
+ return cryptoDKG.NewID(ID.Hash[:])
+}
+
+// PrivateShare describe a secret share in DKG protocol.
+type PrivateShare struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ ReceiverID types.NodeID `json:"receiver_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ PrivateShare cryptoDKG.PrivateKey `json:"private_share"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+// Equal checks equality between two PrivateShare instances.
+func (p *PrivateShare) Equal(other *PrivateShare) bool {
+ return p.ProposerID.Equal(other.ProposerID) &&
+ p.ReceiverID.Equal(other.ReceiverID) &&
+ p.Round == other.Round &&
+ p.Reset == other.Reset &&
+ p.Signature.Type == other.Signature.Type &&
+ bytes.Compare(p.Signature.Signature, other.Signature.Signature) == 0 &&
+ bytes.Compare(
+ p.PrivateShare.Bytes(), other.PrivateShare.Bytes()) == 0
+}
+
+// MasterPublicKey decrtibe a master public key in DKG protocol.
+type MasterPublicKey struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ DKGID cryptoDKG.ID `json:"dkg_id"`
+ PublicKeyShares cryptoDKG.PublicKeyShares `json:"public_key_shares"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (d *MasterPublicKey) String() string {
+ return fmt.Sprintf("MasterPublicKey{KP:%s Round:%d Reset:%d}",
+ d.ProposerID.String()[:6],
+ d.Round,
+ d.Reset)
+}
+
+// Equal check equality of two DKG master public keys.
+func (d *MasterPublicKey) Equal(other *MasterPublicKey) bool {
+ return d.ProposerID.Equal(other.ProposerID) &&
+ d.Round == other.Round &&
+ d.Reset == other.Reset &&
+ d.DKGID.GetHexString() == other.DKGID.GetHexString() &&
+ d.PublicKeyShares.Equal(&other.PublicKeyShares) &&
+ d.Signature.Type == other.Signature.Type &&
+ bytes.Compare(d.Signature.Signature, other.Signature.Signature) == 0
+}
+
+type rlpMasterPublicKey struct {
+ ProposerID types.NodeID
+ Round uint64
+ Reset uint64
+ DKGID []byte
+ PublicKeyShares *cryptoDKG.PublicKeyShares
+ Signature crypto.Signature
+}
+
+// EncodeRLP implements rlp.Encoder
+func (d *MasterPublicKey) EncodeRLP(w io.Writer) error {
+ return rlp.Encode(w, rlpMasterPublicKey{
+ ProposerID: d.ProposerID,
+ Round: d.Round,
+ Reset: d.Reset,
+ DKGID: d.DKGID.GetLittleEndian(),
+ PublicKeyShares: &d.PublicKeyShares,
+ Signature: d.Signature,
+ })
+}
+
+// DecodeRLP implements rlp.Decoder
+func (d *MasterPublicKey) DecodeRLP(s *rlp.Stream) error {
+ var dec rlpMasterPublicKey
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ id, err := cryptoDKG.BytesID(dec.DKGID)
+ if err != nil {
+ return err
+ }
+
+ *d = MasterPublicKey{
+ ProposerID: dec.ProposerID,
+ Round: dec.Round,
+ Reset: dec.Reset,
+ DKGID: id,
+ PublicKeyShares: *dec.PublicKeyShares.Move(),
+ Signature: dec.Signature,
+ }
+ return err
+}
+
+// NewMasterPublicKey returns a new MasterPublicKey instance.
+func NewMasterPublicKey() *MasterPublicKey {
+ return &MasterPublicKey{
+ PublicKeyShares: *cryptoDKG.NewEmptyPublicKeyShares(),
+ }
+}
+
+// UnmarshalJSON implements json.Unmarshaller.
+func (d *MasterPublicKey) UnmarshalJSON(data []byte) error {
+ type innertMasterPublicKey MasterPublicKey
+ d.PublicKeyShares = *cryptoDKG.NewEmptyPublicKeyShares()
+ return json.Unmarshal(data, (*innertMasterPublicKey)(d))
+}
+
+// Complaint describe a complaint in DKG protocol.
+type Complaint struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ PrivateShare PrivateShare `json:"private_share"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (c *Complaint) String() string {
+ if c.IsNack() {
+ return fmt.Sprintf("DKGNackComplaint{CP:%s Round:%d Reset %d PSP:%s}",
+ c.ProposerID.String()[:6], c.Round, c.Reset,
+ c.PrivateShare.ProposerID.String()[:6])
+ }
+ return fmt.Sprintf("DKGComplaint{CP:%s Round:%d Reset %d PrivateShare:%v}",
+ c.ProposerID.String()[:6], c.Round, c.Reset, c.PrivateShare)
+}
+
+// Equal checks equality between two Complaint instances.
+func (c *Complaint) Equal(other *Complaint) bool {
+ return c.ProposerID.Equal(other.ProposerID) &&
+ c.Round == other.Round &&
+ c.Reset == other.Reset &&
+ c.PrivateShare.Equal(&other.PrivateShare) &&
+ c.Signature.Type == other.Signature.Type &&
+ bytes.Compare(c.Signature.Signature, other.Signature.Signature) == 0
+}
+
+type rlpComplaint struct {
+ ProposerID types.NodeID
+ Round uint64
+ Reset uint64
+ IsNack bool
+ PrivateShare []byte
+ Signature crypto.Signature
+}
+
+// EncodeRLP implements rlp.Encoder
+func (c *Complaint) EncodeRLP(w io.Writer) error {
+ if c.IsNack() {
+ return rlp.Encode(w, rlpComplaint{
+ ProposerID: c.ProposerID,
+ Round: c.Round,
+ Reset: c.Reset,
+ IsNack: true,
+ PrivateShare: c.PrivateShare.ProposerID.Hash[:],
+ Signature: c.Signature,
+ })
+ }
+ prvShare, err := rlp.EncodeToBytes(&c.PrivateShare)
+ if err != nil {
+ return err
+ }
+ return rlp.Encode(w, rlpComplaint{
+ ProposerID: c.ProposerID,
+ Round: c.Round,
+ Reset: c.Reset,
+ IsNack: false,
+ PrivateShare: prvShare,
+ Signature: c.Signature,
+ })
+}
+
+// DecodeRLP implements rlp.Decoder
+func (c *Complaint) DecodeRLP(s *rlp.Stream) error {
+ var dec rlpComplaint
+ if err := s.Decode(&dec); err != nil {
+ return err
+ }
+
+ var prvShare PrivateShare
+ if dec.IsNack {
+ copy(prvShare.ProposerID.Hash[:], dec.PrivateShare)
+ prvShare.Round = dec.Round
+ prvShare.Reset = dec.Reset
+ } else {
+ if err := rlp.DecodeBytes(dec.PrivateShare, &prvShare); err != nil {
+ return err
+ }
+ }
+
+ *c = Complaint{
+ ProposerID: dec.ProposerID,
+ Round: dec.Round,
+ Reset: dec.Reset,
+ PrivateShare: prvShare,
+ Signature: dec.Signature,
+ }
+ return nil
+}
+
+// IsNack returns true if it's a nack complaint in DKG protocol.
+func (c *Complaint) IsNack() bool {
+ return len(c.PrivateShare.Signature.Signature) == 0
+}
+
+// PartialSignature describe a partial signature in DKG protocol.
+type PartialSignature struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Hash common.Hash `json:"hash"`
+ PartialSignature cryptoDKG.PartialSignature `json:"partial_signature"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+// MPKReady describe a dkg ready message in DKG protocol.
+type MPKReady struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (ready *MPKReady) String() string {
+ return fmt.Sprintf("DKGMPKReady{RP:%s Round:%d Reset:%d}",
+ ready.ProposerID.String()[:6],
+ ready.Round,
+ ready.Reset)
+}
+
+// Equal check equality of two MPKReady instances.
+func (ready *MPKReady) Equal(other *MPKReady) bool {
+ return ready.ProposerID.Equal(other.ProposerID) &&
+ ready.Round == other.Round &&
+ ready.Reset == other.Reset &&
+ ready.Signature.Type == other.Signature.Type &&
+ bytes.Compare(ready.Signature.Signature, other.Signature.Signature) == 0
+}
+
+// Finalize describe a dkg finalize message in DKG protocol.
+type Finalize struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (final *Finalize) String() string {
+ return fmt.Sprintf("DKGFinal{FP:%s Round:%d Reset:%d}",
+ final.ProposerID.String()[:6],
+ final.Round,
+ final.Reset)
+}
+
+// Equal check equality of two Finalize instances.
+func (final *Finalize) Equal(other *Finalize) bool {
+ return final.ProposerID.Equal(other.ProposerID) &&
+ final.Round == other.Round &&
+ final.Reset == other.Reset &&
+ final.Signature.Type == other.Signature.Type &&
+ bytes.Compare(final.Signature.Signature, other.Signature.Signature) == 0
+}
+
+// Success describe a dkg success message in DKG protocol.
+type Success struct {
+ ProposerID types.NodeID `json:"proposer_id"`
+ Round uint64 `json:"round"`
+ Reset uint64 `json:"reset"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (s *Success) String() string {
+ return fmt.Sprintf("DKGSuccess{SP:%s Round:%d Reset:%d}",
+ s.ProposerID.String()[:6],
+ s.Round,
+ s.Reset)
+}
+
+// Equal check equality of two Success instances.
+func (s *Success) Equal(other *Success) bool {
+ return s.ProposerID.Equal(other.ProposerID) &&
+ s.Round == other.Round &&
+ s.Reset == other.Reset &&
+ s.Signature.Type == other.Signature.Type &&
+ bytes.Compare(s.Signature.Signature, other.Signature.Signature) == 0
+}
+
+// GroupPublicKey is the result of DKG protocol.
+type GroupPublicKey struct {
+ Round uint64
+ QualifyIDs cryptoDKG.IDs
+ QualifyNodeIDs map[types.NodeID]struct{}
+ IDMap map[types.NodeID]cryptoDKG.ID
+ GroupPublicKey *cryptoDKG.PublicKey
+ Threshold int
+}
+
+// VerifySignature verifies if the signature is correct.
+func (gpk *GroupPublicKey) VerifySignature(
+ hash common.Hash, sig crypto.Signature) bool {
+ return gpk.GroupPublicKey.VerifySignature(hash, sig)
+}
+
+// CalcQualifyNodes returns the qualified nodes.
+func CalcQualifyNodes(
+ mpks []*MasterPublicKey, complaints []*Complaint, threshold int) (
+ qualifyIDs cryptoDKG.IDs, qualifyNodeIDs map[types.NodeID]struct{}, err error) {
+ if len(mpks) < threshold {
+ err = ErrInvalidThreshold
+ return
+ }
+
+ // Calculate qualify members.
+ disqualifyIDs := map[types.NodeID]struct{}{}
+ complaintsByID := map[types.NodeID]map[types.NodeID]struct{}{}
+ for _, complaint := range complaints {
+ if complaint.IsNack() {
+ if _, exist := complaintsByID[complaint.PrivateShare.ProposerID]; !exist {
+ complaintsByID[complaint.PrivateShare.ProposerID] =
+ make(map[types.NodeID]struct{})
+ }
+ complaintsByID[complaint.PrivateShare.ProposerID][complaint.ProposerID] =
+ struct{}{}
+ } else {
+ disqualifyIDs[complaint.PrivateShare.ProposerID] = struct{}{}
+ }
+ }
+ for nID, complaints := range complaintsByID {
+ if len(complaints) >= threshold {
+ disqualifyIDs[nID] = struct{}{}
+ }
+ }
+ qualifyIDs = make(cryptoDKG.IDs, 0, len(mpks)-len(disqualifyIDs))
+ if cap(qualifyIDs) < threshold {
+ err = ErrNotReachThreshold
+ return
+ }
+ qualifyNodeIDs = make(map[types.NodeID]struct{})
+ for _, mpk := range mpks {
+ if _, exist := disqualifyIDs[mpk.ProposerID]; exist {
+ continue
+ }
+ qualifyIDs = append(qualifyIDs, mpk.DKGID)
+ qualifyNodeIDs[mpk.ProposerID] = struct{}{}
+ }
+ return
+}
+
+// NewGroupPublicKey creats a GroupPublicKey instance.
+func NewGroupPublicKey(
+ round uint64,
+ mpks []*MasterPublicKey, complaints []*Complaint,
+ threshold int) (
+ *GroupPublicKey, error) {
+ qualifyIDs, qualifyNodeIDs, err :=
+ CalcQualifyNodes(mpks, complaints, threshold)
+ if err != nil {
+ return nil, err
+ }
+ mpkMap := make(map[cryptoDKG.ID]*MasterPublicKey, cap(qualifyIDs))
+ idMap := make(map[types.NodeID]cryptoDKG.ID)
+ for _, mpk := range mpks {
+ if _, exist := qualifyNodeIDs[mpk.ProposerID]; !exist {
+ continue
+ }
+ mpkMap[mpk.DKGID] = mpk
+ idMap[mpk.ProposerID] = mpk.DKGID
+ }
+ // Recover Group Public Key.
+ pubShares := make([]*cryptoDKG.PublicKeyShares, 0, len(qualifyIDs))
+ for _, id := range qualifyIDs {
+ pubShares = append(pubShares, &mpkMap[id].PublicKeyShares)
+ }
+ groupPK := cryptoDKG.RecoverGroupPublicKey(pubShares)
+ return &GroupPublicKey{
+ Round: round,
+ QualifyIDs: qualifyIDs,
+ QualifyNodeIDs: qualifyNodeIDs,
+ IDMap: idMap,
+ Threshold: threshold,
+ GroupPublicKey: groupPK,
+ }, nil
+}
+
+// NodePublicKeys is the result of DKG protocol.
+type NodePublicKeys struct {
+ Round uint64
+ QualifyIDs cryptoDKG.IDs
+ QualifyNodeIDs map[types.NodeID]struct{}
+ IDMap map[types.NodeID]cryptoDKG.ID
+ PublicKeys map[types.NodeID]*cryptoDKG.PublicKey
+ Threshold int
+}
+
+// NewNodePublicKeys creats a NodePublicKeys instance.
+func NewNodePublicKeys(
+ round uint64,
+ mpks []*MasterPublicKey, complaints []*Complaint,
+ threshold int) (
+ *NodePublicKeys, error) {
+ qualifyIDs, qualifyNodeIDs, err :=
+ CalcQualifyNodes(mpks, complaints, threshold)
+ if err != nil {
+ return nil, err
+ }
+ mpkMap := make(map[cryptoDKG.ID]*MasterPublicKey, cap(qualifyIDs))
+ idMap := make(map[types.NodeID]cryptoDKG.ID)
+ for _, mpk := range mpks {
+ if _, exist := qualifyNodeIDs[mpk.ProposerID]; !exist {
+ continue
+ }
+ mpkMap[mpk.DKGID] = mpk
+ idMap[mpk.ProposerID] = mpk.DKGID
+ }
+ // Recover qualify members' public key.
+ pubKeys := make(map[types.NodeID]*cryptoDKG.PublicKey, len(qualifyIDs))
+ for _, recvID := range qualifyIDs {
+ pubShares := cryptoDKG.NewEmptyPublicKeyShares()
+ for _, id := range qualifyIDs {
+ pubShare, err := mpkMap[id].PublicKeyShares.Share(recvID)
+ if err != nil {
+ return nil, err
+ }
+ if err := pubShares.AddShare(id, pubShare); err != nil {
+ return nil, err
+ }
+ }
+ pubKey, err := pubShares.RecoverPublicKey(qualifyIDs)
+ if err != nil {
+ return nil, err
+ }
+ pubKeys[mpkMap[recvID].ProposerID] = pubKey
+ }
+ return &NodePublicKeys{
+ Round: round,
+ QualifyIDs: qualifyIDs,
+ QualifyNodeIDs: qualifyNodeIDs,
+ IDMap: idMap,
+ PublicKeys: pubKeys,
+ Threshold: threshold,
+ }, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/message.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/message.go
new file mode 100644
index 000000000..0335cfaae
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/message.go
@@ -0,0 +1,24 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+// Msg for the network ReceiveChan.
+type Msg struct {
+ PeerID interface{}
+ Payload interface{}
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/node.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/node.go
new file mode 100644
index 000000000..84b38a3b1
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/node.go
@@ -0,0 +1,61 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "bytes"
+ "encoding/hex"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+// NodeID is the ID type for nodes.
+type NodeID struct {
+ common.Hash
+}
+
+// NewNodeID returns a NodeID with Hash set to the hash value of
+// public key.
+func NewNodeID(pubKey crypto.PublicKey) NodeID {
+ return NodeID{Hash: crypto.Keccak256Hash(pubKey.Bytes()[1:])}
+}
+
+// Equal checks if the hash representation is the same NodeID.
+func (v NodeID) Equal(v2 NodeID) bool {
+ return v.Hash == v2.Hash
+}
+
+func (v NodeID) String() string {
+ return hex.EncodeToString(v.Hash[:])[:6]
+}
+
+// NodeIDs implements sort.Interface for NodeID.
+type NodeIDs []NodeID
+
+func (v NodeIDs) Len() int {
+ return len(v)
+}
+
+func (v NodeIDs) Less(i int, j int) bool {
+ return bytes.Compare([]byte(v[i].Hash[:]), []byte(v[j].Hash[:])) == -1
+}
+
+func (v NodeIDs) Swap(i int, j int) {
+ v[i], v[j] = v[j], v[i]
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/nodeset.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/nodeset.go
new file mode 100644
index 000000000..522bcb224
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/nodeset.go
@@ -0,0 +1,162 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "container/heap"
+ "encoding/binary"
+ "math/big"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+)
+
+// NodeSet is the node set structure as defined in DEXON consensus core.
+type NodeSet struct {
+ IDs map[NodeID]struct{}
+}
+
+// SubSetTarget is the sub set target for GetSubSet().
+type SubSetTarget struct {
+ data [][]byte
+}
+
+type subSetTargetType byte
+
+const (
+ targetNotarySet subSetTargetType = iota
+ targetNodeLeader
+)
+
+type nodeRank struct {
+ ID NodeID
+ rank *big.Int
+}
+
+// rankHeap is a MaxHeap structure.
+type rankHeap []*nodeRank
+
+func (h rankHeap) Len() int { return len(h) }
+func (h rankHeap) Less(i, j int) bool { return h[i].rank.Cmp(h[j].rank) > 0 }
+func (h rankHeap) Swap(i, j int) { h[i], h[j] = h[j], h[i] }
+func (h *rankHeap) Push(x interface{}) {
+ *h = append(*h, x.(*nodeRank))
+}
+func (h *rankHeap) Pop() interface{} {
+ old := *h
+ n := len(old)
+ x := old[n-1]
+ *h = old[0 : n-1]
+ return x
+}
+
+// NewNodeSet creates a new NodeSet instance.
+func NewNodeSet() *NodeSet {
+ return &NodeSet{
+ IDs: make(map[NodeID]struct{}),
+ }
+}
+
+// NewNodeSetFromMap creates a new NodeSet from NodeID map.
+func NewNodeSetFromMap(nodes map[NodeID]struct{}) *NodeSet {
+ nIDs := make(map[NodeID]struct{}, len(nodes))
+ for nID := range nodes {
+ nIDs[nID] = struct{}{}
+ }
+ return &NodeSet{
+ IDs: nIDs,
+ }
+}
+
+// NewNotarySetTarget is the target for getting Notary Set.
+func NewNotarySetTarget(crs common.Hash) *SubSetTarget {
+ return newTarget(targetNotarySet, crs[:])
+}
+
+// NewNodeLeaderTarget is the target for getting leader of fast BA.
+func NewNodeLeaderTarget(crs common.Hash, height uint64) *SubSetTarget {
+ binaryHeight := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryHeight, height)
+ return newTarget(targetNodeLeader, crs[:], binaryHeight)
+}
+
+// Add a NodeID to the set.
+func (ns *NodeSet) Add(ID NodeID) {
+ ns.IDs[ID] = struct{}{}
+}
+
+// Clone the NodeSet.
+func (ns *NodeSet) Clone() *NodeSet {
+ nsCopy := NewNodeSet()
+ for ID := range ns.IDs {
+ nsCopy.Add(ID)
+ }
+ return nsCopy
+}
+
+// GetSubSet returns the subset of given target.
+func (ns *NodeSet) GetSubSet(
+ size int, target *SubSetTarget) map[NodeID]struct{} {
+ if size == 0 {
+ return make(map[NodeID]struct{})
+ }
+ h := rankHeap{}
+ idx := 0
+ for nID := range ns.IDs {
+ if idx < size {
+ h = append(h, newNodeRank(nID, target))
+ } else if idx == size {
+ heap.Init(&h)
+ }
+ if idx >= size {
+ rank := newNodeRank(nID, target)
+ if rank.rank.Cmp(h[0].rank) < 0 {
+ h[0] = rank
+ heap.Fix(&h, 0)
+ }
+ }
+ idx++
+ }
+
+ nIDs := make(map[NodeID]struct{}, size)
+ for _, rank := range h {
+ nIDs[rank.ID] = struct{}{}
+ }
+
+ return nIDs
+}
+
+func newTarget(targetType subSetTargetType, data ...[]byte) *SubSetTarget {
+ data = append(data, []byte{byte(targetType)})
+ return &SubSetTarget{
+ data: data,
+ }
+}
+
+func newNodeRank(ID NodeID, target *SubSetTarget) *nodeRank {
+ data := make([][]byte, 1, len(target.data)+1)
+ data[0] = make([]byte, len(ID.Hash))
+ copy(data[0], ID.Hash[:])
+ data = append(data, target.data...)
+ h := crypto.Keccak256Hash(data...)
+ num := new(big.Int).SetBytes(h[:])
+ return &nodeRank{
+ ID: ID,
+ rank: num,
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/position.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/position.go
new file mode 100644
index 000000000..81d23c266
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/position.go
@@ -0,0 +1,51 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "fmt"
+)
+
+// Position describes the position in the block lattice of an entity.
+type Position struct {
+ Round uint64 `json:"round"`
+ Height uint64 `json:"height"`
+}
+
+func (pos Position) String() string {
+ return fmt.Sprintf("Position{Round:%d Height:%d}", pos.Round, pos.Height)
+}
+
+// Equal checks if two positions are equal.
+func (pos Position) Equal(other Position) bool {
+ return pos.Round == other.Round && pos.Height == other.Height
+}
+
+// Newer checks if one block is newer than another one on the same chain.
+// If two blocks on different chain compared by this function, it would panic.
+func (pos Position) Newer(other Position) bool {
+ return pos.Round > other.Round ||
+ (pos.Round == other.Round && pos.Height > other.Height)
+}
+
+// Older checks if one block is older than another one on the same chain.
+// If two blocks on different chain compared by this function, it would panic.
+func (pos Position) Older(other Position) bool {
+ return pos.Round < other.Round ||
+ (pos.Round == other.Round && pos.Height < other.Height)
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/types/vote.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/vote.go
new file mode 100644
index 000000000..def09293a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/types/vote.go
@@ -0,0 +1,100 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package types
+
+import (
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ cryptoDKG "github.com/byzantine-lab/dexon-consensus/core/crypto/dkg"
+)
+
+// VoteType is the type of vote.
+type VoteType byte
+
+// VoteType enum.
+const (
+ VoteInit VoteType = iota
+ VotePreCom
+ VoteCom
+ VoteFast
+ VoteFastCom
+ // Do not add any type below MaxVoteType.
+ MaxVoteType
+)
+
+// NullBlockHash is the blockHash for ⊥ value.
+var NullBlockHash common.Hash
+
+// SkipBlockHash is the blockHash for SKIP value.
+var SkipBlockHash common.Hash
+
+func init() {
+ for idx := range SkipBlockHash {
+ SkipBlockHash[idx] = 0xff
+ }
+}
+
+// VoteHeader is the header for vote, which can be used as map keys.
+type VoteHeader struct {
+ ProposerID NodeID `json:"proposer_id"`
+ Type VoteType `json:"type"`
+ BlockHash common.Hash `json:"block_hash"`
+ Period uint64 `json:"period"`
+ Position Position `json:"position"`
+}
+
+// Vote is the vote structure defined in Crypto Shuffle Algorithm.
+type Vote struct {
+ VoteHeader `json:"header"`
+ PartialSignature cryptoDKG.PartialSignature `json:"partial_signature"`
+ Signature crypto.Signature `json:"signature"`
+}
+
+func (v *Vote) String() string {
+ return fmt.Sprintf("Vote{VP:%s %s Period:%d Type:%d Hash:%s}",
+ v.ProposerID.String()[:6],
+ v.Position, v.Period, v.Type, v.BlockHash.String()[:6])
+}
+
+// NewVote constructs a Vote instance with header fields.
+func NewVote(t VoteType, hash common.Hash, period uint64) *Vote {
+ return &Vote{
+ VoteHeader: VoteHeader{
+ Type: t,
+ BlockHash: hash,
+ Period: period,
+ }}
+}
+
+// Clone returns a deep copy of a vote.
+func (v *Vote) Clone() *Vote {
+ return &Vote{
+ VoteHeader: VoteHeader{
+ ProposerID: v.ProposerID,
+ Type: v.Type,
+ BlockHash: v.BlockHash,
+ Period: v.Period,
+ Position: v.Position,
+ },
+ PartialSignature: cryptoDKG.PartialSignature(
+ crypto.Signature(v.PartialSignature).Clone()),
+ Signature: v.Signature.Clone(),
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils.go
new file mode 100644
index 000000000..4cb3bf18a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils.go
@@ -0,0 +1,255 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package core
+
+import (
+ "context"
+ "errors"
+ "fmt"
+ "os"
+ "sort"
+ "time"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ "github.com/byzantine-lab/dexon-consensus/core/utils"
+)
+
+// Errors for utils.
+var (
+ ErrIncorrectVoteBlockHash = fmt.Errorf(
+ "incorrect vote block hash")
+ ErrIncorrectVoteType = fmt.Errorf(
+ "incorrect vote type")
+ ErrIncorrectVotePosition = fmt.Errorf(
+ "incorrect vote position")
+ ErrIncorrectVoteProposer = fmt.Errorf(
+ "incorrect vote proposer")
+ ErrIncorrectVotePeriod = fmt.Errorf(
+ "incorrect vote period")
+)
+
+// NodeSetCache is type alias to avoid fullnode compile error when moving
+// it to core/utils package.
+type NodeSetCache = utils.NodeSetCache
+
+// NewNodeSetCache is function alias to avoid fullnode compile error when moving
+// it to core/utils package.
+var NewNodeSetCache = utils.NewNodeSetCache
+
+var (
+ debug = false
+ // ErrEmptyTimestamps would be reported if Block.timestamps is empty.
+ ErrEmptyTimestamps = errors.New("timestamp vector should not be empty")
+)
+
+func init() {
+ if os.Getenv("DEBUG") != "" {
+ debug = true
+ }
+}
+
+// Debugf is like fmt.Printf, but only output when we are in debug mode.
+func Debugf(format string, args ...interface{}) {
+ if debug {
+ fmt.Printf(format, args...)
+ }
+}
+
+// Debugln is like fmt.Println, but only output when we are in debug mode.
+func Debugln(args ...interface{}) {
+ if debug {
+ fmt.Println(args...)
+ }
+}
+
+func interpoTime(t1 time.Time, t2 time.Time, sep int) []time.Time {
+ if sep == 0 {
+ return []time.Time{}
+ }
+ if t1.After(t2) {
+ return interpoTime(t2, t1, sep)
+ }
+ timestamps := make([]time.Time, sep)
+ duration := t2.Sub(t1)
+ period := time.Duration(
+ (duration.Nanoseconds() / int64(sep+1))) * time.Nanosecond
+ prevTime := t1
+ for idx := range timestamps {
+ prevTime = prevTime.Add(period)
+ timestamps[idx] = prevTime
+ }
+ return timestamps
+}
+
+func getMedianTime(timestamps []time.Time) (t time.Time, err error) {
+ if len(timestamps) == 0 {
+ err = ErrEmptyTimestamps
+ return
+ }
+ tscopy := make([]time.Time, 0, len(timestamps))
+ for _, ts := range timestamps {
+ tscopy = append(tscopy, ts)
+ }
+ sort.Sort(common.ByTime(tscopy))
+ if len(tscopy)%2 == 0 {
+ t1 := tscopy[len(tscopy)/2-1]
+ t2 := tscopy[len(tscopy)/2]
+ t = interpoTime(t1, t2, 1)[0]
+ } else {
+ t = tscopy[len(tscopy)/2]
+ }
+ return
+}
+
+func removeFromSortedUint32Slice(xs []uint32, x uint32) []uint32 {
+ indexToRemove := sort.Search(len(xs), func(idx int) bool {
+ return xs[idx] >= x
+ })
+ if indexToRemove == len(xs) || xs[indexToRemove] != x {
+ // This value is not found.
+ return xs
+ }
+ return append(xs[:indexToRemove], xs[indexToRemove+1:]...)
+}
+
+// HashConfigurationBlock returns the hash value of configuration block.
+func HashConfigurationBlock(
+ notarySet map[types.NodeID]struct{},
+ config *types.Config,
+ snapshotHash common.Hash,
+ prevHash common.Hash,
+) common.Hash {
+ notaryIDs := make(types.NodeIDs, 0, len(notarySet))
+ for nID := range notarySet {
+ notaryIDs = append(notaryIDs, nID)
+ }
+ sort.Sort(notaryIDs)
+ notarySetBytes := make([]byte, 0, len(notarySet)*len(common.Hash{}))
+ for _, nID := range notaryIDs {
+ notarySetBytes = append(notarySetBytes, nID.Hash[:]...)
+ }
+ configBytes := config.Bytes()
+
+ return crypto.Keccak256Hash(
+ notarySetBytes[:],
+ configBytes[:],
+ snapshotHash[:],
+ prevHash[:],
+ )
+}
+
+// VerifyAgreementResult perform sanity check against a types.AgreementResult
+// instance.
+func VerifyAgreementResult(
+ res *types.AgreementResult, cache *NodeSetCache) error {
+ if res.Position.Round >= DKGDelayRound {
+ if len(res.Randomness) == 0 {
+ return ErrMissingRandomness
+ }
+ return nil
+ }
+ notarySet, err := cache.GetNotarySet(res.Position.Round)
+ if err != nil {
+ return err
+ }
+ if len(res.Votes) < len(notarySet)*2/3+1 {
+ return ErrNotEnoughVotes
+ }
+ voted := make(map[types.NodeID]struct{}, len(notarySet))
+ voteType := res.Votes[0].Type
+ votePeriod := res.Votes[0].Period
+ if voteType != types.VoteFastCom && voteType != types.VoteCom {
+ return ErrIncorrectVoteType
+ }
+ for _, vote := range res.Votes {
+ if vote.Period != votePeriod {
+ return ErrIncorrectVotePeriod
+ }
+ if res.IsEmptyBlock {
+ if (vote.BlockHash != common.Hash{}) {
+ return ErrIncorrectVoteBlockHash
+ }
+ } else {
+ if vote.BlockHash != res.BlockHash {
+ return ErrIncorrectVoteBlockHash
+ }
+ }
+ if vote.Type != voteType {
+ return ErrIncorrectVoteType
+ }
+ if vote.Position != res.Position {
+ return ErrIncorrectVotePosition
+ }
+ if _, exist := notarySet[vote.ProposerID]; !exist {
+ return ErrIncorrectVoteProposer
+ }
+ ok, err := utils.VerifyVoteSignature(&vote)
+ if err != nil {
+ return err
+ }
+ if !ok {
+ return ErrIncorrectVoteSignature
+ }
+ voted[vote.ProposerID] = struct{}{}
+ }
+ if len(voted) < len(notarySet)*2/3+1 {
+ return ErrNotEnoughVotes
+ }
+ return nil
+}
+
+// DiffUint64 calculates difference between two uint64.
+func DiffUint64(a, b uint64) uint64 {
+ if a > b {
+ return a - b
+ }
+ return b - a
+}
+
+func isCI() bool {
+ return os.Getenv("CI") != ""
+}
+
+func isCircleCI() bool {
+ return isCI() && os.Getenv("CIRCLECI") == "true"
+}
+
+func isTravisCI() bool {
+ return isCI() && os.Getenv("TRAVIS") == "true"
+}
+
+// checkWithCancel is a helper to perform periodic checking with cancel.
+func checkWithCancel(parentCtx context.Context, interval time.Duration,
+ checker func() bool) (ret bool) {
+ ctx, cancel := context.WithCancel(parentCtx)
+ defer cancel()
+Loop:
+ for {
+ if ret = checker(); ret {
+ return
+ }
+ select {
+ case <-ctx.Done():
+ break Loop
+ case <-time.After(interval):
+ }
+ }
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/crypto.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/crypto.go
new file mode 100644
index 000000000..161c1d495
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/crypto.go
@@ -0,0 +1,376 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "bytes"
+ "encoding/binary"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+func hashWitness(witness *types.Witness) (common.Hash, error) {
+ binaryHeight := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryHeight, witness.Height)
+ return crypto.Keccak256Hash(
+ binaryHeight,
+ witness.Data), nil
+}
+
+// HashBlock generates hash of a types.Block.
+func HashBlock(block *types.Block) (common.Hash, error) {
+ hashPosition := HashPosition(block.Position)
+ binaryTimestamp, err := block.Timestamp.UTC().MarshalBinary()
+ if err != nil {
+ return common.Hash{}, err
+ }
+ binaryWitness, err := hashWitness(&block.Witness)
+ if err != nil {
+ return common.Hash{}, err
+ }
+
+ hash := crypto.Keccak256Hash(
+ block.ProposerID.Hash[:],
+ block.ParentHash[:],
+ hashPosition[:],
+ binaryTimestamp[:],
+ block.PayloadHash[:],
+ binaryWitness[:])
+ return hash, nil
+}
+
+// VerifyBlockSignature verifies the signature of types.Block.
+func VerifyBlockSignature(b *types.Block) (err error) {
+ payloadHash := crypto.Keccak256Hash(b.Payload)
+ if payloadHash != b.PayloadHash {
+ err = ErrIncorrectHash
+ return
+ }
+ return VerifyBlockSignatureWithoutPayload(b)
+}
+
+// VerifyBlockSignatureWithoutPayload verifies the signature of types.Block but
+// does not check if PayloadHash is correct.
+func VerifyBlockSignatureWithoutPayload(b *types.Block) (err error) {
+ hash, err := HashBlock(b)
+ if err != nil {
+ return
+ }
+ if hash != b.Hash {
+ err = ErrIncorrectHash
+ return
+ }
+ pubKey, err := crypto.SigToPub(b.Hash, b.Signature)
+ if err != nil {
+ return
+ }
+ if !b.ProposerID.Equal(types.NewNodeID(pubKey)) {
+ err = ErrIncorrectSignature
+ return
+ }
+ return
+
+}
+
+// HashVote generates hash of a types.Vote.
+func HashVote(vote *types.Vote) common.Hash {
+ binaryPeriod := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryPeriod, vote.Period)
+
+ hashPosition := HashPosition(vote.Position)
+
+ hash := crypto.Keccak256Hash(
+ vote.ProposerID.Hash[:],
+ vote.BlockHash[:],
+ binaryPeriod,
+ hashPosition[:],
+ vote.PartialSignature.Signature[:],
+ []byte{byte(vote.Type)},
+ )
+ return hash
+}
+
+// VerifyVoteSignature verifies the signature of types.Vote.
+func VerifyVoteSignature(vote *types.Vote) (bool, error) {
+ hash := HashVote(vote)
+ pubKey, err := crypto.SigToPub(hash, vote.Signature)
+ if err != nil {
+ return false, err
+ }
+ if vote.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+func hashCRS(block *types.Block, crs common.Hash) common.Hash {
+ hashPos := HashPosition(block.Position)
+ if block.Position.Round < dkgDelayRound {
+ return crypto.Keccak256Hash(crs[:], hashPos[:], block.ProposerID.Hash[:])
+ }
+ return crypto.Keccak256Hash(crs[:], hashPos[:])
+}
+
+// VerifyCRSSignature verifies the CRS signature of types.Block.
+func VerifyCRSSignature(
+ block *types.Block, crs common.Hash, npks *typesDKG.NodePublicKeys) bool {
+ hash := hashCRS(block, crs)
+ if block.Position.Round < dkgDelayRound {
+ return bytes.Compare(block.CRSSignature.Signature[:], hash[:]) == 0
+ }
+ if npks == nil {
+ return false
+ }
+ pubKey, exist := npks.PublicKeys[block.ProposerID]
+ if !exist {
+ return false
+ }
+ return pubKey.VerifySignature(hash, block.CRSSignature)
+}
+
+// HashPosition generates hash of a types.Position.
+func HashPosition(position types.Position) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, position.Round)
+
+ binaryHeight := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryHeight, position.Height)
+
+ return crypto.Keccak256Hash(
+ binaryRound,
+ binaryHeight,
+ )
+}
+
+func hashDKGPrivateShare(prvShare *typesDKG.PrivateShare) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, prvShare.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, prvShare.Reset)
+
+ return crypto.Keccak256Hash(
+ prvShare.ProposerID.Hash[:],
+ prvShare.ReceiverID.Hash[:],
+ binaryRound,
+ binaryReset,
+ prvShare.PrivateShare.Bytes(),
+ )
+}
+
+// VerifyDKGPrivateShareSignature verifies the signature of
+// typesDKG.PrivateShare.
+func VerifyDKGPrivateShareSignature(
+ prvShare *typesDKG.PrivateShare) (bool, error) {
+ hash := hashDKGPrivateShare(prvShare)
+ pubKey, err := crypto.SigToPub(hash, prvShare.Signature)
+ if err != nil {
+ return false, err
+ }
+ if prvShare.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+func hashDKGMasterPublicKey(mpk *typesDKG.MasterPublicKey) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, mpk.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, mpk.Reset)
+
+ return crypto.Keccak256Hash(
+ mpk.ProposerID.Hash[:],
+ mpk.DKGID.GetLittleEndian(),
+ mpk.PublicKeyShares.MasterKeyBytes(),
+ binaryRound,
+ binaryReset,
+ )
+}
+
+// VerifyDKGMasterPublicKeySignature verifies DKGMasterPublicKey signature.
+func VerifyDKGMasterPublicKeySignature(
+ mpk *typesDKG.MasterPublicKey) (bool, error) {
+ hash := hashDKGMasterPublicKey(mpk)
+ pubKey, err := crypto.SigToPub(hash, mpk.Signature)
+ if err != nil {
+ return false, err
+ }
+ if mpk.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+func hashDKGComplaint(complaint *typesDKG.Complaint) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, complaint.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, complaint.Reset)
+
+ hashPrvShare := hashDKGPrivateShare(&complaint.PrivateShare)
+
+ return crypto.Keccak256Hash(
+ complaint.ProposerID.Hash[:],
+ binaryRound,
+ binaryReset,
+ hashPrvShare[:],
+ )
+}
+
+// VerifyDKGComplaintSignature verifies DKGCompliant signature.
+func VerifyDKGComplaintSignature(
+ complaint *typesDKG.Complaint) (bool, error) {
+ if complaint.Round != complaint.PrivateShare.Round {
+ return false, nil
+ }
+ if complaint.Reset != complaint.PrivateShare.Reset {
+ return false, nil
+ }
+ hash := hashDKGComplaint(complaint)
+ pubKey, err := crypto.SigToPub(hash, complaint.Signature)
+ if err != nil {
+ return false, err
+ }
+ if complaint.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ if !complaint.IsNack() {
+ return VerifyDKGPrivateShareSignature(&complaint.PrivateShare)
+ }
+ return true, nil
+}
+
+func hashDKGPartialSignature(psig *typesDKG.PartialSignature) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, psig.Round)
+
+ return crypto.Keccak256Hash(
+ psig.ProposerID.Hash[:],
+ binaryRound,
+ psig.Hash[:],
+ psig.PartialSignature.Signature[:],
+ )
+}
+
+// VerifyDKGPartialSignatureSignature verifies the signature of
+// typesDKG.PartialSignature.
+func VerifyDKGPartialSignatureSignature(
+ psig *typesDKG.PartialSignature) (bool, error) {
+ hash := hashDKGPartialSignature(psig)
+ pubKey, err := crypto.SigToPub(hash, psig.Signature)
+ if err != nil {
+ return false, err
+ }
+ if psig.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+func hashDKGMPKReady(ready *typesDKG.MPKReady) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, ready.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, ready.Reset)
+
+ return crypto.Keccak256Hash(
+ ready.ProposerID.Hash[:],
+ binaryRound,
+ binaryReset,
+ )
+}
+
+// VerifyDKGMPKReadySignature verifies DKGMPKReady signature.
+func VerifyDKGMPKReadySignature(
+ ready *typesDKG.MPKReady) (bool, error) {
+ hash := hashDKGMPKReady(ready)
+ pubKey, err := crypto.SigToPub(hash, ready.Signature)
+ if err != nil {
+ return false, err
+ }
+ if ready.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+func hashDKGFinalize(final *typesDKG.Finalize) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, final.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, final.Reset)
+
+ return crypto.Keccak256Hash(
+ final.ProposerID.Hash[:],
+ binaryRound,
+ binaryReset,
+ )
+}
+
+func hashDKGSuccess(success *typesDKG.Success) common.Hash {
+ binaryRound := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryRound, success.Round)
+ binaryReset := make([]byte, 8)
+ binary.LittleEndian.PutUint64(binaryReset, success.Reset)
+
+ return crypto.Keccak256Hash(
+ success.ProposerID.Hash[:],
+ binaryRound,
+ binaryReset,
+ )
+}
+
+// VerifyDKGFinalizeSignature verifies DKGFinalize signature.
+func VerifyDKGFinalizeSignature(
+ final *typesDKG.Finalize) (bool, error) {
+ hash := hashDKGFinalize(final)
+ pubKey, err := crypto.SigToPub(hash, final.Signature)
+ if err != nil {
+ return false, err
+ }
+ if final.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+// VerifyDKGSuccessSignature verifies DKGSuccess signature.
+func VerifyDKGSuccessSignature(
+ success *typesDKG.Success) (bool, error) {
+ hash := hashDKGSuccess(success)
+ pubKey, err := crypto.SigToPub(hash, success.Signature)
+ if err != nil {
+ return false, err
+ }
+ if success.ProposerID != types.NewNodeID(pubKey) {
+ return false, nil
+ }
+ return true, nil
+}
+
+// Rehash hashes the hash again and again and again...
+func Rehash(hash common.Hash, count uint) common.Hash {
+ result := hash
+ for i := uint(0); i < count; i++ {
+ result = crypto.Keccak256Hash(result[:])
+ }
+ return result
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/nodeset-cache.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/nodeset-cache.go
new file mode 100644
index 000000000..028690e18
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/nodeset-cache.go
@@ -0,0 +1,245 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "errors"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+var (
+ // ErrNodeSetNotReady means we got nil empty node set.
+ ErrNodeSetNotReady = errors.New("node set is not ready")
+ // ErrCRSNotReady means we got empty CRS.
+ ErrCRSNotReady = errors.New("crs is not ready")
+ // ErrConfigurationNotReady means we go nil configuration.
+ ErrConfigurationNotReady = errors.New("configuration is not ready")
+)
+
+type sets struct {
+ crs common.Hash
+ nodeSet *types.NodeSet
+ notarySet map[types.NodeID]struct{}
+}
+
+// NodeSetCacheInterface interface specifies interface used by NodeSetCache.
+type NodeSetCacheInterface interface {
+ // Configuration returns the configuration at a given round.
+ // Return the genesis configuration if round == 0.
+ Configuration(round uint64) *types.Config
+
+ // CRS returns the CRS for a given round.
+ // Return the genesis CRS if round == 0.
+ CRS(round uint64) common.Hash
+
+ // NodeSet returns the node set at a given round.
+ // Return the genesis node set if round == 0.
+ NodeSet(round uint64) []crypto.PublicKey
+}
+
+// NodeSetCache caches node set information.
+//
+// NOTE: this module doesn't handle DKG resetting and can only be used along
+// with utils.RoundEvent.
+type NodeSetCache struct {
+ lock sync.RWMutex
+ nsIntf NodeSetCacheInterface
+ rounds map[uint64]*sets
+ keyPool map[types.NodeID]*struct {
+ pubKey crypto.PublicKey
+ refCnt int
+ }
+}
+
+// NewNodeSetCache constructs an NodeSetCache instance.
+func NewNodeSetCache(nsIntf NodeSetCacheInterface) *NodeSetCache {
+ return &NodeSetCache{
+ nsIntf: nsIntf,
+ rounds: make(map[uint64]*sets),
+ keyPool: make(map[types.NodeID]*struct {
+ pubKey crypto.PublicKey
+ refCnt int
+ }),
+ }
+}
+
+// Exists checks if a node is in node set of that round.
+func (cache *NodeSetCache) Exists(
+ round uint64, nodeID types.NodeID) (exists bool, err error) {
+
+ nIDs, exists := cache.get(round)
+ if !exists {
+ if nIDs, err = cache.update(round); err != nil {
+ return
+ }
+ }
+ _, exists = nIDs.nodeSet.IDs[nodeID]
+ return
+}
+
+// GetPublicKey return public key for that node:
+func (cache *NodeSetCache) GetPublicKey(
+ nodeID types.NodeID) (key crypto.PublicKey, exists bool) {
+
+ cache.lock.RLock()
+ defer cache.lock.RUnlock()
+
+ rec, exists := cache.keyPool[nodeID]
+ if exists {
+ key = rec.pubKey
+ }
+ return
+}
+
+// GetNodeSet returns IDs of nodes set of this round as map.
+func (cache *NodeSetCache) GetNodeSet(round uint64) (*types.NodeSet, error) {
+ IDs, exists := cache.get(round)
+ if !exists {
+ var err error
+ if IDs, err = cache.update(round); err != nil {
+ return nil, err
+ }
+ }
+ return IDs.nodeSet.Clone(), nil
+}
+
+// GetNotarySet returns of notary set of this round.
+func (cache *NodeSetCache) GetNotarySet(
+ round uint64) (map[types.NodeID]struct{}, error) {
+ IDs, err := cache.getOrUpdate(round)
+ if err != nil {
+ return nil, err
+ }
+ return cache.cloneMap(IDs.notarySet), nil
+}
+
+// Purge a specific round.
+func (cache *NodeSetCache) Purge(rID uint64) {
+ cache.lock.Lock()
+ defer cache.lock.Unlock()
+ nIDs, exist := cache.rounds[rID]
+ if !exist {
+ return
+ }
+ for nID := range nIDs.nodeSet.IDs {
+ rec := cache.keyPool[nID]
+ if rec.refCnt--; rec.refCnt == 0 {
+ delete(cache.keyPool, nID)
+ }
+ }
+ delete(cache.rounds, rID)
+}
+
+// Touch updates the internal cache of round.
+func (cache *NodeSetCache) Touch(round uint64) (err error) {
+ _, err = cache.update(round)
+ return
+}
+
+func (cache *NodeSetCache) cloneMap(
+ nIDs map[types.NodeID]struct{}) map[types.NodeID]struct{} {
+ nIDsCopy := make(map[types.NodeID]struct{}, len(nIDs))
+ for k := range nIDs {
+ nIDsCopy[k] = struct{}{}
+ }
+ return nIDsCopy
+}
+
+func (cache *NodeSetCache) getOrUpdate(round uint64) (nIDs *sets, err error) {
+ s, exists := cache.get(round)
+ if !exists {
+ if s, err = cache.update(round); err != nil {
+ return
+ }
+ }
+ nIDs = s
+ return
+}
+
+// update node set for that round.
+//
+// This cache would maintain 10 rounds before the updated round and purge
+// rounds not in this range.
+func (cache *NodeSetCache) update(round uint64) (nIDs *sets, err error) {
+ cache.lock.Lock()
+ defer cache.lock.Unlock()
+ // Get information for the requested round.
+ keySet := cache.nsIntf.NodeSet(round)
+ if keySet == nil {
+ err = ErrNodeSetNotReady
+ return
+ }
+ crs := cache.nsIntf.CRS(round)
+ if (crs == common.Hash{}) {
+ err = ErrCRSNotReady
+ return
+ }
+ // Cache new round.
+ nodeSet := types.NewNodeSet()
+ for _, key := range keySet {
+ nID := types.NewNodeID(key)
+ nodeSet.Add(nID)
+ if rec, exists := cache.keyPool[nID]; exists {
+ rec.refCnt++
+ } else {
+ cache.keyPool[nID] = &struct {
+ pubKey crypto.PublicKey
+ refCnt int
+ }{key, 1}
+ }
+ }
+ cfg := cache.nsIntf.Configuration(round)
+ if cfg == nil {
+ err = ErrConfigurationNotReady
+ return
+ }
+ nIDs = &sets{
+ crs: crs,
+ nodeSet: nodeSet,
+ notarySet: make(map[types.NodeID]struct{}),
+ }
+ nIDs.notarySet = nodeSet.GetSubSet(
+ int(cfg.NotarySetSize), types.NewNotarySetTarget(crs))
+ cache.rounds[round] = nIDs
+ // Purge older rounds.
+ for rID, nIDs := range cache.rounds {
+ nodeSet := nIDs.nodeSet
+ if round-rID <= 5 {
+ continue
+ }
+ for nID := range nodeSet.IDs {
+ rec := cache.keyPool[nID]
+ if rec.refCnt--; rec.refCnt == 0 {
+ delete(cache.keyPool, nID)
+ }
+ }
+ delete(cache.rounds, rID)
+ }
+ return
+}
+
+func (cache *NodeSetCache) get(round uint64) (nIDs *sets, exists bool) {
+ cache.lock.RLock()
+ defer cache.lock.RUnlock()
+ nIDs, exists = cache.rounds[round]
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/penalty-helper.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/penalty-helper.go
new file mode 100644
index 000000000..658fe79a9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/penalty-helper.go
@@ -0,0 +1,131 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "errors"
+
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+var (
+ // ErrInvalidDKGMasterPublicKey means the DKG MasterPublicKey is invalid.
+ ErrInvalidDKGMasterPublicKey = errors.New("invalid DKG master public key")
+ // ErrPayloadNotEmpty means the payload of block is not empty.
+ ErrPayloadNotEmpty = errors.New("payload not empty")
+)
+
+// NeedPenaltyDKGPrivateShare checks if the proposer of dkg private share
+// should be penalized.
+func NeedPenaltyDKGPrivateShare(
+ complaint *typesDKG.Complaint, mpk *typesDKG.MasterPublicKey) (bool, error) {
+ if complaint.IsNack() {
+ return false, nil
+ }
+ if mpk.ProposerID != complaint.PrivateShare.ProposerID {
+ return false, nil
+ }
+ ok, err := VerifyDKGMasterPublicKeySignature(mpk)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, ErrInvalidDKGMasterPublicKey
+ }
+ ok, err = VerifyDKGComplaintSignature(complaint)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ ok, err = mpk.PublicKeyShares.VerifyPrvShare(
+ typesDKG.NewID(complaint.PrivateShare.ReceiverID),
+ &complaint.PrivateShare.PrivateShare)
+ if err != nil {
+ return false, err
+ }
+ return !ok, nil
+}
+
+// NeedPenaltyForkVote checks if two votes are fork vote.
+func NeedPenaltyForkVote(vote1, vote2 *types.Vote) (bool, error) {
+ if vote1.ProposerID != vote2.ProposerID ||
+ vote1.Type != vote2.Type ||
+ vote1.Period != vote2.Period ||
+ vote1.Position != vote2.Position ||
+ vote1.BlockHash == vote2.BlockHash {
+ return false, nil
+ }
+ ok, err := VerifyVoteSignature(vote1)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ ok, err = VerifyVoteSignature(vote2)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ return true, nil
+}
+
+// NeedPenaltyForkBlock checks if two blocks are fork block.
+func NeedPenaltyForkBlock(block1, block2 *types.Block) (bool, error) {
+ if block1.ProposerID != block2.ProposerID ||
+ block1.Position != block2.Position ||
+ block1.Hash == block2.Hash {
+ return false, nil
+ }
+ if len(block1.Payload) != 0 || len(block2.Payload) != 0 {
+ return false, ErrPayloadNotEmpty
+ }
+ verifyBlock := func(block *types.Block) (bool, error) {
+ err := VerifyBlockSignatureWithoutPayload(block)
+ switch err {
+ case nil:
+ return true, nil
+ case ErrIncorrectSignature:
+ return false, nil
+ case ErrIncorrectHash:
+ return false, nil
+ default:
+ return false, err
+ }
+ }
+ ok, err := verifyBlock(block1)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ ok, err = verifyBlock(block2)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ return true, nil
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-based-config.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-based-config.go
new file mode 100644
index 000000000..88842cacf
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-based-config.go
@@ -0,0 +1,112 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+// RoundBasedConfig is based config for rounds and provide boundary checking
+// for rounds.
+type RoundBasedConfig struct {
+ roundID uint64
+ roundBeginHeight uint64
+ roundEndHeight uint64
+ roundLength uint64
+}
+
+// SetupRoundBasedFields setup round based fields, including round ID, the
+// length of rounds.
+func (c *RoundBasedConfig) SetupRoundBasedFields(
+ roundID uint64, cfg *types.Config) {
+ if c.roundLength > 0 {
+ panic(fmt.Errorf("duplicated set round based fields: %d",
+ c.roundLength))
+ }
+ c.roundID = roundID
+ c.roundLength = cfg.RoundLength
+}
+
+// SetRoundBeginHeight gives the beginning height for the initial round provided
+// when constructed.
+func (c *RoundBasedConfig) SetRoundBeginHeight(begin uint64) {
+ if c.roundBeginHeight != 0 {
+ panic(fmt.Errorf("duplicated set round begin height: %d",
+ c.roundBeginHeight))
+ }
+ c.roundBeginHeight = begin
+ c.roundEndHeight = begin + c.roundLength
+}
+
+// IsLastBlock checks if a block is the last block of this round.
+func (c *RoundBasedConfig) IsLastBlock(b *types.Block) bool {
+ if b.Position.Round != c.roundID {
+ panic(fmt.Errorf("attempt to compare by different round: %s, %d",
+ b, c.roundID))
+ }
+ return b.Position.Height+1 == c.roundEndHeight
+}
+
+// ExtendLength extends round ending height by the length of current round.
+func (c *RoundBasedConfig) ExtendLength() {
+ c.roundEndHeight += c.roundLength
+}
+
+// Contains checks if a block height is in this round.
+func (c *RoundBasedConfig) Contains(h uint64) bool {
+ return c.roundBeginHeight <= h && c.roundEndHeight > h
+}
+
+// RoundID returns the round ID of this config.
+func (c *RoundBasedConfig) RoundID() uint64 {
+ if c.roundLength == 0 {
+ panic(fmt.Errorf("config is not initialized: %d", c.roundID))
+ }
+ return c.roundID
+}
+
+// RoundEndHeight returns next checkpoint to varify if this round is ended.
+func (c *RoundBasedConfig) RoundEndHeight() uint64 {
+ if c.roundLength == 0 {
+ panic(fmt.Errorf("config is not initialized: %d", c.roundID))
+ }
+ return c.roundEndHeight
+}
+
+// AppendTo a config from previous round.
+func (c *RoundBasedConfig) AppendTo(other RoundBasedConfig) {
+ if c.roundID != other.roundID+1 {
+ panic(fmt.Errorf("round IDs of configs not continuous: %d %d",
+ c.roundID, other.roundID))
+ }
+ c.SetRoundBeginHeight(other.roundEndHeight)
+}
+
+// LastPeriodBeginHeight returns the begin height of last period. For example,
+// if a round is extended twice, then the return from this method is:
+//
+// begin + 2 * roundLength - roundLength
+//
+func (c *RoundBasedConfig) LastPeriodBeginHeight() uint64 {
+ if c.roundLength == 0 {
+ panic(fmt.Errorf("config is not initialized: %d", c.roundID))
+ }
+ return c.roundEndHeight - c.roundLength
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-event.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-event.go
new file mode 100644
index 000000000..4f4b04542
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/round-event.go
@@ -0,0 +1,358 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "context"
+ "fmt"
+ "sync"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+// ErrUnmatchedBlockHeightWithConfig is for invalid parameters for NewRoundEvent.
+type ErrUnmatchedBlockHeightWithConfig struct {
+ round uint64
+ reset uint64
+ blockHeight uint64
+}
+
+func (e ErrUnmatchedBlockHeightWithConfig) Error() string {
+ return fmt.Sprintf("unsynced block height and cfg: round:%d reset:%d h:%d",
+ e.round, e.reset, e.blockHeight)
+}
+
+// RoundEventParam defines the parameters passed to event handlers of
+// RoundEvent.
+type RoundEventParam struct {
+ // 'Round' of next checkpoint, might be identical to previous checkpoint.
+ Round uint64
+ // the count of reset DKG for 'Round+1'.
+ Reset uint64
+ // the begin block height of this event, the end block height of this event
+ // would be BeginHeight + config.RoundLength.
+ BeginHeight uint64
+ // The configuration for 'Round'.
+ Config *types.Config
+ // The CRS for 'Round'.
+ CRS common.Hash
+}
+
+// NextRoundValidationHeight returns the height to check if the next round is
+// ready.
+func (e RoundEventParam) NextRoundValidationHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength*9/10
+}
+
+// NextCRSProposingHeight returns the height to propose CRS for next round.
+func (e RoundEventParam) NextCRSProposingHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength/2
+}
+
+// NextDKGPreparationHeight returns the height to prepare DKG set for next
+// round.
+func (e RoundEventParam) NextDKGPreparationHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength*2/3
+}
+
+// NextRoundHeight returns the height of the beginning of next round.
+func (e RoundEventParam) NextRoundHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength
+}
+
+// NextTouchNodeSetCacheHeight returns the height to touch the node set cache.
+func (e RoundEventParam) NextTouchNodeSetCacheHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength/2
+}
+
+// NextDKGResetHeight returns the height to reset DKG for next period.
+func (e RoundEventParam) NextDKGResetHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength*85/100
+}
+
+// NextDKGRegisterHeight returns the height to register DKG.
+func (e RoundEventParam) NextDKGRegisterHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength/2
+}
+
+// RoundEndHeight returns the round ending height of this round event.
+func (e RoundEventParam) RoundEndHeight() uint64 {
+ return e.BeginHeight + e.Config.RoundLength
+}
+
+func (e RoundEventParam) String() string {
+ return fmt.Sprintf("roundEvtParam{Round:%d Reset:%d Height:%d}",
+ e.Round,
+ e.Reset,
+ e.BeginHeight)
+}
+
+// roundEventFn defines the fingerprint of handlers of round events.
+type roundEventFn func([]RoundEventParam)
+
+// governanceAccessor is a subset of core.Governance to break the dependency
+// between core and utils package.
+type governanceAccessor interface {
+ // Configuration returns the configuration at a given round.
+ // Return the genesis configuration if round == 0.
+ Configuration(round uint64) *types.Config
+
+ // CRS returns the CRS for a given round.
+ // Return the genesis CRS if round == 0.
+ CRS(round uint64) common.Hash
+
+ // DKGComplaints gets all the DKGComplaints of round.
+ DKGComplaints(round uint64) []*typesDKG.Complaint
+
+ // DKGMasterPublicKeys gets all the DKGMasterPublicKey of round.
+ DKGMasterPublicKeys(round uint64) []*typesDKG.MasterPublicKey
+
+ // IsDKGFinal checks if DKG is final.
+ IsDKGFinal(round uint64) bool
+
+ // IsDKGSuccess checks if DKG is success.
+ IsDKGSuccess(round uint64) bool
+
+ // DKGResetCount returns the reset count for DKG of given round.
+ DKGResetCount(round uint64) uint64
+
+ // Get the begin height of a round.
+ GetRoundHeight(round uint64) uint64
+}
+
+// RoundEventRetryHandlerGenerator generates a handler to common.Event, which
+// would register itself to retry next round validation if round event is not
+// triggered.
+func RoundEventRetryHandlerGenerator(
+ rEvt *RoundEvent, hEvt *common.Event) func(uint64) {
+ var hEvtHandler func(uint64)
+ hEvtHandler = func(h uint64) {
+ if rEvt.ValidateNextRound(h) == 0 {
+ // Retry until at least one round event is triggered.
+ hEvt.RegisterHeight(h+1, hEvtHandler)
+ }
+ }
+ return hEvtHandler
+}
+
+// RoundEvent would be triggered when either:
+// - the next DKG set setup is ready.
+// - the next DKG set setup is failed, and previous DKG set already reset the
+// CRS.
+type RoundEvent struct {
+ gov governanceAccessor
+ logger common.Logger
+ lock sync.Mutex
+ handlers []roundEventFn
+ config RoundBasedConfig
+ lastTriggeredRound uint64
+ lastTriggeredResetCount uint64
+ roundShift uint64
+ gpkInvalid bool
+ ctx context.Context
+ ctxCancel context.CancelFunc
+}
+
+// NewRoundEvent creates an RoundEvent instance.
+func NewRoundEvent(parentCtx context.Context, gov governanceAccessor,
+ logger common.Logger, initPos types.Position, roundShift uint64) (
+ *RoundEvent, error) {
+ // We need to generate valid ending block height of this round (taken
+ // DKG reset count into consideration).
+ logger.Info("new RoundEvent", "position", initPos, "shift", roundShift)
+ initConfig := GetConfigWithPanic(gov, initPos.Round, logger)
+ e := &RoundEvent{
+ gov: gov,
+ logger: logger,
+ lastTriggeredRound: initPos.Round,
+ roundShift: roundShift,
+ }
+ e.ctx, e.ctxCancel = context.WithCancel(parentCtx)
+ e.config = RoundBasedConfig{}
+ e.config.SetupRoundBasedFields(initPos.Round, initConfig)
+ e.config.SetRoundBeginHeight(GetRoundHeight(gov, initPos.Round))
+ // Make sure the DKG reset count in current governance can cover the initial
+ // block height.
+ if initPos.Height >= types.GenesisHeight {
+ resetCount := gov.DKGResetCount(initPos.Round + 1)
+ remains := resetCount
+ for ; remains > 0 && !e.config.Contains(initPos.Height); remains-- {
+ e.config.ExtendLength()
+ }
+ if !e.config.Contains(initPos.Height) {
+ return nil, ErrUnmatchedBlockHeightWithConfig{
+ round: initPos.Round,
+ reset: resetCount,
+ blockHeight: initPos.Height,
+ }
+ }
+ e.lastTriggeredResetCount = resetCount - remains
+ }
+ return e, nil
+}
+
+// Register a handler to be called when new round is confirmed or new DKG reset
+// is detected.
+//
+// The earlier registered handler has higher priority.
+func (e *RoundEvent) Register(h roundEventFn) {
+ e.lock.Lock()
+ defer e.lock.Unlock()
+ e.handlers = append(e.handlers, h)
+}
+
+// TriggerInitEvent triggers event from the initial setting.
+func (e *RoundEvent) TriggerInitEvent() {
+ e.lock.Lock()
+ defer e.lock.Unlock()
+ events := []RoundEventParam{RoundEventParam{
+ Round: e.lastTriggeredRound,
+ Reset: e.lastTriggeredResetCount,
+ BeginHeight: e.config.LastPeriodBeginHeight(),
+ CRS: GetCRSWithPanic(e.gov, e.lastTriggeredRound, e.logger),
+ Config: GetConfigWithPanic(e.gov, e.lastTriggeredRound, e.logger),
+ }}
+ for _, h := range e.handlers {
+ h(events)
+ }
+}
+
+// ValidateNextRound validate if the DKG set for next round is ready to go or
+// failed to setup, all registered handlers would be called once some decision
+// is made on chain.
+//
+// The count of triggered events would be returned.
+func (e *RoundEvent) ValidateNextRound(blockHeight uint64) (count uint) {
+ // To make triggers continuous and sequential, the next validation should
+ // wait for previous one finishing. That's why I use mutex here directly.
+ var events []RoundEventParam
+ e.lock.Lock()
+ defer e.lock.Unlock()
+ e.logger.Trace("ValidateNextRound",
+ "height", blockHeight,
+ "round", e.lastTriggeredRound,
+ "count", e.lastTriggeredResetCount)
+ defer func() {
+ count = uint(len(events))
+ if count == 0 {
+ return
+ }
+ for _, h := range e.handlers {
+ // To make sure all handlers receive triggers sequentially, we can't
+ // raise go routines here.
+ h(events)
+ }
+ }()
+ var (
+ triggered bool
+ param RoundEventParam
+ beginHeight = blockHeight
+ startRound = e.lastTriggeredRound
+ )
+ for {
+ param, triggered = e.check(beginHeight, startRound)
+ if !triggered {
+ break
+ }
+ events = append(events, param)
+ beginHeight = param.BeginHeight
+ }
+ return
+}
+
+func (e *RoundEvent) check(blockHeight, startRound uint64) (
+ param RoundEventParam, triggered bool) {
+ defer func() {
+ if !triggered {
+ return
+ }
+ // A simple assertion to make sure we didn't pick the wrong round.
+ if e.config.RoundID() != e.lastTriggeredRound {
+ panic(fmt.Errorf("Triggered round not matched: %d, %d",
+ e.config.RoundID(), e.lastTriggeredRound))
+ }
+ param.Round = e.lastTriggeredRound
+ param.Reset = e.lastTriggeredResetCount
+ param.BeginHeight = e.config.LastPeriodBeginHeight()
+ param.CRS = GetCRSWithPanic(e.gov, e.lastTriggeredRound, e.logger)
+ param.Config = GetConfigWithPanic(e.gov, e.lastTriggeredRound, e.logger)
+ e.logger.Info("New RoundEvent triggered",
+ "round", e.lastTriggeredRound,
+ "reset", e.lastTriggeredResetCount,
+ "begin-height", e.config.LastPeriodBeginHeight(),
+ "crs", param.CRS.String()[:6],
+ )
+ }()
+ nextRound := e.lastTriggeredRound + 1
+ if nextRound >= startRound+e.roundShift {
+ // Avoid access configuration newer than last confirmed one over
+ // 'roundShift' rounds. Fullnode might crash if we access it before it
+ // knows.
+ return
+ }
+ nextCfg := GetConfigWithPanic(e.gov, nextRound, e.logger)
+ resetCount := e.gov.DKGResetCount(nextRound)
+ if resetCount > e.lastTriggeredResetCount {
+ e.lastTriggeredResetCount++
+ e.config.ExtendLength()
+ e.gpkInvalid = false
+ triggered = true
+ return
+ }
+ if e.gpkInvalid {
+ // We know that DKG already failed, now wait for the DKG set from
+ // previous round to reset DKG and don't have to reconstruct the
+ // group public key again.
+ return
+ }
+ if nextRound >= dkgDelayRound {
+ var ok bool
+ ok, e.gpkInvalid = IsDKGValid(
+ e.gov, e.logger, nextRound, e.lastTriggeredResetCount)
+ if !ok {
+ return
+ }
+ }
+ // The DKG set for next round is well prepared.
+ e.lastTriggeredRound = nextRound
+ e.lastTriggeredResetCount = 0
+ e.gpkInvalid = false
+ rCfg := RoundBasedConfig{}
+ rCfg.SetupRoundBasedFields(nextRound, nextCfg)
+ rCfg.AppendTo(e.config)
+ e.config = rCfg
+ triggered = true
+ return
+}
+
+// Stop the event source and block until last trigger returns.
+func (e *RoundEvent) Stop() {
+ e.ctxCancel()
+}
+
+// LastPeriod returns block height related info of the last period, including
+// begin height and round length.
+func (e *RoundEvent) LastPeriod() (begin uint64, length uint64) {
+ e.lock.Lock()
+ defer e.lock.Unlock()
+ begin = e.config.LastPeriodBeginHeight()
+ length = e.config.RoundEndHeight() - e.config.LastPeriodBeginHeight()
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/signer.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/signer.go
new file mode 100644
index 000000000..9128e264c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/signer.go
@@ -0,0 +1,154 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "errors"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/crypto"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+// Errors for signer.
+var (
+ ErrInvalidProposerID = errors.New("invalid proposer id")
+ ErrIncorrectHash = errors.New("hash of block is incorrect")
+ ErrIncorrectSignature = errors.New("signature of block is incorrect")
+ ErrNoBLSSigner = errors.New("bls signer not set")
+)
+
+type blsSigner func(round uint64, hash common.Hash) (crypto.Signature, error)
+
+// Signer signs a segment of data.
+type Signer struct {
+ prvKey crypto.PrivateKey
+ pubKey crypto.PublicKey
+ proposerID types.NodeID
+ blsSign blsSigner
+}
+
+// NewSigner constructs an Signer instance.
+func NewSigner(prvKey crypto.PrivateKey) (s *Signer) {
+ s = &Signer{
+ prvKey: prvKey,
+ pubKey: prvKey.PublicKey(),
+ }
+ s.proposerID = types.NewNodeID(s.pubKey)
+ return
+}
+
+// SetBLSSigner for signing CRSSignature
+func (s *Signer) SetBLSSigner(signer blsSigner) {
+ s.blsSign = signer
+}
+
+// SignBlock signs a types.Block.
+func (s *Signer) SignBlock(b *types.Block) (err error) {
+ b.ProposerID = s.proposerID
+ b.PayloadHash = crypto.Keccak256Hash(b.Payload)
+ if b.Hash, err = HashBlock(b); err != nil {
+ return
+ }
+ if b.Signature, err = s.prvKey.Sign(b.Hash); err != nil {
+ return
+ }
+ return
+}
+
+// SignVote signs a types.Vote.
+func (s *Signer) SignVote(v *types.Vote) (err error) {
+ v.ProposerID = s.proposerID
+ v.Signature, err = s.prvKey.Sign(HashVote(v))
+ return
+}
+
+// SignCRS signs CRS signature of types.Block.
+func (s *Signer) SignCRS(b *types.Block, crs common.Hash) (err error) {
+ if b.ProposerID != s.proposerID {
+ err = ErrInvalidProposerID
+ return
+ }
+ if b.Position.Round < dkgDelayRound {
+ hash := hashCRS(b, crs)
+ b.CRSSignature = crypto.Signature{
+ Type: "bls",
+ Signature: hash[:],
+ }
+ return
+ }
+ if s.blsSign == nil {
+ err = ErrNoBLSSigner
+ return
+ }
+ b.CRSSignature, err = s.blsSign(b.Position.Round, hashCRS(b, crs))
+ return
+}
+
+// SignDKGComplaint signs a DKG complaint.
+func (s *Signer) SignDKGComplaint(complaint *typesDKG.Complaint) (err error) {
+ complaint.ProposerID = s.proposerID
+ complaint.Signature, err = s.prvKey.Sign(hashDKGComplaint(complaint))
+ return
+}
+
+// SignDKGMasterPublicKey signs a DKG master public key.
+func (s *Signer) SignDKGMasterPublicKey(
+ mpk *typesDKG.MasterPublicKey) (err error) {
+ mpk.ProposerID = s.proposerID
+ mpk.Signature, err = s.prvKey.Sign(hashDKGMasterPublicKey(mpk))
+ return
+}
+
+// SignDKGPrivateShare signs a DKG private share.
+func (s *Signer) SignDKGPrivateShare(
+ prvShare *typesDKG.PrivateShare) (err error) {
+ prvShare.ProposerID = s.proposerID
+ prvShare.Signature, err = s.prvKey.Sign(hashDKGPrivateShare(prvShare))
+ return
+}
+
+// SignDKGPartialSignature signs a DKG partial signature.
+func (s *Signer) SignDKGPartialSignature(
+ pSig *typesDKG.PartialSignature) (err error) {
+ pSig.ProposerID = s.proposerID
+ pSig.Signature, err = s.prvKey.Sign(hashDKGPartialSignature(pSig))
+ return
+}
+
+// SignDKGMPKReady signs a DKG ready message.
+func (s *Signer) SignDKGMPKReady(ready *typesDKG.MPKReady) (err error) {
+ ready.ProposerID = s.proposerID
+ ready.Signature, err = s.prvKey.Sign(hashDKGMPKReady(ready))
+ return
+}
+
+// SignDKGFinalize signs a DKG finalize message.
+func (s *Signer) SignDKGFinalize(final *typesDKG.Finalize) (err error) {
+ final.ProposerID = s.proposerID
+ final.Signature, err = s.prvKey.Sign(hashDKGFinalize(final))
+ return
+}
+
+// SignDKGSuccess signs a DKG success message.
+func (s *Signer) SignDKGSuccess(success *typesDKG.Success) (err error) {
+ success.ProposerID = s.proposerID
+ success.Signature, err = s.prvKey.Sign(hashDKGSuccess(success))
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/utils.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/utils.go
new file mode 100644
index 000000000..6ff5bb62f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/utils.go
@@ -0,0 +1,207 @@
+// Copyright 2018 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "context"
+ "fmt"
+
+ "github.com/byzantine-lab/dexon-consensus/common"
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+ typesDKG "github.com/byzantine-lab/dexon-consensus/core/types/dkg"
+)
+
+var dkgDelayRound uint64
+
+// SetDKGDelayRound sets the variable.
+func SetDKGDelayRound(delay uint64) {
+ dkgDelayRound = delay
+}
+
+type configAccessor interface {
+ Configuration(round uint64) *types.Config
+}
+
+// GetConfigWithPanic is a helper to access configs, and panic when config for
+// that round is not ready yet.
+func GetConfigWithPanic(accessor configAccessor, round uint64,
+ logger common.Logger) *types.Config {
+ if logger != nil {
+ logger.Debug("Calling Governance.Configuration", "round", round)
+ }
+ c := accessor.Configuration(round)
+ if c == nil {
+ panic(fmt.Errorf("configuration is not ready %v", round))
+ }
+ return c
+}
+
+type crsAccessor interface {
+ CRS(round uint64) common.Hash
+}
+
+// GetCRSWithPanic is a helper to access CRS, and panic when CRS for that
+// round is not ready yet.
+func GetCRSWithPanic(accessor crsAccessor, round uint64,
+ logger common.Logger) common.Hash {
+ if logger != nil {
+ logger.Debug("Calling Governance.CRS", "round", round)
+ }
+ crs := accessor.CRS(round)
+ if (crs == common.Hash{}) {
+ panic(fmt.Errorf("CRS is not ready %v", round))
+ }
+ return crs
+}
+
+// VerifyDKGComplaint verifies if its a valid DKGCompliant.
+func VerifyDKGComplaint(
+ complaint *typesDKG.Complaint, mpk *typesDKG.MasterPublicKey) (bool, error) {
+ ok, err := VerifyDKGComplaintSignature(complaint)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ if complaint.IsNack() {
+ return true, nil
+ }
+ if complaint.Round != mpk.Round {
+ return false, nil
+ }
+ ok, err = VerifyDKGMasterPublicKeySignature(mpk)
+ if err != nil {
+ return false, err
+ }
+ if !ok {
+ return false, nil
+ }
+ ok, err = mpk.PublicKeyShares.VerifyPrvShare(
+ typesDKG.NewID(complaint.PrivateShare.ReceiverID),
+ &complaint.PrivateShare.PrivateShare)
+ if err != nil {
+ return false, err
+ }
+ return !ok, nil
+}
+
+// LaunchDummyReceiver launches a go routine to receive from the receive
+// channel of a network module. An context is required to stop the go routine
+// automatically. An optinal message handler could be provided.
+func LaunchDummyReceiver(
+ ctx context.Context, recv <-chan types.Msg, handler func(types.Msg)) (
+ context.CancelFunc, <-chan struct{}) {
+ var (
+ dummyCtx, dummyCancel = context.WithCancel(ctx)
+ finishedChan = make(chan struct{}, 1)
+ )
+ go func() {
+ defer func() {
+ finishedChan <- struct{}{}
+ }()
+ loop:
+ for {
+ select {
+ case <-dummyCtx.Done():
+ break loop
+ case v, ok := <-recv:
+ if !ok {
+ panic(fmt.Errorf(
+ "receive channel is closed before dummy receiver"))
+ }
+ if handler != nil {
+ handler(v)
+ }
+ }
+ }
+ }()
+ return dummyCancel, finishedChan
+}
+
+// GetDKGThreshold return expected threshold for given DKG set size.
+func GetDKGThreshold(config *types.Config) int {
+ return int(config.NotarySetSize*2/3) + 1
+}
+
+// GetDKGValidThreshold return threshold for DKG set to considered valid.
+func GetDKGValidThreshold(config *types.Config) int {
+ return int(config.NotarySetSize * 5 / 6)
+}
+
+// GetBAThreshold return threshold for BA votes.
+func GetBAThreshold(config *types.Config) int {
+ return int(config.NotarySetSize*2/3 + 1)
+}
+
+// GetNextRoundValidationHeight returns the block height to check if the next
+// round is ready.
+func GetNextRoundValidationHeight(begin, length uint64) uint64 {
+ return begin + length*9/10
+}
+
+// GetRoundHeight wraps the workaround for the round height logic in fullnode.
+func GetRoundHeight(accessor interface{}, round uint64) uint64 {
+ type roundHeightAccessor interface {
+ GetRoundHeight(round uint64) uint64
+ }
+ accessorInst := accessor.(roundHeightAccessor)
+ height := accessorInst.GetRoundHeight(round)
+ if round == 0 && height < types.GenesisHeight {
+ return types.GenesisHeight
+ }
+ return height
+}
+
+// IsDKGValid check if DKG is correctly prepared.
+func IsDKGValid(
+ gov governanceAccessor, logger common.Logger, round, reset uint64) (
+ valid bool, gpkInvalid bool) {
+ if !gov.IsDKGFinal(round) {
+ logger.Debug("DKG is not final", "round", round, "reset", reset)
+ return
+ }
+ if !gov.IsDKGSuccess(round) {
+ logger.Debug("DKG is not successful", "round", round, "reset", reset)
+ return
+ }
+ cfg := GetConfigWithPanic(gov, round, logger)
+ gpk, err := typesDKG.NewGroupPublicKey(
+ round,
+ gov.DKGMasterPublicKeys(round),
+ gov.DKGComplaints(round),
+ GetDKGThreshold(cfg))
+ if err != nil {
+ logger.Debug("Group public key setup failed",
+ "round", round,
+ "reset", reset,
+ "error", err)
+ gpkInvalid = true
+ return
+ }
+ if len(gpk.QualifyNodeIDs) < GetDKGValidThreshold(cfg) {
+ logger.Debug("Group public key threshold not reach",
+ "round", round,
+ "reset", reset,
+ "qualified", len(gpk.QualifyNodeIDs))
+ gpkInvalid = true
+ return
+ }
+ valid = true
+ return
+}
diff --git a/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/vote-filter.go b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/vote-filter.go
new file mode 100644
index 000000000..556c2489a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/dexon-consensus/core/utils/vote-filter.go
@@ -0,0 +1,72 @@
+// Copyright 2019 The dexon-consensus Authors
+// This file is part of the dexon-consensus library.
+//
+// The dexon-consensus library is free software: you can redistribute it
+// and/or modify it under the terms of the GNU Lesser General Public License as
+// published by the Free Software Foundation, either version 3 of the License,
+// or (at your option) any later version.
+//
+// The dexon-consensus library is distributed in the hope that it will be
+// useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
+// General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public License
+// along with the dexon-consensus library. If not, see
+// <http://www.gnu.org/licenses/>.
+
+package utils
+
+import (
+ "github.com/byzantine-lab/dexon-consensus/core/types"
+)
+
+// VoteFilter filters votes that are useless for now.
+// To maximize performance, this structure is not thread-safe and will never be.
+type VoteFilter struct {
+ Voted map[types.VoteHeader]struct{}
+ Position types.Position
+ LockIter uint64
+ Period uint64
+ Confirm bool
+}
+
+// NewVoteFilter creates a new vote filter instance.
+func NewVoteFilter() *VoteFilter {
+ return &VoteFilter{
+ Voted: make(map[types.VoteHeader]struct{}),
+ }
+}
+
+// Filter checks if the vote should be filtered out.
+func (vf *VoteFilter) Filter(vote *types.Vote) bool {
+ if vote.Type == types.VoteInit {
+ return true
+ }
+ if vote.Position.Older(vf.Position) {
+ return true
+ } else if vote.Position.Newer(vf.Position) {
+ // It's impossible to check the vote of other height.
+ return false
+ }
+ if vf.Confirm {
+ return true
+ }
+ if vote.Type == types.VotePreCom && vote.Period < vf.LockIter {
+ return true
+ }
+ if vote.Type == types.VoteCom &&
+ vote.Period < vf.Period &&
+ vote.BlockHash == types.SkipBlockHash {
+ return true
+ }
+ if _, exist := vf.Voted[vote.VoteHeader]; exist {
+ return true
+ }
+ return false
+}
+
+// AddVote to the filter so the same vote will be filtered.
+func (vf *VoteFilter) AddVote(vote *types.Vote) {
+ vf.Voted[vote.VoteHeader] = struct{}{}
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/.gitignore b/vendor/github.com/byzantine-lab/mcl/.gitignore
new file mode 100644
index 000000000..f5edb3706
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/.gitignore
@@ -0,0 +1,13 @@
+CVS
+java/*_wrap.cxx
+lib/*.so
+lib/*.a
+*.class
+GPATH
+GRTAGS
+GTAGS
+*.o
+*.d
+*.exe
+*.swp
+.cvsignore
diff --git a/vendor/github.com/byzantine-lab/mcl/.travis.yml b/vendor/github.com/byzantine-lab/mcl/.travis.yml
new file mode 100644
index 000000000..73a97e6aa
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/.travis.yml
@@ -0,0 +1,17 @@
+sudo: true
+dist: trusty
+language: cpp
+compiler:
+ - gcc
+ - clang
+addons:
+ apt:
+ packages:
+ - libgmp-dev
+script:
+ - make test_ci DEBUG=1 -j3
+ - make clean
+ - make test_ci CFLAGS_USER=-DMCL_DONT_USE_XBYAK -j3
+ - make clean
+ - make test_go
+
diff --git a/vendor/github.com/byzantine-lab/mcl/CMakeLists.txt b/vendor/github.com/byzantine-lab/mcl/CMakeLists.txt
new file mode 100644
index 000000000..aaa0a8cf2
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/CMakeLists.txt
@@ -0,0 +1,119 @@
+cmake_minimum_required (VERSION 2.6)
+project(mcl CXX ASM)
+set(SRCS src/fp.cpp)
+
+option(
+ MCL_MAX_BIT_SIZE
+ "max bit size for Fp"
+ 0
+)
+option(
+ DOWNLOAD_SOURCE
+ "download cybozulib_ext"
+ OFF
+)
+
+set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib)
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/bin)
+
+if(MSVC)
+ set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS} /MT /W4 /Oy /Ox /EHsc /GS- /Zi /DNDEBUG /DNOMINMAX")
+ set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS} /MTd /W4 /DNOMINMAX")
+ link_directories(${CMAKE_SOURCE_DIR}/../cybozulib_ext/lib)
+ link_directories(${CMAKE_SOURCE_DIR}/lib)
+else()
+ if("${CFLAGS_OPT_USER}" STREQUAL "")
+ set(CFLAGS_OPT_USER "-O3 -DNDEBUG -march=native")
+ endif()
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++11 -Wall -Wextra -Wformat=2 -Wcast-qual -Wcast-align -Wwrite-strings -Wfloat-equal -Wpointer-arith ${CFLAGS_OPT_USER}")
+
+ if(${MCL_MAX_BIT_SIZE} GREATER 0)
+ add_definitions(-DMCL_MAX_BIT_SIZE=${MCL_MAX_BIT_SIZE})
+ endif()
+
+ if(${CMAKE_SYSTEM_PROCESSOR} STREQUAL "aarch64")
+ add_definitions(-DMCL_USE_LLVM=1)
+ set(SRCS ${SRCS} src/asm/aarch64.s)
+ set(CPU arch64)
+ elseif(${CMAKE_SYSTEM_PROCESSOR} MATCHES "^arm")
+ add_definitions(-DMCL_USE_LLVM=1)
+ set(SRCS ${SRCS} src/asm/arm.s)
+ set(CPU arm)
+ elseif(APPLE)
+ add_definitions(-DMCL_USE_LLVM=1)
+ set(SRCS ${SRCS} src/asm/x86-64mac.s src/asm/x86-64mac.bmi2.s)
+ set(CPU x86-64)
+ elseif(UNIX)
+ add_definitions(-DMCL_USE_LLVM=1)
+ set(SRCS ${SRCS} src/asm/x86-64.s src/asm/x86-64.bmi2.s)
+ set(CPU x86-64)
+ endif()
+ set(LIBS mcl gmp gmpxx crypto)
+endif()
+
+if(DOWNLOAD_SOURCE)
+ if(MSVC)
+ set(CYBOZULIB_EXT_TAG release20170521)
+ set(FILES config.h gmp-impl.h gmp-mparam.h gmp.h gmpxx.h longlong.h mpir.h mpirxx.h)
+ foreach(file IN ITEMS ${FILES})
+ file(DOWNLOAD https://raw.githubusercontent.com/herumi/cybozulib_ext/${CYBOZULIB_EXT_TAG}/include/${file} ${mcl_SOURCE_DIR}/include/cybozulib_ext/${file})
+ message("download cybozulib_ext/" ${file})
+ endforeach()
+ set(FILES aes.h applink.c asn1.h asn1_mac.h asn1t.h bio.h blowfish.h bn.h buffer.h camellia.h cast.h cmac.h cms.h comp.h conf.h conf_api.h crypto.h des.h des_old.h dh.h dsa.h dso.h dtls1.h e_os2.h ebcdic.h ec.h ecdh.h ecdsa.h engine.h err.h evp.h hmac.h idea.h krb5_asn.h kssl.h lhash.h md4.h md5.h mdc2.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pem2.h pkcs12.h pkcs7.h pqueue.h rand.h rc2.h rc4.h ripemd.h rsa.h safestack.h seed.h sha.h srp.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h stack.h symhacks.h tls1.h ts.h txt_db.h ui.h ui_compat.h whrlpool.h x509.h x509_vfy.h x509v3.h)
+ foreach(file IN ITEMS ${FILES})
+ file(DOWNLOAD https://raw.githubusercontent.com/herumi/cybozulib_ext/${CYBOZULIB_EXT_TAG}/include/openssl/${file} ${mcl_SOURCE_DIR}/include/cybozulib_ext/openssl/${file})
+ message("download cybozulib_ext/openssl/" ${file})
+ endforeach()
+ set(FILES mpir.lib mpirxx.lib mpirxx.pdb ssleay32.lib libeay32.lib mpir.pdb)
+ foreach(file IN ITEMS ${FILES})
+ file(DOWNLOAD https://raw.githubusercontent.com/herumi/cybozulib_ext/${CYBOZULIB_EXT_TAG}/lib/mt/14/${file} ${mcl_SOURCE_DIR}/lib/mt/14/${file})
+ message("download lib/mt/14/" ${file})
+ endforeach()
+ if(MSVC)
+ include_directories(
+ ${mcl_SOURCE_DIR}/include/cybozulib_ext
+ )
+ endif()
+ endif()
+else()
+ if(MSVC)
+ include_directories(
+ ${mcl_SOURCE_DIR}/../cybozulib_ext/include
+ )
+ endif()
+endif()
+
+include_directories(
+ ${mcl_SOURCE_DIR}/include
+)
+
+add_library(mcl STATIC ${SRCS})
+add_library(mcl_dy SHARED ${SRCS})
+target_link_libraries(mcl_dy ${LIBS})
+set_target_properties(mcl_dy PROPERTIES OUTPUT_NAME mcl)
+#set_target_properties(mcl_dy PROPERTIES OUTPUT_NAME mcl VERSION 1.0.0 SOVERSION 1)
+# For semantics of ABI compatibility including when you must bump SOVERSION, see:
+# https://community.kde.org/Policies/Binary_Compatibility_Issues_With_C%2B%2B#The_Do.27s_and_Don.27ts
+
+file(GLOB MCL_HEADERS include/mcl/*.hpp include/mcl/bn.h include/mcl/curve_type.h)
+file(GLOB CYBOZULIB_HEADERS include/cybozu/*.hpp)
+
+install(TARGETS mcl DESTINATION lib)
+install(TARGETS mcl_dy DESTINATION lib)
+install(FILES ${MCL_HEADERS} DESTINATION include/mcl)
+install(FILES include/mcl/impl/bn_c_impl.hpp DESTINATION include/mcl/impl)
+install(FILES ${CYBOZULIB_HEADERS} DESTINATION include/cybozu)
+
+set(TEST_BASE fp_test ec_test fp_util_test window_method_test elgamal_test fp_tower_test gmp_test bn_test glv_test)
+#set(TEST_BASE bn_test)
+foreach(base IN ITEMS ${TEST_BASE})
+ add_executable(
+ ${base}
+ test/${base}.cpp
+ )
+ target_link_libraries(
+ ${base}
+ ${LIBS}
+ )
+endforeach()
diff --git a/vendor/github.com/byzantine-lab/mcl/COPYRIGHT b/vendor/github.com/byzantine-lab/mcl/COPYRIGHT
new file mode 100644
index 000000000..90e49b4bc
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/COPYRIGHT
@@ -0,0 +1,47 @@
+
+Copyright (c) 2015 MITSUNARI Shigeo
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+Redistributions of source code must retain the above copyright notice, this
+list of conditions and the following disclaimer.
+Redistributions in binary form must reproduce the above copyright notice,
+this list of conditions and the following disclaimer in the documentation
+and/or other materials provided with the distribution.
+Neither the name of the copyright owner nor the names of its contributors may
+be used to endorse or promote products derived from this software without
+specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+THE POSSIBILITY OF SUCH DAMAGE.
+-----------------------------------------------------------------------------
+ソースコード形å¼ã‹ãƒã‚¤ãƒŠãƒªå½¢å¼ã‹ã€å¤‰æ›´ã™ã‚‹ã‹ã—ãªã„ã‹ã‚’å•ã‚ãšã€ä»¥ä¸‹ã®æ¡ä»¶ã‚’満ãŸ
+ã™å ´åˆã«é™ã‚Šã€å†é ’布ãŠã‚ˆã³ä½¿ç”¨ãŒè¨±å¯ã•ã‚Œã¾ã™ã€‚
+
+ソースコードをå†é ’布ã™ã‚‹å ´åˆã€ä¸Šè¨˜ã®è‘—作権表示ã€æœ¬æ¡ä»¶ä¸€è¦§ã€ãŠã‚ˆã³ä¸‹è¨˜å…責æ¡é …
+ã‚’å«ã‚ã‚‹ã“ã¨ã€‚
+ãƒã‚¤ãƒŠãƒªå½¢å¼ã§å†é ’布ã™ã‚‹å ´åˆã€é ’布物ã«ä»˜å±žã®ãƒ‰ã‚­ãƒ¥ãƒ¡ãƒ³ãƒˆç­‰ã®è³‡æ–™ã«ã€ä¸Šè¨˜ã®è‘—作
+権表示ã€æœ¬æ¡ä»¶ä¸€è¦§ã€ãŠã‚ˆã³ä¸‹è¨˜å…責æ¡é …ã‚’å«ã‚ã‚‹ã“ã¨ã€‚
+書é¢ã«ã‚ˆã‚‹ç‰¹åˆ¥ã®è¨±å¯ãªã—ã«ã€æœ¬ã‚½ãƒ•ãƒˆã‚¦ã‚§ã‚¢ã‹ã‚‰æ´¾ç”Ÿã—ãŸè£½å“ã®å®£ä¼ã¾ãŸã¯è²©å£²ä¿ƒé€²
+ã«ã€è‘—作権者ã®åå‰ã¾ãŸã¯ã‚³ãƒ³ãƒˆãƒªãƒ“ューターã®åå‰ã‚’使用ã—ã¦ã¯ãªã‚‰ãªã„。
+本ソフトウェアã¯ã€è‘—作権者ãŠã‚ˆã³ã‚³ãƒ³ãƒˆãƒªãƒ“ューターã«ã‚ˆã£ã¦ã€Œç¾çŠ¶ã®ã¾ã¾ã€æä¾›ã•
+ã‚Œã¦ãŠã‚Šã€æ˜Žç¤ºé»™ç¤ºã‚’å•ã‚ãšã€å•†æ¥­çš„ãªä½¿ç”¨å¯èƒ½æ€§ã€ãŠã‚ˆã³ç‰¹å®šã®ç›®çš„ã«å¯¾ã™ã‚‹é©åˆæ€§
+ã«é–¢ã™ã‚‹æš—é»™ã®ä¿è¨¼ã‚‚å«ã‚ã€ã¾ãŸãã‚Œã«é™å®šã•ã‚Œãªã„ã€ã„ã‹ãªã‚‹ä¿è¨¼ã‚‚ã‚ã‚Šã¾ã›ã‚“。
+著作権者もコントリビューターもã€äº‹ç”±ã®ã„ã‹ã‚“ã‚’å•ã‚ãšã€ æ害発生ã®åŽŸå› ã„ã‹ã‚“ã‚’
+å•ã‚ãšã€ã‹ã¤è²¬ä»»ã®æ ¹æ‹ ãŒå¥‘ç´„ã§ã‚ã‚‹ã‹åŽ³æ ¼è²¬ä»»ã§ã‚ã‚‹ã‹ï¼ˆéŽå¤±ãã®ä»–ã®ï¼‰ä¸æ³•è¡Œç‚ºã§
+ã‚ã‚‹ã‹ã‚’å•ã‚ãšã€ä»®ã«ãã®ã‚ˆã†ãªæ害ãŒç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ã‚’知らã•ã‚Œã¦ã„ãŸã¨ã—ã¦ã‚‚ã€
+本ソフトウェアã®ä½¿ç”¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã—ãŸï¼ˆä»£æ›¿å“ã¾ãŸã¯ä»£ç”¨ã‚µãƒ¼ãƒ“スã®èª¿é”ã€ä½¿ç”¨ã®
+喪失ã€ãƒ‡ãƒ¼ã‚¿ã®å–ªå¤±ã€åˆ©ç›Šã®å–ªå¤±ã€æ¥­å‹™ã®ä¸­æ–­ã‚‚å«ã‚ã€ã¾ãŸãã‚Œã«é™å®šã•ã‚Œãªã„)直接
+æ害ã€é–“接æ害ã€å¶ç™ºçš„ãªæ害ã€ç‰¹åˆ¥æ害ã€æ‡²ç½°çš„æ害ã€ã¾ãŸã¯çµæžœæ害ã«ã¤ã„ã¦ã€
+一切責任を負ã‚ãªã„ã‚‚ã®ã¨ã—ã¾ã™ã€‚
diff --git a/vendor/github.com/byzantine-lab/mcl/Makefile b/vendor/github.com/byzantine-lab/mcl/Makefile
new file mode 100644
index 000000000..7df1dd300
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/Makefile
@@ -0,0 +1,373 @@
+include common.mk
+LIB_DIR=lib
+OBJ_DIR=obj
+EXE_DIR=bin
+SRC_SRC=fp.cpp bn_c256.cpp bn_c384.cpp bn_c512.cpp she_c256.cpp
+TEST_SRC=fp_test.cpp ec_test.cpp fp_util_test.cpp window_method_test.cpp elgamal_test.cpp fp_tower_test.cpp gmp_test.cpp bn_test.cpp bn384_test.cpp glv_test.cpp paillier_test.cpp she_test.cpp vint_test.cpp bn512_test.cpp ecdsa_test.cpp conversion_test.cpp
+TEST_SRC+=bn_c256_test.cpp bn_c384_test.cpp bn_c384_256_test.cpp bn_c512_test.cpp she_c256_test.cpp she_c384_test.cpp
+TEST_SRC+=aggregate_sig_test.cpp array_test.cpp
+TEST_SRC+=bls12_test.cpp
+TEST_SRC+=ecdsa_c_test.cpp
+TEST_SRC+=modp_test.cpp
+ifeq ($(CPU),x86-64)
+ MCL_USE_XBYAK?=1
+ TEST_SRC+=mont_fp_test.cpp sq_test.cpp
+ ifeq ($(USE_LOW_ASM),1)
+ TEST_SRC+=low_test.cpp
+ endif
+ ifeq ($(MCL_USE_XBYAK),1)
+ TEST_SRC+=fp_generator_test.cpp
+ endif
+endif
+SAMPLE_SRC=bench.cpp ecdh.cpp random.cpp rawbench.cpp vote.cpp pairing.cpp large.cpp tri-dh.cpp bls_sig.cpp pairing_c.c she_smpl.cpp
+
+ifneq ($(MCL_MAX_BIT_SIZE),)
+ CFLAGS+=-DMCL_MAX_BIT_SIZE=$(MCL_MAX_BIT_SIZE)
+endif
+ifeq ($(MCL_USE_XBYAK),0)
+ CFLAGS+=-DMCL_DONT_USE_XBYAK
+endif
+##################################################################
+MCL_LIB=$(LIB_DIR)/libmcl.a
+MCL_SNAME=mcl
+BN256_SNAME=mclbn256
+BN384_SNAME=mclbn384
+BN384_256_SNAME=mclbn384_256
+BN512_SNAME=mclbn512
+SHE256_SNAME=mclshe256
+MCL_SLIB=$(LIB_DIR)/lib$(MCL_SNAME).$(LIB_SUF)
+BN256_LIB=$(LIB_DIR)/libmclbn256.a
+BN256_SLIB=$(LIB_DIR)/lib$(BN256_SNAME).$(LIB_SUF)
+BN384_LIB=$(LIB_DIR)/libmclbn384.a
+BN384_SLIB=$(LIB_DIR)/lib$(BN384_SNAME).$(LIB_SUF)
+BN384_256_LIB=$(LIB_DIR)/libmclbn384_256.a
+BN384_256_SLIB=$(LIB_DIR)/lib$(BN384_256_SNAME).$(LIB_SUF)
+BN512_LIB=$(LIB_DIR)/libmclbn512.a
+BN512_SLIB=$(LIB_DIR)/lib$(BN512_SNAME).$(LIB_SUF)
+SHE256_LIB=$(LIB_DIR)/libmclshe256.a
+SHE256_SLIB=$(LIB_DIR)/lib$(SHE256_SNAME).$(LIB_SUF)
+SHE384_LIB=$(LIB_DIR)/libmclshe384.a
+ECDSA_LIB=$(LIB_DIR)/libmclecdsa.a
+all: $(MCL_LIB) $(MCL_SLIB) $(BN256_LIB) $(BN256_SLIB) $(BN384_LIB) $(BN384_SLIB) $(BN384_256_LIB) $(BN384_256_SLIB) $(BN512_LIB) $(BN512_SLIB) $(SHE256_LIB) $(SHE256_SLIB) $(SHE384_lib) $(ECDSA_LIB)
+
+#LLVM_VER=-3.8
+LLVM_LLC=llc$(LLVM_VER)
+LLVM_OPT=opt$(LLVM_VER)
+LLVM_OPT_VERSION=$(shell $(LLVM_OPT) --version 2>/dev/null | awk '/version/ {print $$3}')
+GEN_EXE=src/gen
+# incompatibility between llvm 3.4 and the later version
+ifneq ($(LLVM_OPT_VERSION),)
+ifeq ($(shell expr $(LLVM_OPT_VERSION) \< 3.5.0),1)
+ GEN_EXE_OPT=-old
+endif
+endif
+ifeq ($(OS),mac)
+ ASM_SRC_PATH_NAME=src/asm/$(CPU)mac
+else
+ ASM_SRC_PATH_NAME=src/asm/$(CPU)
+endif
+ifneq ($(CPU),)
+ ASM_SRC=$(ASM_SRC_PATH_NAME).s
+endif
+ASM_OBJ=$(OBJ_DIR)/$(CPU).o
+LIB_OBJ=$(OBJ_DIR)/fp.o
+BN256_OBJ=$(OBJ_DIR)/bn_c256.o
+BN384_OBJ=$(OBJ_DIR)/bn_c384.o
+BN384_256_OBJ=$(OBJ_DIR)/bn_c384_256.o
+BN512_OBJ=$(OBJ_DIR)/bn_c512.o
+SHE256_OBJ=$(OBJ_DIR)/she_c256.o
+SHE384_OBJ=$(OBJ_DIR)/she_c384.o
+ECDSA_OBJ=$(OBJ_DIR)/ecdsa_c.o
+FUNC_LIST=src/func.list
+ifeq ($(findstring $(OS),mingw64/cygwin),)
+ MCL_USE_LLVM?=1
+else
+ MCL_USE_LLVM=0
+endif
+ifeq ($(MCL_USE_LLVM),1)
+ CFLAGS+=-DMCL_USE_LLVM=1
+ LIB_OBJ+=$(ASM_OBJ)
+ # special case for intel with bmi2
+ ifeq ($(INTEL),1)
+ LIB_OBJ+=$(OBJ_DIR)/$(CPU).bmi2.o
+ endif
+endif
+LLVM_SRC=src/base$(BIT).ll
+
+# CPU is used for llvm
+# see $(LLVM_LLC) --version
+LLVM_FLAGS=-march=$(CPU) -relocation-model=pic #-misched=ilpmax
+LLVM_FLAGS+=-pre-RA-sched=list-ilp -max-sched-reorder=128 -mattr=-sse
+
+#HAS_BMI2=$(shell cat "/proc/cpuinfo" | grep bmi2 >/dev/null && echo "1")
+#ifeq ($(HAS_BMI2),1)
+# LLVM_FLAGS+=-mattr=bmi2
+#endif
+
+ifeq ($(USE_LOW_ASM),1)
+ LOW_ASM_OBJ=$(LOW_ASM_SRC:.asm=.o)
+ LIB_OBJ+=$(LOW_ASM_OBJ)
+endif
+
+ifeq ($(UPDATE_ASM),1)
+ ASM_SRC_DEP=$(LLVM_SRC)
+ ASM_BMI2_SRC_DEP=src/base$(BIT).bmi2.ll
+else
+ ASM_SRC_DEP=
+ ASM_BMI2_SRC_DEP=
+endif
+
+ifneq ($(findstring $(OS),mac/mingw64),)
+ BN256_SLIB_LDFLAGS+=-l$(MCL_SNAME) -L./lib
+ BN384_SLIB_LDFLAGS+=-l$(MCL_SNAME) -L./lib
+ BN384_256_SLIB_LDFLAGS+=-l$(MCL_SNAME) -L./lib
+ BN512_SLIB_LDFLAGS+=-l$(MCL_SNAME) -L./lib
+ SHE256_SLIB_LDFLAGS+=-l$(MCL_SNAME) -L./lib
+endif
+ifeq ($(OS),mingw64)
+ MCL_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(MCL_SNAME).a
+ BN256_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BN256_SNAME).a
+ BN384_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BN384_SNAME).a
+ BN384_256_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BN384_256_SNAME).a
+ BN512_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(BN512_SNAME).a
+ SHE256_SLIB_LDFLAGS+=-Wl,--out-implib,$(LIB_DIR)/lib$(SHE256_SNAME).a
+endif
+
+$(MCL_LIB): $(LIB_OBJ)
+ $(AR) $@ $(LIB_OBJ)
+
+$(MCL_SLIB): $(LIB_OBJ)
+ $(PRE)$(CXX) -o $@ $(LIB_OBJ) -shared $(LDFLAGS) $(MCL_SLIB_LDFLAGS)
+
+$(BN256_LIB): $(BN256_OBJ)
+ $(AR) $@ $(BN256_OBJ)
+
+$(SHE256_LIB): $(SHE256_OBJ)
+ $(AR) $@ $(SHE256_OBJ)
+
+$(SHE256_SLIB): $(SHE256_OBJ) $(MCL_LIB)
+ $(PRE)$(CXX) -o $@ $(SHE256_OBJ) $(MCL_LIB) -shared $(LDFLAGS) $(SHE256_SLIB_LDFLAGS)
+
+$(SHE384_LIB): $(SHE384_OBJ)
+ $(AR) $@ $(SHE384_OBJ)
+
+$(ECDSA_LIB): $(ECDSA_OBJ)
+ $(AR) $@ $(ECDSA_OBJ)
+
+$(BN256_SLIB): $(BN256_OBJ) $(MCL_SLIB)
+ $(PRE)$(CXX) -o $@ $(BN256_OBJ) -shared $(LDFLAGS) $(BN256_SLIB_LDFLAGS)
+
+$(BN384_LIB): $(BN384_OBJ)
+ $(AR) $@ $(BN384_OBJ)
+
+$(BN384_256_LIB): $(BN384_256_OBJ)
+ $(AR) $@ $(BN384_256_OBJ)
+
+$(BN512_LIB): $(BN512_OBJ)
+ $(AR) $@ $(BN512_OBJ)
+
+$(BN384_SLIB): $(BN384_OBJ) $(MCL_SLIB)
+ $(PRE)$(CXX) -o $@ $(BN384_OBJ) -shared $(LDFLAGS) $(BN384_SLIB_LDFLAGS)
+
+$(BN384_256_SLIB): $(BN384_256_OBJ) $(MCL_SLIB)
+ $(PRE)$(CXX) -o $@ $(BN384_256_OBJ) -shared $(LDFLAGS) $(BN384_256_SLIB_LDFLAGS)
+
+$(BN512_SLIB): $(BN512_OBJ) $(MCL_SLIB)
+ $(PRE)$(CXX) -o $@ $(BN512_OBJ) -shared $(LDFLAGS) $(BN512_SLIB_LDFLAGS)
+
+$(ASM_OBJ): $(ASM_SRC)
+ $(PRE)$(CXX) -c $< -o $@ $(CFLAGS)
+
+$(ASM_SRC): $(ASM_SRC_DEP)
+ $(LLVM_OPT) -O3 -o - $< -march=$(CPU) | $(LLVM_LLC) -O3 -o $@ $(LLVM_FLAGS)
+
+$(LLVM_SRC): $(GEN_EXE) $(FUNC_LIST)
+ $(GEN_EXE) $(GEN_EXE_OPT) -f $(FUNC_LIST) > $@
+
+$(ASM_SRC_PATH_NAME).bmi2.s: $(ASM_BMI2_SRC_DEP)
+ $(LLVM_OPT) -O3 -o - $< -march=$(CPU) | $(LLVM_LLC) -O3 -o $@ $(LLVM_FLAGS) -mattr=bmi2
+
+$(OBJ_DIR)/$(CPU).bmi2.o: $(ASM_SRC_PATH_NAME).bmi2.s
+ $(PRE)$(CXX) -c $< -o $@ $(CFLAGS)
+
+src/base$(BIT).bmi2.ll: $(GEN_EXE)
+ $(GEN_EXE) $(GEN_EXE_OPT) -f $(FUNC_LIST) -s bmi2 > $@
+
+src/base64m.ll: $(GEN_EXE)
+ $(GEN_EXE) $(GEN_EXE_OPT) -wasm > $@
+
+$(FUNC_LIST): $(LOW_ASM_SRC)
+ifeq ($(USE_LOW_ASM),1)
+ $(shell awk '/global/ { print $$2}' $(LOW_ASM_SRC) > $(FUNC_LIST))
+ $(shell awk '/proc/ { print $$2}' $(LOW_ASM_SRC) >> $(FUNC_LIST))
+else
+ $(shell touch $(FUNC_LIST))
+endif
+
+$(GEN_EXE): src/gen.cpp src/llvm_gen.hpp
+ $(CXX) -o $@ $< $(CFLAGS)
+
+asm: $(LLVM_SRC)
+ $(LLVM_OPT) -O3 -o - $(LLVM_SRC) | $(LLVM_LLC) -O3 $(LLVM_FLAGS) -x86-asm-syntax=intel
+
+$(LOW_ASM_OBJ): $(LOW_ASM_SRC)
+ $(ASM) $<
+
+# set PATH for mingw, set LD_LIBRARY_PATH is for other env
+COMMON_LIB_PATH="../../../lib"
+PATH_VAL=$$PATH:$(COMMON_LIB_PATH) LD_LIBRARY_PATH=$(COMMON_LIB_PATH) DYLD_LIBRARY_PATH=$(COMMON_LIB_PATH) CGO_CFLAGS="-I$(shell pwd)/include" CGO_LDFLAGS="-L../../../lib"
+test_go256: $(MCL_SLIB) $(BN256_SLIB)
+ cd ffi/go/mcl && env PATH=$(PATH_VAL) go test -tags bn256 .
+
+test_go384: $(MCL_SLIB) $(BN384_SLIB)
+ cd ffi/go/mcl && env PATH=$(PATH_VAL) go test -tags bn384 .
+
+test_go384_256: $(MCL_SLIB) $(BN384_256_SLIB)
+ cd ffi/go/mcl && env PATH=$(PATH_VAL) go test -tags bn384_256 .
+
+test_go:
+ $(MAKE) test_go256
+ $(MAKE) test_go384
+ $(MAKE) test_go384_256
+
+test_python_she: $(SHE256_SLIB)
+ cd ffi/python && env LD_LIBRARY_PATH="../../lib" DYLD_LIBRARY_PATH="../../lib" PATH=$$PATH:"../../lib" python3 she.py
+test_python:
+ $(MAKE) test_python_she
+
+test_java:
+ $(MAKE) -C ffi/java test
+
+##################################################################
+
+VPATH=test sample src
+
+.SUFFIXES: .cpp .d .exe .c .o
+
+$(OBJ_DIR)/%.o: %.cpp
+ $(PRE)$(CXX) $(CFLAGS) -c $< -o $@ -MMD -MP -MF $(@:.o=.d)
+
+$(OBJ_DIR)/%.o: %.c
+ $(PRE)$(CC) $(CFLAGS) -c $< -o $@ -MMD -MP -MF $(@:.o=.d)
+
+$(EXE_DIR)/%.exe: $(OBJ_DIR)/%.o $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/bn_c256_test.exe: $(OBJ_DIR)/bn_c256_test.o $(BN256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BN256_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/bn_c384_test.exe: $(OBJ_DIR)/bn_c384_test.o $(BN384_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BN384_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/bn_c384_256_test.exe: $(OBJ_DIR)/bn_c384_256_test.o $(BN384_256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BN384_256_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/bn_c512_test.exe: $(OBJ_DIR)/bn_c512_test.o $(BN512_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(BN512_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/pairing_c.exe: $(OBJ_DIR)/pairing_c.o $(BN256_LIB) $(MCL_LIB)
+ $(PRE)$(CC) $< -o $@ $(BN256_LIB) $(MCL_LIB) $(LDFLAGS) -lstdc++
+
+$(EXE_DIR)/she_c256_test.exe: $(OBJ_DIR)/she_c256_test.o $(SHE256_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(SHE256_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/she_c384_test.exe: $(OBJ_DIR)/she_c384_test.o $(SHE384_LIB) $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(SHE384_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(EXE_DIR)/ecdsa_c_test.exe: $(OBJ_DIR)/ecdsa_c_test.o $(ECDSA_LIB) $(MCL_LIB) src/ecdsa_c.cpp include/mcl/ecdsa.hpp include/mcl/ecdsa.h
+ $(PRE)$(CXX) $< -o $@ $(ECDSA_LIB) $(MCL_LIB) $(LDFLAGS)
+
+$(OBJ_DIR)/modp_test.o: test/modp_test.cpp
+ $(PRE)$(CXX) -c $< -o $@ -MMD -MP -MF $(@:.o=.d) -DMCL_USE_VINT -DMCL_MAX_BIT_SIZE=384 -DMCL_VINT_64BIT_PORTABLE -DMCL_SIZEOF_UNIT=8 -DMCL_VINT_FIXED_BUFFER -I./include -O2 $(CFLAGS_WARN)
+
+$(EXE_DIR)/modp_test.exe: $(OBJ_DIR)/modp_test.o
+ $(PRE)$(CXX) $< -o $@
+
+SAMPLE_EXE=$(addprefix $(EXE_DIR)/,$(addsuffix .exe,$(basename $(SAMPLE_SRC))))
+sample: $(SAMPLE_EXE) $(MCL_LIB)
+
+TEST_EXE=$(addprefix $(EXE_DIR)/,$(TEST_SRC:.cpp=.exe))
+test_ci: $(TEST_EXE)
+ @sh -ec 'for i in $(TEST_EXE); do echo $$i; env LSAN_OPTIONS=verbosity=1:log_threads=1 $$i; done'
+test: $(TEST_EXE)
+ @echo test $(TEST_EXE)
+ @sh -ec 'for i in $(TEST_EXE); do $$i|grep "ctest:name"; done' > result.txt
+ @grep -v "ng=0, exception=0" result.txt; if [ $$? -eq 1 ]; then echo "all unit tests succeed"; else exit 1; fi
+
+EMCC_OPT=-I./include -I./src -Wall -Wextra
+EMCC_OPT+=-O3 -DNDEBUG -DMCLSHE_WIN_SIZE=8
+EMCC_OPT+=-s WASM=1 -s NO_EXIT_RUNTIME=1 -s MODULARIZE=1 #-s ASSERTIONS=1
+EMCC_OPT+=-DCYBOZU_MINIMUM_EXCEPTION
+EMCC_OPT+=-s ABORTING_MALLOC=0
+SHE_C_DEP=src/fp.cpp src/she_c_impl.hpp include/mcl/she.hpp include/mcl/fp.hpp include/mcl/op.hpp include/mcl/she.h Makefile
+MCL_C_DEP=src/fp.cpp include/mcl/impl/bn_c_impl.hpp include/mcl/bn.hpp include/mcl/fp.hpp include/mcl/op.hpp include/mcl/bn.h Makefile
+ifeq ($(MCL_USE_LLVM),2)
+ EMCC_OPT+=src/base64m.ll -DMCL_USE_LLVM
+ SHE_C_DEP+=src/base64m.ll
+endif
+../she-wasm/she_c.js: src/she_c256.cpp $(SHE_C_DEP)
+ emcc -o $@ src/fp.cpp src/she_c256.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=256 -s TOTAL_MEMORY=67108864 -s DISABLE_EXCEPTION_CATCHING=0
+
+../she-wasm/she_c384.js: src/she_c384.cpp $(SHE_C_DEP)
+ emcc -o $@ src/fp.cpp src/she_c384.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=384 -s TOTAL_MEMORY=67108864 -s DISABLE_EXCEPTION_CATCHING=0
+
+../mcl-wasm/mcl_c.js: src/bn_c256.cpp $(MCL_C_DEP)
+ emcc -o $@ src/fp.cpp src/bn_c256.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=256 -DMCL_USE_WEB_CRYPTO_API -s DISABLE_EXCEPTION_CATCHING=1 -DCYBOZU_DONT_USE_EXCEPTION -DCYBOZU_DONT_USE_STRING -fno-exceptions -MD -MP -MF obj/mcl_c.d
+
+../mcl-wasm/mcl_c512.js: src/bn_c512.cpp $(MCL_C_DEP)
+ emcc -o $@ src/fp.cpp src/bn_c512.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=512 -DMCL_USE_WEB_CRYPTO_API -s DISABLE_EXCEPTION_CATCHING=1 -DCYBOZU_DONT_USE_EXCEPTION -DCYBOZU_DONT_USE_STRING -fno-exceptions
+
+../ecdsa-wasm/ecdsa_c.js: src/ecdsa_c.cpp src/fp.cpp include/mcl/ecdsa.hpp include/mcl/ecdsa.h Makefile
+ emcc -o $@ src/fp.cpp src/ecdsa_c.cpp $(EMCC_OPT) -DMCL_MAX_BIT_SIZE=256 -DMCL_USE_WEB_CRYPTO_API -s DISABLE_EXCEPTION_CATCHING=1 -DCYBOZU_DONT_USE_EXCEPTION -DCYBOZU_DONT_USE_STRING -fno-exceptions
+
+mcl-wasm:
+ $(MAKE) ../mcl-wasm/mcl_c.js
+ $(MAKE) ../mcl-wasm/mcl_c512.js
+
+she-wasm:
+ $(MAKE) ../she-wasm/she_c.js
+ $(MAKE) ../she-wasm/she_c384.js
+
+ecdsa-wasm:
+ $(MAKE) ../ecdsa-wasm/ecdsa_c.js
+
+# test
+bin/emu:
+ $(CXX) -g -o $@ src/fp.cpp src/bn_c256.cpp test/bn_c256_test.cpp -DMCL_DONT_USE_XBYAK -DMCL_DONT_USE_OPENSSL -DMCL_USE_VINT -DMCL_SIZEOF_UNIT=8 -DMCL_VINT_64BIT_PORTABLE -DMCL_VINT_FIXED_BUFFER -DMCL_MAX_BIT_SIZE=256 -I./include
+bin/pairing_c_min.exe: sample/pairing_c.c include/mcl/vint.hpp src/fp.cpp include/mcl/bn.hpp
+# $(CXX) -o $@ sample/pairing_c.c src/fp.cpp src/bn_c256.cpp -O2 -g -I./include -fno-exceptions -fno-rtti -fno-threadsafe-statics -DMCL_DONT_USE_XBYAK -DMCL_DONT_USE_OPENSSL -DMCL_USE_VINT -DMCL_SIZEOF_UNIT=8 -DMCL_VINT_FIXED_BUFFER -DCYBOZU_DONT_USE_EXCEPTION -DCYBOZU_DONT_USE_STRING -DMCL_DONT_USE_CSPRNG -DMCL_MAX_BIT_SIZE=256 -DMCL_VINT_64BIT_PORTABLE -DNDEBUG -pg
+ $(CXX) -o $@ sample/pairing_c.c src/fp.cpp src/bn_c256.cpp -O2 -g -I./include -fno-threadsafe-statics -DMCL_DONT_USE_XBYAK -DMCL_DONT_USE_OPENSSL -DMCL_USE_VINT -DMCL_SIZEOF_UNIT=8 -DMCL_VINT_FIXED_BUFFER -DMCL_DONT_USE_CSPRNG -DMCL_MAX_BIT_SIZE=256 -DMCL_VINT_64BIT_PORTABLE -DNDEBUG
+
+make_tbl:
+ $(MAKE) ../bls/src/qcoeff-bn254.hpp
+
+../bls/src/qcoeff-bn254.hpp: $(MCL_LIB) misc/precompute.cpp
+ $(CXX) -o misc/precompute misc/precompute.cpp $(CFLAGS) $(MCL_LIB) $(LDFLAGS)
+ ./misc/precompute > ../bls/src/qcoeff-bn254.hpp
+
+update_xbyak:
+ cp -a ../xbyak/xbyak/xbyak.h ../xbyak/xbyak/xbyak_util.h ../xbyak/xbyak/xbyak_mnemonic.h src/xbyak/
+
+update_cybozulib:
+ cp -a $(addprefix ../cybozulib/,$(wildcard include/cybozu/*.hpp)) include/cybozu/
+
+clean:
+ $(RM) $(LIB_DIR)/*.a $(LIB_DIR)/*.$(LIB_SUF) $(OBJ_DIR)/*.o $(OBJ_DIR)/*.obj $(OBJ_DIR)/*.d $(EXE_DIR)/*.exe $(GEN_EXE) $(ASM_OBJ) $(LIB_OBJ) $(BN256_OBJ) $(BN384_OBJ) $(BN512_OBJ) $(LLVM_SRC) $(FUNC_LIST) src/*.ll lib/*.a
+
+ALL_SRC=$(SRC_SRC) $(TEST_SRC) $(SAMPLE_SRC)
+DEPEND_FILE=$(addprefix $(OBJ_DIR)/, $(addsuffix .d,$(basename $(ALL_SRC))))
+-include $(DEPEND_FILE)
+
+PREFIX?=/usr/local
+install: lib/libmcl.a lib/libmcl.$(LIB_SUF)
+ $(MKDIR) $(PREFIX)/include/mcl
+ cp -a include/mcl/ $(PREFIX)/include/
+ cp -a include/cybozu/ $(PREFIX)/include/
+ $(MKDIR) $(PREFIX)/lib
+ cp -a lib/libmcl.a lib/libmcl.$(LIB_SUF) $(PREFIX)/lib/
+
+.PHONY: test mcl-wasm she-wasm bin/emu
+
+# don't remove these files automatically
+.SECONDARY: $(addprefix $(OBJ_DIR)/, $(ALL_SRC:.cpp=.o))
+
diff --git a/vendor/github.com/byzantine-lab/mcl/bench.txt b/vendor/github.com/byzantine-lab/mcl/bench.txt
new file mode 100644
index 000000000..35e47dca5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/bench.txt
@@ -0,0 +1,114 @@
+-----------------------------------------------------------------------------
+Core i7-7700@3.6GHz Firefox 58.0.1(64-bit)
+ BN254 Fp381_1 Fp462
+op msec
+Fr::setByCSPRNG 0.022 0.021 0.019
+pairing 2.446 7.353 14.596
+millerLoop 1.467 4.219 8.598
+finalExp 0.97 3.127 6.005
+precomputedMillerLoop 1.087 3.171 6.305
+G1::add 0.007 0.01 0.014
+G1::dbl 0.005 0.007 0.011
+G1::mul 0.479 1.529 3.346
+G2::add 0.013 0.022 0.033
+G2::dbl 0.01 0.016 0.025
+G2::mul 0.989 2.955 5.921
+hashAndMapToG1 0.135 0.309 0.76
+hashAndMapToG2 2.14 6.44 14.249
+Fr::add 0.004 0.003 0.003
+Fr::mul 0.004 0.004 0.005
+Fr::sqr 0.003 0.003 0.004
+Fr::inv 0.025 0.038 0.05
+GT::add 0.005 0.004 0.005
+GT::mul 0.016 0.027 0.041
+GT::sqr 0.012 0.018 0.028
+GT::inv 0.051 0.081 0.122
+
+-----------------------------------------------------------------------------
+iPhone7 iOS 11.2.1 Safari/604.1
+ BN254 Fp381_1 Fp462
+op msec
+Fr::setByCSPRNG 0.041 0.038 0.154
+pairing 3.9 11.752 22.578
+millerLoop 2.29 6.55 13.067
+finalExp 1.501 4.741 9.016
+precomputedMillerLoop 1.675 4.818 9.492
+G1::add 0.006 0.015 0.018
+G1::dbl 0.005 0.01 0.019
+G1::mul 0.843 2.615 5.339
+G2::add 0.015 0.03 0.048
+G2::dbl 0.011 0.022 0.034
+G2::mul 1.596 4.581 9.077
+hashAndMapToG1 0.212 0.507 1.201
+hashAndMapToG2 3.486 9.93 21.817
+Fr::add 0.002 0.002 0.002
+Fr::mul 0.002 0.003 0.003
+Fr::sqr 0.002 0.003 0.004
+Fr::inv 0.037 0.062 0.078
+GT::add 0.003 0.003 0.003
+GT::mul 0.021 0.037 0.058
+GT::sqr 0.014 0.026 0.04
+GT::inv 0.074 0.131 0.19
+-----------------------------------------------------------------------------
+Core i7-7700@3.6GHz Linux gcc.5.4.0
+
+ BN254 Fp381_1 Fp462
+G1::mulCT 202.807Kclk 597.410Kclk 1.658Mclk
+G1::mulCTsmall 200.968Kclk 596.074Kclk 1.650Mclk
+G1::mul 185.935Kclk 555.147Kclk 1.495Mclk
+G1::mulsmall 1.856Kclk 3.740Kclk 8.054Kclk
+G1::add 866.89 clk 1.710Kclk 3.663Kclk
+G1::dbl 798.60 clk 1.770Kclk 3.755Kclk
+G2::mulCT 391.655Kclk 1.351Mclk 3.102Mclk
+G2::mulCTsmall 369.134Kclk 1.358Mclk 3.105Mclk
+G2::mul 400.098Kclk 1.277Mclk 3.009Mclk
+G2::mulsmall 5.774Kclk 12.806Kclk 25.374Kclk
+G2::add 2.696Kclk 7.547Kclk 14.683Kclk
+G2::dbl 2.600Kclk 5.366Kclk 10.436Kclk
+GT::pow 727.157Kclk 1.991Mclk 4.364Mclk
+hashAndMapToG1 27.953Kclk 87.291Kclk 200.972Kclk
+hashAndMapToG2 775.186Kclk 2.629Mclk 6.937Mclk
+Fp::add 11.48 clk 69.54 clk 21.36 clk
+Fp::mul 63.11 clk 134.90 clk 303.75 clk
+Fp::sqr 64.39 clk 134.29 clk 305.38 clk
+Fp::inv 2.302Kclk 4.185Kclk 5.485Kclk
+GT::add 180.93 clk 247.70 clk 256.55 clk
+GT::mul 5.278Kclk 10.887Kclk 19.844Kclk
+GT::sqr 3.666Kclk 7.444Kclk 13.694Kclk
+GT::inv 11.322Kclk 22.480Kclk 41.796Kclk
+pairing 1.044Mclk 3.445Mclk 7.789Mclk
+millerLoop 634.214Kclk 1.913Mclk 4.466Mclk
+finalExp 423.413Kclk 1.535Mclk 3.328Mclk
+precomputedML 479.849Kclk 1.461Mclk 3.299Mclk
+-----------------------------------------------------------------------------
+
+1.2GHz ARM Cortex-A53 [HiKey] Linux gcc 4.9.2
+
+ BN254 Fp381_1 Fp462
+G1::mulCT 858.149usec 2.780msec 8.507msec
+G1::mulCTsmall 854.535usec 2.773msec 8.499msec
+G1::mul 743.100usec 2.484msec 7.536msec
+G1::mulsmall 7.680usec 16.528usec 41.818usec
+G1::add 3.347usec 7.363usec 18.544usec
+G1::dbl 3.294usec 7.351usec 18.472usec
+G2::mulCT 1.627msec 5.083msec 12.142msec
+G2::mulCTsmall 1.534msec 5.124msec 12.125msec
+G2::mul 1.677msec 4.806msec 11.757msec
+G2::mulsmall 23.581usec 48.504usec 96.780usec
+G2::add 10.751usec 27.759usec 54.392usec
+G2::dbl 10.076usec 20.625usec 42.032usec
+GT::pow 2.662msec 7.091msec 14.042msec
+hashAndMapToG1 111.256usec 372.665usec 1.031msec
+hashAndMapToG2 3.199msec 10.168msec 27.391msec
+Fp::add 27.19nsec 38.02nsec 45.68nsec
+Fp::mul 279.17nsec 628.44nsec 1.662usec
+Fp::sqr 276.56nsec 651.67nsec 1.675usec
+Fp::inv 9.743usec 14.364usec 18.116usec
+GT::add 373.18nsec 530.62nsec 625.26nsec
+GT::mul 19.557usec 38.623usec 63.111usec
+GT::sqr 13.345usec 26.218usec 43.008usec
+GT::inv 44.119usec 84.581usec 153.046usec
+pairing 3.913msec 12.606msec 26.818msec
+millerLoop 2.402msec 7.202msec 15.711msec
+finalExp 1.506msec 5.395msec 11.098msec
+precomputedML 1.815msec 5.447msec 11.094msec
diff --git a/vendor/github.com/byzantine-lab/mcl/common.mk b/vendor/github.com/byzantine-lab/mcl/common.mk
new file mode 100644
index 000000000..5c749e1a6
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/common.mk
@@ -0,0 +1,117 @@
+GCC_VER=$(shell $(PRE)$(CC) -dumpversion)
+UNAME_S=$(shell uname -s)
+ifeq ($(UNAME_S),Linux)
+ OS=Linux
+endif
+ifeq ($(findstring MINGW64,$(UNAME_S)),MINGW64)
+ OS=mingw64
+ CFLAGS+=-D__USE_MINGW_ANSI_STDIO=1
+endif
+ifeq ($(findstring CYGWIN,$(UNAME_S)),CYGWIN)
+ OS=cygwin
+endif
+ifeq ($(UNAME_S),Darwin)
+ OS=mac
+ ARCH=x86_64
+ LIB_SUF=dylib
+ OPENSSL_DIR?=/usr/local/opt/openssl
+ CFLAGS+=-I$(OPENSSL_DIR)/include
+ LDFLAGS+=-L$(OPENSSL_DIR)/lib
+ GMP_DIR?=/usr/local/opt/gmp
+ CFLAGS+=-I$(GMP_DIR)/include
+ LDFLAGS+=-L$(GMP_DIR)/lib
+else
+ LIB_SUF=so
+endif
+ARCH?=$(shell uname -m)
+ifneq ($(findstring $(ARCH),x86_64/amd64),)
+ CPU=x86-64
+ INTEL=1
+ ifeq ($(findstring $(OS),mingw64/cygwin),)
+ GCC_EXT=1
+ endif
+ BIT=64
+ BIT_OPT=-m64
+ #LOW_ASM_SRC=src/asm/low_x86-64.asm
+ #ASM=nasm -felf64
+endif
+ifeq ($(ARCH),x86)
+ CPU=x86
+ INTEL=1
+ BIT=32
+ BIT_OPT=-m32
+ #LOW_ASM_SRC=src/asm/low_x86.asm
+endif
+ifeq ($(ARCH),armv7l)
+ CPU=arm
+ BIT=32
+ #LOW_ASM_SRC=src/asm/low_arm.s
+endif
+ifeq ($(ARCH),aarch64)
+ CPU=aarch64
+ BIT=64
+endif
+ifeq ($(findstring $(OS),mac/mingw64),)
+ LDFLAGS+=-lrt
+endif
+
+CP=cp -f
+AR=ar r
+MKDIR=mkdir -p
+RM=rm -rf
+
+ifeq ($(DEBUG),1)
+ ifeq ($(GCC_EXT),1)
+ CFLAGS+=-fsanitize=address
+ LDFLAGS+=-fsanitize=address
+ endif
+else
+ CFLAGS_OPT+=-fomit-frame-pointer -DNDEBUG
+ ifeq ($(CXX),clang++)
+ CFLAGS_OPT+=-O3
+ else
+ ifeq ($(shell expr $(GCC_VER) \> 4.6.0),1)
+ CFLAGS_OPT+=-Ofast
+ else
+ CFLAGS_OPT+=-O3
+ endif
+ endif
+ ifeq ($(MARCH),)
+ ifeq ($(INTEL),1)
+# CFLAGS_OPT+=-march=native
+ endif
+ else
+ CFLAGS_OPT+=$(MARCH)
+ endif
+endif
+CFLAGS_WARN=-Wall -Wextra -Wformat=2 -Wcast-qual -Wcast-align -Wwrite-strings -Wfloat-equal -Wpointer-arith
+CFLAGS+=-g3
+INC_OPT=-I include -I test
+CFLAGS+=$(CFLAGS_WARN) $(BIT_OPT) $(INC_OPT)
+DEBUG=0
+CFLAGS_OPT_USER?=$(CFLAGS_OPT)
+ifeq ($(DEBUG),0)
+CFLAGS+=$(CFLAGS_OPT_USER)
+endif
+CFLAGS+=$(CFLAGS_USER)
+MCL_USE_GMP?=1
+MCL_USE_OPENSSL?=1
+ifeq ($(MCL_USE_GMP),0)
+ CFLAGS+=-DMCL_USE_VINT
+endif
+ifneq ($(MCL_SIZEOF_UNIT),)
+ CFLAGS+=-DMCL_SIZEOF_UNIT=$(MCL_SIZEOF_UNIT)
+endif
+ifeq ($(MCL_USE_OPENSSL),0)
+ CFLAGS+=-DMCL_DONT_USE_OPENSSL
+endif
+ifeq ($(MCL_USE_GMP),1)
+ GMP_LIB=-lgmp -lgmpxx
+endif
+ifeq ($(MCL_USE_OPENSSL),1)
+ OPENSSL_LIB=-lcrypto
+endif
+LDFLAGS+=$(GMP_LIB) $(OPENSSL_LIB) $(BIT_OPT) $(LDFLAGS_USER)
+
+CFLAGS+=-fPIC
+
diff --git a/vendor/github.com/byzantine-lab/mcl/common.props b/vendor/github.com/byzantine-lab/mcl/common.props
new file mode 100644
index 000000000..912f39e30
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/common.props
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup>
+ <OutDir>$(SolutionDir)bin\</OutDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <AdditionalIncludeDirectories>$(SolutionDir)../cybozulib/include;$(SolutionDir)../cybozulib_ext/include;$(SolutionDir)include;$(SolutionDir)../xbyak</AdditionalIncludeDirectories>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <WarningLevel>Level4</WarningLevel>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ <PrecompiledHeaderFile />
+ <PrecompiledHeaderOutputFile />
+ <PreprocessorDefinitions>_MBCS;%(PreprocessorDefinitions);NOMINMAX</PreprocessorDefinitions>
+ </ClCompile>
+ <Link>
+ <AdditionalLibraryDirectories>$(SolutionDir)../cybozulib_ext/lib;$(SolutionDir)lib</AdditionalLibraryDirectories>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project>
diff --git a/vendor/github.com/byzantine-lab/mcl/debug.props b/vendor/github.com/byzantine-lab/mcl/debug.props
new file mode 100644
index 000000000..1553ae0dc
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/debug.props
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup>
+ <TargetName>$(ProjectName)d</TargetName>
+ </PropertyGroup>
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/App.config b/vendor/github.com/byzantine-lab/mcl/ffi/cs/App.config
new file mode 100644
index 000000000..88fa4027b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/App.config
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+ <startup>
+ <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
+ </startup>
+</configuration> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/Properties/AssemblyInfo.cs b/vendor/github.com/byzantine-lab/mcl/ffi/cs/Properties/AssemblyInfo.cs
new file mode 100644
index 000000000..c87e1d44b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/Properties/AssemblyInfo.cs
@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// アセンブリã«é–¢ã™ã‚‹ä¸€èˆ¬æƒ…å ±ã¯ä»¥ä¸‹ã®å±žæ€§ã‚»ãƒƒãƒˆã‚’ã¨ãŠã—ã¦åˆ¶å¾¡ã•ã‚Œã¾ã™ã€‚
+// アセンブリã«é–¢é€£ä»˜ã‘られã¦ã„る情報を変更ã™ã‚‹ã«ã¯ã€
+// ã“れらã®å±žæ€§å€¤ã‚’変更ã—ã¦ãã ã•ã„。
+[assembly: AssemblyTitle("bn256")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("bn256")]
+[assembly: AssemblyCopyright("Copyright © 2017")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// ComVisible ã‚’ false ã«è¨­å®šã™ã‚‹ã¨ã€ãã®åž‹ã¯ã“ã®ã‚¢ã‚»ãƒ³ãƒ–リ内㧠COM コンãƒãƒ¼ãƒãƒ³ãƒˆã‹ã‚‰
+// å‚ç…§ä¸å¯èƒ½ã«ãªã‚Šã¾ã™ã€‚COM ã‹ã‚‰ã“ã®ã‚¢ã‚»ãƒ³ãƒ–リ内ã®åž‹ã«ã‚¢ã‚¯ã‚»ã‚¹ã™ã‚‹å ´åˆã¯ã€
+// ãã®åž‹ã® ComVisible 属性を true ã«è¨­å®šã—ã¦ãã ã•ã„。
+[assembly: ComVisible(false)]
+
+// ã“ã®ãƒ—ロジェクト㌠COM ã«å…¬é–‹ã•ã‚Œã‚‹å ´åˆã€æ¬¡ã® GUID ㌠typelib ã® ID ã«ãªã‚Šã¾ã™
+[assembly: Guid("e9d06b1b-ea22-4ef4-ba4b-422f7625966b")]
+
+// アセンブリã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³æƒ…å ±ã¯æ¬¡ã® 4 ã¤ã®å€¤ã§æ§‹æˆã•ã‚Œã¦ã„ã¾ã™:
+//
+// メジャー ãƒãƒ¼ã‚¸ãƒ§ãƒ³
+// マイナー ãƒãƒ¼ã‚¸ãƒ§ãƒ³
+// ビルド番å·
+// Revision
+//
+// ã™ã¹ã¦ã®å€¤ã‚’指定ã™ã‚‹ã‹ã€ä¸‹ã®ã‚ˆã†ã« '*' を使ã£ã¦ãƒ“ルドãŠã‚ˆã³ãƒªãƒ“ジョン番å·ã‚’
+// 既定値ã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.cs b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.cs
new file mode 100644
index 000000000..0e1ed032c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.cs
@@ -0,0 +1,475 @@
+using System;
+using System.Text;
+using System.Runtime.InteropServices;
+
+namespace mcl {
+ public class BN256 {
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBn_init(int curve, int maxUnitSize);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_clear(ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_setInt(ref Fr y, int x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_setStr(ref Fr x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_isValid(ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_isEqual(ref Fr x, ref Fr y);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_isZero(ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_isOne(ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_setByCSPRNG(ref Fr x);
+
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_setHashOf(ref Fr x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnFr_getStr([Out]StringBuilder buf, long maxBufSize, ref Fr x, int ioMode);
+
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_neg(ref Fr y, ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_inv(ref Fr y, ref Fr x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_add(ref Fr z, ref Fr x, ref Fr y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_sub(ref Fr z, ref Fr x, ref Fr y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_mul(ref Fr z, ref Fr x, ref Fr y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnFr_div(ref Fr z, ref Fr x, ref Fr y);
+
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_clear(ref G1 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG1_setStr(ref G1 x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG1_isValid(ref G1 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG1_isEqual(ref G1 x, ref G1 y);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG1_isZero(ref G1 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG1_hashAndMapTo(ref G1 x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize);
+ [DllImport("mclBn256.dll")]
+ public static extern long mclBnG1_getStr([Out]StringBuilder buf, long maxBufSize, ref G1 x, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_neg(ref G1 y, ref G1 x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_dbl(ref G1 y, ref G1 x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_add(ref G1 z, ref G1 x, ref G1 y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_sub(ref G1 z, ref G1 x, ref G1 y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG1_mul(ref G1 z, ref G1 x, ref Fr y);
+
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_clear(ref G2 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG2_setStr(ref G2 x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG2_isValid(ref G2 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG2_isEqual(ref G2 x, ref G2 y);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG2_isZero(ref G2 x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnG2_hashAndMapTo(ref G2 x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize);
+ [DllImport("mclBn256.dll")]
+ public static extern long mclBnG2_getStr([Out]StringBuilder buf, long maxBufSize, ref G2 x, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_neg(ref G2 y, ref G2 x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_dbl(ref G2 y, ref G2 x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_add(ref G2 z, ref G2 x, ref G2 y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_sub(ref G2 z, ref G2 x, ref G2 y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnG2_mul(ref G2 z, ref G2 x, ref Fr y);
+
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_clear(ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnGT_setStr(ref GT x, [In][MarshalAs(UnmanagedType.LPStr)] string buf, long bufSize, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnGT_isEqual(ref GT x, ref GT y);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnGT_isZero(ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern int mclBnGT_isOne(ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern long mclBnGT_getStr([Out]StringBuilder buf, long maxBufSize, ref GT x, int ioMode);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_neg(ref GT y, ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_inv(ref GT y, ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_add(ref GT z, ref GT x, ref GT y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_sub(ref GT z, ref GT x, ref GT y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_mul(ref GT z, ref GT x, ref GT y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_div(ref GT z, ref GT x, ref GT y);
+
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBnGT_pow(ref GT z, ref GT x, ref Fr y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBn_pairing(ref GT z, ref G1 x, ref G2 y);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBn_finalExp(ref GT y, ref GT x);
+ [DllImport("mclBn256.dll")]
+ public static extern void mclBn_millerLoop(ref GT z, ref G1 x, ref G2 y);
+
+ public static void init()
+ {
+ const int curveFp254BNb = 0;
+ const int maxUnitSize = 4;
+ if (mclBn_init(curveFp254BNb, maxUnitSize) != 0) {
+ throw new InvalidOperationException("mclBn_init");
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public struct Fr {
+ private ulong v0, v1, v2, v3;
+ public void Clear()
+ {
+ mclBnFr_clear(ref this);
+ }
+ public void SetInt(int x)
+ {
+ mclBnFr_setInt(ref this, x);
+ }
+ public void SetStr(string s, int ioMode)
+ {
+ if (mclBnFr_setStr(ref this, s, s.Length, ioMode) != 0) {
+ throw new ArgumentException("mclBnFr_setStr" + s);
+ }
+ }
+ public bool IsValid()
+ {
+ return mclBnFr_isValid(ref this) == 1;
+ }
+ public bool Equals(Fr rhs)
+ {
+ return mclBnFr_isEqual(ref this, ref rhs) == 1;
+ }
+ public bool IsZero()
+ {
+ return mclBnFr_isZero(ref this) == 1;
+ }
+ public bool IsOne()
+ {
+ return mclBnFr_isOne(ref this) == 1;
+ }
+ public void SetByCSPRNG()
+ {
+ mclBnFr_setByCSPRNG(ref this);
+ }
+ public void SetHashOf(String s)
+ {
+ if (mclBnFr_setHashOf(ref this, s, s.Length) != 0) {
+ throw new InvalidOperationException("mclBnFr_setHashOf:" + s);
+ }
+ }
+ public string GetStr(int ioMode)
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ long size = mclBnFr_getStr(sb, sb.Capacity, ref this, ioMode);
+ if (size == 0) {
+ throw new InvalidOperationException("mclBnFr_getStr:");
+ }
+ return sb.ToString();
+ }
+ public void Neg(Fr x)
+ {
+ mclBnFr_neg(ref this, ref x);
+ }
+ public void Inv(Fr x)
+ {
+ mclBnFr_inv(ref this, ref x);
+ }
+ public void Add(Fr x, Fr y)
+ {
+ mclBnFr_add(ref this, ref x, ref y);
+ }
+ public void Sub(Fr x, Fr y)
+ {
+ mclBnFr_sub(ref this, ref x, ref y);
+ }
+ public void Mul(Fr x, Fr y)
+ {
+ mclBnFr_mul(ref this, ref x, ref y);
+ }
+ public void Div(Fr x, Fr y)
+ {
+ mclBnFr_div(ref this, ref x, ref y);
+ }
+ public static Fr operator -(Fr x)
+ {
+ Fr y = new Fr();
+ y.Neg(x);
+ return y;
+ }
+ public static Fr operator +(Fr x, Fr y)
+ {
+ Fr z = new Fr();
+ z.Add(x, y);
+ return z;
+ }
+ public static Fr operator -(Fr x, Fr y)
+ {
+ Fr z = new Fr();
+ z.Sub(x, y);
+ return z;
+ }
+ public static Fr operator *(Fr x, Fr y)
+ {
+ Fr z = new Fr();
+ z.Mul(x, y);
+ return z;
+ }
+ public static Fr operator /(Fr x, Fr y)
+ {
+ Fr z = new Fr();
+ z.Div(x, y);
+ return z;
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public struct G1 {
+ private ulong v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11;
+ public void Clear()
+ {
+ mclBnG1_clear(ref this);
+ }
+ public void setStr(String s, int ioMode)
+ {
+ if (mclBnG1_setStr(ref this, s, s.Length, ioMode) != 0) {
+ throw new ArgumentException("mclBnG1_setStr:" + s);
+ }
+ }
+ public bool IsValid()
+ {
+ return mclBnG1_isValid(ref this) == 1;
+ }
+ public bool Equals(G1 rhs)
+ {
+ return mclBnG1_isEqual(ref this, ref rhs) == 1;
+ }
+ public bool IsZero()
+ {
+ return mclBnG1_isZero(ref this) == 1;
+ }
+ public void HashAndMapTo(String s)
+ {
+ if (mclBnG1_hashAndMapTo(ref this, s, s.Length) != 0) {
+ throw new ArgumentException("mclBnG1_hashAndMapTo:" + s);
+ }
+ }
+ public string GetStr(int ioMode)
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ long size = mclBnG1_getStr(sb, sb.Capacity, ref this, ioMode);
+ if (size == 0) {
+ throw new InvalidOperationException("mclBnG1_getStr:");
+ }
+ return sb.ToString();
+ }
+ public void Neg(G1 x)
+ {
+ mclBnG1_neg(ref this, ref x);
+ }
+ public void Dbl(G1 x)
+ {
+ mclBnG1_dbl(ref this, ref x);
+ }
+ public void Add(G1 x, G1 y)
+ {
+ mclBnG1_add(ref this, ref x, ref y);
+ }
+ public void Sub(G1 x, G1 y)
+ {
+ mclBnG1_sub(ref this, ref x, ref y);
+ }
+ public void Mul(G1 x, Fr y)
+ {
+ mclBnG1_mul(ref this, ref x, ref y);
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public struct G2 {
+ private ulong v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11;
+ private ulong v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23;
+ public void Clear()
+ {
+ mclBnG2_clear(ref this);
+ }
+ public void setStr(String s, int ioMode)
+ {
+ if (mclBnG2_setStr(ref this, s, s.Length, ioMode) != 0) {
+ throw new ArgumentException("mclBnG2_setStr:" + s);
+ }
+ }
+ public bool IsValid()
+ {
+ return mclBnG2_isValid(ref this) == 1;
+ }
+ public bool Equals(G2 rhs)
+ {
+ return mclBnG2_isEqual(ref this, ref rhs) == 1;
+ }
+ public bool IsZero()
+ {
+ return mclBnG2_isZero(ref this) == 1;
+ }
+ public void HashAndMapTo(String s)
+ {
+ if (mclBnG2_hashAndMapTo(ref this, s, s.Length) != 0) {
+ throw new ArgumentException("mclBnG2_hashAndMapTo:" + s);
+ }
+ }
+ public string GetStr(int ioMode)
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ long size = mclBnG2_getStr(sb, sb.Capacity, ref this, ioMode);
+ if (size == 0) {
+ throw new InvalidOperationException("mclBnG2_getStr:");
+ }
+ return sb.ToString();
+ }
+ public void Neg(G2 x)
+ {
+ mclBnG2_neg(ref this, ref x);
+ }
+ public void Dbl(G2 x)
+ {
+ mclBnG2_dbl(ref this, ref x);
+ }
+ public void Add(G2 x, G2 y)
+ {
+ mclBnG2_add(ref this, ref x, ref y);
+ }
+ public void Sub(G2 x, G2 y)
+ {
+ mclBnG2_sub(ref this, ref x, ref y);
+ }
+ public void Mul(G2 x, Fr y)
+ {
+ mclBnG2_mul(ref this, ref x, ref y);
+ }
+ }
+ [StructLayout(LayoutKind.Sequential)]
+ public struct GT {
+ private ulong v00, v01, v02, v03, v04, v05, v06, v07, v08, v09, v10, v11;
+ private ulong v12, v13, v14, v15, v16, v17, v18, v19, v20, v21, v22, v23;
+ private ulong v24, v25, v26, v27, v28, v29, v30, v31, v32, v33, v34, v35;
+ private ulong v36, v37, v38, v39, v40, v41, v42, v43, v44, v45, v46, v47;
+ public void Clear()
+ {
+ mclBnGT_clear(ref this);
+ }
+ public void setStr(String s, int ioMode)
+ {
+ if (mclBnGT_setStr(ref this, s, s.Length, ioMode) != 0) {
+ throw new ArgumentException("mclBnGT_setStr:" + s);
+ }
+ }
+ public bool Equals(GT rhs)
+ {
+ return mclBnGT_isEqual(ref this, ref rhs) == 1;
+ }
+ public bool IsZero()
+ {
+ return mclBnGT_isZero(ref this) == 1;
+ }
+ public bool IsOne()
+ {
+ return mclBnGT_isOne(ref this) == 1;
+ }
+ public string GetStr(int ioMode)
+ {
+ StringBuilder sb = new StringBuilder(1024);
+ long size = mclBnGT_getStr(sb, sb.Capacity, ref this, ioMode);
+ if (size == 0) {
+ throw new InvalidOperationException("mclBnGT_getStr:");
+ }
+ return sb.ToString();
+ }
+ public void Neg(GT x)
+ {
+ mclBnGT_neg(ref this, ref x);
+ }
+ public void Inv(GT x)
+ {
+ mclBnGT_inv(ref this, ref x);
+ }
+ public void Add(GT x, GT y)
+ {
+ mclBnGT_add(ref this, ref x, ref y);
+ }
+ public void Sub(GT x, GT y)
+ {
+ mclBnGT_sub(ref this, ref x, ref y);
+ }
+ public void Mul(GT x, GT y)
+ {
+ mclBnGT_mul(ref this, ref x, ref y);
+ }
+ public void Div(GT x, GT y)
+ {
+ mclBnGT_div(ref this, ref x, ref y);
+ }
+ public static GT operator -(GT x)
+ {
+ GT y = new GT();
+ y.Neg(x);
+ return y;
+ }
+ public static GT operator +(GT x, GT y)
+ {
+ GT z = new GT();
+ z.Add(x, y);
+ return z;
+ }
+ public static GT operator -(GT x, GT y)
+ {
+ GT z = new GT();
+ z.Sub(x, y);
+ return z;
+ }
+ public static GT operator *(GT x, GT y)
+ {
+ GT z = new GT();
+ z.Mul(x, y);
+ return z;
+ }
+ public static GT operator /(GT x, GT y)
+ {
+ GT z = new GT();
+ z.Div(x, y);
+ return z;
+ }
+ public void Pow(GT x, Fr y)
+ {
+ mclBnGT_pow(ref this, ref x, ref y);
+ }
+ public void Pairing(G1 x, G2 y)
+ {
+ mclBn_pairing(ref this, ref x, ref y);
+ }
+ public void FinalExp(GT x)
+ {
+ mclBn_finalExp(ref this, ref x);
+ }
+ public void MillerLoop(G1 x, G2 y)
+ {
+ mclBn_millerLoop(ref this, ref x, ref y);
+ }
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.csproj b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.csproj
new file mode 100644
index 000000000..21a049f01
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.csproj
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+ <PropertyGroup>
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+ <ProjectGuid>{E9D06B1B-EA22-4EF4-BA4B-422F7625966B}</ProjectGuid>
+ <OutputType>Exe</OutputType>
+ <AppDesignerFolder>Properties</AppDesignerFolder>
+ <RootNamespace>bn256</RootNamespace>
+ <AssemblyName>bn256</AssemblyName>
+ <TargetFrameworkVersion>v4.5.2</TargetFrameworkVersion>
+ <FileAlignment>512</FileAlignment>
+ <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Debug|x64'">
+ <DebugSymbols>true</DebugSymbols>
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>DEBUG;TRACE</DefineConstants>
+ <AllowUnsafeBlocks>false</AllowUnsafeBlocks>
+ <DebugType>full</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)' == 'Release|x64'">
+ <OutputPath>..\..\bin\</OutputPath>
+ <DefineConstants>TRACE</DefineConstants>
+ <Optimize>true</Optimize>
+ <DebugType>pdbonly</DebugType>
+ <PlatformTarget>x64</PlatformTarget>
+ <ErrorReport>prompt</ErrorReport>
+ <CodeAnalysisRuleSet>MinimumRecommendedRules.ruleset</CodeAnalysisRuleSet>
+ <Prefer32Bit>true</Prefer32Bit>
+ </PropertyGroup>
+ <ItemGroup>
+ <Reference Include="System" />
+ <Reference Include="System.Core" />
+ <Reference Include="System.Xml.Linq" />
+ <Reference Include="System.Data.DataSetExtensions" />
+ <Reference Include="Microsoft.CSharp" />
+ <Reference Include="System.Data" />
+ <Reference Include="System.Net.Http" />
+ <Reference Include="System.Xml" />
+ </ItemGroup>
+ <ItemGroup>
+ <Compile Include="bn256.cs" />
+ <Compile Include="bn256_test.cs" />
+ <Compile Include="Properties\AssemblyInfo.cs" />
+ </ItemGroup>
+ <ItemGroup>
+ <None Include="App.config" />
+ </ItemGroup>
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+ <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
+ Other similar extension points exist, see Microsoft.Common.targets.
+ <Target Name="BeforeBuild">
+ </Target>
+ <Target Name="AfterBuild">
+ </Target>
+ -->
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.sln b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.sln
new file mode 100644
index 000000000..6e6aa67ee
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "bn256", "bn256.csproj", "{E9D06B1B-EA22-4EF4-BA4B-422F7625966B}"
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966B}.Debug|x64.ActiveCfg = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966B}.Debug|x64.Build.0 = Debug|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966B}.Release|x64.ActiveCfg = Release|x64
+ {E9D06B1B-EA22-4EF4-BA4B-422F7625966B}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256_test.cs b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256_test.cs
new file mode 100644
index 000000000..cad8c03d3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/cs/bn256_test.cs
@@ -0,0 +1,149 @@
+using System;
+
+namespace mcl {
+ using static BN256;
+ class BN256Test {
+ static int err = 0;
+ static void assert(string msg, bool b)
+ {
+ if (b) return;
+ Console.WriteLine("ERR {0}", msg);
+ err++;
+ }
+ static void Main(string[] args)
+ {
+ try {
+ assert("64bit system", System.Environment.Is64BitProcess);
+ init();
+ TestFr();
+ TestG1();
+ TestG2();
+ TestPairing();
+ if (err == 0) {
+ Console.WriteLine("all tests succeed");
+ } else {
+ Console.WriteLine("err={0}", err);
+ }
+ } catch (Exception e) {
+ Console.WriteLine("ERR={0}", e);
+ }
+ }
+ static void TestFr()
+ {
+ Console.WriteLine("TestFr");
+ Fr x = new Fr();
+ x.Clear();
+ assert("0", x.GetStr(10) == "0");
+ assert("0.IzZero", x.IsZero());
+ assert("!0.IzOne", !x.IsOne());
+ x.SetInt(1);
+ assert("1", x.GetStr(10) == "1");
+ assert("!1.IzZero", !x.IsZero());
+ assert("1.IzOne", x.IsOne());
+ x.SetInt(3);
+ assert("3", x.GetStr(10) == "3");
+ assert("!3.IzZero", !x.IsZero());
+ assert("!3.IzOne", !x.IsOne());
+ x.SetInt(-5);
+ x = -x;
+ assert("5", x.GetStr(10) == "5");
+ x.SetInt(4);
+ x = x * x;
+ assert("16", x.GetStr(10) == "16");
+ assert("10", x.GetStr(16) == "10");
+ Fr y;
+ y = x;
+ assert("x == y", x.Equals(y));
+ x.SetInt(123);
+ assert("123", x.GetStr(10) == "123");
+ assert("7b", x.GetStr(16) == "7b");
+ assert("y != x", !x.Equals(y));
+ try {
+ x.SetStr("1234567891234x", 10);
+ Console.WriteLine("x = {0}", x);
+ } catch (Exception e) {
+ Console.WriteLine("exception test OK\n'{0}'", e);
+ }
+ x.SetStr("1234567891234", 10);
+ assert("1234567891234", x.GetStr(10) == "1234567891234");
+ }
+ static void TestG1()
+ {
+ Console.WriteLine("TestG1");
+ G1 P = new G1();
+ P.Clear();
+ assert("P.IsValid", P.IsValid());
+ assert("P.IsZero", P.IsZero());
+ P.HashAndMapTo("abc");
+ assert("P.IsValid", P.IsValid());
+ assert("!P.IsZero", !P.IsZero());
+ G1 Q = new G1();
+ Q = P;
+ assert("P == Q", Q.Equals(P));
+ Q.Neg(P);
+ Q.Add(Q, P);
+ assert("P = Q", Q.IsZero());
+ Q.Dbl(P);
+ G1 R = new G1();
+ R.Add(P, P);
+ assert("Q == R", Q.Equals(R));
+ Fr x = new Fr();
+ x.SetInt(3);
+ R.Add(R, P);
+ Q.Mul(P, x);
+ assert("Q == R", Q.Equals(R));
+ }
+ static void TestG2()
+ {
+ Console.WriteLine("TestG2");
+ G2 P = new G2();
+ P.Clear();
+ assert("P is valid", P.IsValid());
+ assert("P is zero", P.IsZero());
+ P.HashAndMapTo("abc");
+ assert("P is valid", P.IsValid());
+ assert("P is not zero", !P.IsZero());
+ G2 Q = new G2();
+ Q = P;
+ assert("P == Q", Q.Equals(P));
+ Q.Neg(P);
+ Q.Add(Q, P);
+ assert("Q is zero", Q.IsZero());
+ Q.Dbl(P);
+ G2 R = new G2();
+ R.Add(P, P);
+ assert("Q == R", Q.Equals(R));
+ Fr x = new Fr();
+ x.SetInt(3);
+ R.Add(R, P);
+ Q.Mul(P, x);
+ assert("Q == R", Q.Equals(R));
+ }
+ static void TestPairing()
+ {
+ Console.WriteLine("TestG2");
+ G1 P = new G1();
+ P.HashAndMapTo("123");
+ G2 Q = new G2();
+ Q.HashAndMapTo("1");
+ Fr a = new Fr();
+ Fr b = new Fr();
+ a.SetStr("12345678912345673453", 10);
+ b.SetStr("230498230982394243424", 10);
+ G1 aP = new G1();
+ G2 bQ = new G2();
+ aP.Mul(P, a);
+ bQ.Mul(Q, b);
+ GT e1 = new GT();
+ GT e2 = new GT();
+ GT e3 = new GT();
+ e1.Pairing(P, Q);
+ e2.Pairing(aP, Q);
+ e3.Pow(e1, a);
+ assert("e2.Equals(e3)", e2.Equals(e3));
+ e2.Pairing(P, bQ);
+ e3.Pow(e1, b);
+ assert("e2.Equals(e3)", e2.Equals(e3));
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl.go b/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl.go
new file mode 100644
index 000000000..a0c8bb4d3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl.go
@@ -0,0 +1,659 @@
+package mcl
+
+/*
+#cgo bn256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=4
+#cgo bn384 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6
+#cgo bn384_256 CFLAGS:-DMCLBN_FP_UNIT_SIZE=6 -DMCLBN_FR_UNIT_SIZE=4
+#cgo bn256 LDFLAGS:-lmclbn256 -lmcl
+#cgo bn384 LDFLAGS:-lmclbn384 -lmcl
+#cgo bn384_256 LDFLAGS:-lmclbn384_256 -lmcl
+#include <mcl/bn.h>
+*/
+import "C"
+import "fmt"
+import "unsafe"
+
+// CurveFp254BNb -- 254 bit curve
+const CurveFp254BNb = C.mclBn_CurveFp254BNb
+
+// CurveFp382_1 -- 382 bit curve 1
+const CurveFp382_1 = C.mclBn_CurveFp382_1
+
+// CurveFp382_2 -- 382 bit curve 2
+const CurveFp382_2 = C.mclBn_CurveFp382_2
+
+// BLS12_381
+const BLS12_381 = C.MCL_BLS12_381
+
+// IoSerializeHexStr
+const IoSerializeHexStr = C.MCLBN_IO_SERIALIZE_HEX_STR
+
+// Init --
+// call this function before calling all the other operations
+// this function is not thread safe
+func Init(curve int) error {
+ err := C.mclBn_init(C.int(curve), C.MCLBN_COMPILED_TIME_VAR)
+ if err != 0 {
+ return fmt.Errorf("ERR mclBn_init curve=%d", curve)
+ }
+ return nil
+}
+
+// GetFrUnitSize() --
+func GetFrUnitSize() int {
+ return int(C.MCLBN_FR_UNIT_SIZE)
+}
+
+// GetFpUnitSize() --
+// same as GetMaxOpUnitSize()
+func GetFpUnitSize() int {
+ return int(C.MCLBN_FP_UNIT_SIZE)
+}
+
+// GetMaxOpUnitSize --
+func GetMaxOpUnitSize() int {
+ return int(C.MCLBN_FP_UNIT_SIZE)
+}
+
+// GetOpUnitSize --
+// the length of Fr is GetOpUnitSize() * 8 bytes
+func GetOpUnitSize() int {
+ return int(C.mclBn_getOpUnitSize())
+}
+
+// GetCurveOrder --
+// return the order of G1
+func GetCurveOrder() string {
+ buf := make([]byte, 1024)
+ // #nosec
+ n := C.mclBn_getCurveOrder((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)))
+ if n == 0 {
+ panic("implementation err. size of buf is small")
+ }
+ return string(buf[:n])
+}
+
+// GetFieldOrder --
+// return the characteristic of the field where a curve is defined
+func GetFieldOrder() string {
+ buf := make([]byte, 1024)
+ // #nosec
+ n := C.mclBn_getFieldOrder((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)))
+ if n == 0 {
+ panic("implementation err. size of buf is small")
+ }
+ return string(buf[:n])
+}
+
+// Fr --
+type Fr struct {
+ v C.mclBnFr
+}
+
+// getPointer --
+func (x *Fr) getPointer() (p *C.mclBnFr) {
+ // #nosec
+ return (*C.mclBnFr)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *Fr) Clear() {
+ // #nosec
+ C.mclBnFr_clear(x.getPointer())
+}
+
+// SetInt64 --
+func (x *Fr) SetInt64(v int64) {
+ // #nosec
+ C.mclBnFr_setInt(x.getPointer(), C.int64_t(v))
+}
+
+// SetString --
+func (x *Fr) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnFr_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnFr_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *Fr) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnFr_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnFr_deserialize %x", buf)
+ }
+ return nil
+}
+
+// SetLittleEndian --
+func (x *Fr) SetLittleEndian(buf []byte) error {
+ // #nosec
+ err := C.mclBnFr_setLittleEndian(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnFr_setLittleEndian %x", err)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *Fr) IsEqual(rhs *Fr) bool {
+ return C.mclBnFr_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *Fr) IsZero() bool {
+ return C.mclBnFr_isZero(x.getPointer()) == 1
+}
+
+// IsOne --
+func (x *Fr) IsOne() bool {
+ return C.mclBnFr_isOne(x.getPointer()) == 1
+}
+
+// SetByCSPRNG --
+func (x *Fr) SetByCSPRNG() {
+ err := C.mclBnFr_setByCSPRNG(x.getPointer())
+ if err != 0 {
+ panic("err mclBnFr_setByCSPRNG")
+ }
+}
+
+// SetHashOf --
+func (x *Fr) SetHashOf(buf []byte) bool {
+ // #nosec
+ return C.mclBnFr_setHashOf(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf))) == 0
+}
+
+// GetString --
+func (x *Fr) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnFr_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnFr_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *Fr) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnFr_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnFr_serialize")
+ }
+ return buf[:n]
+}
+
+// FrNeg --
+func FrNeg(out *Fr, x *Fr) {
+ C.mclBnFr_neg(out.getPointer(), x.getPointer())
+}
+
+// FrInv --
+func FrInv(out *Fr, x *Fr) {
+ C.mclBnFr_inv(out.getPointer(), x.getPointer())
+}
+
+// FrAdd --
+func FrAdd(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrSub --
+func FrSub(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrMul --
+func FrMul(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FrDiv --
+func FrDiv(out *Fr, x *Fr, y *Fr) {
+ C.mclBnFr_div(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1 --
+type G1 struct {
+ v C.mclBnG1
+}
+
+// getPointer --
+func (x *G1) getPointer() (p *C.mclBnG1) {
+ // #nosec
+ return (*C.mclBnG1)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *G1) Clear() {
+ // #nosec
+ C.mclBnG1_clear(x.getPointer())
+}
+
+// SetString --
+func (x *G1) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnG1_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG1_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *G1) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnG1_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnG1_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *G1) IsEqual(rhs *G1) bool {
+ return C.mclBnG1_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *G1) IsZero() bool {
+ return C.mclBnG1_isZero(x.getPointer()) == 1
+}
+
+// HashAndMapTo --
+func (x *G1) HashAndMapTo(buf []byte) error {
+ // #nosec
+ err := C.mclBnG1_hashAndMapTo(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG1_hashAndMapTo %x", err)
+ }
+ return nil
+}
+
+// GetString --
+func (x *G1) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG1_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnG1_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *G1) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG1_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnG1_serialize")
+ }
+ return buf[:n]
+}
+
+// G1Neg --
+func G1Neg(out *G1, x *G1) {
+ C.mclBnG1_neg(out.getPointer(), x.getPointer())
+}
+
+// G1Dbl --
+func G1Dbl(out *G1, x *G1) {
+ C.mclBnG1_dbl(out.getPointer(), x.getPointer())
+}
+
+// G1Add --
+func G1Add(out *G1, x *G1, y *G1) {
+ C.mclBnG1_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1Sub --
+func G1Sub(out *G1, x *G1, y *G1) {
+ C.mclBnG1_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1Mul --
+func G1Mul(out *G1, x *G1, y *Fr) {
+ C.mclBnG1_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G1MulCT -- constant time (depending on bit lengh of y)
+func G1MulCT(out *G1, x *G1, y *Fr) {
+ C.mclBnG1_mulCT(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2 --
+type G2 struct {
+ v C.mclBnG2
+}
+
+// getPointer --
+func (x *G2) getPointer() (p *C.mclBnG2) {
+ // #nosec
+ return (*C.mclBnG2)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *G2) Clear() {
+ // #nosec
+ C.mclBnG2_clear(x.getPointer())
+}
+
+// SetString --
+func (x *G2) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnG2_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG2_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *G2) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnG2_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnG2_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *G2) IsEqual(rhs *G2) bool {
+ return C.mclBnG2_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *G2) IsZero() bool {
+ return C.mclBnG2_isZero(x.getPointer()) == 1
+}
+
+// HashAndMapTo --
+func (x *G2) HashAndMapTo(buf []byte) error {
+ // #nosec
+ err := C.mclBnG2_hashAndMapTo(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err != 0 {
+ return fmt.Errorf("err mclBnG2_hashAndMapTo %x", err)
+ }
+ return nil
+}
+
+// GetString --
+func (x *G2) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG2_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnG2_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *G2) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnG2_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnG2_serialize")
+ }
+ return buf[:n]
+}
+
+// G2Neg --
+func G2Neg(out *G2, x *G2) {
+ C.mclBnG2_neg(out.getPointer(), x.getPointer())
+}
+
+// G2Dbl --
+func G2Dbl(out *G2, x *G2) {
+ C.mclBnG2_dbl(out.getPointer(), x.getPointer())
+}
+
+// G2Add --
+func G2Add(out *G2, x *G2, y *G2) {
+ C.mclBnG2_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2Sub --
+func G2Sub(out *G2, x *G2, y *G2) {
+ C.mclBnG2_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// G2Mul --
+func G2Mul(out *G2, x *G2, y *Fr) {
+ C.mclBnG2_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GT --
+type GT struct {
+ v C.mclBnGT
+}
+
+// getPointer --
+func (x *GT) getPointer() (p *C.mclBnGT) {
+ // #nosec
+ return (*C.mclBnGT)(unsafe.Pointer(x))
+}
+
+// Clear --
+func (x *GT) Clear() {
+ // #nosec
+ C.mclBnGT_clear(x.getPointer())
+}
+
+// SetInt64 --
+func (x *GT) SetInt64(v int64) {
+ // #nosec
+ C.mclBnGT_setInt(x.getPointer(), C.int64_t(v))
+}
+
+// SetString --
+func (x *GT) SetString(s string, base int) error {
+ buf := []byte(s)
+ // #nosec
+ err := C.mclBnGT_setStr(x.getPointer(), (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), C.int(base))
+ if err != 0 {
+ return fmt.Errorf("err mclBnGT_setStr %x", err)
+ }
+ return nil
+}
+
+// Deserialize --
+func (x *GT) Deserialize(buf []byte) error {
+ // #nosec
+ err := C.mclBnGT_deserialize(x.getPointer(), unsafe.Pointer(&buf[0]), C.size_t(len(buf)))
+ if err == 0 {
+ return fmt.Errorf("err mclBnGT_deserialize %x", buf)
+ }
+ return nil
+}
+
+// IsEqual --
+func (x *GT) IsEqual(rhs *GT) bool {
+ return C.mclBnGT_isEqual(x.getPointer(), rhs.getPointer()) == 1
+}
+
+// IsZero --
+func (x *GT) IsZero() bool {
+ return C.mclBnGT_isZero(x.getPointer()) == 1
+}
+
+// IsOne --
+func (x *GT) IsOne() bool {
+ return C.mclBnGT_isOne(x.getPointer()) == 1
+}
+
+// GetString --
+func (x *GT) GetString(base int) string {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnGT_getStr((*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)), x.getPointer(), C.int(base))
+ if n == 0 {
+ panic("err mclBnGT_getStr")
+ }
+ return string(buf[:n])
+}
+
+// Serialize --
+func (x *GT) Serialize() []byte {
+ buf := make([]byte, 2048)
+ // #nosec
+ n := C.mclBnGT_serialize(unsafe.Pointer(&buf[0]), C.size_t(len(buf)), x.getPointer())
+ if n == 0 {
+ panic("err mclBnGT_serialize")
+ }
+ return buf[:n]
+}
+
+// GTNeg --
+func GTNeg(out *GT, x *GT) {
+ C.mclBnGT_neg(out.getPointer(), x.getPointer())
+}
+
+// GTInv --
+func GTInv(out *GT, x *GT) {
+ C.mclBnGT_inv(out.getPointer(), x.getPointer())
+}
+
+// GTAdd --
+func GTAdd(out *GT, x *GT, y *GT) {
+ C.mclBnGT_add(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTSub --
+func GTSub(out *GT, x *GT, y *GT) {
+ C.mclBnGT_sub(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTMul --
+func GTMul(out *GT, x *GT, y *GT) {
+ C.mclBnGT_mul(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTDiv --
+func GTDiv(out *GT, x *GT, y *GT) {
+ C.mclBnGT_div(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GTPow --
+func GTPow(out *GT, x *GT, y *Fr) {
+ C.mclBnGT_pow(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// Pairing --
+func Pairing(out *GT, x *G1, y *G2) {
+ C.mclBn_pairing(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// FinalExp --
+func FinalExp(out *GT, x *GT) {
+ C.mclBn_finalExp(out.getPointer(), x.getPointer())
+}
+
+// MillerLoop --
+func MillerLoop(out *GT, x *G1, y *G2) {
+ C.mclBn_millerLoop(out.getPointer(), x.getPointer(), y.getPointer())
+}
+
+// GetUint64NumToPrecompute --
+func GetUint64NumToPrecompute() int {
+ return int(C.mclBn_getUint64NumToPrecompute())
+}
+
+// PrecomputeG2 --
+func PrecomputeG2(Qbuf []uint64, Q *G2) {
+ // #nosec
+ C.mclBn_precomputeG2((*C.uint64_t)(unsafe.Pointer(&Qbuf[0])), Q.getPointer())
+}
+
+// PrecomputedMillerLoop --
+func PrecomputedMillerLoop(out *GT, P *G1, Qbuf []uint64) {
+ // #nosec
+ C.mclBn_precomputedMillerLoop(out.getPointer(), P.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Qbuf[0])))
+}
+
+// PrecomputedMillerLoop2 --
+func PrecomputedMillerLoop2(out *GT, P1 *G1, Q1buf []uint64, P2 *G1, Q2buf []uint64) {
+ // #nosec
+ C.mclBn_precomputedMillerLoop2(out.getPointer(), P1.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Q1buf[0])), P1.getPointer(), (*C.uint64_t)(unsafe.Pointer(&Q1buf[0])))
+}
+
+// FrEvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func FrEvaluatePolynomial(y *Fr, c []Fr, x *Fr) error {
+ // #nosec
+ err := C.mclBn_FrEvaluatePolynomial(y.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_FrEvaluatePolynomial")
+ }
+ return nil
+}
+
+// G1EvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func G1EvaluatePolynomial(y *G1, c []G1, x *Fr) error {
+ // #nosec
+ err := C.mclBn_G1EvaluatePolynomial(y.getPointer(), (*C.mclBnG1)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_G1EvaluatePolynomial")
+ }
+ return nil
+}
+
+// G2EvaluatePolynomial -- y = c[0] + c[1] * x + c[2] * x^2 + ...
+func G2EvaluatePolynomial(y *G2, c []G2, x *Fr) error {
+ // #nosec
+ err := C.mclBn_G2EvaluatePolynomial(y.getPointer(), (*C.mclBnG2)(unsafe.Pointer(&c[0])), (C.size_t)(len(c)), x.getPointer())
+ if err != 0 {
+ return fmt.Errorf("err mclBn_G2EvaluatePolynomial")
+ }
+ return nil
+}
+
+// FrLagrangeInterpolation --
+func FrLagrangeInterpolation(out *Fr, xVec []Fr, yVec []Fr) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err FrLagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_FrLagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnFr)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err FrLagrangeInterpolation")
+ }
+ return nil
+}
+
+// G1LagrangeInterpolation --
+func G1LagrangeInterpolation(out *G1, xVec []Fr, yVec []G1) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err G1LagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_G1LagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnG1)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err G1LagrangeInterpolation")
+ }
+ return nil
+}
+
+// G2LagrangeInterpolation --
+func G2LagrangeInterpolation(out *G2, xVec []Fr, yVec []G2) error {
+ if len(xVec) != len(yVec) {
+ return fmt.Errorf("err G2LagrangeInterpolation:bad size")
+ }
+ // #nosec
+ err := C.mclBn_G2LagrangeInterpolation(out.getPointer(), (*C.mclBnFr)(unsafe.Pointer(&xVec[0])), (*C.mclBnG2)(unsafe.Pointer(&yVec[0])), (C.size_t)(len(xVec)))
+ if err != 0 {
+ return fmt.Errorf("err G2LagrangeInterpolation")
+ }
+ return nil
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl_test.go b/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl_test.go
new file mode 100644
index 000000000..16bb6910f
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/go/mcl/mcl_test.go
@@ -0,0 +1,157 @@
+package mcl
+
+import "testing"
+import "fmt"
+
+func testBadPointOfG2(t *testing.T) {
+ var Q G2
+ // this value is not in G2 so should return an error
+ err := Q.SetString("1 18d3d8c085a5a5e7553c3a4eb628e88b8465bf4de2612e35a0a4eb018fb0c82e9698896031e62fd7633ffd824a859474 1dc6edfcf33e29575d4791faed8e7203832217423bf7f7fbf1f6b36625b12e7132c15fbc15562ce93362a322fb83dd0d 65836963b1f7b6959030ddfa15ab38ce056097e91dedffd996c1808624fa7e2644a77be606290aa555cda8481cfb3cb 1b77b708d3d4f65aeedf54b58393463a42f0dc5856baadb5ce608036baeca398c5d9e6b169473a8838098fd72fd28b50", 16)
+ if err == nil {
+ t.Error(err)
+ }
+}
+
+func testGT(t *testing.T) {
+ var x GT
+ x.Clear()
+ if !x.IsZero() {
+ t.Errorf("not zero")
+ }
+ x.SetInt64(1)
+ if !x.IsOne() {
+ t.Errorf("not one")
+ }
+}
+
+func testHash(t *testing.T) {
+ var x Fr
+ if !x.SetHashOf([]byte("abc")) {
+ t.Error("SetHashOf")
+ }
+ fmt.Printf("x=%s\n", x.GetString(16))
+}
+
+func testNegAdd(t *testing.T) {
+ var x Fr
+ var P1, P2, P3 G1
+ var Q1, Q2, Q3 G2
+ err := P1.HashAndMapTo([]byte("this"))
+ if err != nil {
+ t.Error(err)
+ }
+ err = Q1.HashAndMapTo([]byte("this"))
+ if err != nil {
+ t.Error(err)
+ }
+ fmt.Printf("P1=%s\n", P1.GetString(16))
+ fmt.Printf("Q1=%s\n", Q1.GetString(16))
+ G1Neg(&P2, &P1)
+ G2Neg(&Q2, &Q1)
+ fmt.Printf("P2=%s\n", P2.GetString(16))
+ fmt.Printf("Q2=%s\n", Q2.GetString(16))
+
+ x.SetInt64(-1)
+ G1Mul(&P3, &P1, &x)
+ G2Mul(&Q3, &Q1, &x)
+ if !P2.IsEqual(&P3) {
+ t.Errorf("P2 != P3 %s\n", P3.GetString(16))
+ }
+ if !Q2.IsEqual(&Q3) {
+ t.Errorf("Q2 != Q3 %s\n", Q3.GetString(16))
+ }
+
+ G1Add(&P2, &P2, &P1)
+ G2Add(&Q2, &Q2, &Q1)
+ if !P2.IsZero() {
+ t.Errorf("P2 is not zero %s\n", P2.GetString(16))
+ }
+ if !Q2.IsZero() {
+ t.Errorf("Q2 is not zero %s\n", Q2.GetString(16))
+ }
+}
+
+func testPairing(t *testing.T) {
+ var a, b, ab Fr
+ err := a.SetString("123", 10)
+ if err != nil {
+ t.Error(err)
+ return
+ }
+ err = b.SetString("456", 10)
+ if err != nil {
+ t.Error(err)
+ return
+ }
+ FrMul(&ab, &a, &b)
+ var P, aP G1
+ var Q, bQ G2
+ err = P.HashAndMapTo([]byte("this"))
+ if err != nil {
+ t.Error(err)
+ return
+ }
+ fmt.Printf("P=%s\n", P.GetString(16))
+ G1Mul(&aP, &P, &a)
+ fmt.Printf("aP=%s\n", aP.GetString(16))
+ err = Q.HashAndMapTo([]byte("that"))
+ if err != nil {
+ t.Error(err)
+ return
+ }
+ fmt.Printf("Q=%s\n", Q.GetString(16))
+ G2Mul(&bQ, &Q, &b)
+ fmt.Printf("bQ=%s\n", bQ.GetString(16))
+ var e1, e2 GT
+ Pairing(&e1, &P, &Q)
+ fmt.Printf("e1=%s\n", e1.GetString(16))
+ Pairing(&e2, &aP, &bQ)
+ fmt.Printf("e2=%s\n", e1.GetString(16))
+ GTPow(&e1, &e1, &ab)
+ fmt.Printf("e1=%s\n", e1.GetString(16))
+ if !e1.IsEqual(&e2) {
+ t.Errorf("not equal pairing\n%s\n%s", e1.GetString(16), e2.GetString(16))
+ }
+ {
+ s := P.GetString(IoSerializeHexStr)
+ var P1 G1
+ P1.SetString(s, IoSerializeHexStr)
+ if !P1.IsEqual(&P) {
+ t.Error("not equal to P")
+ return
+ }
+ s = Q.GetString(IoSerializeHexStr)
+ var Q1 G2
+ Q1.SetString(s, IoSerializeHexStr)
+ if !Q1.IsEqual(&Q) {
+ t.Error("not equal to Q")
+ return
+ }
+ }
+}
+
+func testMcl(t *testing.T, c int) {
+ err := Init(c)
+ if err != nil {
+ t.Fatal(err)
+ }
+ testHash(t)
+ testNegAdd(t)
+ testPairing(t)
+ testGT(t)
+ testBadPointOfG2(t)
+}
+
+func TestMclMain(t *testing.T) {
+ t.Logf("GetMaxOpUnitSize() = %d\n", GetMaxOpUnitSize())
+ t.Log("CurveFp254BNb")
+ testMcl(t, CurveFp254BNb)
+ if GetMaxOpUnitSize() == 6 {
+ if GetFrUnitSize() == 6 {
+ t.Log("CurveFp382_1")
+ testMcl(t, CurveFp382_1)
+ }
+ t.Log("BLS12_381")
+ testMcl(t, BLS12_381)
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/Bn256Test.java b/vendor/github.com/byzantine-lab/mcl/ffi/java/Bn256Test.java
new file mode 100644
index 000000000..b1f9f6f34
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/Bn256Test.java
@@ -0,0 +1,104 @@
+import java.io.*;
+import com.herumi.mcl.*;
+
+/*
+ Bn256Test
+*/
+public class Bn256Test {
+ static {
+ String lib = "mcl_bn256";
+ String libName = System.mapLibraryName(lib);
+ System.out.println("libName : " + libName);
+ System.loadLibrary(lib);
+ }
+ public static void assertEquals(String msg, String x, String y) {
+ if (x.equals(y)) {
+ System.out.println("OK : " + msg);
+ } else {
+ System.out.println("NG : " + msg + ", x = " + x + ", y = " + y);
+ }
+ }
+ public static void assertBool(String msg, boolean b) {
+ if (b) {
+ System.out.println("OK : " + msg);
+ } else {
+ System.out.println("NG : " + msg);
+ }
+ }
+ public static void main(String argv[]) {
+ try {
+ Bn256.SystemInit();
+ Fr x = new Fr(5);
+ Fr y = new Fr(-2);
+ Fr z = new Fr(5);
+ assertBool("x != y", !x.equals(y));
+ assertBool("x == z", x.equals(z));
+ assertEquals("x == 5", x.toString(), "5");
+ Bn256.add(x, x, y);
+ assertEquals("x == 3", x.toString(), "3");
+ Bn256.mul(x, x, x);
+ assertEquals("x == 9", x.toString(), "9");
+ G1 P = new G1();
+ System.out.println("P=" + P);
+ P.set("-1", "1");
+ System.out.println("P=" + P);
+ Bn256.neg(P, P);
+ System.out.println("P=" + P);
+
+ String xa = "12723517038133731887338407189719511622662176727675373276651903807414909099441";
+ String xb = "4168783608814932154536427934509895782246573715297911553964171371032945126671";
+ String ya = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
+ String yb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";
+
+ G2 Q = new G2(xa, xb, ya, yb);
+
+ P.hashAndMapToG1("This is a pen");
+ {
+ String s = P.toString();
+ G1 P1 = new G1();
+ P1.setStr(s);
+ assertBool("P == P1", P1.equals(P));
+ }
+
+ GT e = new GT();
+ Bn256.pairing(e, P, Q);
+ GT e1 = new GT();
+ GT e2 = new GT();
+ Fr c = new Fr("1234567890123234928348230428394234");
+ G2 cQ = new G2(Q);
+ Bn256.mul(cQ, Q, c); // cQ = Q * c
+ Bn256.pairing(e1, P, cQ);
+ Bn256.pow(e2, e, c); // e2 = e^c
+ assertBool("e1 == e2", e1.equals(e2));
+
+ G1 cP = new G1(P);
+ Bn256.mul(cP, P, c); // cP = P * c
+ Bn256.pairing(e1, cP, Q);
+ assertBool("e1 == e2", e1.equals(e2));
+
+ BLSsignature(Q);
+ } catch (RuntimeException e) {
+ System.out.println("unknown exception :" + e);
+ }
+ }
+ public static void BLSsignature(G2 Q)
+ {
+ Fr s = new Fr();
+ s.setRand(); // secret key
+ System.out.println("secret key " + s);
+ G2 pub = new G2();
+ Bn256.mul(pub, Q, s); // public key = sQ
+
+ String m = "signature test";
+ G1 H = new G1();
+ H.hashAndMapToG1(m); // H = Hash(m)
+ G1 sign = new G1();
+ Bn256.mul(sign, H, s); // signature of m = s H
+
+ GT e1 = new GT();
+ GT e2 = new GT();
+ Bn256.pairing(e1, H, pub); // e1 = e(H, s Q)
+ Bn256.pairing(e2, sign, Q); // e2 = e(s H, Q);
+ assertBool("verify signature", e1.equals(e2));
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/ElgamalTest.java b/vendor/github.com/byzantine-lab/mcl/ffi/java/ElgamalTest.java
new file mode 100644
index 000000000..0cf49e144
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/ElgamalTest.java
@@ -0,0 +1,144 @@
+import java.io.*;
+import com.herumi.mcl.*;
+
+/*
+ ElgamalTest [ecParam]
+ ecParam = secp192k1, NIST_P224, ...
+ hashParam = hash224, hash384, ...
+*/
+public class ElgamalTest {
+ static {
+ String lib = "mcl_elgamal";
+ String libName = System.mapLibraryName(lib);
+ System.out.println("libName : " + libName);
+ System.loadLibrary(lib);
+ }
+ public static void assertEquals(String msg, int x, int y) {
+ if (x == y) {
+ System.out.println("OK : " + msg);
+ } else {
+ System.out.println("NG : " + msg + ", x = " + x + ", y = " + y);
+ }
+ }
+ public static void assertBool(String msg, boolean b) {
+ if (b) {
+ System.out.println("OK : " + msg);
+ } else {
+ System.out.println("NG : " + msg);
+ }
+ }
+ public static void main(String argv[]) {
+ try {
+ String ecStr = "secp192k1";
+ String hashStr = "sha224";
+ for (int i = 0; i < argv.length; i++) {
+ if (argv[i].equals("-e") && i < argv.length - 1) {
+ ecStr = argv[i + 1];
+ i++;
+ } else
+ if (argv[i].equals("-h") && i < argv.length - 1) {
+ hashStr = argv[i + 1];
+ i++;
+ }
+ }
+ String param = ecStr + " " + hashStr;
+ System.out.println("param=" + param);
+ Elgamal.SystemInit(param);
+
+ String prvStr = "";
+ String pubStr = "";
+ {
+ PrivateKey prv = new PrivateKey();
+ prv.init();
+ prvStr = prv.toStr();
+ PublicKey pub = prv.getPublicKey();
+ pubStr = pub.toStr();
+ }
+ int m = 1234;
+ CipherText c = new CipherText();
+ PublicKey pub = new PublicKey();
+
+ pub.fromStr(pubStr);
+
+ pub.enc(c, m);
+
+ PrivateKey prv = new PrivateKey();
+ prv.fromStr(prvStr);
+ prv.setCache(0, 60000);
+
+ int dec = prv.dec(c);
+ // verify dec(enc(m)) == m
+ assertEquals("dec(enc(m)) == m", m, dec);
+
+ // verify toStr, fromStr
+ {
+ String cStr = c.toStr();
+ CipherText c2 = new CipherText();
+ c2.fromStr(cStr);
+ int dec2 = prv.dec(c2);
+ assertEquals("fromStr(toStr(CipherText) == CipherText", dec, dec2);
+ }
+
+ // verify dec(enc(str)) == str
+ pub.enc(c, "1234");
+ dec = prv.dec(c);
+ assertEquals("dec(enc(str)) == str", m, dec);
+
+ // verify dec(mul(enc(m), 3)) == m * 3
+ c.mul(3);
+ m *= 3;
+ dec = prv.dec(c);
+ assertEquals("mul(int)", m, dec);
+
+ // verify dec(mul(enc(m), "10")) == m * 10
+ c.mul("10");
+ m *= 10;
+ dec = prv.dec(c);
+ assertEquals("mul(str)", m, dec);
+
+ // convert str
+ {
+ String s = c.toStr();
+ CipherText c2 = new CipherText();
+ c2.fromStr(s);
+ dec = prv.dec(c);
+ assertEquals("fromStr", m, dec);
+ }
+ // rerandomize
+ pub.rerandomize(c);
+ dec = prv.dec(c);
+ assertEquals("rerandomize", m, dec);
+ int m2 = 12345;
+ // verify dec(add(enc(m), m2)) == m + m2
+ pub.add(c, m2);
+ m += m2;
+ dec = prv.dec(c);
+ assertEquals("pub.add(int)", m, dec);
+
+ pub.add(c, "993");
+ m += 993;
+ dec = prv.dec(c);
+ assertEquals("pub.add(str)", m, dec);
+
+ // string test
+ String m3 = "-2000000";
+ String m4 = "2001234";
+ CipherText c2 = new CipherText();
+ SWIGTYPE_p_bool b = Elgamal.new_p_bool();
+ pub.enc(c, m3);
+ dec = prv.dec(c, b);
+ assertBool("expect dec fail", !Elgamal.p_bool_value(b));
+ pub.enc(c2, m4);
+ dec = prv.dec(c2, b);
+ assertBool("expect dec fail", !Elgamal.p_bool_value(b));
+ c.add(c2); // m3 + m4
+
+ dec = prv.dec(c, b);
+ assertEquals("int add", 1234, dec);
+ assertBool("expect dec success", Elgamal.p_bool_value(b));
+ Elgamal.delete_p_bool(b);
+ } catch (RuntimeException e) {
+ System.out.println("unknown exception :" + e);
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/Makefile b/vendor/github.com/byzantine-lab/mcl/ffi/java/Makefile
new file mode 100644
index 000000000..d69c043fb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/Makefile
@@ -0,0 +1,64 @@
+TOP_DIR=../..
+include $(TOP_DIR)/common.mk
+ifeq ($(UNAME_S),Darwin)
+ JAVA_INC=-I/System/Library/Frameworks/JavaVM.framework/Versions/Current/Headers/
+else
+ JAVA_INC=-I/usr/lib/jvm/default-java/include
+#JAVA_INC=-I/usr/lib/jvm/java-7-openjdk-amd64/include
+ CFLAGS+=-z noexecstack
+ LDFLAGS+=-lrt
+endif
+CFLAGS+=$(JAVA_INC) $(JAVA_INC)/linux -I $(TOP_DIR)/include -I $(TOP_DIR)/../xbyak -I $(TOP_DIR)/../cybozulib/include -Wno-strict-aliasing
+MCL_LIB=$(TOP_DIR)/lib/libmcl.a
+
+PACKAGE_NAME=com.herumi.mcl
+PACKAGE_DIR=$(subst .,/,$(PACKAGE_NAME))
+
+ELGAMAL_LIB=$(TOP_DIR)/bin/libmcl_elgamal.$(LIB_SUF)
+BN256_LIB=$(TOP_DIR)/bin/libmcl_bn256.$(LIB_SUF)
+JAVA_EXE=cd $(TOP_DIR)/bin && LD_LIBRARY_PATH=./:$(LD_LIBRARY_PATH) java -classpath ../ffi/java
+all: $(ELGAMAL_LIB)
+
+elgamal_wrap.cxx: elgamal.i elgamal_impl.hpp
+ $(MKDIR) $(PACKAGE_DIR)
+ swig -java -package $(PACKAGE_NAME) -outdir $(PACKAGE_DIR) -c++ -Wall elgamal.i
+
+bn256_wrap.cxx: bn256.i bn256_impl.hpp
+ $(MKDIR) $(PACKAGE_DIR)
+ swig -java -package $(PACKAGE_NAME) -outdir $(PACKAGE_DIR) -c++ -Wall bn256.i
+
+$(MCL_LIB):
+ make -C $(TOP_DIR)
+
+$(ELGAMAL_LIB): elgamal_wrap.cxx $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(CFLAGS) $(LDFLAGS) $(MCL_LIB) -shared
+
+$(BN256_LIB): bn256_wrap.cxx $(MCL_LIB)
+ $(PRE)$(CXX) $< -o $@ $(CFLAGS) $(LDFLAGS) $(MCL_LIB) -shared
+
+%.class: %.java
+ javac $<
+
+ElgamalTest.class: ElgamalTest.java $(ELGAMAL_LIB)
+Bn256Test.class: Bn256Test.java $(BN256_LIB)
+
+jar:
+ jar cvf mcl.jar com
+
+test_elgamal: ElgamalTest.class $(ELGAMAL_LIB)
+ $(JAVA_EXE) ElgamalTest
+ $(JAVA_EXE) ElgamalTest -e NIST_P192
+ $(JAVA_EXE) ElgamalTest -e NIST_P256 -h sha256
+ $(JAVA_EXE) ElgamalTest -e NIST_P384 -h sha384
+ $(JAVA_EXE) ElgamalTest -e NIST_P521 -h sha512
+
+test_bn256: Bn256Test.class $(BN256_LIB)
+ $(JAVA_EXE) Bn256Test
+
+test:
+ $(MAKE) test_elgamal
+ $(MAKE) test_bn256
+
+clean:
+ rm -rf *.class $(ELGAMAL_LIB) $(PACKAGE_DIR)/*.class *_wrap.cxx
+
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256.i b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256.i
new file mode 100644
index 000000000..94a8edb7a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256.i
@@ -0,0 +1,31 @@
+%module Bn256
+
+%include "std_string.i"
+%include "std_except.i"
+
+
+%{
+#include <cybozu/random_generator.hpp>
+#include <cybozu/crypto.hpp>
+#include <mcl/bn256.hpp>
+struct Param {
+ cybozu::RandomGenerator rg;
+ static inline Param& getParam()
+ {
+ static Param p;
+ return p;
+ }
+};
+
+static void HashAndMapToG1(mcl::bn256::G1& P, const std::string& m)
+{
+ std::string digest = cybozu::crypto::Hash::digest(cybozu::crypto::Hash::N_SHA256, m);
+ mcl::bn256::Fp t;
+ t.setArrayMask(digest.c_str(), digest.size());
+ mcl::bn256::BN::param.mapTo.calcG1(P, t);
+}
+
+#include "bn256_impl.hpp"
+%}
+
+%include "bn256_impl.hpp"
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_impl.hpp b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_impl.hpp
new file mode 100644
index 000000000..c4caaf3ca
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_impl.hpp
@@ -0,0 +1,249 @@
+#include <mcl/bn256.hpp>
+#include <stdint.h>
+#include <sstream>
+
+void SystemInit() throw(std::exception)
+{
+ mcl::bn256::initPairing();
+}
+
+class G1;
+class G2;
+class GT;
+/*
+ Fr = Z / rZ
+*/
+class Fr {
+ mcl::bn256::Fr self_;
+ friend class G1;
+ friend class G2;
+ friend class GT;
+ friend void neg(Fr& y, const Fr& x);
+ friend void add(Fr& z, const Fr& x, const Fr& y);
+ friend void sub(Fr& z, const Fr& x, const Fr& y);
+ friend void mul(Fr& z, const Fr& x, const Fr& y);
+ friend void mul(G1& z, const G1& x, const Fr& y);
+ friend void mul(G2& z, const G2& x, const Fr& y);
+ friend void div(Fr& z, const Fr& x, const Fr& y);
+ friend void pow(GT& z, const GT& x, const Fr& y);
+public:
+ Fr() {}
+ Fr(const Fr& rhs) : self_(rhs.self_) {}
+ Fr(int x) : self_(x) {}
+ Fr(const std::string& str) throw(std::exception)
+ : self_(str) {}
+ bool equals(const Fr& rhs) const { return self_ == rhs.self_; }
+ void setStr(const std::string& str) throw(std::exception)
+ {
+ self_.setStr(str);
+ }
+ void setInt(int x)
+ {
+ self_ = x;
+ }
+ void clear()
+ {
+ self_.clear();
+ }
+ void setRand()
+ {
+ self_.setRand(Param::getParam().rg);
+ }
+ std::string toString() const throw(std::exception)
+ {
+ return self_.getStr();
+ }
+};
+
+void neg(Fr& y, const Fr& x)
+{
+ mcl::bn256::Fr::neg(y.self_, x.self_);
+}
+
+void add(Fr& z, const Fr& x, const Fr& y)
+{
+ mcl::bn256::Fr::add(z.self_, x.self_, y.self_);
+}
+
+void sub(Fr& z, const Fr& x, const Fr& y)
+{
+ mcl::bn256::Fr::sub(z.self_, x.self_, y.self_);
+}
+
+void mul(Fr& z, const Fr& x, const Fr& y)
+{
+ mcl::bn256::Fr::mul(z.self_, x.self_, y.self_);
+}
+
+void div(Fr& z, const Fr& x, const Fr& y)
+{
+ mcl::bn256::Fr::div(z.self_, x.self_, y.self_);
+}
+
+/*
+ #G1 = r
+*/
+class G1 {
+ mcl::bn256::G1 self_;
+ friend void neg(G1& y, const G1& x);
+ friend void dbl(G1& y, const G1& x);
+ friend void add(G1& z, const G1& x, const G1& y);
+ friend void sub(G1& z, const G1& x, const G1& y);
+ friend void mul(G1& z, const G1& x, const Fr& y);
+ friend void pairing(GT& e, const G1& P, const G2& Q);
+public:
+ G1() {}
+ G1(const G1& rhs) : self_(rhs.self_) {}
+ G1(const std::string& x, const std::string& y) throw(std::exception)
+ : self_(mcl::bn256::Fp(x), mcl::bn256::Fp(y))
+ {
+ }
+ bool equals(const G1& rhs) const { return self_ == rhs.self_; }
+ void set(const std::string& x, const std::string& y)
+ {
+ self_.set(mcl::bn256::Fp(x), mcl::bn256::Fp(y));
+ }
+ void hashAndMapToG1(const std::string& m) throw(std::exception)
+ {
+ HashAndMapToG1(self_, m);
+ }
+ void clear()
+ {
+ self_.clear();
+ }
+ /*
+ compressed format
+ */
+ void setStr(const std::string& str) throw(std::exception)
+ {
+ self_.setStr(str);
+ }
+ std::string toString() const throw(std::exception)
+ {
+ return self_.getStr();
+ }
+};
+
+void neg(G1& y, const G1& x)
+{
+ mcl::bn256::G1::neg(y.self_, x.self_);
+}
+void dbl(G1& y, const G1& x)
+{
+ mcl::bn256::G1::dbl(y.self_, x.self_);
+}
+void add(G1& z, const G1& x, const G1& y)
+{
+ mcl::bn256::G1::add(z.self_, x.self_, y.self_);
+}
+void sub(G1& z, const G1& x, const G1& y)
+{
+ mcl::bn256::G1::sub(z.self_, x.self_, y.self_);
+}
+void mul(G1& z, const G1& x, const Fr& y)
+{
+ mcl::bn256::G1::mul(z.self_, x.self_, y.self_);
+}
+
+/*
+ #G2 = r
+*/
+class G2 {
+ mcl::bn256::G2 self_;
+ friend void neg(G2& y, const G2& x);
+ friend void dbl(G2& y, const G2& x);
+ friend void add(G2& z, const G2& x, const G2& y);
+ friend void sub(G2& z, const G2& x, const G2& y);
+ friend void mul(G2& z, const G2& x, const Fr& y);
+ friend void pairing(GT& e, const G1& P, const G2& Q);
+public:
+ G2() {}
+ G2(const G2& rhs) : self_(rhs.self_) {}
+ G2(const std::string& xa, const std::string& xb, const std::string& ya, const std::string& yb) throw(std::exception)
+ : self_(mcl::bn256::Fp2(xa, xb), mcl::bn256::Fp2(ya, yb))
+ {
+ }
+ bool equals(const G2& rhs) const { return self_ == rhs.self_; }
+ void set(const std::string& xa, const std::string& xb, const std::string& ya, const std::string& yb)
+ {
+ self_.set(mcl::bn256::Fp2(xa, xb), mcl::bn256::Fp2(ya, yb));
+ }
+ void clear()
+ {
+ self_.clear();
+ }
+ /*
+ compressed format
+ */
+ void setStr(const std::string& str) throw(std::exception)
+ {
+ self_.setStr(str);
+ }
+ std::string toString() const throw(std::exception)
+ {
+ return self_.getStr();
+ }
+};
+
+void neg(G2& y, const G2& x)
+{
+ mcl::bn256::G2::neg(y.self_, x.self_);
+}
+void dbl(G2& y, const G2& x)
+{
+ mcl::bn256::G2::dbl(y.self_, x.self_);
+}
+void add(G2& z, const G2& x, const G2& y)
+{
+ mcl::bn256::G2::add(z.self_, x.self_, y.self_);
+}
+void sub(G2& z, const G2& x, const G2& y)
+{
+ mcl::bn256::G2::sub(z.self_, x.self_, y.self_);
+}
+void mul(G2& z, const G2& x, const Fr& y)
+{
+ mcl::bn256::G2::mul(z.self_, x.self_, y.self_);
+}
+
+/*
+ #GT = r
+*/
+class GT {
+ mcl::bn256::Fp12 self_;
+ friend void mul(GT& z, const GT& x, const GT& y);
+ friend void pow(GT& z, const GT& x, const Fr& y);
+ friend void pairing(GT& e, const G1& P, const G2& Q);
+public:
+ GT() {}
+ GT(const GT& rhs) : self_(rhs.self_) {}
+ bool equals(const GT& rhs) const { return self_ == rhs.self_; }
+ void clear()
+ {
+ self_.clear();
+ }
+ void setStr(const std::string& str) throw(std::exception)
+ {
+ std::istringstream iss(str);
+ iss >> self_;
+ }
+ std::string toString() const throw(std::exception)
+ {
+ std::ostringstream oss;
+ oss << self_;
+ return oss.str();
+ }
+};
+
+void mul(GT& z, const GT& x, const GT& y)
+{
+ mcl::bn256::Fp12::mul(z.self_, x.self_, y.self_);
+}
+void pow(GT& z, const GT& x, const Fr& y)
+{
+ mcl::bn256::Fp12::pow(z.self_, x.self_, y.self_);
+}
+void pairing(GT& e, const G1& P, const G2& Q)
+{
+ mcl::bn256::pairing(e.self_, P.self_, Q.self_);
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_wrap.cxx b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_wrap.cxx
new file mode 100644
index 000000000..0c8257af5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/bn256_wrap.cxx
@@ -0,0 +1,1542 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 3.0.12
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+
+#ifndef SWIGJAVA
+#define SWIGJAVA
+#endif
+
+
+
+#ifdef __cplusplus
+/* SwigValueWrapper is described in swig.swg */
+template<typename T> class SwigValueWrapper {
+ struct SwigMovePointer {
+ T *ptr;
+ SwigMovePointer(T *p) : ptr(p) { }
+ ~SwigMovePointer() { delete ptr; }
+ SwigMovePointer& operator=(SwigMovePointer& rhs) { T* oldptr = ptr; ptr = 0; delete oldptr; ptr = rhs.ptr; rhs.ptr = 0; return *this; }
+ } pointer;
+ SwigValueWrapper& operator=(const SwigValueWrapper<T>& rhs);
+ SwigValueWrapper(const SwigValueWrapper<T>& rhs);
+public:
+ SwigValueWrapper() : pointer(0) { }
+ SwigValueWrapper& operator=(const T& t) { SwigMovePointer tmp(new T(t)); pointer = tmp; return *this; }
+ operator T&() const { return *pointer.ptr; }
+ T *operator&() { return pointer.ptr; }
+};
+
+template <typename T> T SwigValueInit() {
+ return T();
+}
+#endif
+
+/* -----------------------------------------------------------------------------
+ * This section contains generic SWIG labels for method/variable
+ * declarations/attributes, and other compiler dependent labels.
+ * ----------------------------------------------------------------------------- */
+
+/* template workaround for compilers that cannot correctly implement the C++ standard */
+#ifndef SWIGTEMPLATEDISAMBIGUATOR
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# else
+# define SWIGTEMPLATEDISAMBIGUATOR
+# endif
+#endif
+
+/* inline attribute */
+#ifndef SWIGINLINE
+# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__))
+# define SWIGINLINE inline
+# else
+# define SWIGINLINE
+# endif
+#endif
+
+/* attribute recognised by some compilers to avoid 'unused' warnings */
+#ifndef SWIGUNUSED
+# if defined(__GNUC__)
+# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+# elif defined(__ICC)
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+#endif
+
+#ifndef SWIG_MSC_UNSUPPRESS_4505
+# if defined(_MSC_VER)
+# pragma warning(disable : 4505) /* unreferenced local function has been removed */
+# endif
+#endif
+
+#ifndef SWIGUNUSEDPARM
+# ifdef __cplusplus
+# define SWIGUNUSEDPARM(p)
+# else
+# define SWIGUNUSEDPARM(p) p SWIGUNUSED
+# endif
+#endif
+
+/* internal SWIG method */
+#ifndef SWIGINTERN
+# define SWIGINTERN static SWIGUNUSED
+#endif
+
+/* internal inline SWIG method */
+#ifndef SWIGINTERNINLINE
+# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE
+#endif
+
+/* exporting methods */
+#if defined(__GNUC__)
+# if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# ifndef GCC_HASCLASSVISIBILITY
+# define GCC_HASCLASSVISIBILITY
+# endif
+# endif
+#endif
+
+#ifndef SWIGEXPORT
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# if defined(STATIC_LINKED)
+# define SWIGEXPORT
+# else
+# define SWIGEXPORT __declspec(dllexport)
+# endif
+# else
+# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY)
+# define SWIGEXPORT __attribute__ ((visibility("default")))
+# else
+# define SWIGEXPORT
+# endif
+# endif
+#endif
+
+/* calling conventions for Windows */
+#ifndef SWIGSTDCALL
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# define SWIGSTDCALL __stdcall
+# else
+# define SWIGSTDCALL
+# endif
+#endif
+
+/* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+# define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Apple's deprecated 'AssertMacros.h' from Carbon-framework */
+#if defined(__APPLE__) && !defined(__ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORES)
+# define __ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORES 0
+#endif
+
+/* Intel's compiler complains if a variable which was never initialised is
+ * cast to void, which is a common idiom which we use to indicate that we
+ * are aware a variable isn't used. So we just silence that warning.
+ * See: https://github.com/swig/swig/issues/192 for more discussion.
+ */
+#ifdef __INTEL_COMPILER
+# pragma warning disable 592
+#endif
+
+
+/* Fix for jlong on some versions of gcc on Windows */
+#if defined(__GNUC__) && !defined(__INTEL_COMPILER)
+ typedef long long __int64;
+#endif
+
+/* Fix for jlong on 64-bit x86 Solaris */
+#if defined(__x86_64)
+# ifdef _LP64
+# undef _LP64
+# endif
+#endif
+
+#include <jni.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+/* Support for throwing Java exceptions */
+typedef enum {
+ SWIG_JavaOutOfMemoryError = 1,
+ SWIG_JavaIOException,
+ SWIG_JavaRuntimeException,
+ SWIG_JavaIndexOutOfBoundsException,
+ SWIG_JavaArithmeticException,
+ SWIG_JavaIllegalArgumentException,
+ SWIG_JavaNullPointerException,
+ SWIG_JavaDirectorPureVirtual,
+ SWIG_JavaUnknownError
+} SWIG_JavaExceptionCodes;
+
+typedef struct {
+ SWIG_JavaExceptionCodes code;
+ const char *java_exception;
+} SWIG_JavaExceptions_t;
+
+
+static void SWIGUNUSED SWIG_JavaThrowException(JNIEnv *jenv, SWIG_JavaExceptionCodes code, const char *msg) {
+ jclass excep;
+ static const SWIG_JavaExceptions_t java_exceptions[] = {
+ { SWIG_JavaOutOfMemoryError, "java/lang/OutOfMemoryError" },
+ { SWIG_JavaIOException, "java/io/IOException" },
+ { SWIG_JavaRuntimeException, "java/lang/RuntimeException" },
+ { SWIG_JavaIndexOutOfBoundsException, "java/lang/IndexOutOfBoundsException" },
+ { SWIG_JavaArithmeticException, "java/lang/ArithmeticException" },
+ { SWIG_JavaIllegalArgumentException, "java/lang/IllegalArgumentException" },
+ { SWIG_JavaNullPointerException, "java/lang/NullPointerException" },
+ { SWIG_JavaDirectorPureVirtual, "java/lang/RuntimeException" },
+ { SWIG_JavaUnknownError, "java/lang/UnknownError" },
+ { (SWIG_JavaExceptionCodes)0, "java/lang/UnknownError" }
+ };
+ const SWIG_JavaExceptions_t *except_ptr = java_exceptions;
+
+ while (except_ptr->code != code && except_ptr->code)
+ except_ptr++;
+
+ jenv->ExceptionClear();
+ excep = jenv->FindClass(except_ptr->java_exception);
+ if (excep)
+ jenv->ThrowNew(excep, msg);
+}
+
+
+/* Contract support */
+
+#define SWIG_contract_assert(nullreturn, expr, msg) if (!(expr)) {SWIG_JavaThrowException(jenv, SWIG_JavaIllegalArgumentException, msg); return nullreturn; } else
+
+
+#include <string>
+
+
+#include <typeinfo>
+#include <stdexcept>
+
+
+#include <cybozu/random_generator.hpp>
+#include <cybozu/crypto.hpp>
+#include <mcl/bn256.hpp>
+struct Param {
+ cybozu::RandomGenerator rg;
+ static inline Param& getParam()
+ {
+ static Param p;
+ return p;
+ }
+};
+
+static void HashAndMapToG1(mcl::bn256::G1& P, const std::string& m)
+{
+ std::string digest = cybozu::crypto::Hash::digest(cybozu::crypto::Hash::N_SHA256, m);
+ mcl::bn256::Fp t;
+ t.setArrayMask(digest.c_str(), digest.size());
+ mcl::bn256::BN::param.mapTo.calcG1(P, t);
+}
+
+#include "bn256_impl.hpp"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_SystemInit(JNIEnv *jenv, jclass jcls) {
+ (void)jenv;
+ (void)jcls;
+ try {
+ SystemInit();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_neg_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ Fr *arg1 = 0 ;
+ Fr *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr & reference is null");
+ return ;
+ }
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ neg(*arg1,(Fr const &)*arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_add_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ Fr *arg1 = 0 ;
+ Fr *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr & reference is null");
+ return ;
+ }
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ add(*arg1,(Fr const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ Fr *arg1 = 0 ;
+ Fr *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr & reference is null");
+ return ;
+ }
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ sub(*arg1,(Fr const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_mul_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ Fr *arg1 = 0 ;
+ Fr *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr & reference is null");
+ return ;
+ }
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ mul(*arg1,(Fr const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_mul_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G1 *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ mul(*arg1,(G1 const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_mul_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G2 *arg1 = 0 ;
+ G2 *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 & reference is null");
+ return ;
+ }
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ mul(*arg1,(G2 const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_div(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ Fr *arg1 = 0 ;
+ Fr *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr & reference is null");
+ return ;
+ }
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ div(*arg1,(Fr const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pow(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ GT *arg1 = 0 ;
+ GT *arg2 = 0 ;
+ Fr *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(GT **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null");
+ return ;
+ }
+ arg2 = *(GT **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT const & reference is null");
+ return ;
+ }
+ arg3 = *(Fr **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return ;
+ }
+ pow(*arg1,(GT const &)*arg2,(Fr const &)*arg3);
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1Fr_1_1SWIG_10(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ Fr *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (Fr *)new Fr();
+ *(Fr **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1Fr_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jlong jresult = 0 ;
+ Fr *arg1 = 0 ;
+ Fr *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return 0;
+ }
+ result = (Fr *)new Fr((Fr const &)*arg1);
+ *(Fr **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1Fr_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jint jarg1) {
+ jlong jresult = 0 ;
+ int arg1 ;
+ Fr *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = (int)jarg1;
+ result = (Fr *)new Fr(arg1);
+ *(Fr **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1Fr_1_1SWIG_13(JNIEnv *jenv, jclass jcls, jstring jarg1) {
+ jlong jresult = 0 ;
+ std::string *arg1 = 0 ;
+ Fr *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ if(!jarg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg1_pstr = (const char *)jenv->GetStringUTFChars(jarg1, 0);
+ if (!arg1_pstr) return 0;
+ std::string arg1_str(arg1_pstr);
+ arg1 = &arg1_str;
+ jenv->ReleaseStringUTFChars(jarg1, arg1_pstr);
+ try {
+ result = (Fr *)new Fr((std::string const &)*arg1);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ *(Fr **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jboolean JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1equals(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ jboolean jresult = 0 ;
+ Fr *arg1 = (Fr *) 0 ;
+ Fr *arg2 = 0 ;
+ bool result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(Fr **)&jarg1;
+ arg2 = *(Fr **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "Fr const & reference is null");
+ return 0;
+ }
+ result = (bool)((Fr const *)arg1)->equals((Fr const &)*arg2);
+ jresult = (jboolean)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1setStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ Fr *arg1 = (Fr *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->setStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1setInt(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jint jarg2) {
+ Fr *arg1 = (Fr *) 0 ;
+ int arg2 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ arg2 = (int)jarg2;
+ (arg1)->setInt(arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1clear(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ Fr *arg1 = (Fr *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ (arg1)->clear();
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1setRand(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ Fr *arg1 = (Fr *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ (arg1)->setRand();
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_Bn256JNI_Fr_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ Fr *arg1 = (Fr *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(Fr **)&jarg1;
+ try {
+ result = ((Fr const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_delete_1Fr(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ Fr *arg1 = (Fr *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(Fr **)&jarg1;
+ delete arg1;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_neg_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ G1 *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ neg(*arg1,(G1 const &)*arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_dbl_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ G1 *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ dbl(*arg1,(G1 const &)*arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_add_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G1 *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+ G1 *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ arg3 = *(G1 **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ add(*arg1,(G1 const &)*arg2,(G1 const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G1 *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+ G1 *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ arg3 = *(G1 **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ sub(*arg1,(G1 const &)*arg2,(G1 const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_pairing(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ GT *arg1 = 0 ;
+ G1 *arg2 = 0 ;
+ G2 *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(GT **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null");
+ return ;
+ }
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return ;
+ }
+ arg3 = *(G2 **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ pairing(*arg1,(G1 const &)*arg2,(G2 const &)*arg3);
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G1_1_1SWIG_10(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ G1 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (G1 *)new G1();
+ *(G1 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G1_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jlong jresult = 0 ;
+ G1 *arg1 = 0 ;
+ G1 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return 0;
+ }
+ result = (G1 *)new G1((G1 const &)*arg1);
+ *(G1 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G1_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jstring jarg1, jstring jarg2) {
+ jlong jresult = 0 ;
+ std::string *arg1 = 0 ;
+ std::string *arg2 = 0 ;
+ G1 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ if(!jarg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg1_pstr = (const char *)jenv->GetStringUTFChars(jarg1, 0);
+ if (!arg1_pstr) return 0;
+ std::string arg1_str(arg1_pstr);
+ arg1 = &arg1_str;
+ jenv->ReleaseStringUTFChars(jarg1, arg1_pstr);
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return 0;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ result = (G1 *)new G1((std::string const &)*arg1,(std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ *(G1 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jboolean JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1equals(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ jboolean jresult = 0 ;
+ G1 *arg1 = (G1 *) 0 ;
+ G1 *arg2 = 0 ;
+ bool result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G1 **)&jarg1;
+ arg2 = *(G1 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G1 const & reference is null");
+ return 0;
+ }
+ result = (bool)((G1 const *)arg1)->equals((G1 const &)*arg2);
+ jresult = (jboolean)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1set(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2, jstring jarg3) {
+ G1 *arg1 = (G1 *) 0 ;
+ std::string *arg2 = 0 ;
+ std::string *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ if(!jarg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg3_pstr = (const char *)jenv->GetStringUTFChars(jarg3, 0);
+ if (!arg3_pstr) return ;
+ std::string arg3_str(arg3_pstr);
+ arg3 = &arg3_str;
+ jenv->ReleaseStringUTFChars(jarg3, arg3_pstr);
+ (arg1)->set((std::string const &)*arg2,(std::string const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1hashAndMapToG1(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ G1 *arg1 = (G1 *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->hashAndMapToG1((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1clear(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ G1 *arg1 = (G1 *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ (arg1)->clear();
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1setStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ G1 *arg1 = (G1 *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->setStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_Bn256JNI_G1_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ G1 *arg1 = (G1 *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G1 **)&jarg1;
+ try {
+ result = ((G1 const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_delete_1G1(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ G1 *arg1 = (G1 *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(G1 **)&jarg1;
+ delete arg1;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_neg_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ G2 *arg1 = 0 ;
+ G2 *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 & reference is null");
+ return ;
+ }
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ neg(*arg1,(G2 const &)*arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_dbl_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ G2 *arg1 = 0 ;
+ G2 *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 & reference is null");
+ return ;
+ }
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ dbl(*arg1,(G2 const &)*arg2);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_add_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G2 *arg1 = 0 ;
+ G2 *arg2 = 0 ;
+ G2 *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 & reference is null");
+ return ;
+ }
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ arg3 = *(G2 **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ add(*arg1,(G2 const &)*arg2,(G2 const &)*arg3);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_sub_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ G2 *arg1 = 0 ;
+ G2 *arg2 = 0 ;
+ G2 *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 & reference is null");
+ return ;
+ }
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ arg3 = *(G2 **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return ;
+ }
+ sub(*arg1,(G2 const &)*arg2,(G2 const &)*arg3);
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G2_1_1SWIG_10(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ G2 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (G2 *)new G2();
+ *(G2 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G2_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jlong jresult = 0 ;
+ G2 *arg1 = 0 ;
+ G2 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G2 **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return 0;
+ }
+ result = (G2 *)new G2((G2 const &)*arg1);
+ *(G2 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1G2_1_1SWIG_12(JNIEnv *jenv, jclass jcls, jstring jarg1, jstring jarg2, jstring jarg3, jstring jarg4) {
+ jlong jresult = 0 ;
+ std::string *arg1 = 0 ;
+ std::string *arg2 = 0 ;
+ std::string *arg3 = 0 ;
+ std::string *arg4 = 0 ;
+ G2 *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ if(!jarg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg1_pstr = (const char *)jenv->GetStringUTFChars(jarg1, 0);
+ if (!arg1_pstr) return 0;
+ std::string arg1_str(arg1_pstr);
+ arg1 = &arg1_str;
+ jenv->ReleaseStringUTFChars(jarg1, arg1_pstr);
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return 0;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ if(!jarg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg3_pstr = (const char *)jenv->GetStringUTFChars(jarg3, 0);
+ if (!arg3_pstr) return 0;
+ std::string arg3_str(arg3_pstr);
+ arg3 = &arg3_str;
+ jenv->ReleaseStringUTFChars(jarg3, arg3_pstr);
+ if(!jarg4) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return 0;
+ }
+ const char *arg4_pstr = (const char *)jenv->GetStringUTFChars(jarg4, 0);
+ if (!arg4_pstr) return 0;
+ std::string arg4_str(arg4_pstr);
+ arg4 = &arg4_str;
+ jenv->ReleaseStringUTFChars(jarg4, arg4_pstr);
+ try {
+ result = (G2 *)new G2((std::string const &)*arg1,(std::string const &)*arg2,(std::string const &)*arg3,(std::string const &)*arg4);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ *(G2 **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jboolean JNICALL Java_com_herumi_mcl_Bn256JNI_G2_1equals(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ jboolean jresult = 0 ;
+ G2 *arg1 = (G2 *) 0 ;
+ G2 *arg2 = 0 ;
+ bool result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(G2 **)&jarg1;
+ arg2 = *(G2 **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "G2 const & reference is null");
+ return 0;
+ }
+ result = (bool)((G2 const *)arg1)->equals((G2 const &)*arg2);
+ jresult = (jboolean)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G2_1set(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2, jstring jarg3, jstring jarg4, jstring jarg5) {
+ G2 *arg1 = (G2 *) 0 ;
+ std::string *arg2 = 0 ;
+ std::string *arg3 = 0 ;
+ std::string *arg4 = 0 ;
+ std::string *arg5 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G2 **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ if(!jarg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg3_pstr = (const char *)jenv->GetStringUTFChars(jarg3, 0);
+ if (!arg3_pstr) return ;
+ std::string arg3_str(arg3_pstr);
+ arg3 = &arg3_str;
+ jenv->ReleaseStringUTFChars(jarg3, arg3_pstr);
+ if(!jarg4) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg4_pstr = (const char *)jenv->GetStringUTFChars(jarg4, 0);
+ if (!arg4_pstr) return ;
+ std::string arg4_str(arg4_pstr);
+ arg4 = &arg4_str;
+ jenv->ReleaseStringUTFChars(jarg4, arg4_pstr);
+ if(!jarg5) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg5_pstr = (const char *)jenv->GetStringUTFChars(jarg5, 0);
+ if (!arg5_pstr) return ;
+ std::string arg5_str(arg5_pstr);
+ arg5 = &arg5_str;
+ jenv->ReleaseStringUTFChars(jarg5, arg5_pstr);
+ (arg1)->set((std::string const &)*arg2,(std::string const &)*arg3,(std::string const &)*arg4,(std::string const &)*arg5);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G2_1clear(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ G2 *arg1 = (G2 *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G2 **)&jarg1;
+ (arg1)->clear();
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_G2_1setStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ G2 *arg1 = (G2 *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G2 **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->setStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_Bn256JNI_G2_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ G2 *arg1 = (G2 *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(G2 **)&jarg1;
+ try {
+ result = ((G2 const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_delete_1G2(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ G2 *arg1 = (G2 *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(G2 **)&jarg1;
+ delete arg1;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_mul_1_1SWIG_13(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3, jobject jarg3_) {
+ GT *arg1 = 0 ;
+ GT *arg2 = 0 ;
+ GT *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ (void)jarg3_;
+ arg1 = *(GT **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT & reference is null");
+ return ;
+ }
+ arg2 = *(GT **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT const & reference is null");
+ return ;
+ }
+ arg3 = *(GT **)&jarg3;
+ if (!arg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT const & reference is null");
+ return ;
+ }
+ mul(*arg1,(GT const &)*arg2,(GT const &)*arg3);
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1GT_1_1SWIG_10(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ GT *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (GT *)new GT();
+ *(GT **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_Bn256JNI_new_1GT_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jlong jresult = 0 ;
+ GT *arg1 = 0 ;
+ GT *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(GT **)&jarg1;
+ if (!arg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT const & reference is null");
+ return 0;
+ }
+ result = (GT *)new GT((GT const &)*arg1);
+ *(GT **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jboolean JNICALL Java_com_herumi_mcl_Bn256JNI_GT_1equals(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ jboolean jresult = 0 ;
+ GT *arg1 = (GT *) 0 ;
+ GT *arg2 = 0 ;
+ bool result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(GT **)&jarg1;
+ arg2 = *(GT **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "GT const & reference is null");
+ return 0;
+ }
+ result = (bool)((GT const *)arg1)->equals((GT const &)*arg2);
+ jresult = (jboolean)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_GT_1clear(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ GT *arg1 = (GT *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(GT **)&jarg1;
+ (arg1)->clear();
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_GT_1setStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ GT *arg1 = (GT *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(GT **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->setStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_Bn256JNI_GT_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ GT *arg1 = (GT *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(GT **)&jarg1;
+ try {
+ result = ((GT const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_Bn256JNI_delete_1GT(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ GT *arg1 = (GT *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(GT **)&jarg1;
+ delete arg1;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal.i b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal.i
new file mode 100644
index 000000000..410723174
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal.i
@@ -0,0 +1,28 @@
+%module Elgamal
+
+%include "std_string.i"
+%include "std_except.i"
+
+
+%{
+#include <cybozu/random_generator.hpp>
+#include <cybozu/crypto.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/ecparam.hpp>
+struct Param {
+const mcl::EcParam *ecParam;
+cybozu::RandomGenerator rg;
+cybozu::crypto::Hash::Name hashName;
+static inline Param& getParam()
+{
+ static Param p;
+ return p;
+}
+};
+
+#include "elgamal_impl.hpp"
+%}
+%include cpointer.i
+%pointer_functions(bool, p_bool);
+
+%include "elgamal_impl.hpp"
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_impl.hpp b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_impl.hpp
new file mode 100644
index 000000000..dbf2ba64e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_impl.hpp
@@ -0,0 +1,147 @@
+#pragma once
+//#define MCL_MAX_BIT_SIZE 521
+#include <iostream>
+#include <fstream>
+#include <cybozu/random_generator.hpp>
+#include <cybozu/crypto.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/ecparam.hpp>
+#include <mcl/elgamal.hpp>
+
+typedef mcl::FpT<mcl::FpTag, 521> Fp;
+typedef mcl::FpT<mcl::ZnTag, 521> Zn;
+typedef mcl::EcT<Fp> Ec;
+typedef mcl::ElgamalT<Ec, Zn> Elgamal;
+
+/*
+ init system
+ @param param [in] string such as "ecParamName hashName"
+ @note NOT thread safe because setting global parameters of elliptic curve
+ ex1) "secp192k1 sha256" // 192bit security + sha256
+ ex2) "secp160k1 sha1" // 160bit security + sha1
+ hashName : sha1 sha224 sha256 sha384 sha512
+*/
+void SystemInit(const std::string& param) throw(std::exception)
+{
+ std::istringstream iss(param);
+ std::string ecParamStr;
+ std::string hashNameStr;
+ if (iss >> ecParamStr >> hashNameStr) {
+ Param& p = Param::getParam();
+ p.ecParam = mcl::getEcParam(ecParamStr);
+ Zn::init(p.ecParam->n);
+ Fp::init(p.ecParam->p);
+ Ec::init(p.ecParam->a, p.ecParam->b);
+ p.hashName = cybozu::crypto::Hash::getName(hashNameStr);
+ return;
+ }
+ throw cybozu::Exception("SystemInit:bad param") << param;
+}
+
+class CipherText {
+ Elgamal::CipherText self_;
+ friend class PublicKey;
+ friend class PrivateKey;
+public:
+ std::string toStr() const throw(std::exception) { return self_.toStr(); }
+ std::string toString() const throw(std::exception) { return toStr(); }
+ void fromStr(const std::string& str) throw(std::exception) { self_.fromStr(str); }
+
+ void add(const CipherText& c) throw(std::exception) { self_.add(c.self_); }
+ void mul(int m) throw(std::exception)
+ {
+ self_.mul(m);
+ }
+ void mul(const std::string& str) throw(std::exception)
+ {
+ Zn zn(str);
+ self_.mul(zn);
+ }
+};
+
+class PublicKey {
+ Elgamal::PublicKey self_;
+ friend class PrivateKey;
+public:
+ std::string toStr() const throw(std::exception) { return self_.toStr(); }
+ std::string toString() const throw(std::exception) { return toStr(); }
+ void fromStr(const std::string& str) throw(std::exception) { self_.fromStr(str); }
+
+ void save(const std::string& fileName) const throw(std::exception)
+ {
+ std::ofstream ofs(fileName.c_str(), std::ios::binary);
+ if (!(ofs << self_)) throw cybozu::Exception("PublicKey:save") << fileName;
+ }
+ void load(const std::string& fileName) throw(std::exception)
+ {
+ std::ifstream ifs(fileName.c_str(), std::ios::binary);
+ if (!(ifs >> self_)) throw cybozu::Exception("PublicKey:load") << fileName;
+ }
+ void enc(CipherText& c, int m) const throw(std::exception)
+ {
+ self_.enc(c.self_, m, Param::getParam().rg);
+ }
+ void enc(CipherText& c, const std::string& str) const throw(std::exception)
+ {
+ Zn zn(str);
+ self_.enc(c.self_, zn, Param::getParam().rg);
+ }
+ void rerandomize(CipherText& c) const throw(std::exception)
+ {
+ self_.rerandomize(c.self_, Param::getParam().rg);
+ }
+ void add(CipherText& c, int m) const throw(std::exception)
+ {
+ self_.add(c.self_, m);
+ }
+ void add(CipherText& c, const std::string& str) const throw(std::exception)
+ {
+ Zn zn(str);
+ self_.add(c.self_, zn);
+ }
+};
+
+class PrivateKey {
+ Elgamal::PrivateKey self_;
+public:
+ std::string toStr() const throw(std::exception) { return self_.toStr(); }
+ std::string toString() const throw(std::exception) { return toStr(); }
+ void fromStr(const std::string& str) throw(std::exception) { self_.fromStr(str); }
+
+ void save(const std::string& fileName) const throw(std::exception)
+ {
+ std::ofstream ofs(fileName.c_str(), std::ios::binary);
+ if (!(ofs << self_)) throw cybozu::Exception("PrivateKey:save") << fileName;
+ }
+ void load(const std::string& fileName) throw(std::exception)
+ {
+ std::ifstream ifs(fileName.c_str(), std::ios::binary);
+ if (!(ifs >> self_)) throw cybozu::Exception("PrivateKey:load") << fileName;
+ }
+ void init() throw(std::exception)
+ {
+ Param& p = Param::getParam();
+ const Fp x0(p.ecParam->gx);
+ const Fp y0(p.ecParam->gy);
+ Ec P(x0, y0);
+ self_.init(P, Zn::getBitSize(), p.rg);
+ }
+ PublicKey getPublicKey() const throw(std::exception)
+ {
+ PublicKey ret;
+ ret.self_ = self_.getPublicKey();
+ return ret;
+ }
+ int dec(const CipherText& c, bool *b = 0) const throw(std::exception)
+ {
+ return self_.dec(c.self_, b);
+ }
+ void setCache(int rangeMin, int rangeMax) throw(std::exception)
+ {
+ self_.setCache(rangeMin, rangeMax);
+ }
+ void clearCache() throw(std::exception)
+ {
+ self_.clearCache();
+ }
+};
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_wrap.cxx b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_wrap.cxx
new file mode 100644
index 000000000..38d05f489
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/elgamal_wrap.cxx
@@ -0,0 +1,1129 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 3.0.12
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+
+#ifndef SWIGJAVA
+#define SWIGJAVA
+#endif
+
+
+
+#ifdef __cplusplus
+/* SwigValueWrapper is described in swig.swg */
+template<typename T> class SwigValueWrapper {
+ struct SwigMovePointer {
+ T *ptr;
+ SwigMovePointer(T *p) : ptr(p) { }
+ ~SwigMovePointer() { delete ptr; }
+ SwigMovePointer& operator=(SwigMovePointer& rhs) { T* oldptr = ptr; ptr = 0; delete oldptr; ptr = rhs.ptr; rhs.ptr = 0; return *this; }
+ } pointer;
+ SwigValueWrapper& operator=(const SwigValueWrapper<T>& rhs);
+ SwigValueWrapper(const SwigValueWrapper<T>& rhs);
+public:
+ SwigValueWrapper() : pointer(0) { }
+ SwigValueWrapper& operator=(const T& t) { SwigMovePointer tmp(new T(t)); pointer = tmp; return *this; }
+ operator T&() const { return *pointer.ptr; }
+ T *operator&() { return pointer.ptr; }
+};
+
+template <typename T> T SwigValueInit() {
+ return T();
+}
+#endif
+
+/* -----------------------------------------------------------------------------
+ * This section contains generic SWIG labels for method/variable
+ * declarations/attributes, and other compiler dependent labels.
+ * ----------------------------------------------------------------------------- */
+
+/* template workaround for compilers that cannot correctly implement the C++ standard */
+#ifndef SWIGTEMPLATEDISAMBIGUATOR
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# else
+# define SWIGTEMPLATEDISAMBIGUATOR
+# endif
+#endif
+
+/* inline attribute */
+#ifndef SWIGINLINE
+# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__))
+# define SWIGINLINE inline
+# else
+# define SWIGINLINE
+# endif
+#endif
+
+/* attribute recognised by some compilers to avoid 'unused' warnings */
+#ifndef SWIGUNUSED
+# if defined(__GNUC__)
+# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+# elif defined(__ICC)
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+#endif
+
+#ifndef SWIG_MSC_UNSUPPRESS_4505
+# if defined(_MSC_VER)
+# pragma warning(disable : 4505) /* unreferenced local function has been removed */
+# endif
+#endif
+
+#ifndef SWIGUNUSEDPARM
+# ifdef __cplusplus
+# define SWIGUNUSEDPARM(p)
+# else
+# define SWIGUNUSEDPARM(p) p SWIGUNUSED
+# endif
+#endif
+
+/* internal SWIG method */
+#ifndef SWIGINTERN
+# define SWIGINTERN static SWIGUNUSED
+#endif
+
+/* internal inline SWIG method */
+#ifndef SWIGINTERNINLINE
+# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE
+#endif
+
+/* exporting methods */
+#if defined(__GNUC__)
+# if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# ifndef GCC_HASCLASSVISIBILITY
+# define GCC_HASCLASSVISIBILITY
+# endif
+# endif
+#endif
+
+#ifndef SWIGEXPORT
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# if defined(STATIC_LINKED)
+# define SWIGEXPORT
+# else
+# define SWIGEXPORT __declspec(dllexport)
+# endif
+# else
+# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY)
+# define SWIGEXPORT __attribute__ ((visibility("default")))
+# else
+# define SWIGEXPORT
+# endif
+# endif
+#endif
+
+/* calling conventions for Windows */
+#ifndef SWIGSTDCALL
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# define SWIGSTDCALL __stdcall
+# else
+# define SWIGSTDCALL
+# endif
+#endif
+
+/* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+# define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Apple's deprecated 'AssertMacros.h' from Carbon-framework */
+#if defined(__APPLE__) && !defined(__ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORES)
+# define __ASSERT_MACROS_DEFINE_VERSIONS_WITHOUT_UNDERSCORES 0
+#endif
+
+/* Intel's compiler complains if a variable which was never initialised is
+ * cast to void, which is a common idiom which we use to indicate that we
+ * are aware a variable isn't used. So we just silence that warning.
+ * See: https://github.com/swig/swig/issues/192 for more discussion.
+ */
+#ifdef __INTEL_COMPILER
+# pragma warning disable 592
+#endif
+
+
+/* Fix for jlong on some versions of gcc on Windows */
+#if defined(__GNUC__) && !defined(__INTEL_COMPILER)
+ typedef long long __int64;
+#endif
+
+/* Fix for jlong on 64-bit x86 Solaris */
+#if defined(__x86_64)
+# ifdef _LP64
+# undef _LP64
+# endif
+#endif
+
+#include <jni.h>
+#include <stdlib.h>
+#include <string.h>
+
+
+/* Support for throwing Java exceptions */
+typedef enum {
+ SWIG_JavaOutOfMemoryError = 1,
+ SWIG_JavaIOException,
+ SWIG_JavaRuntimeException,
+ SWIG_JavaIndexOutOfBoundsException,
+ SWIG_JavaArithmeticException,
+ SWIG_JavaIllegalArgumentException,
+ SWIG_JavaNullPointerException,
+ SWIG_JavaDirectorPureVirtual,
+ SWIG_JavaUnknownError
+} SWIG_JavaExceptionCodes;
+
+typedef struct {
+ SWIG_JavaExceptionCodes code;
+ const char *java_exception;
+} SWIG_JavaExceptions_t;
+
+
+static void SWIGUNUSED SWIG_JavaThrowException(JNIEnv *jenv, SWIG_JavaExceptionCodes code, const char *msg) {
+ jclass excep;
+ static const SWIG_JavaExceptions_t java_exceptions[] = {
+ { SWIG_JavaOutOfMemoryError, "java/lang/OutOfMemoryError" },
+ { SWIG_JavaIOException, "java/io/IOException" },
+ { SWIG_JavaRuntimeException, "java/lang/RuntimeException" },
+ { SWIG_JavaIndexOutOfBoundsException, "java/lang/IndexOutOfBoundsException" },
+ { SWIG_JavaArithmeticException, "java/lang/ArithmeticException" },
+ { SWIG_JavaIllegalArgumentException, "java/lang/IllegalArgumentException" },
+ { SWIG_JavaNullPointerException, "java/lang/NullPointerException" },
+ { SWIG_JavaDirectorPureVirtual, "java/lang/RuntimeException" },
+ { SWIG_JavaUnknownError, "java/lang/UnknownError" },
+ { (SWIG_JavaExceptionCodes)0, "java/lang/UnknownError" }
+ };
+ const SWIG_JavaExceptions_t *except_ptr = java_exceptions;
+
+ while (except_ptr->code != code && except_ptr->code)
+ except_ptr++;
+
+ jenv->ExceptionClear();
+ excep = jenv->FindClass(except_ptr->java_exception);
+ if (excep)
+ jenv->ThrowNew(excep, msg);
+}
+
+
+/* Contract support */
+
+#define SWIG_contract_assert(nullreturn, expr, msg) if (!(expr)) {SWIG_JavaThrowException(jenv, SWIG_JavaIllegalArgumentException, msg); return nullreturn; } else
+
+
+#include <string>
+
+
+#include <typeinfo>
+#include <stdexcept>
+
+
+#include <cybozu/random_generator.hpp>
+#include <cybozu/crypto.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/ecparam.hpp>
+struct Param {
+const mcl::EcParam *ecParam;
+cybozu::RandomGenerator rg;
+cybozu::crypto::Hash::Name hashName;
+static inline Param& getParam()
+{
+ static Param p;
+ return p;
+}
+};
+
+#include "elgamal_impl.hpp"
+
+
+static bool *new_p_bool() {
+ return new bool();
+}
+
+static bool *copy_p_bool(bool value) {
+ return new bool(value);
+}
+
+static void delete_p_bool(bool *obj) {
+ if (obj) delete obj;
+}
+
+static void p_bool_assign(bool *obj, bool value) {
+ *obj = value;
+}
+
+static bool p_bool_value(bool *obj) {
+ return *obj;
+}
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_new_1p_1bool(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ bool *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (bool *)new_p_bool();
+ *(bool **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_copy_1p_1bool(JNIEnv *jenv, jclass jcls, jboolean jarg1) {
+ jlong jresult = 0 ;
+ bool arg1 ;
+ bool *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = jarg1 ? true : false;
+ result = (bool *)copy_p_bool(arg1);
+ *(bool **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_delete_1p_1bool(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ bool *arg1 = (bool *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(bool **)&jarg1;
+ delete_p_bool(arg1);
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_p_1bool_1assign(JNIEnv *jenv, jclass jcls, jlong jarg1, jboolean jarg2) {
+ bool *arg1 = (bool *) 0 ;
+ bool arg2 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(bool **)&jarg1;
+ arg2 = jarg2 ? true : false;
+ p_bool_assign(arg1,arg2);
+}
+
+
+SWIGEXPORT jboolean JNICALL Java_com_herumi_mcl_ElgamalJNI_p_1bool_1value(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ jboolean jresult = 0 ;
+ bool *arg1 = (bool *) 0 ;
+ bool result;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(bool **)&jarg1;
+ result = (bool)p_bool_value(arg1);
+ jresult = (jboolean)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_SystemInit(JNIEnv *jenv, jclass jcls, jstring jarg1) {
+ std::string *arg1 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ if(!jarg1) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg1_pstr = (const char *)jenv->GetStringUTFChars(jarg1, 0);
+ if (!arg1_pstr) return ;
+ std::string arg1_str(arg1_pstr);
+ arg1 = &arg1_str;
+ jenv->ReleaseStringUTFChars(jarg1, arg1_pstr);
+ try {
+ SystemInit((std::string const &)*arg1);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1toStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ CipherText *arg1 = (CipherText *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(CipherText **)&jarg1;
+ try {
+ result = ((CipherText const *)arg1)->toStr();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ CipherText *arg1 = (CipherText *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(CipherText **)&jarg1;
+ try {
+ result = ((CipherText const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1fromStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ CipherText *arg1 = (CipherText *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(CipherText **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->fromStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1add(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ CipherText *arg1 = (CipherText *) 0 ;
+ CipherText *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(CipherText **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText const & reference is null");
+ return ;
+ }
+ try {
+ (arg1)->add((CipherText const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1mul_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jint jarg2) {
+ CipherText *arg1 = (CipherText *) 0 ;
+ int arg2 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(CipherText **)&jarg1;
+ arg2 = (int)jarg2;
+ try {
+ (arg1)->mul(arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_CipherText_1mul_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ CipherText *arg1 = (CipherText *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(CipherText **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->mul((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_new_1CipherText(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ CipherText *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (CipherText *)new CipherText();
+ *(CipherText **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_delete_1CipherText(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ CipherText *arg1 = (CipherText *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(CipherText **)&jarg1;
+ delete arg1;
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1toStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PublicKey **)&jarg1;
+ try {
+ result = ((PublicKey const *)arg1)->toStr();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PublicKey **)&jarg1;
+ try {
+ result = ((PublicKey const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1fromStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PublicKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->fromStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1save(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PublicKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ ((PublicKey const *)arg1)->save((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1load(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PublicKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->load((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1enc_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jint jarg3) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ int arg3 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PublicKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText & reference is null");
+ return ;
+ }
+ arg3 = (int)jarg3;
+ try {
+ ((PublicKey const *)arg1)->enc(*arg2,arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1enc_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jstring jarg3) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ std::string *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PublicKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText & reference is null");
+ return ;
+ }
+ if(!jarg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg3_pstr = (const char *)jenv->GetStringUTFChars(jarg3, 0);
+ if (!arg3_pstr) return ;
+ std::string arg3_str(arg3_pstr);
+ arg3 = &arg3_str;
+ jenv->ReleaseStringUTFChars(jarg3, arg3_pstr);
+ try {
+ ((PublicKey const *)arg1)->enc(*arg2,(std::string const &)*arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1rerandomize(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ CipherText *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PublicKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText & reference is null");
+ return ;
+ }
+ try {
+ ((PublicKey const *)arg1)->rerandomize(*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1add_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jint jarg3) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ int arg3 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PublicKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText & reference is null");
+ return ;
+ }
+ arg3 = (int)jarg3;
+ try {
+ ((PublicKey const *)arg1)->add(*arg2,arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PublicKey_1add_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jstring jarg3) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ std::string *arg3 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PublicKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText & reference is null");
+ return ;
+ }
+ if(!jarg3) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg3_pstr = (const char *)jenv->GetStringUTFChars(jarg3, 0);
+ if (!arg3_pstr) return ;
+ std::string arg3_str(arg3_pstr);
+ arg3 = &arg3_str;
+ jenv->ReleaseStringUTFChars(jarg3, arg3_pstr);
+ try {
+ ((PublicKey const *)arg1)->add(*arg2,(std::string const &)*arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_new_1PublicKey(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ PublicKey *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (PublicKey *)new PublicKey();
+ *(PublicKey **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_delete_1PublicKey(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ PublicKey *arg1 = (PublicKey *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(PublicKey **)&jarg1;
+ delete arg1;
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1toStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ try {
+ result = ((PrivateKey const *)arg1)->toStr();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT jstring JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1toString(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jstring jresult = 0 ;
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ std::string result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ try {
+ result = ((PrivateKey const *)arg1)->toString();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = jenv->NewStringUTF((&result)->c_str());
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1fromStr(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->fromStr((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1save(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ ((PrivateKey const *)arg1)->save((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1load(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jstring jarg2) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ std::string *arg2 = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ if(!jarg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "null string");
+ return ;
+ }
+ const char *arg2_pstr = (const char *)jenv->GetStringUTFChars(jarg2, 0);
+ if (!arg2_pstr) return ;
+ std::string arg2_str(arg2_pstr);
+ arg2 = &arg2_str;
+ jenv->ReleaseStringUTFChars(jarg2, arg2_pstr);
+ try {
+ (arg1)->load((std::string const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1init(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ try {
+ (arg1)->init();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1getPublicKey(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ jlong jresult = 0 ;
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ PublicKey result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ try {
+ result = ((PrivateKey const *)arg1)->getPublicKey();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ *(PublicKey **)&jresult = new PublicKey((const PublicKey &)result);
+ return jresult;
+}
+
+
+SWIGEXPORT jint JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1dec_1_1SWIG_10(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_, jlong jarg3) {
+ jint jresult = 0 ;
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ bool *arg3 = (bool *) 0 ;
+ int result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PrivateKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText const & reference is null");
+ return 0;
+ }
+ arg3 = *(bool **)&jarg3;
+ try {
+ result = (int)((PrivateKey const *)arg1)->dec((CipherText const &)*arg2,arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = (jint)result;
+ return jresult;
+}
+
+
+SWIGEXPORT jint JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1dec_1_1SWIG_11(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jlong jarg2, jobject jarg2_) {
+ jint jresult = 0 ;
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ CipherText *arg2 = 0 ;
+ int result;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ (void)jarg2_;
+ arg1 = *(PrivateKey **)&jarg1;
+ arg2 = *(CipherText **)&jarg2;
+ if (!arg2) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaNullPointerException, "CipherText const & reference is null");
+ return 0;
+ }
+ try {
+ result = (int)((PrivateKey const *)arg1)->dec((CipherText const &)*arg2);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return 0;
+ }
+
+ jresult = (jint)result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1setCache(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_, jint jarg2, jint jarg3) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+ int arg2 ;
+ int arg3 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ arg2 = (int)jarg2;
+ arg3 = (int)jarg3;
+ try {
+ (arg1)->setCache(arg2,arg3);
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_PrivateKey_1clearCache(JNIEnv *jenv, jclass jcls, jlong jarg1, jobject jarg1_) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ (void)jarg1_;
+ arg1 = *(PrivateKey **)&jarg1;
+ try {
+ (arg1)->clearCache();
+ }
+ catch(std::exception &_e) {
+ SWIG_JavaThrowException(jenv, SWIG_JavaRuntimeException, (&_e)->what());
+ return ;
+ }
+
+}
+
+
+SWIGEXPORT jlong JNICALL Java_com_herumi_mcl_ElgamalJNI_new_1PrivateKey(JNIEnv *jenv, jclass jcls) {
+ jlong jresult = 0 ;
+ PrivateKey *result = 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ result = (PrivateKey *)new PrivateKey();
+ *(PrivateKey **)&jresult = result;
+ return jresult;
+}
+
+
+SWIGEXPORT void JNICALL Java_com_herumi_mcl_ElgamalJNI_delete_1PrivateKey(JNIEnv *jenv, jclass jcls, jlong jarg1) {
+ PrivateKey *arg1 = (PrivateKey *) 0 ;
+
+ (void)jenv;
+ (void)jcls;
+ arg1 = *(PrivateKey **)&jarg1;
+ delete arg1;
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/java.md b/vendor/github.com/byzantine-lab/mcl/ffi/java/java.md
new file mode 100644
index 000000000..3fe861351
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/java.md
@@ -0,0 +1,95 @@
+# JNI for mcl (experimental)
+This library provides functionality to compute the optimal ate pairing
+over Barreto-Naehrig (BN) curves.
+
+# Initialization
+Load the library `mcl_bn256`.
+```
+import com.herumi.mcl.*;
+
+System.loadLibrary("mcl_bn256");
+```
+
+# Classes
+* `G1` ; The cyclic group instantiated as E(Fp)[r] where where r = p + 1 - t.
+* `G2` ; The cyclic group instantiated as the inverse image of E'(Fp^2)[r].
+* `GT` ; The cyclic group in the image of the optimal ate pairing.
+ * `e : G1 x G2 -> GT`
+* `Fr` ; The finite field with characteristic r.
+
+# Methods and Functions
+## Fr
+* `Fr::setInt(int x)` ; set by x
+* `Fr::setStr(String str)` ; set by str such as "123", "0xfff", etc.
+* `Fr::setRand()` ; randomly set
+* `Bn256.neg(Fr y, Fr x)` ; `y = -x`
+* `Bn256.add(Fr z, Fr x, Fr y)` ; `z = x + y`
+* `Bn256.sub(Fr z, Fr x, Fr y)` ; `z = x - y`
+* `Bn256.mul(Fr z, Fr x, Fr y)` ; `z = x * y`
+* `Bn256.div(Fr z, Fr x, Fr y)` ; `z = x / y`
+
+## G1
+
+* `G1::set(String x, String y)` ; set by (x, y)
+* `G1::hashAndMapToG1(String m)` ; take SHA-256 of m and map it to an element of G1
+* `G1::setStr(String str)` ; set by the result of `toString()` method
+* `Bn256.neg(G1 y, G1 x)` ; `y = -x`
+* `Bn256.dbl(G1 y, G1 x)` ; `y = 2x`
+* `Bn256.add(G1 z, G1 x, G1 y)` ; `z = x + y`
+* `Bn256.sub(G1 z, G1 x, G1 y)` ; `z = x - y`
+* `Bn256.mul(G1 z, G1 x, Fr y)` ; `z = x * y`
+
+## G2
+
+* `G2::set(String xa, String xb, String ya, String yb)` ; set by ((xa, xb), (ya, yb))
+* `G2::setStr(String str)` ; set by the result of `toString()` method
+* `Bn256.neg(G2 y, G2 x)` ; `y = -x`
+* `Bn256.dbl(G2 y, G2 x)` ; `y = 2x`
+* `Bn256.add(G2 z, G2 x, G2 y)` ; `z = x + y`
+* `Bn256.sub(G2 z, G2 x, G2 y)` ; `z = x - y`
+* `Bn256.mul(G2 z, G2 x, Fr y)` ; `z = x * y`
+
+## GT
+
+* `GT::setStr(String str)` ; set by the result of `toString()` method
+* `Bn256.mul(GT z, GT x, GT y)` ; `z = x * y`
+* `Bn256.pow(GT z, GT x, Fr y)` ; `z = x ^ y`
+
+## pairing
+* `Bn256.pairing(GT e, G1 P, G2 Q)` ; e = e(P, Q)
+
+# BLS signature sample
+```
+String xa = "12723517038133731887338407189719511622662176727675373276651903807414909099441";
+String xb = "4168783608814932154536427934509895782246573715297911553964171371032945126671";
+String ya = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
+String yb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";
+
+G2 Q = new G2(xa, xb, ya, yb); // fixed point of G2
+
+Fr s = new Fr();
+s.setRand(); // secret key
+G2 pub = new G2();
+Bn256.mul(pub, Q, s); // public key = sQ
+
+String m = "signature test";
+G1 H = new G1();
+H.hashAndMapToG1(m); // H = Hash(m)
+G1 sign = new G1();
+Bn256.mul(sign, H, s); // signature of m = s H
+
+GT e1 = new GT();
+GT e2 = new GT();
+Bn256.pairing(e1, H, pub); // e1 = e(H, s Q)
+Bn256.pairing(e2, sign, Q); // e2 = e(s H, Q);
+assertBool("verify signature", e1.equals(e2));
+```
+
+# Make test
+```
+cd java
+make test_bn256
+```
+
+# Sample code
+[Bn256Test.java](https://github.com/herumi/mcl/blob/master/java/Bn256Test.java)
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/make_wrap.bat b/vendor/github.com/byzantine-lab/mcl/ffi/java/make_wrap.bat
new file mode 100644
index 000000000..b7008bc02
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/make_wrap.bat
@@ -0,0 +1,23 @@
+@echo off
+call set-java-path.bat
+set JAVA_INCLUDE=%JAVA_DIR%\include
+set SWIG=..\..\..\..\p\swig\swig.exe
+set PACKAGE_NAME=com.herumi.mcl
+set PACKAGE_DIR=%PACKAGE_NAME:.=\%
+if /i "%1"=="" (
+ set NAME=elgamal
+) else (
+ set NAME=%1
+)
+
+echo [[run swig]]
+mkdir %PACKAGE_DIR%
+set TOP_DIR=../..
+%SWIG% -java -package %PACKAGE_NAME% -outdir %PACKAGE_DIR% -c++ -Wall %NAME%.i
+echo [[make dll]]
+cl /MT /DNOMINMAX /LD /Ox /DNDEBUG /EHsc %NAME%_wrap.cxx %TOP_DIR%/src/fp.cpp -DMCL_NO_AUTOLINK -I%JAVA_INCLUDE% -I%JAVA_INCLUDE%\win32 -I%TOP_DIR%/include -I%TOP_DIR%/../cybozulib/include -I%TOP_DIR%/../cybozulib_ext/include -I%TOP_DIR%/../xbyak /link /LIBPATH:%TOP_DIR%/../cybozulib_ext/lib /OUT:%TOP_DIR%/bin/mcl_%NAME%.dll
+
+call run-%NAME%.bat
+
+echo [[make jar]]
+%JAVA_DIR%\bin\jar cvf mcl.jar com
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/run-bn256.bat b/vendor/github.com/byzantine-lab/mcl/ffi/java/run-bn256.bat
new file mode 100644
index 000000000..903876ec6
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/run-bn256.bat
@@ -0,0 +1,9 @@
+@echo off
+echo [[compile Bn256Test.java]]
+%JAVA_DIR%\bin\javac Bn256Test.java
+
+echo [[run Bn256Test]]
+set TOP_DIR=..\..
+pushd %TOP_DIR%\bin
+%JAVA_DIR%\bin\java -classpath ../ffi/java Bn256Test %1 %2 %3 %4 %5 %6
+popd
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/run-elgamal.bat b/vendor/github.com/byzantine-lab/mcl/ffi/java/run-elgamal.bat
new file mode 100644
index 000000000..8b889a64c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/run-elgamal.bat
@@ -0,0 +1,9 @@
+@echo off
+echo [[compile ElgamalTest.java]]
+%JAVA_DIR%\bin\javac ElgamalTest.java
+
+echo [[run ElgamalTest]]
+set TOP_DIR=..\..
+pushd %TOP_DIR%\bin
+%JAVA_DIR%\bin\java -classpath ../ffi/java ElgamalTest %1 %2 %3 %4 %5 %6
+popd
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/java/set-java-path.bat b/vendor/github.com/byzantine-lab/mcl/ffi/java/set-java-path.bat
new file mode 100644
index 000000000..c66f81830
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/java/set-java-path.bat
@@ -0,0 +1,8 @@
+@echo off
+if "%JAVA_HOME%"=="" (
+ set JAVA_DIR=c:/p/Java/jdk
+) else (
+ set JAVA_DIR=%JAVA_HOME%
+)
+echo JAVA_DIR=%JAVA_DIR%
+rem set PATH=%PATH%;%JAVA_DIR%\bin
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/js/export-functions.py b/vendor/github.com/byzantine-lab/mcl/ffi/js/export-functions.py
new file mode 100644
index 000000000..2a929564b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/js/export-functions.py
@@ -0,0 +1,73 @@
+import sys, re, argparse
+
+#RE_PROTOTYPE = re.compile(r'MCLBN_DLL_API\s\w\s\w\([^)]*\);')
+RE_PROTOTYPE = re.compile(r'\w*\s(\w*)\s(\w*)\(([^)]*)\);')
+def export_functions(args, fileNames, reToAddUnderscore):
+ modName = args.js
+ json = args.json
+ if not reToAddUnderscore:
+ reToAddUnderscore = r'(mclBn_init|setStr|getStr|[sS]erialize|setLittleEndian|setHashOf|hashAndMapTo|DecStr|HexStr|HashTo|blsSign|blsVerify|GetCurveOrder|GetFieldOrder|KeyShare|KeyRecover|blsSignatureRecover|blsInit)'
+ reSpecialFunctionName = re.compile(reToAddUnderscore)
+ if json:
+ print '['
+ elif modName:
+ print 'function define_exported_' + modName + '(mod) {'
+ comma = ''
+ for fileName in fileNames:
+ with open(fileName, 'rb') as f:
+ for line in f.readlines():
+ p = RE_PROTOTYPE.search(line)
+ if p:
+ ret = p.group(1)
+ name = p.group(2)
+ arg = p.group(3)
+ if json or modName:
+ retType = 'null' if ret == 'void' else 'number'
+ if arg == '' or arg == 'void':
+ paramNum = 0
+ else:
+ paramNum = len(arg.split(','))
+ if reSpecialFunctionName.search(name):
+ exportName = '_' + name # to wrap function
+ else:
+ exportName = name
+ if json:
+ print comma + '{'
+ if comma == '':
+ comma = ','
+ print ' "name":"{0}",'.format(name)
+ print ' "exportName":"{0}",'.format(exportName)
+ print ' "ret":"{0}",'.format(retType)
+ print ' "args":[',
+ if paramNum > 0:
+ print '"number"' + (', "number"' * (paramNum - 1)),
+ print ']'
+ print '}'
+ else:
+ paramType = '[' + ("'number', " * paramNum) + ']'
+ print "{0} = mod.cwrap('{1}', '{2}', {3})".format(exportName, name, retType, paramType)
+ else:
+ print comma + "'_" + name + "'",
+ if comma == '':
+ comma = ','
+ if json:
+ print ']'
+ elif modName:
+ print '}'
+
+def main():
+ p = argparse.ArgumentParser('export_functions')
+ p.add_argument('header', type=str, nargs='+', help='headers')
+ p.add_argument('-js', type=str, nargs='?', help='module name')
+ p.add_argument('-re', type=str, nargs='?', help='regular expression file to add underscore to function name')
+ p.add_argument('-json', action='store_true', help='output json')
+ args = p.parse_args()
+
+ reToAddUnderscore = ''
+ if args.re:
+ reToAddUnderscore = open(args.re).read().strip()
+ export_functions(args, args.header, reToAddUnderscore)
+
+if __name__ == '__main__':
+ main()
+
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/js/pre-mcl.js b/vendor/github.com/byzantine-lab/mcl/ffi/js/pre-mcl.js
new file mode 100644
index 000000000..ebc93e581
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/js/pre-mcl.js
@@ -0,0 +1,5 @@
+if (typeof __dirname === 'string') {
+ var Module = {}
+ Module.wasmBinaryFile = __dirname + '/mcl_c.wasm'
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/python/pairing.py b/vendor/github.com/byzantine-lab/mcl/ffi/python/pairing.py
new file mode 100644
index 000000000..88b729176
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/python/pairing.py
@@ -0,0 +1,80 @@
+from ctypes import *
+from ctypes.wintypes import LPWSTR, LPCSTR, LPVOID
+
+g_lib = None
+
+def BN256_init():
+ global g_lib
+ g_lib = cdll.LoadLibrary("../../bin/bn256.dll")
+ ret = g_lib.BN256_init()
+ if ret:
+ print "ERR BN256_init"
+
+class Fr(Structure):
+ _fields_ = [("v", c_ulonglong * 4)]
+ def setInt(self, v):
+ g_lib.BN256_Fr_setInt(self.v, v)
+ def setStr(self, s):
+ ret = g_lib.BN256_Fr_setStr(self.v, c_char_p(s))
+ if ret:
+ print("ERR Fr:setStr")
+ def __str__(self):
+ svLen = 1024
+ sv = create_string_buffer('\0' * svLen)
+ ret = g_lib.BN256_Fr_getStr(sv, svLen, self.v)
+ if ret:
+ print("ERR Fr:getStr")
+ return sv.value
+ def isZero(self, rhs):
+ return g_lib.BN256_Fr_isZero(self.v) != 0
+ def isOne(self, rhs):
+ return g_lib.BN256_Fr_isOne(self.v) != 0
+ def __eq__(self, rhs):
+ return g_lib.BN256_Fr_isEqual(self.v, rhs.v) != 0
+ def __ne__(self, rhs):
+ return not(P == Q)
+ def __add__(self, rhs):
+ ret = Fr()
+ g_lib.BN256_Fr_add(ret.v, self.v, rhs.v)
+ return ret
+ def __sub__(self, rhs):
+ ret = Fr()
+ g_lib.BN256_Fr_sub(ret.v, self.v, rhs.v)
+ return ret
+ def __mul__(self, rhs):
+ ret = Fr()
+ g_lib.BN256_Fr_mul(ret.v, self.v, rhs.v)
+ return ret
+ def __div__(self, rhs):
+ ret = Fr()
+ g_lib.BN256_Fr_div(ret.v, self.v, rhs.v)
+ return ret
+ def __neg__(self):
+ ret = Fr()
+ g_lib.BN256_Fr_neg(ret.v, self.v)
+ return ret
+
+def Fr_add(z, x, y):
+ g_lib.BN256_Fr_add(z.v, x.v, y.v)
+
+def Fr_sub(z, x, y):
+ g_lib.BN256_Fr_sub(z.v, x.v, y.v)
+
+def Fr_mul(z, x, y):
+ g_lib.BN256_Fr_mul(z.v, x.v, y.v)
+
+def Fr_div(z, x, y):
+ g_lib.BN256_Fr_div(z.v, x.v, y.v)
+
+BN256_init()
+
+P = Fr()
+Q = Fr()
+print P == Q
+print P != Q
+P.setInt(5)
+Q.setStr("34982034824")
+print Q
+R = Fr()
+Fr_add(R, P, Q)
+print R
diff --git a/vendor/github.com/byzantine-lab/mcl/ffi/python/she.py b/vendor/github.com/byzantine-lab/mcl/ffi/python/she.py
new file mode 100644
index 000000000..ab8975274
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/ffi/python/she.py
@@ -0,0 +1,298 @@
+import os
+import platform
+from ctypes import *
+
+MCL_BN254 = 0
+MCLBN_FR_UNIT_SIZE = 4
+MCLBN_FP_UNIT_SIZE = 4
+
+FR_SIZE = MCLBN_FR_UNIT_SIZE
+G1_SIZE = MCLBN_FP_UNIT_SIZE * 3
+G2_SIZE = MCLBN_FP_UNIT_SIZE * 6
+GT_SIZE = MCLBN_FP_UNIT_SIZE * 12
+
+SEC_SIZE = FR_SIZE * 2
+PUB_SIZE = G1_SIZE + G2_SIZE
+G1_CIPHER_SIZE = G1_SIZE * 2
+G2_CIPHER_SIZE = G2_SIZE * 2
+GT_CIPHER_SIZE = GT_SIZE * 4
+
+MCLBN_COMPILED_TIME_VAR = (MCLBN_FR_UNIT_SIZE * 10) + MCLBN_FP_UNIT_SIZE
+
+Buffer = c_ubyte * 1536
+lib = None
+
+def init(curveType=MCL_BN254):
+ global lib
+ name = platform.system()
+ if name == 'Linux':
+ libName = 'libmclshe256.so'
+ elif name == 'Darwin':
+ libName = 'libmclshe256.dylib'
+ elif name == 'Windows':
+ libName = 'mclshe256.dll'
+ else:
+ raise RuntimeError("not support yet", name)
+ lib = cdll.LoadLibrary(libName)
+ ret = lib.sheInit(MCL_BN254, MCLBN_COMPILED_TIME_VAR)
+ if ret != 0:
+ raise RuntimeError("sheInit", ret)
+ # custom setup for a function which returns pointer
+ lib.shePrecomputedPublicKeyCreate.restype = c_void_p
+
+def setRangeForDLP(hashSize):
+ ret = lib.sheSetRangeForDLP(hashSize)
+ if ret != 0:
+ raise RuntimeError("setRangeForDLP", ret)
+
+def setTryNum(tryNum):
+ ret = lib.sheSetTryNum(tryNum)
+ if ret != 0:
+ raise RuntimeError("setTryNum", ret)
+
+def hexStr(v):
+ s = ""
+ for x in v:
+ s += format(x, '02x')
+ return s
+
+class CipherTextG1(Structure):
+ _fields_ = [("v", c_ulonglong * G1_CIPHER_SIZE)]
+ def serialize(self):
+ buf = Buffer()
+ ret = lib.sheCipherTextG1Serialize(byref(buf), len(buf), byref(self.v))
+ if ret == 0:
+ raise RuntimeError("serialize")
+ return buf[0:ret]
+ def serializeToHexStr(self):
+ return hexStr(self.serialize())
+
+class CipherTextG2(Structure):
+ _fields_ = [("v", c_ulonglong * G2_CIPHER_SIZE)]
+ def serialize(self):
+ buf = Buffer()
+ ret = lib.sheCipherTextG2Serialize(byref(buf), len(buf), byref(self.v))
+ if ret == 0:
+ raise RuntimeError("serialize")
+ return buf[0:ret]
+ def serializeToHexStr(self):
+ return hexStr(self.serialize())
+
+class CipherTextGT(Structure):
+ _fields_ = [("v", c_ulonglong * GT_CIPHER_SIZE)]
+ def serialize(self):
+ buf = Buffer()
+ ret = lib.sheCipherTextGTSerialize(byref(buf), len(buf), byref(self.v))
+ if ret == 0:
+ raise RuntimeError("serialize")
+ return buf[0:ret]
+ def serializeToHexStr(self):
+ return hexStr(self.serialize())
+
+class PrecomputedPublicKey(Structure):
+ def __init__(self):
+ self.p = 0
+ def create(self):
+ if not self.p:
+ self.p = c_void_p(lib.shePrecomputedPublicKeyCreate())
+ if self.p == 0:
+ raise RuntimeError("PrecomputedPublicKey::create")
+ def destroy(self):
+ lib.shePrecomputedPublicKeyDestroy(self.p)
+ def encG1(self, m):
+ c = CipherTextG1()
+ ret = lib.shePrecomputedPublicKeyEncG1(byref(c.v), self.p, m)
+ if ret != 0:
+ raise RuntimeError("encG1", m)
+ return c
+ def encG2(self, m):
+ c = CipherTextG2()
+ ret = lib.shePrecomputedPublicKeyEncG2(byref(c.v), self.p, m)
+ if ret != 0:
+ raise RuntimeError("encG2", m)
+ return c
+ def encGT(self, m):
+ c = CipherTextGT()
+ ret = lib.shePrecomputedPublicKeyEncGT(byref(c.v), self.p, m)
+ if ret != 0:
+ raise RuntimeError("encGT", m)
+ return c
+
+class PublicKey(Structure):
+ _fields_ = [("v", c_ulonglong * PUB_SIZE)]
+ def serialize(self):
+ buf = Buffer()
+ ret = lib.shePublicKeySerialize(byref(buf), len(buf), byref(self.v))
+ if ret == 0:
+ raise RuntimeError("serialize")
+ return buf[0:ret]
+ def serializeToHexStr(self):
+ return hexStr(self.serialize())
+ def encG1(self, m):
+ c = CipherTextG1()
+ ret = lib.sheEncG1(byref(c.v), byref(self.v), m)
+ if ret != 0:
+ raise RuntimeError("encG1", m)
+ return c
+ def encG2(self, m):
+ c = CipherTextG2()
+ ret = lib.sheEncG2(byref(c.v), byref(self.v), m)
+ if ret != 0:
+ raise RuntimeError("encG2", m)
+ return c
+ def encGT(self, m):
+ c = CipherTextGT()
+ ret = lib.sheEncGT(byref(c.v), byref(self.v), m)
+ if ret != 0:
+ raise RuntimeError("encGT", m)
+ return c
+ def createPrecomputedPublicKey(self):
+ ppub = PrecomputedPublicKey()
+ ppub.create()
+ ret = lib.shePrecomputedPublicKeyInit(ppub.p, byref(self.v))
+ if ret != 0:
+ raise RuntimeError("createPrecomputedPublicKey")
+ return ppub
+
+class SecretKey(Structure):
+ _fields_ = [("v", c_ulonglong * SEC_SIZE)]
+ def setByCSPRNG(self):
+ ret = lib.sheSecretKeySetByCSPRNG(byref(self.v))
+ if ret != 0:
+ raise RuntimeError("setByCSPRNG", ret)
+ def serialize(self):
+ buf = Buffer()
+ ret = lib.sheSecretKeySerialize(byref(buf), len(buf), byref(self.v))
+ if ret == 0:
+ raise RuntimeError("serialize")
+ return buf[0:ret]
+ def serializeToHexStr(self):
+ return hexStr(self.serialize())
+ def getPulicKey(self):
+ pub = PublicKey()
+ lib.sheGetPublicKey(byref(pub.v), byref(self.v))
+ return pub
+ def dec(self, c):
+ m = c_longlong()
+ if isinstance(c, CipherTextG1):
+ ret = lib.sheDecG1(byref(m), byref(self.v), byref(c.v))
+ elif isinstance(c, CipherTextG2):
+ ret = lib.sheDecG2(byref(m), byref(self.v), byref(c.v))
+ elif isinstance(c, CipherTextGT):
+ ret = lib.sheDecGT(byref(m), byref(self.v), byref(c.v))
+ if ret != 0:
+ raise RuntimeError("dec")
+ return m.value
+
+def neg(c):
+ ret = -1
+ if isinstance(c, CipherTextG1):
+ out = CipherTextG1()
+ ret = lib.sheNegG1(byref(out.v), byref(c.v))
+ elif isinstance(c, CipherTextG2):
+ out = CipherTextG2()
+ ret = lib.sheNegG2(byref(out.v), byref(c.v))
+ elif isinstance(c, CipherTextGT):
+ out = CipherTextGT()
+ ret = lib.sheNegGT(byref(out.v), byref(c.v))
+ if ret != 0:
+ raise RuntimeError("neg")
+ return out
+
+def add(cx, cy):
+ ret = -1
+ if isinstance(cx, CipherTextG1) and isinstance(cy, CipherTextG1):
+ out = CipherTextG1()
+ ret = lib.sheAddG1(byref(out.v), byref(cx.v), byref(cy.v))
+ elif isinstance(cx, CipherTextG2) and isinstance(cy, CipherTextG2):
+ out = CipherTextG2()
+ ret = lib.sheAddG2(byref(out.v), byref(cx.v), byref(cy.v))
+ elif isinstance(cx, CipherTextGT) and isinstance(cy, CipherTextGT):
+ out = CipherTextGT()
+ ret = lib.sheAddGT(byref(out.v), byref(cx.v), byref(cy.v))
+ if ret != 0:
+ raise RuntimeError("add")
+ return out
+
+def sub(cx, cy):
+ ret = -1
+ if isinstance(cx, CipherTextG1) and isinstance(cy, CipherTextG1):
+ out = CipherTextG1()
+ ret = lib.sheSubG1(byref(out.v), byref(cx.v), byref(cy.v))
+ elif isinstance(cx, CipherTextG2) and isinstance(cy, CipherTextG2):
+ out = CipherTextG2()
+ ret = lib.sheSubG2(byref(out.v), byref(cx.v), byref(cy.v))
+ elif isinstance(cx, CipherTextGT) and isinstance(cy, CipherTextGT):
+ out = CipherTextGT()
+ ret = lib.sheSubGT(byref(out.v), byref(cx.v), byref(cy.v))
+ if ret != 0:
+ raise RuntimeError("sub")
+ return out
+
+def mul(cx, cy):
+ ret = -1
+ if isinstance(cx, CipherTextG1) and isinstance(cy, CipherTextG2):
+ out = CipherTextGT()
+ ret = lib.sheMul(byref(out.v), byref(cx.v), byref(cy.v))
+ elif isinstance(cx, CipherTextG1) and isinstance(cy, int):
+ out = CipherTextG1()
+ ret = lib.sheMulG1(byref(out.v), byref(cx.v), cy)
+ elif isinstance(cx, CipherTextG2) and isinstance(cy, int):
+ out = CipherTextG2()
+ ret = lib.sheMulG2(byref(out.v), byref(cx.v), cy)
+ elif isinstance(cx, CipherTextGT) and isinstance(cy, int):
+ out = CipherTextGT()
+ ret = lib.sheMulGT(byref(out.v), byref(cx.v), cy)
+ if ret != 0:
+ raise RuntimeError("mul")
+ return out
+
+if __name__ == '__main__':
+ init()
+ sec = SecretKey()
+ sec.setByCSPRNG()
+ print("sec=", sec.serializeToHexStr())
+ pub = sec.getPulicKey()
+ print("pub=", pub.serializeToHexStr())
+
+ m11 = 1
+ m12 = 5
+ m21 = 3
+ m22 = -4
+ c11 = pub.encG1(m11)
+ c12 = pub.encG1(m12)
+ # dec(enc) for G1
+ if sec.dec(c11) != m11: print("err1")
+
+ # add/sub for G1
+ if sec.dec(add(c11, c12)) != m11 + m12: print("err2")
+ if sec.dec(sub(c11, c12)) != m11 - m12: print("err3")
+
+ # add/sub for G2
+ c21 = pub.encG2(m21)
+ c22 = pub.encG2(m22)
+ if sec.dec(c21) != m21: print("err4")
+ if sec.dec(add(c21, c22)) != m21 + m22: print("err5")
+ if sec.dec(sub(c21, c22)) != m21 - m22: print("err6")
+
+ mt = -56
+ ct = pub.encGT(mt)
+ if sec.dec(ct) != mt: print("err7")
+
+ # mul G1 and G2
+ if sec.dec(mul(c11, c21)) != m11 * m21: print("err8")
+
+ # use precomputedPublicKey for performance
+ ppub = pub.createPrecomputedPublicKey()
+ c1 = ppub.encG1(m11)
+ if sec.dec(c1) != m11: print("err9")
+
+ import sys
+ if sys.version_info.major >= 3:
+ import timeit
+ N = 100000
+ print(str(timeit.timeit("pub.encG1(12)", number=N, globals=globals()) / float(N) * 1e3) + "msec")
+ print(str(timeit.timeit("ppub.encG1(12)", number=N, globals=globals()) / float(N) * 1e3) + "msec")
+
+ ppub.destroy() # necessary to avoid memory leak
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/array.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/array.hpp
new file mode 100644
index 000000000..30df3667d
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/array.hpp
@@ -0,0 +1,197 @@
+#pragma once
+
+/**
+ @file
+ @brief scoped array and aligned array
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <new>
+#include <utility>
+#ifdef _WIN32
+ #include <malloc.h>
+#else
+ #include <stdlib.h>
+#endif
+#include <cybozu/inttype.hpp>
+
+namespace cybozu {
+
+inline void *AlignedMalloc(size_t size, size_t alignment)
+{
+#ifdef _WIN32
+ return _aligned_malloc(size, alignment);
+#else
+ void *p;
+ int ret = posix_memalign(&p, alignment, size);
+ return (ret == 0) ? p : 0;
+#endif
+}
+
+inline void AlignedFree(void *p)
+{
+#ifdef _WIN32
+ if (p == 0) return;
+ _aligned_free(p);
+#else
+ free(p);
+#endif
+}
+
+template<class T>
+class ScopedArray {
+ T *p_;
+ size_t size_;
+ ScopedArray(const ScopedArray&);
+ void operator=(const ScopedArray&);
+public:
+ explicit ScopedArray(size_t size)
+ : p_(new T[size])
+ , size_(size)
+ {
+ }
+ ~ScopedArray()
+ {
+ delete[] p_;
+ }
+ T& operator[](size_t idx) CYBOZU_NOEXCEPT { return p_[idx]; }
+ const T& operator[](size_t idx) const CYBOZU_NOEXCEPT { return p_[idx]; }
+ size_t size() const CYBOZU_NOEXCEPT { return size_; }
+ bool empty() const CYBOZU_NOEXCEPT { return size_ == 0; }
+ T* begin() CYBOZU_NOEXCEPT { return p_; }
+ T* end() CYBOZU_NOEXCEPT { return p_ + size_; }
+ const T* begin() const CYBOZU_NOEXCEPT { return p_; }
+ const T* end() const CYBOZU_NOEXCEPT { return p_ + size_; }
+ T* data() CYBOZU_NOEXCEPT { return p_; }
+ const T* data() const CYBOZU_NOEXCEPT { return p_; }
+};
+
+/**
+ T must be POD type
+ 16byte aligment array
+*/
+template<class T, size_t N = 16, bool defaultDoClear = true>
+class AlignedArray {
+ T *p_;
+ size_t size_;
+ size_t allocSize_;
+ T *alloc(size_t size) const
+ {
+ T *p = static_cast<T*>(AlignedMalloc(size * sizeof(T), N));
+ if (p == 0) throw std::bad_alloc();
+ return p;
+ }
+ void copy(T *dst, const T *src, size_t n) const
+ {
+ for (size_t i = 0; i < n; i++) dst[i] = src[i];
+ }
+ void setZero(T *p, size_t n) const
+ {
+ for (size_t i = 0; i < n; i++) p[i] = 0;
+ }
+ /*
+ alloc allocN and copy [p, p + copyN) to new p_
+ don't modify size_
+ */
+ void allocCopy(size_t allocN, const T *p, size_t copyN)
+ {
+ T *q = alloc(allocN);
+ copy(q, p, copyN);
+ AlignedFree(p_);
+ p_ = q;
+ allocSize_ = allocN;
+ }
+public:
+ /*
+ don't clear buffer with zero if doClear is false
+ */
+ explicit AlignedArray(size_t size = 0, bool doClear = defaultDoClear)
+ : p_(0)
+ , size_(0)
+ , allocSize_(0)
+ {
+ resize(size, doClear);
+ }
+ AlignedArray(const AlignedArray& rhs)
+ : p_(0)
+ , size_(0)
+ , allocSize_(0)
+ {
+ *this = rhs;
+ }
+ AlignedArray& operator=(const AlignedArray& rhs)
+ {
+ if (allocSize_ < rhs.size_) {
+ allocCopy(rhs.size_, rhs.p_, rhs.size_);
+ } else {
+ copy(p_, rhs.p_, rhs.size_);
+ }
+ size_ = rhs.size_;
+ return *this;
+ }
+#if (CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11)
+ AlignedArray(AlignedArray&& rhs) CYBOZU_NOEXCEPT
+ : p_(rhs.p_)
+ , size_(rhs.size_)
+ , allocSize_(rhs.allocSize_)
+ {
+ rhs.p_ = 0;
+ rhs.size_ = 0;
+ rhs.allocSize_ = 0;
+ }
+ AlignedArray& operator=(AlignedArray&& rhs) CYBOZU_NOEXCEPT
+ {
+ swap(rhs);
+ rhs.clear();
+ return *this;
+ }
+#endif
+ /*
+ don't clear buffer with zero if doClear is false
+ @note don't free if shrinked
+ */
+ void resize(size_t size, bool doClear = defaultDoClear)
+ {
+ // shrink
+ if (size <= size_) {
+ size_ = size;
+ return;
+ }
+ // realloc if necessary
+ if (size > allocSize_) {
+ allocCopy(size, p_, size_);
+ }
+ if (doClear) setZero(p_ + size_, size - size_);
+ size_ = size;
+ }
+ void clear() // not free
+ {
+ size_ = 0;
+ }
+ ~AlignedArray()
+ {
+ AlignedFree(p_);
+ }
+ void swap(AlignedArray& rhs) CYBOZU_NOEXCEPT
+ {
+ std::swap(p_, rhs.p_);
+ std::swap(size_, rhs.size_);
+ std::swap(allocSize_, rhs.allocSize_);
+ }
+ T& operator[](size_t idx) CYBOZU_NOEXCEPT { return p_[idx]; }
+ const T& operator[](size_t idx) const CYBOZU_NOEXCEPT { return p_[idx]; }
+ size_t size() const CYBOZU_NOEXCEPT { return size_; }
+ bool empty() const CYBOZU_NOEXCEPT { return size_ == 0; }
+ T* begin() CYBOZU_NOEXCEPT { return p_; }
+ T* end() CYBOZU_NOEXCEPT { return p_ + size_; }
+ const T* begin() const CYBOZU_NOEXCEPT { return p_; }
+ const T* end() const CYBOZU_NOEXCEPT { return p_ + size_; }
+ T* data() CYBOZU_NOEXCEPT { return p_; }
+ const T* data() const CYBOZU_NOEXCEPT { return p_; }
+#if (CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11)
+ const T* cbegin() const CYBOZU_NOEXCEPT { return p_; }
+ const T* cend() const CYBOZU_NOEXCEPT { return p_ + size_; }
+#endif
+};
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/atoi.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/atoi.hpp
new file mode 100644
index 000000000..a22853a17
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/atoi.hpp
@@ -0,0 +1,239 @@
+#pragma once
+/**
+ @file
+ @brief converter between integer and string
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+
+#include <memory.h>
+#include <limits.h>
+#include <limits>
+#include <cybozu/exception.hpp>
+
+namespace cybozu {
+
+namespace atoi_local {
+
+template<typename T, size_t n>
+T convertToInt(bool *b, const char *p, size_t size, const char (&max)[n], T min, T overflow1, char overflow2)
+{
+ if (size > 0 && *p) {
+ bool isMinus = false;
+ size_t i = 0;
+ if (*p == '-') {
+ isMinus = true;
+ i++;
+ }
+ if (i < size && p[i]) {
+ // skip leading zero
+ while (i < size && p[i] == '0') i++;
+ // check minimum
+ if (isMinus && size - i >= n - 1 && memcmp(max, &p[i], n - 1) == 0) {
+ if (b) *b = true;
+ return min;
+ }
+ T x = 0;
+ for (;;) {
+ unsigned char c;
+ if (i == size || (c = static_cast<unsigned char>(p[i])) == '\0') {
+ if (b) *b = true;
+ return isMinus ? -x : x;
+ }
+ unsigned int y = c - '0';
+ if (y > 9 || x > overflow1 || (x == overflow1 && c >= overflow2)) {
+ break;
+ }
+ x = x * 10 + T(y);
+ i++;
+ }
+ }
+ }
+ if (b) {
+ *b = false;
+ return 0;
+ } else {
+ throw cybozu::Exception("atoi::convertToInt") << cybozu::exception::makeString(p, size);
+ }
+}
+
+template<typename T>
+T convertToUint(bool *b, const char *p, size_t size, T overflow1, char overflow2)
+{
+ if (size > 0 && *p) {
+ size_t i = 0;
+ // skip leading zero
+ while (i < size && p[i] == '0') i++;
+ T x = 0;
+ for (;;) {
+ unsigned char c;
+ if (i == size || (c = static_cast<unsigned char>(p[i])) == '\0') {
+ if (b) *b = true;
+ return x;
+ }
+ unsigned int y = c - '0';
+ if (y > 9 || x > overflow1 || (x == overflow1 && c >= overflow2)) {
+ break;
+ }
+ x = x * 10 + T(y);
+ i++;
+ }
+ }
+ if (b) {
+ *b = false;
+ return 0;
+ } else {
+ throw cybozu::Exception("atoi::convertToUint") << cybozu::exception::makeString(p, size);
+ }
+}
+
+template<typename T>
+T convertHexToInt(bool *b, const char *p, size_t size)
+{
+ if (size > 0 && *p) {
+ size_t i = 0;
+ T x = 0;
+ for (;;) {
+ unsigned int c;
+ if (i == size || (c = static_cast<unsigned char>(p[i])) == '\0') {
+ if (b) *b = true;
+ return x;
+ }
+ if (c - 'A' <= 'F' - 'A') {
+ c = (c - 'A') + 10;
+ } else if (c - 'a' <= 'f' - 'a') {
+ c = (c - 'a') + 10;
+ } else if (c - '0' <= '9' - '0') {
+ c = c - '0';
+ } else {
+ break;
+ }
+ // avoid overflow
+ if (x > (std::numeric_limits<T>::max)() / 16) break;
+ x = x * 16 + T(c);
+ i++;
+ }
+ }
+ if (b) {
+ *b = false;
+ return 0;
+ } else {
+ throw cybozu::Exception("atoi::convertHexToInt") << cybozu::exception::makeString(p, size);
+ }
+}
+
+} // atoi_local
+
+/**
+ auto detect return value class
+ @note if you set bool pointer p then throw nothing and set *p = false if bad string
+*/
+class atoi {
+ const char *p_;
+ size_t size_;
+ bool *b_;
+ void set(bool *b, const char *p, size_t size)
+ {
+ b_ = b;
+ p_ = p;
+ size_ = size;
+ }
+public:
+ atoi(const char *p, size_t size = -1)
+ {
+ set(0, p, size);
+ }
+ atoi(bool *b, const char *p, size_t size = -1)
+ {
+ set(b, p, size);
+ }
+ atoi(const std::string& str)
+ {
+ set(0, str.c_str(), str.size());
+ }
+ atoi(bool *b, const std::string& str)
+ {
+ set(b, str.c_str(), str.size());
+ }
+ inline operator signed char() const
+ {
+ return atoi_local::convertToInt<signed char>(b_, p_, size_, "128", -128, 12, '8');
+ }
+ inline operator unsigned char() const
+ {
+ return atoi_local::convertToUint<unsigned char>(b_, p_, size_, 25, '6');
+ }
+ inline operator short() const
+ {
+ return atoi_local::convertToInt<short>(b_, p_, size_, "32768", -32768, 3276, '8');
+ }
+ inline operator unsigned short() const
+ {
+ return atoi_local::convertToUint<unsigned short>(b_, p_, size_, 6553, '6');
+ }
+ inline operator int() const
+ {
+ return atoi_local::convertToInt<int>(b_, p_, size_, "2147483648", INT_MIN, 214748364, '8');
+ }
+ inline operator unsigned int() const
+ {
+ return atoi_local::convertToUint<unsigned int>(b_, p_, size_, 429496729, '6');
+ }
+ inline operator long long() const
+ {
+ return atoi_local::convertToInt<long long>(b_, p_, size_, "9223372036854775808", LLONG_MIN, 922337203685477580LL, '8');
+ }
+ inline operator unsigned long long() const
+ {
+ return atoi_local::convertToUint<unsigned long long>(b_, p_, size_, 1844674407370955161ULL, '6');
+ }
+#if defined(__SIZEOF_LONG__) && (__SIZEOF_LONG__ == 8)
+ inline operator long() const { return static_cast<long>(static_cast<long long>(*this)); }
+ inline operator unsigned long() const { return static_cast<unsigned long>(static_cast<unsigned long long>(*this)); }
+#else
+ inline operator long() const { return static_cast<long>(static_cast<int>(*this)); }
+ inline operator unsigned long() const { return static_cast<unsigned long>(static_cast<unsigned int>(*this)); }
+#endif
+};
+
+class hextoi {
+ const char *p_;
+ size_t size_;
+ bool *b_;
+ void set(bool *b, const char *p, size_t size)
+ {
+ b_ = b;
+ p_ = p;
+ size_ = size;
+ }
+public:
+ hextoi(const char *p, size_t size = -1)
+ {
+ set(0, p, size);
+ }
+ hextoi(bool *b, const char *p, size_t size = -1)
+ {
+ set(b, p, size);
+ }
+ hextoi(const std::string& str)
+ {
+ set(0, str.c_str(), str.size());
+ }
+ hextoi(bool *b, const std::string& str)
+ {
+ set(b, str.c_str(), str.size());
+ }
+ operator unsigned char() const { return atoi_local::convertHexToInt<unsigned char>(b_, p_, size_); }
+ operator unsigned short() const { return atoi_local::convertHexToInt<unsigned short>(b_, p_, size_); }
+ operator unsigned int() const { return atoi_local::convertHexToInt<unsigned int>(b_, p_, size_); }
+ operator unsigned long() const { return atoi_local::convertHexToInt<unsigned long>(b_, p_, size_); }
+ operator unsigned long long() const { return atoi_local::convertHexToInt<unsigned long long>(b_, p_, size_); }
+ operator char() const { return atoi_local::convertHexToInt<char>(b_, p_, size_); }
+ operator signed char() const { return atoi_local::convertHexToInt<signed char>(b_, p_, size_); }
+ operator short() const { return atoi_local::convertHexToInt<short>(b_, p_, size_); }
+ operator int() const { return atoi_local::convertHexToInt<int>(b_, p_, size_); }
+ operator long() const { return atoi_local::convertHexToInt<long>(b_, p_, size_); }
+ operator long long() const { return atoi_local::convertHexToInt<long long>(b_, p_, size_); }
+};
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/benchmark.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/benchmark.hpp
new file mode 100644
index 000000000..4c02f1869
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/benchmark.hpp
@@ -0,0 +1,212 @@
+#pragma once
+/**
+ @file
+ @brief measure exec time of function
+ @author MITSUNARI Shigeo
+*/
+#if defined(_MSC_VER) && (MSC_VER <= 1500)
+ #include <cybozu/inttype.hpp>
+#else
+ #include <stdint.h>
+#endif
+#include <stdio.h>
+
+#ifdef __EMSCRIPTEN__
+ #define CYBOZU_BENCH_USE_GETTIMEOFDAY
+#endif
+
+#ifdef CYBOZU_BENCH_USE_GETTIMEOFDAY
+ #include <sys/time.h>
+#elif !defined(CYBOZU_BENCH_DONT_USE_RDTSC)
+ #if defined(_M_IX86) || defined(_M_X64) || defined(__i386__) || defined(__x86_64__)
+ #define CYBOZU_BENCH_USE_RDTSC
+ #define CYBOZU_BENCH_USE_CPU_TIMER
+ #endif
+ #if defined(__GNUC__) && defined(__ARM_ARCH_7A__)
+// #define CYBOZU_BENCH_USE_MRC
+// #define CYBOZU_BENCH_USE_CPU_TIMER
+ #endif
+#endif
+
+
+#include <assert.h>
+#include <time.h>
+#ifdef _MSC_VER
+ #include <intrin.h>
+ #include <sys/timeb.h>
+#else
+#endif
+
+#ifndef CYBOZU_UNUSED
+ #ifdef __GNUC__
+ #define CYBOZU_UNUSED __attribute__((unused))
+ #else
+ #define CYBOZU_UNUSED
+ #endif
+#endif
+
+namespace cybozu {
+
+namespace bench {
+
+static void (*g_putCallback)(double);
+
+static inline void setPutCallback(void (*f)(double))
+{
+ g_putCallback = f;
+}
+
+} // cybozu::bench
+
+class CpuClock {
+public:
+ static inline uint64_t getCpuClk()
+ {
+#ifdef CYBOZU_BENCH_USE_RDTSC
+#ifdef _MSC_VER
+ return __rdtsc();
+#else
+ unsigned int eax, edx;
+ __asm__ volatile("rdtsc" : "=a"(eax), "=d"(edx));
+ return ((uint64_t)edx << 32) | eax;
+#endif
+#elif defined(CYBOZU_BENCH_USE_MRC)
+ uint32_t clk;
+ __asm__ volatile("mrc p15, 0, %0, c9, c13, 0" : "=r"(clk));
+ return clk;
+#else
+#ifdef _MSC_VER
+ struct _timeb timeb;
+ _ftime_s(&timeb);
+ return uint64_t(timeb.time) * 1000000000 + timeb.millitm * 1000000;
+#elif defined(CYBOZU_BENCH_USE_GETTIMEOFDAY)
+ struct timeval tv;
+ int ret CYBOZU_UNUSED = gettimeofday(&tv, 0);
+ assert(ret == 0);
+ return uint64_t(tv.tv_sec) * 1000000000 + tv.tv_usec * 1000;
+#else
+ struct timespec tp;
+ int ret CYBOZU_UNUSED = clock_gettime(CLOCK_PROCESS_CPUTIME_ID, &tp);
+ assert(ret == 0);
+ return uint64_t(tp.tv_sec) * 1000000000 + tp.tv_nsec;
+#endif
+#endif
+ }
+ CpuClock()
+ : clock_(0)
+ , count_(0)
+ {
+ }
+ void begin()
+ {
+ clock_ -= getCpuClk();
+ }
+ void end()
+ {
+ clock_ += getCpuClk();
+ count_++;
+ }
+ int getCount() const { return count_; }
+ uint64_t getClock() const { return clock_; }
+ void clear() { count_ = 0; clock_ = 0; }
+ void put(const char *msg = 0, int N = 1) const
+ {
+ double t = getClock() / double(getCount()) / N;
+ if (msg && *msg) printf("%s ", msg);
+ if (bench::g_putCallback) {
+ bench::g_putCallback(t);
+ return;
+ }
+#ifdef CYBOZU_BENCH_USE_CPU_TIMER
+ if (t > 1e6) {
+ printf("%7.3fMclk", t * 1e-6);
+ } else if (t > 1e3) {
+ printf("%7.3fKclk", t * 1e-3);
+ } else {
+ printf("%6.2f clk", t);
+ }
+#else
+ if (t > 1e6) {
+ printf("%7.3fmsec", t * 1e-6);
+ } else if (t > 1e3) {
+ printf("%7.3fusec", t * 1e-3);
+ } else {
+ printf("%6.2fnsec", t);
+ }
+#endif
+ if (msg && *msg) printf("\n");
+ }
+ // adhoc constatns for CYBOZU_BENCH
+#ifdef CYBOZU_BENCH_USE_CPU_TIMER
+ static const int loopN1 = 1000;
+ static const int loopN2 = 100;
+ static const uint64_t maxClk = (uint64_t)1e8;
+#else
+ static const int loopN1 = 100;
+ static const int loopN2 = 100;
+ static const uint64_t maxClk = (uint64_t)1e8;
+#endif
+private:
+ uint64_t clock_;
+ int count_;
+};
+
+namespace bench {
+
+static CpuClock g_clk;
+static int CYBOZU_UNUSED g_loopNum;
+
+} // cybozu::bench
+/*
+ loop counter is automatically determined
+ CYBOZU_BENCH(<msg>, <func>, <param1>, <param2>, ...);
+ if msg == "" then only set g_clk, g_loopNum
+*/
+#define CYBOZU_BENCH(msg, func, ...) \
+{ \
+ const uint64_t _cybozu_maxClk = cybozu::CpuClock::maxClk; \
+ cybozu::CpuClock _cybozu_clk; \
+ for (int _cybozu_i = 0; _cybozu_i < cybozu::CpuClock::loopN2; _cybozu_i++) { \
+ _cybozu_clk.begin(); \
+ for (int _cybozu_j = 0; _cybozu_j < cybozu::CpuClock::loopN1; _cybozu_j++) { func(__VA_ARGS__); } \
+ _cybozu_clk.end(); \
+ if (_cybozu_clk.getClock() > _cybozu_maxClk) break; \
+ } \
+ if (msg && *msg) _cybozu_clk.put(msg, cybozu::CpuClock::loopN1); \
+ cybozu::bench::g_clk = _cybozu_clk; cybozu::bench::g_loopNum = cybozu::CpuClock::loopN1; \
+}
+
+/*
+ double clk;
+ CYBOZU_BENCH_T(clk, <func>, <param1>, <param2>, ...);
+ clk is set by CYBOZU_BENCH_T
+*/
+#define CYBOZU_BENCH_T(clk, func, ...) \
+{ \
+ const uint64_t _cybozu_maxClk = cybozu::CpuClock::maxClk; \
+ cybozu::CpuClock _cybozu_clk; \
+ for (int _cybozu_i = 0; _cybozu_i < cybozu::CpuClock::loopN2; _cybozu_i++) { \
+ _cybozu_clk.begin(); \
+ for (int _cybozu_j = 0; _cybozu_j < cybozu::CpuClock::loopN1; _cybozu_j++) { func(__VA_ARGS__); } \
+ _cybozu_clk.end(); \
+ if (_cybozu_clk.getClock() > _cybozu_maxClk) break; \
+ } \
+ clk = _cybozu_clk.getClock() / (double)_cybozu_clk.getCount() / cybozu::CpuClock::loopN1; \
+}
+
+/*
+ loop counter N is given
+ CYBOZU_BENCH_C(<msg>, <counter>, <func>, <param1>, <param2>, ...);
+ if msg == "" then only set g_clk, g_loopNum
+*/
+#define CYBOZU_BENCH_C(msg, _N, func, ...) \
+{ \
+ cybozu::CpuClock _cybozu_clk; \
+ _cybozu_clk.begin(); \
+ for (int _cybozu_j = 0; _cybozu_j < _N; _cybozu_j++) { func(__VA_ARGS__); } \
+ _cybozu_clk.end(); \
+ if (msg && *msg) _cybozu_clk.put(msg, _N); \
+ cybozu::bench::g_clk = _cybozu_clk; cybozu::bench::g_loopNum = _N; \
+}
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/bit_operation.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/bit_operation.hpp
new file mode 100644
index 000000000..865c1e47d
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/bit_operation.hpp
@@ -0,0 +1,139 @@
+#pragma once
+/**
+ @file
+ @brief bit operation
+*/
+#include <assert.h>
+#include <cybozu/inttype.hpp>
+
+#if (CYBOZU_HOST == CYBOZU_HOST_INTEL)
+ #if defined(_WIN32)
+ #include <intrin.h>
+ #elif defined(__linux__) || defined(__CYGWIN__) || defined(__clang__)
+ #include <x86intrin.h>
+ #elif defined(__GNUC__)
+ #include <emmintrin.h>
+ #endif
+#endif
+
+namespace cybozu {
+
+namespace bit_op_local {
+
+template<bool equalTo8>
+struct Tag {};
+
+// sizeof(T) < 8
+template<>
+struct Tag<false> {
+ template<class T>
+ static inline int bsf(T x)
+ {
+#if defined(_MSC_VER)
+ unsigned long out;
+ _BitScanForward(&out, x);
+#pragma warning(suppress: 6102)
+ return out;
+#else
+ return __builtin_ctz(x);
+#endif
+ }
+ template<class T>
+ static inline int bsr(T x)
+ {
+#if defined(_MSC_VER)
+ unsigned long out;
+ _BitScanReverse(&out, x);
+#pragma warning(suppress: 6102)
+ return out;
+#else
+ return __builtin_clz(x) ^ 0x1f;
+#endif
+ }
+};
+
+// sizeof(T) == 8
+template<>
+struct Tag<true> {
+ template<class T>
+ static inline int bsf(T x)
+ {
+#if defined(_MSC_VER) && defined(_WIN64)
+ unsigned long out;
+ _BitScanForward64(&out, x);
+#pragma warning(suppress: 6102)
+ return out;
+#elif defined(__x86_64__)
+ return __builtin_ctzll(x);
+#else
+ const uint32_t L = uint32_t(x);
+ if (L) return Tag<false>::bsf(L);
+ const uint32_t H = uint32_t(x >> 32);
+ return Tag<false>::bsf(H) + 32;
+#endif
+ }
+ template<class T>
+ static inline int bsr(T x)
+ {
+#if defined(_MSC_VER) && defined(_WIN64)
+ unsigned long out;
+ _BitScanReverse64(&out, x);
+#pragma warning(suppress: 6102)
+ return out;
+#elif defined(__x86_64__)
+ return __builtin_clzll(x) ^ 0x3f;
+#else
+ const uint32_t H = uint32_t(x >> 32);
+ if (H) return Tag<false>::bsr(H) + 32;
+ const uint32_t L = uint32_t(x);
+ return Tag<false>::bsr(L);
+#endif
+ }
+};
+
+} // bit_op_local
+
+template<class T>
+int bsf(T x)
+{
+ return bit_op_local::Tag<sizeof(T) == 8>::bsf(x);
+}
+template<class T>
+int bsr(T x)
+{
+ return bit_op_local::Tag<sizeof(T) == 8>::bsr(x);
+}
+
+template<class T>
+uint64_t makeBitMask64(T x)
+{
+ assert(x < 64);
+ return (uint64_t(1) << x) - 1;
+}
+
+template<class T>
+uint32_t popcnt(T x);
+
+template<>
+inline uint32_t popcnt<uint32_t>(uint32_t x)
+{
+#if defined(_MSC_VER)
+ return static_cast<uint32_t>(_mm_popcnt_u32(x));
+#else
+ return static_cast<uint32_t>(__builtin_popcount(x));
+#endif
+}
+
+template<>
+inline uint32_t popcnt<uint64_t>(uint64_t x)
+{
+#if defined(__x86_64__)
+ return static_cast<uint32_t>(__builtin_popcountll(x));
+#elif defined(_WIN64)
+ return static_cast<uint32_t>(_mm_popcnt_u64(x));
+#else
+ return popcnt<uint32_t>(static_cast<uint32_t>(x)) + popcnt<uint32_t>(static_cast<uint32_t>(x >> 32));
+#endif
+}
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/critical_section.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/critical_section.hpp
new file mode 100644
index 000000000..13d7f3a0e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/critical_section.hpp
@@ -0,0 +1,60 @@
+#pragma once
+/**
+ @file
+ @brief critical section
+
+ @author MITSUNARI Shigeo(@herumi)
+ @author MITSUNARI Shigeo
+*/
+#include <cybozu/mutex.hpp>
+
+namespace cybozu {
+
+class ConditionVariableCs;
+
+namespace thread {
+
+#ifdef _WIN32
+typedef CRITICAL_SECTION CsHandle;
+inline void CsInit(CsHandle& cs) { InitializeCriticalSection(&cs); }
+inline void CsLock(CsHandle& cs) { EnterCriticalSection(&cs); }
+inline void CsUnlock(CsHandle& cs) { LeaveCriticalSection(&cs); }
+inline void CsTerm(CsHandle& cs) { DeleteCriticalSection(&cs); }
+#else
+typedef pthread_mutex_t CsHandle;
+inline void CsInit(CsHandle& cs) { pthread_mutex_init(&cs, NULL); }
+inline void CsLock(CsHandle& cs) { pthread_mutex_lock(&cs); }
+inline void CsUnlock(CsHandle& cs) { pthread_mutex_unlock(&cs); }
+inline void CsTerm(CsHandle& cs) { pthread_mutex_destroy(&cs); }
+#endif
+
+} // cybozu::thread
+
+class CriticalSection {
+ friend class cybozu::ConditionVariableCs;
+public:
+ CriticalSection()
+ {
+ thread::CsInit(hdl_);
+ }
+ ~CriticalSection()
+ {
+ thread::CsTerm(hdl_);
+ }
+ inline void lock()
+ {
+ thread::CsLock(hdl_);
+ }
+ inline void unlock()
+ {
+ thread::CsUnlock(hdl_);
+ }
+private:
+ CriticalSection(const CriticalSection&);
+ CriticalSection& operator=(const CriticalSection&);
+ thread::CsHandle hdl_;
+};
+
+typedef cybozu::thread::AutoLockT<cybozu::CriticalSection> AutoLockCs; //!< auto lock critical section
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/crypto.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/crypto.hpp
new file mode 100644
index 000000000..d427179d9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/crypto.hpp
@@ -0,0 +1,321 @@
+#pragma once
+/**
+ @file
+ @brief wrap openssl
+ @author MITSUNARI Shigeo(@herumi)
+*/
+
+#include <cybozu/exception.hpp>
+#ifdef __APPLE__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+#if 0 //#ifdef __APPLE__
+ #define COMMON_DIGEST_FOR_OPENSSL
+ #include <CommonCrypto/CommonDigest.h>
+ #include <CommonCrypto/CommonHMAC.h>
+ #define SHA1 CC_SHA1
+ #define SHA224 CC_SHA224
+ #define SHA256 CC_SHA256
+ #define SHA384 CC_SHA384
+ #define SHA512 CC_SHA512
+#else
+#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#endif
+#ifdef _MSC_VER
+ #include <cybozu/link_libeay32.hpp>
+#endif
+
+namespace cybozu {
+
+namespace crypto {
+
+class Hash {
+public:
+ enum Name {
+ N_SHA1,
+ N_SHA224,
+ N_SHA256,
+ N_SHA384,
+ N_SHA512
+ };
+private:
+ Name name_;
+ size_t hashSize_;
+ union {
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+ SHA512_CTX sha512;
+ } ctx_;
+public:
+ static inline size_t getSize(Name name)
+ {
+ switch (name) {
+ case N_SHA1: return SHA_DIGEST_LENGTH;
+ case N_SHA224: return SHA224_DIGEST_LENGTH;
+ case N_SHA256: return SHA256_DIGEST_LENGTH;
+ case N_SHA384: return SHA384_DIGEST_LENGTH;
+ case N_SHA512: return SHA512_DIGEST_LENGTH;
+ default:
+ throw cybozu::Exception("crypto:Hash:getSize") << name;
+ }
+ }
+ static inline const char *getName(Name name)
+ {
+ switch (name) {
+ case N_SHA1: return "sha1";
+ case N_SHA224: return "sha224";
+ case N_SHA256: return "sha256";
+ case N_SHA384: return "sha384";
+ case N_SHA512: return "sha512";
+ default:
+ throw cybozu::Exception("crypto:Hash:getName") << name;
+ }
+ }
+ static inline Name getName(const std::string& nameStr)
+ {
+ static const struct {
+ const char *nameStr;
+ Name name;
+ } tbl[] = {
+ { "sha1", N_SHA1 },
+ { "sha224", N_SHA224 },
+ { "sha256", N_SHA256 },
+ { "sha384", N_SHA384 },
+ { "sha512", N_SHA512 },
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ if (nameStr == tbl[i].nameStr) return tbl[i].name;
+ }
+ throw cybozu::Exception("crypto:Hash:getName") << nameStr;
+ }
+ explicit Hash(Name name = N_SHA1)
+ : name_(name)
+ , hashSize_(getSize(name))
+ {
+ reset();
+ }
+ void update(const void *buf, size_t bufSize)
+ {
+ switch (name_) {
+ case N_SHA1: SHA1_Update(&ctx_.sha1, buf, bufSize); break;
+ case N_SHA224: SHA224_Update(&ctx_.sha256, buf, bufSize); break;
+ case N_SHA256: SHA256_Update(&ctx_.sha256, buf, bufSize); break;
+ case N_SHA384: SHA384_Update(&ctx_.sha512, buf, bufSize); break;
+ case N_SHA512: SHA512_Update(&ctx_.sha512, buf, bufSize); break;
+ }
+ }
+ void update(const std::string& buf)
+ {
+ update(buf.c_str(), buf.size());
+ }
+ void reset()
+ {
+ switch (name_) {
+ case N_SHA1: SHA1_Init(&ctx_.sha1); break;
+ case N_SHA224: SHA224_Init(&ctx_.sha256); break;
+ case N_SHA256: SHA256_Init(&ctx_.sha256); break;
+ case N_SHA384: SHA384_Init(&ctx_.sha512); break;
+ case N_SHA512: SHA512_Init(&ctx_.sha512); break;
+ default:
+ throw cybozu::Exception("crypto:Hash:rset") << name_;
+ }
+ }
+ /*
+ md must have hashSize byte
+ @note clear inner buffer after calling digest
+ */
+ void digest(void *out, const void *buf, size_t bufSize)
+ {
+ update(buf, bufSize);
+ unsigned char *md = reinterpret_cast<unsigned char*>(out);
+ switch (name_) {
+ case N_SHA1: SHA1_Final(md, &ctx_.sha1); break;
+ case N_SHA224: SHA224_Final(md, &ctx_.sha256); break;
+ case N_SHA256: SHA256_Final(md, &ctx_.sha256); break;
+ case N_SHA384: SHA384_Final(md, &ctx_.sha512); break;
+ case N_SHA512: SHA512_Final(md, &ctx_.sha512); break;
+ default:
+ throw cybozu::Exception("crypto:Hash:digest") << name_;
+ }
+ reset();
+ }
+ std::string digest(const void *buf, size_t bufSize)
+ {
+ std::string ret;
+ ret.resize(hashSize_);
+ digest(&ret[0], buf, bufSize);
+ return ret;
+ }
+ std::string digest(const std::string& buf = "")
+ {
+ return digest(buf.c_str(), buf.size());
+ }
+ /*
+ out must have necessary size
+ @note return written size
+ */
+ static inline size_t digest(void *out, Name name, const void *buf, size_t bufSize)
+ {
+ unsigned char *md = (unsigned char*)out;
+ const unsigned char *src = cybozu::cast<const unsigned char *>(buf);
+ switch (name) {
+ case N_SHA1: SHA1(src, bufSize, md); return 160 / 8;
+ case N_SHA224: SHA224(src, bufSize, md); return 224 / 8;
+ case N_SHA256: SHA256(src, bufSize, md); return 256 / 8;
+ case N_SHA384: SHA384(src, bufSize, md); return 384 / 8;
+ case N_SHA512: SHA512(src, bufSize, md); return 512 / 8;
+ default:
+ return 0;
+ }
+ }
+ static inline std::string digest(Name name, const void *buf, size_t bufSize)
+ {
+ char md[128];
+ size_t size = digest(md, name, buf, bufSize);
+ if (size == 0) throw cybozu::Exception("crypt:Hash:digest") << name;
+ return std::string(md, size);
+ }
+ static inline std::string digest(Name name, const std::string& buf)
+ {
+ return digest(name, buf.c_str(), buf.size());
+ }
+};
+
+class Hmac {
+ const EVP_MD *evp_;
+public:
+ explicit Hmac(Hash::Name name = Hash::N_SHA1)
+ {
+ switch (name) {
+ case Hash::N_SHA1: evp_ = EVP_sha1(); break;
+ case Hash::N_SHA224: evp_ = EVP_sha224(); break;
+ case Hash::N_SHA256: evp_ = EVP_sha256(); break;
+ case Hash::N_SHA384: evp_ = EVP_sha384(); break;
+ case Hash::N_SHA512: evp_ = EVP_sha512(); break;
+ default:
+ throw cybozu::Exception("crypto:Hmac:") << name;
+ }
+ }
+ std::string eval(const std::string& key, const std::string& data)
+ {
+ std::string out(EVP_MD_size(evp_) + 1, 0);
+ unsigned int outLen = 0;
+ if (HMAC(evp_, key.c_str(), static_cast<int>(key.size()),
+ cybozu::cast<const uint8_t *>(data.c_str()), data.size(), cybozu::cast<uint8_t *>(&out[0]), &outLen)) {
+ out.resize(outLen);
+ return out;
+ }
+ throw cybozu::Exception("crypto::Hamc::eval");
+ }
+};
+
+class Cipher {
+ const EVP_CIPHER *cipher_;
+ EVP_CIPHER_CTX *ctx_;
+public:
+ enum Name {
+ N_AES128_CBC,
+ N_AES192_CBC,
+ N_AES256_CBC,
+ N_AES128_ECB, // be carefull to use
+ N_AES192_ECB, // be carefull to use
+ N_AES256_ECB, // be carefull to use
+ };
+ static inline size_t getSize(Name name)
+ {
+ switch (name) {
+ case N_AES128_CBC: return 128;
+ case N_AES192_CBC: return 192;
+ case N_AES256_CBC: return 256;
+ case N_AES128_ECB: return 128;
+ case N_AES192_ECB: return 192;
+ case N_AES256_ECB: return 256;
+ default:
+ throw cybozu::Exception("crypto:Cipher:getSize") << name;
+ }
+ }
+ enum Mode {
+ Decoding,
+ Encoding
+ };
+ explicit Cipher(Name name = N_AES128_CBC)
+ : cipher_(0)
+ , ctx_(0)
+ {
+ ctx_ = EVP_CIPHER_CTX_new();
+ if (ctx_ == 0) throw cybozu::Exception("crypto:Cipher:EVP_CIPHER_CTX_new");
+ switch (name) {
+ case N_AES128_CBC: cipher_ = EVP_aes_128_cbc(); break;
+ case N_AES192_CBC: cipher_ = EVP_aes_192_cbc(); break;
+ case N_AES256_CBC: cipher_ = EVP_aes_256_cbc(); break;
+ case N_AES128_ECB: cipher_ = EVP_aes_128_ecb(); break;
+ case N_AES192_ECB: cipher_ = EVP_aes_192_ecb(); break;
+ case N_AES256_ECB: cipher_ = EVP_aes_256_ecb(); break;
+ default:
+ throw cybozu::Exception("crypto:Cipher:Cipher:name") << (int)name;
+ }
+ }
+ ~Cipher()
+ {
+ if (ctx_) EVP_CIPHER_CTX_free(ctx_);
+ }
+ /*
+ @note don't use padding = true
+ */
+ void setup(Mode mode, const std::string& key, const std::string& iv, bool padding = false)
+ {
+ const int keyLen = static_cast<int>(key.size());
+ const int expectedKeyLen = EVP_CIPHER_key_length(cipher_);
+ if (keyLen != expectedKeyLen) {
+ throw cybozu::Exception("crypto:Cipher:setup:keyLen") << keyLen << expectedKeyLen;
+ }
+
+ int ret = EVP_CipherInit_ex(ctx_, cipher_, NULL, cybozu::cast<const uint8_t*>(key.c_str()), cybozu::cast<const uint8_t*>(iv.c_str()), mode == Encoding ? 1 : 0);
+ if (ret != 1) {
+ throw cybozu::Exception("crypto:Cipher:setup:EVP_CipherInit_ex") << ret;
+ }
+ ret = EVP_CIPHER_CTX_set_padding(ctx_, padding ? 1 : 0);
+ if (ret != 1) {
+ throw cybozu::Exception("crypto:Cipher:setup:EVP_CIPHER_CTX_set_padding") << ret;
+ }
+/*
+ const int ivLen = static_cast<int>(iv.size());
+ const int expectedIvLen = EVP_CIPHER_CTX_iv_length(&ctx_);
+ if (ivLen != expectedIvLen) {
+ throw cybozu::Exception("crypto:Cipher:setup:ivLen") << ivLen << expectedIvLen;
+ }
+*/
+ }
+ /*
+ the size of outBuf must be larger than inBufSize + blockSize
+ @retval positive or 0 : writeSize(+blockSize)
+ @retval -1 : error
+ */
+ int update(char *outBuf, const char *inBuf, int inBufSize)
+ {
+ int outLen = 0;
+ int ret = EVP_CipherUpdate(ctx_, cybozu::cast<uint8_t*>(outBuf), &outLen, cybozu::cast<const uint8_t*>(inBuf), inBufSize);
+ if (ret != 1) return -1;
+ return outLen;
+ }
+ /*
+ return -1 if padding
+ @note don't use
+ */
+ int finalize(char *outBuf)
+ {
+ int outLen = 0;
+ int ret = EVP_CipherFinal_ex(ctx_, cybozu::cast<uint8_t*>(outBuf), &outLen);
+ if (ret != 1) return -1;
+ return outLen;
+ }
+};
+
+} } // cybozu::crypto
+
+#ifdef __APPLE__
+ #pragma GCC diagnostic pop
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/endian.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/endian.hpp
new file mode 100644
index 000000000..3f1575c46
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/endian.hpp
@@ -0,0 +1,224 @@
+#pragma once
+
+/**
+ @file
+ @brief deal with big and little endian
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <cybozu/inttype.hpp>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+namespace cybozu {
+
+#ifdef _MSC_VER
+inline uint16_t byteSwap(uint16_t x) { return _byteswap_ushort(x); }
+inline uint32_t byteSwap(uint32_t x) { return _byteswap_ulong(x); }
+inline uint64_t byteSwap(uint64_t x) { return _byteswap_uint64(x); }
+#else
+#if (((__GNUC__) << 16) + (__GNUC_MINOR__)) >= ((4 << 16) + 8)
+inline uint16_t byteSwap(uint16_t x) { return __builtin_bswap16(x); }
+#else
+inline uint16_t byteSwap(uint16_t x) { return (x >> 8) | (x << 8); }
+#endif
+inline uint32_t byteSwap(uint32_t x) { return __builtin_bswap32(x); }
+inline uint64_t byteSwap(uint64_t x) { return __builtin_bswap64(x); }
+#endif
+
+/**
+ get 16bit integer as little endian
+ @param src [in] pointer
+*/
+inline uint16_t Get16bitAsLE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint16_t x;
+ memcpy(&x, src, sizeof(x));
+ return x;
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return p[0] | (p[1] << 8);
+#endif
+}
+
+/**
+ get 32bit integer as little endian
+ @param src [in] pointer
+*/
+inline uint32_t Get32bitAsLE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint32_t x;
+ memcpy(&x, src, sizeof(x));
+ return x;
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return Get16bitAsLE(p) | (static_cast<uint32_t>(Get16bitAsLE(p + 2)) << 16);
+#endif
+}
+
+/**
+ get 64bit integer as little endian
+ @param src [in] pointer
+*/
+inline uint64_t Get64bitAsLE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint64_t x;
+ memcpy(&x, src, sizeof(x));
+ return x;
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return Get32bitAsLE(p) | (static_cast<uint64_t>(Get32bitAsLE(p + 4)) << 32);
+#endif
+}
+
+/**
+ get 16bit integer as bit endian
+ @param src [in] pointer
+*/
+inline uint16_t Get16bitAsBE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint16_t x;
+ memcpy(&x, src, sizeof(x));
+ return byteSwap(x);
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return p[1] | (p[0] << 8);
+#endif
+}
+
+/**
+ get 32bit integer as bit endian
+ @param src [in] pointer
+*/
+inline uint32_t Get32bitAsBE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint32_t x;
+ memcpy(&x, src, sizeof(x));
+ return byteSwap(x);
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return Get16bitAsBE(p + 2) | (static_cast<uint32_t>(Get16bitAsBE(p)) << 16);
+#endif
+}
+
+/**
+ get 64bit integer as big endian
+ @param src [in] pointer
+*/
+inline uint64_t Get64bitAsBE(const void *src)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ uint64_t x;
+ memcpy(&x, src, sizeof(x));
+ return byteSwap(x);
+#else
+ const uint8_t *p = static_cast<const uint8_t *>(src);
+ return Get32bitAsBE(p + 4) | (static_cast<uint64_t>(Get32bitAsBE(p)) << 32);
+#endif
+}
+
+/**
+ set 16bit integer as little endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set16bitAsLE(void *src, uint16_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ p[0] = static_cast<uint8_t>(x);
+ p[1] = static_cast<uint8_t>(x >> 8);
+#endif
+}
+/**
+ set 32bit integer as little endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set32bitAsLE(void *src, uint32_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ p[0] = static_cast<uint8_t>(x);
+ p[1] = static_cast<uint8_t>(x >> 8);
+ p[2] = static_cast<uint8_t>(x >> 16);
+ p[3] = static_cast<uint8_t>(x >> 24);
+#endif
+}
+/**
+ set 64bit integer as little endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set64bitAsLE(void *src, uint64_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ Set32bitAsLE(p, static_cast<uint32_t>(x));
+ Set32bitAsLE(p + 4, static_cast<uint32_t>(x >> 32));
+#endif
+}
+/**
+ set 16bit integer as big endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set16bitAsBE(void *src, uint16_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ x = byteSwap(x);
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ p[0] = static_cast<uint8_t>(x >> 8);
+ p[1] = static_cast<uint8_t>(x);
+#endif
+}
+/**
+ set 32bit integer as big endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set32bitAsBE(void *src, uint32_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ x = byteSwap(x);
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ p[0] = static_cast<uint8_t>(x >> 24);
+ p[1] = static_cast<uint8_t>(x >> 16);
+ p[2] = static_cast<uint8_t>(x >> 8);
+ p[3] = static_cast<uint8_t>(x);
+#endif
+}
+/**
+ set 64bit integer as big endian
+ @param src [out] pointer
+ @param x [in] integer
+*/
+inline void Set64bitAsBE(void *src, uint64_t x)
+{
+#if CYBOZU_ENDIAN == CYBOZU_ENDIAN_LITTLE
+ x = byteSwap(x);
+ memcpy(src, &x, sizeof(x));
+#else
+ uint8_t *p = static_cast<uint8_t *>(src);
+ Set32bitAsBE(p, static_cast<uint32_t>(x >> 32));
+ Set32bitAsBE(p + 4, static_cast<uint32_t>(x));
+#endif
+}
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/exception.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/exception.hpp
new file mode 100644
index 000000000..247ba4de0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/exception.hpp
@@ -0,0 +1,252 @@
+#pragma once
+/**
+ @file
+ @brief definition of abstruct exception class
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#ifdef CYBOZU_MINIMUM_EXCEPTION
+
+#include <cybozu/inttype.hpp>
+
+namespace cybozu {
+
+namespace exception {
+inline const char *makeString(const char *, size_t)
+{
+ return "";
+}
+
+} // cybozu::exception
+
+class Exception {
+public:
+ explicit Exception(const char* = 0, bool = true)
+ {
+ }
+ ~Exception() CYBOZU_NOEXCEPT {}
+ const char *what() const CYBOZU_NOEXCEPT { return "cybozu:Exception"; }
+ template<class T>
+ Exception& operator<<(const T&)
+ {
+ return *this;
+ }
+};
+
+} // cybozu
+
+#else
+
+#include <string>
+#include <algorithm>
+#include <sstream>
+#include <errno.h>
+#include <stdio.h>
+#ifdef _WIN32
+ #include <winsock2.h>
+ #include <windows.h>
+#else
+ #include <string.h> // for strerror_r
+#endif
+#include <cybozu/inttype.hpp>
+#ifdef CYBOZU_EXCEPTION_WITH_STACKTRACE
+ #include <cybozu/stacktrace.hpp>
+#endif
+
+namespace cybozu {
+
+const bool DontThrow = true;
+
+namespace exception {
+
+/* get max 16 characters to avoid buffer overrun */
+inline std::string makeString(const char *str, size_t size)
+{
+ return std::string(str, std::min<size_t>(size, 16));
+}
+
+#ifdef _WIN32
+inline std::string wstr2str(const std::wstring& wstr)
+{
+ std::string str;
+ for (size_t i = 0; i < wstr.size(); i++) {
+ uint16_t c = wstr[i];
+ if (c < 0x80) {
+ str += char(c);
+ } else {
+ char buf[16];
+ CYBOZU_SNPRINTF(buf, sizeof(buf), "\\u%04x", c);
+ str += buf;
+ }
+ }
+ return str;
+}
+#endif
+
+} // cybozu::exception
+
+/**
+ convert errno to string
+ @param err [in] errno
+ @note for both windows and linux
+*/
+inline std::string ConvertErrorNoToString(int err)
+{
+ char errBuf[256];
+ std::string ret;
+#ifdef _WIN32
+ if (strerror_s(errBuf, sizeof(errBuf), err) == 0) {
+ ret = errBuf;
+ } else {
+ ret = "err";
+ }
+#elif defined(_GNU_SOURCE)
+ ret = ::strerror_r(err, errBuf, sizeof(errBuf));
+#else
+ if (strerror_r(err, errBuf, sizeof(errBuf)) == 0) {
+ ret = errBuf;
+ } else {
+ ret = "err";
+ }
+#endif
+ char buf2[64];
+ CYBOZU_SNPRINTF(buf2, sizeof(buf2), "(%d)", err);
+ ret += buf2;
+ return ret;
+}
+
+class Exception : public std::exception {
+ mutable std::string str_;
+#ifdef CYBOZU_EXCEPTION_WITH_STACKTRACE
+ mutable std::string stackTrace_;
+#endif
+public:
+ explicit Exception(const std::string& name = "", bool enableStackTrace = true)
+ : str_(name)
+ {
+#ifdef CYBOZU_EXCEPTION_WITH_STACKTRACE
+ if (enableStackTrace) stackTrace_ = cybozu::StackTrace().toString();
+#else
+ cybozu::disable_warning_unused_variable(enableStackTrace);
+#endif
+ }
+ ~Exception() CYBOZU_NOEXCEPT {}
+ const char *what() const CYBOZU_NOEXCEPT { return toString().c_str(); }
+ const std::string& toString() const CYBOZU_NOEXCEPT
+ {
+#ifdef CYBOZU_EXCEPTION_WITH_STACKTRACE
+ try {
+ if (!stackTrace_.empty()) {
+#ifdef CYBOZU_STACKTRACE_ONELINE
+ str_ += "\n<<<STACKTRACE>>> ";
+ str_ += stackTrace_;
+#else
+ str_ += "\n<<<STACKTRACE\n";
+ str_ += stackTrace_;
+ str_ += "\n>>>STACKTRACE";
+#endif
+ }
+ } catch (...) {
+ }
+ stackTrace_.clear();
+#endif
+ return str_;
+ }
+ Exception& operator<<(const char *s)
+ {
+ str_ += ':';
+ str_ += s;
+ return *this;
+ }
+ Exception& operator<<(const std::string& s)
+ {
+ return operator<<(s.c_str());
+ }
+#ifdef _WIN32
+ Exception& operator<<(const std::wstring& s)
+ {
+ return operator<<(cybozu::exception::wstr2str(s));
+ }
+#endif
+ template<class T>
+ Exception& operator<<(const T& x)
+ {
+ std::ostringstream os;
+ os << x;
+ return operator<<(os.str());
+ }
+};
+
+class ErrorNo {
+public:
+#ifdef _WIN32
+ typedef unsigned int NativeErrorNo;
+#else
+ typedef int NativeErrorNo;
+#endif
+ explicit ErrorNo(NativeErrorNo err)
+ : err_(err)
+ {
+ }
+ ErrorNo()
+ : err_(getLatestNativeErrorNo())
+ {
+ }
+ NativeErrorNo getLatestNativeErrorNo() const
+ {
+#ifdef _WIN32
+ return ::GetLastError();
+#else
+ return errno;
+#endif
+ }
+ /**
+ convert NativeErrNo to string(maybe UTF8)
+ @param err [in] errno
+ @note Linux : same as ConvertErrorNoToString
+ Windows : for Win32 API(use en-us)
+ */
+ std::string toString() const
+ {
+#ifdef _WIN32
+ const int msgSize = 256;
+ wchar_t msg[msgSize];
+ int size = FormatMessageW(
+ FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+ 0,
+ err_,
+ MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
+ msg,
+ msgSize,
+ NULL
+ );
+ if (size <= 0) return "";
+ // remove last "\r\n"
+ if (size > 2 && msg[size - 2] == '\r') {
+ msg[size - 2] = 0;
+ size -= 2;
+ }
+ std::string ret;
+ ret.resize(size);
+ // assume ascii only
+ for (int i = 0; i < size; i++) {
+ ret[i] = (char)msg[i];
+ }
+ char buf2[64];
+ CYBOZU_SNPRINTF(buf2, sizeof(buf2), "(%u)", err_);
+ ret += buf2;
+ return ret;
+#else
+ return ConvertErrorNoToString(err_);
+#endif
+ }
+private:
+ NativeErrorNo err_;
+};
+
+inline std::ostream& operator<<(std::ostream& os, const cybozu::ErrorNo& self)
+{
+ return os << self.toString();
+}
+
+} // cybozu
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/hash.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/hash.hpp
new file mode 100644
index 000000000..3fd246fa1
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/hash.hpp
@@ -0,0 +1,67 @@
+#pragma once
+#include <cybozu/inttype.hpp>
+
+namespace cybozu {
+
+template<class Iter>
+uint32_t hash32(Iter begin, Iter end, uint32_t v = 0)
+{
+ if (v == 0) v = 2166136261U;
+ while (begin != end) {
+ v ^= *begin++;
+ v *= 16777619;
+ }
+ return v;
+}
+template<class Iter>
+uint64_t hash64(Iter begin, Iter end, uint64_t v = 0)
+{
+ if (v == 0) v = 14695981039346656037ULL;
+ while (begin != end) {
+ v ^= *begin++;
+ v *= 1099511628211ULL;
+ }
+ v ^= v >> 32;
+ return v;
+}
+template<class T>
+uint32_t hash32(const T *x, size_t n, uint32_t v = 0)
+{
+ return hash32(x, x + n, v);
+}
+template<class T>
+uint64_t hash64(const T *x, size_t n, uint64_t v = 0)
+{
+ return hash64(x, x + n, v);
+}
+
+} // cybozu
+
+namespace boost {
+
+template<class T>
+struct hash;
+
+} // boost
+
+#if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+#include <functional>
+#else
+
+namespace std { CYBOZU_NAMESPACE_TR1_BEGIN
+
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4099) // missmatch class and struct
+#endif
+#ifndef __APPLE__
+template<class T>
+struct hash;
+#endif
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
+
+CYBOZU_NAMESPACE_TR1_END } // std
+
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/inttype.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/inttype.hpp
new file mode 100644
index 000000000..62856bdb3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/inttype.hpp
@@ -0,0 +1,163 @@
+#pragma once
+/**
+ @file
+ @brief int type definition and macros
+ @author MITSUNARI Shigeo(@herumi)
+*/
+
+#if defined(_MSC_VER) && (MSC_VER <= 1500) && !defined(CYBOZU_DEFINED_INTXX)
+ #define CYBOZU_DEFINED_INTXX
+ typedef __int64 int64_t;
+ typedef unsigned __int64 uint64_t;
+ typedef unsigned int uint32_t;
+ typedef int int32_t;
+ typedef unsigned short uint16_t;
+ typedef short int16_t;
+ typedef unsigned char uint8_t;
+ typedef signed char int8_t;
+#else
+ #include <stdint.h>
+#endif
+
+#ifdef _MSC_VER
+ #ifndef CYBOZU_DEFINED_SSIZE_T
+ #define CYBOZU_DEFINED_SSIZE_T
+ #ifdef _WIN64
+ typedef int64_t ssize_t;
+ #else
+ typedef int32_t ssize_t;
+ #endif
+ #endif
+#else
+ #include <unistd.h> // for ssize_t
+#endif
+
+#ifndef CYBOZU_ALIGN
+ #ifdef _MSC_VER
+ #define CYBOZU_ALIGN(x) __declspec(align(x))
+ #else
+ #define CYBOZU_ALIGN(x) __attribute__((aligned(x)))
+ #endif
+#endif
+#ifndef CYBOZU_FORCE_INLINE
+ #ifdef _MSC_VER
+ #define CYBOZU_FORCE_INLINE __forceinline
+ #else
+ #define CYBOZU_FORCE_INLINE __attribute__((always_inline))
+ #endif
+#endif
+#ifndef CYBOZU_UNUSED
+ #ifdef __GNUC__
+ #define CYBOZU_UNUSED __attribute__((unused))
+ #else
+ #define CYBOZU_UNUSED
+ #endif
+#endif
+#ifndef CYBOZU_ALLOCA
+ #ifdef _MSC_VER
+ #include <malloc.h>
+ #define CYBOZU_ALLOCA(x) _malloca(x)
+ #else
+ #define CYBOZU_ALLOCA(x) __builtin_alloca(x)
+ #endif
+#endif
+#ifndef CYBOZU_NUM_OF_ARRAY
+ #define CYBOZU_NUM_OF_ARRAY(x) (sizeof(x) / sizeof(*x))
+#endif
+#ifndef CYBOZU_SNPRINTF
+ #if defined(_MSC_VER) && (_MSC_VER < 1900)
+ #define CYBOZU_SNPRINTF(x, len, ...) (void)_snprintf_s(x, len, len - 1, __VA_ARGS__)
+ #else
+ #define CYBOZU_SNPRINTF(x, len, ...) (void)snprintf(x, len, __VA_ARGS__)
+ #endif
+#endif
+
+#define CYBOZU_CPP_VERSION_CPP03 0
+#define CYBOZU_CPP_VERSION_TR1 1
+#define CYBOZU_CPP_VERSION_CPP11 2
+#define CYBOZU_CPP_VERSION_CPP14 3
+#define CYBOZU_CPP_VERSION_CPP17 4
+
+#ifdef __GNUC__
+ #define CYBOZU_GNUC_PREREQ(major, minor) ((__GNUC__) * 100 + (__GNUC_MINOR__) >= (major) * 100 + (minor))
+#else
+ #define CYBOZU_GNUC_PREREQ(major, minor) 0
+#endif
+
+#if (__cplusplus >= 201703)
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_CPP17
+#elif (__cplusplus >= 201402)
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_CPP14
+#elif (__cplusplus >= 201103) || (_MSC_VER >= 1500) || defined(__GXX_EXPERIMENTAL_CXX0X__)
+ #if defined(_MSC_VER) && (_MSC_VER <= 1600)
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_TR1
+ #else
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_CPP11
+ #endif
+#elif CYBOZU_GNUC_PREREQ(4, 5) || (CYBOZU_GNUC_PREREQ(4, 2) && __GLIBCXX__ >= 20070719) || defined(__INTEL_COMPILER) || (__clang_major__ >= 3)
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_TR1
+#else
+ #define CYBOZU_CPP_VERSION CYBOZU_CPP_VERSION_CPP03
+#endif
+
+#ifdef CYBOZU_USE_BOOST
+ #define CYBOZU_NAMESPACE_STD boost
+ #define CYBOZU_NAMESPACE_TR1_BEGIN
+ #define CYBOZU_NAMESPACE_TR1_END
+#elif (CYBOZU_CPP_VERSION == CYBOZU_CPP_VERSION_TR1) && !defined(__APPLE__)
+ #define CYBOZU_NAMESPACE_STD std::tr1
+ #define CYBOZU_NAMESPACE_TR1_BEGIN namespace tr1 {
+ #define CYBOZU_NAMESPACE_TR1_END }
+#else
+ #define CYBOZU_NAMESPACE_STD std
+ #define CYBOZU_NAMESPACE_TR1_BEGIN
+ #define CYBOZU_NAMESPACE_TR1_END
+#endif
+
+#ifndef CYBOZU_OS_BIT
+ #if defined(_WIN64) || defined(__x86_64__) || defined(__AARCH64EL__) || defined(__EMSCRIPTEN__)
+ #define CYBOZU_OS_BIT 64
+ #else
+ #define CYBOZU_OS_BIT 32
+ #endif
+#endif
+
+#ifndef CYBOZU_HOST
+ #define CYBOZU_HOST_UNKNOWN 0
+ #define CYBOZU_HOST_INTEL 1
+ #define CYBOZU_HOST_ARM 2
+ #if defined(_M_IX86) || defined(_M_AMD64) || defined(__x86_64__) || defined(__i386__)
+ #define CYBOZU_HOST CYBOZU_HOST_INTEL
+ #elif defined(__arm__) || defined(__AARCH64EL__)
+ #define CYBOZU_HOST CYBOZU_HOST_ARM
+ #else
+ #define CYBOZU_HOST CYBOZU_HOST_UNKNOWN
+ #endif
+#endif
+
+#ifndef CYBOZU_ENDIAN
+ #define CYBOZU_ENDIAN_UNKNOWN 0
+ #define CYBOZU_ENDIAN_LITTLE 1
+ #define CYBOZU_ENDIAN_BIG 2
+ #if (CYBOZU_HOST == CYBOZU_HOST_INTEL)
+ #define CYBOZU_ENDIAN CYBOZU_ENDIAN_LITTLE
+ #elif (CYBOZU_HOST == CYBOZU_HOST_ARM) && (defined(__ARM_EABI__) || defined(__AARCH64EL__))
+ #define CYBOZU_ENDIAN CYBOZU_ENDIAN_LITTLE
+ #else
+ #define CYBOZU_ENDIAN CYBOZU_ENDIAN_UNKNOWN
+ #endif
+#endif
+
+#if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+ #define CYBOZU_NOEXCEPT noexcept
+#else
+ #define CYBOZU_NOEXCEPT throw()
+#endif
+namespace cybozu {
+template<class T>
+void disable_warning_unused_variable(const T&) { }
+template<class T, class S>
+T cast(const S* ptr) { return static_cast<T>(static_cast<const void*>(ptr)); }
+template<class T, class S>
+T cast(S* ptr) { return static_cast<T>(static_cast<void*>(ptr)); }
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/itoa.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/itoa.hpp
new file mode 100644
index 000000000..072e5b8b4
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/itoa.hpp
@@ -0,0 +1,337 @@
+#pragma once
+/**
+ @file
+ @brief convert integer to string(ascii)
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <limits.h>
+#ifndef CYBOZU_DONT_USE_STRING
+#include <string>
+#endif
+#include <memory.h>
+#include <cybozu/inttype.hpp>
+#include <cybozu/bit_operation.hpp>
+
+namespace cybozu {
+
+template<class T>
+size_t getHexLength(T x)
+{
+ return x == 0 ? 1 : cybozu::bsr(x) / 4 + 1;
+}
+
+template<class T>
+size_t getBinLength(T x)
+{
+ return x == 0 ? 1 : cybozu::bsr(x) + 1;
+}
+/*
+ convert x to hex string with len
+ @note out should have getHexLength(x) size
+ out is not NUL terminated
+*/
+template<class T>
+void itohex(char *out, size_t len, T x, bool upCase = true)
+{
+ static const char *hexTbl[] = {
+ "0123456789abcdef",
+ "0123456789ABCDEF"
+ };
+ const char *tbl = hexTbl[upCase];
+ for (size_t i = 0; i < len; i++) {
+ out[len - i - 1] = tbl[x % 16];
+ x /= 16;
+ }
+}
+/*
+ convert x to bin string with len
+ @note out should have getBinLength(x) size
+ out is not NUL terminated
+*/
+template<class T>
+void itobin(char *out, size_t len, T x)
+{
+ for (size_t i = 0; i < len; i++) {
+ out[len - i - 1] = '0' + (x & 1);
+ x >>= 1;
+ }
+}
+
+namespace itoa_local {
+
+/*
+ convert x to dec
+ use buf[0, bufSize)
+ return 0 if false
+ return writtenSize which is not terminated
+ @REMARK the top of string is buf + bufSize - writtenSize
+*/
+template<class UT>
+size_t uintToDec(char *buf, size_t bufSize, UT x)
+{
+ for (size_t i = 0; i < bufSize; i++) {
+ buf[bufSize - 1 - i] = '0' + static_cast<int>(x % 10);
+ x /= 10;
+ if (x == 0) return i + 1;
+ }
+ return 0;
+}
+
+/*
+ convert x to hex
+ use buf[0, bufSize)
+ return 0 if false
+ return writtenSize which is not terminated
+ @REMARK the top of string is buf + bufSize - writtenSize
+*/
+template<class UT>
+size_t uintToHex(char *buf, size_t bufSize, UT x, bool upCase = true)
+{
+ static const char *hexTbl[] = {
+ "0123456789abcdef",
+ "0123456789ABCDEF"
+ };
+ const char *tbl = hexTbl[upCase];
+ for (size_t i = 0; i < bufSize; i++) {
+ buf[bufSize - 1 - i] = tbl[x % 16];
+ x /= 16;
+ if (x == 0) return i + 1;
+ }
+ return 0;
+}
+
+/*
+ convert x to bin
+ use buf[0, bufSize)
+ return 0 if false
+ return writtenSize which is not terminated
+ @REMARK the top of string is buf + bufSize - writtenSize
+*/
+template<class UT>
+size_t uintToBin(char *buf, size_t bufSize, UT x)
+{
+ for (size_t i = 0; i < bufSize; i++) {
+ buf[bufSize - 1 - i] = '0' + (x & 1);
+ x >>= 1;
+ if (x == 0) return i + 1;
+ }
+ return 0;
+}
+
+template<class T>
+size_t intToDec(char *buf, size_t bufSize, T x)
+{
+ if (x == LLONG_MIN) {
+ const char minStr[] = "-9223372036854775808";
+ const size_t minStrLen = sizeof(minStr) - 1;
+ if (bufSize < minStrLen) {
+ return 0;
+ } else {
+ memcpy(buf + bufSize - minStrLen, minStr, minStrLen);
+ return minStrLen;
+ }
+ }
+ bool negative = x < 0;
+ uint64_t absX = negative ? -x : x;
+ size_t n = uintToDec(buf, bufSize, absX);
+ if (n == 0) return 0;
+ if (negative) {
+ if (bufSize == n) return 0;
+ n++;
+ buf[bufSize - n] = '-';
+ }
+ return n;
+}
+
+#ifndef CYBOZU_DONT_USE_STRING
+template<typename T>
+void convertFromUint(std::string& out, T x)
+{
+ char buf[40];
+ size_t n = uintToDec(buf, sizeof(buf), x);
+ assert(n > 0);
+ out.assign(buf + sizeof(buf) - n, n);
+}
+
+inline void convertFromInt(std::string& out, long long x)
+{
+ char buf[40];
+ size_t n = intToDec(buf, sizeof(buf), x);
+ assert(n > 0);
+ out.assign(buf + sizeof(buf) - n, n);
+}
+
+template<typename T>
+void itohexLocal(std::string& out, T x, bool upCase, bool withZero)
+{
+ const size_t size = withZero ? sizeof(T) * 2 : getHexLength(x);
+ out.resize(size);
+ itohex(&out[0], size, x, upCase);
+}
+
+template<class T>
+void itobinLocal(std::string& out, T x, bool withZero)
+{
+ const size_t size = withZero ? sizeof(T) * 8 : getBinLength(x);
+ out.resize(size);
+ itobin(&out[0], size, x);
+}
+#endif
+
+} // itoa_local
+
+#ifndef CYBOZU_DONT_USE_STRING
+/**
+ convert int to string
+ @param out [out] string
+ @param x [in] int
+*/
+inline void itoa(std::string& out, int x)
+{
+ itoa_local::convertFromInt(out, x);
+}
+
+/**
+ convert long long to string
+ @param out [out] string
+ @param x [in] long long
+*/
+inline void itoa(std::string& out, long long x)
+{
+ itoa_local::convertFromInt(out, x);
+}
+
+/**
+ convert unsigned int to string
+ @param out [out] string
+ @param x [in] unsigned int
+*/
+inline void itoa(std::string& out, unsigned int x)
+{
+ itoa_local::convertFromUint(out, x);
+}
+
+/**
+ convert unsigned long long to string
+ @param out [out] string
+ @param x [in] unsigned long long
+*/
+inline void itoa(std::string& out, unsigned long long x)
+{
+ itoa_local::convertFromUint(out, x);
+}
+
+#if defined(__SIZEOF_LONG__) && (__SIZEOF_LONG__ == 8)
+inline void itoa(std::string& out, long x) { itoa(out, static_cast<long long>(x)); }
+inline void itoa(std::string& out, unsigned long x) { itoa(out, static_cast<unsigned long long>(x)); }
+#else
+inline void itoa(std::string& out, long x) { itoa(out, static_cast<int>(x)); }
+inline void itoa(std::string& out, unsigned long x) { itoa(out, static_cast<int>(x)); }
+#endif
+/**
+ convert integer to string
+ @param x [in] int
+*/
+template<typename T>
+inline std::string itoa(T x)
+{
+ std::string ret;
+ itoa(ret, x);
+ return ret;
+}
+
+inline void itohex(std::string& out, unsigned char x, bool upCase = true, bool withZero = true)
+{
+ itoa_local::itohexLocal(out, x, upCase, withZero);
+}
+
+inline void itohex(std::string& out, unsigned short x, bool upCase = true, bool withZero = true)
+{
+ itoa_local::itohexLocal(out, x, upCase, withZero);
+}
+
+inline void itohex(std::string& out, unsigned int x, bool upCase = true, bool withZero = true)
+{
+ itoa_local::itohexLocal(out, x, upCase, withZero);
+}
+
+inline void itohex(std::string& out, unsigned long x, bool upCase = true, bool withZero = true)
+{
+ itoa_local::itohexLocal(out, x, upCase, withZero);
+}
+
+inline void itohex(std::string& out, unsigned long long x, bool upCase = true, bool withZero = true)
+{
+ itoa_local::itohexLocal(out, x, upCase, withZero);
+}
+
+template<typename T>
+inline std::string itobin(T x, bool withZero = true)
+{
+ std::string out;
+ itoa_local::itobinLocal(out, x, withZero);
+ return out;
+}
+
+inline void itobin(std::string& out, unsigned char x, bool withZero = true)
+{
+ itoa_local::itobinLocal(out, x, withZero);
+}
+
+inline void itobin(std::string& out, unsigned short x, bool withZero = true)
+{
+ itoa_local::itobinLocal(out, x, withZero);
+}
+
+inline void itobin(std::string& out, unsigned int x, bool withZero = true)
+{
+ itoa_local::itobinLocal(out, x, withZero);
+}
+
+inline void itobin(std::string& out, unsigned long x, bool withZero = true)
+{
+ itoa_local::itobinLocal(out, x, withZero);
+}
+
+inline void itobin(std::string& out, unsigned long long x, bool withZero = true)
+{
+ itoa_local::itobinLocal(out, x, withZero);
+}
+
+template<typename T>
+inline std::string itohex(T x, bool upCase = true, bool withZero = true)
+{
+ std::string out;
+ itohex(out, x, upCase, withZero);
+ return out;
+}
+/**
+ convert integer to string with zero padding
+ @param x [in] int
+ @param len [in] minimum lengh of string
+ @param c [in] padding character
+ @note
+ itoa(12, 4) == "0012"
+ itoa(1234, 4) == "1234"
+ itoa(12345, 4) == "12345"
+ itoa(-12, 4) == "-012"
+*/
+template<typename T>
+inline std::string itoaWithZero(T x, size_t len, char c = '0')
+{
+ std::string ret;
+ itoa(ret, x);
+ if (ret.size() < len) {
+ std::string zero(len - ret.size(), c);
+ if (x >= 0) {
+ ret = zero + ret;
+ } else {
+ ret = "-" + zero + ret.substr(1);
+ }
+ }
+ return ret;
+}
+#endif
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_libeay32.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_libeay32.hpp
new file mode 100644
index 000000000..d83f1b6ea
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_libeay32.hpp
@@ -0,0 +1,21 @@
+#pragma once
+/**
+ @file
+ @brief link libeay32.lib of openssl
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#if defined(_WIN32) && defined(_MT)
+ #if _MSC_VER >= 1900 // VC2015
+ #ifdef _WIN64
+ #pragma comment(lib, "mt/14/libeay32.lib")
+ #else
+ #pragma comment(lib, "mt/14/32/libeay32.lib")
+ #endif
+// #elif _MSC_VER == 1800 // VC2013
+ #else
+ #pragma comment(lib, "mt/12/libeay32.lib")
+ #endif
+ #pragma comment(lib, "advapi32.lib")
+ #pragma comment(lib, "gdi32.lib")
+ #pragma comment(lib, "user32.lib")
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_mpir.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_mpir.hpp
new file mode 100644
index 000000000..d20d7b1a9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_mpir.hpp
@@ -0,0 +1,18 @@
+#pragma once
+/**
+ @file
+ @brief link mpir/mpirxx of mpir
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#if defined(_WIN32) && defined(_MT)
+ #if _MSC_VER >= 1900 // VC2015, VC2017(1910)
+ #pragma comment(lib, "mt/14/mpir.lib")
+ #pragma comment(lib, "mt/14/mpirxx.lib")
+ #elif _MSC_VER == 1800 // VC2013
+ #pragma comment(lib, "mt/12/mpir.lib")
+ #pragma comment(lib, "mt/12/mpirxx.lib")
+ #elif _MSC_VER == 1700 // VC2012
+ #pragma comment(lib, "mt/11/mpir.lib")
+ #pragma comment(lib, "mt/11/mpirxx.lib")
+ #endif
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_ssleay32.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_ssleay32.hpp
new file mode 100644
index 000000000..60c2361ae
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/link_ssleay32.hpp
@@ -0,0 +1,19 @@
+#pragma once
+/**
+ @file
+ @brief link ssleay32.lib of openssl
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#if defined(_WIN32) && defined(_MT)
+ #if _MSC_VER >= 1900 // VC2015
+ #ifdef _WIN64
+ #pragma comment(lib, "mt/14/ssleay32.lib")
+ #else
+ #pragma comment(lib, "mt/14/32/ssleay32.lib")
+ #endif
+// #elif _MSC_VER == 1800 // VC2013
+ #else
+ #pragma comment(lib, "mt/12/ssleay32.lib")
+ #endif
+ #pragma comment(lib, "user32.lib")
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/mutex.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/mutex.hpp
new file mode 100644
index 000000000..acde6bcbf
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/mutex.hpp
@@ -0,0 +1,141 @@
+#pragma once
+/**
+ @file
+ @brief mutex
+
+ @author MITSUNARI Shigeo(@herumi)
+ @author MITSUNARI Shigeo
+*/
+
+#ifdef _WIN32
+ #include <windows.h>
+#else
+ #include <pthread.h>
+ #include <time.h>
+#endif
+#include <assert.h>
+#include <stdlib.h>
+
+namespace cybozu {
+
+class ConditionVariable;
+
+namespace thread {
+
+#ifdef _WIN32
+ typedef HANDLE MutexHandle;
+ inline void MutexInit(MutexHandle& mutex)
+ {
+// mutex = CreateSemaphore(NULL /* no security */, 1 /* init */, 0x7FFFFFFF /* max */, NULL /* no name */);
+ mutex = CreateMutex(NULL /* no security */, FALSE /* no owner */, NULL /* no name */);
+ }
+ inline void MutexLock(MutexHandle& mutex) { WaitForSingleObject(mutex, INFINITE); }
+ /*
+ return false if timeout
+ @param msec [in] msec
+ */
+ inline bool MutexLockTimeout(MutexHandle& mutex, int msec)
+ {
+ DWORD ret = WaitForSingleObject(mutex, msec);
+ if (ret == WAIT_OBJECT_0) {
+ return true;
+ }
+ if (ret == WAIT_TIMEOUT) {
+ return false;
+ }
+ /* ret == WAIT_ABANDONED */
+ assert(0);
+ return false;
+ }
+ inline void MutexUnlock(MutexHandle& mutex)
+ {
+// ReleaseSemaphore(mutex, 1, NULL);
+ ReleaseMutex(mutex);
+ }
+ inline void MutexTerm(MutexHandle& mutex) { CloseHandle(mutex); }
+#else
+ typedef pthread_mutex_t MutexHandle;
+ inline void MutexInit(MutexHandle& mutex)
+ {
+#if 1
+ pthread_mutex_init(&mutex, NULL);
+#else
+ pthread_mutexattr_t attr;
+ pthread_mutexattr_init(&attr);
+ if (pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_TIMED_NP)) {
+ perror("pthread_mutexattr_settype");
+ exit(1);
+ }
+ pthread_mutex_init(&mutex, &attr);
+ pthread_mutexattr_destroy(&attr);
+#endif
+ }
+ inline void MutexLock(MutexHandle& mutex) { pthread_mutex_lock(&mutex); }
+#if 0
+ inline bool MutexLockTimeout(MutexHandle& mutex, int msec)
+ {
+ timespec absTime;
+ clock_gettime(CLOCK_REALTIME, &absTime);
+ absTime.tv_sec += msec / 1000;
+ absTime.tv_nsec += msec % 1000;
+ bool ret = pthread_mutex_timedlock(&mutex, &absTime) == 0;
+ return ret;
+ }
+#endif
+ inline void MutexUnlock(MutexHandle& mutex) { pthread_mutex_unlock(&mutex); }
+ inline void MutexTerm(MutexHandle& mutex) { pthread_mutex_destroy(&mutex); }
+#endif
+
+template<class T>
+class AutoLockT {
+public:
+ explicit AutoLockT(T &t)
+ : t_(t)
+ {
+ t_.lock();
+ }
+ ~AutoLockT()
+ {
+ t_.unlock();
+ }
+private:
+ T& t_;
+ AutoLockT& operator=(const AutoLockT&);
+};
+
+} // cybozu::thread
+
+class Mutex {
+ friend class cybozu::ConditionVariable;
+public:
+ Mutex()
+ {
+ thread::MutexInit(hdl_);
+ }
+ ~Mutex()
+ {
+ thread::MutexTerm(hdl_);
+ }
+ void lock()
+ {
+ thread::MutexLock(hdl_);
+ }
+#if 0
+ bool lockTimeout(int msec)
+ {
+ return thread::MutexLockTimeout(hdl_, msec);
+ }
+#endif
+ void unlock()
+ {
+ thread::MutexUnlock(hdl_);
+ }
+private:
+ Mutex(const Mutex&);
+ Mutex& operator=(const Mutex&);
+ thread::MutexHandle hdl_;
+};
+
+typedef cybozu::thread::AutoLockT<cybozu::Mutex> AutoLock;
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/option.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/option.hpp
new file mode 100644
index 000000000..a5dfd137d
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/option.hpp
@@ -0,0 +1,723 @@
+#pragma once
+/**
+ @file
+ @brief command line parser
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <string>
+#include <vector>
+#include <map>
+#include <sstream>
+#include <iostream>
+#include <limits>
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <cybozu/exception.hpp>
+#include <cybozu/atoi.hpp>
+
+/*
+ Option parser
+
+ progName (opt1-name|opt2-name|...) param1 param2 ...
+ param1:param1-help
+ param2:param2-help
+ -op1-name:opt1-help
+ ...
+
+ How to setup
+ int num;
+ -n num ; (optional) option => appendOpt(&x, <defaultValue>, "num", "num-help");
+ -n num ; must option => appendMust(&x, "num", "num-help");
+
+ std::vector<int> v;
+ -v s1 s2 s3 ... => appendVec(&v, "v");
+
+ Remark1: terminate parsing of v if argv begins with '-[^0-9]'
+ Remark2: the begining character of opt-name is not a number ('0'...'9')
+ because avoid conflict with minus number
+
+ std::string file1;
+ file1 is param => appendParam(&file1, "input-file");
+ file2 is optional param => appendParamOpt(&file2, "output-file");
+
+ How to use
+ opt.parse(argc, argv);
+
+ see sample/option_smpl.cpp
+*/
+
+namespace cybozu {
+
+struct OptionError : public cybozu::Exception {
+ enum Type {
+ NoError = 0,
+ BAD_OPT = 1,
+ BAD_VALUE,
+ NO_VALUE,
+ OPT_IS_NECESSARY,
+ PARAM_IS_NECESSARY,
+ REDUNDANT_VAL,
+ BAD_ARGC
+ };
+ Type type;
+ int argPos;
+ OptionError()
+ : cybozu::Exception("OptionError", false)
+ , type(NoError)
+ , argPos(0)
+ {
+ }
+ cybozu::Exception& set(Type _type, int _argPos = 0)
+ {
+ this->type = _type;
+ this->argPos = _argPos;
+ switch (_type) {
+ case BAD_OPT:
+ (*this) << "bad opt";
+ break;
+ case BAD_VALUE:
+ (*this) << "bad value";
+ break;
+ case NO_VALUE:
+ (*this) << "no value";
+ break;
+ case OPT_IS_NECESSARY:
+ (*this) << "opt is necessary";
+ break;
+ case PARAM_IS_NECESSARY:
+ (*this) << "param is necessary";
+ break;
+ case REDUNDANT_VAL:
+ (*this) << "redundant argVal";
+ break;
+ case BAD_ARGC:
+ (*this) << "bad argc";
+ default:
+ break;
+ }
+ return *this;
+ }
+};
+
+namespace option_local {
+
+template<class T>
+bool convert(T* x, const char *str)
+{
+ std::istringstream is(str);
+ is >> *x;
+ return !!is;
+}
+
+template<>
+inline bool convert(std::string* x, const char *str)
+{
+ *x = str;
+ return true;
+}
+
+template<class T>
+bool convertInt(T* x, const char *str)
+{
+ if (str[0] == '0' && str[1] == 'x') {
+ bool b;
+ *x = cybozu::hextoi(&b, str + 2);
+ return b;
+ }
+ size_t len = strlen(str);
+ int factor = 1;
+ if (len > 1) {
+ switch (str[len - 1]) {
+ case 'k': factor = 1000; len--; break;
+ case 'm': factor = 1000 * 1000; len--; break;
+ case 'g': factor = 1000 * 1000 * 1000; len--; break;
+ case 'K': factor = 1024; len--; break;
+ case 'M': factor = 1024 * 1024; len--; break;
+ case 'G': factor = 1024 * 1024 * 1024; len--; break;
+ default: break;
+ }
+ }
+ bool b;
+ T y = cybozu::atoi(&b, str, len);
+ if (!b) return false;
+ if (factor > 1) {
+ if ((std::numeric_limits<T>::min)() / factor <= y
+ && y <= (std::numeric_limits<T>::max)() / factor) {
+ *x = y * factor;
+ } else {
+ return false;
+ }
+ } else {
+ *x = y;
+ }
+ return true;
+}
+
+#define CYBOZU_OPTION_DEFINE_CONVERT_INT(type) \
+template<>inline bool convert(type* x, const char *str) { return convertInt(x, str); }
+
+CYBOZU_OPTION_DEFINE_CONVERT_INT(int)
+CYBOZU_OPTION_DEFINE_CONVERT_INT(long)
+CYBOZU_OPTION_DEFINE_CONVERT_INT(long long)
+
+CYBOZU_OPTION_DEFINE_CONVERT_INT(unsigned int)
+CYBOZU_OPTION_DEFINE_CONVERT_INT(unsigned long)
+CYBOZU_OPTION_DEFINE_CONVERT_INT(unsigned long long)
+
+#undef CYBOZU_OPTION_DEFINE_CONVERT_INT
+
+struct HolderBase {
+ virtual ~HolderBase(){}
+ virtual bool set(const char*) = 0;
+ virtual HolderBase *clone() const = 0;
+ virtual std::string toStr() const = 0;
+ virtual const void *get() const = 0;
+};
+
+template<class T>
+struct Holder : public HolderBase {
+ T *p_;
+ Holder(T *p) : p_(p) {}
+ HolderBase *clone() const { return new Holder(p_); }
+ bool set(const char *str) { return option_local::convert(p_, str); }
+ std::string toStr() const
+ {
+ std::ostringstream os;
+ os << *p_;
+ return os.str();
+ }
+ const void *get() const { return (void*)p_; }
+};
+
+/*
+ for gcc 7 with -fnew-ttp-matching
+ this specialization is not necessary under -fno-new-ttp-matching
+*/
+template struct Holder<std::string>;
+
+template<class T, class Alloc, template<class T_, class Alloc_>class Container>
+struct Holder<Container<T, Alloc> > : public HolderBase {
+ typedef Container<T, Alloc> Vec;
+ Vec *p_;
+ Holder(Vec *p) : p_(p) {}
+ HolderBase *clone() const { return new Holder<Vec>(p_); }
+ bool set(const char *str)
+ {
+ T t;
+ bool b = option_local::convert(&t, str);
+ if (b) p_->push_back(t);
+ return b;
+ }
+ std::string toStr() const
+ {
+ std::ostringstream os;
+ bool isFirst = true;
+ for (typename Vec::const_iterator i = p_->begin(), ie = p_->end(); i != ie; ++i) {
+ if (isFirst) {
+ isFirst = false;
+ } else {
+ os << ' ';
+ }
+ os << *i;
+ }
+ return os.str();
+ }
+ const void *get() const { return (void*)p_; }
+};
+
+class Var {
+ HolderBase *p_;
+ bool isSet_;
+public:
+ Var() : p_(0), isSet_(false) { }
+ Var(const Var& rhs) : p_(rhs.p_->clone()), isSet_(false) { }
+ template<class T>
+ explicit Var(T *x) : p_(new Holder<T>(x)), isSet_(false) { }
+
+ ~Var() { delete p_; }
+
+ void swap(Var& rhs) CYBOZU_NOEXCEPT
+ {
+ std::swap(p_, rhs.p_);
+ std::swap(isSet_, rhs.isSet_);
+ }
+ void operator=(const Var& rhs)
+ {
+ Var v(rhs);
+ swap(v);
+ }
+ bool set(const char *str)
+ {
+ isSet_ = true;
+ return p_->set(str);
+ }
+ std::string toStr() const { return p_ ? p_->toStr() : ""; }
+ bool isSet() const { return isSet_; }
+ const void *get() const { return p_ ? p_->get() : 0; }
+};
+
+} // option_local
+
+class Option {
+ enum Mode { // for opt
+ N_is0 = 0, // for bool by appendBoolOpt()
+ N_is1 = 1,
+ N_any = 2
+ };
+ enum ParamMode {
+ P_exact = 0, // one
+ P_optional = 1, // zero or one
+ P_variable = 2 // zero or greater
+ };
+ struct Info {
+ option_local::Var var;
+ Mode mode; // 0 or 1 or any ; for opt, not used for Param
+ bool isMust; // this option is must
+ std::string opt; // option param name without '-'
+ std::string help; // description of option
+
+ Info() : mode(N_is0), isMust(false) {}
+ template<class T>
+ Info(T* pvar, Mode mode, bool isMust, const char *opt, const std::string& help)
+ : var(pvar)
+ , mode(mode)
+ , isMust(isMust)
+ , opt(opt)
+ , help(help)
+ {
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const Info& self)
+ {
+ os << self.opt << '=' << self.var.toStr();
+ if (self.var.isSet()) {
+ os << " (set)";
+ } else {
+ os << " (default)";
+ }
+ return os;
+ }
+ void put() const
+ {
+ std::cout << *this;
+ }
+ void usage() const
+ {
+ printf(" -%s %s%s\n", opt.c_str(), help.c_str(), isMust ? " (must)" : "");
+ }
+ void shortUsage() const
+ {
+ printf(" -%s %s", opt.c_str(), mode == N_is0 ? "" : mode == N_is1 ? "para" : "para...");
+ }
+ bool isSet() const { return var.isSet(); }
+ const void *get() const { return var.get(); }
+ };
+ typedef std::vector<Info> InfoVec;
+ typedef std::vector<std::string> StrVec;
+ typedef std::map<std::string, size_t> OptMap;
+ InfoVec infoVec_;
+ InfoVec paramVec_;
+ Info remains_;
+ OptMap optMap_;
+ bool showOptUsage_;
+ ParamMode paramMode_;
+ std::string progName_;
+ std::string desc_;
+ std::string helpOpt_;
+ std::string help_;
+ std::string usage_;
+ StrVec delimiters_;
+ StrVec *remainsAfterDelimiter_;
+ int nextDelimiter_;
+ template<class T>
+ void appendSub(T *pvar, Mode mode, bool isMust, const char *opt, const std::string& help)
+ {
+ const char c = opt[0];
+ if ('0' <= c && c <= '9') throw cybozu::Exception("Option::appendSub:opt must begin with not number") << opt;
+ if (optMap_.find(opt) != optMap_.end()) {
+ throw cybozu::Exception("Option::append:duplicate option") << opt;
+ }
+ optMap_[opt] = infoVec_.size();
+ infoVec_.push_back(Info(pvar, mode, isMust, opt, help));
+ }
+
+ template<class T, class U>
+ void append(T *pvar, const U& defaultVal, bool isMust, const char *opt, const std::string& help = "")
+ {
+ *pvar = defaultVal;
+ appendSub(pvar, N_is1, isMust, opt, help);
+ }
+ /*
+ don't deal with negative number as option
+ */
+ bool isOpt(const char *str) const
+ {
+ if (str[0] != '-') return false;
+ const char c = str[1];
+ if ('0' <= c && c <= '9') return false;
+ return true;
+ }
+ void verifyParamMode()
+ {
+ if (paramMode_ != P_exact) throw cybozu::Exception("Option:appendParamVec:appendParam is forbidden after appendParamOpt/appendParamVec");
+ }
+ std::string getBaseName(const std::string& name) const
+ {
+ size_t pos = name.find_last_of("/\\");
+ if (pos == std::string::npos) return name;
+ return name.substr(pos + 1);
+ }
+ bool inDelimiters(const std::string& str) const
+ {
+ return std::find(delimiters_.begin(), delimiters_.end(), str) != delimiters_.end();
+ }
+public:
+ Option()
+ : showOptUsage_(true)
+ , paramMode_(P_exact)
+ , remainsAfterDelimiter_(0)
+ , nextDelimiter_(-1)
+ {
+ }
+ virtual ~Option() {}
+ /*
+ append optional option with default value
+ @param pvar [in] pointer to option variable
+ @param defaultVal [in] default value
+ @param opt [in] option name
+ @param help [in] option help
+ @note you can use 123k, 56M if T is int/long/long long
+ k : *1000
+ m : *1000000
+ g : *1000000000
+ K : *1024
+ M : *1024*1024
+ G : *1024*1024*1024
+ */
+ template<class T, class U>
+ void appendOpt(T *pvar, const U& defaultVal, const char *opt, const std::string& help = "")
+ {
+ append(pvar, defaultVal, false, opt, help);
+ }
+ /*
+ default value of *pvar is false
+ */
+ void appendBoolOpt(bool *pvar, const char *opt, const std::string& help = "")
+ {
+ *pvar = false;
+ appendSub(pvar, N_is0, false, opt, help);
+ }
+ /*
+ append necessary option
+ @param pvar [in] pointer to option variable
+ @param opt [in] option name
+ @param help [in] option help
+ */
+ template<class T>
+ void appendMust(T *pvar, const char *opt, const std::string& help = "")
+ {
+ append(pvar, T(), true, opt, help);
+ }
+ /*
+ append vector option
+ @param pvar [in] pointer to option variable
+ @param opt [in] option name
+ @param help [in] option help
+ */
+ template<class T, class Alloc, template<class T_, class Alloc_>class Container>
+ void appendVec(Container<T, Alloc> *pvar, const char *opt, const std::string& help = "")
+ {
+ appendSub(pvar, N_any, false, opt, help);
+ }
+ /*
+ append parameter
+ @param pvar [in] pointer to parameter
+ @param opt [in] option name
+ @param help [in] option help
+ */
+ template<class T>
+ void appendParam(T *pvar, const char *opt, const std::string& help = "")
+ {
+ verifyParamMode();
+ paramVec_.push_back(Info(pvar, N_is1, true, opt, help));
+ }
+ /*
+ append optional parameter
+ @param pvar [in] pointer to parameter
+ @param defaultVal [in] default value
+ @param opt [in] option name
+ @param help [in] option help
+ @note you can call appendParamOpt once after appendParam
+ */
+ template<class T, class U>
+ void appendParamOpt(T *pvar, const U& defaultVal, const char *opt, const std::string& help = "")
+ {
+ verifyParamMode();
+ *pvar = defaultVal;
+ paramMode_ = P_optional;
+ paramVec_.push_back(Info(pvar, N_is1, false, opt, help));
+ }
+ /*
+ append remain parameter
+ @param pvar [in] pointer to vector of parameter
+ @param opt [in] option name
+ @param help [in] option help
+ @note you can call appendParamVec once after appendParam
+ */
+ template<class T, class Alloc, template<class T_, class Alloc_>class Container>
+ void appendParamVec(Container<T, Alloc> *pvar, const char *name, const std::string& help = "")
+ {
+ verifyParamMode();
+ paramMode_ = P_variable;
+ remains_.var = option_local::Var(pvar);
+ remains_.mode = N_any;
+ remains_.isMust = false;
+ remains_.opt = name;
+ remains_.help = help;
+ }
+ void appendHelp(const char *opt, const std::string& help = ": show this message")
+ {
+ helpOpt_ = opt;
+ help_ = help;
+ }
+ /*
+ stop parsing after delimiter is found
+ @param delimiter [in] string to stop
+ @param remain [out] set remaining strings if remain
+ */
+ void setDelimiter(const std::string& delimiter, std::vector<std::string> *remain = 0)
+ {
+ delimiters_.push_back(delimiter);
+ remainsAfterDelimiter_ = remain;
+ }
+ /*
+ stop parsing after delimiter is found
+ @param delimiter [in] string to stop to append list of delimiters
+ */
+ void appendDelimiter(const std::string& delimiter)
+ {
+ delimiters_.push_back(delimiter);
+ }
+ /*
+ clear list of delimiters
+ */
+ void clearDelimiterList() { delimiters_.clear(); }
+ /*
+ return the next position of delimiter between [0, argc]
+ @note return argc if delimiter is not set nor found
+ */
+ int getNextPositionOfDelimiter() const { return nextDelimiter_; }
+ /*
+ parse (argc, argv)
+ @param argc [in] argc of main
+ @param argv [in] argv of main
+ @param startPos [in] start position of argc
+ @param progName [in] used instead of argv[0]
+ */
+ bool parse(int argc, const char *const argv[], int startPos = 1, const char *progName = 0)
+ {
+ if (argc < 1 || startPos > argc) return false;
+ progName_ = getBaseName(progName ? progName : argv[startPos - 1]);
+ nextDelimiter_ = argc;
+ OptionError err;
+ for (int pos = startPos; pos < argc; pos++) {
+ if (inDelimiters(argv[pos])) {
+ nextDelimiter_ = pos + 1;
+ if (remainsAfterDelimiter_) {
+ for (int i = nextDelimiter_; i < argc; i++) {
+ remainsAfterDelimiter_->push_back(argv[i]);
+ }
+ }
+ break;
+ }
+ if (isOpt(argv[pos])) {
+ const std::string str = argv[pos] + 1;
+ if (helpOpt_ == str) {
+ usage();
+ exit(0);
+ }
+ OptMap::const_iterator i = optMap_.find(str);
+ if (i == optMap_.end()) {
+ err.set(OptionError::BAD_OPT, pos);
+ goto ERR;
+ }
+
+ Info& info = infoVec_[i->second];
+ switch (info.mode) {
+ case N_is0:
+ if (!info.var.set("1")) {
+ err.set(OptionError::BAD_VALUE, pos);
+ goto ERR;
+ }
+ break;
+ case N_is1:
+ pos++;
+ if (pos == argc) {
+ err.set(OptionError::BAD_VALUE, pos) << (std::string("no value for -") + info.opt);
+ goto ERR;
+ }
+ if (!info.var.set(argv[pos])) {
+ err.set(OptionError::BAD_VALUE, pos) << (std::string(argv[pos]) + " for -" + info.opt);
+ goto ERR;
+ }
+ break;
+ case N_any:
+ default:
+ {
+ pos++;
+ int j = 0;
+ while (pos < argc && !isOpt(argv[pos])) {
+ if (!info.var.set(argv[pos])) {
+ err.set(OptionError::BAD_VALUE, pos) << (std::string(argv[pos]) + " for -" + info.opt) << j;
+ goto ERR;
+ }
+ pos++;
+ j++;
+ }
+ if (j > 0) {
+ pos--;
+ } else {
+ err.set(OptionError::NO_VALUE, pos) << (std::string("for -") + info.opt);
+ goto ERR;
+ }
+ }
+ break;
+ }
+ } else {
+ bool used = false;
+ for (size_t i = 0; i < paramVec_.size(); i++) {
+ Info& param = paramVec_[i];
+ if (!param.var.isSet()) {
+ if (!param.var.set(argv[pos])) {
+ err.set(OptionError::BAD_VALUE, pos) << (std::string(argv[pos]) + " for " + param.opt);
+ goto ERR;
+ }
+ used = true;
+ break;
+ }
+ }
+ if (!used) {
+ if (paramMode_ == P_variable) {
+ remains_.var.set(argv[pos]);
+ } else {
+ err.set(OptionError::REDUNDANT_VAL, pos) << argv[pos];
+ goto ERR;
+ }
+ }
+ }
+ }
+ // check whether must-opt is set
+ for (size_t i = 0; i < infoVec_.size(); i++) {
+ const Info& info = infoVec_[i];
+ if (info.isMust && !info.var.isSet()) {
+ err.set(OptionError::OPT_IS_NECESSARY) << info.opt;
+ goto ERR;
+ }
+ }
+ // check whether param is set
+ for (size_t i = 0; i < paramVec_.size(); i++) {
+ const Info& param = paramVec_[i];
+ if (param.isMust && !param.var.isSet()) {
+ err.set(OptionError::PARAM_IS_NECESSARY) << param.opt;
+ goto ERR;
+ }
+ }
+ // check whether remains is set
+ if (paramMode_ == P_variable && remains_.isMust && !remains_.var.isSet()) {
+ err.set(OptionError::PARAM_IS_NECESSARY) << remains_.opt;
+ goto ERR;
+ }
+ return true;
+ ERR:
+ assert(err.type);
+ printf("%s\n", err.what());
+ return false;
+ }
+ /*
+ show desc at first in usage()
+ */
+ void setDescription(const std::string& desc)
+ {
+ desc_ = desc;
+ }
+ /*
+ show command line after desc
+ don't put option message if not showOptUsage
+ */
+ void setUsage(const std::string& usage, bool showOptUsage = false)
+ {
+ usage_ = usage;
+ showOptUsage_ = showOptUsage;
+ }
+ void usage() const
+ {
+ if (!desc_.empty()) printf("%s\n", desc_.c_str());
+ if (usage_.empty()) {
+ printf("usage:%s", progName_.c_str());
+ if (!infoVec_.empty()) printf(" [opt]");
+ for (size_t i = 0; i < infoVec_.size(); i++) {
+ if (infoVec_[i].isMust) infoVec_[i].shortUsage();
+ }
+ for (size_t i = 0; i < paramVec_.size(); i++) {
+ printf(" %s", paramVec_[i].opt.c_str());
+ }
+ if (paramMode_ == P_variable) {
+ printf(" %s", remains_.opt.c_str());
+ }
+ printf("\n");
+ } else {
+ printf("%s\n", usage_.c_str());
+ if (!showOptUsage_) return;
+ }
+ for (size_t i = 0; i < paramVec_.size(); i++) {
+ const Info& param = paramVec_[i];
+ if (!param.help.empty()) printf(" %s %s\n", paramVec_[i].opt.c_str(), paramVec_[i].help.c_str());
+ }
+ if (!remains_.help.empty()) printf(" %s %s\n", remains_.opt.c_str(), remains_.help.c_str());
+ if (!helpOpt_.empty()) {
+ printf(" -%s %s\n", helpOpt_.c_str(), help_.c_str());
+ }
+ for (size_t i = 0; i < infoVec_.size(); i++) {
+ infoVec_[i].usage();
+ }
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const Option& self)
+ {
+ for (size_t i = 0; i < self.paramVec_.size(); i++) {
+ const Info& param = self.paramVec_[i];
+ os << param.opt << '=' << param.var.toStr() << std::endl;
+ }
+ if (self.paramMode_ == P_variable) {
+ os << "remains=" << self.remains_.var.toStr() << std::endl;
+ }
+ for (size_t i = 0; i < self.infoVec_.size(); i++) {
+ os << self.infoVec_[i] << std::endl;
+ }
+ return os;
+ }
+ void put() const
+ {
+ std::cout << *this;
+ }
+ /*
+ whether pvar is set or not
+ */
+ template<class T>
+ bool isSet(const T* pvar) const
+ {
+ const void *p = static_cast<const void*>(pvar);
+ for (size_t i = 0; i < paramVec_.size(); i++) {
+ const Info& v = paramVec_[i];
+ if (v.get() == p) return v.isSet();
+ }
+ if (remains_.get() == p) return remains_.isSet();
+ for (size_t i = 0; i < infoVec_.size(); i++) {
+ const Info& v = infoVec_[i];
+ if (v.get() == p) return v.isSet();
+ }
+ throw cybozu::Exception("Option:isSet:no assigned var") << pvar;
+ }
+};
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/random_generator.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/random_generator.hpp
new file mode 100644
index 000000000..ff4a78da5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/random_generator.hpp
@@ -0,0 +1,153 @@
+#pragma once
+/**
+ @file
+ @brief pseudrandom generator
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+
+#include <cybozu/exception.hpp>
+#ifdef _WIN32
+#include <winsock2.h>
+#include <windows.h>
+#include <wincrypt.h>
+#ifdef _MSC_VER
+#pragma comment (lib, "advapi32.lib")
+#endif
+#include <cybozu/critical_section.hpp>
+#else
+#include <sys/types.h>
+#include <fcntl.h>
+#endif
+
+namespace cybozu {
+
+class RandomGenerator {
+ RandomGenerator(const RandomGenerator&);
+ void operator=(const RandomGenerator&);
+public:
+ uint32_t operator()()
+ {
+ return get32();
+ }
+ uint32_t get32()
+ {
+ uint32_t ret;
+ read(&ret, 1);
+ return ret;
+ }
+ uint64_t get64()
+ {
+ uint64_t ret;
+ read(&ret, 1);
+ return ret;
+ }
+#ifdef _WIN32
+ RandomGenerator()
+ : prov_(0)
+ , pos_(bufSize)
+ {
+ DWORD flagTbl[] = { 0, CRYPT_NEWKEYSET };
+ for (int i = 0; i < 2; i++) {
+ if (CryptAcquireContext(&prov_, NULL, NULL, PROV_RSA_FULL, flagTbl[i]) != 0) return;
+ }
+ throw cybozu::Exception("randomgenerator");
+ }
+ bool read_inner(void *buf, size_t byteSize)
+ {
+ return CryptGenRandom(prov_, static_cast<DWORD>(byteSize), static_cast<BYTE*>(buf)) != 0;
+ }
+ ~RandomGenerator()
+ {
+ if (prov_) {
+ CryptReleaseContext(prov_, 0);
+ }
+ }
+ /*
+ fill buf[0..bufNum-1] with random data
+ @note bufNum is not byte size
+ */
+ template<class T>
+ void read(bool *pb, T *buf, size_t bufNum)
+ {
+ cybozu::AutoLockCs al(cs_);
+ const size_t byteSize = sizeof(T) * bufNum;
+ if (byteSize > bufSize) {
+ if (!read_inner(buf, byteSize)) {
+ *pb = false;
+ return;
+ }
+ } else {
+ if (pos_ + byteSize > bufSize) {
+ read_inner(buf_, bufSize);
+ pos_ = 0;
+ }
+ memcpy(buf, buf_ + pos_, byteSize);
+ pos_ += byteSize;
+ }
+ *pb = true;
+ }
+ template<class T>
+ void read(T *buf, size_t bufNum)
+ {
+ bool b;
+ read(&b, buf, bufNum);
+ if (!b) throw cybozu::Exception("RandomGenerator:read") << bufNum;
+ }
+private:
+ HCRYPTPROV prov_;
+ static const size_t bufSize = 1024;
+ char buf_[bufSize];
+ size_t pos_;
+ cybozu::CriticalSection cs_;
+#else
+ RandomGenerator()
+ : fp_(::fopen("/dev/urandom", "rb"))
+ {
+ if (!fp_) throw cybozu::Exception("randomgenerator");
+ }
+ ~RandomGenerator()
+ {
+ if (fp_) ::fclose(fp_);
+ }
+ /*
+ fill buf[0..bufNum-1] with random data
+ @note bufNum is not byte size
+ */
+ template<class T>
+ void read(bool *pb, T *buf, size_t bufNum)
+ {
+ const size_t byteSize = sizeof(T) * bufNum;
+ *pb = ::fread(buf, 1, (int)byteSize, fp_) == byteSize;
+ }
+ template<class T>
+ void read(T *buf, size_t bufNum)
+ {
+ bool b;
+ read(&b, buf, bufNum);
+ if (!b) throw cybozu::Exception("RandomGenerator:read") << bufNum;
+ }
+#endif
+private:
+ FILE *fp_;
+};
+
+template<class T, class RG>
+void shuffle(T* v, size_t n, RG& rg)
+{
+ if (n <= 1) return;
+ for (size_t i = 0; i < n - 1; i++) {
+ size_t r = i + size_t(rg.get64() % (n - i));
+ using namespace std;
+ swap(v[i], v[r]);
+ }
+}
+
+template<class V, class RG>
+void shuffle(V& v, RG& rg)
+{
+ shuffle(v.data(), v.size(), rg);
+}
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/serializer.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/serializer.hpp
new file mode 100644
index 000000000..1e23c8f42
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/serializer.hpp
@@ -0,0 +1,363 @@
+#pragma once
+/**
+ @file
+ @brief serializer for vector, list, map and so on
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <assert.h>
+#include <cybozu/stream.hpp>
+
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4127)
+#endif
+
+//#define CYBOZU_SERIALIZER_FIXED_SIZE_INTEGER
+
+namespace cybozu {
+
+namespace serializer_local {
+
+template<class T>
+union ci {
+ T i;
+ uint8_t c[sizeof(T)];
+};
+
+template<class S, void (S::*)(size_t)>
+struct HasMemFunc { };
+
+template<class T>
+void dispatch_reserve(T& t, size_t size, int, HasMemFunc<T, &T::reserve>* = 0)
+{
+ t.reserve(size);
+}
+
+template<class T>
+void dispatch_reserve(T&, size_t, int*)
+{
+}
+
+template<class T>
+void reserve_if_exists(T& t, size_t size)
+{
+ dispatch_reserve(t, size, 0);
+}
+
+} // serializer_local
+
+template<class InputStream, class T>
+void loadRange(T *p, size_t num, InputStream& is)
+{
+ cybozu::read(p, num * sizeof(T), is);
+}
+
+template<class OutputStream, class T>
+void saveRange(OutputStream& os, const T *p, size_t num)
+{
+ cybozu::write(os, p, num * sizeof(T));
+}
+
+template<class InputStream, class T>
+void loadPod(T& x, InputStream& is)
+{
+ serializer_local::ci<T> ci;
+ loadRange(ci.c, sizeof(ci.c), is);
+ x = ci.i;
+}
+
+template<class OutputStream, class T>
+void savePod(OutputStream& os, const T& x)
+{
+ serializer_local::ci<T> ci;
+ ci.i = x;
+ saveRange(os, ci.c, sizeof(ci.c));
+}
+
+template<class InputStream, class T>
+void load(T& x, InputStream& is)
+{
+ x.load(is);
+}
+
+template<class OutputStream, class T>
+void save(OutputStream& os, const T& x)
+{
+ x.save(os);
+}
+
+#define CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(type) \
+template<class InputStream>void load(type& x, InputStream& is) { loadPod(x, is); } \
+template<class OutputStream>void save(OutputStream& os, type x) { savePod(os, x); }
+
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(bool)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(char)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(short)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(unsigned char)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(unsigned short)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(wchar_t)
+
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(float)
+CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(double)
+
+#ifdef CYBOZU_SERIALIZER_FIXED_SIZE_INTEGER
+
+#define CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(type) CYBOZU_SERIALIZER_MAKE_SERIALIZER_F(type)
+
+#else
+
+namespace serializer_local {
+
+template<class S, class T>
+bool isRecoverable(T x)
+{
+ return T(S(x)) == x;
+}
+/*
+ data structure H:D of integer x
+ H:header(1byte)
+ 0x80 ; D = 1 byte zero ext
+ 0x81 ; D = 2 byte zero ext
+ 0x82 ; D = 4 byte zero ext
+ 0x83 ; D = 8 byte zero ext
+ 0x84 ; D = 1 byte signed ext
+ 0x85 ; D = 2 byte signed ext
+ 0x86 ; D = 4 byte signed ext
+ 0x87 ; D = 8 byte signed ext
+ other; x = signed H, D = none
+*/
+template<class OutputStream, class T>
+void saveVariableInt(OutputStream& os, const T& x)
+{
+ if (isRecoverable<int8_t>(x)) {
+ uint8_t u8 = uint8_t(x);
+ if (unsigned(u8 - 0x80) <= 7) {
+ savePod(os, uint8_t(0x84));
+ }
+ savePod(os, u8);
+ } else if (isRecoverable<uint8_t>(x)) {
+ savePod(os, uint8_t(0x80));
+ savePod(os, uint8_t(x));
+ } else if (isRecoverable<uint16_t>(x) || isRecoverable<int16_t>(x)) {
+ savePod(os, uint8_t(isRecoverable<uint16_t>(x) ? 0x81 : 0x85));
+ savePod(os, uint16_t(x));
+ } else if (isRecoverable<uint32_t>(x) || isRecoverable<int32_t>(x)) {
+ savePod(os, uint8_t(isRecoverable<uint32_t>(x) ? 0x82 : 0x86));
+ savePod(os, uint32_t(x));
+ } else {
+ assert(sizeof(T) == 8);
+ savePod(os, uint8_t(0x83));
+ savePod(os, uint64_t(x));
+ }
+}
+
+template<class InputStream, class T>
+void loadVariableInt(T& x, InputStream& is)
+{
+ uint8_t h;
+ loadPod(h, is);
+ if (h == 0x80) {
+ uint8_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x81) {
+ uint16_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x82) {
+ uint32_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x83) {
+ if (sizeof(T) == 4) throw cybozu::Exception("loadVariableInt:bad header") << h;
+ uint64_t v;
+ loadPod(v, is);
+ x = static_cast<T>(v);
+ } else if (h == 0x84) {
+ int8_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x85) {
+ int16_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x86) {
+ int32_t v;
+ loadPod(v, is);
+ x = v;
+ } else if (h == 0x87) {
+ if (sizeof(T) == 4) throw cybozu::Exception("loadVariableInt:bad header") << h;
+ int64_t v;
+ loadPod(v, is);
+ x = static_cast<T>(v);
+ } else {
+ x = static_cast<int8_t>(h);
+ }
+}
+
+} // serializer_local
+
+#define CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(type) \
+template<class InputStream>void load(type& x, InputStream& is) { serializer_local::loadVariableInt(x, is); } \
+template<class OutputStream>void save(OutputStream& os, type x) { serializer_local::saveVariableInt(os, x); }
+
+#endif
+
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(int)
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(long)
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(long long)
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(unsigned int)
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(unsigned long)
+CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER(unsigned long long)
+
+#undef CYBOZU_SERIALIZER_MAKE_INT_SERIALIZER
+#undef CYBOZU_SERIALIZER_MAKE_UNT_SERIALIZER
+#undef CYBOZU_SERIALIZER_MAKE_SERIALIZER_F
+#undef CYBOZU_SERIALIZER_MAKE_SERIALIZER_V
+
+// only for std::vector<POD>
+template<class V, class InputStream>
+void loadPodVec(V& v, InputStream& is)
+{
+ size_t size;
+ load(size, is);
+ v.resize(size);
+ if (size > 0) loadRange(&v[0], size, is);
+}
+
+// only for std::vector<POD>
+template<class V, class OutputStream>
+void savePodVec(OutputStream& os, const V& v)
+{
+ save(os, v.size());
+ if (!v.empty()) saveRange(os, &v[0], v.size());
+}
+
+template<class InputStream>
+void load(std::string& str, InputStream& is)
+{
+ loadPodVec(str, is);
+}
+
+template<class OutputStream>
+void save(OutputStream& os, const std::string& str)
+{
+ savePodVec(os, str);
+}
+
+template<class OutputStream>
+void save(OutputStream& os, const char *x)
+{
+ const size_t len = strlen(x);
+ save(os, len);
+ if (len > 0) saveRange(os, x, len);
+}
+
+
+// for vector, list
+template<class InputStream, class T, class Alloc, template<class T_, class Alloc_>class Container>
+void load(Container<T, Alloc>& x, InputStream& is)
+{
+ size_t size;
+ load(size, is);
+ serializer_local::reserve_if_exists(x, size);
+ for (size_t i = 0; i < size; i++) {
+ x.push_back(T());
+ T& t = x.back();
+ load(t, is);
+ }
+}
+
+template<class OutputStream, class T, class Alloc, template<class T_, class Alloc_>class Container>
+void save(OutputStream& os, const Container<T, Alloc>& x)
+{
+ typedef Container<T, Alloc> V;
+ save(os, x.size());
+ for (typename V::const_iterator i = x.begin(), end = x.end(); i != end; ++i) {
+ save(os, *i);
+ }
+}
+
+// for set
+template<class InputStream, class K, class Pred, class Alloc, template<class K_, class Pred_, class Alloc_>class Container>
+void load(Container<K, Pred, Alloc>& x, InputStream& is)
+{
+ size_t size;
+ load(size, is);
+ for (size_t i = 0; i < size; i++) {
+ K t;
+ load(t, is);
+ x.insert(t);
+ }
+}
+
+template<class OutputStream, class K, class Pred, class Alloc, template<class K_, class Pred_, class Alloc_>class Container>
+void save(OutputStream& os, const Container<K, Pred, Alloc>& x)
+{
+ typedef Container<K, Pred, Alloc> Set;
+ save(os, x.size());
+ for (typename Set::const_iterator i = x.begin(), end = x.end(); i != end; ++i) {
+ save(os, *i);
+ }
+}
+
+// for map
+template<class InputStream, class K, class V, class Pred, class Alloc, template<class K_, class V_, class Pred_, class Alloc_>class Container>
+void load(Container<K, V, Pred, Alloc>& x, InputStream& is)
+{
+ typedef Container<K, V, Pred, Alloc> Map;
+ size_t size;
+ load(size, is);
+ for (size_t i = 0; i < size; i++) {
+ std::pair<typename Map::key_type, typename Map::mapped_type> vt;
+ load(vt.first, is);
+ load(vt.second, is);
+ x.insert(vt);
+ }
+}
+
+template<class OutputStream, class K, class V, class Pred, class Alloc, template<class K_, class V_, class Pred_, class Alloc_>class Container>
+void save(OutputStream& os, const Container<K, V, Pred, Alloc>& x)
+{
+ typedef Container<K, V, Pred, Alloc> Map;
+ save(os, x.size());
+ for (typename Map::const_iterator i = x.begin(), end = x.end(); i != end; ++i) {
+ save(os, i->first);
+ save(os, i->second);
+ }
+}
+
+// unordered_map
+template<class InputStream, class K, class V, class Hash, class Pred, class Alloc, template<class K_, class V_, class Hash_, class Pred_, class Alloc_>class Container>
+void load(Container<K, V, Hash, Pred, Alloc>& x, InputStream& is)
+{
+ typedef Container<K, V, Hash, Pred, Alloc> Map;
+ size_t size;
+ load(size, is);
+// x.reserve(size); // tr1::unordered_map may not have reserve
+ cybozu::serializer_local::reserve_if_exists(x, size);
+ for (size_t i = 0; i < size; i++) {
+ std::pair<typename Map::key_type, typename Map::mapped_type> vt;
+ load(vt.first, is);
+ load(vt.second, is);
+ x.insert(vt);
+ }
+}
+
+template<class OutputStream, class K, class V, class Hash, class Pred, class Alloc, template<class K_, class V_, class Hash_, class Pred_, class Alloc_>class Container>
+void save(OutputStream& os, const Container<K, V, Hash, Pred, Alloc>& x)
+{
+ typedef Container<K, V, Hash, Pred, Alloc> Map;
+ save(os, x.size());
+ for (typename Map::const_iterator i = x.begin(), end = x.end(); i != end; ++i) {
+ save(os, i->first);
+ save(os, i->second);
+ }
+}
+
+} // cybozu
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/sha2.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/sha2.hpp
new file mode 100644
index 000000000..1830936f0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/sha2.hpp
@@ -0,0 +1,467 @@
+#pragma once
+/**
+ @file
+ @brief SHA-256, SHA-512 class
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#if !defined(CYBOZU_DONT_USE_OPENSSL) && !defined(MCL_DONT_USE_OPENSSL)
+ #define CYBOZU_USE_OPENSSL_SHA
+#endif
+
+#ifndef CYBOZU_DONT_USE_STRING
+#include <string>
+#endif
+
+#ifdef CYBOZU_USE_OPENSSL_SHA
+#ifdef __APPLE__
+ #pragma GCC diagnostic push
+ #pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+#include <openssl/sha.h>
+#ifdef _MSC_VER
+ #include <cybozu/link_libeay32.hpp>
+#endif
+
+#ifdef __APPLE__
+ #pragma GCC diagnostic pop
+#endif
+
+namespace cybozu {
+
+class Sha256 {
+ SHA256_CTX ctx_;
+public:
+ Sha256()
+ {
+ clear();
+ }
+ void clear()
+ {
+ SHA256_Init(&ctx_);
+ }
+ void update(const void *buf, size_t bufSize)
+ {
+ SHA256_Update(&ctx_, buf, bufSize);
+ }
+ size_t digest(void *md, size_t mdSize, const void *buf, size_t bufSize)
+ {
+ if (mdSize < SHA256_DIGEST_LENGTH) return 0;
+ update(buf, bufSize);
+ SHA256_Final(reinterpret_cast<uint8_t*>(md), &ctx_);
+ return SHA256_DIGEST_LENGTH;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ void update(const std::string& buf)
+ {
+ update(buf.c_str(), buf.size());
+ }
+ std::string digest(const std::string& buf)
+ {
+ return digest(buf.c_str(), buf.size());
+ }
+ std::string digest(const void *buf, size_t bufSize)
+ {
+ std::string md(SHA256_DIGEST_LENGTH, 0);
+ digest(&md[0], md.size(), buf, bufSize);
+ return md;
+ }
+#endif
+};
+
+class Sha512 {
+ SHA512_CTX ctx_;
+public:
+ Sha512()
+ {
+ clear();
+ }
+ void clear()
+ {
+ SHA512_Init(&ctx_);
+ }
+ void update(const void *buf, size_t bufSize)
+ {
+ SHA512_Update(&ctx_, buf, bufSize);
+ }
+ size_t digest(void *md, size_t mdSize, const void *buf, size_t bufSize)
+ {
+ if (mdSize < SHA512_DIGEST_LENGTH) return 0;
+ update(buf, bufSize);
+ SHA512_Final(reinterpret_cast<uint8_t*>(md), &ctx_);
+ return SHA512_DIGEST_LENGTH;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ void update(const std::string& buf)
+ {
+ update(buf.c_str(), buf.size());
+ }
+ std::string digest(const std::string& buf)
+ {
+ return digest(buf.c_str(), buf.size());
+ }
+ std::string digest(const void *buf, size_t bufSize)
+ {
+ std::string md(SHA512_DIGEST_LENGTH, 0);
+ digest(&md[0], md.size(), buf, bufSize);
+ return md;
+ }
+#endif
+};
+
+} // cybozu
+
+#else
+
+#include <cybozu/endian.hpp>
+#include <memory.h>
+#include <assert.h>
+
+namespace cybozu {
+
+namespace sha2_local {
+
+template<class T>
+T min_(T x, T y) { return x < y ? x : y;; }
+
+inline uint32_t rot32(uint32_t x, int s)
+{
+#ifdef _MSC_VER
+ return _rotr(x, s);
+#else
+ return (x >> s) | (x << (32 - s));
+#endif
+}
+
+inline uint64_t rot64(uint64_t x, int s)
+{
+#ifdef _MSC_VER
+ return _rotr64(x, s);
+#else
+ return (x >> s) | (x << (64 - s));
+#endif
+}
+
+template<class T>
+struct Common {
+ void term(const char *buf, size_t bufSize)
+ {
+ assert(bufSize < T::blockSize_);
+ T& self = static_cast<T&>(*this);
+ const uint64_t totalSize = self.totalSize_ + bufSize;
+
+ uint8_t last[T::blockSize_];
+ memcpy(last, buf, bufSize);
+ last[bufSize] = uint8_t(0x80); /* top bit = 1 */
+ memset(&last[bufSize + 1], 0, T::blockSize_ - bufSize - 1);
+ if (bufSize >= T::blockSize_ - T::msgLenByte_) {
+ self.round(reinterpret_cast<const char*>(last));
+ memset(last, 0, sizeof(last)); // clear stack
+ }
+ cybozu::Set64bitAsBE(&last[T::blockSize_ - 8], totalSize * 8);
+ self.round(reinterpret_cast<const char*>(last));
+ }
+ void inner_update(const char *buf, size_t bufSize)
+ {
+ T& self = static_cast<T&>(*this);
+ if (bufSize == 0) return;
+ if (self.roundBufSize_ > 0) {
+ size_t size = sha2_local::min_(T::blockSize_ - self.roundBufSize_, bufSize);
+ memcpy(self.roundBuf_ + self.roundBufSize_, buf, size);
+ self.roundBufSize_ += size;
+ buf += size;
+ bufSize -= size;
+ }
+ if (self.roundBufSize_ == T::blockSize_) {
+ self.round(self.roundBuf_);
+ self.roundBufSize_ = 0;
+ }
+ while (bufSize >= T::blockSize_) {
+ assert(self.roundBufSize_ == 0);
+ self.round(buf);
+ buf += T::blockSize_;
+ bufSize -= T::blockSize_;
+ }
+ if (bufSize > 0) {
+ assert(bufSize < T::blockSize_);
+ assert(self.roundBufSize_ == 0);
+ memcpy(self.roundBuf_, buf, bufSize);
+ self.roundBufSize_ = bufSize;
+ }
+ assert(self.roundBufSize_ < T::blockSize_);
+ }
+};
+
+} // cybozu::sha2_local
+
+class Sha256 : public sha2_local::Common<Sha256> {
+ friend struct sha2_local::Common<Sha256>;
+private:
+ static const size_t blockSize_ = 64;
+ static const size_t hSize_ = 8;
+ static const size_t msgLenByte_ = 8;
+ uint64_t totalSize_;
+ size_t roundBufSize_;
+ char roundBuf_[blockSize_];
+ uint32_t h_[hSize_];
+ static const size_t outByteSize_ = hSize_ * sizeof(uint32_t);
+ const uint32_t *k_;
+
+ /**
+ @param buf [in] buffer(64byte)
+ */
+ void round(const char *buf)
+ {
+ using namespace sha2_local;
+ uint32_t w[64];
+ for (int i = 0; i < 16; i++) {
+ w[i] = cybozu::Get32bitAsBE(&buf[i * 4]);
+ }
+ for (int i = 16 ; i < 64; i++) {
+ uint32_t t = w[i - 15];
+ uint32_t s0 = rot32(t, 7) ^ rot32(t, 18) ^ (t >> 3);
+ t = w[i - 2];
+ uint32_t s1 = rot32(t, 17) ^ rot32(t, 19) ^ (t >> 10);
+ w[i] = w[i - 16] + s0 + w[i - 7] + s1;
+ }
+ uint32_t a = h_[0];
+ uint32_t b = h_[1];
+ uint32_t c = h_[2];
+ uint32_t d = h_[3];
+ uint32_t e = h_[4];
+ uint32_t f = h_[5];
+ uint32_t g = h_[6];
+ uint32_t h = h_[7];
+ for (int i = 0; i < 64; i++) {
+ uint32_t s1 = rot32(e, 6) ^ rot32(e, 11) ^ rot32(e, 25);
+ uint32_t ch = g ^ (e & (f ^ g));
+ uint32_t t1 = h + s1 + ch + k_[i] + w[i];
+ uint32_t s0 = rot32(a, 2) ^ rot32(a, 13) ^ rot32(a, 22);
+ uint32_t maj = ((a | b) & c) | (a & b);
+ uint32_t t2 = s0 + maj;
+ h = g;
+ g = f;
+ f = e;
+ e = d + t1;
+ d = c;
+ c = b;
+ b = a;
+ a = t1 + t2;
+ }
+ h_[0] += a;
+ h_[1] += b;
+ h_[2] += c;
+ h_[3] += d;
+ h_[4] += e;
+ h_[5] += f;
+ h_[6] += g;
+ h_[7] += h;
+ totalSize_ += blockSize_;
+ }
+public:
+ Sha256()
+ {
+ clear();
+ }
+ void clear()
+ {
+ static const uint32_t kTbl[] = {
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+ };
+ k_ = kTbl;
+ totalSize_ = 0;
+ roundBufSize_ = 0;
+ h_[0] = 0x6a09e667;
+ h_[1] = 0xbb67ae85;
+ h_[2] = 0x3c6ef372;
+ h_[3] = 0xa54ff53a;
+ h_[4] = 0x510e527f;
+ h_[5] = 0x9b05688c;
+ h_[6] = 0x1f83d9ab;
+ h_[7] = 0x5be0cd19;
+ }
+ void update(const void *buf, size_t bufSize)
+ {
+ inner_update(reinterpret_cast<const char*>(buf), bufSize);
+ }
+ size_t digest(void *md, size_t mdSize, const void *buf, size_t bufSize)
+ {
+ if (mdSize < outByteSize_) return 0;
+ update(buf, bufSize);
+ term(roundBuf_, roundBufSize_);
+ char *p = reinterpret_cast<char*>(md);
+ for (size_t i = 0; i < hSize_; i++) {
+ cybozu::Set32bitAsBE(&p[i * sizeof(h_[0])], h_[i]);
+ }
+ return outByteSize_;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ void update(const std::string& buf)
+ {
+ update(buf.c_str(), buf.size());
+ }
+ std::string digest(const std::string& buf)
+ {
+ return digest(buf.c_str(), buf.size());
+ }
+ std::string digest(const void *buf, size_t bufSize)
+ {
+ std::string md(outByteSize_, 0);
+ digest(&md[0], md.size(), buf, bufSize);
+ return md;
+ }
+#endif
+};
+
+class Sha512 : public sha2_local::Common<Sha512> {
+ friend struct sha2_local::Common<Sha512>;
+private:
+ static const size_t blockSize_ = 128;
+ static const size_t hSize_ = 8;
+ static const size_t msgLenByte_ = 16;
+ uint64_t totalSize_;
+ size_t roundBufSize_;
+ char roundBuf_[blockSize_];
+ uint64_t h_[hSize_];
+ static const size_t outByteSize_ = hSize_ * sizeof(uint64_t);
+ const uint64_t *k_;
+
+ template<size_t i0, size_t i1, size_t i2, size_t i3, size_t i4, size_t i5, size_t i6, size_t i7>
+ void round1(uint64_t *S, const uint64_t *w, size_t i)
+ {
+ using namespace sha2_local;
+ uint64_t& a = S[i0];
+ uint64_t& b = S[i1];
+ uint64_t& c = S[i2];
+ uint64_t& d = S[i3];
+ uint64_t& e = S[i4];
+ uint64_t& f = S[i5];
+ uint64_t& g = S[i6];
+ uint64_t& h = S[i7];
+
+ uint64_t s1 = rot64(e, 14) ^ rot64(e, 18) ^ rot64(e, 41);
+ uint64_t ch = g ^ (e & (f ^ g));
+ uint64_t t0 = h + s1 + ch + k_[i] + w[i];
+ uint64_t s0 = rot64(a, 28) ^ rot64(a, 34) ^ rot64(a, 39);
+ uint64_t maj = ((a | b) & c) | (a & b);
+ uint64_t t1 = s0 + maj;
+ d += t0;
+ h = t0 + t1;
+ }
+ /**
+ @param buf [in] buffer(64byte)
+ */
+ void round(const char *buf)
+ {
+ using namespace sha2_local;
+ uint64_t w[80];
+ for (int i = 0; i < 16; i++) {
+ w[i] = cybozu::Get64bitAsBE(&buf[i * 8]);
+ }
+ for (int i = 16 ; i < 80; i++) {
+ uint64_t t = w[i - 15];
+ uint64_t s0 = rot64(t, 1) ^ rot64(t, 8) ^ (t >> 7);
+ t = w[i - 2];
+ uint64_t s1 = rot64(t, 19) ^ rot64(t, 61) ^ (t >> 6);
+ w[i] = w[i - 16] + s0 + w[i - 7] + s1;
+ }
+ uint64_t s[8];
+ for (int i = 0; i < 8; i++) {
+ s[i] = h_[i];
+ }
+ for (int i = 0; i < 80; i += 8) {
+ round1<0, 1, 2, 3, 4, 5, 6, 7>(s, w, i + 0);
+ round1<7, 0, 1, 2, 3, 4, 5, 6>(s, w, i + 1);
+ round1<6, 7, 0, 1, 2, 3, 4, 5>(s, w, i + 2);
+ round1<5, 6, 7, 0, 1, 2, 3, 4>(s, w, i + 3);
+ round1<4, 5, 6, 7, 0, 1, 2, 3>(s, w, i + 4);
+ round1<3, 4, 5, 6, 7, 0, 1, 2>(s, w, i + 5);
+ round1<2, 3, 4, 5, 6, 7, 0, 1>(s, w, i + 6);
+ round1<1, 2, 3, 4, 5, 6, 7, 0>(s, w, i + 7);
+ }
+ for (int i = 0; i < 8; i++) {
+ h_[i] += s[i];
+ }
+ totalSize_ += blockSize_;
+ }
+public:
+ Sha512()
+ {
+ clear();
+ }
+ void clear()
+ {
+ static const uint64_t kTbl[] = {
+ 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL,
+ 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL,
+ 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, 0x9bdc06a725c71235ULL,
+ 0xc19bf174cf692694ULL, 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL,
+ 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, 0x983e5152ee66dfabULL,
+ 0xa831c66d2db43210ULL, 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL,
+ 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, 0x4d2c6dfc5ac42aedULL,
+ 0x53380d139d95b3dfULL, 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL,
+ 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, 0xd192e819d6ef5218ULL,
+ 0xd69906245565a910ULL, 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL,
+ 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, 0x5b9cca4f7763e373ULL,
+ 0x682e6ff3d6b2b8a3ULL, 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL,
+ 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, 0xca273eceea26619cULL,
+ 0xd186b8c721c0c207ULL, 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL,
+ 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, 0x3c9ebe0a15c9bebcULL,
+ 0x431d67c49c100d4cULL, 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL
+ };
+ k_ = kTbl;
+ totalSize_ = 0;
+ roundBufSize_ = 0;
+ h_[0] = 0x6a09e667f3bcc908ull;
+ h_[1] = 0xbb67ae8584caa73bull;
+ h_[2] = 0x3c6ef372fe94f82bull;
+ h_[3] = 0xa54ff53a5f1d36f1ull;
+ h_[4] = 0x510e527fade682d1ull;
+ h_[5] = 0x9b05688c2b3e6c1full;
+ h_[6] = 0x1f83d9abfb41bd6bull;
+ h_[7] = 0x5be0cd19137e2179ull;
+ }
+ void update(const void *buf, size_t bufSize)
+ {
+ inner_update(reinterpret_cast<const char*>(buf), bufSize);
+ }
+ size_t digest(void *md, size_t mdSize, const void *buf, size_t bufSize)
+ {
+ if (mdSize < outByteSize_) return 0;
+ update(buf, bufSize);
+ term(roundBuf_, roundBufSize_);
+ char *p = reinterpret_cast<char*>(md);
+ for (size_t i = 0; i < hSize_; i++) {
+ cybozu::Set64bitAsBE(&p[i * sizeof(h_[0])], h_[i]);
+ }
+ return outByteSize_;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ void update(const std::string& buf)
+ {
+ update(buf.c_str(), buf.size());
+ }
+ std::string digest(const std::string& buf)
+ {
+ return digest(buf.c_str(), buf.size());
+ }
+ std::string digest(const void *buf, size_t bufSize)
+ {
+ std::string md(outByteSize_, 0);
+ digest(&md[0], md.size(), buf, bufSize);
+ return md;
+ }
+#endif
+};
+
+} // cybozu
+
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/stream.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/stream.hpp
new file mode 100644
index 000000000..bc110bdb0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/stream.hpp
@@ -0,0 +1,267 @@
+#pragma once
+/**
+ @file
+ @brief stream and line stream class
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#ifndef CYBOZU_DONT_USE_STRING
+#include <string>
+#include <iosfwd>
+#endif
+#include <cybozu/exception.hpp>
+#include <memory.h>
+
+namespace cybozu {
+
+namespace stream_local {
+
+template <typename From, typename To>
+struct is_convertible {
+ typedef char yes;
+ typedef int no;
+
+ static no test(...);
+ static yes test(const To*);
+ static const bool value = sizeof(test(static_cast<const From*>(0))) == sizeof(yes);
+};
+
+template <bool b, class T = void>
+struct enable_if { typedef T type; };
+
+template <class T>
+struct enable_if<false, T> {};
+
+#ifndef CYBOZU_DONT_USE_STRING
+/* specialization for istream */
+template<class InputStream>
+size_t readSome_inner(void *buf, size_t size, InputStream& is, typename enable_if<is_convertible<InputStream, std::istream>::value>::type* = 0)
+{
+ if (size > 0x7fffffff) size = 0x7fffffff;
+ is.read(static_cast<char *>(buf), size);
+ const int64_t readSize = is.gcount();
+ if (readSize < 0) return 0;
+ if (size == 1 && readSize == 0) is.clear();
+ return static_cast<size_t>(readSize);
+}
+
+/* generic version for size_t readSome(void *, size_t) */
+template<class InputStream>
+size_t readSome_inner(void *buf, size_t size, InputStream& is, typename enable_if<!is_convertible<InputStream, std::istream>::value>::type* = 0)
+{
+ return is.readSome(buf, size);
+}
+#else
+template<class InputStream>
+size_t readSome_inner(void *buf, size_t size, InputStream& is)
+{
+ return is.readSome(buf, size);
+}
+#endif
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+/* specialization for ostream */
+template<class OutputStream>
+void writeSub(OutputStream& os, const void *buf, size_t size, typename enable_if<is_convertible<OutputStream, std::ostream>::value>::type* = 0)
+{
+ if (!os.write(static_cast<const char *>(buf), size)) throw cybozu::Exception("stream:writeSub") << size;
+}
+#endif
+
+#ifndef CYBOZU_DONT_USE_STRING
+/* generic version for void write(const void*, size_t), which writes all data */
+template<class OutputStream>
+void writeSub(OutputStream& os, const void *buf, size_t size, typename enable_if<!is_convertible<OutputStream, std::ostream>::value>::type* = 0)
+{
+ os.write(buf, size);
+}
+
+template<class OutputStream>
+void writeSub(bool *pb, OutputStream& os, const void *buf, size_t size, typename enable_if<is_convertible<OutputStream, std::ostream>::value>::type* = 0)
+{
+ *pb = !!os.write(static_cast<const char *>(buf), size);
+}
+
+/* generic version for void write(const void*, size_t), which writes all data */
+template<class OutputStream>
+void writeSub(bool *pb, OutputStream& os, const void *buf, size_t size, typename enable_if<!is_convertible<OutputStream, std::ostream>::value>::type* = 0)
+{
+ os.write(pb, buf, size);
+}
+#else
+template<class OutputStream>
+void writeSub(bool *pb, OutputStream& os, const void *buf, size_t size)
+{
+ os.write(pb, buf, size);
+}
+#endif
+
+} // stream_local
+
+/*
+ make a specializaiton of class to use new InputStream, OutputStream
+*/
+template<class InputStream>
+struct InputStreamTag {
+ static size_t readSome(void *buf, size_t size, InputStream& is)
+ {
+ return stream_local::readSome_inner<InputStream>(buf, size, is);
+ }
+ static bool readChar(char *c, InputStream& is)
+ {
+ return readSome(c, 1, is) == 1;
+ }
+};
+
+template<class OutputStream>
+struct OutputStreamTag {
+ static void write(OutputStream& os, const void *buf, size_t size)
+ {
+ stream_local::writeSub<OutputStream>(os, buf, size);
+ }
+};
+
+class MemoryInputStream {
+ const char *p_;
+ size_t size_;
+ size_t pos;
+public:
+ MemoryInputStream(const void *p, size_t size) : p_(static_cast<const char *>(p)), size_(size), pos(0) {}
+ size_t readSome(void *buf, size_t size)
+ {
+ if (size > size_ - pos) size = size_ - pos;
+ memcpy(buf, p_ + pos, size);
+ pos += size;
+ return size;
+ }
+ size_t getPos() const { return pos; }
+};
+
+class MemoryOutputStream {
+ char *p_;
+ size_t size_;
+ size_t pos;
+public:
+ MemoryOutputStream(void *p, size_t size) : p_(static_cast<char *>(p)), size_(size), pos(0) {}
+ void write(bool *pb, const void *buf, size_t size)
+ {
+ if (size > size_ - pos) {
+ *pb = false;
+ return;
+ }
+ memcpy(p_ + pos, buf, size);
+ pos += size;
+ *pb = true;
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void write(const void *buf, size_t size)
+ {
+ bool b;
+ write(&b, buf, size);
+ if (!b) throw cybozu::Exception("MemoryOutputStream:write") << size << size_ << pos;
+ }
+#endif
+ size_t getPos() const { return pos; }
+};
+
+#ifndef CYBOZU_DONT_USE_STRING
+class StringInputStream {
+ const std::string& str_;
+ size_t pos;
+ StringInputStream(const StringInputStream&);
+ void operator=(const StringInputStream&);
+public:
+ explicit StringInputStream(const std::string& str) : str_(str), pos(0) {}
+ size_t readSome(void *buf, size_t size)
+ {
+ const size_t remainSize = str_.size() - pos;
+ if (size > remainSize) size = remainSize;
+ memcpy(buf, &str_[pos], size);
+ pos += size;
+ return size;
+ }
+ size_t getPos() const { return pos; }
+};
+
+class StringOutputStream {
+ std::string& str_;
+ StringOutputStream(const StringOutputStream&);
+ void operator=(const StringOutputStream&);
+public:
+ explicit StringOutputStream(std::string& str) : str_(str) {}
+ void write(bool *pb, const void *buf, size_t size)
+ {
+ str_.append(static_cast<const char *>(buf), size);
+ *pb = true;
+ }
+ void write(const void *buf, size_t size)
+ {
+ str_.append(static_cast<const char *>(buf), size);
+ }
+ size_t getPos() const { return str_.size(); }
+};
+#endif
+
+template<class InputStream>
+size_t readSome(void *buf, size_t size, InputStream& is)
+{
+ return stream_local::readSome_inner(buf, size, is);
+}
+
+template<class OutputStream>
+void write(OutputStream& os, const void *buf, size_t size)
+{
+ stream_local::writeSub(os, buf, size);
+}
+
+template<class OutputStream>
+void write(bool *pb, OutputStream& os, const void *buf, size_t size)
+{
+ stream_local::writeSub(pb, os, buf, size);
+}
+
+template<typename InputStream>
+void read(bool *pb, void *buf, size_t size, InputStream& is)
+{
+ char *p = static_cast<char*>(buf);
+ while (size > 0) {
+ size_t readSize = cybozu::readSome(p, size, is);
+ if (readSize == 0) {
+ *pb = false;
+ return;
+ }
+ p += readSize;
+ size -= readSize;
+ }
+ *pb = true;
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+template<typename InputStream>
+void read(void *buf, size_t size, InputStream& is)
+{
+ bool b;
+ read(&b, buf, size, is);
+ if (!b) throw cybozu::Exception("stream:read");
+}
+#endif
+
+template<class InputStream>
+bool readChar(char *c, InputStream& is)
+{
+ return readSome(c, 1, is) == 1;
+}
+
+template<class OutputStream>
+void writeChar(OutputStream& os, char c)
+{
+ cybozu::write(os, &c, 1);
+}
+
+template<class OutputStream>
+void writeChar(bool *pb, OutputStream& os, char c)
+{
+ cybozu::write(pb, os, &c, 1);
+}
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/test.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/test.hpp
new file mode 100644
index 000000000..7dfffab96
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/test.hpp
@@ -0,0 +1,373 @@
+#pragma once
+/**
+ @file
+ @brief unit test class
+
+ @author MITSUNARI Shigeo(@herumi)
+*/
+
+#include <stdio.h>
+#include <string.h>
+#include <string>
+#include <list>
+#include <iostream>
+#include <utility>
+#if defined(_MSC_VER) && (MSC_VER <= 1500)
+ #include <cybozu/inttype.hpp>
+#else
+ #include <stdint.h>
+#endif
+
+namespace cybozu { namespace test {
+
+class AutoRun {
+ typedef void (*Func)();
+ typedef std::list<std::pair<const char*, Func> > UnitTestList;
+public:
+ AutoRun()
+ : init_(0)
+ , term_(0)
+ , okCount_(0)
+ , ngCount_(0)
+ , exceptionCount_(0)
+ {
+ }
+ void setup(Func init, Func term)
+ {
+ init_ = init;
+ term_ = term;
+ }
+ void append(const char *name, Func func)
+ {
+ list_.push_back(std::make_pair(name, func));
+ }
+ void set(bool isOK)
+ {
+ if (isOK) {
+ okCount_++;
+ } else {
+ ngCount_++;
+ }
+ }
+ std::string getBaseName(const std::string& name) const
+ {
+#ifdef _WIN32
+ const char sep = '\\';
+#else
+ const char sep = '/';
+#endif
+ size_t pos = name.find_last_of(sep);
+ std::string ret = name.substr(pos + 1);
+ pos = ret.find('.');
+ return ret.substr(0, pos);
+ }
+ int run(int, char *argv[])
+ {
+ std::string msg;
+ try {
+ if (init_) init_();
+ for (UnitTestList::const_iterator i = list_.begin(), ie = list_.end(); i != ie; ++i) {
+ std::cout << "ctest:module=" << i->first << std::endl;
+ try {
+ (i->second)();
+ } catch (std::exception& e) {
+ exceptionCount_++;
+ std::cout << "ctest: " << i->first << " is stopped by exception " << e.what() << std::endl;
+ } catch (...) {
+ exceptionCount_++;
+ std::cout << "ctest: " << i->first << " is stopped by unknown exception" << std::endl;
+ }
+ }
+ if (term_) term_();
+ } catch (std::exception& e) {
+ msg = std::string("ctest:err:") + e.what();
+ } catch (...) {
+ msg = "ctest:err: catch unknown exception";
+ }
+ fflush(stdout);
+ if (msg.empty()) {
+ int err = ngCount_ + exceptionCount_;
+ int total = okCount_ + err;
+ std::cout << "ctest:name=" << getBaseName(*argv)
+ << ", module=" << list_.size()
+ << ", total=" << total
+ << ", ok=" << okCount_
+ << ", ng=" << ngCount_
+ << ", exception=" << exceptionCount_ << std::endl;
+ return err > 0 ? 1 : 0;
+ } else {
+ std::cout << msg << std::endl;
+ return 1;
+ }
+ }
+ static inline AutoRun& getInstance()
+ {
+ static AutoRun instance;
+ return instance;
+ }
+private:
+ Func init_;
+ Func term_;
+ int okCount_;
+ int ngCount_;
+ int exceptionCount_;
+ UnitTestList list_;
+};
+
+static AutoRun& autoRun = AutoRun::getInstance();
+
+inline void test(bool ret, const std::string& msg, const std::string& param, const char *file, int line)
+{
+ autoRun.set(ret);
+ if (!ret) {
+ printf("%s(%d):ctest:%s(%s);\n", file, line, msg.c_str(), param.c_str());
+ }
+}
+
+template<typename T, typename U>
+bool isEqual(const T& lhs, const U& rhs)
+{
+ return lhs == rhs;
+}
+
+// avoid warning of comparision of integers of different signs
+inline bool isEqual(size_t lhs, int rhs)
+{
+ return lhs == size_t(rhs);
+}
+inline bool isEqual(int lhs, size_t rhs)
+{
+ return size_t(lhs) == rhs;
+}
+inline bool isEqual(const char *lhs, const char *rhs)
+{
+ return strcmp(lhs, rhs) == 0;
+}
+inline bool isEqual(char *lhs, const char *rhs)
+{
+ return strcmp(lhs, rhs) == 0;
+}
+inline bool isEqual(const char *lhs, char *rhs)
+{
+ return strcmp(lhs, rhs) == 0;
+}
+inline bool isEqual(char *lhs, char *rhs)
+{
+ return strcmp(lhs, rhs) == 0;
+}
+// avoid to compare float directly
+inline bool isEqual(float lhs, float rhs)
+{
+ union fi {
+ float f;
+ uint32_t i;
+ } lfi, rfi;
+ lfi.f = lhs;
+ rfi.f = rhs;
+ return lfi.i == rfi.i;
+}
+// avoid to compare double directly
+inline bool isEqual(double lhs, double rhs)
+{
+ union di {
+ double d;
+ uint64_t i;
+ } ldi, rdi;
+ ldi.d = lhs;
+ rdi.d = rhs;
+ return ldi.i == rdi.i;
+}
+
+} } // cybozu::test
+
+#ifndef CYBOZU_TEST_DISABLE_AUTO_RUN
+int main(int argc, char *argv[])
+{
+ return cybozu::test::autoRun.run(argc, argv);
+}
+#endif
+
+/**
+ alert if !x
+ @param x [in]
+*/
+#define CYBOZU_TEST_ASSERT(x) cybozu::test::test(!!(x), "CYBOZU_TEST_ASSERT", #x, __FILE__, __LINE__)
+
+/**
+ alert if x != y
+ @param x [in]
+ @param y [in]
+*/
+#define CYBOZU_TEST_EQUAL(x, y) { \
+ bool _cybozu_eq = cybozu::test::isEqual(x, y); \
+ cybozu::test::test(_cybozu_eq, "CYBOZU_TEST_EQUAL", #x ", " #y, __FILE__, __LINE__); \
+ if (!_cybozu_eq) { \
+ std::cout << "ctest: lhs=" << (x) << std::endl; \
+ std::cout << "ctest: rhs=" << (y) << std::endl; \
+ } \
+}
+/**
+ alert if fabs(x, y) >= eps
+ @param x [in]
+ @param y [in]
+*/
+#define CYBOZU_TEST_NEAR(x, y, eps) { \
+ bool _cybozu_isNear = fabs((x) - (y)) < eps; \
+ cybozu::test::test(_cybozu_isNear, "CYBOZU_TEST_NEAR", #x ", " #y, __FILE__, __LINE__); \
+ if (!_cybozu_isNear) { \
+ std::cout << "ctest: lhs=" << (x) << std::endl; \
+ std::cout << "ctest: rhs=" << (y) << std::endl; \
+ } \
+}
+
+#define CYBOZU_TEST_EQUAL_POINTER(x, y) { \
+ bool _cybozu_eq = x == y; \
+ cybozu::test::test(_cybozu_eq, "CYBOZU_TEST_EQUAL_POINTER", #x ", " #y, __FILE__, __LINE__); \
+ if (!_cybozu_eq) { \
+ std::cout << "ctest: lhs=" << static_cast<const void*>(x) << std::endl; \
+ std::cout << "ctest: rhs=" << static_cast<const void*>(y) << std::endl; \
+ } \
+}
+/**
+ alert if x[] != y[]
+ @param x [in]
+ @param y [in]
+ @param n [in]
+*/
+#define CYBOZU_TEST_EQUAL_ARRAY(x, y, n) { \
+ for (size_t _cybozu_test_i = 0, _cybozu_ie = (size_t)(n); _cybozu_test_i < _cybozu_ie; _cybozu_test_i++) { \
+ bool _cybozu_eq = cybozu::test::isEqual((x)[_cybozu_test_i], (y)[_cybozu_test_i]); \
+ cybozu::test::test(_cybozu_eq, "CYBOZU_TEST_EQUAL_ARRAY", #x ", " #y ", " #n, __FILE__, __LINE__); \
+ if (!_cybozu_eq) { \
+ std::cout << "ctest: i=" << _cybozu_test_i << std::endl; \
+ std::cout << "ctest: lhs=" << (x)[_cybozu_test_i] << std::endl; \
+ std::cout << "ctest: rhs=" << (y)[_cybozu_test_i] << std::endl; \
+ } \
+ } \
+}
+
+/**
+ always alert
+ @param msg [in]
+*/
+#define CYBOZU_TEST_FAIL(msg) cybozu::test::test(false, "CYBOZU_TEST_FAIL", msg, __FILE__, __LINE__)
+
+/**
+ verify message in exception
+*/
+#define CYBOZU_TEST_EXCEPTION_MESSAGE(statement, Exception, msg) \
+{ \
+ int _cybozu_ret = 0; \
+ std::string _cybozu_errMsg; \
+ try { \
+ statement; \
+ _cybozu_ret = 1; \
+ } catch (const Exception& _cybozu_e) { \
+ _cybozu_errMsg = _cybozu_e.what(); \
+ if (_cybozu_errMsg.find(msg) == std::string::npos) { \
+ _cybozu_ret = 2; \
+ } \
+ } catch (...) { \
+ _cybozu_ret = 3; \
+ } \
+ if (_cybozu_ret) { \
+ cybozu::test::test(false, "CYBOZU_TEST_EXCEPTION_MESSAGE", #statement ", " #Exception ", " #msg, __FILE__, __LINE__); \
+ if (_cybozu_ret == 1) { \
+ std::cout << "ctest: no exception" << std::endl; \
+ } else if (_cybozu_ret == 2) { \
+ std::cout << "ctest: bad exception msg:" << _cybozu_errMsg << std::endl; \
+ } else { \
+ std::cout << "ctest: unexpected exception" << std::endl; \
+ } \
+ } else { \
+ cybozu::test::autoRun.set(true); \
+ } \
+}
+
+#define CYBOZU_TEST_EXCEPTION(statement, Exception) \
+{ \
+ int _cybozu_ret = 0; \
+ try { \
+ statement; \
+ _cybozu_ret = 1; \
+ } catch (const Exception&) { \
+ } catch (...) { \
+ _cybozu_ret = 2; \
+ } \
+ if (_cybozu_ret) { \
+ cybozu::test::test(false, "CYBOZU_TEST_EXCEPTION", #statement ", " #Exception, __FILE__, __LINE__); \
+ if (_cybozu_ret == 1) { \
+ std::cout << "ctest: no exception" << std::endl; \
+ } else { \
+ std::cout << "ctest: unexpected exception" << std::endl; \
+ } \
+ } else { \
+ cybozu::test::autoRun.set(true); \
+ } \
+}
+
+/**
+ verify statement does not throw
+*/
+#define CYBOZU_TEST_NO_EXCEPTION(statement) \
+try { \
+ statement; \
+ cybozu::test::autoRun.set(true); \
+} catch (...) { \
+ cybozu::test::test(false, "CYBOZU_TEST_NO_EXCEPTION", #statement, __FILE__, __LINE__); \
+}
+
+/**
+ append auto unit test
+ @param name [in] module name
+*/
+#define CYBOZU_TEST_AUTO(name) \
+void cybozu_test_ ## name(); \
+struct cybozu_test_local_ ## name { \
+ cybozu_test_local_ ## name() \
+ { \
+ cybozu::test::autoRun.append(#name, cybozu_test_ ## name); \
+ } \
+} cybozu_test_local_instance_ ## name; \
+void cybozu_test_ ## name()
+
+/**
+ append auto unit test with fixture
+ @param name [in] module name
+*/
+#define CYBOZU_TEST_AUTO_WITH_FIXTURE(name, Fixture) \
+void cybozu_test_ ## name(); \
+void cybozu_test_real_ ## name() \
+{ \
+ Fixture f; \
+ cybozu_test_ ## name(); \
+} \
+struct cybozu_test_local_ ## name { \
+ cybozu_test_local_ ## name() \
+ { \
+ cybozu::test::autoRun.append(#name, cybozu_test_real_ ## name); \
+ } \
+} cybozu_test_local_instance_ ## name; \
+void cybozu_test_ ## name()
+
+/**
+ setup fixture
+ @param Fixture [in] class name of fixture
+ @note cstr of Fixture is called before test and dstr of Fixture is called after test
+*/
+#define CYBOZU_TEST_SETUP_FIXTURE(Fixture) \
+Fixture *cybozu_test_local_fixture; \
+void cybozu_test_local_init() \
+{ \
+ cybozu_test_local_fixture = new Fixture(); \
+} \
+void cybozu_test_local_term() \
+{ \
+ delete cybozu_test_local_fixture; \
+} \
+struct cybozu_test_local_fixture_setup_ { \
+ cybozu_test_local_fixture_setup_() \
+ { \
+ cybozu::test::autoRun.setup(cybozu_test_local_init, cybozu_test_local_term); \
+ } \
+} cybozu_test_local_fixture_setup_instance_;
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/unordered_map.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/unordered_map.hpp
new file mode 100644
index 000000000..89f8f8774
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/unordered_map.hpp
@@ -0,0 +1,13 @@
+#pragma once
+
+#include <cybozu/inttype.hpp>
+
+#ifdef CYBOZU_USE_BOOST
+ #include <boost/unordered_map.hpp>
+#elif (CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11) || (defined __APPLE__)
+ #include <unordered_map>
+#elif (CYBOZU_CPP_VERSION == CYBOZU_CPP_VERSION_TR1)
+ #include <list>
+ #include <tr1/unordered_map>
+#endif
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/cybozu/xorshift.hpp b/vendor/github.com/byzantine-lab/mcl/include/cybozu/xorshift.hpp
new file mode 100644
index 000000000..08c6a04f9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/cybozu/xorshift.hpp
@@ -0,0 +1,189 @@
+#pragma once
+/**
+ @file
+ @brief XorShift
+
+ @author MITSUNARI Shigeo(@herumi)
+ @author MITSUNARI Shigeo
+*/
+#include <cybozu/inttype.hpp>
+#include <assert.h>
+
+namespace cybozu {
+
+namespace xorshift_local {
+
+/*
+ U is uint32_t or uint64_t
+*/
+template<class U, class Gen>
+void read_local(void *p, size_t n, Gen& gen, U (Gen::*f)())
+{
+ uint8_t *dst = static_cast<uint8_t*>(p);
+ const size_t uSize = sizeof(U);
+ assert(uSize == 4 || uSize == 8);
+ union ua {
+ U u;
+ uint8_t a[uSize];
+ };
+
+ while (n >= uSize) {
+ ua ua;
+ ua.u = (gen.*f)();
+ for (size_t i = 0; i < uSize; i++) {
+ dst[i] = ua.a[i];
+ }
+ dst += uSize;
+ n -= uSize;
+ }
+ assert(n < uSize);
+ if (n > 0) {
+ ua ua;
+ ua.u = (gen.*f)();
+ for (size_t i = 0; i < n; i++) {
+ dst[i] = ua.a[i];
+ }
+ }
+}
+
+} // xorshift_local
+
+class XorShift {
+ uint32_t x_, y_, z_, w_;
+public:
+ explicit XorShift(uint32_t x = 0, uint32_t y = 0, uint32_t z = 0, uint32_t w = 0)
+ {
+ init(x, y, z, w);
+ }
+ void init(uint32_t x = 0, uint32_t y = 0, uint32_t z = 0, uint32_t w = 0)
+ {
+ x_ = x ? x : 123456789;
+ y_ = y ? y : 362436069;
+ z_ = z ? z : 521288629;
+ w_ = w ? w : 88675123;
+ }
+ uint32_t get32()
+ {
+ unsigned int t = x_ ^ (x_ << 11);
+ x_ = y_; y_ = z_; z_ = w_;
+ return w_ = (w_ ^ (w_ >> 19)) ^ (t ^ (t >> 8));
+ }
+ uint32_t operator()() { return get32(); }
+ uint64_t get64()
+ {
+ uint32_t a = get32();
+ uint32_t b = get32();
+ return (uint64_t(a) << 32) | b;
+ }
+ template<class T>
+ void read(bool *pb, T *p, size_t n)
+ {
+ xorshift_local::read_local(p, n * sizeof(T), *this, &XorShift::get32);
+ *pb = true;
+ }
+ template<class T>
+ size_t read(T *p, size_t n)
+ {
+ bool b;
+ read(&b, p, n);
+ (void)b;
+ return n;
+ }
+};
+
+// see http://xorshift.di.unimi.it/xorshift128plus.c
+class XorShift128Plus {
+ uint64_t s_[2];
+ static const uint64_t seed0 = 123456789;
+ static const uint64_t seed1 = 987654321;
+public:
+ explicit XorShift128Plus(uint64_t s0 = seed0, uint64_t s1 = seed1)
+ {
+ init(s0, s1);
+ }
+ void init(uint64_t s0 = seed0, uint64_t s1 = seed1)
+ {
+ s_[0] = s0;
+ s_[1] = s1;
+ }
+ uint32_t get32()
+ {
+ return static_cast<uint32_t>(get64());
+ }
+ uint64_t operator()() { return get64(); }
+ uint64_t get64()
+ {
+ uint64_t s1 = s_[0];
+ const uint64_t s0 = s_[1];
+ s_[0] = s0;
+ s1 ^= s1 << 23;
+ s_[1] = s1 ^ s0 ^ (s1 >> 18) ^ (s0 >> 5);
+ return s_[1] + s0;
+ }
+ template<class T>
+ void read(bool *pb, T *p, size_t n)
+ {
+ xorshift_local::read_local(p, n * sizeof(T), *this, &XorShift128Plus::get64);
+ *pb = true;
+ }
+ template<class T>
+ size_t read(T *p, size_t n)
+ {
+ bool b;
+ read(&b, p, n);
+ (void)b;
+ return n;
+ }
+};
+
+// see http://xoroshiro.di.unimi.it/xoroshiro128plus.c
+class Xoroshiro128Plus {
+ uint64_t s_[2];
+ static const uint64_t seed0 = 123456789;
+ static const uint64_t seed1 = 987654321;
+ uint64_t rotl(uint64_t x, unsigned int k) const
+ {
+ return (x << k) | (x >> (64 - k));
+ }
+public:
+ explicit Xoroshiro128Plus(uint64_t s0 = seed0, uint64_t s1 = seed1)
+ {
+ init(s0, s1);
+ }
+ void init(uint64_t s0 = seed0, uint64_t s1 = seed1)
+ {
+ s_[0] = s0;
+ s_[1] = s1;
+ }
+ uint32_t get32()
+ {
+ return static_cast<uint32_t>(get64());
+ }
+ uint64_t operator()() { return get64(); }
+ uint64_t get64()
+ {
+ uint64_t s0 = s_[0];
+ uint64_t s1 = s_[1];
+ uint64_t result = s0 + s1;
+ s1 ^= s0;
+ s_[0] = rotl(s0, 55) ^ s1 ^ (s1 << 14);
+ s_[1] = rotl(s1, 36);
+ return result;
+ }
+ template<class T>
+ void read(bool *pb, T *p, size_t n)
+ {
+ xorshift_local::read_local(p, n * sizeof(T), *this, &Xoroshiro128Plus::get64);
+ *pb = true;
+ }
+ template<class T>
+ size_t read(T *p, size_t n)
+ {
+ bool b;
+ read(&b, p, n);
+ (void)b;
+ return n;
+ }
+};
+
+} // cybozu
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/aggregate_sig.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/aggregate_sig.hpp
new file mode 100644
index 000000000..f31405705
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/aggregate_sig.hpp
@@ -0,0 +1,265 @@
+#pragma once
+/**
+ @file
+ @brief aggregate signature
+ @author MITSUNARI Shigeo(@herumi)
+ see http://crypto.stanford.edu/~dabo/papers/aggreg.pdf
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <cmath>
+#include <vector>
+#include <iosfwd>
+#include <set>
+#ifndef MCLBN_FP_UNIT_SIZE
+ #define MCLBN_FP_UNIT_SIZE 4
+#endif
+#if MCLBN_FP_UNIT_SIZE == 4
+#include <mcl/bn256.hpp>
+namespace mcl {
+using namespace mcl::bn256;
+}
+#elif MCLBN_FP_UNIT_SIZE == 6
+#include <mcl/bn384.hpp>
+namespace mcl {
+using namespace mcl::bn384;
+}
+#elif MCLBN_FP_UNIT_SIZE == 8
+#include <mcl/bn512.hpp>
+namespace mcl {
+using namespace mcl::bn512;
+}
+#else
+ #error "MCLBN_FP_UNIT_SIZE must be 4, 6, or 8"
+#endif
+
+namespace mcl { namespace aggs {
+
+/*
+ AGGregate Signature Template class
+*/
+template<size_t dummyImpl = 0>
+struct AGGST {
+ typedef typename G1::BaseFp Fp;
+
+ class SecretKey;
+ class PublicKey;
+ class Signature;
+
+ static G1 P_;
+ static G2 Q_;
+ static std::vector<Fp6> Qcoeff_;
+public:
+ static void init(const mcl::CurveParam& cp = mcl::BN254)
+ {
+ initPairing(cp);
+ hashAndMapToG1(P_, "0");
+ hashAndMapToG2(Q_, "0");
+ precomputeG2(Qcoeff_, Q_);
+ }
+ class Signature : public fp::Serializable<Signature> {
+ G1 S_;
+ friend class SecretKey;
+ friend class PublicKey;
+ public:
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ S_.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ S_.save(os, ioMode);
+ }
+ friend std::istream& operator>>(std::istream& is, Signature& self)
+ {
+ self.load(is, fp::detectIoMode(G1::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const Signature& self)
+ {
+ self.save(os, fp::detectIoMode(G1::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const Signature& rhs) const
+ {
+ return S_ == rhs.S_;
+ }
+ bool operator!=(const Signature& rhs) const { return !operator==(rhs); }
+ /*
+ aggregate sig[0..n) and set *this
+ */
+ void aggregate(const Signature *sig, size_t n)
+ {
+ G1 S;
+ S.clear();
+ for (size_t i = 0; i < n; i++) {
+ S += sig[i].S_;
+ }
+ S_ = S;
+ }
+ void aggregate(const std::vector<Signature>& sig)
+ {
+ aggregate(sig.data(), sig.size());
+ }
+ /*
+ aggregate verification
+ */
+ bool verify(const void *const *msgVec, const size_t *sizeVec, const PublicKey *pubVec, size_t n) const
+ {
+ if (n == 0) return false;
+ typedef std::set<Fp> FpSet;
+ FpSet msgSet;
+ typedef std::vector<G1> G1Vec;
+ G1Vec hv(n);
+ for (size_t i = 0; i < n; i++) {
+ Fp h;
+ h.setHashOf(msgVec[i], sizeVec[i]);
+ std::pair<typename FpSet::iterator, bool> ret = msgSet.insert(h);
+ if (!ret.second) throw cybozu::Exception("aggs::verify:same msg");
+ mapToG1(hv[i], h);
+ }
+ /*
+ e(aggSig, xQ) = prod_i e(hv[i], pub[i].Q)
+ <=> finalExp(e(-aggSig, xQ) * prod_i millerLoop(hv[i], pub[i].xQ)) == 1
+ */
+ GT e1, e2;
+ precomputedMillerLoop(e1, -S_, Qcoeff_);
+ millerLoop(e2, hv[0], pubVec[0].xQ_);
+ for (size_t i = 1; i < n; i++) {
+ GT e;
+ millerLoop(e, hv[i], pubVec[i].xQ_);
+ e2 *= e;
+ }
+ e1 *= e2;
+ finalExp(e1, e1);
+ return e1.isOne();
+ }
+ bool verify(const std::vector<std::string>& msgVec, const std::vector<PublicKey>& pubVec) const
+ {
+ const size_t n = msgVec.size();
+ if (n != pubVec.size()) throw cybozu::Exception("aggs:Signature:verify:bad size") << msgVec.size() << pubVec.size();
+ if (n == 0) return false;
+ std::vector<const void*> mv(n);
+ std::vector<size_t> sv(n);
+ for (size_t i = 0; i < n; i++) {
+ mv[i] = msgVec[i].c_str();
+ sv[i] = msgVec[i].size();
+ }
+ return verify(&mv[0], &sv[0], &pubVec[0], n);
+ }
+ };
+ class PublicKey : public fp::Serializable<PublicKey> {
+ G2 xQ_;
+ friend class SecretKey;
+ friend class Signature;
+ public:
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ xQ_.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ xQ_.save(os, ioMode);
+ }
+ friend std::istream& operator>>(std::istream& is, PublicKey& self)
+ {
+ self.load(is, fp::detectIoMode(G2::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const PublicKey& self)
+ {
+ self.save(os, fp::detectIoMode(G2::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const PublicKey& rhs) const
+ {
+ return xQ_ == rhs.xQ_;
+ }
+ bool operator!=(const PublicKey& rhs) const { return !operator==(rhs); }
+ bool verify(const Signature& sig, const void *m, size_t mSize) const
+ {
+ /*
+ H = hash(m)
+ e(S, Q) = e(H, xQ) where S = xH
+ <=> e(S, Q)e(-H, xQ) = 1
+ <=> finalExp(millerLoop(S, Q)e(-H, x)) = 1
+ */
+ G1 H;
+ hashAndMapToG1(H, m, mSize);
+ G1::neg(H, H);
+ GT e1, e2;
+ precomputedMillerLoop(e1, sig.S_, Qcoeff_);
+ millerLoop(e2, H, xQ_);
+ e1 *= e2;
+ finalExp(e1, e1);
+ return e1.isOne();
+ }
+ bool verify(const Signature& sig, const std::string& m) const
+ {
+ return verify(sig, m.c_str(), m.size());
+ }
+ };
+ class SecretKey : public fp::Serializable<SecretKey> {
+ Fr x_;
+ friend class PublicKey;
+ friend class Signature;
+ public:
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ x_.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ x_.save(os, ioMode);
+ }
+ friend std::istream& operator>>(std::istream& is, SecretKey& self)
+ {
+ self.load(is, fp::detectIoMode(Fr::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const SecretKey& self)
+ {
+ self.save(os, fp::detectIoMode(Fr::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const SecretKey& rhs) const
+ {
+ return x_ == rhs.x_;
+ }
+ bool operator!=(const SecretKey& rhs) const { return !operator==(rhs); }
+ void init()
+ {
+ x_.setByCSPRNG();
+ }
+ void getPublicKey(PublicKey& pub) const
+ {
+ G2::mul(pub.xQ_, Q_, x_);
+ }
+ void sign(Signature& sig, const void *m, size_t mSize) const
+ {
+ hashAndMapToG1(sig.S_, m, mSize);
+ G1::mul(sig.S_, sig.S_, x_);
+ }
+ void sign(Signature& sig, const std::string& m) const
+ {
+ sign(sig, m.c_str(), m.size());
+ }
+ };
+};
+
+template<size_t dummyImpl> G1 AGGST<dummyImpl>::P_;
+template<size_t dummyImpl> G2 AGGST<dummyImpl>::Q_;
+template<size_t dummyImpl> std::vector<Fp6> AGGST<dummyImpl>::Qcoeff_;
+
+typedef AGGST<> AGGS;
+typedef AGGS::SecretKey SecretKey;
+typedef AGGS::PublicKey PublicKey;
+typedef AGGS::Signature Signature;
+
+} } // mcl::aggs
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/ahe.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/ahe.hpp
new file mode 100644
index 000000000..239319d0d
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/ahe.hpp
@@ -0,0 +1,76 @@
+#pragma once
+/**
+ @file
+ @brief 192/256-bit additive homomorphic encryption by lifted-ElGamal
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/elgamal.hpp>
+#include <mcl/ecparam.hpp>
+
+namespace mcl {
+
+#ifdef MCL_USE_AHE192
+namespace ahe192 {
+
+const mcl::EcParam& para = mcl::ecparam::NIST_P192;
+
+typedef mcl::FpT<mcl::FpTag, 192> Fp;
+typedef mcl::FpT<mcl::ZnTag, 192> Zn;
+typedef mcl::EcT<Fp> Ec;
+typedef mcl::ElgamalT<Ec, Zn> ElgamalEc;
+typedef ElgamalEc::PrivateKey SecretKey;
+typedef ElgamalEc::PublicKey PublicKey;
+typedef ElgamalEc::CipherText CipherText;
+
+static inline void initAhe()
+{
+ Fp::init(para.p);
+ Zn::init(para.n);
+ Ec::init(para.a, para.b);
+ Ec::setIoMode(16);
+ Zn::setIoMode(16);
+}
+
+static inline void initSecretKey(SecretKey& sec)
+{
+ const Ec P(Fp(para.gx), Fp(para.gy));
+ sec.init(P, Zn::getBitSize());
+}
+
+} //mcl::ahe192
+#endif
+
+#ifdef MCL_USE_AHE256
+namespace ahe256 {
+
+const mcl::EcParam& para = mcl::ecparam::NIST_P256;
+
+typedef mcl::FpT<mcl::FpTag, 256> Fp;
+typedef mcl::FpT<mcl::ZnTag, 256> Zn;
+typedef mcl::EcT<Fp> Ec;
+typedef mcl::ElgamalT<Ec, Zn> ElgamalEc;
+typedef ElgamalEc::PrivateKey SecretKey;
+typedef ElgamalEc::PublicKey PublicKey;
+typedef ElgamalEc::CipherText CipherText;
+
+static inline void initAhe()
+{
+ Fp::init(para.p);
+ Zn::init(para.n);
+ Ec::init(para.a, para.b);
+ Ec::setIoMode(16);
+ Zn::setIoMode(16);
+}
+
+static inline void initSecretKey(SecretKey& sec)
+{
+ const Ec P(Fp(para.gx), Fp(para.gy));
+ sec.init(P, Zn::getBitSize());
+}
+
+} //mcl::ahe256
+#endif
+
+} // mcl
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/array.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/array.hpp
new file mode 100644
index 000000000..a6d2a8fa3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/array.hpp
@@ -0,0 +1,167 @@
+#pragma once
+/**
+ @file
+ @brief tiny vector class
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <stdlib.h>
+#include <stddef.h>
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+#include <new>
+#endif
+
+namespace mcl {
+
+template<class T>
+class Array {
+ T *p_;
+ size_t n_;
+ template<class U>
+ void swap_(U& x, U& y) const
+ {
+ U t;
+ t = x;
+ x = y;
+ y = t;
+ }
+public:
+ Array() : p_(0), n_(0) {}
+ ~Array()
+ {
+ free(p_);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ Array(const Array& rhs)
+ : p_(0)
+ , n_(0)
+ {
+ if (rhs.n_ == 0) return;
+ p_ = (T*)malloc(sizeof(T) * rhs.n_);
+ if (p_ == 0) throw std::bad_alloc();
+ n_ = rhs.n_;
+ for (size_t i = 0; i < n_; i++) {
+ p_[i] = rhs.p_[i];
+ }
+ }
+ Array& operator=(const Array& rhs)
+ {
+ Array tmp(rhs);
+ tmp.swap(*this);
+ return *this;
+ }
+#endif
+ bool resize(size_t n)
+ {
+ if (n <= n_) {
+ n_ = n;
+ if (n == 0) {
+ free(p_);
+ p_ = 0;
+ }
+ return true;
+ }
+ T *q = (T*)malloc(sizeof(T) * n);
+ if (q == 0) return false;
+ for (size_t i = 0; i < n_; i++) {
+ q[i] = p_[i];
+ }
+ free(p_);
+ p_ = q;
+ n_ = n;
+ return true;
+ }
+ bool copy(const Array<T>& rhs)
+ {
+ if (this == &rhs) return true;
+ if (n_ < rhs.n_) {
+ clear();
+ if (!resize(rhs.n_)) return false;
+ }
+ for (size_t i = 0; i < rhs.n_; i++) {
+ p_[i] = rhs.p_[i];
+ }
+ n_ = rhs.n_;
+ return true;
+ }
+ void clear()
+ {
+ free(p_);
+ p_ = 0;
+ n_ = 0;
+ }
+ size_t size() const { return n_; }
+ void swap(Array<T>& rhs)
+ {
+ swap_(p_, rhs.p_);
+ swap_(n_, rhs.n_);
+ }
+ T& operator[](size_t n) { return p_[n]; }
+ const T& operator[](size_t n) const { return p_[n]; }
+ T* data() { return p_; }
+ const T* data() const { return p_; }
+};
+
+template<class T, size_t maxSize>
+class FixedArray {
+ T p_[maxSize];
+ size_t n_;
+ FixedArray(const FixedArray&);
+ void operator=(const FixedArray&);
+ template<class U>
+ void swap_(U& x, U& y) const
+ {
+ U t;
+ t = x;
+ x = y;
+ y = t;
+ }
+public:
+ FixedArray() : n_(0) {}
+ bool resize(size_t n)
+ {
+ if (n > maxSize) return false;
+ n_ = n;
+ return true;
+ }
+ bool copy(const FixedArray<T, maxSize>& rhs)
+ {
+ if (this == &rhs) return true;
+ for (size_t i = 0; i < rhs.n_; i++) {
+ p_[i] = rhs.p_[i];
+ }
+ n_ = rhs.n_;
+ return true;
+ }
+ void clear()
+ {
+ n_ = 0;
+ }
+ size_t size() const { return n_; }
+ void swap(FixedArray<T, maxSize>& rhs)
+ {
+ T *minP = p_;
+ size_t minN = n_;
+ T *maxP = rhs.p_;
+ size_t maxN = rhs.n_;
+ if (minP > maxP) {
+ swap_(minP, maxP);
+ swap_(minN, maxN);
+ }
+ for (size_t i = 0; i < minN; i++) {
+ swap_(minP[i], maxP[i]);
+ }
+ for (size_t i = minN; i < maxN; i++) {
+ minP[i] = maxP[i];
+ }
+ swap_(n_, rhs.n_);
+ }
+ T& operator[](size_t n) { return p_[n]; }
+ const T& operator[](size_t n) const { return p_[n]; }
+ T* data() { return p_; }
+ const T* data() const { return p_; }
+};
+
+} // mcl
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bls12_381.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/bls12_381.hpp
new file mode 100644
index 000000000..316e142af
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bls12_381.hpp
@@ -0,0 +1,15 @@
+#pragma once
+/**
+ @file
+ @brief preset class for BLS12-381 pairing
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#define MCL_MAX_FP_BIT_SIZE 384
+#define MCL_MAX_FR_BIT_SIZE 256
+#include <mcl/bn.hpp>
+
+namespace mcl { namespace bls12 {
+using namespace mcl::bn;
+} }
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.h b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.h
new file mode 100644
index 000000000..0a31d5501
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.h
@@ -0,0 +1,428 @@
+#pragma once
+/**
+ @file
+ @brief C interface of 256/384-bit optimal ate pairing over BN curves
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+/*
+ the order of an elliptic curve over Fp is Fr
+*/
+#ifndef MCLBN_FP_UNIT_SIZE
+ #error "define MCLBN_FP_UNIT_SIZE 4(, 6 or 8)"
+#endif
+#ifndef MCLBN_FR_UNIT_SIZE
+ #define MCLBN_FR_UNIT_SIZE MCLBN_FP_UNIT_SIZE
+#endif
+#define MCLBN_COMPILED_TIME_VAR ((MCLBN_FR_UNIT_SIZE) * 10 + (MCLBN_FP_UNIT_SIZE))
+
+#include <stdint.h> // for uint64_t, uint8_t
+#include <stdlib.h> // for size_t
+
+
+#if defined(_MSC_VER)
+ #ifdef MCLBN_DONT_EXPORT
+ #define MCLBN_DLL_API
+ #else
+ #ifdef MCLBN_DLL_EXPORT
+ #define MCLBN_DLL_API __declspec(dllexport)
+ #else
+ #define MCLBN_DLL_API __declspec(dllimport)
+ #endif
+ #endif
+ #ifndef MCLBN_NO_AUTOLINK
+ #if MCLBN_FP_UNIT_SIZE == 4
+ #pragma comment(lib, "mclbn256.lib")
+ #elif MCLBN_FP_UNIT_SIZE == 6
+ #pragma comment(lib, "mclbn384.lib")
+ #else
+ #pragma comment(lib, "mclbn512.lib")
+ #endif
+ #endif
+#elif defined(__EMSCRIPTEN__) && !defined(MCLBN_DONT_EXPORT)
+ #define MCLBN_DLL_API __attribute__((used))
+#elif defined(__wasm__) && !defined(MCLBN_DONT_EXPORT)
+ #define MCLBN_DLL_API __attribute__((visibility("default")))
+#else
+ #define MCLBN_DLL_API
+#endif
+
+#ifdef __EMSCRIPTEN__
+ // avoid 64-bit integer
+ #define mclSize unsigned int
+ #define mclInt int
+#else
+ // use #define for cgo
+ #define mclSize size_t
+ #define mclInt int64_t
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef MCLBN_NOT_DEFINE_STRUCT
+
+typedef struct mclBnFr mclBnFr;
+typedef struct mclBnG1 mclBnG1;
+typedef struct mclBnG2 mclBnG2;
+typedef struct mclBnGT mclBnGT;
+typedef struct mclBnFp mclBnFp;
+typedef struct mclBnFp2 mclBnFp2;
+
+#else
+
+typedef struct {
+ uint64_t d[MCLBN_FR_UNIT_SIZE];
+} mclBnFr;
+
+typedef struct {
+ uint64_t d[MCLBN_FP_UNIT_SIZE * 3];
+} mclBnG1;
+
+typedef struct {
+ uint64_t d[MCLBN_FP_UNIT_SIZE * 2 * 3];
+} mclBnG2;
+
+typedef struct {
+ uint64_t d[MCLBN_FP_UNIT_SIZE * 12];
+} mclBnGT;
+
+typedef struct {
+ uint64_t d[MCLBN_FP_UNIT_SIZE];
+} mclBnFp;
+
+typedef struct {
+ mclBnFp d[2];
+} mclBnFp2;
+
+#endif
+
+#include <mcl/curve_type.h>
+
+#define MCLBN_IO_SERIALIZE_HEX_STR 2048
+// for backword compatibility
+enum {
+ mclBn_CurveFp254BNb = 0,
+ mclBn_CurveFp382_1 = 1,
+ mclBn_CurveFp382_2 = 2,
+ mclBn_CurveFp462 = 3,
+ mclBn_CurveSNARK1 = 4,
+ mclBls12_CurveFp381 = 5
+};
+
+// return 0xABC which means A.BC
+MCLBN_DLL_API int mclBn_getVersion();
+/*
+ init library
+ @param curve [in] type of bn curve
+ @param compiledTimeVar [in] specify MCLBN_COMPILED_TIME_VAR,
+ which macro is used to make sure that the values
+ are the same when the library is built and used
+ @return 0 if success
+ curve = BN254/BN_SNARK1 is allowed if maxUnitSize = 4
+ curve = BN381_1/BN381_2/BLS12_381 are allowed if maxUnitSize = 6
+ This parameter is used to detect a library compiled with different MCLBN_FP_UNIT_SIZE for safety.
+ @note not threadsafe
+ @note BN_init is used in libeay32
+*/
+MCLBN_DLL_API int mclBn_init(int curve, int compiledTimeVar);
+
+
+/*
+ pairing : G1 x G2 -> GT
+ #G1 = #G2 = r
+ G1 is a curve defined on Fp
+
+ serialized size of elements
+ |Fr| |Fp|
+ BN254 32 32
+ BN381 48 48
+ BLS12_381 32 48
+ BN462 58 58
+ |G1| = |Fp|
+ |G2| = |G1| * 2
+ |GT| = |G1| * 12
+*/
+/*
+ return the num of Unit(=uint64_t) to store Fr
+*/
+MCLBN_DLL_API int mclBn_getOpUnitSize(void);
+
+/*
+ return bytes for serialized G1(=Fp)
+*/
+MCLBN_DLL_API int mclBn_getG1ByteSize(void);
+/*
+ return bytes for serialized Fr
+*/
+MCLBN_DLL_API int mclBn_getFrByteSize(void);
+/*
+ return bytes for serialized Fp
+*/
+MCLBN_DLL_API int mclBn_getFpByteSize(void);
+
+/*
+ return decimal string of the order of the curve(=the characteristic of Fr)
+ return str(buf) if success
+*/
+MCLBN_DLL_API mclSize mclBn_getCurveOrder(char *buf, mclSize maxBufSize);
+
+/*
+ return decimal string of the characteristic of Fp
+ return str(buf) if success
+*/
+MCLBN_DLL_API mclSize mclBn_getFieldOrder(char *buf, mclSize maxBufSize);
+
+////////////////////////////////////////////////
+/*
+ deserialize
+ return read size if success else 0
+*/
+MCLBN_DLL_API mclSize mclBnFr_deserialize(mclBnFr *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API mclSize mclBnG1_deserialize(mclBnG1 *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API mclSize mclBnG2_deserialize(mclBnG2 *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API mclSize mclBnGT_deserialize(mclBnGT *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API mclSize mclBnFp_deserialize(mclBnFp *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API mclSize mclBnFp2_deserialize(mclBnFp2 *x, const void *buf, mclSize bufSize);
+
+/*
+ serialize
+ return written byte if sucess else 0
+*/
+MCLBN_DLL_API mclSize mclBnFr_serialize(void *buf, mclSize maxBufSize, const mclBnFr *x);
+MCLBN_DLL_API mclSize mclBnG1_serialize(void *buf, mclSize maxBufSize, const mclBnG1 *x);
+MCLBN_DLL_API mclSize mclBnG2_serialize(void *buf, mclSize maxBufSize, const mclBnG2 *x);
+MCLBN_DLL_API mclSize mclBnGT_serialize(void *buf, mclSize maxBufSize, const mclBnGT *x);
+MCLBN_DLL_API mclSize mclBnFp_serialize(void *buf, mclSize maxBufSize, const mclBnFp *x);
+MCLBN_DLL_API mclSize mclBnFp2_serialize(void *buf, mclSize maxBufSize, const mclBnFp2 *x);
+
+/*
+ set string
+ ioMode
+ 10 : decimal number
+ 16 : hexadecimal number
+ MCLBN_IO_SERIALIZE_HEX_STR : hex string of serialized data
+ return 0 if success else -1
+*/
+MCLBN_DLL_API int mclBnFr_setStr(mclBnFr *x, const char *buf, mclSize bufSize, int ioMode);
+MCLBN_DLL_API int mclBnG1_setStr(mclBnG1 *x, const char *buf, mclSize bufSize, int ioMode);
+MCLBN_DLL_API int mclBnG2_setStr(mclBnG2 *x, const char *buf, mclSize bufSize, int ioMode);
+MCLBN_DLL_API int mclBnGT_setStr(mclBnGT *x, const char *buf, mclSize bufSize, int ioMode);
+MCLBN_DLL_API int mclBnFp_setStr(mclBnFp *x, const char *buf, mclSize bufSize, int ioMode);
+
+/*
+ buf is terminated by '\0'
+ return strlen(buf) if sucess else 0
+*/
+MCLBN_DLL_API mclSize mclBnFr_getStr(char *buf, mclSize maxBufSize, const mclBnFr *x, int ioMode);
+MCLBN_DLL_API mclSize mclBnG1_getStr(char *buf, mclSize maxBufSize, const mclBnG1 *x, int ioMode);
+MCLBN_DLL_API mclSize mclBnG2_getStr(char *buf, mclSize maxBufSize, const mclBnG2 *x, int ioMode);
+MCLBN_DLL_API mclSize mclBnGT_getStr(char *buf, mclSize maxBufSize, const mclBnGT *x, int ioMode);
+MCLBN_DLL_API mclSize mclBnFp_getStr(char *buf, mclSize maxBufSize, const mclBnFp *x, int ioMode);
+
+// set zero
+MCLBN_DLL_API void mclBnFr_clear(mclBnFr *x);
+MCLBN_DLL_API void mclBnFp_clear(mclBnFp *x);
+MCLBN_DLL_API void mclBnFp2_clear(mclBnFp2 *x);
+
+// set x to y
+MCLBN_DLL_API void mclBnFr_setInt(mclBnFr *y, mclInt x);
+MCLBN_DLL_API void mclBnFr_setInt32(mclBnFr *y, int x);
+
+// x = buf & (1 << bitLen(r)) - 1
+// if (x >= r) x &= (1 << (bitLen(r) - 1)) - 1
+// always return 0
+MCLBN_DLL_API int mclBnFr_setLittleEndian(mclBnFr *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API int mclBnFp_setLittleEndian(mclBnFp *x, const void *buf, mclSize bufSize);
+
+// set (buf mod r) to x
+// return 0 if bufSize <= (byte size of Fr * 2) else -1
+MCLBN_DLL_API int mclBnFr_setLittleEndianMod(mclBnFr *x, const void *buf, mclSize bufSize);
+// set (buf mod p) to x
+// return 0 if bufSize <= (byte size of Fp * 2) else -1
+MCLBN_DLL_API int mclBnFp_setLittleEndianMod(mclBnFp *x, const void *buf, mclSize bufSize);
+
+// return 1 if true and 0 otherwise
+MCLBN_DLL_API int mclBnFr_isValid(const mclBnFr *x);
+MCLBN_DLL_API int mclBnFr_isEqual(const mclBnFr *x, const mclBnFr *y);
+MCLBN_DLL_API int mclBnFr_isZero(const mclBnFr *x);
+MCLBN_DLL_API int mclBnFr_isOne(const mclBnFr *x);
+
+MCLBN_DLL_API int mclBnFp_isEqual(const mclBnFp *x, const mclBnFp *y);
+MCLBN_DLL_API int mclBnFp2_isEqual(const mclBnFp2 *x, const mclBnFp2 *y);
+
+#ifndef MCL_DONT_USE_CSRPNG
+// return 0 if success
+MCLBN_DLL_API int mclBnFr_setByCSPRNG(mclBnFr *x);
+
+/*
+ set user-defined random function for setByCSPRNG
+ @param self [in] user-defined pointer
+ @param readFunc [in] user-defined function,
+ which writes random bufSize bytes to buf and returns bufSize if success else returns 0
+ @note if self == 0 and readFunc == 0 then set default random function
+ @note not threadsafe
+*/
+MCLBN_DLL_API void mclBn_setRandFunc(void *self, unsigned int (*readFunc)(void *self, void *buf, unsigned int bufSize));
+#endif
+
+// hash(s) and set x
+// return 0 if success
+MCLBN_DLL_API int mclBnFr_setHashOf(mclBnFr *x, const void *buf, mclSize bufSize);
+MCLBN_DLL_API int mclBnFp_setHashOf(mclBnFp *x, const void *buf, mclSize bufSize);
+
+// map x to y
+// return 0 if success else -1
+MCLBN_DLL_API int mclBnFp_mapToG1(mclBnG1 *y, const mclBnFp *x);
+MCLBN_DLL_API int mclBnFp2_mapToG2(mclBnG2 *y, const mclBnFp2 *x);
+
+MCLBN_DLL_API void mclBnFr_neg(mclBnFr *y, const mclBnFr *x);
+MCLBN_DLL_API void mclBnFr_inv(mclBnFr *y, const mclBnFr *x);
+MCLBN_DLL_API void mclBnFr_sqr(mclBnFr *y, const mclBnFr *x);
+MCLBN_DLL_API void mclBnFr_add(mclBnFr *z, const mclBnFr *x, const mclBnFr *y);
+MCLBN_DLL_API void mclBnFr_sub(mclBnFr *z, const mclBnFr *x, const mclBnFr *y);
+MCLBN_DLL_API void mclBnFr_mul(mclBnFr *z, const mclBnFr *x, const mclBnFr *y);
+MCLBN_DLL_API void mclBnFr_div(mclBnFr *z, const mclBnFr *x, const mclBnFr *y);
+
+////////////////////////////////////////////////
+// set zero
+MCLBN_DLL_API void mclBnG1_clear(mclBnG1 *x);
+
+
+// return 1 if true and 0 otherwise
+MCLBN_DLL_API int mclBnG1_isValid(const mclBnG1 *x);
+MCLBN_DLL_API int mclBnG1_isEqual(const mclBnG1 *x, const mclBnG1 *y);
+MCLBN_DLL_API int mclBnG1_isZero(const mclBnG1 *x);
+/*
+ return 1 if x has a correct order
+ x is valid point of G1 if and only if
+ mclBnG1_isValid() is true, which contains mclBnG1_isValidOrder() if mclBn_verifyOrderG1(true)
+ mclBnG1_isValid() && mclBnG1_isValidOrder() is true if mclBn_verifyOrderG1(false)
+*/
+MCLBN_DLL_API int mclBnG1_isValidOrder(const mclBnG1 *x);
+
+MCLBN_DLL_API int mclBnG1_hashAndMapTo(mclBnG1 *x, const void *buf, mclSize bufSize);
+
+
+MCLBN_DLL_API void mclBnG1_neg(mclBnG1 *y, const mclBnG1 *x);
+MCLBN_DLL_API void mclBnG1_dbl(mclBnG1 *y, const mclBnG1 *x);
+MCLBN_DLL_API void mclBnG1_normalize(mclBnG1 *y, const mclBnG1 *x);
+MCLBN_DLL_API void mclBnG1_add(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y);
+MCLBN_DLL_API void mclBnG1_sub(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y);
+MCLBN_DLL_API void mclBnG1_mul(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y);
+
+/*
+ constant time mul
+*/
+MCLBN_DLL_API void mclBnG1_mulCT(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y);
+
+////////////////////////////////////////////////
+// set zero
+MCLBN_DLL_API void mclBnG2_clear(mclBnG2 *x);
+
+// return 1 if true and 0 otherwise
+MCLBN_DLL_API int mclBnG2_isValid(const mclBnG2 *x);
+MCLBN_DLL_API int mclBnG2_isEqual(const mclBnG2 *x, const mclBnG2 *y);
+MCLBN_DLL_API int mclBnG2_isZero(const mclBnG2 *x);
+// return 1 if x has a correct order
+MCLBN_DLL_API int mclBnG2_isValidOrder(const mclBnG2 *x);
+
+MCLBN_DLL_API int mclBnG2_hashAndMapTo(mclBnG2 *x, const void *buf, mclSize bufSize);
+
+// return written size if sucess else 0
+
+MCLBN_DLL_API void mclBnG2_neg(mclBnG2 *y, const mclBnG2 *x);
+MCLBN_DLL_API void mclBnG2_dbl(mclBnG2 *y, const mclBnG2 *x);
+MCLBN_DLL_API void mclBnG2_normalize(mclBnG2 *y, const mclBnG2 *x);
+MCLBN_DLL_API void mclBnG2_add(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y);
+MCLBN_DLL_API void mclBnG2_sub(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y);
+MCLBN_DLL_API void mclBnG2_mul(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y);
+/*
+ constant time mul
+*/
+MCLBN_DLL_API void mclBnG2_mulCT(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y);
+
+////////////////////////////////////////////////
+// set zero
+MCLBN_DLL_API void mclBnGT_clear(mclBnGT *x);
+// set x to y
+MCLBN_DLL_API void mclBnGT_setInt(mclBnGT *y, mclInt x);
+MCLBN_DLL_API void mclBnGT_setInt32(mclBnGT *y, int x);
+
+// return 1 if true and 0 otherwise
+MCLBN_DLL_API int mclBnGT_isEqual(const mclBnGT *x, const mclBnGT *y);
+MCLBN_DLL_API int mclBnGT_isZero(const mclBnGT *x);
+MCLBN_DLL_API int mclBnGT_isOne(const mclBnGT *x);
+
+MCLBN_DLL_API void mclBnGT_neg(mclBnGT *y, const mclBnGT *x);
+MCLBN_DLL_API void mclBnGT_inv(mclBnGT *y, const mclBnGT *x);
+MCLBN_DLL_API void mclBnGT_sqr(mclBnGT *y, const mclBnGT *x);
+MCLBN_DLL_API void mclBnGT_add(mclBnGT *z, const mclBnGT *x, const mclBnGT *y);
+MCLBN_DLL_API void mclBnGT_sub(mclBnGT *z, const mclBnGT *x, const mclBnGT *y);
+MCLBN_DLL_API void mclBnGT_mul(mclBnGT *z, const mclBnGT *x, const mclBnGT *y);
+MCLBN_DLL_API void mclBnGT_div(mclBnGT *z, const mclBnGT *x, const mclBnGT *y);
+
+/*
+ pow for all elements of Fp12
+*/
+MCLBN_DLL_API void mclBnGT_powGeneric(mclBnGT *z, const mclBnGT *x, const mclBnFr *y);
+/*
+ pow for only {x|x^r = 1} in Fp12 by GLV method
+ the value generated by pairing satisfies the condition
+*/
+MCLBN_DLL_API void mclBnGT_pow(mclBnGT *z, const mclBnGT *x, const mclBnFr *y);
+
+MCLBN_DLL_API void mclBn_pairing(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y);
+MCLBN_DLL_API void mclBn_finalExp(mclBnGT *y, const mclBnGT *x);
+MCLBN_DLL_API void mclBn_millerLoop(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y);
+
+// return precomputedQcoeffSize * sizeof(Fp6) / sizeof(uint64_t)
+MCLBN_DLL_API int mclBn_getUint64NumToPrecompute(void);
+
+// allocate Qbuf[MCLBN_getUint64NumToPrecompute()] before calling this
+MCLBN_DLL_API void mclBn_precomputeG2(uint64_t *Qbuf, const mclBnG2 *Q);
+
+MCLBN_DLL_API void mclBn_precomputedMillerLoop(mclBnGT *f, const mclBnG1 *P, const uint64_t *Qbuf);
+MCLBN_DLL_API void mclBn_precomputedMillerLoop2(mclBnGT *f, const mclBnG1 *P1, const uint64_t *Q1buf, const mclBnG1 *P2, const uint64_t *Q2buf);
+MCLBN_DLL_API void mclBn_precomputedMillerLoop2mixed(mclBnGT *f, const mclBnG1 *P1, const mclBnG2 *Q1, const mclBnG1 *P2, const uint64_t *Q2buf);
+
+/*
+ Lagrange interpolation
+ recover out = y(0) by { (xVec[i], yVec[i]) }
+ return 0 if success else -1
+ @note *out = yVec[0] if k = 1
+ @note k >= 2, xVec[i] != 0, xVec[i] != xVec[j] for i != j
+*/
+MCLBN_DLL_API int mclBn_FrLagrangeInterpolation(mclBnFr *out, const mclBnFr *xVec, const mclBnFr *yVec, mclSize k);
+MCLBN_DLL_API int mclBn_G1LagrangeInterpolation(mclBnG1 *out, const mclBnFr *xVec, const mclBnG1 *yVec, mclSize k);
+MCLBN_DLL_API int mclBn_G2LagrangeInterpolation(mclBnG2 *out, const mclBnFr *xVec, const mclBnG2 *yVec, mclSize k);
+
+/*
+ evaluate polynomial
+ out = f(x) = c[0] + c[1] * x + c[2] * x^2 + ... + c[cSize - 1] * x^(cSize - 1)
+ @note cSize >= 2
+*/
+MCLBN_DLL_API int mclBn_FrEvaluatePolynomial(mclBnFr *out, const mclBnFr *cVec, mclSize cSize, const mclBnFr *x);
+MCLBN_DLL_API int mclBn_G1EvaluatePolynomial(mclBnG1 *out, const mclBnG1 *cVec, mclSize cSize, const mclBnFr *x);
+MCLBN_DLL_API int mclBn_G2EvaluatePolynomial(mclBnG2 *out, const mclBnG2 *cVec, mclSize cSize, const mclBnFr *x);
+
+/*
+ verify whether a point of an elliptic curve has order r
+ This api affetcs setStr(), deserialize() for G2 on BN or G1/G2 on BLS12
+ @param doVerify [in] does not verify if zero(default 1)
+*/
+MCLBN_DLL_API void mclBn_verifyOrderG1(int doVerify);
+MCLBN_DLL_API void mclBn_verifyOrderG2(int doVerify);
+
+/*
+ EXPERIMENTAL
+ only for curve = MCL_SECP* or MCL_NIST*
+ return standard base point of the current elliptic curve
+*/
+MCLBN_DLL_API int mclBnG1_getBasePoint(mclBnG1 *x);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.hpp
new file mode 100644
index 000000000..5ebe5d956
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn.hpp
@@ -0,0 +1,2261 @@
+#pragma once
+/**
+ @file
+ @brief optimal ate pairing over BN-curve / BLS12-curve
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/fp_tower.hpp>
+#include <mcl/ec.hpp>
+#include <mcl/curve_type.h>
+#include <assert.h>
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+#include <vector>
+#endif
+
+/*
+ set bit size of Fp and Fr
+*/
+#ifndef MCL_MAX_FP_BIT_SIZE
+ #define MCL_MAX_FP_BIT_SIZE 256
+#endif
+
+#ifndef MCL_MAX_FR_BIT_SIZE
+ #define MCL_MAX_FR_BIT_SIZE MCL_MAX_FP_BIT_SIZE
+#endif
+namespace mcl {
+
+struct CurveParam {
+ /*
+ y^2 = x^3 + b
+ i^2 = -1
+ xi = xi_a + i
+ v^3 = xi
+ w^2 = v
+ */
+ const char *z;
+ int b; // y^2 = x^3 + b
+ int xi_a; // xi = xi_a + i
+ /*
+ BN254, BN381 : Dtype
+ BLS12-381 : Mtype
+ */
+ bool isMtype;
+ int curveType; // same in curve_type.h
+ bool operator==(const CurveParam& rhs) const
+ {
+ return strcmp(z, rhs.z) == 0 && b == rhs.b && xi_a == rhs.xi_a && isMtype == rhs.isMtype;
+ }
+ bool operator!=(const CurveParam& rhs) const { return !operator==(rhs); }
+};
+
+const CurveParam BN254 = { "-0x4080000000000001", 2, 1, false, MCL_BN254 }; // -(2^62 + 2^55 + 1)
+// provisional(experimental) param with maxBitSize = 384
+const CurveParam BN381_1 = { "-0x400011000000000000000001", 2, 1, false, MCL_BN381_1 }; // -(2^94 + 2^76 + 2^72 + 1) // A Family of Implementation-Friendly BN Elliptic Curves
+const CurveParam BN381_2 = { "-0x400040090001000000000001", 2, 1, false, MCL_BN381_2 }; // -(2^94 + 2^78 + 2^67 + 2^64 + 2^48 + 1) // used in relic-toolkit
+const CurveParam BN462 = { "0x4001fffffffffffffffffffffbfff", 5, 2, false, MCL_BN462 }; // 2^114 + 2^101 - 2^14 - 1 // https://eprint.iacr.org/2017/334
+const CurveParam BN_SNARK1 = { "4965661367192848881", 3, 9, false, MCL_BN_SNARK1 };
+const CurveParam BLS12_381 = { "-0xd201000000010000", 4, 1, true, MCL_BLS12_381 };
+const CurveParam BN160 = { "0x4000000031", 3, 4, false, MCL_BN160 };
+
+inline const CurveParam& getCurveParam(int type)
+{
+ switch (type) {
+ case MCL_BN254: return mcl::BN254;
+ case MCL_BN381_1: return mcl::BN381_1;
+ case MCL_BN381_2: return mcl::BN381_2;
+ case MCL_BN462: return mcl::BN462;
+ case MCL_BN_SNARK1: return mcl::BN_SNARK1;
+ case MCL_BLS12_381: return mcl::BLS12_381;
+ case MCL_BN160: return mcl::BN160;
+ default:
+ assert(0);
+ return mcl::BN254;
+ }
+}
+
+namespace bn {
+
+namespace local {
+struct FpTag;
+struct FrTag;
+}
+
+typedef mcl::FpT<local::FpTag, MCL_MAX_FP_BIT_SIZE> Fp;
+typedef mcl::FpT<local::FrTag, MCL_MAX_FR_BIT_SIZE> Fr;
+typedef mcl::Fp2T<Fp> Fp2;
+typedef mcl::Fp6T<Fp> Fp6;
+typedef mcl::Fp12T<Fp> Fp12;
+typedef mcl::EcT<Fp> G1;
+typedef mcl::EcT<Fp2> G2;
+typedef Fp12 GT;
+
+typedef mcl::FpDblT<Fp> FpDbl;
+typedef mcl::Fp2DblT<Fp> Fp2Dbl;
+
+inline void Frobenius(Fp2& y, const Fp2& x)
+{
+ Fp2::Frobenius(y, x);
+}
+inline void Frobenius(Fp12& y, const Fp12& x)
+{
+ Fp12::Frobenius(y, x);
+}
+/*
+ twisted Frobenius for G2
+*/
+void Frobenius(G2& D, const G2& S);
+void Frobenius2(G2& D, const G2& S);
+void Frobenius3(G2& D, const G2& S);
+
+namespace local {
+
+typedef mcl::FixedArray<int8_t, 128> SignVec;
+
+inline size_t getPrecomputeQcoeffSize(const SignVec& sv)
+{
+ size_t idx = 2 + 2;
+ for (size_t i = 2; i < sv.size(); i++) {
+ idx++;
+ if (sv[i]) idx++;
+ }
+ return idx;
+}
+
+template<class X, class C, size_t N>
+X evalPoly(const X& x, const C (&c)[N])
+{
+ X ret = c[N - 1];
+ for (size_t i = 1; i < N; i++) {
+ ret *= x;
+ ret += c[N - 1 - i];
+ }
+ return ret;
+}
+
+enum TwistBtype {
+ tb_generic,
+ tb_1m1i, // 1 - 1i
+ tb_1m2i // 1 - 2i
+};
+
+/*
+ l = (a, b, c) => (a, b * P.y, c * P.x)
+*/
+inline void updateLine(Fp6& l, const G1& P)
+{
+ l.b.a *= P.y;
+ l.b.b *= P.y;
+ l.c.a *= P.x;
+ l.c.b *= P.x;
+}
+
+struct Compress {
+ Fp12& z_;
+ Fp2& g1_;
+ Fp2& g2_;
+ Fp2& g3_;
+ Fp2& g4_;
+ Fp2& g5_;
+ // z is output area
+ Compress(Fp12& z, const Fp12& x)
+ : z_(z)
+ , g1_(z.getFp2()[4])
+ , g2_(z.getFp2()[3])
+ , g3_(z.getFp2()[2])
+ , g4_(z.getFp2()[1])
+ , g5_(z.getFp2()[5])
+ {
+ g2_ = x.getFp2()[3];
+ g3_ = x.getFp2()[2];
+ g4_ = x.getFp2()[1];
+ g5_ = x.getFp2()[5];
+ }
+ Compress(Fp12& z, const Compress& c)
+ : z_(z)
+ , g1_(z.getFp2()[4])
+ , g2_(z.getFp2()[3])
+ , g3_(z.getFp2()[2])
+ , g4_(z.getFp2()[1])
+ , g5_(z.getFp2()[5])
+ {
+ g2_ = c.g2_;
+ g3_ = c.g3_;
+ g4_ = c.g4_;
+ g5_ = c.g5_;
+ }
+ void decompressBeforeInv(Fp2& nume, Fp2& denomi) const
+ {
+ assert(&nume != &denomi);
+
+ if (g2_.isZero()) {
+ Fp2::add(nume, g4_, g4_);
+ nume *= g5_;
+ denomi = g3_;
+ } else {
+ Fp2 t;
+ Fp2::sqr(nume, g5_);
+ Fp2::mul_xi(denomi, nume);
+ Fp2::sqr(nume, g4_);
+ Fp2::sub(t, nume, g3_);
+ t += t;
+ t += nume;
+ Fp2::add(nume, denomi, t);
+ Fp2::divBy4(nume, nume);
+ denomi = g2_;
+ }
+ }
+
+ // output to z
+ void decompressAfterInv()
+ {
+ Fp2& g0 = z_.getFp2()[0];
+ Fp2 t0, t1;
+ // Compute g0.
+ Fp2::sqr(t0, g1_);
+ Fp2::mul(t1, g3_, g4_);
+ t0 -= t1;
+ t0 += t0;
+ t0 -= t1;
+ Fp2::mul(t1, g2_, g5_);
+ t0 += t1;
+ Fp2::mul_xi(g0, t0);
+ g0.a += Fp::one();
+ }
+
+public:
+ void decompress() // for test
+ {
+ Fp2 nume, denomi;
+ decompressBeforeInv(nume, denomi);
+ Fp2::inv(denomi, denomi);
+ g1_ = nume * denomi; // g1 is recoverd.
+ decompressAfterInv();
+ }
+ /*
+ 2275clk * 186 = 423Kclk QQQ
+ */
+ static void squareC(Compress& z)
+ {
+ Fp2 t0, t1, t2;
+ Fp2Dbl T0, T1, T2, T3;
+ Fp2Dbl::sqrPre(T0, z.g4_);
+ Fp2Dbl::sqrPre(T1, z.g5_);
+ Fp2Dbl::mul_xi(T2, T1);
+ T2 += T0;
+ Fp2Dbl::mod(t2, T2);
+ Fp2::add(t0, z.g4_, z.g5_);
+ Fp2Dbl::sqrPre(T2, t0);
+ T0 += T1;
+ T2 -= T0;
+ Fp2Dbl::mod(t0, T2);
+ Fp2::add(t1, z.g2_, z.g3_);
+ Fp2Dbl::sqrPre(T3, t1);
+ Fp2Dbl::sqrPre(T2, z.g2_);
+ Fp2::mul_xi(t1, t0);
+ z.g2_ += t1;
+ z.g2_ += z.g2_;
+ z.g2_ += t1;
+ Fp2::sub(t1, t2, z.g3_);
+ t1 += t1;
+ Fp2Dbl::sqrPre(T1, z.g3_);
+ Fp2::add(z.g3_, t1, t2);
+ Fp2Dbl::mul_xi(T0, T1);
+ T0 += T2;
+ Fp2Dbl::mod(t0, T0);
+ Fp2::sub(z.g4_, t0, z.g4_);
+ z.g4_ += z.g4_;
+ z.g4_ += t0;
+ Fp2Dbl::addPre(T2, T2, T1);
+ T3 -= T2;
+ Fp2Dbl::mod(t0, T3);
+ z.g5_ += t0;
+ z.g5_ += z.g5_;
+ z.g5_ += t0;
+ }
+ static void square_n(Compress& z, int n)
+ {
+ for (int i = 0; i < n; i++) {
+ squareC(z);
+ }
+ }
+ /*
+ Exponentiation over compression for:
+ z = x^Param::z.abs()
+ */
+ static void fixed_power(Fp12& z, const Fp12& x)
+ {
+ if (x.isOne()) {
+ z = 1;
+ return;
+ }
+ Fp12 x_org = x;
+ Fp12 d62;
+ Fp2 c55nume, c55denomi, c62nume, c62denomi;
+ Compress c55(z, x);
+ square_n(c55, 55);
+ c55.decompressBeforeInv(c55nume, c55denomi);
+ Compress c62(d62, c55);
+ square_n(c62, 62 - 55);
+ c62.decompressBeforeInv(c62nume, c62denomi);
+ Fp2 acc;
+ Fp2::mul(acc, c55denomi, c62denomi);
+ Fp2::inv(acc, acc);
+ Fp2 t;
+ Fp2::mul(t, acc, c62denomi);
+ Fp2::mul(c55.g1_, c55nume, t);
+ c55.decompressAfterInv();
+ Fp2::mul(t, acc, c55denomi);
+ Fp2::mul(c62.g1_, c62nume, t);
+ c62.decompressAfterInv();
+ z *= x_org;
+ z *= d62;
+ }
+};
+
+struct MapTo {
+ enum {
+ BNtype,
+ BLS12type,
+ STD_ECtype
+ };
+ Fp c1_; // sqrt(-3)
+ Fp c2_; // (-1 + sqrt(-3)) / 2
+ mpz_class z_;
+ mpz_class cofactor_;
+ int type_;
+ bool useNaiveMapTo_;
+
+ int legendre(bool *pb, const Fp& x) const
+ {
+ mpz_class xx;
+ x.getMpz(pb, xx);
+ if (!*pb) return 0;
+ return gmp::legendre(xx, Fp::getOp().mp);
+ }
+ int legendre(bool *pb, const Fp2& x) const
+ {
+ Fp y;
+ Fp2::norm(y, x);
+ return legendre(pb, y);
+ }
+ void mulFp(Fp& x, const Fp& y) const
+ {
+ x *= y;
+ }
+ void mulFp(Fp2& x, const Fp& y) const
+ {
+ x.a *= y;
+ x.b *= y;
+ }
+ /*
+ P.-A. Fouque and M. Tibouchi,
+ "Indifferentiable hashing to Barreto Naehrig curves,"
+ in Proc. Int. Conf. Cryptol. Inform. Security Latin Amer., 2012, vol. 7533, pp.1-17.
+
+ w = sqrt(-3) t / (1 + b + t^2)
+ Remark: throw exception if t = 0, c1, -c1 and b = 2
+ */
+ template<class G, class F>
+ bool calcBN(G& P, const F& t) const
+ {
+ F x, y, w;
+ bool b;
+ bool negative = legendre(&b, t) < 0;
+ if (!b) return false;
+ if (t.isZero()) return false;
+ F::sqr(w, t);
+ w += G::b_;
+ *w.getFp0() += Fp::one();
+ if (w.isZero()) return false;
+ F::inv(w, w);
+ mulFp(w, c1_);
+ w *= t;
+ for (int i = 0; i < 3; i++) {
+ switch (i) {
+ case 0: F::mul(x, t, w); F::neg(x, x); *x.getFp0() += c2_; break;
+ case 1: F::neg(x, x); *x.getFp0() -= Fp::one(); break;
+ case 2: F::sqr(x, w); F::inv(x, x); *x.getFp0() += Fp::one(); break;
+ }
+ G::getWeierstrass(y, x);
+ if (F::squareRoot(y, y)) {
+ if (negative) F::neg(y, y);
+ P.set(&b, x, y, false);
+ assert(b);
+ return true;
+ }
+ }
+ return false;
+ }
+ /*
+ Faster Hashing to G2
+ Laura Fuentes-Castaneda, Edward Knapp, Francisco Rodriguez-Henriquez
+ section 6.1
+ for BN
+ Q = zP + Frob(3zP) + Frob^2(zP) + Frob^3(P)
+ = -(18x^3 + 12x^2 + 3x + 1)cofactor_ P
+ */
+ void mulByCofactorBN(G2& Q, const G2& P) const
+ {
+#if 0
+ G2::mulGeneric(Q, P, cofactor_);
+#else
+#if 0
+ mpz_class t = -(1 + z_ * (3 + z_ * (12 + z_ * 18)));
+ G2::mulGeneric(Q, P, t * cofactor_);
+#else
+ G2 T0, T1, T2;
+ /*
+ G2::mul (GLV method) can't be used because P is not on G2
+ */
+ G2::mulGeneric(T0, P, z_);
+ G2::dbl(T1, T0);
+ T1 += T0; // 3zP
+ Frobenius(T1, T1);
+ Frobenius2(T2, T0);
+ T0 += T1;
+ T0 += T2;
+ Frobenius3(T2, P);
+ G2::add(Q, T0, T2);
+#endif
+#endif
+ }
+ /*
+ 1.2~1.4 times faster than calBN
+ */
+ template<class G, class F>
+ void naiveMapTo(G& P, const F& t) const
+ {
+ F x = t;
+ for (;;) {
+ F y;
+ G::getWeierstrass(y, x);
+ if (F::squareRoot(y, y)) {
+ bool b;
+ P.set(&b, x, y, false);
+ assert(b);
+ return;
+ }
+ *x.getFp0() += Fp::one();
+ }
+ }
+ /*
+ #(Fp) / r = (z + 1 - t) / r = (z - 1)^2 / 3
+ */
+ void mulByCofactorBLS12(G1& Q, const G1& P) const
+ {
+ G1::mulGeneric(Q, P, cofactor_);
+ }
+ /*
+ Efficient hash maps to G2 on BLS curves
+ Alessandro Budroni, Federico Pintore
+ Q = (z(z-1)-1)P + Frob((z-1)P) + Frob^2(2P)
+ */
+ void mulByCofactorBLS12(G2& Q, const G2& P) const
+ {
+ G2 T0, T1;
+ G2::mulGeneric(T0, P, z_ - 1);
+ G2::mulGeneric(T1, T0, z_);
+ T1 -= P;
+ Frobenius(T0, T0);
+ T0 += T1;
+ G2::dbl(T1, P);
+ Frobenius2(T1, T1);
+ G2::add(Q, T0, T1);
+ }
+ /*
+ cofactor_ is for G2(not used now)
+ */
+ void initBN(const mpz_class& cofactor, const mpz_class &z, int curveType)
+ {
+ z_ = z;
+ cofactor_ = cofactor;
+ if (curveType == MCL_BN254) {
+ const char *c1 = "252364824000000126cd890000000003cf0f0000000000060c00000000000004";
+ const char *c2 = "25236482400000017080eb4000000006181800000000000cd98000000000000b";
+ bool b;
+ c1_.setStr(&b, c1, 16);
+ c2_.setStr(&b, c2, 16);
+ (void)b;
+ return;
+ }
+ bool b = Fp::squareRoot(c1_, -3);
+ assert(b);
+ (void)b;
+ c2_ = (c1_ - 1) / 2;
+ }
+ void initBLS12(const mpz_class& z)
+ {
+ z_ = z;
+ // cofactor for G1
+ cofactor_ = (z - 1) * (z - 1) / 3;
+ bool b = Fp::squareRoot(c1_, -3);
+ assert(b);
+ (void)b;
+ c2_ = (c1_ - 1) / 2;
+ }
+ /*
+ if type == STD_ECtype, then cofactor, z are not used.
+ */
+ void init(const mpz_class& cofactor, const mpz_class &z, int curveType)
+ {
+ if (0 <= curveType && curveType < MCL_EC_BEGIN) {
+ type_ = curveType == MCL_BLS12_381 ? BLS12type : BNtype;
+ } else {
+ type_ = STD_ECtype;
+ }
+ if (type_ == STD_ECtype) {
+ useNaiveMapTo_ = true;
+ } else {
+ useNaiveMapTo_ = false;
+ }
+#ifdef MCL_USE_OLD_MAPTO_FOR_BLS12
+ if (type == BLS12type) useNaiveMapTo_ = true;
+#endif
+ if (type_ == BNtype) {
+ initBN(cofactor, z, curveType);
+ } else if (type_ == BLS12type) {
+ initBLS12(z);
+ }
+ }
+ bool calcG1(G1& P, const Fp& t) const
+ {
+ if (useNaiveMapTo_) {
+ naiveMapTo<G1, Fp>(P, t);
+ } else {
+ if (!calcBN<G1, Fp>(P, t)) return false;
+ }
+ switch (type_) {
+ case BNtype:
+ // no subgroup
+ break;
+ case BLS12type:
+ mulByCofactorBLS12(P, P);
+ break;
+ }
+ assert(P.isValid());
+ return true;
+ }
+ /*
+ get the element in G2 by multiplying the cofactor
+ */
+ bool calcG2(G2& P, const Fp2& t) const
+ {
+ if (useNaiveMapTo_) {
+ naiveMapTo<G2, Fp2>(P, t);
+ } else {
+ if (!calcBN<G2, Fp2>(P, t)) return false;
+ }
+ switch(type_) {
+ case BNtype:
+ mulByCofactorBN(P, P);
+ break;
+ case BLS12type:
+ mulByCofactorBLS12(P, P);
+ break;
+ }
+ assert(P.isValid());
+ return true;
+ }
+};
+
+/*
+ Software implementation of Attribute-Based Encryption: Appendixes
+ GLV for G1 on BN/BLS12
+*/
+struct GLV1 {
+ Fp rw; // rw = 1 / w = (-1 - sqrt(-3)) / 2
+ size_t rBitSize;
+ mpz_class v0, v1;
+ mpz_class B[2][2];
+ mpz_class r;
+private:
+ bool usePrecomputedTable(int curveType)
+ {
+ if (curveType < 0) return false;
+ const struct Tbl {
+ int curveType;
+ const char *rw;
+ size_t rBitSize;
+ const char *v0, *v1;
+ const char *B[2][2];
+ const char *r;
+ } tbl[] = {
+ {
+ MCL_BN254,
+ "49b36240000000024909000000000006cd80000000000007",
+ 256,
+ "2a01fab7e04a017b9c0eb31ff36bf3357",
+ "37937ca688a6b4904",
+ {
+ {
+ "61818000000000028500000000000004",
+ "8100000000000001",
+ },
+ {
+ "8100000000000001",
+ "-61818000000000020400000000000003",
+ },
+ },
+ "2523648240000001ba344d8000000007ff9f800000000010a10000000000000d",
+ },
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ if (tbl[i].curveType != curveType) continue;
+ bool b;
+ rw.setStr(&b, tbl[i].rw, 16); if (!b) continue;
+ rBitSize = tbl[i].rBitSize;
+ mcl::gmp::setStr(&b, v0, tbl[i].v0, 16); if (!b) continue;
+ mcl::gmp::setStr(&b, v1, tbl[i].v1, 16); if (!b) continue;
+ mcl::gmp::setStr(&b, B[0][0], tbl[i].B[0][0], 16); if (!b) continue;
+ mcl::gmp::setStr(&b, B[0][1], tbl[i].B[0][1], 16); if (!b) continue;
+ mcl::gmp::setStr(&b, B[1][0], tbl[i].B[1][0], 16); if (!b) continue;
+ mcl::gmp::setStr(&b, B[1][1], tbl[i].B[1][1], 16); if (!b) continue;
+ mcl::gmp::setStr(&b, r, tbl[i].r, 16); if (!b) continue;
+ return true;
+ }
+ return false;
+ }
+public:
+ bool operator==(const GLV1& rhs) const
+ {
+ return rw == rhs.rw && rBitSize == rhs.rBitSize && v0 == rhs.v0 && v1 == rhs.v1
+ && B[0][0] == rhs.B[0][0] && B[0][1] == rhs.B[0][1] && B[1][0] == rhs.B[1][0]
+ && B[1][1] == rhs.B[1][1] && r == rhs.r;
+ }
+ bool operator!=(const GLV1& rhs) const { return !operator==(rhs); }
+#ifndef CYBOZU_DONT_USE_STRING
+ void dump(const mpz_class& x) const
+ {
+ printf("\"%s\",\n", mcl::gmp::getStr(x, 16).c_str());
+ }
+ void dump() const
+ {
+ printf("\"%s\",\n", rw.getStr(16).c_str());
+ printf("%d,\n", (int)rBitSize);
+ dump(v0);
+ dump(v1);
+ dump(B[0][0]); dump(B[0][1]); dump(B[1][0]); dump(B[1][1]);
+ dump(r);
+ }
+#endif
+ void init(const mpz_class& r, const mpz_class& z, bool isBLS12 = false, int curveType = -1)
+ {
+ if (usePrecomputedTable(curveType)) return;
+ bool b = Fp::squareRoot(rw, -3);
+ assert(b);
+ (void)b;
+ rw = -(rw + 1) / 2;
+ this->r = r;
+ rBitSize = gmp::getBitSize(r);
+ rBitSize = (rBitSize + fp::UnitBitSize - 1) & ~(fp::UnitBitSize - 1);// a little better size
+ if (isBLS12) {
+ /*
+ BLS12
+ L = z^4
+ (-z^2+1) + L = 0
+ 1 + z^2 L = 0
+ */
+ B[0][0] = -z * z + 1;
+ B[0][1] = 1;
+ B[1][0] = 1;
+ B[1][1] = z * z;
+ } else {
+ /*
+ BN
+ L = 36z^4 - 1
+ (6z^2+2z) - (2z+1) L = 0
+ (-2z-1) - (6z^2+4z+1)L = 0
+ */
+ B[0][0] = 6 * z * z + 2 * z;
+ B[0][1] = -2 * z - 1;
+ B[1][0] = -2 * z - 1;
+ B[1][1] = -6 * z * z - 4 * z - 1;
+ }
+ // [v0 v1] = [r 0] * B^(-1)
+ v0 = ((-B[1][1]) << rBitSize) / r;
+ v1 = ((B[1][0]) << rBitSize) / r;
+ }
+ /*
+ L = lambda = p^4
+ L (x, y) = (rw x, y)
+ */
+ void mulLambda(G1& Q, const G1& P) const
+ {
+ Fp::mul(Q.x, P.x, rw);
+ Q.y = P.y;
+ Q.z = P.z;
+ }
+ /*
+ x = a + b * lambda mod r
+ */
+ void split(mpz_class& a, mpz_class& b, const mpz_class& x) const
+ {
+ mpz_class t;
+ t = (x * v0) >> rBitSize;
+ b = (x * v1) >> rBitSize;
+ a = x - (t * B[0][0] + b * B[1][0]);
+ b = - (t * B[0][1] + b * B[1][1]);
+ }
+ void mul(G1& Q, const G1& P, mpz_class x, bool constTime = false) const
+ {
+ typedef mcl::fp::Unit Unit;
+ const size_t maxUnit = 512 / 2 / mcl::fp::UnitBitSize;
+ const int splitN = 2;
+ mpz_class u[splitN];
+ G1 in[splitN];
+ G1 tbl[4];
+ int bitTbl[splitN]; // bit size of u[i]
+ Unit w[splitN][maxUnit]; // unit array of u[i]
+ int maxBit = 0; // max bit of u[i]
+ int maxN = 0;
+ int remainBit = 0;
+
+ x %= r;
+ if (x == 0) {
+ Q.clear();
+ if (constTime) goto DummyLoop;
+ return;
+ }
+ if (x < 0) {
+ x += r;
+ }
+ split(u[0], u[1], x);
+ in[0] = P;
+ mulLambda(in[1], in[0]);
+ for (int i = 0; i < splitN; i++) {
+ if (u[i] < 0) {
+ u[i] = -u[i];
+ G1::neg(in[i], in[i]);
+ }
+ in[i].normalize();
+ }
+#if 0
+ G1::mulGeneric(in[0], in[0], u[0]);
+ G1::mulGeneric(in[1], in[1], u[1]);
+ G1::add(Q, in[0], in[1]);
+ return;
+#else
+ tbl[0] = in[0]; // dummy
+ tbl[1] = in[0];
+ tbl[2] = in[1];
+ G1::add(tbl[3], in[0], in[1]);
+ tbl[3].normalize();
+ for (int i = 0; i < splitN; i++) {
+ bool b;
+ mcl::gmp::getArray(&b, w[i], maxUnit, u[i]);
+ assert(b);
+ bitTbl[i] = (int)mcl::gmp::getBitSize(u[i]);
+ maxBit = fp::max_(maxBit, bitTbl[i]);
+ }
+ assert(maxBit > 0);
+ maxBit--;
+ /*
+ maxBit = maxN * UnitBitSize + remainBit
+ 0 < remainBit <= UnitBitSize
+ */
+ maxN = maxBit / mcl::fp::UnitBitSize;
+ remainBit = maxBit % mcl::fp::UnitBitSize;
+ remainBit++;
+ Q.clear();
+ for (int i = maxN; i >= 0; i--) {
+ for (int j = remainBit - 1; j >= 0; j--) {
+ G1::dbl(Q, Q);
+ uint32_t b0 = (w[0][i] >> j) & 1;
+ uint32_t b1 = (w[1][i] >> j) & 1;
+ uint32_t c = b1 * 2 + b0;
+ if (c == 0) {
+ if (constTime) tbl[0] += tbl[1];
+ } else {
+ Q += tbl[c];
+ }
+ }
+ remainBit = (int)mcl::fp::UnitBitSize;
+ }
+#endif
+ DummyLoop:
+ if (!constTime) return;
+ const int limitBit = (int)rBitSize / splitN;
+ G1 D = tbl[0];
+ for (int i = maxBit + 1; i < limitBit; i++) {
+ G1::dbl(D, D);
+ D += tbl[0];
+ }
+ }
+};
+
+/*
+ GLV method for G2 and GT on BN/BLS12
+*/
+struct GLV2 {
+ size_t rBitSize;
+ mpz_class B[4][4];
+ mpz_class r;
+ mpz_class v[4];
+ mpz_class z;
+ mpz_class abs_z;
+ bool isBLS12;
+ GLV2() : rBitSize(0), isBLS12(false) {}
+ void init(const mpz_class& r, const mpz_class& z, bool isBLS12 = false)
+ {
+ this->r = r;
+ this->z = z;
+ this->abs_z = z < 0 ? -z : z;
+ this->isBLS12 = isBLS12;
+ rBitSize = mcl::gmp::getBitSize(r);
+ rBitSize = (rBitSize + mcl::fp::UnitBitSize - 1) & ~(mcl::fp::UnitBitSize - 1);// a little better size
+ mpz_class z2p1 = z * 2 + 1;
+ B[0][0] = z + 1;
+ B[0][1] = z;
+ B[0][2] = z;
+ B[0][3] = -2 * z;
+ B[1][0] = z2p1;
+ B[1][1] = -z;
+ B[1][2] = -(z + 1);
+ B[1][3] = -z;
+ B[2][0] = 2 * z;
+ B[2][1] = z2p1;
+ B[2][2] = z2p1;
+ B[2][3] = z2p1;
+ B[3][0] = z - 1;
+ B[3][1] = 2 * z2p1;
+ B[3][2] = -2 * z + 1;
+ B[3][3] = z - 1;
+ /*
+ v[] = [r 0 0 0] * B^(-1) = [2z^2+3z+1, 12z^3+8z^2+z, 6z^3+4z^2+z, -(2z+1)]
+ */
+ const char *zBN254 = "-4080000000000001";
+ mpz_class t;
+ bool b;
+ mcl::gmp::setStr(&b, t, zBN254, 16);
+ assert(b);
+ (void)b;
+ if (z == t) {
+ static const char *vTblBN254[] = {
+ "e00a8e7f56e007e5b09fe7fdf43ba998",
+ "-152aff56a8054abf9da75db2da3d6885101e5fd3997d41cb1",
+ "-a957fab5402a55fced3aed96d1eb44295f40f136ee84e09b",
+ "-e00a8e7f56e007e929d7b2667ea6f29c",
+ };
+ for (int i = 0; i < 4; i++) {
+ mcl::gmp::setStr(&b, v[i], vTblBN254[i], 16);
+ assert(b);
+ (void)b;
+ }
+ } else {
+ v[0] = ((1 + z * (3 + z * 2)) << rBitSize) / r;
+ v[1] = ((z * (1 + z * (8 + z * 12))) << rBitSize) / r;
+ v[2] = ((z * (1 + z * (4 + z * 6))) << rBitSize) / r;
+ v[3] = -((z * (1 + z * 2)) << rBitSize) / r;
+ }
+ }
+ /*
+ u[] = [x, 0, 0, 0] - v[] * x * B
+ */
+ void split(mpz_class u[4], const mpz_class& x) const
+ {
+ if (isBLS12) {
+ /*
+ Frob(P) = zP
+ x = u[0] + u[1] z + u[2] z^2 + u[3] z^3
+ */
+ bool isNeg = false;
+ mpz_class t = x;
+ if (t < 0) {
+ t = -t;
+ isNeg = true;
+ }
+ for (int i = 0; i < 4; i++) {
+ // t = t / abs_z, u[i] = t % abs_z
+ mcl::gmp::divmod(t, u[i], t, abs_z);
+ if (((z < 0) && (i & 1)) ^ isNeg) {
+ u[i] = -u[i];
+ }
+ }
+ return;
+ }
+ // BN
+ mpz_class t[4];
+ for (int i = 0; i < 4; i++) {
+ t[i] = (x * v[i]) >> rBitSize;
+ }
+ for (int i = 0; i < 4; i++) {
+ u[i] = (i == 0) ? x : 0;
+ for (int j = 0; j < 4; j++) {
+ u[i] -= t[j] * B[j][i];
+ }
+ }
+ }
+ template<class T>
+ void mul(T& Q, const T& P, mpz_class x, bool constTime = false) const
+ {
+#if 0 // #ifndef NDEBUG
+ {
+ T R;
+ T::mulGeneric(R, P, r);
+ assert(R.isZero());
+ }
+#endif
+ typedef mcl::fp::Unit Unit;
+ const size_t maxUnit = 512 / 2 / mcl::fp::UnitBitSize;
+ const int splitN = 4;
+ mpz_class u[splitN];
+ T in[splitN];
+ T tbl[16];
+ int bitTbl[splitN]; // bit size of u[i]
+ Unit w[splitN][maxUnit]; // unit array of u[i]
+ int maxBit = 0; // max bit of u[i]
+ int maxN = 0;
+ int remainBit = 0;
+
+ x %= r;
+ if (x == 0) {
+ Q.clear();
+ if (constTime) goto DummyLoop;
+ return;
+ }
+ if (x < 0) {
+ x += r;
+ }
+ split(u, x);
+ in[0] = P;
+ Frobenius(in[1], in[0]);
+ Frobenius(in[2], in[1]);
+ Frobenius(in[3], in[2]);
+ for (int i = 0; i < splitN; i++) {
+ if (u[i] < 0) {
+ u[i] = -u[i];
+ T::neg(in[i], in[i]);
+ }
+// in[i].normalize(); // slow
+ }
+#if 0
+ for (int i = 0; i < splitN; i++) {
+ T::mulGeneric(in[i], in[i], u[i]);
+ }
+ T::add(Q, in[0], in[1]);
+ Q += in[2];
+ Q += in[3];
+ return;
+#else
+ tbl[0] = in[0];
+ for (size_t i = 1; i < 16; i++) {
+ tbl[i].clear();
+ if (i & 1) {
+ tbl[i] += in[0];
+ }
+ if (i & 2) {
+ tbl[i] += in[1];
+ }
+ if (i & 4) {
+ tbl[i] += in[2];
+ }
+ if (i & 8) {
+ tbl[i] += in[3];
+ }
+// tbl[i].normalize();
+ }
+ for (int i = 0; i < splitN; i++) {
+ bool b;
+ mcl::gmp::getArray(&b, w[i], maxUnit, u[i]);
+ assert(b);
+ bitTbl[i] = (int)mcl::gmp::getBitSize(u[i]);
+ maxBit = fp::max_(maxBit, bitTbl[i]);
+ }
+ maxBit--;
+ /*
+ maxBit = maxN * UnitBitSize + remainBit
+ 0 < remainBit <= UnitBitSize
+ */
+ maxN = maxBit / mcl::fp::UnitBitSize;
+ remainBit = maxBit % mcl::fp::UnitBitSize;
+ remainBit++;
+ Q.clear();
+ for (int i = maxN; i >= 0; i--) {
+ for (int j = remainBit - 1; j >= 0; j--) {
+ T::dbl(Q, Q);
+ uint32_t b0 = (w[0][i] >> j) & 1;
+ uint32_t b1 = (w[1][i] >> j) & 1;
+ uint32_t b2 = (w[2][i] >> j) & 1;
+ uint32_t b3 = (w[3][i] >> j) & 1;
+ uint32_t c = b3 * 8 + b2 * 4 + b1 * 2 + b0;
+ if (c == 0) {
+ if (constTime) tbl[0] += tbl[1];
+ } else {
+ Q += tbl[c];
+ }
+ }
+ remainBit = (int)mcl::fp::UnitBitSize;
+ }
+#endif
+ DummyLoop:
+ if (!constTime) return;
+ const int limitBit = (int)rBitSize / splitN;
+ T D = tbl[0];
+ for (int i = maxBit + 1; i < limitBit; i++) {
+ T::dbl(D, D);
+ D += tbl[0];
+ }
+ }
+ void pow(Fp12& z, const Fp12& x, mpz_class y, bool constTime = false) const
+ {
+ typedef GroupMtoA<Fp12> AG; // as additive group
+ AG& _z = static_cast<AG&>(z);
+ const AG& _x = static_cast<const AG&>(x);
+ mul(_z, _x, y, constTime);
+ }
+};
+
+struct Param {
+ CurveParam cp;
+ mpz_class z;
+ mpz_class abs_z;
+ bool isNegative;
+ bool isBLS12;
+ mpz_class p;
+ mpz_class r;
+ local::MapTo mapTo;
+ local::GLV1 glv1;
+ local::GLV2 glv2;
+ // for G2 Frobenius
+ Fp2 g2;
+ Fp2 g3;
+ /*
+ Dtype twist
+ (x', y') = phi(x, y) = (x/w^2, y/w^3)
+ y^2 = x^3 + b
+ => (y'w^3)^2 = (x'w^2)^3 + b
+ => y'^2 = x'^3 + b / w^6 ; w^6 = xi
+ => y'^2 = x'^3 + twist_b;
+ */
+ Fp2 twist_b;
+ local::TwistBtype twist_b_type;
+/*
+ mpz_class exp_c0;
+ mpz_class exp_c1;
+ mpz_class exp_c2;
+ mpz_class exp_c3;
+*/
+
+ // Loop parameter for the Miller loop part of opt. ate pairing.
+ local::SignVec siTbl;
+ size_t precomputedQcoeffSize;
+ bool useNAF;
+ local::SignVec zReplTbl;
+
+ // for initG1only
+ G1 basePoint;
+
+ void init(bool *pb, const mcl::CurveParam& cp, fp::Mode mode)
+ {
+ this->cp = cp;
+ isBLS12 = cp.curveType == MCL_BLS12_381;
+ gmp::setStr(pb, z, cp.z);
+ if (!*pb) return;
+ isNegative = z < 0;
+ if (isNegative) {
+ abs_z = -z;
+ } else {
+ abs_z = z;
+ }
+ if (isBLS12) {
+ mpz_class z2 = z * z;
+ mpz_class z4 = z2 * z2;
+ r = z4 - z2 + 1;
+ p = z - 1;
+ p = p * p * r / 3 + z;
+ } else {
+ const int pCoff[] = { 1, 6, 24, 36, 36 };
+ const int rCoff[] = { 1, 6, 18, 36, 36 };
+ p = local::evalPoly(z, pCoff);
+ assert((p % 6) == 1);
+ r = local::evalPoly(z, rCoff);
+ }
+ Fr::init(pb, r, mode);
+ if (!*pb) return;
+ Fp::init(pb, cp.xi_a, p, mode);
+ if (!*pb) return;
+ Fp2::init();
+ const Fp2 xi(cp.xi_a, 1);
+ g2 = Fp2::get_gTbl()[0];
+ g3 = Fp2::get_gTbl()[3];
+ if (cp.isMtype) {
+ Fp2::inv(g2, g2);
+ Fp2::inv(g3, g3);
+ }
+ if (cp.isMtype) {
+ twist_b = Fp2(cp.b) * xi;
+ } else {
+ if (cp.b == 2 && cp.xi_a == 1) {
+ twist_b = Fp2(1, -1); // shortcut
+ } else {
+ twist_b = Fp2(cp.b) / xi;
+ }
+ }
+ if (twist_b == Fp2(1, -1)) {
+ twist_b_type = tb_1m1i;
+ } else if (twist_b == Fp2(1, -2)) {
+ twist_b_type = tb_1m2i;
+ } else {
+ twist_b_type = tb_generic;
+ }
+ G1::init(0, cp.b, mcl::ec::Proj);
+ if (isBLS12) {
+ G1::setOrder(r);
+ }
+ G2::init(0, twist_b, mcl::ec::Proj);
+ G2::setOrder(r);
+
+ const mpz_class largest_c = isBLS12 ? abs_z : gmp::abs(z * 6 + 2);
+ useNAF = gmp::getNAF(siTbl, largest_c);
+ precomputedQcoeffSize = local::getPrecomputeQcoeffSize(siTbl);
+ gmp::getNAF(zReplTbl, gmp::abs(z));
+/*
+ if (isBLS12) {
+ mpz_class z2 = z * z;
+ mpz_class z3 = z2 * z;
+ mpz_class z4 = z3 * z;
+ mpz_class z5 = z4 * z;
+ exp_c0 = z5 - 2 * z4 + 2 * z2 - z + 3;
+ exp_c1 = z4 - 2 * z3 + 2 * z - 1;
+ exp_c2 = z3 - 2 * z2 + z;
+ exp_c3 = z2 - 2 * z + 1;
+ } else {
+ exp_c0 = -2 + z * (-18 + z * (-30 - 36 * z));
+ exp_c1 = 1 + z * (-12 + z * (-18 - 36 * z));
+ exp_c2 = 6 * z * z + 1;
+ }
+*/
+ if (isBLS12) {
+ mapTo.init(0, z, cp.curveType);
+ } else {
+ mapTo.init(2 * p - r, z, cp.curveType);
+ }
+ glv1.init(r, z, isBLS12, cp.curveType);
+ glv2.init(r, z, isBLS12);
+ basePoint.clear();
+ *pb = true;
+ }
+ void initG1only(bool *pb, const mcl::EcParam& para)
+ {
+ Fp::init(pb, para.p);
+ if (!*pb) return;
+ Fr::init(pb, para.n);
+ if (!*pb) return;
+ G1::init(pb, para.a, para.b);
+ if (!*pb) return;
+ G1::setOrder(Fr::getOp().mp);
+ mapTo.init(0, 0, para.curveType);
+ Fp x0, y0;
+ x0.setStr(pb, para.gx);
+ if (!*pb) return;
+ y0.setStr(pb, para.gy);
+ basePoint.set(pb, x0, y0);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void init(const mcl::CurveParam& cp, fp::Mode mode)
+ {
+ bool b;
+ init(&b, cp, mode);
+ if (!b) throw cybozu::Exception("Param:init");
+ }
+#endif
+};
+
+template<size_t dummyImpl = 0>
+struct StaticVar {
+ static local::Param param;
+};
+
+template<size_t dummyImpl>
+local::Param StaticVar<dummyImpl>::param;
+
+} // mcl::bn::local
+
+namespace BN {
+
+static const local::Param& param = local::StaticVar<>::param;
+
+} // mcl::bn::BN
+
+namespace local {
+
+inline void mulArrayGLV1(G1& z, const G1& x, const mcl::fp::Unit *y, size_t yn, bool isNegative, bool constTime)
+{
+ mpz_class s;
+ bool b;
+ mcl::gmp::setArray(&b, s, y, yn);
+ assert(b);
+ if (isNegative) s = -s;
+ BN::param.glv1.mul(z, x, s, constTime);
+}
+inline void mulArrayGLV2(G2& z, const G2& x, const mcl::fp::Unit *y, size_t yn, bool isNegative, bool constTime)
+{
+ mpz_class s;
+ bool b;
+ mcl::gmp::setArray(&b, s, y, yn);
+ assert(b);
+ if (isNegative) s = -s;
+ BN::param.glv2.mul(z, x, s, constTime);
+}
+inline void powArrayGLV2(Fp12& z, const Fp12& x, const mcl::fp::Unit *y, size_t yn, bool isNegative, bool constTime)
+{
+ mpz_class s;
+ bool b;
+ mcl::gmp::setArray(&b, s, y, yn);
+ assert(b);
+ if (isNegative) s = -s;
+ BN::param.glv2.pow(z, x, s, constTime);
+}
+
+/*
+ Faster Squaring in the Cyclotomic Subgroup of Sixth Degree Extensions
+ Robert Granger, Michael Scott
+*/
+inline void sqrFp4(Fp2& z0, Fp2& z1, const Fp2& x0, const Fp2& x1)
+{
+#if 1
+ Fp2Dbl T0, T1, T2;
+ Fp2Dbl::sqrPre(T0, x0);
+ Fp2Dbl::sqrPre(T1, x1);
+ Fp2Dbl::mul_xi(T2, T1);
+ Fp2Dbl::add(T2, T2, T0);
+ Fp2::add(z1, x0, x1);
+ Fp2Dbl::mod(z0, T2);
+ Fp2Dbl::sqrPre(T2, z1);
+ Fp2Dbl::sub(T2, T2, T0);
+ Fp2Dbl::sub(T2, T2, T1);
+ Fp2Dbl::mod(z1, T2);
+#else
+ Fp2 t0, t1, t2;
+ Fp2::sqr(t0, x0);
+ Fp2::sqr(t1, x1);
+ Fp2::mul_xi(z0, t1);
+ z0 += t0;
+ Fp2::add(z1, x0, x1);
+ Fp2::sqr(z1, z1);
+ z1 -= t0;
+ z1 -= t1;
+#endif
+}
+
+inline void fasterSqr(Fp12& y, const Fp12& x)
+{
+#if 0
+ Fp12::sqr(y, x);
+#else
+ const Fp2& x0(x.a.a);
+ const Fp2& x4(x.a.b);
+ const Fp2& x3(x.a.c);
+ const Fp2& x2(x.b.a);
+ const Fp2& x1(x.b.b);
+ const Fp2& x5(x.b.c);
+ Fp2& y0(y.a.a);
+ Fp2& y4(y.a.b);
+ Fp2& y3(y.a.c);
+ Fp2& y2(y.b.a);
+ Fp2& y1(y.b.b);
+ Fp2& y5(y.b.c);
+ Fp2 t0, t1;
+ sqrFp4(t0, t1, x0, x1);
+ Fp2::sub(y0, t0, x0);
+ y0 += y0;
+ y0 += t0;
+ Fp2::add(y1, t1, x1);
+ y1 += y1;
+ y1 += t1;
+ Fp2 t2, t3;
+ sqrFp4(t0, t1, x2, x3);
+ sqrFp4(t2, t3, x4, x5);
+ Fp2::sub(y4, t0, x4);
+ y4 += y4;
+ y4 += t0;
+ Fp2::add(y5, t1, x5);
+ y5 += y5;
+ y5 += t1;
+ Fp2::mul_xi(t0, t3);
+ Fp2::add(y2, t0, x2);
+ y2 += y2;
+ y2 += t0;
+ Fp2::sub(y3, t2, x3);
+ y3 += y3;
+ y3 += t2;
+#endif
+}
+
+/*
+ y = x^z if z > 0
+ = unitaryInv(x^(-z)) if z < 0
+*/
+inline void pow_z(Fp12& y, const Fp12& x)
+{
+#if 1
+ if (BN::param.cp.curveType == MCL_BN254) {
+ Compress::fixed_power(y, x);
+ } else {
+ Fp12 orgX = x;
+ y = x;
+ Fp12 conj;
+ conj.a = x.a;
+ Fp6::neg(conj.b, x.b);
+ for (size_t i = 1; i < BN::param.zReplTbl.size(); i++) {
+ fasterSqr(y, y);
+ if (BN::param.zReplTbl[i] > 0) {
+ y *= orgX;
+ } else if (BN::param.zReplTbl[i] < 0) {
+ y *= conj;
+ }
+ }
+ }
+#else
+ Fp12::pow(y, x, param.abs_z);
+#endif
+ if (BN::param.isNegative) {
+ Fp12::unitaryInv(y, y);
+ }
+}
+inline void mul_twist_b(Fp2& y, const Fp2& x)
+{
+ switch (BN::param.twist_b_type) {
+ case local::tb_1m1i:
+ /*
+ b / xi = 1 - 1i
+ (a + bi)(1 - 1i) = (a + b) + (b - a)i
+ */
+ {
+ Fp t;
+ Fp::add(t, x.a, x.b);
+ Fp::sub(y.b, x.b, x.a);
+ y.a = t;
+ }
+ return;
+ case local::tb_1m2i:
+ /*
+ b / xi = 1 - 2i
+ (a + bi)(1 - 2i) = (a + 2b) + (b - 2a)i
+ */
+ {
+ Fp t;
+ Fp::sub(t, x.b, x.a);
+ t -= x.a;
+ Fp::add(y.a, x.a, x.b);
+ y.a += x.b;
+ y.b = t;
+ }
+ return;
+ case local::tb_generic:
+ Fp2::mul(y, x, BN::param.twist_b);
+ return;
+ }
+}
+
+inline void dblLineWithoutP(Fp6& l, G2& Q)
+{
+ Fp2 t0, t1, t2, t3, t4, t5;
+ Fp2Dbl T0, T1;
+ Fp2::sqr(t0, Q.z);
+ Fp2::mul(t4, Q.x, Q.y);
+ Fp2::sqr(t1, Q.y);
+ Fp2::add(t3, t0, t0);
+ Fp2::divBy2(t4, t4);
+ Fp2::add(t5, t0, t1);
+ t0 += t3;
+ mul_twist_b(t2, t0);
+ Fp2::sqr(t0, Q.x);
+ Fp2::add(t3, t2, t2);
+ t3 += t2;
+ Fp2::sub(Q.x, t1, t3);
+ t3 += t1;
+ Q.x *= t4;
+ Fp2::divBy2(t3, t3);
+ Fp2Dbl::sqrPre(T0, t3);
+ Fp2Dbl::sqrPre(T1, t2);
+ Fp2Dbl::sub(T0, T0, T1);
+ Fp2Dbl::add(T1, T1, T1);
+ Fp2Dbl::sub(T0, T0, T1);
+ Fp2::add(t3, Q.y, Q.z);
+ Fp2Dbl::mod(Q.y, T0);
+ Fp2::sqr(t3, t3);
+ t3 -= t5;
+ Fp2::mul(Q.z, t1, t3);
+ Fp2::sub(l.a, t2, t1);
+ l.c = t0;
+ l.b = t3;
+}
+inline void addLineWithoutP(Fp6& l, G2& R, const G2& Q)
+{
+ Fp2 t1, t2, t3, t4;
+ Fp2Dbl T1, T2;
+ Fp2::mul(t1, R.z, Q.x);
+ Fp2::mul(t2, R.z, Q.y);
+ Fp2::sub(t1, R.x, t1);
+ Fp2::sub(t2, R.y, t2);
+ Fp2::sqr(t3, t1);
+ Fp2::mul(R.x, t3, R.x);
+ Fp2::sqr(t4, t2);
+ t3 *= t1;
+ t4 *= R.z;
+ t4 += t3;
+ t4 -= R.x;
+ t4 -= R.x;
+ R.x -= t4;
+ Fp2Dbl::mulPre(T1, t2, R.x);
+ Fp2Dbl::mulPre(T2, t3, R.y);
+ Fp2Dbl::sub(T2, T1, T2);
+ Fp2Dbl::mod(R.y, T2);
+ Fp2::mul(R.x, t1, t4);
+ Fp2::mul(R.z, t3, R.z);
+ Fp2::neg(l.c, t2);
+ Fp2Dbl::mulPre(T1, t2, Q.x);
+ Fp2Dbl::mulPre(T2, t1, Q.y);
+ Fp2Dbl::sub(T1, T1, T2);
+ l.b = t1;
+ Fp2Dbl::mod(l.a, T1);
+}
+inline void dblLine(Fp6& l, G2& Q, const G1& P)
+{
+ dblLineWithoutP(l, Q);
+ local::updateLine(l, P);
+}
+inline void addLine(Fp6& l, G2& R, const G2& Q, const G1& P)
+{
+ addLineWithoutP(l, R, Q);
+ local::updateLine(l, P);
+}
+inline void mulFp6cb_by_G1xy(Fp6& y, const Fp6& x, const G1& P)
+{
+ assert(P.isNormalized());
+ if (&y != &x) y.a = x.a;
+ Fp2::mulFp(y.c, x.c, P.x);
+ Fp2::mulFp(y.b, x.b, P.y);
+}
+
+/*
+ x = a + bv + cv^2
+ y = (y0, y4, y2) -> (y0, 0, y2, 0, y4, 0)
+ z = xy = (a + bv + cv^2)(d + ev)
+ = (ad + ce xi) + ((a + b)(d + e) - ad - be)v + (be + cd)v^2
+*/
+inline void Fp6mul_01(Fp6& z, const Fp6& x, const Fp2& d, const Fp2& e)
+{
+ const Fp2& a = x.a;
+ const Fp2& b = x.b;
+ const Fp2& c = x.c;
+ Fp2 t0, t1;
+ Fp2Dbl AD, CE, BE, CD, T;
+ Fp2Dbl::mulPre(AD, a, d);
+ Fp2Dbl::mulPre(CE, c, e);
+ Fp2Dbl::mulPre(BE, b, e);
+ Fp2Dbl::mulPre(CD, c, d);
+ Fp2::add(t0, a, b);
+ Fp2::add(t1, d, e);
+ Fp2Dbl::mulPre(T, t0, t1);
+ T -= AD;
+ T -= BE;
+ Fp2Dbl::mod(z.b, T);
+ Fp2Dbl::mul_xi(CE, CE);
+ AD += CE;
+ Fp2Dbl::mod(z.a, AD);
+ BE += CD;
+ Fp2Dbl::mod(z.c, BE);
+}
+/*
+ input
+ z = (z0 + z1v + z2v^2) + (z3 + z4v + z5v^2)w = Z0 + Z1w
+ 0 3 4
+ x = (a, b, c) -> (b, 0, 0, c, a, 0) = X0 + X1w
+ X0 = b = (b, 0, 0)
+ X1 = c + av = (c, a, 0)
+ w^2 = v, v^3 = xi
+ output
+ z <- zx = (Z0X0 + Z1X1v) + ((Z0 + Z1)(X0 + X1) - Z0X0 - Z1X1)w
+ Z0X0 = Z0 b
+ Z1X1 = Z1 (c, a, 0)
+ (Z0 + Z1)(X0 + X1) = (Z0 + Z1) (b + c, a, 0)
+*/
+inline void mul_403(Fp12& z, const Fp6& x)
+{
+ const Fp2& a = x.a;
+ const Fp2& b = x.b;
+ const Fp2& c = x.c;
+#if 1
+ Fp6& z0 = z.a;
+ Fp6& z1 = z.b;
+ Fp6 z0x0, z1x1, t0;
+ Fp2 t1;
+ Fp2::add(t1, x.b, c);
+ Fp6::add(t0, z0, z1);
+ Fp2::mul(z0x0.a, z0.a, b);
+ Fp2::mul(z0x0.b, z0.b, b);
+ Fp2::mul(z0x0.c, z0.c, b);
+ Fp6mul_01(z1x1, z1, c, a);
+ Fp6mul_01(t0, t0, t1, a);
+ Fp6::sub(z.b, t0, z0x0);
+ z.b -= z1x1;
+ // a + bv + cv^2 = cxi + av + bv^2
+ Fp2::mul_xi(z1x1.c, z1x1.c);
+ Fp2::add(z.a.a, z0x0.a, z1x1.c);
+ Fp2::add(z.a.b, z0x0.b, z1x1.a);
+ Fp2::add(z.a.c, z0x0.c, z1x1.b);
+#else
+ Fp2& z0 = z.a.a;
+ Fp2& z1 = z.a.b;
+ Fp2& z2 = z.a.c;
+ Fp2& z3 = z.b.a;
+ Fp2& z4 = z.b.b;
+ Fp2& z5 = z.b.c;
+ Fp2Dbl Z0B, Z1B, Z2B, Z3C, Z4C, Z5C;
+ Fp2Dbl T0, T1, T2, T3, T4, T5;
+ Fp2 bc, t;
+ Fp2::addPre(bc, b, c);
+ Fp2::addPre(t, z5, z2);
+ Fp2Dbl::mulPre(T5, t, bc);
+ Fp2Dbl::mulPre(Z5C, z5, c);
+ Fp2Dbl::mulPre(Z2B, z2, b);
+ Fp2Dbl::sub(T5, T5, Z5C);
+ Fp2Dbl::sub(T5, T5, Z2B);
+ Fp2Dbl::mulPre(T0, z1, a);
+ T5 += T0;
+
+ Fp2::addPre(t, z4, z1);
+ Fp2Dbl::mulPre(T4, t, bc);
+ Fp2Dbl::mulPre(Z4C, z4, c);
+ Fp2Dbl::mulPre(Z1B, z1, b);
+ Fp2Dbl::sub(T4, T4, Z4C);
+ Fp2Dbl::sub(T4, T4, Z1B);
+ Fp2Dbl::mulPre(T0, z0, a);
+ T4 += T0;
+
+ Fp2::addPre(t, z3, z0);
+ Fp2Dbl::mulPre(T3, t, bc);
+ Fp2Dbl::mulPre(Z3C, z3, c);
+ Fp2Dbl::mulPre(Z0B, z0, b);
+ Fp2Dbl::sub(T3, T3, Z3C);
+ Fp2Dbl::sub(T3, T3, Z0B);
+ Fp2::mul_xi(t, z2);
+ Fp2Dbl::mulPre(T0, t, a);
+ T3 += T0;
+
+ Fp2Dbl::mulPre(T2, z3, a);
+ T2 += Z2B;
+ T2 += Z4C;
+
+ Fp2::mul_xi(t, z5);
+ Fp2Dbl::mulPre(T1, t, a);
+ T1 += Z1B;
+ T1 += Z3C;
+
+ Fp2Dbl::mulPre(T0, z4, a);
+ T0 += Z5C;
+ Fp2Dbl::mul_xi(T0, T0);
+ T0 += Z0B;
+
+ Fp2Dbl::mod(z0, T0);
+ Fp2Dbl::mod(z1, T1);
+ Fp2Dbl::mod(z2, T2);
+ Fp2Dbl::mod(z3, T3);
+ Fp2Dbl::mod(z4, T4);
+ Fp2Dbl::mod(z5, T5);
+#endif
+}
+/*
+ input
+ z = (z0 + z1v + z2v^2) + (z3 + z4v + z5v^2)w = Z0 + Z1w
+ 0 1 4
+ x = (a, b, c) -> (a, c, 0, 0, b, 0) = X0 + X1w
+ X0 = (a, c, 0)
+ X1 = (0, b, 0)
+ w^2 = v, v^3 = xi
+ output
+ z <- zx = (Z0X0 + Z1X1v) + ((Z0 + Z1)(X0 + X1) - Z0X0 - Z1X1)w
+ Z0X0 = Z0 (a, c, 0)
+ Z1X1 = Z1 (0, b, 0) = Z1 bv
+ (Z0 + Z1)(X0 + X1) = (Z0 + Z1) (a, b + c, 0)
+
+ (a + bv + cv^2)v = c xi + av + bv^2
+*/
+inline void mul_041(Fp12& z, const Fp6& x)
+{
+ const Fp2& a = x.a;
+ const Fp2& b = x.b;
+ const Fp2& c = x.c;
+ Fp6& z0 = z.a;
+ Fp6& z1 = z.b;
+ Fp6 z0x0, z1x1, t0;
+ Fp2 t1;
+ Fp2::mul(z1x1.a, z1.c, b);
+ Fp2::mul_xi(z1x1.a, z1x1.a);
+ Fp2::mul(z1x1.b, z1.a, b);
+ Fp2::mul(z1x1.c, z1.b, b);
+ Fp2::add(t1, x.b, c);
+ Fp6::add(t0, z0, z1);
+ Fp6mul_01(z0x0, z0, a, c);
+ Fp6mul_01(t0, t0, a, t1);
+ Fp6::sub(z.b, t0, z0x0);
+ z.b -= z1x1;
+ // a + bv + cv^2 = cxi + av + bv^2
+ Fp2::mul_xi(z1x1.c, z1x1.c);
+ Fp2::add(z.a.a, z0x0.a, z1x1.c);
+ Fp2::add(z.a.b, z0x0.b, z1x1.a);
+ Fp2::add(z.a.c, z0x0.c, z1x1.b);
+}
+inline void mulSparse(Fp12& z, const Fp6& x)
+{
+ if (BN::param.cp.isMtype) {
+ mul_041(z, x);
+ } else {
+ mul_403(z, x);
+ }
+}
+inline void convertFp6toFp12(Fp12& y, const Fp6& x)
+{
+ if (BN::param.cp.isMtype) {
+ // (a, b, c) -> (a, c, 0, 0, b, 0)
+ y.a.a = x.a;
+ y.b.b = x.b;
+ y.a.b = x.c;
+ y.a.c.clear();
+ y.b.a.clear();
+ y.b.c.clear();
+ } else {
+ // (a, b, c) -> (b, 0, 0, c, a, 0)
+ y.b.b = x.a;
+ y.a.a = x.b;
+ y.b.a = x.c;
+ y.a.b.clear();
+ y.a.c.clear();
+ y.b.c.clear();
+ }
+}
+inline void mulSparse2(Fp12& z, const Fp6& x, const Fp6& y)
+{
+ convertFp6toFp12(z, x);
+ mulSparse(z, y);
+}
+inline void mapToCyclotomic(Fp12& y, const Fp12& x)
+{
+ Fp12 z;
+ Fp12::Frobenius2(z, x); // z = x^(p^2)
+ z *= x; // x^(p^2 + 1)
+ Fp12::inv(y, z);
+ Fp6::neg(z.b, z.b); // z^(p^6) = conjugate of z
+ y *= z;
+}
+/*
+ Implementing Pairings at the 192-bit Security Level
+ D.F.Aranha, L.F.Castaneda, E.Knapp, A.Menezes, F.R.Henriquez
+ Section 4
+*/
+inline void expHardPartBLS12(Fp12& y, const Fp12& x)
+{
+#if 0
+ const mpz_class& p = param.p;
+ mpz_class p2 = p * p;
+ mpz_class p4 = p2 * p2;
+ Fp12::pow(y, x, (p4 - p2 + 1) / param.r * 3);
+ return;
+#endif
+#if 1
+ Fp12 a0, a1, a2, a3, a4, a5, a6, a7;
+ Fp12::unitaryInv(a0, x); // a0 = x^-1
+ fasterSqr(a1, a0); // x^-2
+ pow_z(a2, x); // x^z
+ fasterSqr(a3, a2); // x^2z
+ a1 *= a2; // a1 = x^(z-2)
+ pow_z(a7, a1); // a7 = x^(z^2-2z)
+ pow_z(a4, a7); // a4 = x^(z^3-2z^2)
+ pow_z(a5, a4); // a5 = x^(z^4-2z^3)
+ a3 *= a5; // a3 = x^(z^4-2z^3+2z)
+ pow_z(a6, a3); // a6 = x^(z^5-2z^4+2z^2)
+
+ Fp12::unitaryInv(a1, a1); // x^(2-z)
+ a1 *= a6; // x^(z^5-2z^4+2z^2-z+2)
+ a1 *= x; // x^(z^5-2z^4+2z^2-z+3) = x^c0
+ a3 *= a0; // x^(z^4-2z^3-1) = x^c1
+ Fp12::Frobenius(a3, a3); // x^(c1 p)
+ a1 *= a3; // x^(c0 + c1 p)
+ a4 *= a2; // x^(z^3-2z^2+z) = x^c2
+ Fp12::Frobenius2(a4, a4); // x^(c2 p^2)
+ a1 *= a4; // x^(c0 + c1 p + c2 p^2)
+ a7 *= x; // x^(z^2-2z+1) = x^c3
+ Fp12::Frobenius3(y, a7);
+ y *= a1;
+#else
+ Fp12 t1, t2, t3;
+ Fp12::Frobenius(t1, x);
+ Fp12::Frobenius(t2, t1);
+ Fp12::Frobenius(t3, t2);
+ Fp12::pow(t1, t1, param.exp_c1);
+ Fp12::pow(t2, t2, param.exp_c2);
+ Fp12::pow(t3, t3, param.exp_c3);
+ Fp12::pow(y, x, param.exp_c0);
+ y *= t1;
+ y *= t2;
+ y *= t3;
+#endif
+}
+/*
+ Faster Hashing to G2
+ Laura Fuentes-Castaneda, Edward Knapp, Francisco Rodriguez-Henriquez
+ section 4.1
+ y = x^(d 2z(6z^2 + 3z + 1)) where
+ p = p(z) = 36z^4 + 36z^3 + 24z^2 + 6z + 1
+ r = r(z) = 36z^4 + 36z^3 + 18z^2 + 6z + 1
+ d = (p^4 - p^2 + 1) / r
+ d1 = d 2z(6z^2 + 3z + 1)
+ = c0 + c1 p + c2 p^2 + c3 p^3
+
+ c0 = 1 + 6z + 12z^2 + 12z^3
+ c1 = 4z + 6z^2 + 12z^3
+ c2 = 6z + 6z^2 + 12z^3
+ c3 = -1 + 4z + 6z^2 + 12z^3
+ x -> x^z -> x^2z -> x^4z -> x^6z -> x^(6z^2) -> x^(12z^2) -> x^(12z^3)
+ a = x^(6z) x^(6z^2) x^(12z^3)
+ b = a / (x^2z)
+ x^d1 = (a x^(6z^2) x) b^p a^(p^2) (b / x)^(p^3)
+*/
+inline void expHardPartBN(Fp12& y, const Fp12& x)
+{
+#if 0
+ const mpz_class& p = param.p;
+ mpz_class p2 = p * p;
+ mpz_class p4 = p2 * p2;
+ Fp12::pow(y, x, (p4 - p2 + 1) / param.r);
+ return;
+#endif
+#if 1
+ Fp12 a, b;
+ Fp12 a2, a3;
+ pow_z(b, x); // x^z
+ fasterSqr(b, b); // x^2z
+ fasterSqr(a, b); // x^4z
+ a *= b; // x^6z
+ pow_z(a2, a); // x^(6z^2)
+ a *= a2;
+ fasterSqr(a3, a2); // x^(12z^2)
+ pow_z(a3, a3); // x^(12z^3)
+ a *= a3;
+ Fp12::unitaryInv(b, b);
+ b *= a;
+ a2 *= a;
+ Fp12::Frobenius2(a, a);
+ a *= a2;
+ a *= x;
+ Fp12::unitaryInv(y, x);
+ y *= b;
+ Fp12::Frobenius(b, b);
+ a *= b;
+ Fp12::Frobenius3(y, y);
+ y *= a;
+#else
+ Fp12 t1, t2, t3;
+ Fp12::Frobenius(t1, x);
+ Fp12::Frobenius(t2, t1);
+ Fp12::Frobenius(t3, t2);
+ Fp12::pow(t1, t1, param.exp_c1);
+ Fp12::pow(t2, t2, param.exp_c2);
+ Fp12::pow(y, x, param.exp_c0);
+ y *= t1;
+ y *= t2;
+ y *= t3;
+#endif
+}
+/*
+ remark : returned value is NOT on a curve
+*/
+inline G1 makeAdjP(const G1& P)
+{
+ G1 adjP;
+ Fp::add(adjP.x, P.x, P.x);
+ adjP.x += P.x;
+ Fp::neg(adjP.y, P.y);
+ adjP.z = 1;
+ return adjP;
+}
+
+} // mcl::bn::local
+
+/*
+ y = x^((p^12 - 1) / r)
+ (p^12 - 1) / r = (p^2 + 1) (p^6 - 1) (p^4 - p^2 + 1)/r
+ (a + bw)^(p^6) = a - bw in Fp12
+ (p^4 - p^2 + 1)/r = c0 + c1 p + c2 p^2 + p^3
+*/
+inline void finalExp(Fp12& y, const Fp12& x)
+{
+#if 1
+ mapToCyclotomic(y, x);
+#else
+ const mpz_class& p = param.p;
+ mpz_class p2 = p * p;
+ mpz_class p4 = p2 * p2;
+ Fp12::pow(y, x, p2 + 1);
+ Fp12::pow(y, y, p4 * p2 - 1);
+#endif
+ if (BN::param.isBLS12) {
+ expHardPartBLS12(y, y);
+ } else {
+ expHardPartBN(y, y);
+ }
+}
+inline void millerLoop(Fp12& f, const G1& P_, const G2& Q_)
+{
+ G1 P(P_);
+ G2 Q(Q_);
+ P.normalize();
+ Q.normalize();
+ if (Q.isZero()) {
+ f = 1;
+ return;
+ }
+ assert(BN::param.siTbl[1] == 1);
+ G2 T = Q;
+ G2 negQ;
+ if (BN::param.useNAF) {
+ G2::neg(negQ, Q);
+ }
+ Fp6 d, e, l;
+ d = e = l = 1;
+ G1 adjP = makeAdjP(P);
+ dblLine(d, T, adjP);
+ addLine(l, T, Q, P);
+ mulSparse2(f, d, l);
+ for (size_t i = 2; i < BN::param.siTbl.size(); i++) {
+ dblLine(l, T, adjP);
+ Fp12::sqr(f, f);
+ mulSparse(f, l);
+ if (BN::param.siTbl[i]) {
+ if (BN::param.siTbl[i] > 0) {
+ addLine(l, T, Q, P);
+ } else {
+ addLine(l, T, negQ, P);
+ }
+ mulSparse(f, l);
+ }
+ }
+ if (BN::param.z < 0) {
+ G2::neg(T, T);
+ Fp6::neg(f.b, f.b);
+ }
+ if (BN::param.isBLS12) return;
+ G2 Q1, Q2;
+ Frobenius(Q1, Q);
+ Frobenius(Q2, Q1);
+ G2::neg(Q2, Q2);
+ addLine(d, T, Q1, P);
+ addLine(e, T, Q2, P);
+ Fp12 ft;
+ mulSparse2(ft, d, e);
+ f *= ft;
+}
+inline void pairing(Fp12& f, const G1& P, const G2& Q)
+{
+ millerLoop(f, P, Q);
+ finalExp(f, f);
+}
+/*
+ allocate param.precomputedQcoeffSize elements of Fp6 for Qcoeff
+*/
+inline void precomputeG2(Fp6 *Qcoeff, const G2& Q_)
+{
+ size_t idx = 0;
+ G2 Q(Q_);
+ Q.normalize();
+ if (Q.isZero()) {
+ for (size_t i = 0; i < BN::param.precomputedQcoeffSize; i++) {
+ Qcoeff[i] = 1;
+ }
+ return;
+ }
+ G2 T = Q;
+ G2 negQ;
+ if (BN::param.useNAF) {
+ G2::neg(negQ, Q);
+ }
+ assert(BN::param.siTbl[1] == 1);
+ dblLineWithoutP(Qcoeff[idx++], T);
+ addLineWithoutP(Qcoeff[idx++], T, Q);
+ for (size_t i = 2; i < BN::param.siTbl.size(); i++) {
+ dblLineWithoutP(Qcoeff[idx++], T);
+ if (BN::param.siTbl[i]) {
+ if (BN::param.siTbl[i] > 0) {
+ addLineWithoutP(Qcoeff[idx++], T, Q);
+ } else {
+ addLineWithoutP(Qcoeff[idx++], T, negQ);
+ }
+ }
+ }
+ if (BN::param.z < 0) {
+ G2::neg(T, T);
+ }
+ if (BN::param.isBLS12) return;
+ G2 Q1, Q2;
+ Frobenius(Q1, Q);
+ Frobenius(Q2, Q1);
+ G2::neg(Q2, Q2);
+ addLineWithoutP(Qcoeff[idx++], T, Q1);
+ addLineWithoutP(Qcoeff[idx++], T, Q2);
+ assert(idx == BN::param.precomputedQcoeffSize);
+}
+/*
+ millerLoop(e, P, Q) is same as the following
+ std::vector<Fp6> Qcoeff;
+ precomputeG2(Qcoeff, Q);
+ precomputedMillerLoop(e, P, Qcoeff);
+*/
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void precomputeG2(std::vector<Fp6>& Qcoeff, const G2& Q)
+{
+ Qcoeff.resize(BN::param.precomputedQcoeffSize);
+ precomputeG2(Qcoeff.data(), Q);
+}
+#endif
+template<class Array>
+void precomputeG2(bool *pb, Array& Qcoeff, const G2& Q)
+{
+ *pb = Qcoeff.resize(BN::param.precomputedQcoeffSize);
+ if (!*pb) return;
+ precomputeG2(Qcoeff.data(), Q);
+}
+
+inline void precomputedMillerLoop(Fp12& f, const G1& P_, const Fp6* Qcoeff)
+{
+ G1 P(P_);
+ P.normalize();
+ G1 adjP = makeAdjP(P);
+ size_t idx = 0;
+ Fp6 d, e, l;
+ mulFp6cb_by_G1xy(d, Qcoeff[idx], adjP);
+ idx++;
+
+ mulFp6cb_by_G1xy(e, Qcoeff[idx], P);
+ idx++;
+ mulSparse2(f, d, e);
+ for (size_t i = 2; i < BN::param.siTbl.size(); i++) {
+ mulFp6cb_by_G1xy(l, Qcoeff[idx], adjP);
+ idx++;
+ Fp12::sqr(f, f);
+ mulSparse(f, l);
+ if (BN::param.siTbl[i]) {
+ mulFp6cb_by_G1xy(l, Qcoeff[idx], P);
+ idx++;
+ mulSparse(f, l);
+ }
+ }
+ if (BN::param.z < 0) {
+ Fp6::neg(f.b, f.b);
+ }
+ if (BN::param.isBLS12) return;
+ mulFp6cb_by_G1xy(d, Qcoeff[idx], P);
+ idx++;
+ mulFp6cb_by_G1xy(e, Qcoeff[idx], P);
+ idx++;
+ Fp12 ft;
+ mulSparse2(ft, d, e);
+ f *= ft;
+}
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void precomputedMillerLoop(Fp12& f, const G1& P, const std::vector<Fp6>& Qcoeff)
+{
+ precomputedMillerLoop(f, P, Qcoeff.data());
+}
+#endif
+/*
+ f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2)
+ Q2coeff : precomputed Q2
+*/
+inline void precomputedMillerLoop2mixed(Fp12& f, const G1& P1_, const G2& Q1_, const G1& P2_, const Fp6* Q2coeff)
+{
+ G1 P1(P1_), P2(P2_);
+ G2 Q1(Q1_);
+ P1.normalize();
+ P2.normalize();
+ Q1.normalize();
+ if (Q1.isZero()) {
+ precomputedMillerLoop(f, P2_, Q2coeff);
+ return;
+ }
+ G2 T = Q1;
+ G2 negQ1;
+ if (BN::param.useNAF) {
+ G2::neg(negQ1, Q1);
+ }
+ G1 adjP1 = makeAdjP(P1);
+ G1 adjP2 = makeAdjP(P2);
+ size_t idx = 0;
+ Fp6 d1, d2, e1, e2, l1, l2;
+ dblLine(d1, T, adjP1);
+ mulFp6cb_by_G1xy(d2, Q2coeff[idx], adjP2);
+ idx++;
+
+ Fp12 f1, f2;
+ e1 = 1;
+ addLine(e1, T, Q1, P1);
+ mulSparse2(f1, d1, e1);
+
+ mulFp6cb_by_G1xy(e2, Q2coeff[idx], P2);
+ mulSparse2(f2, d2, e2);
+ Fp12::mul(f, f1, f2);
+ idx++;
+ for (size_t i = 2; i < BN::param.siTbl.size(); i++) {
+ dblLine(l1, T, adjP1);
+ mulFp6cb_by_G1xy(l2, Q2coeff[idx], adjP2);
+ idx++;
+ Fp12::sqr(f, f);
+ mulSparse2(f1, l1, l2);
+ f *= f1;
+ if (BN::param.siTbl[i]) {
+ if (BN::param.siTbl[i] > 0) {
+ addLine(l1, T, Q1, P1);
+ } else {
+ addLine(l1, T, negQ1, P1);
+ }
+ mulFp6cb_by_G1xy(l2, Q2coeff[idx], P2);
+ idx++;
+ mulSparse2(f1, l1, l2);
+ f *= f1;
+ }
+ }
+ if (BN::param.z < 0) {
+ G2::neg(T, T);
+ Fp6::neg(f.b, f.b);
+ }
+ if (BN::param.isBLS12) return;
+ G2 Q11, Q12;
+ Frobenius(Q11, Q1);
+ Frobenius(Q12, Q11);
+ G2::neg(Q12, Q12);
+ addLine(d1, T, Q11, P1);
+ mulFp6cb_by_G1xy(d2, Q2coeff[idx], P2);
+ idx++;
+ addLine(e1, T, Q12, P1);
+ mulFp6cb_by_G1xy(e2, Q2coeff[idx], P2);
+ idx++;
+ mulSparse2(f1, d1, e1);
+ mulSparse2(f2, d2, e2);
+ f *= f1;
+ f *= f2;
+}
+/*
+ f = MillerLoop(P1, Q1) x MillerLoop(P2, Q2)
+ Q1coeff, Q2coeff : precomputed Q1, Q2
+*/
+inline void precomputedMillerLoop2(Fp12& f, const G1& P1_, const Fp6* Q1coeff, const G1& P2_, const Fp6* Q2coeff)
+{
+ G1 P1(P1_), P2(P2_);
+ P1.normalize();
+ P2.normalize();
+ G1 adjP1 = makeAdjP(P1);
+ G1 adjP2 = makeAdjP(P2);
+ size_t idx = 0;
+ Fp6 d1, d2, e1, e2, l1, l2;
+ mulFp6cb_by_G1xy(d1, Q1coeff[idx], adjP1);
+ mulFp6cb_by_G1xy(d2, Q2coeff[idx], adjP2);
+ idx++;
+
+ Fp12 f1, f2;
+ mulFp6cb_by_G1xy(e1, Q1coeff[idx], P1);
+ mulSparse2(f1, d1, e1);
+
+ mulFp6cb_by_G1xy(e2, Q2coeff[idx], P2);
+ mulSparse2(f2, d2, e2);
+ Fp12::mul(f, f1, f2);
+ idx++;
+ for (size_t i = 2; i < BN::param.siTbl.size(); i++) {
+ mulFp6cb_by_G1xy(l1, Q1coeff[idx], adjP1);
+ mulFp6cb_by_G1xy(l2, Q2coeff[idx], adjP2);
+ idx++;
+ Fp12::sqr(f, f);
+ mulSparse2(f1, l1, l2);
+ f *= f1;
+ if (BN::param.siTbl[i]) {
+ mulFp6cb_by_G1xy(l1, Q1coeff[idx], P1);
+ mulFp6cb_by_G1xy(l2, Q2coeff[idx], P2);
+ idx++;
+ mulSparse2(f1, l1, l2);
+ f *= f1;
+ }
+ }
+ if (BN::param.z < 0) {
+ Fp6::neg(f.b, f.b);
+ }
+ if (BN::param.isBLS12) return;
+ mulFp6cb_by_G1xy(d1, Q1coeff[idx], P1);
+ mulFp6cb_by_G1xy(d2, Q2coeff[idx], P2);
+ idx++;
+ mulFp6cb_by_G1xy(e1, Q1coeff[idx], P1);
+ mulFp6cb_by_G1xy(e2, Q2coeff[idx], P2);
+ idx++;
+ mulSparse2(f1, d1, e1);
+ mulSparse2(f2, d2, e2);
+ f *= f1;
+ f *= f2;
+}
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void precomputedMillerLoop2(Fp12& f, const G1& P1, const std::vector<Fp6>& Q1coeff, const G1& P2, const std::vector<Fp6>& Q2coeff)
+{
+ precomputedMillerLoop2(f, P1, Q1coeff.data(), P2, Q2coeff.data());
+}
+inline void precomputedMillerLoop2mixed(Fp12& f, const G1& P1, const G2& Q1, const G1& P2, const std::vector<Fp6>& Q2coeff)
+{
+ precomputedMillerLoop2mixed(f, P1, Q1, P2, Q2coeff.data());
+}
+#endif
+inline void mapToG1(bool *pb, G1& P, const Fp& x) { *pb = BN::param.mapTo.calcG1(P, x); }
+inline void mapToG2(bool *pb, G2& P, const Fp2& x) { *pb = BN::param.mapTo.calcG2(P, x); }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void mapToG1(G1& P, const Fp& x)
+{
+ bool b;
+ mapToG1(&b, P, x);
+ if (!b) throw cybozu::Exception("mapToG1:bad value") << x;
+}
+inline void mapToG2(G2& P, const Fp2& x)
+{
+ bool b;
+ mapToG2(&b, P, x);
+ if (!b) throw cybozu::Exception("mapToG2:bad value") << x;
+}
+#endif
+inline void hashAndMapToG1(G1& P, const void *buf, size_t bufSize)
+{
+ Fp t;
+ t.setHashOf(buf, bufSize);
+ bool b;
+ mapToG1(&b, P, t);
+ // It will not happen that the hashed value is equal to special value
+ assert(b);
+ (void)b;
+}
+inline void hashAndMapToG2(G2& P, const void *buf, size_t bufSize)
+{
+ Fp2 t;
+ t.a.setHashOf(buf, bufSize);
+ t.b.clear();
+ bool b;
+ mapToG2(&b, P, t);
+ // It will not happen that the hashed value is equal to special value
+ assert(b);
+ (void)b;
+}
+#ifndef CYBOZU_DONT_USE_STRING
+inline void hashAndMapToG1(G1& P, const std::string& str)
+{
+ hashAndMapToG1(P, str.c_str(), str.size());
+}
+inline void hashAndMapToG2(G2& P, const std::string& str)
+{
+ hashAndMapToG2(P, str.c_str(), str.size());
+}
+#endif
+inline void verifyOrderG1(bool doVerify)
+{
+ if (BN::param.isBLS12) {
+ G1::setOrder(doVerify ? BN::param.r : 0);
+ }
+}
+inline void verifyOrderG2(bool doVerify)
+{
+ G2::setOrder(doVerify ? BN::param.r : 0);
+}
+
+// backward compatibility
+using mcl::CurveParam;
+static const CurveParam& CurveFp254BNb = BN254;
+static const CurveParam& CurveFp382_1 = BN381_1;
+static const CurveParam& CurveFp382_2 = BN381_2;
+static const CurveParam& CurveFp462 = BN462;
+static const CurveParam& CurveSNARK1 = BN_SNARK1;
+
+/*
+ FrobeniusOnTwist for Dtype
+ p mod 6 = 1, w^6 = xi
+ Frob(x', y') = phi Frob phi^-1(x', y')
+ = phi Frob (x' w^2, y' w^3)
+ = phi (x'^p w^2p, y'^p w^3p)
+ = (F(x') w^2(p - 1), F(y') w^3(p - 1))
+ = (F(x') g^2, F(y') g^3)
+
+ FrobeniusOnTwist for Dtype
+ use (1/g) instead of g
+*/
+inline void Frobenius(G2& D, const G2& S)
+{
+ Fp2::Frobenius(D.x, S.x);
+ Fp2::Frobenius(D.y, S.y);
+ Fp2::Frobenius(D.z, S.z);
+ D.x *= BN::param.g2;
+ D.y *= BN::param.g3;
+}
+inline void Frobenius2(G2& D, const G2& S)
+{
+ Frobenius(D, S);
+ Frobenius(D, D);
+}
+inline void Frobenius3(G2& D, const G2& S)
+{
+ Frobenius(D, S);
+ Frobenius(D, D);
+ Frobenius(D, D);
+}
+
+namespace BN {
+
+using namespace mcl::bn; // backward compatibility
+
+inline void init(bool *pb, const mcl::CurveParam& cp = mcl::BN254, fp::Mode mode = fp::FP_AUTO)
+{
+ local::StaticVar<>::param.init(pb, cp, mode);
+ if (!*pb) return;
+ G1::setMulArrayGLV(local::mulArrayGLV1);
+ G2::setMulArrayGLV(local::mulArrayGLV2);
+ Fp12::setPowArrayGLV(local::powArrayGLV2);
+ G1::setCompressedExpression();
+ G2::setCompressedExpression();
+ *pb = true;
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void init(const mcl::CurveParam& cp = mcl::BN254, fp::Mode mode = fp::FP_AUTO)
+{
+ bool b;
+ init(&b, cp, mode);
+ if (!b) throw cybozu::Exception("BN:init");
+}
+#endif
+
+} // mcl::bn::BN
+
+inline void initPairing(bool *pb, const mcl::CurveParam& cp = mcl::BN254, fp::Mode mode = fp::FP_AUTO)
+{
+ BN::init(pb, cp, mode);
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void initPairing(const mcl::CurveParam& cp = mcl::BN254, fp::Mode mode = fp::FP_AUTO)
+{
+ bool b;
+ BN::init(&b, cp, mode);
+ if (!b) throw cybozu::Exception("bn:initPairing");
+}
+#endif
+
+inline void initG1only(bool *pb, const mcl::EcParam& para)
+{
+ local::StaticVar<>::param.initG1only(pb, para);
+ if (!*pb) return;
+ G1::setMulArrayGLV(0);
+ G2::setMulArrayGLV(0);
+ Fp12::setPowArrayGLV(0);
+ G1::setCompressedExpression();
+ G2::setCompressedExpression();
+}
+
+inline const G1& getG1basePoint()
+{
+ return local::StaticVar<>::param.basePoint;
+}
+
+} } // mcl::bn
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bn256.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn256.hpp
new file mode 100644
index 000000000..7a5da7a05
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn256.hpp
@@ -0,0 +1,15 @@
+#pragma once
+/**
+ @file
+ @brief preset class for 256-bit optimal ate pairing over BN curves
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#define MCL_MAX_FP_BIT_SIZE 256
+#include <mcl/bn.hpp>
+
+namespace mcl { namespace bn256 {
+using namespace mcl::bn;
+} }
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bn384.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn384.hpp
new file mode 100644
index 000000000..8aa14fe5c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn384.hpp
@@ -0,0 +1,15 @@
+#pragma once
+/**
+ @file
+ @brief preset class for 384-bit optimal ate pairing over BN curves
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#define MCL_MAX_FP_BIT_SIZE 384
+#include <mcl/bn.hpp>
+// #define MCL_MAX_FR_BIT_SIZE 256 // can set if BLS12_381
+
+namespace mcl { namespace bn384 {
+using namespace mcl::bn;
+} }
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/bn512.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn512.hpp
new file mode 100644
index 000000000..c87ad9035
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/bn512.hpp
@@ -0,0 +1,14 @@
+#pragma once
+/**
+ @file
+ @brief preset class for 512-bit optimal ate pairing over BN curves
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#define MCL_MAX_FP_BIT_SIZE 512
+#include <mcl/bn.hpp>
+
+namespace mcl { namespace bn512 {
+using namespace mcl::bn;
+} }
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/conversion.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/conversion.hpp
new file mode 100644
index 000000000..7a04b7fa2
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/conversion.hpp
@@ -0,0 +1,495 @@
+#pragma once
+#include <cybozu/itoa.hpp>
+#include <cybozu/stream.hpp>
+/**
+ @file
+ @brief convertion bin/dec/hex <=> array
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4127)
+#endif
+
+namespace mcl { namespace fp {
+
+namespace local {
+
+inline bool isSpace(char c)
+{
+ return c == ' ' || c == '\t' || c == '\r' || c == '\n';
+}
+template<class InputStream>
+bool skipSpace(char *c, InputStream& is)
+{
+ for (;;) {
+ if (!cybozu::readChar(c, is)) return false;
+ if (!isSpace(*c)) return true;
+ }
+}
+
+#ifndef CYBOZU_DONT_USE_STRING
+template<class InputStream>
+void loadWord(std::string& s, InputStream& is)
+{
+ s.clear();
+ char c;
+ if (!skipSpace(&c, is)) return;
+ s = c;
+ for (;;) {
+ if (!cybozu::readChar(&c, is)) return;
+ if (isSpace(c)) break;
+ s += c;
+ }
+}
+#endif
+
+template<class InputStream>
+size_t loadWord(char *buf, size_t bufSize, InputStream& is)
+{
+ if (bufSize == 0) return 0;
+ char c;
+ if (!skipSpace(&c, is)) return 0;
+ size_t pos = 0;
+ buf[pos++] = c;
+ for (;;) {
+ if (!cybozu::readChar(&c, is)) break;
+ if (isSpace(c)) break;
+ if (pos == bufSize) return 0;
+ buf[pos++] = c;
+ }
+ return pos;
+}
+
+
+/*
+ q = x[] / x
+ @retval r = x[] % x
+ @note accept q == x
+*/
+inline uint32_t divU32(uint32_t *q, const uint32_t *x, size_t xn, uint32_t y)
+{
+ if (xn == 0) return 0;
+ uint32_t r = 0;
+ for (int i = (int)xn - 1; i >= 0; i--) {
+ uint64_t t = (uint64_t(r) << 32) | x[i];
+ q[i] = uint32_t(t / y);
+ r = uint32_t(t % y);
+ }
+ return r;
+}
+
+/*
+ z[0, xn) = x[0, xn) * y
+ return z[xn]
+ @note accept z == x
+*/
+inline uint32_t mulU32(uint32_t *z, const uint32_t *x, size_t xn, uint32_t y)
+{
+ uint32_t H = 0;
+ for (size_t i = 0; i < xn; i++) {
+ uint32_t t = H;
+ uint64_t v = uint64_t(x[i]) * y;
+ uint32_t L = uint32_t(v);
+ H = uint32_t(v >> 32);
+ z[i] = t + L;
+ if (z[i] < t) {
+ H++;
+ }
+ }
+ return H;
+}
+
+/*
+ x[0, xn) += y
+ return 1 if overflow else 0
+*/
+inline uint32_t addU32(uint32_t *x, size_t xn, uint32_t y)
+{
+ uint32_t t = x[0] + y;
+ x[0] = t;
+ if (t >= y) return 0;
+ for (size_t i = 1; i < xn; i++) {
+ t = x[i] + 1;
+ x[i] = t;
+ if (t != 0) return 0;
+ }
+ return 1;
+}
+
+inline uint32_t decToU32(const char *p, size_t size, bool *pb)
+{
+ assert(0 < size && size <= 9);
+ uint32_t x = 0;
+ for (size_t i = 0; i < size; i++) {
+ char c = p[i];
+ if (c < '0' || c > '9') {
+ *pb = false;
+ return 0;
+ }
+ x = x * 10 + uint32_t(c - '0');
+ }
+ *pb = true;
+ return x;
+}
+
+inline bool hexCharToUint8(uint8_t *v, char _c)
+{
+ uint32_t c = uint8_t(_c); // cast is necessary
+ if (c - '0' <= '9' - '0') {
+ c = c - '0';
+ } else if (c - 'a' <= 'f' - 'a') {
+ c = (c - 'a') + 10;
+ } else if (c - 'A' <= 'F' - 'A') {
+ c = (c - 'A') + 10;
+ } else {
+ return false;
+ }
+ *v = uint8_t(c);
+ return true;
+}
+
+template<class UT>
+bool hexToUint(UT *px, const char *p, size_t size)
+{
+ assert(0 < size && size <= sizeof(UT) * 2);
+ UT x = 0;
+ for (size_t i = 0; i < size; i++) {
+ uint8_t v;
+ if (!hexCharToUint8(&v, p[i])) return false;
+ x = x * 16 + v;
+ }
+ *px = x;
+ return true;
+}
+
+template<class UT>
+bool binToUint(UT *px, const char *p, size_t size)
+{
+ assert(0 < size && size <= sizeof(UT) * 8);
+ UT x = 0;
+ for (size_t i = 0; i < size; i++) {
+ UT c = static_cast<uint8_t>(p[i]);
+ if (c == '0') {
+ x = x * 2;
+ } else if (c == '1') {
+ x = x * 2 + 1;
+ } else {
+ return false;
+ }
+ }
+ *px = x;
+ return true;
+}
+
+inline bool parsePrefix(size_t *readSize, bool *isMinus, int *base, const char *buf, size_t bufSize)
+{
+ if (bufSize == 0) return false;
+ size_t pos = 0;
+ if (*buf == '-') {
+ if (bufSize == 1) return false;
+ *isMinus = true;
+ buf++;
+ pos++;
+ } else {
+ *isMinus = false;
+ }
+ if (buf[0] == '0') {
+ if (bufSize > 1 && buf[1] == 'x') {
+ if (*base == 0 || *base == 16) {
+ *base = 16;
+ pos += 2;
+ } else {
+ return false;
+ }
+ } else if (bufSize > 1 && buf[1] == 'b') {
+ if (*base == 0 || *base == 2) {
+ *base = 2;
+ pos += 2;
+ } else {
+ return false;
+ }
+ }
+ }
+ if (*base == 0) *base = 10;
+ if (pos == bufSize) return false;
+ *readSize = pos;
+ return true;
+}
+
+} // mcl::fp::local
+
+/*
+ convert little endian x[0, xn) to buf
+ return written size if success else 0
+ data is buf[bufSize - retval, bufSize)
+ start "0x" if withPrefix
+*/
+template<class T>
+size_t arrayToHex(char *buf, size_t bufSize, const T *x, size_t n, bool withPrefix = false)
+{
+ size_t fullN = 0;
+ if (n > 1) {
+ size_t pos = n - 1;
+ while (pos > 0) {
+ if (x[pos]) break;
+ pos--;
+ }
+ if (pos > 0) fullN = pos;
+ }
+ const T v = n == 0 ? 0 : x[fullN];
+ const size_t topLen = cybozu::getHexLength(v);
+ const size_t startPos = withPrefix ? 2 : 0;
+ const size_t lenT = sizeof(T) * 2;
+ const size_t totalSize = startPos + fullN * lenT + topLen;
+ if (totalSize > bufSize) return 0;
+ char *const top = buf + bufSize - totalSize;
+ if (withPrefix) {
+ top[0] = '0';
+ top[1] = 'x';
+ }
+ cybozu::itohex(&top[startPos], topLen, v, false);
+ for (size_t i = 0; i < fullN; i++) {
+ cybozu::itohex(&top[startPos + topLen + i * lenT], lenT, x[fullN - 1 - i], false);
+ }
+ return totalSize;
+}
+
+/*
+ convert little endian x[0, xn) to buf
+ return written size if success else 0
+ data is buf[bufSize - retval, bufSize)
+ start "0b" if withPrefix
+*/
+template<class T>
+size_t arrayToBin(char *buf, size_t bufSize, const T *x, size_t n, bool withPrefix)
+{
+ size_t fullN = 0;
+ if (n > 1) {
+ size_t pos = n - 1;
+ while (pos > 0) {
+ if (x[pos]) break;
+ pos--;
+ }
+ if (pos > 0) fullN = pos;
+ }
+ const T v = n == 0 ? 0 : x[fullN];
+ const size_t topLen = cybozu::getBinLength(v);
+ const size_t startPos = withPrefix ? 2 : 0;
+ const size_t lenT = sizeof(T) * 8;
+ const size_t totalSize = startPos + fullN * lenT + topLen;
+ if (totalSize > bufSize) return 0;
+ char *const top = buf + bufSize - totalSize;
+ if (withPrefix) {
+ top[0] = '0';
+ top[1] = 'b';
+ }
+ cybozu::itobin(&top[startPos], topLen, v);
+ for (size_t i = 0; i < fullN; i++) {
+ cybozu::itobin(&top[startPos + topLen + i * lenT], lenT, x[fullN - 1 - i]);
+ }
+ return totalSize;
+}
+
+/*
+ convert hex string to x[0..xn)
+ hex string = [0-9a-fA-F]+
+*/
+template<class UT>
+inline size_t hexToArray(UT *x, size_t maxN, const char *buf, size_t bufSize)
+{
+ if (bufSize == 0) return 0;
+ const size_t unitLen = sizeof(UT) * 2;
+ const size_t q = bufSize / unitLen;
+ const size_t r = bufSize % unitLen;
+ const size_t requireSize = q + (r ? 1 : 0);
+ if (maxN < requireSize) return 0;
+ for (size_t i = 0; i < q; i++) {
+ if (!local::hexToUint(&x[i], &buf[r + (q - 1 - i) * unitLen], unitLen)) return 0;
+ }
+ if (r) {
+ if (!local::hexToUint(&x[q], buf, r)) return 0;
+ }
+ return requireSize;
+}
+/*
+ convert bin string to x[0..xn)
+ bin string = [01]+
+*/
+template<class UT>
+inline size_t binToArray(UT *x, size_t maxN, const char *buf, size_t bufSize)
+{
+ if (bufSize == 0) return 0;
+ const size_t unitLen = sizeof(UT) * 8;
+ const size_t q = bufSize / unitLen;
+ const size_t r = bufSize % unitLen;
+ const size_t requireSize = q + (r ? 1 : 0);
+ if (maxN < requireSize) return 0;
+ for (size_t i = 0; i < q; i++) {
+ if (!local::binToUint(&x[i], &buf[r + (q - 1 - i) * unitLen], unitLen)) return 0;
+ }
+ if (r) {
+ if (!local::binToUint(&x[q], buf, r)) return 0;
+ }
+ return requireSize;
+}
+
+/*
+ little endian x[0, xn) to buf
+ return written size if success else 0
+ data is buf[bufSize - retval, bufSize)
+*/
+template<class UT>
+inline size_t arrayToDec(char *buf, size_t bufSize, const UT *x, size_t xn)
+{
+ const size_t maxN = 64;
+ uint32_t t[maxN];
+ if (sizeof(UT) == 8) {
+ xn *= 2;
+ }
+ if (xn > maxN) return 0;
+ memcpy(t, x, xn * sizeof(t[0]));
+
+ const size_t width = 9;
+ const uint32_t i1e9 = 1000000000U;
+ size_t pos = 0;
+ for (;;) {
+ uint32_t r = local::divU32(t, t, xn, i1e9);
+ while (xn > 0 && t[xn - 1] == 0) xn--;
+ size_t len = cybozu::itoa_local::uintToDec(buf, bufSize - pos, r);
+ if (len == 0) return 0;
+ assert(0 < len && len <= width);
+ if (xn == 0) return pos + len;
+ // fill (width - len) '0'
+ for (size_t j = 0; j < width - len; j++) {
+ buf[bufSize - pos - width + j] = '0';
+ }
+ pos += width;
+ }
+}
+
+/*
+ convert buf[0, bufSize) to x[0, num)
+ return written num if success else 0
+*/
+template<class UT>
+inline size_t decToArray(UT *_x, size_t maxN, const char *buf, size_t bufSize)
+{
+ assert(sizeof(UT) == 4 || sizeof(UT) == 8);
+ const size_t width = 9;
+ const uint32_t i1e9 = 1000000000U;
+ if (maxN == 0) return 0;
+ if (sizeof(UT) == 8) {
+ maxN *= 2;
+ }
+ uint32_t *x = reinterpret_cast<uint32_t*>(_x);
+ size_t xn = 1;
+ x[0] = 0;
+ while (bufSize > 0) {
+ size_t n = bufSize % width;
+ if (n == 0) n = width;
+ bool b;
+ uint32_t v = local::decToU32(buf, n, &b);
+ if (!b) return 0;
+ uint32_t H = local::mulU32(x, x, xn, i1e9);
+ if (H > 0) {
+ if (xn == maxN) return 0;
+ x[xn++] = H;
+ }
+ H = local::addU32(x, xn, v);
+ if (H > 0) {
+ if (xn == maxN) return 0;
+ x[xn++] = H;
+ }
+ buf += n;
+ bufSize -= n;
+ }
+ if (sizeof(UT) == 8 && (xn & 1)) {
+ x[xn++] = 0;
+ }
+ return xn / (sizeof(UT) / 4);
+}
+
+/*
+ return retavl is written size if success else 0
+ REMARK : the top of string is buf + bufSize - retval
+*/
+template<class UT>
+size_t arrayToStr(char *buf, size_t bufSize, const UT *x, size_t n, int base, bool withPrefix)
+{
+ switch (base) {
+ case 0:
+ case 10:
+ return arrayToDec(buf, bufSize, x, n);
+ case 16:
+ return arrayToHex(buf, bufSize, x, n, withPrefix);
+ case 2:
+ return arrayToBin(buf, bufSize, x, n, withPrefix);
+ default:
+ return 0;
+ }
+}
+
+template<class UT>
+size_t strToArray(bool *pIsMinus, UT *x, size_t xN, const char *buf, size_t bufSize, int ioMode)
+{
+ ioMode &= 31;
+ size_t readSize;
+ if (!local::parsePrefix(&readSize, pIsMinus, &ioMode, buf, bufSize)) return 0;
+ switch (ioMode) {
+ case 10:
+ return decToArray(x, xN, buf + readSize, bufSize - readSize);
+ case 16:
+ return hexToArray(x, xN, buf + readSize, bufSize - readSize);
+ case 2:
+ return binToArray(x, xN, buf + readSize, bufSize - readSize);
+ default:
+ return 0;
+ }
+}
+
+/*
+ convert src[0, n) to (n * 2) byte hex string and write it to os
+ return true if success else flase
+*/
+template<class OutputStream>
+void writeHexStr(bool *pb, OutputStream& os, const void *src, size_t n)
+{
+ const uint8_t *p = (const uint8_t *)src;
+ for (size_t i = 0; i < n; i++) {
+ char hex[2];
+ cybozu::itohex(hex, sizeof(hex), p[i], false);
+ cybozu::write(pb, os, hex, sizeof(hex));
+ if (!*pb) return;
+ }
+ *pb = true;
+}
+/*
+ read hex string from is and convert it to byte array
+ return written buffer size
+*/
+template<class InputStream>
+inline size_t readHexStr(void *buf, size_t n, InputStream& is)
+{
+ bool b;
+ uint8_t *dst = (uint8_t *)buf;
+ for (size_t i = 0; i < n; i++) {
+ uint8_t L, H;
+ char c[2];
+ if (cybozu::readSome(c, sizeof(c), is) != sizeof(c)) return i;
+ b = local::hexCharToUint8(&H, c[0]);
+ if (!b) return i;
+ b = local::hexCharToUint8(&L, c[1]);
+ if (!b) return i;
+ dst[i] = (H << 4) | L;
+ }
+ return n;
+}
+
+} } // mcl::fp
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/curve_type.h b/vendor/github.com/byzantine-lab/mcl/include/mcl/curve_type.h
new file mode 100644
index 000000000..9e4a941a0
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/curve_type.h
@@ -0,0 +1,35 @@
+#pragma once
+/**
+ @file
+ @brief curve type
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+
+enum {
+ MCL_BN254 = 0,
+ MCL_BN381_1 = 1,
+ MCL_BN381_2 = 2,
+ MCL_BN462 = 3,
+ MCL_BN_SNARK1 = 4,
+ MCL_BLS12_381 = 5,
+ MCL_BN160 = 6,
+
+ /*
+ for only G1
+ the size of curve must be less or equal to MCLBN_FP_UNIT_SIZE
+ */
+ MCL_EC_BEGIN = 100,
+ MCL_SECP192K1 = MCL_EC_BEGIN,
+ MCL_SECP224K1 = 101,
+ MCL_SECP256K1 = 102,
+ MCL_SECP384R1 = 103,
+ MCL_SECP521R1 = 104,
+ MCL_NIST_P192 = 105,
+ MCL_NIST_P224 = 106,
+ MCL_NIST_P256 = 107,
+ MCL_EC_END = MCL_NIST_P256 + 1,
+ MCL_NIST_P384 = MCL_SECP384R1,
+ MCL_NIST_P521 = MCL_SECP521R1
+};
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/ec.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/ec.hpp
new file mode 100644
index 000000000..b8eb10be3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/ec.hpp
@@ -0,0 +1,1045 @@
+#pragma once
+/**
+ @file
+ @brief elliptic curve
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <stdlib.h>
+#include <cybozu/exception.hpp>
+#include <mcl/op.hpp>
+#include <mcl/util.hpp>
+
+//#define MCL_EC_USE_AFFINE
+
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4458)
+#endif
+
+namespace mcl {
+
+namespace ec {
+
+enum Mode {
+ Jacobi = 0,
+ Proj = 1
+};
+
+} // mcl::ec
+
+/*
+ elliptic curve
+ y^2 = x^3 + ax + b (affine)
+ y^2 = x^3 + az^4 + bz^6 (Jacobi) x = X/Z^2, y = Y/Z^3
+*/
+template<class _Fp>
+class EcT : public fp::Serializable<EcT<_Fp> > {
+ enum {
+ zero,
+ minus3,
+ generic
+ };
+public:
+ typedef _Fp Fp;
+ typedef _Fp BaseFp;
+#ifdef MCL_EC_USE_AFFINE
+ Fp x, y;
+ bool inf_;
+#else
+ Fp x, y, z;
+ static int mode_;
+#endif
+ static Fp a_;
+ static Fp b_;
+ static int specialA_;
+ static int ioMode_;
+ /*
+ order_ is the order of G2 which is the subgroup of EcT<Fp2>.
+ check the order of the elements if verifyOrder_ is true
+ */
+ static bool verifyOrder_;
+ static mpz_class order_;
+ static void (*mulArrayGLV)(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime);
+ /* default constructor is undefined value */
+ EcT() {}
+ EcT(const Fp& _x, const Fp& _y)
+ {
+ set(_x, _y);
+ }
+ bool isNormalized() const
+ {
+#ifdef MCL_EC_USE_AFFINE
+ return true;
+#else
+ return isZero() || z.isOne();
+#endif
+ }
+#ifndef MCL_EC_USE_AFFINE
+private:
+ void normalizeJacobi()
+ {
+ assert(!z.isZero());
+ Fp rz2;
+ Fp::inv(z, z);
+ Fp::sqr(rz2, z);
+ x *= rz2;
+ y *= rz2;
+ y *= z;
+ z = 1;
+ }
+ void normalizeProj()
+ {
+ assert(!z.isZero());
+ Fp::inv(z, z);
+ x *= z;
+ y *= z;
+ z = 1;
+ }
+ // Y^2 == X(X^2 + aZ^4) + bZ^6
+ bool isValidJacobi() const
+ {
+ Fp y2, x2, z2, z4, t;
+ Fp::sqr(x2, x);
+ Fp::sqr(y2, y);
+ Fp::sqr(z2, z);
+ Fp::sqr(z4, z2);
+ Fp::mul(t, z4, a_);
+ t += x2;
+ t *= x;
+ z4 *= z2;
+ z4 *= b_;
+ t += z4;
+ return y2 == t;
+ }
+ // (Y^2 - bZ^2)Z = X(X^2 + aZ^2)
+ bool isValidProj() const
+ {
+ Fp y2, x2, z2, t;
+ Fp::sqr(x2, x);
+ Fp::sqr(y2, y);
+ Fp::sqr(z2, z);
+ Fp::mul(t, a_, z2);
+ t += x2;
+ t *= x;
+ z2 *= b_;
+ y2 -= z2;
+ y2 *= z;
+ return y2 == t;
+ }
+#endif
+ // y^2 == (x^2 + a)x + b
+ static inline bool isValid(const Fp& _x, const Fp& _y)
+ {
+ Fp y2, t;
+ Fp::sqr(y2, _y);
+ Fp::sqr(t, _x);
+ t += a_;
+ t *= _x;
+ t += b_;
+ return y2 == t;
+ }
+public:
+ void normalize()
+ {
+#ifndef MCL_EC_USE_AFFINE
+ if (isNormalized()) return;
+ switch (mode_) {
+ case ec::Jacobi:
+ normalizeJacobi();
+ break;
+ case ec::Proj:
+ normalizeProj();
+ break;
+ }
+#endif
+ }
+ static void normalize(EcT& y, const EcT& x)
+ {
+ y = x;
+ y.normalize();
+ }
+ static inline void init(const Fp& a, const Fp& b, int mode = ec::Jacobi)
+ {
+ a_ = a;
+ b_ = b;
+ if (a_.isZero()) {
+ specialA_ = zero;
+ } else if (a_ == -3) {
+ specialA_ = minus3;
+ } else {
+ specialA_ = generic;
+ }
+ ioMode_ = 0;
+ verifyOrder_ = false;
+ order_ = 0;
+ mulArrayGLV = 0;
+#ifdef MCL_EC_USE_AFFINE
+ cybozu::disable_warning_unused_variable(mode);
+#else
+ assert(mode == ec::Jacobi || mode == ec::Proj);
+ mode_ = mode;
+#endif
+ }
+ /*
+ verify the order of *this is equal to order if order != 0
+ in constructor, set, setStr, operator<<().
+ */
+ static void setOrder(const mpz_class& order)
+ {
+ if (order != 0) {
+ verifyOrder_ = true;
+ order_ = order;
+ } else {
+ verifyOrder_ = false;
+ // don't clear order_ because it is used for isValidOrder()
+ }
+ }
+ static void setMulArrayGLV(void f(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime))
+ {
+ mulArrayGLV = f;
+ }
+ static inline void init(bool *pb, const char *astr, const char *bstr, int mode = ec::Jacobi)
+ {
+ Fp a, b;
+ a.setStr(pb, astr);
+ if (!*pb) return;
+ b.setStr(pb, bstr);
+ if (!*pb) return;
+ init(a, b, mode);
+ }
+ // verify the order
+ bool isValidOrder() const
+ {
+ EcT Q;
+ EcT::mulGeneric(Q, *this, order_);
+ return Q.isZero();
+ }
+ bool isValid() const
+ {
+ if (isZero()) return true;
+ bool isOK = false;
+#ifndef MCL_EC_USE_AFFINE
+ if (!z.isOne()) {
+ switch (mode_) {
+ case ec::Jacobi:
+ isOK = isValidJacobi();
+ break;
+ case ec::Proj:
+ isOK = isValidProj();
+ break;
+ }
+ } else
+#endif
+ {
+ isOK = isValid(x, y);
+ }
+ if (!isOK) return false;
+ if (verifyOrder_) return isValidOrder();
+ return true;
+ }
+ void set(bool *pb, const Fp& _x, const Fp& _y, bool verify = true)
+ {
+ if (verify && !isValid(_x, _y)) {
+ *pb = false;
+ return;
+ }
+ x = _x; y = _y;
+#ifdef MCL_EC_USE_AFFINE
+ inf_ = false;
+#else
+ z = 1;
+#endif
+ if (verify && verifyOrder_ && !isValidOrder()) {
+ *pb = false;
+ } else {
+ *pb = true;
+ }
+ }
+ void clear()
+ {
+#ifdef MCL_EC_USE_AFFINE
+ inf_ = true;
+#else
+ z.clear();
+#endif
+ x.clear();
+ y.clear();
+ }
+#ifndef MCL_EC_USE_AFFINE
+ static inline void dblNoVerifyInfJacobi(EcT& R, const EcT& P)
+ {
+ Fp S, M, t, y2;
+ Fp::sqr(y2, P.y);
+ Fp::mul(S, P.x, y2);
+ const bool isPzOne = P.z.isOne();
+ S += S;
+ S += S;
+ Fp::sqr(M, P.x);
+ switch (specialA_) {
+ case zero:
+ Fp::add(t, M, M);
+ M += t;
+ break;
+ case minus3:
+ if (isPzOne) {
+ M -= P.z;
+ } else {
+ Fp::sqr(t, P.z);
+ Fp::sqr(t, t);
+ M -= t;
+ }
+ Fp::add(t, M, M);
+ M += t;
+ break;
+ case generic:
+ default:
+ if (isPzOne) {
+ t = a_;
+ } else {
+ Fp::sqr(t, P.z);
+ Fp::sqr(t, t);
+ t *= a_;
+ }
+ t += M;
+ M += M;
+ M += t;
+ break;
+ }
+ Fp::sqr(R.x, M);
+ R.x -= S;
+ R.x -= S;
+ if (isPzOne) {
+ R.z = P.y;
+ } else {
+ Fp::mul(R.z, P.y, P.z);
+ }
+ R.z += R.z;
+ Fp::sqr(y2, y2);
+ y2 += y2;
+ y2 += y2;
+ y2 += y2;
+ Fp::sub(R.y, S, R.x);
+ R.y *= M;
+ R.y -= y2;
+ }
+ static inline void dblNoVerifyInfProj(EcT& R, const EcT& P)
+ {
+ const bool isPzOne = P.z.isOne();
+ Fp w, t, h;
+ switch (specialA_) {
+ case zero:
+ Fp::sqr(w, P.x);
+ Fp::add(t, w, w);
+ w += t;
+ break;
+ case minus3:
+ Fp::sqr(w, P.x);
+ if (isPzOne) {
+ w -= P.z;
+ } else {
+ Fp::sqr(t, P.z);
+ w -= t;
+ }
+ Fp::add(t, w, w);
+ w += t;
+ break;
+ case generic:
+ default:
+ if (isPzOne) {
+ w = a_;
+ } else {
+ Fp::sqr(w, P.z);
+ w *= a_;
+ }
+ Fp::sqr(t, P.x);
+ w += t;
+ w += t;
+ w += t; // w = a z^2 + 3x^2
+ break;
+ }
+ if (isPzOne) {
+ R.z = P.y;
+ } else {
+ Fp::mul(R.z, P.y, P.z); // s = yz
+ }
+ Fp::mul(t, R.z, P.x);
+ t *= P.y; // xys
+ t += t;
+ t += t; // 4(xys) ; 4B
+ Fp::sqr(h, w);
+ h -= t;
+ h -= t; // w^2 - 8B
+ Fp::mul(R.x, h, R.z);
+ t -= h; // h is free
+ t *= w;
+ Fp::sqr(w, P.y);
+ R.x += R.x;
+ R.z += R.z;
+ Fp::sqr(h, R.z);
+ w *= h;
+ R.z *= h;
+ Fp::sub(R.y, t, w);
+ R.y -= w;
+ }
+#endif
+ static inline void dblNoVerifyInf(EcT& R, const EcT& P)
+ {
+#ifdef MCL_EC_USE_AFFINE
+ Fp t, s;
+ Fp::sqr(t, P.x);
+ Fp::add(s, t, t);
+ t += s;
+ t += a_;
+ Fp::add(s, P.y, P.y);
+ t /= s;
+ Fp::sqr(s, t);
+ s -= P.x;
+ Fp x3;
+ Fp::sub(x3, s, P.x);
+ Fp::sub(s, P.x, x3);
+ s *= t;
+ Fp::sub(R.y, s, P.y);
+ R.x = x3;
+ R.inf_ = false;
+#else
+ switch (mode_) {
+ case ec::Jacobi:
+ dblNoVerifyInfJacobi(R, P);
+ break;
+ case ec::Proj:
+ dblNoVerifyInfProj(R, P);
+ break;
+ }
+#endif
+ }
+ static inline void dbl(EcT& R, const EcT& P)
+ {
+ if (P.isZero()) {
+ R.clear();
+ return;
+ }
+ dblNoVerifyInf(R, P);
+ }
+#ifndef MCL_EC_USE_AFFINE
+ static inline void addJacobi(EcT& R, const EcT& P, const EcT& Q, bool isPzOne, bool isQzOne)
+ {
+ Fp r, U1, S1, H, H3;
+ if (isPzOne) {
+ // r = 1;
+ } else {
+ Fp::sqr(r, P.z);
+ }
+ if (isQzOne) {
+ U1 = P.x;
+ if (isPzOne) {
+ H = Q.x;
+ } else {
+ Fp::mul(H, Q.x, r);
+ }
+ H -= U1;
+ S1 = P.y;
+ } else {
+ Fp::sqr(S1, Q.z);
+ Fp::mul(U1, P.x, S1);
+ if (isPzOne) {
+ H = Q.x;
+ } else {
+ Fp::mul(H, Q.x, r);
+ }
+ H -= U1;
+ S1 *= Q.z;
+ S1 *= P.y;
+ }
+ if (isPzOne) {
+ r = Q.y;
+ } else {
+ r *= P.z;
+ r *= Q.y;
+ }
+ r -= S1;
+ if (H.isZero()) {
+ if (r.isZero()) {
+ dblNoVerifyInf(R, P);
+ } else {
+ R.clear();
+ }
+ return;
+ }
+ if (isPzOne) {
+ R.z = H;
+ } else {
+ Fp::mul(R.z, P.z, H);
+ }
+ if (!isQzOne) {
+ R.z *= Q.z;
+ }
+ Fp::sqr(H3, H); // H^2
+ Fp::sqr(R.y, r); // r^2
+ U1 *= H3; // U1 H^2
+ H3 *= H; // H^3
+ R.y -= U1;
+ R.y -= U1;
+ Fp::sub(R.x, R.y, H3);
+ U1 -= R.x;
+ U1 *= r;
+ H3 *= S1;
+ Fp::sub(R.y, U1, H3);
+ }
+ static inline void addProj(EcT& R, const EcT& P, const EcT& Q, bool isPzOne, bool isQzOne)
+ {
+ Fp r, PyQz, v, A, vv;
+ if (isQzOne) {
+ r = P.x;
+ PyQz = P.y;
+ } else {
+ Fp::mul(r, P.x, Q.z);
+ Fp::mul(PyQz, P.y, Q.z);
+ }
+ if (isPzOne) {
+ A = Q.y;
+ v = Q.x;
+ } else {
+ Fp::mul(A, Q.y, P.z);
+ Fp::mul(v, Q.x, P.z);
+ }
+ v -= r;
+ if (v.isZero()) {
+ if (A == PyQz) {
+ dblNoVerifyInf(R, P);
+ } else {
+ R.clear();
+ }
+ return;
+ }
+ Fp::sub(R.y, A, PyQz);
+ Fp::sqr(A, R.y);
+ Fp::sqr(vv, v);
+ r *= vv;
+ vv *= v;
+ if (isQzOne) {
+ R.z = P.z;
+ } else {
+ if (isPzOne) {
+ R.z = Q.z;
+ } else {
+ Fp::mul(R.z, P.z, Q.z);
+ }
+ }
+ // R.z = 1 if isPzOne && isQzOne
+ if (isPzOne && isQzOne) {
+ R.z = vv;
+ } else {
+ A *= R.z;
+ R.z *= vv;
+ }
+ A -= vv;
+ vv *= PyQz;
+ A -= r;
+ A -= r;
+ Fp::mul(R.x, v, A);
+ r -= A;
+ R.y *= r;
+ R.y -= vv;
+ }
+#endif
+ static inline void add(EcT& R, const EcT& P, const EcT& Q) {
+ if (P.isZero()) { R = Q; return; }
+ if (Q.isZero()) { R = P; return; }
+ if (&P == &Q) {
+ dblNoVerifyInf(R, P);
+ return;
+ }
+#ifdef MCL_EC_USE_AFFINE
+ Fp t;
+ Fp::neg(t, Q.y);
+ if (P.y == t) { R.clear(); return; }
+ Fp::sub(t, Q.x, P.x);
+ if (t.isZero()) {
+ dblNoVerifyInf(R, P);
+ return;
+ }
+ Fp s;
+ Fp::sub(s, Q.y, P.y);
+ Fp::div(t, s, t);
+ R.inf_ = false;
+ Fp x3;
+ Fp::sqr(x3, t);
+ x3 -= P.x;
+ x3 -= Q.x;
+ Fp::sub(s, P.x, x3);
+ s *= t;
+ Fp::sub(R.y, s, P.y);
+ R.x = x3;
+#else
+ bool isPzOne = P.z.isOne();
+ bool isQzOne = Q.z.isOne();
+ switch (mode_) {
+ case ec::Jacobi:
+ addJacobi(R, P, Q, isPzOne, isQzOne);
+ break;
+ case ec::Proj:
+ addProj(R, P, Q, isPzOne, isQzOne);
+ break;
+ }
+#endif
+ }
+ static inline void sub(EcT& R, const EcT& P, const EcT& Q)
+ {
+ EcT nQ;
+ neg(nQ, Q);
+ add(R, P, nQ);
+ }
+ static inline void neg(EcT& R, const EcT& P)
+ {
+ if (P.isZero()) {
+ R.clear();
+ return;
+ }
+ R.x = P.x;
+ Fp::neg(R.y, P.y);
+#ifdef MCL_EC_USE_AFFINE
+ R.inf_ = false;
+#else
+ R.z = P.z;
+#endif
+ }
+ template<class tag, size_t maxBitSize, template<class _tag, size_t _maxBitSize>class FpT>
+ static inline void mul(EcT& z, const EcT& x, const FpT<tag, maxBitSize>& y)
+ {
+ fp::Block b;
+ y.getBlock(b);
+ mulArray(z, x, b.p, b.n, false);
+ }
+ static inline void mul(EcT& z, const EcT& x, int64_t y)
+ {
+ const uint64_t u = fp::abs_(y);
+#if MCL_SIZEOF_UNIT == 8
+ mulArray(z, x, &u, 1, y < 0);
+#else
+ uint32_t ua[2] = { uint32_t(u), uint32_t(u >> 32) };
+ size_t un = ua[1] ? 2 : 1;
+ mulArray(z, x, ua, un, y < 0);
+#endif
+ }
+ static inline void mul(EcT& z, const EcT& x, const mpz_class& y)
+ {
+ mulArray(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0);
+ }
+ template<class tag, size_t maxBitSize, template<class _tag, size_t _maxBitSize>class FpT>
+ static inline void mulCT(EcT& z, const EcT& x, const FpT<tag, maxBitSize>& y)
+ {
+ fp::Block b;
+ y.getBlock(b);
+ mulArray(z, x, b.p, b.n, false, true);
+ }
+ static inline void mulCT(EcT& z, const EcT& x, const mpz_class& y)
+ {
+ mulArray(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0, true);
+ }
+ /*
+ 0 <= P for any P
+ (Px, Py) <= (P'x, P'y) iff Px < P'x or Px == P'x and Py <= P'y
+ @note compare function calls normalize()
+ */
+ template<class F>
+ static inline int compareFunc(const EcT& P_, const EcT& Q_, F comp)
+ {
+ const bool QisZero = Q_.isZero();
+ if (P_.isZero()) {
+ if (QisZero) return 0;
+ return -1;
+ }
+ if (QisZero) return 1;
+ EcT P(P_), Q(Q_);
+ P.normalize();
+ Q.normalize();
+ int c = comp(P.x, Q.x);
+ if (c > 0) return 1;
+ if (c < 0) return -1;
+ return comp(P.y, Q.y);
+ }
+ static inline int compare(const EcT& P, const EcT& Q)
+ {
+ return compareFunc(P, Q, Fp::compare);
+ }
+ static inline int compareRaw(const EcT& P, const EcT& Q)
+ {
+ return compareFunc(P, Q, Fp::compareRaw);
+ }
+ bool isZero() const
+ {
+#ifdef MCL_EC_USE_AFFINE
+ return inf_;
+#else
+ return z.isZero();
+#endif
+ }
+ static inline bool isMSBserialize()
+ {
+ return !b_.isZero() && (Fp::BaseFp::getBitSize() & 7) != 0;
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ if (ioMode & IoEcProj) {
+ cybozu::writeChar(pb, os, '4'); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ x.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ y.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+#ifndef MCL_EC_USE_AFFINE
+ z.save(pb, os, ioMode);
+#endif
+ return;
+ }
+ EcT P(*this);
+ P.normalize();
+ if (ioMode & (IoSerialize | IoSerializeHexStr)) {
+ /*
+ if (isMSBserialize()) {
+ // n bytes
+ x | (y.isOdd ? 0x80 : 0)
+ } else {
+ // n + 1 bytes
+ (y.isOdd ? 3 : 2), x
+ }
+ */
+ const size_t n = Fp::getByteSize();
+ const size_t adj = isMSBserialize() ? 0 : 1;
+ char buf[sizeof(Fp) + 1];
+ if (isZero()) {
+ memset(buf, 0, n + adj);
+ } else {
+ cybozu::MemoryOutputStream mos(buf + adj, n);
+ P.x.save(pb, mos, IoSerialize); if (!*pb) return;
+ if (adj) {
+ buf[0] = P.y.isOdd() ? 3 : 2;
+ } else {
+ if (P.y.isOdd()) {
+ buf[n - 1] |= 0x80;
+ }
+ }
+ }
+ if (ioMode & IoSerializeHexStr) {
+ mcl::fp::writeHexStr(pb, os, buf, n + adj);
+ } else {
+ cybozu::write(pb, os, buf, n + adj);
+ }
+ return;
+ }
+ if (isZero()) {
+ cybozu::writeChar(pb, os, '0');
+ return;
+ }
+ if (ioMode & IoEcCompY) {
+ cybozu::writeChar(pb, os, P.y.isOdd() ? '3' : '2');
+ if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ P.x.save(pb, os, ioMode);
+ } else {
+ cybozu::writeChar(pb, os, '1'); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ P.x.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ P.y.save(pb, os, ioMode);
+ }
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+#ifdef MCL_EC_USE_AFFINE
+ inf_ = false;
+#else
+ z = 1;
+#endif
+ if (ioMode & (IoSerialize | IoSerializeHexStr)) {
+ const size_t n = Fp::getByteSize();
+ const size_t adj = isMSBserialize() ? 0 : 1;
+ const size_t n1 = n + adj;
+ char buf[sizeof(Fp) + 1];
+ size_t readSize;
+ if (ioMode & IoSerializeHexStr) {
+ readSize = mcl::fp::readHexStr(buf, n1, is);
+ } else {
+ readSize = cybozu::readSome(buf, n1, is);
+ }
+ if (readSize != n1) {
+ *pb = false;
+ return;
+ }
+ if (fp::isZeroArray(buf, n1)) {
+ clear();
+ *pb = true;
+ return;
+ }
+ bool isYodd;
+ if (adj) {
+ char c = buf[0];
+ if (c != 2 && c != 3) {
+ *pb = false;
+ return;
+ }
+ isYodd = c == 3;
+ } else {
+ isYodd = (buf[n - 1] >> 7) != 0;
+ buf[n - 1] &= 0x7f;
+ }
+ x.setArray(pb, buf + adj, n);
+ if (!*pb) return;
+ *pb = getYfromX(y, x, isYodd);
+ if (!*pb) return;
+ } else {
+ char c = 0;
+ if (!fp::local::skipSpace(&c, is)) {
+ *pb = false;
+ return;
+ }
+ if (c == '0') {
+ clear();
+ *pb = true;
+ return;
+ }
+ x.load(pb, is, ioMode); if (!*pb) return;
+ if (c == '1') {
+ y.load(pb, is, ioMode); if (!*pb) return;
+ if (!isValid(x, y)) {
+ *pb = false;
+ return;
+ }
+ } else if (c == '2' || c == '3') {
+ bool isYodd = c == '3';
+ *pb = getYfromX(y, x, isYodd);
+ if (!*pb) return;
+ } else if (c == '4') {
+ y.load(pb, is, ioMode); if (!*pb) return;
+#ifndef MCL_EC_USE_AFFINE
+ z.load(pb, is, ioMode); if (!*pb) return;
+#endif
+ } else {
+ *pb = false;
+ return;
+ }
+ }
+ if (verifyOrder_ && !isValidOrder()) {
+ *pb = false;
+ } else {
+ *pb = true;
+ }
+ }
+ // deplicated
+ static void setCompressedExpression(bool compressedExpression = true)
+ {
+ if (compressedExpression) {
+ ioMode_ |= IoEcCompY;
+ } else {
+ ioMode_ &= ~IoEcCompY;
+ }
+ }
+ /*
+ set IoMode for operator<<(), or operator>>()
+ */
+ static void setIoMode(int ioMode)
+ {
+ assert(!(ioMode & 0xff));
+ ioMode_ = ioMode;
+ }
+ static inline int getIoMode() { return Fp::BaseFp::getIoMode() | ioMode_; }
+ static inline void getWeierstrass(Fp& yy, const Fp& x)
+ {
+ Fp t;
+ Fp::sqr(t, x);
+ t += a_;
+ t *= x;
+ Fp::add(yy, t, b_);
+ }
+ static inline bool getYfromX(Fp& y, const Fp& x, bool isYodd)
+ {
+ getWeierstrass(y, x);
+ if (!Fp::squareRoot(y, y)) {
+ return false;
+ }
+ if (y.isOdd() ^ isYodd) {
+ Fp::neg(y, y);
+ }
+ return true;
+ }
+ inline friend EcT operator+(const EcT& x, const EcT& y) { EcT z; add(z, x, y); return z; }
+ inline friend EcT operator-(const EcT& x, const EcT& y) { EcT z; sub(z, x, y); return z; }
+ template<class INT>
+ inline friend EcT operator*(const EcT& x, const INT& y) { EcT z; mul(z, x, y); return z; }
+ EcT& operator+=(const EcT& x) { add(*this, *this, x); return *this; }
+ EcT& operator-=(const EcT& x) { sub(*this, *this, x); return *this; }
+ template<class INT>
+ EcT& operator*=(const INT& x) { mul(*this, *this, x); return *this; }
+ EcT operator-() const { EcT x; neg(x, *this); return x; }
+ bool operator==(const EcT& rhs) const
+ {
+ EcT R;
+ sub(R, *this, rhs); // QQQ : optimized later
+ return R.isZero();
+ }
+ bool operator!=(const EcT& rhs) const { return !operator==(rhs); }
+ bool operator<(const EcT& rhs) const
+ {
+ return compare(*this, rhs) < 0;
+ }
+ bool operator>=(const EcT& rhs) const { return !operator<(rhs); }
+ bool operator>(const EcT& rhs) const { return rhs < *this; }
+ bool operator<=(const EcT& rhs) const { return !operator>(rhs); }
+ static inline void mulArray(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime = false)
+ {
+ if (!constTime && x.isZero()) {
+ z.clear();
+ return;
+ }
+ if (mulArrayGLV && (constTime || yn > 1)) {
+ mulArrayGLV(z, x, y, yn, isNegative, constTime);
+ return;
+ }
+ mulArrayBase(z, x, y, yn, isNegative, constTime);
+ }
+ static inline void mulArrayBase(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime)
+ {
+ EcT tmp;
+ const EcT *px = &x;
+ if (&z == &x) {
+ tmp = x;
+ px = &tmp;
+ }
+ z.clear();
+ fp::powGeneric(z, *px, y, yn, EcT::add, EcT::dbl, EcT::normalize, constTime ? Fp::BaseFp::getBitSize() : 0);
+ if (isNegative) {
+ neg(z, z);
+ }
+ }
+ /*
+ generic mul
+ */
+ static inline void mulGeneric(EcT& z, const EcT& x, const mpz_class& y, bool constTime = false)
+ {
+ mulArrayBase(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0, constTime);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ static inline void init(const std::string& astr, const std::string& bstr, int mode = ec::Jacobi)
+ {
+ bool b;
+ init(&b, astr.c_str(), bstr.c_str(), mode);
+ if (!b) throw cybozu::Exception("mcl:EcT:init");
+ }
+ void set(const Fp& _x, const Fp& _y, bool verify = true)
+ {
+ bool b;
+ set(&b, _x, _y, verify);
+ if (!b) throw cybozu::Exception("ec:EcT:set") << _x << _y;
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("EcT:save");
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("EcT:load");
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_STRING
+ // backward compatilibity
+ static inline void setParam(const std::string& astr, const std::string& bstr, int mode = ec::Jacobi)
+ {
+ init(astr, bstr, mode);
+ }
+ friend inline std::istream& operator>>(std::istream& is, EcT& self)
+ {
+ self.load(is, fp::detectIoMode(getIoMode(), is));
+ return is;
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const EcT& self)
+ {
+ self.save(os, fp::detectIoMode(getIoMode(), os));
+ return os;
+ }
+#endif
+};
+
+template<class Fp> Fp EcT<Fp>::a_;
+template<class Fp> Fp EcT<Fp>::b_;
+template<class Fp> int EcT<Fp>::specialA_;
+template<class Fp> int EcT<Fp>::ioMode_;
+template<class Fp> bool EcT<Fp>::verifyOrder_;
+template<class Fp> mpz_class EcT<Fp>::order_;
+template<class Fp> void (*EcT<Fp>::mulArrayGLV)(EcT& z, const EcT& x, const fp::Unit *y, size_t yn, bool isNegative, bool constTime);
+#ifndef MCL_EC_USE_AFFINE
+template<class Fp> int EcT<Fp>::mode_;
+#endif
+
+struct EcParam {
+ const char *name;
+ const char *p;
+ const char *a;
+ const char *b;
+ const char *gx;
+ const char *gy;
+ const char *n;
+ size_t bitSize; // bit length of p
+ int curveType;
+};
+
+} // mcl
+
+#ifdef CYBOZU_USE_BOOST
+namespace mcl {
+template<class Fp>
+size_t hash_value(const mcl::EcT<Fp>& P_)
+{
+ if (P_.isZero()) return 0;
+ mcl::EcT<Fp> P(P_); P.normalize();
+ return mcl::hash_value(P.y, mcl::hash_value(P.x));
+}
+
+}
+#else
+namespace std { CYBOZU_NAMESPACE_TR1_BEGIN
+
+template<class Fp>
+struct hash<mcl::EcT<Fp> > {
+ size_t operator()(const mcl::EcT<Fp>& P_) const
+ {
+ if (P_.isZero()) return 0;
+ mcl::EcT<Fp> P(P_); P.normalize();
+ return hash<Fp>()(P.y, hash<Fp>()(P.x));
+ }
+};
+
+CYBOZU_NAMESPACE_TR1_END } // std
+#endif
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.h b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.h
new file mode 100644
index 000000000..daeb6be53
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.h
@@ -0,0 +1,105 @@
+#pragma once
+/**
+ @file
+ @brief C interface of ECDSA
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <stdint.h> // for uint64_t, uint8_t
+#include <stdlib.h> // for size_t
+
+#if defined(_MSC_VER)
+ #ifdef ECDSA_DLL_EXPORT
+ #define ECDSA_DLL_API __declspec(dllexport)
+ #else
+ #define ECDSA_DLL_API __declspec(dllimport)
+ #ifndef ECDSA_NO_AUTOLINK
+ #pragma comment(lib, "mclecdsa.lib")
+ #endif
+ #endif
+#elif defined(__EMSCRIPTEN__)
+ #define ECDSA_DLL_API __attribute__((used))
+#else
+ #define ECDSA_DLL_API
+#endif
+
+#ifndef mclSize
+ #ifdef __EMSCRIPTEN__
+ // avoid 64-bit integer
+ #define mclSize unsigned int
+ #define mclInt int
+ #else
+ // use #define for cgo
+ #define mclSize size_t
+ #define mclInt int64_t
+ #endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef ECDSA_NOT_DEFINE_STRUCT
+
+typedef struct ecdsaSecretKey ecdsaSecretKey;
+typedef struct ecdsaPublicKey ecdsaPublicKey;
+typedef struct ecdsaSignature ecdsaSignature;
+
+#else
+
+typedef struct {
+ uint64_t d[4];
+} ecdsaSecretKey;
+
+typedef struct {
+ uint64_t d[4 * 3];
+} ecdsaPublicKey;
+
+typedef struct {
+ uint64_t d[4 * 2];
+} ecdsaSignature;
+
+#endif
+
+struct ecdsaPrecomputedPublicKey;
+
+/*
+ init library
+ return 0 if success
+ @note not threadsafe
+*/
+ECDSA_DLL_API int ecdsaInit(void);
+
+// return written byte size if success else 0
+ECDSA_DLL_API mclSize ecdsaSecretKeySerialize(void *buf, mclSize maxBufSize, const ecdsaSecretKey *sec);
+ECDSA_DLL_API mclSize ecdsaPublicKeySerialize(void *buf, mclSize maxBufSize, const ecdsaPublicKey *pub);
+ECDSA_DLL_API mclSize ecdsaSignatureSerialize(void *buf, mclSize maxBufSize, const ecdsaSignature *sig);
+
+// return read byte size if sucess else 0
+ECDSA_DLL_API mclSize ecdsaSecretKeyDeserialize(ecdsaSecretKey* sec, const void *buf, mclSize bufSize);
+ECDSA_DLL_API mclSize ecdsaPublicKeyDeserialize(ecdsaPublicKey* pub, const void *buf, mclSize bufSize);
+ECDSA_DLL_API mclSize ecdsaSignatureDeserialize(ecdsaSignature* sig, const void *buf, mclSize bufSize);
+
+// return 0 if success
+ECDSA_DLL_API int ecdsaSecretKeySetByCSPRNG(ecdsaSecretKey *sec);
+
+ECDSA_DLL_API void ecdsaGetPublicKey(ecdsaPublicKey *pub, const ecdsaSecretKey *sec);
+
+ECDSA_DLL_API void ecdsaSign(ecdsaSignature *sig, const ecdsaSecretKey *sec, const void *m, mclSize size);
+
+// return 1 if valid
+ECDSA_DLL_API int ecdsaVerify(const ecdsaSignature *sig, const ecdsaPublicKey *pub, const void *m, mclSize size);
+ECDSA_DLL_API int ecdsaVerifyPrecomputed(const ecdsaSignature *sig, const ecdsaPrecomputedPublicKey *pub, const void *m, mclSize size);
+
+// return nonzero if success
+ECDSA_DLL_API ecdsaPrecomputedPublicKey *ecdsaPrecomputedPublicKeyCreate();
+// call this function to avoid memory leak
+ECDSA_DLL_API void ecdsaPrecomputedPublicKeyDestroy(ecdsaPrecomputedPublicKey *ppub);
+// return 0 if success
+ECDSA_DLL_API int ecdsaPrecomputedPublicKeyInit(ecdsaPrecomputedPublicKey *ppub, const ecdsaPublicKey *pub);
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.hpp
new file mode 100644
index 000000000..cf3ed3f65
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecdsa.hpp
@@ -0,0 +1,257 @@
+#pragma once
+/**
+ @file
+ @brief ECDSA
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/fp.hpp>
+#include <mcl/ec.hpp>
+#include <mcl/ecparam.hpp>
+#include <mcl/window_method.hpp>
+
+namespace mcl { namespace ecdsa {
+
+namespace local {
+
+#ifndef MCLSHE_WIN_SIZE
+ #define MCLSHE_WIN_SIZE 10
+#endif
+static const size_t winSize = MCLSHE_WIN_SIZE;
+
+struct FpTag;
+struct ZnTag;
+
+} // mcl::ecdsa::local
+
+typedef mcl::FpT<local::FpTag, 256> Fp;
+typedef mcl::FpT<local::ZnTag, 256> Zn;
+typedef mcl::EcT<Fp> Ec;
+
+namespace local {
+
+struct Param {
+ mcl::EcParam ecParam;
+ Ec P;
+ mcl::fp::WindowMethod<Ec> Pbase;
+};
+
+inline Param& getParam()
+{
+ static Param p;
+ return p;
+}
+
+inline void be32toZn(Zn& x, const mcl::fp::Unit *buf)
+{
+ const size_t n = 32;
+ const unsigned char *p = (const unsigned char*)buf;
+ unsigned char be[n];
+ for (size_t i = 0; i < n; i++) {
+ be[i] = p[n - 1 - i];
+ }
+ x.setArrayMaskMod(be, n);
+}
+
+/*
+ y = x mod n
+*/
+inline void FpToZn(Zn& y, const Fp& x)
+{
+ fp::Block b;
+ x.getBlock(b);
+ y.setArrayMaskMod(b.p, b.n);
+}
+
+inline void setHashOf(Zn& x, const void *msg, size_t msgSize)
+{
+ mcl::fp::Unit xBuf[256 / 8 / sizeof(mcl::fp::Unit)];
+ uint32_t hashSize = mcl::fp::sha256(xBuf, sizeof(xBuf), msg, (uint32_t)msgSize);
+ assert(hashSize == sizeof(xBuf));
+ (void)hashSize;
+ be32toZn(x, xBuf);
+}
+
+} // mcl::ecdsa::local
+
+const local::Param& param = local::getParam();
+
+inline void init(bool *pb)
+{
+ const mcl::EcParam& ecParam = mcl::ecparam::secp256k1;
+ Zn::init(pb, ecParam.n);
+ if (!*pb) return;
+ Fp::init(pb, ecParam.p);
+ if (!*pb) return;
+ Ec::init(pb, ecParam.a, ecParam.b);
+ if (!*pb) return;
+ Zn::setIoMode(16);
+ Fp::setIoMode(16);
+ Ec::setIoMode(mcl::IoEcAffine);
+ local::Param& p = local::getParam();
+ p.ecParam = ecParam;
+ Fp x, y;
+ x.setStr(pb, ecParam.gx);
+ if (!*pb) return;
+ y.setStr(pb, ecParam.gy);
+ if (!*pb) return;
+ p.P.set(pb, x, y);
+ if (!*pb) return;
+ p.Pbase.init(pb, p.P, ecParam.bitSize, local::winSize);
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void init()
+{
+ bool b;
+ init(&b);
+ if (!b) throw cybozu::Exception("ecdsa:init");
+}
+#endif
+
+typedef Zn SecretKey;
+typedef Ec PublicKey;
+
+struct PrecomputedPublicKey {
+ mcl::fp::WindowMethod<Ec> pubBase_;
+ void init(bool *pb, const PublicKey& pub)
+ {
+ pubBase_.init(pb, pub, param.ecParam.bitSize, local::winSize);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void init(const PublicKey& pub)
+ {
+ bool b;
+ init(&b, pub);
+ if (!b) throw cybozu::Exception("ecdsa:PrecomputedPublicKey:init");
+ }
+#endif
+};
+
+inline void getPublicKey(PublicKey& pub, const SecretKey& sec)
+{
+ Ec::mul(pub, param.P, sec);
+ pub.normalize();
+}
+
+struct Signature : public mcl::fp::Serializable<Signature> {
+ Zn r, s;
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ r.load(pb, is, ioMode); if (!*pb) return;
+ s.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ r.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ s.save(pb, os, ioMode);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("ecdsa:Signature:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("ecdsa:Signature:save");
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_STRING
+ friend std::istream& operator>>(std::istream& is, Signature& self)
+ {
+ self.load(is, fp::detectIoMode(Ec::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const Signature& self)
+ {
+ self.save(os, fp::detectIoMode(Ec::getIoMode(), os));
+ return os;
+ }
+#endif
+};
+
+inline void sign(Signature& sig, const SecretKey& sec, const void *msg, size_t msgSize)
+{
+ Zn& r = sig.r;
+ Zn& s = sig.s;
+ Zn z, k;
+ local::setHashOf(z, msg, msgSize);
+ Ec Q;
+ for (;;) {
+ k.setByCSPRNG();
+ param.Pbase.mul(Q, k);
+ if (Q.isZero()) continue;
+ Q.normalize();
+ local::FpToZn(r, Q.x);
+ if (r.isZero()) continue;
+ Zn::mul(s, r, sec);
+ s += z;
+ if (s.isZero()) continue;
+ s /= k;
+ return;
+ }
+}
+
+namespace local {
+
+inline void mulDispatch(Ec& Q, const PublicKey& pub, const Zn& y)
+{
+ Ec::mul(Q, pub, y);
+}
+
+inline void mulDispatch(Ec& Q, const PrecomputedPublicKey& ppub, const Zn& y)
+{
+ ppub.pubBase_.mul(Q, y);
+}
+
+template<class Pub>
+inline bool verify(const Signature& sig, const Pub& pub, const void *msg, size_t msgSize)
+{
+ const Zn& r = sig.r;
+ const Zn& s = sig.s;
+ if (r.isZero() || s.isZero()) return false;
+ Zn z, w, u1, u2;
+ local::setHashOf(z, msg, msgSize);
+ Zn::inv(w, s);
+ Zn::mul(u1, z, w);
+ Zn::mul(u2, r, w);
+ Ec Q1, Q2;
+ param.Pbase.mul(Q1, u1);
+// Ec::mul(Q2, pub, u2);
+ local::mulDispatch(Q2, pub, u2);
+ Q1 += Q2;
+ if (Q1.isZero()) return false;
+ Q1.normalize();
+ Zn x;
+ local::FpToZn(x, Q1.x);
+ return r == x;
+}
+
+} // mcl::ecdsa::local
+
+inline bool verify(const Signature& sig, const PublicKey& pub, const void *msg, size_t msgSize)
+{
+ return local::verify(sig, pub, msg, msgSize);
+}
+
+inline bool verify(const Signature& sig, const PrecomputedPublicKey& ppub, const void *msg, size_t msgSize)
+{
+ return local::verify(sig, ppub, msg, msgSize);
+}
+
+} } // mcl::ecdsa
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/ecparam.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecparam.hpp
new file mode 100644
index 000000000..087bf8b6c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/ecparam.hpp
@@ -0,0 +1,191 @@
+#pragma once
+/**
+ @file
+ @brief Elliptic curve parameter
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/ec.hpp>
+#include <mcl/curve_type.h>
+
+namespace mcl { namespace ecparam {
+
+const struct mcl::EcParam secp160k1 = {
+ "secp160k1",
+ "0xfffffffffffffffffffffffffffffffeffffac73",
+ "0",
+ "7",
+ "0x3b4c382ce37aa192a4019e763036f4f5dd4d7ebb",
+ "0x938cf935318fdced6bc28286531733c3f03c4fee",
+ "0x100000000000000000001b8fa16dfab9aca16b6b3",
+ 160,
+ -1
+};
+// p=2^160 + 7
+const struct mcl::EcParam p160_1 = {
+ "p160_1",
+ "0x10000000000000000000000000000000000000007",
+ "10",
+ "1343632762150092499701637438970764818528075565078",
+ "1",
+ "1236612389951462151661156731535316138439983579284",
+ "1461501637330902918203683518218126812711137002561",
+ 161,
+ -1
+};
+const struct mcl::EcParam secp192k1 = {
+ "secp192k1",
+ "0xfffffffffffffffffffffffffffffffffffffffeffffee37",
+ "0",
+ "3",
+ "0xdb4ff10ec057e9ae26b07d0280b7f4341da5d1b1eae06c7d",
+ "0x9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+ "0xfffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+ 192,
+ MCL_SECP192K1
+};
+const struct mcl::EcParam secp224k1 = {
+ "secp224k1",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffeffffe56d",
+ "0",
+ "5",
+ "0xa1455b334df099df30fc28a169a467e9e47075a90f7e650eb6b7a45c",
+ "0x7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+ "0x10000000000000000000000000001dce8d2ec6184caf0a971769fb1f7",
+ 224,
+ MCL_SECP224K1
+};
+const struct mcl::EcParam secp256k1 = {
+ "secp256k1",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f",
+ "0",
+ "7",
+ "0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798",
+ "0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+ "0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141",
+ 256,
+ MCL_SECP256K1
+};
+const struct mcl::EcParam secp384r1 = {
+ "secp384r1",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+ "-3",
+ "0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
+ "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
+ "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973",
+ 384,
+ MCL_SECP384R1
+};
+const struct mcl::EcParam secp521r1 = {
+ "secp521r1",
+ "0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "-3",
+ "0x51953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+ "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+ 521,
+ MCL_SECP521R1
+};
+const struct mcl::EcParam NIST_P192 = {
+ "NIST_P192",
+ "0xfffffffffffffffffffffffffffffffeffffffffffffffff",
+ "-3",
+ "0x64210519e59c80e70fa7e9ab72243049feb8deecc146b9b1",
+ "0x188da80eb03090f67cbf20eb43a18800f4ff0afd82ff1012",
+ "0x07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+ "0xffffffffffffffffffffffff99def836146bc9b1b4d22831",
+ 192,
+ MCL_NIST_P192
+};
+const struct mcl::EcParam NIST_P224 = {
+ "NIST_P224",
+ "0xffffffffffffffffffffffffffffffff000000000000000000000001",
+ "-3",
+ "0xb4050a850c04b3abf54132565044b0b7d7bfd8ba270b39432355ffb4",
+ "0xb70e0cbd6bb4bf7f321390b94a03c1d356c21122343280d6115c1d21",
+ "0xbd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+ "0xffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d",
+ 224,
+ MCL_NIST_P224
+};
+const struct mcl::EcParam NIST_P256 = {
+ "NIST_P256",
+ "0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff",
+ "-3",
+ "0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b",
+ "0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296",
+ "0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+ "0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551",
+ 256,
+ MCL_NIST_P256
+};
+// same secp384r1
+const struct mcl::EcParam NIST_P384 = {
+ "NIST_P384",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+ "-3",
+ "0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef",
+ "0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7",
+ "0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973",
+ 384,
+ MCL_NIST_P384
+};
+// same secp521r1
+const struct mcl::EcParam NIST_P521 = {
+ "NIST_P521",
+ "0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "-3",
+ "0x051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00",
+ "0xc6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66",
+ "0x11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+ "0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409",
+ 521,
+ MCL_NIST_P521
+};
+
+} // mcl::ecparam
+
+#ifndef CYBOZU_DONT_USE_STRING
+static inline const mcl::EcParam* getEcParam(const std::string& name)
+{
+ static const mcl::EcParam *tbl[] = {
+ &ecparam::p160_1,
+ &ecparam::secp160k1,
+ &ecparam::secp192k1,
+ &ecparam::secp224k1,
+ &ecparam::secp256k1,
+ &ecparam::secp384r1,
+ &ecparam::secp521r1,
+
+ &ecparam::NIST_P192,
+ &ecparam::NIST_P224,
+ &ecparam::NIST_P256,
+ &ecparam::NIST_P384,
+ &ecparam::NIST_P521,
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ if (name == tbl[i]->name) return tbl[i];
+ }
+ throw cybozu::Exception("mcl::getEcParam:not support name") << name;
+}
+#endif
+
+inline const mcl::EcParam* getEcParam(int curve)
+{
+ switch (curve) {
+ case MCL_SECP192K1: return &ecparam::secp192k1;
+ case MCL_SECP224K1: return &ecparam::secp224k1;
+ case MCL_SECP256K1: return &ecparam::secp256k1;
+ case MCL_SECP384R1: return &ecparam::secp384r1;
+ case MCL_NIST_P192: return &ecparam::NIST_P192;
+ case MCL_NIST_P224: return &ecparam::NIST_P224;
+ case MCL_NIST_P256: return &ecparam::NIST_P256;
+ default: return 0;
+ }
+}
+
+} // mcl
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/elgamal.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/elgamal.hpp
new file mode 100644
index 000000000..431148508
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/elgamal.hpp
@@ -0,0 +1,612 @@
+#pragma once
+/**
+ @file
+ @brief lifted-ElGamal encryption
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+
+ original:
+ Copyright (c) 2014, National Institute of Advanced Industrial
+ Science and Technology All rights reserved.
+ This source file is subject to BSD 3-Clause license.
+*/
+#include <string>
+#include <sstream>
+#include <cybozu/unordered_map.hpp>
+#ifndef CYBOZU_UNORDERED_MAP_STD
+#include <map>
+#endif
+#include <cybozu/exception.hpp>
+#include <cybozu/itoa.hpp>
+#include <cybozu/atoi.hpp>
+#include <mcl/window_method.hpp>
+
+namespace mcl {
+
+template<class _Ec, class Zn>
+struct ElgamalT {
+ typedef _Ec Ec;
+ struct CipherText {
+ Ec c1;
+ Ec c2;
+ CipherText()
+ {
+ clear();
+ }
+ /*
+ (c1, c2) = (0, 0) is trivial valid ciphertext for m = 0
+ */
+ void clear()
+ {
+ c1.clear();
+ c2.clear();
+ }
+ /*
+ add encoded message with encoded message
+ input : this = Enc(m1), c = Enc(m2)
+ output : this = Enc(m1 + m2)
+ */
+ void add(const CipherText& c)
+ {
+ Ec::add(c1, c1, c.c1);
+ Ec::add(c2, c2, c.c2);
+ }
+ /*
+ mul by x
+ input : this = Enc(m), x
+ output : this = Enc(m x)
+ */
+ template<class N>
+ void mul(const N& x)
+ {
+ Ec::mul(c1, c1, x);
+ Ec::mul(c2, c2, x);
+ }
+ /*
+ negative encoded message
+ input : this = Enc(m)
+ output : this = Enc(-m)
+ */
+ void neg()
+ {
+ Ec::neg(c1, c1);
+ Ec::neg(c2, c2);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ c1.load(is, ioMode);
+ c2.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ c1.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ c2.save(os, ioMode);
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.clear();
+ cybozu::StringOutputStream os(str);
+ save(os, ioMode);
+ }
+ std::string getStr(int ioMode = 0) const
+ {
+ std::string str;
+ getStr(str, ioMode);
+ return str;
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ cybozu::StringInputStream is(str);
+ load(is, ioMode);
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const CipherText& self)
+ {
+ self.save(os, fp::detectIoMode(Ec::getIoMode(), os));
+ return os;
+ }
+ friend inline std::istream& operator>>(std::istream& is, CipherText& self)
+ {
+ self.load(is, fp::detectIoMode(Ec::getIoMode(), is));
+ return is;
+ }
+ // obsolete
+ std::string toStr() const { return getStr(); }
+ void fromStr(const std::string& str) { setStr(str); }
+ };
+ /*
+ Zero Knowledge Proof
+ cipher text with ZKP to ensure m = 0 or 1
+ http://dx.doi.org/10.1587/transfun.E96.A.1156
+ */
+ struct Zkp {
+ Zn c0, c1, s0, s1;
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ c0.load(is, ioMode);
+ c1.load(is, ioMode);
+ s0.load(is, ioMode);
+ s1.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ c0.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ c1.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ s0.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ s1.save(os, ioMode);
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.clear();
+ cybozu::StringOutputStream os(str);
+ save(os, ioMode);
+ }
+ std::string getStr(int ioMode = 0) const
+ {
+ std::string str;
+ getStr(str, ioMode);
+ return str;
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ cybozu::StringInputStream is(str);
+ load(is, ioMode);
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const Zkp& self)
+ {
+ self.save(os, fp::detectIoMode(Ec::getIoMode(), os));
+ return os;
+ }
+ friend inline std::istream& operator>>(std::istream& is, Zkp& self)
+ {
+ self.load(is, fp::detectIoMode(Ec::getIoMode(), is));
+ return is;
+ }
+ // obsolete
+ std::string toStr() const { return getStr(); }
+ void fromStr(const std::string& str) { setStr(str); }
+ };
+
+ class PublicKey {
+ size_t bitSize;
+ Ec f;
+ Ec g;
+ Ec h;
+ bool enableWindowMethod_;
+ fp::WindowMethod<Ec> wm_f;
+ fp::WindowMethod<Ec> wm_g;
+ fp::WindowMethod<Ec> wm_h;
+ template<class N>
+ void mulDispatch(Ec& z, const Ec& x, const N& n, const fp::WindowMethod<Ec>& pw) const
+ {
+ if (enableWindowMethod_) {
+ pw.mul(z, n);
+ } else {
+ Ec::mul(z, x, n);
+ }
+ }
+ template<class N>
+ void mulF(Ec& z, const N& n) const { mulDispatch(z, f, n, wm_f); }
+ template<class N>
+ void mulG(Ec& z, const N& n) const { mulDispatch(z, g, n, wm_g); }
+ template<class N>
+ void mulH(Ec& z, const N& n) const { mulDispatch(z, h, n, wm_h); }
+ public:
+ PublicKey()
+ : bitSize(0)
+ , enableWindowMethod_(false)
+ {
+ }
+ void enableWindowMethod(size_t winSize = 10)
+ {
+ wm_f.init(f, bitSize, winSize);
+ wm_g.init(g, bitSize, winSize);
+ wm_h.init(h, bitSize, winSize);
+ enableWindowMethod_ = true;
+ }
+ const Ec& getF() const { return f; }
+ void init(size_t bitSize, const Ec& f, const Ec& g, const Ec& h)
+ {
+ this->bitSize = bitSize;
+ this->f = f;
+ this->g = g;
+ this->h = h;
+ enableWindowMethod_ = false;
+ enableWindowMethod();
+ }
+ /*
+ encode message
+ input : m
+ output : c = (c1, c2) = (g^u, h^u f^m)
+ */
+ void enc(CipherText& c, const Zn& m, fp::RandGen rg = fp::RandGen()) const
+ {
+ Zn u;
+ u.setRand(rg);
+ mulG(c.c1, u);
+ mulH(c.c2, u);
+ Ec t;
+ mulF(t, m);
+ Ec::add(c.c2, c.c2, t);
+ }
+ /*
+ encode message
+ input : m = 0 or 1
+ output : c (c1, c2), zkp
+ */
+ void encWithZkp(CipherText& c, Zkp& zkp, int m, fp::RandGen rg = fp::RandGen()) const
+ {
+ if (m != 0 && m != 1) {
+ throw cybozu::Exception("elgamal:PublicKey:encWithZkp") << m;
+ }
+ Zn u;
+ u.setRand(rg);
+ mulG(c.c1, u);
+ mulH(c.c2, u);
+ if (m) {
+ Ec::add(c.c2, c.c2, f);
+ Zn r1;
+ r1.setRand(rg);
+ zkp.c0.setRand(rg);
+ zkp.s0.setRand(rg);
+ Ec R01, R02, R11, R12;
+ Ec t1, t2;
+ mulG(t1, zkp.s0);
+ Ec::mul(t2, c.c1, zkp.c0);
+ Ec::sub(R01, t1, t2);
+ mulH(t1, zkp.s0);
+ Ec::mul(t2, c.c2, zkp.c0);
+ Ec::sub(R02, t1, t2);
+ mulG(R11, r1);
+ mulH(R12, r1);
+ std::ostringstream os;
+ os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << f << g << h;
+ Zn cc;
+ cc.setHashOf(os.str());
+ zkp.c1 = cc - zkp.c0;
+ zkp.s1 = r1 + zkp.c1 * u;
+ } else {
+ Zn r0;
+ r0.setRand(rg);
+ zkp.c1.setRand(rg);
+ zkp.s1.setRand(rg);
+ Ec R01, R02, R11, R12;
+ mulG(R01, r0);
+ mulH(R02, r0);
+ Ec t1, t2;
+ mulG(t1, zkp.s1);
+ Ec::mul(t2, c.c1, zkp.c1);
+ Ec::sub(R11, t1, t2);
+ mulH(t1, zkp.s1);
+ Ec::sub(t2, c.c2, f);
+ Ec::mul(t2, t2, zkp.c1);
+ Ec::sub(R12, t1, t2);
+ std::ostringstream os;
+ os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << f << g << h;
+ Zn cc;
+ cc.setHashOf(os.str());
+ zkp.c0 = cc - zkp.c1;
+ zkp.s0 = r0 + zkp.c0 * u;
+ }
+ }
+ /*
+ verify cipher text with ZKP
+ */
+ bool verify(const CipherText& c, const Zkp& zkp) const
+ {
+ Ec R01, R02, R11, R12;
+ Ec t1, t2;
+ mulG(t1, zkp.s0);
+ Ec::mul(t2, c.c1, zkp.c0);
+ Ec::sub(R01, t1, t2);
+ mulH(t1, zkp.s0);
+ Ec::mul(t2, c.c2, zkp.c0);
+ Ec::sub(R02, t1, t2);
+ mulG(t1, zkp.s1);
+ Ec::mul(t2, c.c1, zkp.c1);
+ Ec::sub(R11, t1, t2);
+ mulH(t1, zkp.s1);
+ Ec::sub(t2, c.c2, f);
+ Ec::mul(t2, t2, zkp.c1);
+ Ec::sub(R12, t1, t2);
+ std::ostringstream os;
+ os << R01 << R02 << R11 << R12 << c.c1 << c.c2 << f << g << h;
+ Zn cc;
+ cc.setHashOf(os.str());
+ return cc == zkp.c0 + zkp.c1;
+ }
+ /*
+ rerandomize encoded message
+ input : c = (c1, c2)
+ output : c = (c1 g^v, c2 h^v)
+ */
+ void rerandomize(CipherText& c, fp::RandGen rg = fp::RandGen()) const
+ {
+ Zn v;
+ v.setRand(rg);
+ Ec t;
+ mulG(t, v);
+ Ec::add(c.c1, c.c1, t);
+ mulH(t, v);
+ Ec::add(c.c2, c.c2, t);
+ }
+ /*
+ add encoded message with plain message
+ input : c = Enc(m1) = (c1, c2), m2
+ ouput : c = Enc(m1 + m2) = (c1, c2 f^m2)
+ */
+ template<class N>
+ void add(CipherText& c, const N& m) const
+ {
+ Ec fm;
+ mulF(fm, m);
+ Ec::add(c.c2, c.c2, fm);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ std::string s;
+ mcl::fp::local::loadWord(s, is);
+ bitSize = cybozu::atoi(s);
+ f.load(is, ioMode);
+ g.load(is, ioMode);
+ h.load(is, ioMode);
+ init(bitSize, f, g, h);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ std::string s = cybozu::itoa(bitSize);
+ cybozu::write(os, s.c_str(), s.size());
+ cybozu::writeChar(os, ' ');
+
+ const char sep = *fp::getIoSeparator(ioMode);
+ f.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ g.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ h.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.clear();
+ cybozu::StringOutputStream os(str);
+ save(os, ioMode);
+ }
+ std::string getStr(int ioMode = 0) const
+ {
+ std::string str;
+ getStr(str, ioMode);
+ return str;
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ cybozu::StringInputStream is(str);
+ load(is, ioMode);
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const PublicKey& self)
+ {
+ self.save(os, fp::detectIoMode(Ec::getIoMode(), os));
+ return os;
+ }
+ friend inline std::istream& operator>>(std::istream& is, PublicKey& self)
+ {
+ self.load(is, fp::detectIoMode(Ec::getIoMode(), is));
+ return is;
+ }
+ // obsolete
+ std::string toStr() const { return getStr(); }
+ void fromStr(const std::string& str) { setStr(str); }
+ };
+ /*
+ create table f^i for i in [rangeMin, rangeMax]
+ */
+ struct PowerCache {
+#if (CYBOZU_CPP_VERSION > CYBOZU_CPP_VERSION_CP03)
+ typedef CYBOZU_NAMESPACE_STD::unordered_map<Ec, int> Cache;
+#else
+ typedef std::map<Ec, int> Cache;
+#endif
+ Cache cache;
+ void init(const Ec& f, int rangeMin, int rangeMax)
+ {
+ if (rangeMin > rangeMax) throw cybozu::Exception("mcl:ElgamalT:PowerCache:bad range") << rangeMin << rangeMax;
+ Ec x;
+ x.clear();
+ cache[x] = 0;
+ for (int i = 1; i <= rangeMax; i++) {
+ Ec::add(x, x, f);
+ cache[x] = i;
+ }
+ Ec nf;
+ Ec::neg(nf, f);
+ x.clear();
+ for (int i = -1; i >= rangeMin; i--) {
+ Ec::add(x, x, nf);
+ cache[x] = i;
+ }
+ }
+ /*
+ return m such that f^m = g
+ */
+ int getExponent(const Ec& g, bool *b = 0) const
+ {
+ typename Cache::const_iterator i = cache.find(g);
+ if (i == cache.end()) {
+ if (b) {
+ *b = false;
+ return 0;
+ }
+ throw cybozu::Exception("Elgamal:PowerCache:getExponent:not found") << g;
+ }
+ if (b) *b = true;
+ return i->second;
+ }
+ void clear()
+ {
+ cache.clear();
+ }
+ bool isEmpty() const
+ {
+ return cache.empty();
+ }
+ };
+ class PrivateKey {
+ PublicKey pub;
+ Zn z;
+ PowerCache cache;
+ public:
+ /*
+ init
+ input : f
+ output : (g, h, z)
+ Ec = <f>
+ g in Ec
+ h = g^z
+ */
+ void init(const Ec& f, size_t bitSize, fp::RandGen rg = fp::RandGen())
+ {
+ Ec g, h;
+ z.setRand(rg);
+ Ec::mul(g, f, z);
+ z.setRand(rg);
+ Ec::mul(h, g, z);
+ pub.init(bitSize, f, g, h);
+ }
+ const PublicKey& getPublicKey() const { return pub; }
+ /*
+ decode message by brute-force attack
+ input : c = (c1, c2)
+ output : m
+ M = c2 / c1^z
+ find m such that M = f^m and |m| < limit
+ @memo 7sec@core i3 for m = 1e6
+ */
+ void dec(Zn& m, const CipherText& c, int limit = 100000) const
+ {
+ const Ec& f = pub.getF();
+ Ec c1z;
+ Ec::mul(c1z, c.c1, z);
+ if (c1z == c.c2) {
+ m = 0;
+ return;
+ }
+ Ec t1(c1z);
+ Ec t2(c.c2);
+ for (int i = 1; i < limit; i++) {
+ Ec::add(t1, t1, f);
+ if (t1 == c.c2) {
+ m = i;
+ return;
+ }
+ Ec::add(t2, t2, f);
+ if (t2 == c1z) {
+ m = -i;
+ return;
+ }
+ }
+ throw cybozu::Exception("elgamal:PrivateKey:dec:overflow");
+ }
+ /*
+ powfm = c2 / c1^z = f^m
+ */
+ void getPowerf(Ec& powfm, const CipherText& c) const
+ {
+ Ec c1z;
+ Ec::mul(c1z, c.c1, z);
+ Ec::sub(powfm, c.c2, c1z);
+ }
+ /*
+ set range of message to decode quickly
+ */
+ void setCache(int rangeMin, int rangeMax)
+ {
+ cache.init(pub.getF(), rangeMin, rangeMax);
+ }
+ /*
+ clear cache
+ */
+ void clearCache()
+ {
+ cache.clear();
+ }
+ /*
+ decode message by lookup table if !cache.isEmpty()
+ brute-force attack otherwise
+ input : c = (c1, c2)
+ b : set false if not found
+ return m
+ */
+ int dec(const CipherText& c, bool *b = 0) const
+ {
+ Ec powfm;
+ getPowerf(powfm, c);
+ return cache.getExponent(powfm, b);
+ }
+ /*
+ check whether c is encrypted zero message
+ */
+ bool isZeroMessage(const CipherText& c) const
+ {
+ Ec c1z;
+ Ec::mul(c1z, c.c1, z);
+ return c.c2 == c1z;
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ pub.load(is, ioMode);
+ z.load(is, ioMode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ pub.save(os, ioMode);
+ if (sep) cybozu::writeChar(os, sep);
+ z.save(os, ioMode);
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.clear();
+ cybozu::StringOutputStream os(str);
+ save(os, ioMode);
+ }
+ std::string getStr(int ioMode = 0) const
+ {
+ std::string str;
+ getStr(str, ioMode);
+ return str;
+ }
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ cybozu::StringInputStream is(str);
+ load(is, ioMode);
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const PrivateKey& self)
+ {
+ self.save(os, fp::detectIoMode(Ec::getIoMode(), os));
+ return os;
+ }
+ friend inline std::istream& operator>>(std::istream& is, PrivateKey& self)
+ {
+ self.load(is, fp::detectIoMode(Ec::getIoMode(), is));
+ return is;
+ }
+ std::string toStr() const { return getStr(); }
+ void fromStr(const std::string& str) { setStr(str); }
+ };
+};
+
+} // mcl
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/fp.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/fp.hpp
new file mode 100644
index 000000000..2e69729dd
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/fp.hpp
@@ -0,0 +1,661 @@
+#pragma once
+/**
+ @file
+ @brief finite field class
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#ifndef CYBOZU_DONT_USE_STRING
+#include <iosfwd>
+#endif
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4127)
+ #pragma warning(disable : 4458)
+ #ifndef NOMINMAX
+ #define NOMINMAX
+ #endif
+ #ifndef MCL_NO_AUTOLINK
+ #ifdef NDEBUG
+ #pragma comment(lib, "mcl.lib")
+ #else
+ #pragma comment(lib, "mcl.lib")
+ #endif
+ #endif
+#endif
+#include <cybozu/hash.hpp>
+#include <cybozu/stream.hpp>
+#include <mcl/op.hpp>
+#include <mcl/util.hpp>
+#include <mcl/operator.hpp>
+#include <mcl/conversion.hpp>
+
+namespace mcl {
+
+struct FpTag;
+struct ZnTag;
+
+namespace fp {
+
+// copy src to dst as little endian
+void copyUnitToByteAsLE(uint8_t *dst, const Unit *src, size_t byteSize);
+// copy src to dst as little endian
+void copyByteToUnitAsLE(Unit *dst, const uint8_t *src, size_t byteSize);
+
+bool copyAndMask(Unit *y, const void *x, size_t xByteSize, const Op& op, MaskMode maskMode);
+
+uint64_t getUint64(bool *pb, const fp::Block& b);
+int64_t getInt64(bool *pb, fp::Block& b, const fp::Op& op);
+
+const char *ModeToStr(Mode mode);
+
+Mode StrToMode(const char *s);
+
+#ifndef CYBOZU_DONT_USE_STRING
+inline Mode StrToMode(const std::string& s)
+{
+ return StrToMode(s.c_str());
+}
+#endif
+
+inline void dumpUnit(Unit x)
+{
+#if MCL_SIZEOF_UNIT == 4
+ printf("%08x", (uint32_t)x);
+#else
+ printf("%016llx", (unsigned long long)x);
+#endif
+}
+
+bool isEnableJIT(); // 1st call is not threadsafe
+
+uint32_t sha256(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);
+uint32_t sha512(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);
+
+} // mcl::fp
+
+template<class tag = FpTag, size_t maxBitSize = MCL_MAX_BIT_SIZE>
+class FpT : public fp::Serializable<FpT<tag, maxBitSize>,
+ fp::Operator<FpT<tag, maxBitSize> > > {
+ typedef fp::Unit Unit;
+ typedef fp::Operator<FpT<tag, maxBitSize> > Operator;
+ typedef fp::Serializable<FpT<tag, maxBitSize>, Operator> Serializer;
+public:
+ static const size_t maxSize = (maxBitSize + fp::UnitBitSize - 1) / fp::UnitBitSize;
+private:
+ template<class tag2, size_t maxBitSize2> friend class FpT;
+ Unit v_[maxSize];
+ static fp::Op op_;
+ static FpT<tag, maxBitSize> inv2_;
+ static int ioMode_;
+ template<class Fp> friend class FpDblT;
+ template<class Fp> friend class Fp2T;
+ template<class Fp> friend struct Fp6T;
+public:
+ typedef FpT<tag, maxBitSize> BaseFp;
+ // return pointer to array v_[]
+ const Unit *getUnit() const { return v_; }
+ FpT* getFp0() { return this; }
+ const FpT* getFp0() const { return this; }
+ static inline size_t getUnitSize() { return op_.N; }
+ static inline size_t getBitSize() { return op_.bitSize; }
+ static inline size_t getByteSize() { return (op_.bitSize + 7) / 8; }
+ static inline const fp::Op& getOp() { return op_; }
+ void dump() const
+ {
+ const size_t N = op_.N;
+ for (size_t i = 0; i < N; i++) {
+ fp::dumpUnit(v_[N - 1 - i]);
+ }
+ printf("\n");
+ }
+ /*
+ xi_a is used for Fp2::mul_xi(), where xi = xi_a + i and i^2 = -1
+ if xi_a = 0 then asm functions for Fp2 are not generated.
+ */
+ static inline void init(bool *pb, int xi_a, const mpz_class& p, fp::Mode mode = fp::FP_AUTO)
+ {
+ assert(maxBitSize <= MCL_MAX_BIT_SIZE);
+ *pb = op_.init(p, maxBitSize, xi_a, mode);
+ if (!*pb) return;
+ { // set oneRep
+ FpT& one = *reinterpret_cast<FpT*>(op_.oneRep);
+ one.clear();
+ one.v_[0] = 1;
+ one.toMont();
+ }
+ { // set half
+ mpz_class half = (op_.mp + 1) / 2;
+ gmp::getArray(pb, op_.half, op_.N, half);
+ if (!*pb) return;
+ }
+ inv(inv2_, 2);
+#ifdef MCL_XBYAK_DIRECT_CALL
+ add = fp::func_ptr_cast<void (*)(FpT& z, const FpT& x, const FpT& y)>(op_.fp_addA_);
+ if (add == 0) add = addC;
+ sub = fp::func_ptr_cast<void (*)(FpT& z, const FpT& x, const FpT& y)>(op_.fp_subA_);
+ if (sub == 0) sub = subC;
+ neg = fp::func_ptr_cast<void (*)(FpT& y, const FpT& x)>(op_.fp_negA_);
+ if (neg == 0) neg = negC;
+ mul = fp::func_ptr_cast<void (*)(FpT& z, const FpT& x, const FpT& y)>(op_.fp_mulA_);
+ if (mul == 0) mul = mulC;
+ sqr = fp::func_ptr_cast<void (*)(FpT& y, const FpT& x)>(op_.fp_sqrA_);
+ if (sqr == 0) sqr = sqrC;
+#endif
+ *pb = true;
+ }
+ static inline void init(bool *pb, const mpz_class& p, fp::Mode mode = fp::FP_AUTO)
+ {
+ init(pb, 0, p, mode);
+ }
+ static inline void init(bool *pb, const char *mstr, fp::Mode mode = fp::FP_AUTO)
+ {
+ mpz_class p;
+ gmp::setStr(pb, p, mstr);
+ if (!*pb) return;
+ init(pb, p, mode);
+ }
+ static inline size_t getModulo(char *buf, size_t bufSize)
+ {
+ return gmp::getStr(buf, bufSize, op_.mp);
+ }
+ static inline bool isFullBit() { return op_.isFullBit; }
+ /*
+ binary patter of p
+ @note the value of p is zero
+ */
+ static inline const FpT& getP()
+ {
+ return *reinterpret_cast<const FpT*>(op_.p);
+ }
+ bool isOdd() const
+ {
+ fp::Block b;
+ getBlock(b);
+ return (b.p[0] & 1) == 1;
+ }
+ static inline bool squareRoot(FpT& y, const FpT& x)
+ {
+ if (isMont()) return op_.sq.get(y, x);
+ mpz_class mx, my;
+ bool b = false;
+ x.getMpz(&b, mx);
+ if (!b) return false;
+ b = op_.sq.get(my, mx);
+ if (!b) return false;
+ y.setMpz(&b, my);
+ return b;
+ }
+ FpT() {}
+ FpT(const FpT& x)
+ {
+ op_.fp_copy(v_, x.v_);
+ }
+ FpT& operator=(const FpT& x)
+ {
+ op_.fp_copy(v_, x.v_);
+ return *this;
+ }
+ void clear()
+ {
+ op_.fp_clear(v_);
+ }
+ FpT(int64_t x) { operator=(x); }
+ FpT& operator=(int64_t x)
+ {
+ if (x == 1) {
+ op_.fp_copy(v_, op_.oneRep);
+ } else {
+ clear();
+ if (x) {
+ int64_t y = x < 0 ? -x : x;
+ if (sizeof(Unit) == 8) {
+ v_[0] = y;
+ } else {
+ v_[0] = (uint32_t)y;
+ v_[1] = (uint32_t)(y >> 32);
+ }
+ if (x < 0) neg(*this, *this);
+ toMont();
+ }
+ }
+ return *this;
+ }
+ static inline bool isMont() { return op_.isMont; }
+ /*
+ convert normal value to Montgomery value
+ do nothing is !isMont()
+ */
+ void toMont()
+ {
+ if (isMont()) op_.toMont(v_, v_);
+ }
+ /*
+ convert Montgomery value to normal value
+ do nothing is !isMont()
+ */
+ void fromMont()
+ {
+ if (isMont()) op_.fromMont(v_, v_);
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+ bool isMinus = false;
+ *pb = false;
+ if (ioMode & (IoArray | IoArrayRaw | IoSerialize | IoSerializeHexStr)) {
+ const size_t n = getByteSize();
+ v_[op_.N - 1] = 0;
+ size_t readSize;
+ if (ioMode & IoSerializeHexStr) {
+ readSize = mcl::fp::readHexStr(v_, n, is);
+ } else {
+ readSize = cybozu::readSome(v_, n, is);
+ }
+ if (readSize != n) return;
+ } else {
+ char buf[1024];
+ size_t n = fp::local::loadWord(buf, sizeof(buf), is);
+ if (n == 0) return;
+ n = fp::strToArray(&isMinus, v_, op_.N, buf, n, ioMode);
+ if (n == 0) return;
+ for (size_t i = n; i < op_.N; i++) v_[i] = 0;
+ }
+ if (fp::isGreaterOrEqualArray(v_, op_.p, op_.N)) {
+ return;
+ }
+ if (isMinus) {
+ neg(*this, *this);
+ }
+ if (!(ioMode & IoArrayRaw)) {
+ toMont();
+ }
+ *pb = true;
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode) const
+ {
+ const size_t n = getByteSize();
+ if (ioMode & (IoArray | IoArrayRaw | IoSerialize | IoSerializeHexStr)) {
+ if (ioMode & IoArrayRaw) {
+ cybozu::write(pb, os, v_, n);
+ } else {
+ fp::Block b;
+ getBlock(b);
+ if (ioMode & IoSerializeHexStr) {
+ mcl::fp::writeHexStr(pb, os, b.p, n);
+ } else {
+ cybozu::write(pb, os, b.p, n);
+ }
+ }
+ return;
+ }
+ fp::Block b;
+ getBlock(b);
+ // use low 8-bit ioMode for (base, withPrefix)
+ char buf[2048];
+ size_t len = mcl::fp::arrayToStr(buf, sizeof(buf), b.p, b.n, ioMode & 31, (ioMode & IoPrefix) != 0);
+ if (len == 0) {
+ *pb = false;
+ return;
+ }
+ cybozu::write(pb, os, buf + sizeof(buf) - len, len);
+ }
+ /*
+ mode = Mod : set x mod p if sizeof(S) * n <= 64 else error
+ */
+ template<class S>
+ void setArray(bool *pb, const S *x, size_t n, mcl::fp::MaskMode mode = fp::NoMask)
+ {
+ *pb = fp::copyAndMask(v_, x, sizeof(S) * n, op_, mode);
+ toMont();
+ }
+ /*
+ mask x with (1 << bitLen) and subtract p if x >= p
+ */
+ template<class S>
+ void setArrayMaskMod(const S *x, size_t n)
+ {
+ fp::copyAndMask(v_, x, sizeof(S) * n, op_, fp::MaskAndMod);
+ toMont();
+ }
+
+ /*
+ mask x with (1 << (bitLen - 1)) - 1 if x >= p
+ */
+ template<class S>
+ void setArrayMask(const S *x, size_t n)
+ {
+ fp::copyAndMask(v_, x, sizeof(S) * n, op_, fp::SmallMask);
+ toMont();
+ }
+ void getBlock(fp::Block& b) const
+ {
+ b.n = op_.N;
+ if (isMont()) {
+ op_.fromMont(b.v_, v_);
+ b.p = &b.v_[0];
+ } else {
+ b.p = &v_[0];
+ }
+ }
+ void setByCSPRNG(bool *pb, fp::RandGen rg = fp::RandGen())
+ {
+ if (rg.isZero()) rg = fp::RandGen::get();
+ rg.read(pb, v_, op_.N * sizeof(Unit)); // byte size
+ if (!pb) return;
+ setArrayMask(v_, op_.N);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void setByCSPRNG(fp::RandGen rg = fp::RandGen())
+ {
+ bool b;
+ setByCSPRNG(&b, rg);
+ if (!b) throw cybozu::Exception("setByCSPRNG");
+ }
+#endif
+ void setRand(fp::RandGen rg = fp::RandGen()) // old api
+ {
+ setByCSPRNG(rg);
+ }
+ /*
+ hash msg and mask with (1 << (bitLen - 1)) - 1
+ */
+ void setHashOf(const void *msg, size_t msgSize)
+ {
+ char buf[MCL_MAX_HASH_BIT_SIZE / 8];
+ uint32_t size = op_.hash(buf, static_cast<uint32_t>(sizeof(buf)), msg, static_cast<uint32_t>(msgSize));
+ setArrayMask(buf, size);
+ }
+ void getMpz(bool *pb, mpz_class& x) const
+ {
+ fp::Block b;
+ getBlock(b);
+ gmp::setArray(pb, x, b.p, b.n);
+ }
+ void setMpz(bool *pb, const mpz_class& x)
+ {
+ if (x < 0) {
+ *pb = false;
+ return;
+ }
+ setArray(pb, gmp::getUnit(x), gmp::getUnitSize(x));
+ }
+#ifdef MCL_XBYAK_DIRECT_CALL
+ static void (*add)(FpT& z, const FpT& x, const FpT& y);
+ static inline void addC(FpT& z, const FpT& x, const FpT& y) { op_.fp_add(z.v_, x.v_, y.v_, op_.p); }
+ static void (*sub)(FpT& z, const FpT& x, const FpT& y);
+ static inline void subC(FpT& z, const FpT& x, const FpT& y) { op_.fp_sub(z.v_, x.v_, y.v_, op_.p); }
+ static void (*neg)(FpT& y, const FpT& x);
+ static inline void negC(FpT& y, const FpT& x) { op_.fp_neg(y.v_, x.v_, op_.p); }
+ static void (*mul)(FpT& z, const FpT& x, const FpT& y);
+ static inline void mulC(FpT& z, const FpT& x, const FpT& y) { op_.fp_mul(z.v_, x.v_, y.v_, op_.p); }
+ static void (*sqr)(FpT& y, const FpT& x);
+ static inline void sqrC(FpT& y, const FpT& x) { op_.fp_sqr(y.v_, x.v_, op_.p); }
+#else
+ static inline void add(FpT& z, const FpT& x, const FpT& y) { op_.fp_add(z.v_, x.v_, y.v_, op_.p); }
+ static inline void sub(FpT& z, const FpT& x, const FpT& y) { op_.fp_sub(z.v_, x.v_, y.v_, op_.p); }
+ static inline void neg(FpT& y, const FpT& x) { op_.fp_neg(y.v_, x.v_, op_.p); }
+ static inline void mul(FpT& z, const FpT& x, const FpT& y) { op_.fp_mul(z.v_, x.v_, y.v_, op_.p); }
+ static inline void sqr(FpT& y, const FpT& x) { op_.fp_sqr(y.v_, x.v_, op_.p); }
+#endif
+ static inline void addPre(FpT& z, const FpT& x, const FpT& y) { op_.fp_addPre(z.v_, x.v_, y.v_); }
+ static inline void subPre(FpT& z, const FpT& x, const FpT& y) { op_.fp_subPre(z.v_, x.v_, y.v_); }
+ static inline void mulUnit(FpT& z, const FpT& x, const Unit y)
+ {
+ if (mulSmallUnit(z, x, y)) return;
+ op_.fp_mulUnit(z.v_, x.v_, y, op_.p);
+ }
+ static inline void inv(FpT& y, const FpT& x) { op_.fp_invOp(y.v_, x.v_, op_); }
+ static inline void divBy2(FpT& y, const FpT& x)
+ {
+#if 0
+ mul(y, x, inv2_);
+#else
+ bool odd = (x.v_[0] & 1) != 0;
+ op_.fp_shr1(y.v_, x.v_);
+ if (odd) {
+ op_.fp_addPre(y.v_, y.v_, op_.half);
+ }
+#endif
+ }
+ static inline void divBy4(FpT& y, const FpT& x)
+ {
+ divBy2(y, x); // QQQ : optimize later
+ divBy2(y, y);
+ }
+ bool isZero() const { return op_.fp_isZero(v_); }
+ bool isOne() const { return fp::isEqualArray(v_, op_.oneRep, op_.N); }
+ static const inline FpT& one() { return *reinterpret_cast<const FpT*>(op_.oneRep); }
+ /*
+ half = (p + 1) / 2
+ return true if half <= x < p
+ return false if 0 <= x < half
+ */
+ bool isNegative() const
+ {
+ fp::Block b;
+ getBlock(b);
+ return fp::isGreaterOrEqualArray(b.p, op_.half, op_.N);
+ }
+ bool isValid() const
+ {
+ return fp::isLessArray(v_, op_.p, op_.N);
+ }
+ uint64_t getUint64(bool *pb) const
+ {
+ fp::Block b;
+ getBlock(b);
+ return fp::getUint64(pb, b);
+ }
+ int64_t getInt64(bool *pb) const
+ {
+ fp::Block b;
+ getBlock(b);
+ return fp::getInt64(pb, b, op_);
+ }
+ bool operator==(const FpT& rhs) const { return fp::isEqualArray(v_, rhs.v_, op_.N); }
+ bool operator!=(const FpT& rhs) const { return !operator==(rhs); }
+ /*
+ @note
+ this compare functions is slow because of calling mul if isMont is true.
+ */
+ static inline int compare(const FpT& x, const FpT& y)
+ {
+ fp::Block xb, yb;
+ x.getBlock(xb);
+ y.getBlock(yb);
+ return fp::compareArray(xb.p, yb.p, op_.N);
+ }
+ bool isLess(const FpT& rhs) const
+ {
+ fp::Block xb, yb;
+ getBlock(xb);
+ rhs.getBlock(yb);
+ return fp::isLessArray(xb.p, yb.p, op_.N);
+ }
+ bool operator<(const FpT& rhs) const { return isLess(rhs); }
+ bool operator>=(const FpT& rhs) const { return !operator<(rhs); }
+ bool operator>(const FpT& rhs) const { return rhs < *this; }
+ bool operator<=(const FpT& rhs) const { return !operator>(rhs); }
+ /*
+ @note
+ return unexpected order if isMont is set.
+ */
+ static inline int compareRaw(const FpT& x, const FpT& y)
+ {
+ return fp::compareArray(x.v_, y.v_, op_.N);
+ }
+ bool isLessRaw(const FpT& rhs) const
+ {
+ return fp::isLessArray(v_, rhs.v_, op_.N);
+ }
+ /*
+ set IoMode for operator<<(), or operator>>()
+ */
+ static inline void setIoMode(int ioMode)
+ {
+ ioMode_ = ioMode;
+ }
+ static inline int getIoMode() { return ioMode_; }
+ static inline size_t getModBitLen() { return getBitSize(); }
+ static inline void setHashFunc(uint32_t hash(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize))
+ {
+ op_.hash = hash;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ explicit FpT(const std::string& str, int base = 0)
+ {
+ Serializer::setStr(str, base);
+ }
+ static inline void getModulo(std::string& pstr)
+ {
+ gmp::getStr(pstr, op_.mp);
+ }
+ static std::string getModulo()
+ {
+ std::string s;
+ getModulo(s);
+ return s;
+ }
+ void setHashOf(const std::string& msg)
+ {
+ setHashOf(msg.data(), msg.size());
+ }
+ // backward compatibility
+ static inline void setModulo(const std::string& mstr, fp::Mode mode = fp::FP_AUTO)
+ {
+ init(mstr, mode);
+ }
+ friend inline std::ostream& operator<<(std::ostream& os, const FpT& self)
+ {
+ self.save(os, fp::detectIoMode(getIoMode(), os));
+ return os;
+ }
+ friend inline std::istream& operator>>(std::istream& is, FpT& self)
+ {
+ self.load(is, fp::detectIoMode(getIoMode(), is));
+ return is;
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ static inline void init(int xi_a, const mpz_class& p, fp::Mode mode = fp::FP_AUTO)
+ {
+ bool b;
+ init(&b, xi_a, p, mode);
+ if (!b) throw cybozu::Exception("Fp:init");
+ }
+ static inline void init(int xi_a, const std::string& mstr, fp::Mode mode = fp::FP_AUTO)
+ {
+ mpz_class p;
+ gmp::setStr(p, mstr);
+ init(xi_a, p, mode);
+ }
+ static inline void init(const mpz_class& p, fp::Mode mode = fp::FP_AUTO)
+ {
+ init(0, p, mode);
+ }
+ static inline void init(const std::string& mstr, fp::Mode mode = fp::FP_AUTO)
+ {
+ init(0, mstr, mode);
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("fp:save") << ioMode;
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("fp:load") << ioMode;
+ }
+ /*
+ throw exception if x >= p
+ */
+ template<class S>
+ void setArray(const S *x, size_t n)
+ {
+ bool b;
+ setArray(&b, x, n);
+ if (!b) throw cybozu::Exception("Fp:setArray");
+ }
+ void setMpz(const mpz_class& x)
+ {
+ bool b;
+ setMpz(&b, x);
+ if (!b) throw cybozu::Exception("Fp:setMpz");
+ }
+ uint64_t getUint64() const
+ {
+ bool b;
+ uint64_t v = getUint64(&b);
+ if (!b) throw cybozu::Exception("Fp:getUint64:large value");
+ return v;
+ }
+ int64_t getInt64() const
+ {
+ bool b;
+ int64_t v = getInt64(&b);
+ if (!b) throw cybozu::Exception("Fp:getInt64:large value");
+ return v;
+ }
+ void getMpz(mpz_class& x) const
+ {
+ bool b;
+ getMpz(&b, x);
+ if (!b) throw cybozu::Exception("Fp:getMpz");
+ }
+ mpz_class getMpz() const
+ {
+ mpz_class x;
+ getMpz(x);
+ return x;
+ }
+#endif
+};
+
+template<class tag, size_t maxBitSize> fp::Op FpT<tag, maxBitSize>::op_;
+template<class tag, size_t maxBitSize> FpT<tag, maxBitSize> FpT<tag, maxBitSize>::inv2_;
+template<class tag, size_t maxBitSize> int FpT<tag, maxBitSize>::ioMode_ = IoAuto;
+#ifdef MCL_XBYAK_DIRECT_CALL
+template<class tag, size_t maxBitSize> void (*FpT<tag, maxBitSize>::add)(FpT& z, const FpT& x, const FpT& y);
+template<class tag, size_t maxBitSize> void (*FpT<tag, maxBitSize>::sub)(FpT& z, const FpT& x, const FpT& y);
+template<class tag, size_t maxBitSize> void (*FpT<tag, maxBitSize>::neg)(FpT& y, const FpT& x);
+template<class tag, size_t maxBitSize> void (*FpT<tag, maxBitSize>::mul)(FpT& z, const FpT& x, const FpT& y);
+template<class tag, size_t maxBitSize> void (*FpT<tag, maxBitSize>::sqr)(FpT& y, const FpT& x);
+#endif
+
+} // mcl
+
+#ifdef CYBOZU_USE_BOOST
+namespace mcl {
+
+template<class tag, size_t maxBitSize>
+size_t hash_value(const mcl::FpT<tag, maxBitSize>& x, size_t v = 0)
+{
+ return static_cast<size_t>(cybozu::hash64(x.getUnit(), x.getUnitSize(), v));
+}
+
+}
+#else
+namespace std { CYBOZU_NAMESPACE_TR1_BEGIN
+
+template<class tag, size_t maxBitSize>
+struct hash<mcl::FpT<tag, maxBitSize> > {
+ size_t operator()(const mcl::FpT<tag, maxBitSize>& x, uint64_t v = 0) const
+ {
+ return static_cast<size_t>(cybozu::hash64(x.getUnit(), x.getUnitSize(), v));
+ }
+};
+
+CYBOZU_NAMESPACE_TR1_END } // std::tr1
+#endif
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/fp_tower.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/fp_tower.hpp
new file mode 100644
index 000000000..95722e2d5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/fp_tower.hpp
@@ -0,0 +1,1364 @@
+#pragma once
+/**
+ @file
+ @brief finite field extension class
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/fp.hpp>
+
+namespace mcl {
+
+template<class Fp>
+class FpDblT : public fp::Serializable<FpDblT<Fp> > {
+ typedef fp::Unit Unit;
+ Unit v_[Fp::maxSize * 2];
+public:
+ static size_t getUnitSize() { return Fp::op_.N * 2; }
+ FpDblT() : v_()
+ {
+ }
+ FpDblT(const FpDblT& rhs)
+ {
+ const size_t n = getUnitSize();
+ for (size_t i = 0; i < n; i++) {
+ v_[i] = rhs.v_[i];
+ }
+ }
+ void dump() const
+ {
+ const size_t n = getUnitSize();
+ for (size_t i = 0; i < n; i++) {
+ mcl::fp::dumpUnit(v_[n - 1 - i]);
+ }
+ printf("\n");
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int) const
+ {
+ char buf[1024];
+ size_t n = mcl::fp::arrayToHex(buf, sizeof(buf), v_, getUnitSize());
+ if (n == 0) {
+ *pb = false;
+ return;
+ }
+ cybozu::write(pb, os, buf + sizeof(buf) - n, sizeof(buf));
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int)
+ {
+ char buf[1024];
+ *pb = false;
+ size_t n = fp::local::loadWord(buf, sizeof(buf), is);
+ if (n == 0) return;
+ n = fp::hexToArray(v_, getUnitSize(), buf, n);
+ if (n == 0) return;
+ for (size_t i = n; i < getUnitSize(); i++) v_[i] = 0;
+ *pb = true;
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("FpDblT:save") << ioMode;
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("FpDblT:load") << ioMode;
+ }
+ void getMpz(mpz_class& x) const
+ {
+ bool b;
+ getMpz(&b, x);
+ if (!b) throw cybozu::Exception("FpDblT:getMpz");
+ }
+ mpz_class getMpz() const
+ {
+ mpz_class x;
+ getMpz(x);
+ return x;
+ }
+#endif
+ void clear()
+ {
+ const size_t n = getUnitSize();
+ for (size_t i = 0; i < n; i++) {
+ v_[i] = 0;
+ }
+ }
+ FpDblT& operator=(const FpDblT& rhs)
+ {
+ const size_t n = getUnitSize();
+ for (size_t i = 0; i < n; i++) {
+ v_[i] = rhs.v_[i];
+ }
+ return *this;
+ }
+ // QQQ : does not check range of x strictly(use for debug)
+ void setMpz(const mpz_class& x)
+ {
+ assert(x >= 0);
+ const size_t xn = gmp::getUnitSize(x);
+ const size_t N2 = getUnitSize();
+ if (xn > N2) {
+ assert(0);
+ return;
+ }
+ memcpy(v_, gmp::getUnit(x), xn * sizeof(Unit));
+ memset(v_ + xn, 0, (N2 - xn) * sizeof(Unit));
+ }
+ void getMpz(bool *pb, mpz_class& x) const
+ {
+ gmp::setArray(pb, x, v_, Fp::op_.N * 2);
+ }
+#ifdef MCL_XBYAK_DIRECT_CALL
+ static void (*add)(FpDblT& z, const FpDblT& x, const FpDblT& y);
+ static void (*sub)(FpDblT& z, const FpDblT& x, const FpDblT& y);
+ static void (*mod)(Fp& z, const FpDblT& xy);
+ static void (*addPre)(FpDblT& z, const FpDblT& x, const FpDblT& y);
+ static void (*subPre)(FpDblT& z, const FpDblT& x, const FpDblT& y);
+ static void addC(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_add(z.v_, x.v_, y.v_, Fp::op_.p); }
+ static void subC(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_sub(z.v_, x.v_, y.v_, Fp::op_.p); }
+ static void modC(Fp& z, const FpDblT& xy) { Fp::op_.fpDbl_mod(z.v_, xy.v_, Fp::op_.p); }
+ static void addPreC(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_addPre(z.v_, x.v_, y.v_); }
+ static void subPreC(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_subPre(z.v_, x.v_, y.v_); }
+#else
+ static void add(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_add(z.v_, x.v_, y.v_, Fp::op_.p); }
+ static void sub(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_sub(z.v_, x.v_, y.v_, Fp::op_.p); }
+ static void mod(Fp& z, const FpDblT& xy) { Fp::op_.fpDbl_mod(z.v_, xy.v_, Fp::op_.p); }
+ static void addPre(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_addPre(z.v_, x.v_, y.v_); }
+ static void subPre(FpDblT& z, const FpDblT& x, const FpDblT& y) { Fp::op_.fpDbl_subPre(z.v_, x.v_, y.v_); }
+#endif
+ static void mulPreC(FpDblT& xy, const Fp& x, const Fp& y) { Fp::op_.fpDbl_mulPre(xy.v_, x.v_, y.v_); }
+ static void sqrPreC(FpDblT& xx, const Fp& x) { Fp::op_.fpDbl_sqrPre(xx.v_, x.v_); }
+ /*
+ mul(z, x, y) = mulPre(xy, x, y) + mod(z, xy)
+ */
+ static void (*mulPre)(FpDblT& xy, const Fp& x, const Fp& y);
+ static void (*sqrPre)(FpDblT& xx, const Fp& x);
+ static void mulUnit(FpDblT& z, const FpDblT& x, Unit y)
+ {
+ if (mulSmallUnit(z, x, y)) return;
+ assert(0); // not supported y
+ }
+ static void init()
+ {
+ const mcl::fp::Op& op = Fp::getOp();
+#ifdef MCL_XBYAK_DIRECT_CALL
+ add = fp::func_ptr_cast<void (*)(FpDblT&, const FpDblT&, const FpDblT&)>(op.fpDbl_addA_);
+ if (add == 0) add = addC;
+ sub = fp::func_ptr_cast<void (*)(FpDblT&, const FpDblT&, const FpDblT&)>(op.fpDbl_subA_);
+ if (sub == 0) sub = subC;
+ mod = fp::func_ptr_cast<void (*)(Fp&, const FpDblT&)>(op.fpDbl_modA_);
+ if (mod == 0) mod = modC;
+ addPre = fp::func_ptr_cast<void (*)(FpDblT&, const FpDblT&, const FpDblT&)>(op.fpDbl_addPre);
+ if (addPre == 0) addPre = addPreC;
+ subPre = fp::func_ptr_cast<void (*)(FpDblT&, const FpDblT&, const FpDblT&)>(op.fpDbl_subPre);
+ if (subPre == 0) subPre = subPreC;
+#endif
+ if (op.fpDbl_mulPreA_) {
+ mulPre = fp::func_ptr_cast<void (*)(FpDblT&, const Fp&, const Fp&)>(op.fpDbl_mulPreA_);
+ } else {
+ mulPre = mulPreC;
+ }
+ if (op.fpDbl_sqrPreA_) {
+ sqrPre = fp::func_ptr_cast<void (*)(FpDblT&, const Fp&)>(op.fpDbl_sqrPreA_);
+ } else {
+ sqrPre = sqrPreC;
+ }
+ }
+ void operator+=(const FpDblT& x) { add(*this, *this, x); }
+ void operator-=(const FpDblT& x) { sub(*this, *this, x); }
+};
+
+#ifdef MCL_XBYAK_DIRECT_CALL
+template<class Fp> void (*FpDblT<Fp>::add)(FpDblT&, const FpDblT&, const FpDblT&);
+template<class Fp> void (*FpDblT<Fp>::sub)(FpDblT&, const FpDblT&, const FpDblT&);
+template<class Fp> void (*FpDblT<Fp>::mod)(Fp&, const FpDblT&);
+template<class Fp> void (*FpDblT<Fp>::addPre)(FpDblT&, const FpDblT&, const FpDblT&);
+template<class Fp> void (*FpDblT<Fp>::subPre)(FpDblT&, const FpDblT&, const FpDblT&);
+#endif
+template<class Fp> void (*FpDblT<Fp>::mulPre)(FpDblT&, const Fp&, const Fp&);
+template<class Fp> void (*FpDblT<Fp>::sqrPre)(FpDblT&, const Fp&);
+
+template<class Fp> struct Fp12T;
+template<class Fp> class BNT;
+template<class Fp> struct Fp2DblT;
+/*
+ beta = -1
+ Fp2 = F[i] / (i^2 + 1)
+ x = a + bi
+*/
+template<class _Fp>
+class Fp2T : public fp::Serializable<Fp2T<_Fp>,
+ fp::Operator<Fp2T<_Fp> > > {
+ typedef _Fp Fp;
+ typedef fp::Unit Unit;
+ typedef FpDblT<Fp> FpDbl;
+ typedef Fp2DblT<Fp> Fp2Dbl;
+ static const size_t gN = 5;
+ /*
+ g = xi^((p - 1) / 6)
+ g[] = { g^2, g^4, g^1, g^3, g^5 }
+ */
+ static Fp2T g[gN];
+ static Fp2T g2[gN];
+ static Fp2T g3[gN];
+public:
+ static const Fp2T *get_gTbl() { return &g[0]; }
+ static const Fp2T *get_g2Tbl() { return &g2[0]; }
+ static const Fp2T *get_g3Tbl() { return &g3[0]; }
+ typedef typename Fp::BaseFp BaseFp;
+ static const size_t maxSize = Fp::maxSize * 2;
+ static inline size_t getByteSize() { return Fp::getByteSize() * 2; }
+ void dump() const
+ {
+ a.dump();
+ b.dump();
+ }
+ Fp a, b;
+ Fp2T() { }
+ Fp2T(int64_t a) : a(a), b(0) { }
+ Fp2T(const Fp& a, const Fp& b) : a(a), b(b) { }
+ Fp2T(int64_t a, int64_t b) : a(a), b(b) { }
+ Fp* getFp0() { return &a; }
+ const Fp* getFp0() const { return &a; }
+ const Unit* getUnit() const { return a.getUnit(); }
+ void clear()
+ {
+ a.clear();
+ b.clear();
+ }
+ void set(const Fp &a_, const Fp &b_)
+ {
+ a = a_;
+ b = b_;
+ }
+#ifdef MCL_XBYAK_DIRECT_CALL
+ static void (*add)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+ static void (*sub)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+ static void (*neg)(Fp2T& y, const Fp2T& x);
+ static void (*mul)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+ static void (*sqr)(Fp2T& y, const Fp2T& x);
+#else
+ static void add(Fp2T& z, const Fp2T& x, const Fp2T& y) { addC(z, x, y); }
+ static void sub(Fp2T& z, const Fp2T& x, const Fp2T& y) { subC(z, x, y); }
+ static void neg(Fp2T& y, const Fp2T& x) { negC(y, x); }
+ static void mul(Fp2T& z, const Fp2T& x, const Fp2T& y) { mulC(z, x, y); }
+ static void sqr(Fp2T& y, const Fp2T& x) { sqrC(y, x); }
+#endif
+ static void (*mul_xi)(Fp2T& y, const Fp2T& x);
+ static void addPre(Fp2T& z, const Fp2T& x, const Fp2T& y) { Fp::addPre(z.a, x.a, y.a); Fp::addPre(z.b, x.b, y.b); }
+ static void inv(Fp2T& y, const Fp2T& x) { Fp::op_.fp2_inv(y.a.v_, x.a.v_); }
+ static void divBy2(Fp2T& y, const Fp2T& x)
+ {
+ Fp::divBy2(y.a, x.a);
+ Fp::divBy2(y.b, x.b);
+ }
+ static void divBy4(Fp2T& y, const Fp2T& x)
+ {
+ Fp::divBy4(y.a, x.a);
+ Fp::divBy4(y.b, x.b);
+ }
+ static void mulFp(Fp2T& z, const Fp2T& x, const Fp& y)
+ {
+ Fp::mul(z.a, x.a, y);
+ Fp::mul(z.b, x.b, y);
+ }
+ template<class S>
+ void setArray(bool *pb, const S *buf, size_t n)
+ {
+ assert((n & 1) == 0);
+ n /= 2;
+ a.setArray(pb, buf, n);
+ if (!*pb) return;
+ b.setArray(pb, buf + n, n);
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+ a.load(pb, is, ioMode);
+ if (!*pb) return;
+ b.load(pb, is, ioMode);
+ }
+ /*
+ Fp2T = <a> + ' ' + <b>
+ */
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ a.save(pb, os, ioMode);
+ if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ b.save(pb, os, ioMode);
+ }
+ bool isZero() const { return a.isZero() && b.isZero(); }
+ bool isOne() const { return a.isOne() && b.isZero(); }
+ bool operator==(const Fp2T& rhs) const { return a == rhs.a && b == rhs.b; }
+ bool operator!=(const Fp2T& rhs) const { return !operator==(rhs); }
+ /*
+ return true is a is odd (do not consider b)
+ this function is for only compressed reprezentation of EC
+ isOdd() is not good naming. QQQ
+ */
+ bool isOdd() const { return a.isOdd(); }
+ /*
+ (a + bi)^2 = (a^2 - b^2) + 2ab i = c + di
+ A = a^2
+ B = b^2
+ A = (c +/- sqrt(c^2 + d^2))/2
+ b = d / 2a
+ */
+ static inline bool squareRoot(Fp2T& y, const Fp2T& x)
+ {
+ Fp t1, t2;
+ if (x.b.isZero()) {
+ if (Fp::squareRoot(t1, x.a)) {
+ y.a = t1;
+ y.b.clear();
+ } else {
+ bool b = Fp::squareRoot(t1, -x.a);
+ assert(b); (void)b;
+ y.a.clear();
+ y.b = t1;
+ }
+ return true;
+ }
+ Fp::sqr(t1, x.a);
+ Fp::sqr(t2, x.b);
+ t1 += t2; // c^2 + d^2
+ if (!Fp::squareRoot(t1, t1)) return false;
+ Fp::add(t2, x.a, t1);
+ Fp::divBy2(t2, t2);
+ if (!Fp::squareRoot(t2, t2)) {
+ Fp::sub(t2, x.a, t1);
+ Fp::divBy2(t2, t2);
+ bool b = Fp::squareRoot(t2, t2);
+ assert(b); (void)b;
+ }
+ y.a = t2;
+ t2 += t2;
+ Fp::inv(t2, t2);
+ Fp::mul(y.b, x.b, t2);
+ return true;
+ }
+ static void inline norm(Fp& y, const Fp2T& x)
+ {
+ Fp aa, bb;
+ Fp::sqr(aa, x.a);
+ Fp::sqr(bb, x.b);
+ Fp::add(y, aa, bb);
+ }
+ /*
+ Frobenius
+ i^2 = -1
+ (a + bi)^p = a + bi^p in Fp
+ = a + bi if p = 1 mod 4
+ = a - bi if p = 3 mod 4
+ */
+ static void Frobenius(Fp2T& y, const Fp2T& x)
+ {
+ if (Fp::getOp().pmod4 == 1) {
+ if (&y != &x) {
+ y = x;
+ }
+ } else {
+ if (&y != &x) {
+ y.a = x.a;
+ }
+ Fp::neg(y.b, x.b);
+ }
+ }
+
+ static uint32_t get_xi_a() { return Fp::getOp().xi_a; }
+ static void init()
+ {
+// assert(Fp::maxSize <= 256);
+ mcl::fp::Op& op = Fp::op_;
+ assert(op.xi_a);
+ mul_xi = 0;
+#ifdef MCL_XBYAK_DIRECT_CALL
+ add = fp::func_ptr_cast<void (*)(Fp2T& z, const Fp2T& x, const Fp2T& y)>(op.fp2_addA_);
+ if (add == 0) add = addC;
+ sub = fp::func_ptr_cast<void (*)(Fp2T& z, const Fp2T& x, const Fp2T& y)>(op.fp2_subA_);
+ if (sub == 0) sub = subC;
+ neg = fp::func_ptr_cast<void (*)(Fp2T& y, const Fp2T& x)>(op.fp2_negA_);
+ if (neg == 0) neg = negC;
+ mul = fp::func_ptr_cast<void (*)(Fp2T& z, const Fp2T& x, const Fp2T& y)>(op.fp2_mulA_);
+ if (mul == 0) mul = mulC;
+ sqr = fp::func_ptr_cast<void (*)(Fp2T& y, const Fp2T& x)>(op.fp2_sqrA_);
+ if (sqr == 0) sqr = sqrC;
+ mul_xi = fp::func_ptr_cast<void (*)(Fp2T&, const Fp2T&)>(op.fp2_mul_xiA_);
+#endif
+ op.fp2_inv = fp2_invW;
+ if (mul_xi == 0) {
+ if (op.xi_a == 1) {
+ mul_xi = fp2_mul_xi_1_1iC;
+ } else {
+ mul_xi = fp2_mul_xiC;
+ }
+ }
+ FpDblT<Fp>::init();
+ Fp2DblT<Fp>::init();
+ // call init before Fp2::pow because FpDbl is used in Fp2T
+ const Fp2T xi(op.xi_a, 1);
+ const mpz_class& p = Fp::getOp().mp;
+ Fp2T::pow(g[0], xi, (p - 1) / 6); // g = xi^((p-1)/6)
+ for (size_t i = 1; i < gN; i++) {
+ g[i] = g[i - 1] * g[0];
+ }
+ /*
+ permutate [0, 1, 2, 3, 4] => [1, 3, 0, 2, 4]
+ g[0] = g^2
+ g[1] = g^4
+ g[2] = g^1
+ g[3] = g^3
+ g[4] = g^5
+ */
+ {
+ Fp2T t = g[0];
+ g[0] = g[1];
+ g[1] = g[3];
+ g[3] = g[2];
+ g[2] = t;
+ }
+ for (size_t i = 0; i < gN; i++) {
+ Fp2T t(g[i].a, g[i].b);
+ if (Fp::getOp().pmod4 == 3) Fp::neg(t.b, t.b);
+ Fp2T::mul(g2[i], t, g[i]);
+ g3[i] = g[i] * g2[i];
+ }
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("Fp2T:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("Fp2T:save");
+ }
+ template<class S>
+ void setArray(const S *buf, size_t n)
+ {
+ bool b;
+ setArray(&b, buf, n);
+ if (!b) throw cybozu::Exception("Fp2T:setArray");
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_STRING
+ Fp2T(const std::string& a, const std::string& b, int base = 0) : a(a, base), b(b, base) {}
+ friend std::istream& operator>>(std::istream& is, Fp2T& self)
+ {
+ self.load(is, fp::detectIoMode(Fp::BaseFp::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const Fp2T& self)
+ {
+ self.save(os, fp::detectIoMode(Fp::BaseFp::getIoMode(), os));
+ return os;
+ }
+#endif
+private:
+ /*
+ default Fp2T operator
+ Fp2T = Fp[i]/(i^2 + 1)
+ */
+ static void addC(Fp2T& z, const Fp2T& x, const Fp2T& y)
+ {
+ Fp::add(z.a, x.a, y.a);
+ Fp::add(z.b, x.b, y.b);
+ }
+ static void subC(Fp2T& z, const Fp2T& x, const Fp2T& y)
+ {
+ Fp::sub(z.a, x.a, y.a);
+ Fp::sub(z.b, x.b, y.b);
+ }
+ static void negC(Fp2T& y, const Fp2T& x)
+ {
+ Fp::neg(y.a, x.a);
+ Fp::neg(y.b, x.b);
+ }
+#if 0
+ /*
+ x = a + bi, y = c + di, i^2 = -1
+ z = xy = (a + bi)(c + di) = (ac - bd) + (ad + bc)i
+ ad+bc = (a + b)(c + d) - ac - bd
+ # of mod = 3
+ */
+ static void fp2_mulW(Unit *z, const Unit *x, const Unit *y)
+ {
+ const Fp *px = reinterpret_cast<const Fp*>(x);
+ const Fp *py = reinterpret_cast<const Fp*>(y);
+ const Fp& a = px[0];
+ const Fp& b = px[1];
+ const Fp& c = py[0];
+ const Fp& d = py[1];
+ Fp *pz = reinterpret_cast<Fp*>(z);
+ Fp t1, t2, ac, bd;
+ Fp::add(t1, a, b);
+ Fp::add(t2, c, d);
+ t1 *= t2; // (a + b)(c + d)
+ Fp::mul(ac, a, c);
+ Fp::mul(bd, b, d);
+ Fp::sub(pz[0], ac, bd); // ac - bd
+ Fp::sub(pz[1], t1, ac);
+ pz[1] -= bd;
+ }
+ static void fp2_mulNFW(Fp2T& z, const Fp2T& x, const Fp2T& y)
+ {
+ const fp::Op& op = Fp::op_;
+ op.fp2_mulNF((Unit*)&z, (const Unit*)&x, (const Unit*)&y, op.p);
+ }
+#endif
+ static void mulC(Fp2T& z, const Fp2T& x, const Fp2T& y)
+ {
+ Fp2Dbl d;
+ Fp2Dbl::mulPre(d, x, y);
+ FpDbl::mod(z.a, d.a);
+ FpDbl::mod(z.b, d.b);
+ }
+ /*
+ x = a + bi, i^2 = -1
+ y = x^2 = (a + bi)^2 = (a + b)(a - b) + 2abi
+ */
+ static void sqrC(Fp2T& y, const Fp2T& x)
+ {
+ const Fp& a = x.a;
+ const Fp& b = x.b;
+#if 1 // faster than using FpDbl
+ Fp t1, t2, t3;
+ Fp::add(t1, b, b); // 2b
+ t1 *= a; // 2ab
+ Fp::add(t2, a, b); // a + b
+ Fp::sub(t3, a, b); // a - b
+ Fp::mul(y.a, t2, t3); // (a + b)(a - b)
+ y.b = t1;
+#else
+ Fp t1, t2;
+ FpDbl d1, d2;
+ Fp::addPre(t1, b, b); // 2b
+ FpDbl::mulPre(d2, t1, a); // 2ab
+ Fp::addPre(t1, a, b); // a + b
+ Fp::sub(t2, a, b); // a - b
+ FpDbl::mulPre(d1, t1, t2); // (a + b)(a - b)
+ FpDbl::mod(py[0], d1);
+ FpDbl::mod(py[1], d2);
+#endif
+ }
+ /*
+ xi = xi_a + i
+ x = a + bi
+ y = (a + bi)xi = (a + bi)(xi_a + i)
+ =(a * x_ia - b) + (a + b xi_a)i
+ */
+ static void fp2_mul_xiC(Fp2T& y, const Fp2T& x)
+ {
+ const Fp& a = x.a;
+ const Fp& b = x.b;
+ Fp t;
+ Fp::mulUnit(t, a, Fp::getOp().xi_a);
+ t -= b;
+ Fp::mulUnit(y.b, b, Fp::getOp().xi_a);
+ y.b += a;
+ y.a = t;
+ }
+ /*
+ xi = 1 + i ; xi_a = 1
+ y = (a + bi)xi = (a - b) + (a + b)i
+ */
+ static void fp2_mul_xi_1_1iC(Fp2T& y, const Fp2T& x)
+ {
+ const Fp& a = x.a;
+ const Fp& b = x.b;
+ Fp t;
+ Fp::add(t, a, b);
+ Fp::sub(y.a, a, b);
+ y.b = t;
+ }
+ /*
+ x = a + bi
+ 1 / x = (a - bi) / (a^2 + b^2)
+ */
+ static void fp2_invW(Unit *y, const Unit *x)
+ {
+ const Fp *px = reinterpret_cast<const Fp*>(x);
+ Fp *py = reinterpret_cast<Fp*>(y);
+ const Fp& a = px[0];
+ const Fp& b = px[1];
+ Fp aa, bb;
+ Fp::sqr(aa, a);
+ Fp::sqr(bb, b);
+ aa += bb;
+ Fp::inv(aa, aa); // aa = 1 / (a^2 + b^2)
+ Fp::mul(py[0], a, aa);
+ Fp::mul(py[1], b, aa);
+ Fp::neg(py[1], py[1]);
+ }
+};
+
+#ifdef MCL_XBYAK_DIRECT_CALL
+template<class Fp_> void (*Fp2T<Fp_>::add)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+template<class Fp_> void (*Fp2T<Fp_>::sub)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+template<class Fp_> void (*Fp2T<Fp_>::neg)(Fp2T& y, const Fp2T& x);
+template<class Fp_> void (*Fp2T<Fp_>::mul)(Fp2T& z, const Fp2T& x, const Fp2T& y);
+template<class Fp_> void (*Fp2T<Fp_>::sqr)(Fp2T& y, const Fp2T& x);
+#endif
+template<class Fp_> void (*Fp2T<Fp_>::mul_xi)(Fp2T& y, const Fp2T& x);
+
+template<class Fp>
+struct Fp2DblT {
+ typedef FpDblT<Fp> FpDbl;
+ typedef Fp2T<Fp> Fp2;
+ typedef fp::Unit Unit;
+ FpDbl a, b;
+ static void add(Fp2DblT& z, const Fp2DblT& x, const Fp2DblT& y)
+ {
+ FpDbl::add(z.a, x.a, y.a);
+ FpDbl::add(z.b, x.b, y.b);
+ }
+ static void addPre(Fp2DblT& z, const Fp2DblT& x, const Fp2DblT& y)
+ {
+ FpDbl::addPre(z.a, x.a, y.a);
+ FpDbl::addPre(z.b, x.b, y.b);
+ }
+ static void sub(Fp2DblT& z, const Fp2DblT& x, const Fp2DblT& y)
+ {
+ FpDbl::sub(z.a, x.a, y.a);
+ FpDbl::sub(z.b, x.b, y.b);
+ }
+ static void subPre(Fp2DblT& z, const Fp2DblT& x, const Fp2DblT& y)
+ {
+ FpDbl::subPre(z.a, x.a, y.a);
+ FpDbl::subPre(z.b, x.b, y.b);
+ }
+ static void neg(Fp2DblT& y, const Fp2DblT& x)
+ {
+ FpDbl::neg(y.a, x.a);
+ FpDbl::neg(y.b, x.b);
+ }
+ static void mul_xi(Fp2DblT& y, const Fp2DblT& x)
+ {
+ const uint32_t xi_a = Fp2::get_xi_a();
+ if (xi_a == 1) {
+ FpDbl t;
+ FpDbl::add(t, x.a, x.b);
+ FpDbl::sub(y.a, x.a, x.b);
+ y.b = t;
+ } else {
+ FpDbl t;
+ FpDbl::mulUnit(t, x.a, xi_a);
+ FpDbl::sub(t, t, x.b);
+ FpDbl::mulUnit(y.b, x.b, xi_a);
+ FpDbl::add(y.b, y.b, x.a);
+ y.a = t;
+ }
+ }
+ static void (*mulPre)(Fp2DblT&, const Fp2&, const Fp2&);
+ static void (*sqrPre)(Fp2DblT&, const Fp2&);
+ static void mod(Fp2& y, const Fp2DblT& x)
+ {
+ FpDbl::mod(y.a, x.a);
+ FpDbl::mod(y.b, x.b);
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ friend std::ostream& operator<<(std::ostream& os, const Fp2DblT& x)
+ {
+ return os << x.a << ' ' << x.b;
+ }
+#endif
+ void operator+=(const Fp2DblT& x) { add(*this, *this, x); }
+ void operator-=(const Fp2DblT& x) { sub(*this, *this, x); }
+ static void init()
+ {
+ const mcl::fp::Op& op = Fp::getOp();
+ if (op.fp2Dbl_mulPreA_) {
+ mulPre = fp::func_ptr_cast<void (*)(Fp2DblT&, const Fp2&, const Fp2&)>(op.fp2Dbl_mulPreA_);
+ } else {
+ if (op.isFullBit) {
+ mulPre = fp2Dbl_mulPreW<true>;
+ } else {
+ mulPre = fp2Dbl_mulPreW<false>;
+ }
+ }
+ if (op.fp2Dbl_sqrPreA_) {
+ sqrPre = fp::func_ptr_cast<void (*)(Fp2DblT&, const Fp2&)>(op.fp2Dbl_sqrPreA_);
+ } else {
+ if (op.isFullBit) {
+ sqrPre = fp2Dbl_sqrPreW<true>;
+ } else {
+ sqrPre = fp2Dbl_sqrPreW<false>;
+ }
+ }
+ }
+ /*
+ Fp2Dbl::mulPre by FpDblT
+ @note mod of NIST_P192 is fast
+ */
+ template<bool isFullBit>
+ static void fp2Dbl_mulPreW(Fp2DblT& z, const Fp2& x, const Fp2& y)
+ {
+ const Fp& a = x.a;
+ const Fp& b = x.b;
+ const Fp& c = y.a;
+ const Fp& d = y.b;
+ FpDbl& d0 = z.a;
+ FpDbl& d1 = z.b;
+ FpDbl d2;
+ Fp s, t;
+ if (isFullBit) {
+ Fp::add(s, a, b);
+ Fp::add(t, c, d);
+ } else {
+ Fp::addPre(s, a, b);
+ Fp::addPre(t, c, d);
+ }
+ FpDbl::mulPre(d1, s, t); // (a + b)(c + d)
+ FpDbl::mulPre(d0, a, c);
+ FpDbl::mulPre(d2, b, d);
+ if (isFullBit) {
+ FpDbl::sub(d1, d1, d0); // (a + b)(c + d) - ac
+ FpDbl::sub(d1, d1, d2); // (a + b)(c + d) - ac - bd
+ } else {
+ FpDbl::subPre(d1, d1, d0);
+ FpDbl::subPre(d1, d1, d2);
+ }
+ FpDbl::sub(d0, d0, d2); // ac - bd
+ }
+ template<bool isFullBit>
+ static void fp2Dbl_sqrPreW(Fp2DblT& y, const Fp2& x)
+ {
+ Fp t1, t2;
+ if (isFullBit) {
+ Fp::add(t1, x.b, x.b); // 2b
+ Fp::add(t2, x.a, x.b); // a + b
+ } else {
+ Fp::addPre(t1, x.b, x.b); // 2b
+ Fp::addPre(t2, x.a, x.b); // a + b
+ }
+ FpDbl::mulPre(y.b, t1, x.a); // 2ab
+ Fp::sub(t1, x.a, x.b); // a - b
+ FpDbl::mulPre(y.a, t1, t2); // (a + b)(a - b)
+ }
+};
+
+template<class Fp> void (*Fp2DblT<Fp>::mulPre)(Fp2DblT&, const Fp2T<Fp>&, const Fp2T<Fp>&);
+template<class Fp> void (*Fp2DblT<Fp>::sqrPre)(Fp2DblT&, const Fp2T<Fp>&);
+
+template<class Fp> Fp2T<Fp> Fp2T<Fp>::g[Fp2T<Fp>::gN];
+template<class Fp> Fp2T<Fp> Fp2T<Fp>::g2[Fp2T<Fp>::gN];
+template<class Fp> Fp2T<Fp> Fp2T<Fp>::g3[Fp2T<Fp>::gN];
+
+template<class Fp>
+struct Fp6DblT;
+/*
+ Fp6T = Fp2[v] / (v^3 - xi)
+ x = a + b v + c v^2
+*/
+template<class _Fp>
+struct Fp6T : public fp::Serializable<Fp6T<_Fp>,
+ fp::Operator<Fp6T<_Fp> > > {
+ typedef _Fp Fp;
+ typedef Fp2T<Fp> Fp2;
+ typedef Fp2DblT<Fp> Fp2Dbl;
+ typedef Fp6DblT<Fp> Fp6Dbl;
+ typedef Fp BaseFp;
+ Fp2 a, b, c;
+ Fp6T() { }
+ Fp6T(int64_t a) : a(a) , b(0) , c(0) { }
+ Fp6T(const Fp2& a, const Fp2& b, const Fp2& c) : a(a) , b(b) , c(c) { }
+ void clear()
+ {
+ a.clear();
+ b.clear();
+ c.clear();
+ }
+ Fp* getFp0() { return a.getFp0(); }
+ const Fp* getFp0() const { return a.getFp0(); }
+ Fp2* getFp2() { return &a; }
+ const Fp2* getFp2() const { return &a; }
+ void set(const Fp2 &a_, const Fp2 &b_, const Fp2 &c_)
+ {
+ a = a_;
+ b = b_;
+ c = c_;
+ }
+ bool isZero() const
+ {
+ return a.isZero() && b.isZero() && c.isZero();
+ }
+ bool isOne() const
+ {
+ return a.isOne() && b.isZero() && c.isZero();
+ }
+ bool operator==(const Fp6T& rhs) const
+ {
+ return a == rhs.a && b == rhs.b && c == rhs.c;
+ }
+ bool operator!=(const Fp6T& rhs) const { return !operator==(rhs); }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+ a.load(pb, is, ioMode); if (!*pb) return;
+ b.load(pb, is, ioMode); if (!*pb) return;
+ c.load(pb, is, ioMode); if (!*pb) return;
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ a.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ b.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ c.save(pb, os, ioMode);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("Fp6T:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("Fp6T:save");
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_STRING
+ friend std::istream& operator>>(std::istream& is, Fp6T& self)
+ {
+ self.load(is, fp::detectIoMode(Fp::BaseFp::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const Fp6T& self)
+ {
+ self.save(os, fp::detectIoMode(Fp::BaseFp::getIoMode(), os));
+ return os;
+ }
+#endif
+ static void add(Fp6T& z, const Fp6T& x, const Fp6T& y)
+ {
+ Fp2::add(z.a, x.a, y.a);
+ Fp2::add(z.b, x.b, y.b);
+ Fp2::add(z.c, x.c, y.c);
+ }
+ static void sub(Fp6T& z, const Fp6T& x, const Fp6T& y)
+ {
+ Fp2::sub(z.a, x.a, y.a);
+ Fp2::sub(z.b, x.b, y.b);
+ Fp2::sub(z.c, x.c, y.c);
+ }
+ static void neg(Fp6T& y, const Fp6T& x)
+ {
+ Fp2::neg(y.a, x.a);
+ Fp2::neg(y.b, x.b);
+ Fp2::neg(y.c, x.c);
+ }
+ /*
+ x = a + bv + cv^2, v^3 = xi
+ x^2 = (a^2 + 2bc xi) + (c^2 xi + 2ab)v + (b^2 + 2ac)v^2
+
+ b^2 + 2ac = (a + b + c)^2 - a^2 - 2bc - c^2 - 2ab
+ */
+ static void sqr(Fp6T& y, const Fp6T& x)
+ {
+ Fp2 t1, t2, t3;
+ Fp2::mul(t1, x.a, x.b);
+ t1 += t1; // 2ab
+ Fp2::mul(t2, x.b, x.c);
+ t2 += t2; // 2bc
+ Fp2::sqr(t3, x.c); // c^2
+ Fp2::add(y.c, x.a, x.c); // a + c, destroy y.c
+ y.c += x.b; // a + b + c
+ Fp2::sqr(y.b, y.c); // (a + b + c)^2, destroy y.b
+ y.b -= t2; // (a + b + c)^2 - 2bc
+ Fp2::mul_xi(t2, t2); // 2bc xi
+ Fp2::sqr(y.a, x.a); // a^2, destroy y.a
+ y.b -= y.a; // (a + b + c)^2 - 2bc - a^2
+ y.a += t2; // a^2 + 2bc xi
+ Fp2::sub(y.c, y.b, t3); // (a + b + c)^2 - 2bc - a^2 - c^2
+ Fp2::mul_xi(y.b, t3); // c^2 xi
+ y.b += t1; // c^2 xi + 2ab
+ y.c -= t1; // b^2 + 2ac
+ }
+ static inline void mul(Fp6T& z, const Fp6T& x, const Fp6T& y);
+ /*
+ x = a + bv + cv^2, v^3 = xi
+ y = 1/x = p/q where
+ p = (a^2 - bc xi) + (c^2 xi - ab)v + (b^2 - ac)v^2
+ q = c^3 xi^2 + b(b^2 - 3ac)xi + a^3
+ = (a^2 - bc xi)a + ((c^2 xi - ab)c + (b^2 - ac)b) xi
+ */
+ static void inv(Fp6T& y, const Fp6T& x)
+ {
+ const Fp2& a = x.a;
+ const Fp2& b = x.b;
+ const Fp2& c = x.c;
+ Fp2 aa, bb, cc, ab, bc, ac;
+ Fp2::sqr(aa, a);
+ Fp2::sqr(bb, b);
+ Fp2::sqr(cc, c);
+ Fp2::mul(ab, a, b);
+ Fp2::mul(bc, b, c);
+ Fp2::mul(ac, c, a);
+
+ Fp6T p;
+ Fp2::mul_xi(p.a, bc);
+ Fp2::sub(p.a, aa, p.a); // a^2 - bc xi
+ Fp2::mul_xi(p.b, cc);
+ p.b -= ab; // c^2 xi - ab
+ Fp2::sub(p.c, bb, ac); // b^2 - ac
+ Fp2 q, t;
+ Fp2::mul(q, p.b, c);
+ Fp2::mul(t, p.c, b);
+ q += t;
+ Fp2::mul_xi(q, q);
+ Fp2::mul(t, p.a, a);
+ q += t;
+ Fp2::inv(q, q);
+
+ Fp2::mul(y.a, p.a, q);
+ Fp2::mul(y.b, p.b, q);
+ Fp2::mul(y.c, p.c, q);
+ }
+};
+
+template<class Fp>
+struct Fp6DblT {
+ typedef Fp2T<Fp> Fp2;
+ typedef Fp6T<Fp> Fp6;
+ typedef Fp2DblT<Fp> Fp2Dbl;
+ typedef Fp6DblT<Fp> Fp6Dbl;
+ typedef fp::Unit Unit;
+ Fp2Dbl a, b, c;
+ static void add(Fp6Dbl& z, const Fp6Dbl& x, const Fp6Dbl& y)
+ {
+ Fp2Dbl::add(z.a, x.a, y.a);
+ Fp2Dbl::add(z.b, x.b, y.b);
+ Fp2Dbl::add(z.c, x.c, y.c);
+ }
+ static void sub(Fp6Dbl& z, const Fp6Dbl& x, const Fp6Dbl& y)
+ {
+ Fp2Dbl::sub(z.a, x.a, y.a);
+ Fp2Dbl::sub(z.b, x.b, y.b);
+ Fp2Dbl::sub(z.c, x.c, y.c);
+ }
+ /*
+ x = a + bv + cv^2, y = d + ev + fv^2, v^3 = xi
+ xy = (ad + (bf + ce)xi) + ((ae + bd) + cf xi)v + ((af + cd) + be)v^2
+ bf + ce = (b + c)(e + f) - be - cf
+ ae + bd = (a + b)(e + d) - ad - be
+ af + cd = (a + c)(d + f) - ad - cf
+ */
+ static void mulPre(Fp6DblT& z, const Fp6& x, const Fp6& y)
+ {
+//clk.begin();
+ const Fp2& a = x.a;
+ const Fp2& b = x.b;
+ const Fp2& c = x.c;
+ const Fp2& d = y.a;
+ const Fp2& e = y.b;
+ const Fp2& f = y.c;
+ Fp2Dbl& za = z.a;
+ Fp2Dbl& zb = z.b;
+ Fp2Dbl& zc = z.c;
+ Fp2Dbl BE;
+ Fp2Dbl::mulPre(za, a, d);
+ Fp2Dbl::mulPre(BE, b, e);
+ Fp2Dbl::mulPre(zb, c, f);
+
+ Fp2 t1, t2, t3, t4;
+ Fp2::add(t1, b, c);
+ Fp2::add(t2, e, f);
+ Fp2Dbl T1;
+ Fp2Dbl::mulPre(T1, t1, t2);
+ Fp2Dbl::sub(T1, T1, BE);
+ Fp2Dbl::sub(T1, T1, zb);
+ Fp2Dbl::mul_xi(T1, T1);
+
+ Fp2::add(t2, a, b);
+ Fp2::add(t3, e, d);
+ Fp2Dbl T2;
+ Fp2Dbl::mulPre(T2, t2, t3);
+ Fp2Dbl::sub(T2, T2, za);
+ Fp2Dbl::sub(T2, T2, BE);
+
+ Fp2::add(t3, a, c);
+ Fp2::add(t4, d, f);
+ Fp2Dbl::mulPre(zc, t3, t4);
+ Fp2Dbl::sub(zc, zc, za);
+ Fp2Dbl::sub(zc, zc, zb);
+
+ Fp2Dbl::add(za, za, T1);
+ Fp2Dbl::mul_xi(zb, zb);
+ Fp2Dbl::add(zb, zb, T2);
+ Fp2Dbl::add(zc, zc, BE);
+//clk.end();
+ }
+ static void mod(Fp6& y, const Fp6Dbl& x)
+ {
+ Fp2Dbl::mod(y.a, x.a);
+ Fp2Dbl::mod(y.b, x.b);
+ Fp2Dbl::mod(y.c, x.c);
+ }
+};
+
+template<class Fp>
+inline void Fp6T<Fp>::mul(Fp6T<Fp>& z, const Fp6T<Fp>& x, const Fp6T<Fp>& y)
+{
+ Fp6DblT<Fp> Z;
+ Fp6DblT<Fp>::mulPre(Z, x, y);
+ Fp6DblT<Fp>::mod(z, Z);
+}
+
+/*
+ Fp12T = Fp6[w] / (w^2 - v)
+ x = a + b w
+*/
+template<class Fp>
+struct Fp12T : public fp::Serializable<Fp12T<Fp>,
+ fp::Operator<Fp12T<Fp> > > {
+ typedef Fp2T<Fp> Fp2;
+ typedef Fp6T<Fp> Fp6;
+ typedef Fp2DblT<Fp> Fp2Dbl;
+ typedef Fp6DblT<Fp> Fp6Dbl;
+ typedef Fp BaseFp;
+ Fp6 a, b;
+ Fp12T() {}
+ Fp12T(int64_t a) : a(a), b(0) {}
+ Fp12T(const Fp6& a, const Fp6& b) : a(a), b(b) {}
+ void clear()
+ {
+ a.clear();
+ b.clear();
+ }
+ void setOne()
+ {
+ clear();
+ a.a.a = 1;
+ }
+
+ Fp* getFp0() { return a.getFp0(); }
+ const Fp* getFp0() const { return a.getFp0(); }
+ Fp2* getFp2() { return a.getFp2(); }
+ const Fp2* getFp2() const { return a.getFp2(); }
+ void set(const Fp2& v0, const Fp2& v1, const Fp2& v2, const Fp2& v3, const Fp2& v4, const Fp2& v5)
+ {
+ a.set(v0, v1, v2);
+ b.set(v3, v4, v5);
+ }
+
+ bool isZero() const
+ {
+ return a.isZero() && b.isZero();
+ }
+ bool isOne() const
+ {
+ return a.isOne() && b.isZero();
+ }
+ bool operator==(const Fp12T& rhs) const
+ {
+ return a == rhs.a && b == rhs.b;
+ }
+ bool operator!=(const Fp12T& rhs) const { return !operator==(rhs); }
+ static void add(Fp12T& z, const Fp12T& x, const Fp12T& y)
+ {
+ Fp6::add(z.a, x.a, y.a);
+ Fp6::add(z.b, x.b, y.b);
+ }
+ static void sub(Fp12T& z, const Fp12T& x, const Fp12T& y)
+ {
+ Fp6::sub(z.a, x.a, y.a);
+ Fp6::sub(z.b, x.b, y.b);
+ }
+ static void neg(Fp12T& z, const Fp12T& x)
+ {
+ Fp6::neg(z.a, x.a);
+ Fp6::neg(z.b, x.b);
+ }
+ /*
+ z = x v + y
+ in Fp6 : (a + bv + cv^2)v = cv^3 + av + bv^2 = cxi + av + bv^2
+ */
+ static void mulVadd(Fp6& z, const Fp6& x, const Fp6& y)
+ {
+ Fp2 t;
+ Fp2::mul_xi(t, x.c);
+ Fp2::add(z.c, x.b, y.c);
+ Fp2::add(z.b, x.a, y.b);
+ Fp2::add(z.a, t, y.a);
+ }
+ static void mulVadd(Fp6Dbl& z, const Fp6Dbl& x, const Fp6Dbl& y)
+ {
+ Fp2Dbl t;
+ Fp2Dbl::mul_xi(t, x.c);
+ Fp2Dbl::add(z.c, x.b, y.c);
+ Fp2Dbl::add(z.b, x.a, y.b);
+ Fp2Dbl::add(z.a, t, y.a);
+ }
+ /*
+ x = a + bw, y = c + dw, w^2 = v
+ z = xy = (a + bw)(c + dw) = (ac + bdv) + (ad + bc)w
+ ad+bc = (a + b)(c + d) - ac - bd
+
+ in Fp6 : (a + bv + cv^2)v = cv^3 + av + bv^2 = cxi + av + bv^2
+ */
+ static void mul(Fp12T& z, const Fp12T& x, const Fp12T& y)
+ {
+ // 4.7Kclk -> 4.55Kclk
+ const Fp6& a = x.a;
+ const Fp6& b = x.b;
+ const Fp6& c = y.a;
+ const Fp6& d = y.b;
+ Fp6 t1, t2;
+ Fp6::add(t1, a, b);
+ Fp6::add(t2, c, d);
+#if 1
+ Fp6Dbl T, AC, BD;
+ Fp6Dbl::mulPre(AC, a, c);
+ Fp6Dbl::mulPre(BD, b, d);
+ mulVadd(T, BD, AC);
+ Fp6Dbl::mod(z.a, T);
+ Fp6Dbl::mulPre(T, t1, t2); // (a + b)(c + d)
+ Fp6Dbl::sub(T, T, AC);
+ Fp6Dbl::sub(T, T, BD);
+ Fp6Dbl::mod(z.b, T);
+#else
+ Fp6 ac, bd;
+ t1 *= t2; // (a + b)(c + d)
+ Fp6::mul(ac, a, c);
+ Fp6::mul(bd, b, d);
+ mulVadd(z.a, bd, ac);
+ t1 -= ac;
+ Fp6::sub(z.b, t1, bd);
+#endif
+ }
+ /*
+ x = a + bw, w^2 = v
+ y = x^2 = (a + bw)^2 = (a^2 + b^2v) + 2abw
+ a^2 + b^2v = (a + b)(bv + a) - (abv + ab)
+ */
+ static void sqr(Fp12T& y, const Fp12T& x)
+ {
+ const Fp6& a = x.a;
+ const Fp6& b = x.b;
+ Fp6 t0, t1;
+ Fp6::add(t0, a, b); // a + b
+ mulVadd(t1, b, a); // bv + a
+ t0 *= t1; // (a + b)(bv + a)
+ Fp6::mul(t1, a, b); // ab
+ Fp6::add(y.b, t1, t1); // 2ab
+ mulVadd(y.a, t1, t1); // abv + ab
+ Fp6::sub(y.a, t0, y.a);
+ }
+ /*
+ x = a + bw, w^2 = v
+ y = 1/x = (a - bw) / (a^2 - b^2v)
+ */
+ static void inv(Fp12T& y, const Fp12T& x)
+ {
+ const Fp6& a = x.a;
+ const Fp6& b = x.b;
+ Fp6 t0, t1;
+ Fp6::sqr(t0, a);
+ Fp6::sqr(t1, b);
+ Fp2::mul_xi(t1.c, t1.c);
+ t0.a -= t1.c;
+ t0.b -= t1.a;
+ t0.c -= t1.b; // t0 = a^2 - b^2v
+ Fp6::inv(t0, t0);
+ Fp6::mul(y.a, x.a, t0);
+ Fp6::mul(y.b, x.b, t0);
+ Fp6::neg(y.b, y.b);
+ }
+ /*
+ y = 1 / x = conjugate of x if |x| = 1
+ */
+ static void unitaryInv(Fp12T& y, const Fp12T& x)
+ {
+ if (&y != &x) y.a = x.a;
+ Fp6::neg(y.b, x.b);
+ }
+ /*
+ Frobenius
+ i^2 = -1
+ (a + bi)^p = a + bi^p in Fp
+ = a + bi if p = 1 mod 4
+ = a - bi if p = 3 mod 4
+
+ g = xi^(p - 1) / 6
+ v^3 = xi in Fp2
+ v^p = ((v^6) ^ (p-1)/6) v = g^2 v
+ v^2p = g^4 v^2
+ (a + bv + cv^2)^p in Fp6
+ = F(a) + F(b)g^2 v + F(c) g^4 v^2
+
+ w^p = ((w^6) ^ (p-1)/6) w = g w
+ ((a + bv + cv^2)w)^p in Fp12T
+ = (F(a) g + F(b) g^3 v + F(c) g^5 v^2)w
+ */
+ static void Frobenius(Fp12T& y, const Fp12T& x)
+ {
+ for (int i = 0; i < 6; i++) {
+ Fp2::Frobenius(y.getFp2()[i], x.getFp2()[i]);
+ }
+ for (int i = 1; i < 6; i++) {
+ y.getFp2()[i] *= Fp2::get_gTbl()[i - 1];
+ }
+ }
+ static void Frobenius2(Fp12T& y, const Fp12T& x)
+ {
+#if 0
+ Frobenius(y, x);
+ Frobenius(y, y);
+#else
+ y.getFp2()[0] = x.getFp2()[0];
+ if (Fp::getOp().pmod4 == 1) {
+ for (int i = 1; i < 6; i++) {
+ Fp2::mul(y.getFp2()[i], x.getFp2()[i], Fp2::get_g2Tbl()[i]);
+ }
+ } else {
+ for (int i = 1; i < 6; i++) {
+ Fp2::mulFp(y.getFp2()[i], x.getFp2()[i], Fp2::get_g2Tbl()[i - 1].a);
+ }
+ }
+#endif
+ }
+ static void Frobenius3(Fp12T& y, const Fp12T& x)
+ {
+#if 0
+ Frobenius(y, x);
+ Frobenius(y, y);
+ Frobenius(y, y);
+#else
+ Fp2::Frobenius(y.getFp2()[0], x.getFp2()[0]);
+ for (int i = 1; i < 6; i++) {
+ Fp2::Frobenius(y.getFp2()[i], x.getFp2()[i]);
+ y.getFp2()[i] *= Fp2::get_g3Tbl()[i - 1];
+ }
+#endif
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+ a.load(pb, is, ioMode); if (!*pb) return;
+ b.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ a.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ b.save(pb, os, ioMode);
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("Fp12T:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("Fp12T:save");
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_STRING
+ friend std::istream& operator>>(std::istream& is, Fp12T& self)
+ {
+ self.load(is, fp::detectIoMode(Fp::BaseFp::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const Fp12T& self)
+ {
+ self.save(os, fp::detectIoMode(Fp::BaseFp::getIoMode(), os));
+ return os;
+ }
+#endif
+};
+
+/*
+ convert multiplicative group to additive group
+*/
+template<class T>
+struct GroupMtoA : public T {
+ static T& castT(GroupMtoA& x) { return static_cast<T&>(x); }
+ static const T& castT(const GroupMtoA& x) { return static_cast<const T&>(x); }
+ void clear()
+ {
+ castT(*this) = 1;
+ }
+ bool isZero() const { return castT(*this).isOne(); }
+ static void add(GroupMtoA& z, const GroupMtoA& x, const GroupMtoA& y)
+ {
+ T::mul(castT(z), castT(x), castT(y));
+ }
+ static void dbl(GroupMtoA& y, const GroupMtoA& x)
+ {
+ T::sqr(castT(y), castT(x));
+ }
+ static void neg(GroupMtoA& y, const GroupMtoA& x)
+ {
+ // assume Fp12
+ T::unitaryInv(castT(y), castT(x));
+ }
+ static void Frobenus(GroupMtoA& y, const GroupMtoA& x)
+ {
+ T::Frobenius(castT(y), castT(x));
+ }
+ template<class INT>
+ static void mul(GroupMtoA& z, const GroupMtoA& x, const INT& y)
+ {
+ T::pow(castT(z), castT(x), y);
+ }
+ template<class INT>
+ static void mulGeneric(GroupMtoA& z, const GroupMtoA& x, const INT& y)
+ {
+ T::powGeneric(castT(z), castT(x), y);
+ }
+ void operator+=(const GroupMtoA& rhs)
+ {
+ add(*this, *this, rhs);
+ }
+ void normalize() {}
+private:
+ bool isOne() const;
+};
+
+} // mcl
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/gmp_util.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/gmp_util.hpp
new file mode 100644
index 000000000..bcbd91a1e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/gmp_util.hpp
@@ -0,0 +1,954 @@
+#pragma once
+/**
+ @file
+ @brief util function for gmp
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <stdint.h>
+#include <cybozu/exception.hpp>
+#include <mcl/randgen.hpp>
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4616)
+ #pragma warning(disable : 4800)
+ #pragma warning(disable : 4244)
+ #pragma warning(disable : 4127)
+ #pragma warning(disable : 4512)
+ #pragma warning(disable : 4146)
+#endif
+#if defined(__EMSCRIPTEN__) || defined(__wasm__)
+ #define MCL_USE_VINT
+#endif
+#ifdef MCL_USE_VINT
+#include <mcl/vint.hpp>
+typedef mcl::Vint mpz_class;
+#else
+#include <gmpxx.h>
+#ifdef _MSC_VER
+ #pragma warning(pop)
+ #include <cybozu/link_mpir.hpp>
+#endif
+#endif
+
+#ifndef MCL_SIZEOF_UNIT
+ #if defined(CYBOZU_OS_BIT) && (CYBOZU_OS_BIT == 32)
+ #define MCL_SIZEOF_UNIT 4
+ #else
+ #define MCL_SIZEOF_UNIT 8
+ #endif
+#endif
+
+namespace mcl {
+
+namespace fp {
+
+#if MCL_SIZEOF_UNIT == 8
+typedef uint64_t Unit;
+#else
+typedef uint32_t Unit;
+#endif
+#define MCL_UNIT_BIT_SIZE (MCL_SIZEOF_UNIT * 8)
+
+} // mcl::fp
+
+namespace gmp {
+
+typedef mpz_class ImplType;
+
+// z = [buf[n-1]:..:buf[1]:buf[0]]
+// eg. buf[] = {0x12345678, 0xaabbccdd}; => z = 0xaabbccdd12345678;
+template<class T>
+void setArray(bool *pb, mpz_class& z, const T *buf, size_t n)
+{
+#ifdef MCL_USE_VINT
+ z.setArray(pb, buf, n);
+#else
+ mpz_import(z.get_mpz_t(), n, -1, sizeof(*buf), 0, 0, buf);
+ *pb = true;
+#endif
+}
+/*
+ buf[0, size) = x
+ buf[size, maxSize) with zero
+*/
+template<class T, class U>
+bool getArray_(T *buf, size_t maxSize, const U *x, int xn)//const mpz_srcptr x)
+{
+ const size_t bufByteSize = sizeof(T) * maxSize;
+ if (xn < 0) return false;
+ size_t xByteSize = sizeof(*x) * xn;
+ if (xByteSize > bufByteSize) return false;
+ memcpy(buf, x, xByteSize);
+ memset((char*)buf + xByteSize, 0, bufByteSize - xByteSize);
+ return true;
+}
+template<class T>
+void getArray(bool *pb, T *buf, size_t maxSize, const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ *pb = getArray_(buf, maxSize, x.getUnit(), x.getUnitSize());
+#else
+ *pb = getArray_(buf, maxSize, x.get_mpz_t()->_mp_d, x.get_mpz_t()->_mp_size);
+#endif
+}
+inline void set(mpz_class& z, uint64_t x)
+{
+ bool b;
+ setArray(&b, z, &x, 1);
+ assert(b);
+ (void)b;
+}
+inline void setStr(bool *pb, mpz_class& z, const char *str, int base = 0)
+{
+#ifdef MCL_USE_VINT
+ z.setStr(pb, str, base);
+#else
+ *pb = z.set_str(str, base) == 0;
+#endif
+}
+
+/*
+ set buf with string terminated by '\0'
+ return strlen(buf) if success else 0
+*/
+inline size_t getStr(char *buf, size_t bufSize, const mpz_class& z, int base = 10)
+{
+#ifdef MCL_USE_VINT
+ return z.getStr(buf, bufSize, base);
+#else
+ __gmp_alloc_cstring tmp(mpz_get_str(0, base, z.get_mpz_t()));
+ size_t n = strlen(tmp.str);
+ if (n + 1 > bufSize) return 0;
+ memcpy(buf, tmp.str, n + 1);
+ return n;
+#endif
+}
+
+#ifndef CYBOZU_DONT_USE_STRING
+inline void getStr(std::string& str, const mpz_class& z, int base = 10)
+{
+#ifdef MCL_USE_VINT
+ z.getStr(str, base);
+#else
+ str = z.get_str(base);
+#endif
+}
+inline std::string getStr(const mpz_class& z, int base = 10)
+{
+ std::string s;
+ gmp::getStr(s, z, base);
+ return s;
+}
+#endif
+
+inline void add(mpz_class& z, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::add(z, x, y);
+#else
+ mpz_add(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+#ifndef MCL_USE_VINT
+inline void add(mpz_class& z, const mpz_class& x, unsigned int y)
+{
+ mpz_add_ui(z.get_mpz_t(), x.get_mpz_t(), y);
+}
+inline void sub(mpz_class& z, const mpz_class& x, unsigned int y)
+{
+ mpz_sub_ui(z.get_mpz_t(), x.get_mpz_t(), y);
+}
+inline void mul(mpz_class& z, const mpz_class& x, unsigned int y)
+{
+ mpz_mul_ui(z.get_mpz_t(), x.get_mpz_t(), y);
+}
+inline void div(mpz_class& q, const mpz_class& x, unsigned int y)
+{
+ mpz_div_ui(q.get_mpz_t(), x.get_mpz_t(), y);
+}
+inline void mod(mpz_class& r, const mpz_class& x, unsigned int m)
+{
+ mpz_mod_ui(r.get_mpz_t(), x.get_mpz_t(), m);
+}
+inline int compare(const mpz_class& x, int y)
+{
+ return mpz_cmp_si(x.get_mpz_t(), y);
+}
+#endif
+inline void sub(mpz_class& z, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::sub(z, x, y);
+#else
+ mpz_sub(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline void mul(mpz_class& z, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::mul(z, x, y);
+#else
+ mpz_mul(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline void sqr(mpz_class& z, const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ Vint::mul(z, x, x);
+#else
+ mpz_mul(z.get_mpz_t(), x.get_mpz_t(), x.get_mpz_t());
+#endif
+}
+inline void divmod(mpz_class& q, mpz_class& r, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::divMod(&q, r, x, y);
+#else
+ mpz_divmod(q.get_mpz_t(), r.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline void div(mpz_class& q, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::div(q, x, y);
+#else
+ mpz_div(q.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline void mod(mpz_class& r, const mpz_class& x, const mpz_class& m)
+{
+#ifdef MCL_USE_VINT
+ Vint::mod(r, x, m);
+#else
+ mpz_mod(r.get_mpz_t(), x.get_mpz_t(), m.get_mpz_t());
+#endif
+}
+inline void clear(mpz_class& z)
+{
+#ifdef MCL_USE_VINT
+ z.clear();
+#else
+ mpz_set_ui(z.get_mpz_t(), 0);
+#endif
+}
+inline bool isZero(const mpz_class& z)
+{
+#ifdef MCL_USE_VINT
+ return z.isZero();
+#else
+ return mpz_sgn(z.get_mpz_t()) == 0;
+#endif
+}
+inline bool isNegative(const mpz_class& z)
+{
+#ifdef MCL_USE_VINT
+ return z.isNegative();
+#else
+ return mpz_sgn(z.get_mpz_t()) < 0;
+#endif
+}
+inline void neg(mpz_class& z, const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ Vint::neg(z, x);
+#else
+ mpz_neg(z.get_mpz_t(), x.get_mpz_t());
+#endif
+}
+inline int compare(const mpz_class& x, const mpz_class & y)
+{
+#ifdef MCL_USE_VINT
+ return Vint::compare(x, y);
+#else
+ return mpz_cmp(x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+template<class T>
+void addMod(mpz_class& z, const mpz_class& x, const T& y, const mpz_class& m)
+{
+ add(z, x, y);
+ if (compare(z, m) >= 0) {
+ sub(z, z, m);
+ }
+}
+template<class T>
+void subMod(mpz_class& z, const mpz_class& x, const T& y, const mpz_class& m)
+{
+ sub(z, x, y);
+ if (!isNegative(z)) return;
+ add(z, z, m);
+}
+template<class T>
+void mulMod(mpz_class& z, const mpz_class& x, const T& y, const mpz_class& m)
+{
+ mul(z, x, y);
+ mod(z, z, m);
+}
+inline void sqrMod(mpz_class& z, const mpz_class& x, const mpz_class& m)
+{
+ sqr(z, x);
+ mod(z, z, m);
+}
+// z = x^y (y >= 0)
+inline void pow(mpz_class& z, const mpz_class& x, unsigned int y)
+{
+#ifdef MCL_USE_VINT
+ Vint::pow(z, x, y);
+#else
+ mpz_pow_ui(z.get_mpz_t(), x.get_mpz_t(), y);
+#endif
+}
+// z = x^y mod m (y >=0)
+inline void powMod(mpz_class& z, const mpz_class& x, const mpz_class& y, const mpz_class& m)
+{
+#ifdef MCL_USE_VINT
+ Vint::powMod(z, x, y, m);
+#else
+ mpz_powm(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t(), m.get_mpz_t());
+#endif
+}
+// z = 1/x mod m
+inline void invMod(mpz_class& z, const mpz_class& x, const mpz_class& m)
+{
+#ifdef MCL_USE_VINT
+ Vint::invMod(z, x, m);
+#else
+ mpz_invert(z.get_mpz_t(), x.get_mpz_t(), m.get_mpz_t());
+#endif
+}
+// z = lcm(x, y)
+inline void lcm(mpz_class& z, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::lcm(z, x, y);
+#else
+ mpz_lcm(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline mpz_class lcm(const mpz_class& x, const mpz_class& y)
+{
+ mpz_class z;
+ lcm(z, x, y);
+ return z;
+}
+// z = gcd(x, y)
+inline void gcd(mpz_class& z, const mpz_class& x, const mpz_class& y)
+{
+#ifdef MCL_USE_VINT
+ Vint::gcd(z, x, y);
+#else
+ mpz_gcd(z.get_mpz_t(), x.get_mpz_t(), y.get_mpz_t());
+#endif
+}
+inline mpz_class gcd(const mpz_class& x, const mpz_class& y)
+{
+ mpz_class z;
+ gcd(z, x, y);
+ return z;
+}
+/*
+ assume p : odd prime
+ return 1 if x^2 = a mod p for some x
+ return -1 if x^2 != a mod p for any x
+*/
+inline int legendre(const mpz_class& a, const mpz_class& p)
+{
+#ifdef MCL_USE_VINT
+ return Vint::jacobi(a, p);
+#else
+ return mpz_legendre(a.get_mpz_t(), p.get_mpz_t());
+#endif
+}
+inline bool isPrime(bool *pb, const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ return x.isPrime(pb, 32);
+#else
+ *pb = true;
+ return mpz_probab_prime_p(x.get_mpz_t(), 32) != 0;
+#endif
+}
+inline size_t getBitSize(const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ return x.getBitSize();
+#else
+ return mpz_sizeinbase(x.get_mpz_t(), 2);
+#endif
+}
+inline bool testBit(const mpz_class& x, size_t pos)
+{
+#ifdef MCL_USE_VINT
+ return x.testBit(pos);
+#else
+ return mpz_tstbit(x.get_mpz_t(), pos) != 0;
+#endif
+}
+inline void resetBit(mpz_class& x, size_t pos)
+{
+#ifdef MCL_USE_VINT
+ x.setBit(pos, false);
+#else
+ mpz_clrbit(x.get_mpz_t(), pos);
+#endif
+}
+inline void setBit(mpz_class& x, size_t pos, bool v = true)
+{
+#ifdef MCL_USE_VINT
+ x.setBit(pos, v);
+#else
+ if (v) {
+ mpz_setbit(x.get_mpz_t(), pos);
+ } else {
+ resetBit(x, pos);
+ }
+#endif
+}
+inline const fp::Unit *getUnit(const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ return x.getUnit();
+#else
+ return reinterpret_cast<const fp::Unit*>(x.get_mpz_t()->_mp_d);
+#endif
+}
+inline fp::Unit getUnit(const mpz_class& x, size_t i)
+{
+ return getUnit(x)[i];
+}
+inline size_t getUnitSize(const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ return x.getUnitSize();
+#else
+ return std::abs(x.get_mpz_t()->_mp_size);
+#endif
+}
+inline mpz_class abs(const mpz_class& x)
+{
+#ifdef MCL_USE_VINT
+ return Vint::abs(x);
+#else
+ return ::abs(x);
+#endif
+}
+
+inline void getRand(bool *pb, mpz_class& z, size_t bitSize, fp::RandGen rg = fp::RandGen())
+{
+ if (rg.isZero()) rg = fp::RandGen::get();
+ assert(bitSize > 1);
+ const size_t rem = bitSize & 31;
+ const size_t n = (bitSize + 31) / 32;
+ uint32_t buf[128];
+ assert(n <= CYBOZU_NUM_OF_ARRAY(buf));
+ if (n > CYBOZU_NUM_OF_ARRAY(buf)) {
+ *pb = false;
+ return;
+ }
+ rg.read(pb, buf, n * sizeof(buf[0]));
+ if (!*pb) return;
+ uint32_t v = buf[n - 1];
+ if (rem == 0) {
+ v |= 1U << 31;
+ } else {
+ v &= (1U << rem) - 1;
+ v |= 1U << (rem - 1);
+ }
+ buf[n - 1] = v;
+ setArray(pb, z, buf, n);
+}
+
+inline void getRandPrime(bool *pb, mpz_class& z, size_t bitSize, fp::RandGen rg = fp::RandGen(), bool setSecondBit = false, bool mustBe3mod4 = false)
+{
+ if (rg.isZero()) rg = fp::RandGen::get();
+ assert(bitSize > 2);
+ for (;;) {
+ getRand(pb, z, bitSize, rg);
+ if (!*pb) return;
+ if (setSecondBit) {
+ z |= mpz_class(1) << (bitSize - 2);
+ }
+ if (mustBe3mod4) {
+ z |= 3;
+ }
+ bool ret = isPrime(pb, z);
+ if (!*pb) return;
+ if (ret) return;
+ }
+}
+inline mpz_class getQuadraticNonResidue(const mpz_class& p)
+{
+ mpz_class g = 2;
+ while (legendre(g, p) > 0) {
+ ++g;
+ }
+ return g;
+}
+
+namespace impl {
+
+template<class Vec>
+void convertToBinary(Vec& v, const mpz_class& x)
+{
+ const size_t len = gmp::getBitSize(x);
+ v.resize(len);
+ for (size_t i = 0; i < len; i++) {
+ v[i] = gmp::testBit(x, len - 1 - i) ? 1 : 0;
+ }
+}
+
+template<class Vec>
+size_t getContinuousVal(const Vec& v, size_t pos, int val)
+{
+ while (pos >= 2) {
+ if (v[pos] != val) break;
+ pos--;
+ }
+ return pos;
+}
+
+template<class Vec>
+void convertToNAF(Vec& v, const Vec& in)
+{
+ v.copy(in);
+ size_t pos = v.size() - 1;
+ for (;;) {
+ size_t p = getContinuousVal(v, pos, 0);
+ if (p == 1) return;
+ assert(v[p] == 1);
+ size_t q = getContinuousVal(v, p, 1);
+ if (q == 1) return;
+ assert(v[q] == 0);
+ if (p - q <= 1) {
+ pos = p - 1;
+ continue;
+ }
+ v[q] = 1;
+ for (size_t i = q + 1; i < p; i++) {
+ v[i] = 0;
+ }
+ v[p] = -1;
+ pos = q;
+ }
+}
+
+template<class Vec>
+size_t getNumOfNonZeroElement(const Vec& v)
+{
+ size_t w = 0;
+ for (size_t i = 0; i < v.size(); i++) {
+ if (v[i]) w++;
+ }
+ return w;
+}
+
+} // impl
+
+/*
+ compute a repl of x which has smaller Hamming weights.
+ return true if naf is selected
+*/
+template<class Vec>
+bool getNAF(Vec& v, const mpz_class& x)
+{
+ Vec bin;
+ impl::convertToBinary(bin, x);
+ Vec naf;
+ impl::convertToNAF(naf, bin);
+ const size_t binW = impl::getNumOfNonZeroElement(bin);
+ const size_t nafW = impl::getNumOfNonZeroElement(naf);
+ if (nafW < binW) {
+ v.swap(naf);
+ return true;
+ } else {
+ v.swap(bin);
+ return false;
+ }
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+inline void setStr(mpz_class& z, const std::string& str, int base = 0)
+{
+ bool b;
+ setStr(&b, z, str.c_str(), base);
+ if (!b) throw cybozu::Exception("gmp:setStr");
+}
+template<class T>
+void setArray(mpz_class& z, const T *buf, size_t n)
+{
+ bool b;
+ setArray(&b, z, buf, n);
+ if (!b) throw cybozu::Exception("gmp:setArray");
+}
+template<class T>
+void getArray(T *buf, size_t maxSize, const mpz_class& x)
+{
+ bool b;
+ getArray(&b, buf, maxSize, x);
+ if (!b) throw cybozu::Exception("gmp:getArray");
+}
+inline bool isPrime(const mpz_class& x)
+{
+ bool b;
+ bool ret = isPrime(&b, x);
+ if (!b) throw cybozu::Exception("gmp:isPrime");
+ return ret;
+}
+inline void getRand(mpz_class& z, size_t bitSize, fp::RandGen rg = fp::RandGen())
+{
+ bool b;
+ getRand(&b, z, bitSize, rg);
+ if (!b) throw cybozu::Exception("gmp:getRand");
+}
+inline void getRandPrime(mpz_class& z, size_t bitSize, fp::RandGen rg = fp::RandGen(), bool setSecondBit = false, bool mustBe3mod4 = false)
+{
+ bool b;
+ getRandPrime(&b, z, bitSize, rg, setSecondBit, mustBe3mod4);
+ if (!b) throw cybozu::Exception("gmp:getRandPrime");
+}
+#endif
+
+
+} // mcl::gmp
+
+/*
+ Tonelli-Shanks
+*/
+class SquareRoot {
+ bool isPrecomputed_;
+ bool isPrime;
+ mpz_class p;
+ mpz_class g;
+ int r;
+ mpz_class q; // p - 1 = 2^r q
+ mpz_class s; // s = g^q
+ mpz_class q_add_1_div_2;
+ struct Tbl {
+ const char *p;
+ const char *g;
+ int r;
+ const char *q;
+ const char *s;
+ const char *q_add_1_div_2;
+ };
+ bool setIfPrecomputed(const mpz_class& p_)
+ {
+ static const Tbl tbl[] = {
+ { // BN254.p
+ "2523648240000001ba344d80000000086121000000000013a700000000000013",
+ "2",
+ 1,
+ "1291b24120000000dd1a26c0000000043090800000000009d380000000000009",
+ "2523648240000001ba344d80000000086121000000000013a700000000000012",
+ "948d920900000006e8d1360000000021848400000000004e9c0000000000005",
+ },
+ { // BN254.r
+ "2523648240000001ba344d8000000007ff9f800000000010a10000000000000d",
+ "2",
+ 2,
+ "948d920900000006e8d136000000001ffe7e000000000042840000000000003",
+ "9366c4800000000555150000000000122400000000000015",
+ "4a46c9048000000374689b000000000fff3f000000000021420000000000002",
+ },
+ { // BLS12_381,p
+ "1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab",
+ "2",
+ 1,
+ "d0088f51cbff34d258dd3db21a5d66bb23ba5c279c2895fb39869507b587b120f55ffff58a9ffffdcff7fffffffd555",
+ "1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaaa",
+ "680447a8e5ff9a692c6e9ed90d2eb35d91dd2e13ce144afd9cc34a83dac3d8907aaffffac54ffffee7fbfffffffeaab",
+ },
+ { // BLS12_381.r
+ "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001",
+ "5",
+ 32,
+ "73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff",
+ "212d79e5b416b6f0fd56dc8d168d6c0c4024ff270b3e0941b788f500b912f1f",
+ "39f6d3a994cebea4199cec0404d0ec02a9ded2017fff2dff80000000",
+ },
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ mpz_class targetPrime;
+ bool b;
+ mcl::gmp::setStr(&b, targetPrime, tbl[i].p, 16);
+ if (!b) continue;
+ if (targetPrime != p_) continue;
+ isPrime = true;
+ p = p_;
+ mcl::gmp::setStr(&b, g, tbl[i].g, 16);
+ if (!b) continue;
+ r = tbl[i].r;
+ mcl::gmp::setStr(&b, q, tbl[i].q, 16);
+ if (!b) continue;
+ mcl::gmp::setStr(&b, s, tbl[i].s, 16);
+ if (!b) continue;
+ mcl::gmp::setStr(&b, q_add_1_div_2, tbl[i].q_add_1_div_2, 16);
+ if (!b) continue;
+ isPrecomputed_ = true;
+ return true;
+ }
+ return false;
+ }
+public:
+ SquareRoot() { clear(); }
+ bool isPrecomputed() const { return isPrecomputed_; }
+ void clear()
+ {
+ isPrecomputed_ = false;
+ isPrime = false;
+ p = 0;
+ g = 0;
+ r = 0;
+ q = 0;
+ s = 0;
+ q_add_1_div_2 = 0;
+ }
+#if !defined(CYBOZU_DONT_USE_USE_STRING) && !defined(CYBOZU_DONT_USE_EXCEPTION)
+ void dump() const
+ {
+ printf("\"%s\",\n", mcl::gmp::getStr(p, 16).c_str());
+ printf("\"%s\",\n", mcl::gmp::getStr(g, 16).c_str());
+ printf("%d,\n", r);
+ printf("\"%s\",\n", mcl::gmp::getStr(q, 16).c_str());
+ printf("\"%s\",\n", mcl::gmp::getStr(s, 16).c_str());
+ printf("\"%s\",\n", mcl::gmp::getStr(q_add_1_div_2, 16).c_str());
+ }
+#endif
+ void set(bool *pb, const mpz_class& _p, bool usePrecomputedTable = true)
+ {
+ if (usePrecomputedTable && setIfPrecomputed(_p)) {
+ *pb = true;
+ return;
+ }
+ p = _p;
+ if (p <= 2) {
+ *pb = false;
+ return;
+ }
+ isPrime = gmp::isPrime(pb, p);
+ if (!*pb) return;
+ if (!isPrime) {
+ *pb = false;
+ return;
+ }
+ g = gmp::getQuadraticNonResidue(p);
+ // p - 1 = 2^r q, q is odd
+ r = 0;
+ q = p - 1;
+ while ((q & 1) == 0) {
+ r++;
+ q /= 2;
+ }
+ gmp::powMod(s, g, q, p);
+ q_add_1_div_2 = (q + 1) / 2;
+ *pb = true;
+ }
+ /*
+ solve x^2 = a mod p
+ */
+ bool get(mpz_class& x, const mpz_class& a) const
+ {
+ if (!isPrime) {
+ return false;
+ }
+ if (a == 0) {
+ x = 0;
+ return true;
+ }
+ if (gmp::legendre(a, p) < 0) return false;
+ if (r == 1) {
+ // (p + 1) / 4 = (q + 1) / 2
+ gmp::powMod(x, a, q_add_1_div_2, p);
+ return true;
+ }
+ mpz_class c = s, d;
+ int e = r;
+ gmp::powMod(d, a, q, p);
+ gmp::powMod(x, a, q_add_1_div_2, p); // destroy a if &x == &a
+ mpz_class dd;
+ mpz_class b;
+ while (d != 1) {
+ int i = 1;
+ dd = d * d; dd %= p;
+ while (dd != 1) {
+ dd *= dd; dd %= p;
+ i++;
+ }
+ b = 1;
+ b <<= e - i - 1;
+ gmp::powMod(b, c, b, p);
+ x *= b; x %= p;
+ c = b * b; c %= p;
+ d *= c; d %= p;
+ e = i;
+ }
+ return true;
+ }
+ /*
+ solve x^2 = a in Fp
+ */
+ template<class Fp>
+ bool get(Fp& x, const Fp& a) const
+ {
+ assert(Fp::getOp().mp == p);
+ if (a == 0) {
+ x = 0;
+ return true;
+ }
+ {
+ bool b;
+ mpz_class aa;
+ a.getMpz(&b, aa);
+ assert(b);
+ if (gmp::legendre(aa, p) < 0) return false;
+ }
+ if (r == 1) {
+ // (p + 1) / 4 = (q + 1) / 2
+ Fp::pow(x, a, q_add_1_div_2);
+ return true;
+ }
+ Fp c, d;
+ {
+ bool b;
+ c.setMpz(&b, s);
+ assert(b);
+ }
+ int e = r;
+ Fp::pow(d, a, q);
+ Fp::pow(x, a, q_add_1_div_2); // destroy a if &x == &a
+ Fp dd;
+ Fp b;
+ while (!d.isOne()) {
+ int i = 1;
+ Fp::sqr(dd, d);
+ while (!dd.isOne()) {
+ dd *= dd;
+ i++;
+ }
+ b = 1;
+// b <<= e - i - 1;
+ for (int j = 0; j < e - i - 1; j++) {
+ b += b;
+ }
+ Fp::pow(b, c, b);
+ x *= b;
+ Fp::sqr(c, b);
+ d *= c;
+ e = i;
+ }
+ return true;
+ }
+ bool operator==(const SquareRoot& rhs) const
+ {
+ return isPrime == rhs.isPrime && p == rhs.p && g == rhs.g && r == rhs.r
+ && q == rhs.q && s == rhs.s && q_add_1_div_2 == rhs.q_add_1_div_2;
+ }
+ bool operator!=(const SquareRoot& rhs) const { return !operator==(rhs); }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void set(const mpz_class& _p)
+ {
+ bool b;
+ set(&b, _p);
+ if (!b) throw cybozu::Exception("gmp:SquareRoot:set");
+ }
+#endif
+};
+
+/*
+ Barrett Reduction
+ for non GMP version
+ mod of GMP is faster than Modp
+*/
+struct Modp {
+ static const size_t unitBitSize = sizeof(mcl::fp::Unit) * 8;
+ mpz_class p_;
+ mpz_class u_;
+ mpz_class a_;
+ size_t pBitSize_;
+ size_t N_;
+ bool initU_; // Is u_ initialized?
+ Modp()
+ : pBitSize_(0)
+ , N_(0)
+ , initU_(false)
+ {
+ }
+ // x &= 1 << (unitBitSize * unitSize)
+ void shrinkSize(mpz_class &x, size_t unitSize) const
+ {
+ size_t u = gmp::getUnitSize(x);
+ if (u < unitSize) return;
+ bool b;
+ gmp::setArray(&b, x, gmp::getUnit(x), unitSize);
+ (void)b;
+ assert(b);
+ }
+ // p_ is set by p and compute (u_, a_) if possible
+ void init(const mpz_class& p)
+ {
+ p_ = p;
+ pBitSize_ = gmp::getBitSize(p);
+ N_ = (pBitSize_ + unitBitSize - 1) / unitBitSize;
+ initU_ = false;
+#if 0
+ u_ = (mpz_class(1) << (unitBitSize * 2 * N_)) / p_;
+#else
+ /*
+ 1 << (unitBitSize * 2 * N_) may be overflow,
+ so use (1 << (unitBitSize * 2 * N_)) - 1 because u_ is same.
+ */
+ uint8_t buf[48 * 2];
+ const size_t byteSize = unitBitSize / 8 * 2 * N_;
+ if (byteSize > sizeof(buf)) return;
+ memset(buf, 0xff, byteSize);
+ bool b;
+ gmp::setArray(&b, u_, buf, byteSize);
+ if (!b) return;
+#endif
+ u_ /= p_;
+ a_ = mpz_class(1) << (unitBitSize * (N_ + 1));
+ initU_ = true;
+ }
+ void modp(mpz_class& r, const mpz_class& t) const
+ {
+ assert(p_ > 0);
+ const size_t tBitSize = gmp::getBitSize(t);
+ // use gmp::mod if init() fails or t is too large
+ if (tBitSize > unitBitSize * 2 * N_ || !initU_) {
+ gmp::mod(r, t, p_);
+ return;
+ }
+ if (tBitSize < pBitSize_) {
+ r = t;
+ return;
+ }
+ // mod is faster than modp if t is small
+ if (tBitSize <= unitBitSize * N_) {
+ gmp::mod(r, t, p_);
+ return;
+ }
+ mpz_class q;
+ q = t;
+ q >>= unitBitSize * (N_ - 1);
+ q *= u_;
+ q >>= unitBitSize * (N_ + 1);
+ q *= p_;
+ shrinkSize(q, N_ + 1);
+ r = t;
+ shrinkSize(r, N_ + 1);
+ r -= q;
+ if (r < 0) {
+ r += a_;
+ }
+ if (r >= p_) {
+ r -= p_;
+ }
+ }
+};
+
+} // mcl
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/impl/bn_c_impl.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/impl/bn_c_impl.hpp
new file mode 100644
index 000000000..bec2466dd
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/impl/bn_c_impl.hpp
@@ -0,0 +1,643 @@
+/*
+ This is an internal header
+ Do not include this
+*/
+#define MCLBN_DLL_EXPORT
+#include <mcl/bn.h>
+
+#if MCLBN_FP_UNIT_SIZE == 4 && MCLBN_FR_UNIT_SIZE == 4
+#include <mcl/bn256.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 6
+#include <mcl/bn384.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 6 && MCLBN_FR_UNIT_SIZE == 4
+#include <mcl/bls12_381.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 8 && MCLBN_FR_UNIT_SIZE == 8
+#include <mcl/bn512.hpp>
+#else
+ #error "not supported size"
+#endif
+#include <mcl/lagrange.hpp>
+#include <mcl/ecparam.hpp>
+using namespace mcl::bn;
+
+static Fr *cast(mclBnFr *p) { return reinterpret_cast<Fr*>(p); }
+static const Fr *cast(const mclBnFr *p) { return reinterpret_cast<const Fr*>(p); }
+
+static G1 *cast(mclBnG1 *p) { return reinterpret_cast<G1*>(p); }
+static const G1 *cast(const mclBnG1 *p) { return reinterpret_cast<const G1*>(p); }
+
+static G2 *cast(mclBnG2 *p) { return reinterpret_cast<G2*>(p); }
+static const G2 *cast(const mclBnG2 *p) { return reinterpret_cast<const G2*>(p); }
+
+static Fp12 *cast(mclBnGT *p) { return reinterpret_cast<Fp12*>(p); }
+static const Fp12 *cast(const mclBnGT *p) { return reinterpret_cast<const Fp12*>(p); }
+
+static Fp6 *cast(uint64_t *p) { return reinterpret_cast<Fp6*>(p); }
+static const Fp6 *cast(const uint64_t *p) { return reinterpret_cast<const Fp6*>(p); }
+
+static Fp2 *cast(mclBnFp2 *p) { return reinterpret_cast<Fp2*>(p); }
+static const Fp2 *cast(const mclBnFp2 *p) { return reinterpret_cast<const Fp2*>(p); }
+
+static Fp *cast(mclBnFp *p) { return reinterpret_cast<Fp*>(p); }
+static const Fp *cast(const mclBnFp *p) { return reinterpret_cast<const Fp*>(p); }
+
+template<class T>
+int setStr(T *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ size_t n = cast(x)->deserialize(buf, bufSize, ioMode);
+ return n > 0 ? 0 : -1;
+}
+
+#ifdef __EMSCRIPTEN__
+// use these functions forcibly
+extern "C" MCLBN_DLL_API void *mclBnMalloc(size_t n)
+{
+ return malloc(n);
+}
+extern "C" MCLBN_DLL_API void mclBnFree(void *p)
+{
+ free(p);
+}
+#endif
+
+int mclBn_getVersion()
+{
+ return mcl::version;
+}
+
+int mclBn_init(int curve, int compiledTimeVar)
+{
+ if (compiledTimeVar != MCLBN_COMPILED_TIME_VAR) {
+ return -(compiledTimeVar | (MCLBN_COMPILED_TIME_VAR * 100));
+ }
+ if (MCL_EC_BEGIN <= curve && curve < MCL_EC_END) {
+ const mcl::EcParam *para = mcl::getEcParam(curve);
+ if (para == 0) return -2;
+ bool b;
+ initG1only(&b, *para);
+ return b ? 0 : -1;
+ }
+ const mcl::CurveParam& cp = mcl::getCurveParam(curve);
+ bool b;
+ initPairing(&b, cp);
+ return b ? 0 : -1;
+}
+
+int mclBn_getOpUnitSize()
+{
+ return (int)Fp::getUnitSize() * sizeof(mcl::fp::Unit) / sizeof(uint64_t);
+}
+
+int mclBn_getG1ByteSize()
+{
+ return mclBn_getFpByteSize();
+}
+
+int mclBn_getFrByteSize()
+{
+ return (int)Fr::getByteSize();
+}
+
+int mclBn_getFpByteSize()
+{
+ return (int)Fp::getByteSize();
+}
+
+mclSize mclBn_getCurveOrder(char *buf, mclSize maxBufSize)
+{
+ return Fr::getModulo(buf, maxBufSize);
+}
+
+mclSize mclBn_getFieldOrder(char *buf, mclSize maxBufSize)
+{
+ return Fp::getModulo(buf, maxBufSize);
+}
+
+////////////////////////////////////////////////
+// set zero
+void mclBnFr_clear(mclBnFr *x)
+{
+ cast(x)->clear();
+}
+
+// set x to y
+void mclBnFr_setInt(mclBnFr *y, mclInt x)
+{
+ *cast(y) = x;
+}
+void mclBnFr_setInt32(mclBnFr *y, int x)
+{
+ *cast(y) = x;
+}
+
+int mclBnFr_setStr(mclBnFr *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ return setStr(x, buf, bufSize, ioMode);
+}
+int mclBnFr_setLittleEndian(mclBnFr *x, const void *buf, mclSize bufSize)
+{
+ cast(x)->setArrayMask((const char *)buf, bufSize);
+ return 0;
+}
+int mclBnFr_setLittleEndianMod(mclBnFr *x, const void *buf, mclSize bufSize)
+{
+ bool b;
+ cast(x)->setArray(&b, (const char *)buf, bufSize, mcl::fp::Mod);
+ return b ? 0 : -1;
+}
+mclSize mclBnFr_deserialize(mclBnFr *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+// return 1 if true
+int mclBnFr_isValid(const mclBnFr *x)
+{
+ return cast(x)->isValid();
+}
+int mclBnFr_isEqual(const mclBnFr *x, const mclBnFr *y)
+{
+ return *cast(x) == *cast(y);
+}
+int mclBnFr_isZero(const mclBnFr *x)
+{
+ return cast(x)->isZero();
+}
+int mclBnFr_isOne(const mclBnFr *x)
+{
+ return cast(x)->isOne();
+}
+
+#ifndef MCL_DONT_USE_CSRPNG
+int mclBnFr_setByCSPRNG(mclBnFr *x)
+{
+ bool b;
+ cast(x)->setByCSPRNG(&b);
+ return b ? 0 : -1;
+}
+void mclBn_setRandFunc(void *self, unsigned int (*readFunc)(void *self, void *buf, unsigned int bufSize))
+{
+ mcl::fp::RandGen::setRandFunc(self, readFunc);
+}
+#endif
+
+// hash(buf) and set x
+int mclBnFr_setHashOf(mclBnFr *x, const void *buf, mclSize bufSize)
+{
+ cast(x)->setHashOf(buf, bufSize);
+ return 0;
+}
+
+mclSize mclBnFr_getStr(char *buf, mclSize maxBufSize, const mclBnFr *x, int ioMode)
+{
+ return cast(x)->getStr(buf, maxBufSize, ioMode);
+}
+mclSize mclBnFr_serialize(void *buf, mclSize maxBufSize, const mclBnFr *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnFr_neg(mclBnFr *y, const mclBnFr *x)
+{
+ Fr::neg(*cast(y), *cast(x));
+}
+void mclBnFr_inv(mclBnFr *y, const mclBnFr *x)
+{
+ Fr::inv(*cast(y), *cast(x));
+}
+void mclBnFr_sqr(mclBnFr *y, const mclBnFr *x)
+{
+ Fr::sqr(*cast(y), *cast(x));
+}
+void mclBnFr_add(mclBnFr *z, const mclBnFr *x, const mclBnFr *y)
+{
+ Fr::add(*cast(z),*cast(x), *cast(y));
+}
+void mclBnFr_sub(mclBnFr *z, const mclBnFr *x, const mclBnFr *y)
+{
+ Fr::sub(*cast(z),*cast(x), *cast(y));
+}
+void mclBnFr_mul(mclBnFr *z, const mclBnFr *x, const mclBnFr *y)
+{
+ Fr::mul(*cast(z),*cast(x), *cast(y));
+}
+void mclBnFr_div(mclBnFr *z, const mclBnFr *x, const mclBnFr *y)
+{
+ Fr::div(*cast(z),*cast(x), *cast(y));
+}
+
+////////////////////////////////////////////////
+// set zero
+void mclBnG1_clear(mclBnG1 *x)
+{
+ cast(x)->clear();
+}
+
+int mclBnG1_setStr(mclBnG1 *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ return setStr(x, buf, bufSize, ioMode);
+}
+mclSize mclBnG1_deserialize(mclBnG1 *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+
+// return 1 if true
+int mclBnG1_isValid(const mclBnG1 *x)
+{
+ return cast(x)->isValid();
+}
+int mclBnG1_isEqual(const mclBnG1 *x, const mclBnG1 *y)
+{
+ return *cast(x) == *cast(y);
+}
+int mclBnG1_isZero(const mclBnG1 *x)
+{
+ return cast(x)->isZero();
+}
+int mclBnG1_isValidOrder(const mclBnG1 *x)
+{
+ return cast(x)->isValidOrder();
+}
+
+int mclBnG1_hashAndMapTo(mclBnG1 *x, const void *buf, mclSize bufSize)
+{
+ hashAndMapToG1(*cast(x), buf, bufSize);
+ return 0;
+}
+
+mclSize mclBnG1_getStr(char *buf, mclSize maxBufSize, const mclBnG1 *x, int ioMode)
+{
+ return cast(x)->getStr(buf, maxBufSize, ioMode);
+}
+
+mclSize mclBnG1_serialize(void *buf, mclSize maxBufSize, const mclBnG1 *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnG1_neg(mclBnG1 *y, const mclBnG1 *x)
+{
+ G1::neg(*cast(y), *cast(x));
+}
+void mclBnG1_dbl(mclBnG1 *y, const mclBnG1 *x)
+{
+ G1::dbl(*cast(y), *cast(x));
+}
+void mclBnG1_normalize(mclBnG1 *y, const mclBnG1 *x)
+{
+ G1::normalize(*cast(y), *cast(x));
+}
+void mclBnG1_add(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y)
+{
+ G1::add(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG1_sub(mclBnG1 *z, const mclBnG1 *x, const mclBnG1 *y)
+{
+ G1::sub(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG1_mul(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y)
+{
+ G1::mul(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG1_mulCT(mclBnG1 *z, const mclBnG1 *x, const mclBnFr *y)
+{
+ G1::mulCT(*cast(z),*cast(x), *cast(y));
+}
+
+////////////////////////////////////////////////
+// set zero
+void mclBnG2_clear(mclBnG2 *x)
+{
+ cast(x)->clear();
+}
+
+int mclBnG2_setStr(mclBnG2 *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ return setStr(x, buf, bufSize, ioMode);
+}
+mclSize mclBnG2_deserialize(mclBnG2 *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+
+// return 1 if true
+int mclBnG2_isValid(const mclBnG2 *x)
+{
+ return cast(x)->isValid();
+}
+int mclBnG2_isEqual(const mclBnG2 *x, const mclBnG2 *y)
+{
+ return *cast(x) == *cast(y);
+}
+int mclBnG2_isZero(const mclBnG2 *x)
+{
+ return cast(x)->isZero();
+}
+int mclBnG2_isValidOrder(const mclBnG2 *x)
+{
+ return cast(x)->isValidOrder();
+}
+
+int mclBnG2_hashAndMapTo(mclBnG2 *x, const void *buf, mclSize bufSize)
+{
+ hashAndMapToG2(*cast(x), buf, bufSize);
+ return 0;
+}
+
+mclSize mclBnG2_getStr(char *buf, mclSize maxBufSize, const mclBnG2 *x, int ioMode)
+{
+ return cast(x)->getStr(buf, maxBufSize, ioMode);
+}
+
+mclSize mclBnG2_serialize(void *buf, mclSize maxBufSize, const mclBnG2 *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnG2_neg(mclBnG2 *y, const mclBnG2 *x)
+{
+ G2::neg(*cast(y), *cast(x));
+}
+void mclBnG2_dbl(mclBnG2 *y, const mclBnG2 *x)
+{
+ G2::dbl(*cast(y), *cast(x));
+}
+void mclBnG2_normalize(mclBnG2 *y, const mclBnG2 *x)
+{
+ G2::normalize(*cast(y), *cast(x));
+}
+void mclBnG2_add(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y)
+{
+ G2::add(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG2_sub(mclBnG2 *z, const mclBnG2 *x, const mclBnG2 *y)
+{
+ G2::sub(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG2_mul(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y)
+{
+ G2::mul(*cast(z),*cast(x), *cast(y));
+}
+void mclBnG2_mulCT(mclBnG2 *z, const mclBnG2 *x, const mclBnFr *y)
+{
+ G2::mulCT(*cast(z),*cast(x), *cast(y));
+}
+
+////////////////////////////////////////////////
+// set zero
+void mclBnGT_clear(mclBnGT *x)
+{
+ cast(x)->clear();
+}
+void mclBnGT_setInt(mclBnGT *y, mclInt x)
+{
+ cast(y)->clear();
+ *(cast(y)->getFp0()) = x;
+}
+void mclBnGT_setInt32(mclBnGT *y, int x)
+{
+ cast(y)->clear();
+ *(cast(y)->getFp0()) = x;
+}
+
+int mclBnGT_setStr(mclBnGT *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ return setStr(x, buf, bufSize, ioMode);
+}
+mclSize mclBnGT_deserialize(mclBnGT *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+
+// return 1 if true
+int mclBnGT_isEqual(const mclBnGT *x, const mclBnGT *y)
+{
+ return *cast(x) == *cast(y);
+}
+int mclBnGT_isZero(const mclBnGT *x)
+{
+ return cast(x)->isZero();
+}
+int mclBnGT_isOne(const mclBnGT *x)
+{
+ return cast(x)->isOne();
+}
+
+mclSize mclBnGT_getStr(char *buf, mclSize maxBufSize, const mclBnGT *x, int ioMode)
+{
+ return cast(x)->getStr(buf, maxBufSize, ioMode);
+}
+
+mclSize mclBnGT_serialize(void *buf, mclSize maxBufSize, const mclBnGT *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnGT_neg(mclBnGT *y, const mclBnGT *x)
+{
+ Fp12::neg(*cast(y), *cast(x));
+}
+void mclBnGT_inv(mclBnGT *y, const mclBnGT *x)
+{
+ Fp12::inv(*cast(y), *cast(x));
+}
+void mclBnGT_sqr(mclBnGT *y, const mclBnGT *x)
+{
+ Fp12::sqr(*cast(y), *cast(x));
+}
+void mclBnGT_add(mclBnGT *z, const mclBnGT *x, const mclBnGT *y)
+{
+ Fp12::add(*cast(z),*cast(x), *cast(y));
+}
+void mclBnGT_sub(mclBnGT *z, const mclBnGT *x, const mclBnGT *y)
+{
+ Fp12::sub(*cast(z),*cast(x), *cast(y));
+}
+void mclBnGT_mul(mclBnGT *z, const mclBnGT *x, const mclBnGT *y)
+{
+ Fp12::mul(*cast(z),*cast(x), *cast(y));
+}
+void mclBnGT_div(mclBnGT *z, const mclBnGT *x, const mclBnGT *y)
+{
+ Fp12::div(*cast(z),*cast(x), *cast(y));
+}
+
+void mclBnGT_pow(mclBnGT *z, const mclBnGT *x, const mclBnFr *y)
+{
+ Fp12::pow(*cast(z), *cast(x), *cast(y));
+}
+void mclBnGT_powGeneric(mclBnGT *z, const mclBnGT *x, const mclBnFr *y)
+{
+ Fp12::powGeneric(*cast(z), *cast(x), *cast(y));
+}
+
+void mclBn_pairing(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y)
+{
+ pairing(*cast(z), *cast(x), *cast(y));
+}
+void mclBn_finalExp(mclBnGT *y, const mclBnGT *x)
+{
+ finalExp(*cast(y), *cast(x));
+}
+void mclBn_millerLoop(mclBnGT *z, const mclBnG1 *x, const mclBnG2 *y)
+{
+ millerLoop(*cast(z), *cast(x), *cast(y));
+}
+int mclBn_getUint64NumToPrecompute(void)
+{
+ return int(BN::param.precomputedQcoeffSize * sizeof(Fp6) / sizeof(uint64_t));
+}
+
+void mclBn_precomputeG2(uint64_t *Qbuf, const mclBnG2 *Q)
+{
+ precomputeG2(cast(Qbuf), *cast(Q));
+}
+
+void mclBn_precomputedMillerLoop(mclBnGT *f, const mclBnG1 *P, const uint64_t *Qbuf)
+{
+ precomputedMillerLoop(*cast(f), *cast(P), cast(Qbuf));
+}
+
+void mclBn_precomputedMillerLoop2(mclBnGT *f, const mclBnG1 *P1, const uint64_t *Q1buf, const mclBnG1 *P2, const uint64_t *Q2buf)
+{
+ precomputedMillerLoop2(*cast(f), *cast(P1), cast(Q1buf), *cast(P2), cast(Q2buf));
+}
+
+void mclBn_precomputedMillerLoop2mixed(mclBnGT *f, const mclBnG1 *P1, const mclBnG2 *Q1, const mclBnG1 *P2, const uint64_t *Q2buf)
+{
+ precomputedMillerLoop2mixed(*cast(f), *cast(P1), *cast(Q1), *cast(P2), cast(Q2buf));
+}
+
+int mclBn_FrLagrangeInterpolation(mclBnFr *out, const mclBnFr *xVec, const mclBnFr *yVec, mclSize k)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(out), cast(xVec), cast(yVec), k);
+ return b ? 0 : -1;
+}
+int mclBn_G1LagrangeInterpolation(mclBnG1 *out, const mclBnFr *xVec, const mclBnG1 *yVec, mclSize k)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(out), cast(xVec), cast(yVec), k);
+ return b ? 0 : -1;
+}
+int mclBn_G2LagrangeInterpolation(mclBnG2 *out, const mclBnFr *xVec, const mclBnG2 *yVec, mclSize k)
+{
+ bool b;
+ mcl::LagrangeInterpolation(&b, *cast(out), cast(xVec), cast(yVec), k);
+ return b ? 0 : -1;
+}
+int mclBn_FrEvaluatePolynomial(mclBnFr *out, const mclBnFr *cVec, mclSize cSize, const mclBnFr *x)
+{
+ bool b;
+ mcl::evaluatePolynomial(&b, *cast(out), cast(cVec), cSize, *cast(x));
+ return b ? 0 : -1;
+}
+int mclBn_G1EvaluatePolynomial(mclBnG1 *out, const mclBnG1 *cVec, mclSize cSize, const mclBnFr *x)
+{
+ bool b;
+ mcl::evaluatePolynomial(&b, *cast(out), cast(cVec), cSize, *cast(x));
+ return b ? 0 : -1;
+}
+int mclBn_G2EvaluatePolynomial(mclBnG2 *out, const mclBnG2 *cVec, mclSize cSize, const mclBnFr *x)
+{
+ bool b;
+ mcl::evaluatePolynomial(&b, *cast(out), cast(cVec), cSize, *cast(x));
+ return b ? 0 : -1;
+}
+
+void mclBn_verifyOrderG1(int doVerify)
+{
+ verifyOrderG1(doVerify != 0);
+}
+
+void mclBn_verifyOrderG2(int doVerify)
+{
+ verifyOrderG2(doVerify != 0);
+}
+
+mclSize mclBnFp_getStr(char *buf, mclSize maxBufSize, const mclBnFp *x, int ioMode)
+{
+ return cast(x)->getStr(buf, maxBufSize, ioMode);
+}
+int mclBnFp_setStr(mclBnFp *x, const char *buf, mclSize bufSize, int ioMode)
+{
+ return setStr(x, buf, bufSize, ioMode);
+}
+mclSize mclBnFp_deserialize(mclBnFp *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+
+mclSize mclBnFp_serialize(void *buf, mclSize maxBufSize, const mclBnFp *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnFp_clear(mclBnFp *x)
+{
+ cast(x)->clear();
+}
+
+int mclBnFp_setLittleEndian(mclBnFp *x, const void *buf, mclSize bufSize)
+{
+ cast(x)->setArrayMask((const char *)buf, bufSize);
+ return 0;
+}
+
+int mclBnFp_setLittleEndianMod(mclBnFp *x, const void *buf, mclSize bufSize)
+{
+ bool b;
+ cast(x)->setArray(&b, (const char *)buf, bufSize, mcl::fp::Mod);
+ return b ? 0 : -1;
+}
+int mclBnFp_isEqual(const mclBnFp *x, const mclBnFp *y)
+{
+ return *cast(x) == *cast(y);
+}
+
+int mclBnFp_setHashOf(mclBnFp *x, const void *buf, mclSize bufSize)
+{
+ cast(x)->setHashOf(buf, bufSize);
+ return 0;
+}
+
+int mclBnFp_mapToG1(mclBnG1 *y, const mclBnFp *x)
+{
+ bool b;
+ mapToG1(&b, *cast(y), *cast(x));
+ return b ? 0 : -1;
+}
+
+mclSize mclBnFp2_deserialize(mclBnFp2 *x, const void *buf, mclSize bufSize)
+{
+ return (mclSize)cast(x)->deserialize(buf, bufSize);
+}
+
+mclSize mclBnFp2_serialize(void *buf, mclSize maxBufSize, const mclBnFp2 *x)
+{
+ return (mclSize)cast(x)->serialize(buf, maxBufSize);
+}
+
+void mclBnFp2_clear(mclBnFp2 *x)
+{
+ cast(x)->clear();
+}
+
+int mclBnFp2_isEqual(const mclBnFp2 *x, const mclBnFp2 *y)
+{
+ return *cast(x) == *cast(y);
+}
+
+int mclBnFp2_mapToG2(mclBnG2 *y, const mclBnFp2 *x)
+{
+ bool b;
+ mapToG2(&b, *cast(y), *cast(x));
+ return b ? 0 : -1;
+}
+
+int mclBnG1_getBasePoint(mclBnG1 *x)
+{
+ *cast(x) = mcl::bn::getG1basePoint();
+ return 0;
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/lagrange.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/lagrange.hpp
new file mode 100644
index 000000000..18e0597ec
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/lagrange.hpp
@@ -0,0 +1,107 @@
+#pragma once
+/**
+ @file
+ @brief Lagrange Interpolation
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+namespace mcl {
+
+/*
+ recover out = f(0) by { (x, y) | x = S[i], y = f(x) = vec[i] }
+ @retval 0 if succeed else -1
+*/
+template<class G, class F>
+void LagrangeInterpolation(bool *pb, G& out, const F *S, const G *vec, size_t k)
+{
+ if (k == 0) {
+ *pb = false;
+ return;
+ }
+ if (k == 1) {
+ out = vec[0];
+ *pb = true;
+ return;
+ }
+ /*
+ delta_{i,S}(0) = prod_{j != i} S[j] / (S[j] - S[i]) = a / b
+ where a = prod S[j], b = S[i] * prod_{j != i} (S[j] - S[i])
+ */
+ F a = S[0];
+ for (size_t i = 1; i < k; i++) {
+ a *= S[i];
+ }
+ if (a.isZero()) {
+ *pb = false;
+ return;
+ }
+ /*
+ f(0) = sum_i f(S[i]) delta_{i,S}(0)
+ */
+ G r;
+ r.clear();
+ for (size_t i = 0; i < k; i++) {
+ F b = S[i];
+ for (size_t j = 0; j < k; j++) {
+ if (j != i) {
+ F v = S[j] - S[i];
+ if (v.isZero()) {
+ *pb = false;
+ return;
+ }
+ b *= v;
+ }
+ }
+ G t;
+ G::mul(t, vec[i], a / b);
+ r += t;
+ }
+ out = r;
+ *pb = true;
+}
+
+/*
+ out = f(x) = c[0] + c[1] * x + c[2] * x^2 + ... + c[cSize - 1] * x^(cSize - 1)
+ @retval 0 if succeed else -1 (if cSize == 0)
+*/
+template<class G, class T>
+void evaluatePolynomial(bool *pb, G& out, const G *c, size_t cSize, const T& x)
+{
+ if (cSize == 0) {
+ *pb = false;
+ return;
+ }
+ if (cSize == 1) {
+ out = c[0];
+ *pb = true;
+ return;
+ }
+ G y = c[cSize - 1];
+ for (int i = (int)cSize - 2; i >= 0; i--) {
+ G::mul(y, y, x);
+ G::add(y, y, c[i]);
+ }
+ out = y;
+ *pb = true;
+}
+
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+template<class G, class F>
+void LagrangeInterpolation(G& out, const F *S, const G *vec, size_t k)
+{
+ bool b;
+ LagrangeInterpolation(&b, out, S, vec, k);
+ if (!b) throw cybozu::Exception("LagrangeInterpolation");
+}
+
+template<class G, class T>
+void evaluatePolynomial(G& out, const G *c, size_t cSize, const T& x)
+{
+ bool b;
+ evaluatePolynomial(&b, out, c, cSize, x);
+ if (!b) throw cybozu::Exception("evaluatePolynomial");
+}
+#endif
+
+} // mcl
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/op.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/op.hpp
new file mode 100644
index 000000000..36d37035e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/op.hpp
@@ -0,0 +1,389 @@
+#pragma once
+/**
+ @file
+ @brief definition of Op
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/gmp_util.hpp>
+#include <memory.h>
+#include <mcl/array.hpp>
+
+#ifndef MCL_MAX_BIT_SIZE
+ #define MCL_MAX_BIT_SIZE 521
+#endif
+#if defined(__EMSCRIPTEN__) || defined(__wasm__)
+ #define MCL_DONT_USE_XBYAK
+ #define MCL_DONT_USE_OPENSSL
+#endif
+#if !defined(MCL_DONT_USE_XBYAK) && (defined(_WIN64) || defined(__x86_64__)) && (MCL_SIZEOF_UNIT == 8)
+ #define MCL_USE_XBYAK
+ #define MCL_XBYAK_DIRECT_CALL
+#endif
+
+#define MCL_MAX_HASH_BIT_SIZE 512
+
+namespace mcl {
+
+static const int version = 0x092; /* 0xABC = A.BC */
+
+/*
+ specifies available string format mode for X::setIoMode()
+ // for Fp, Fp2, Fp6, Fp12
+ default(0) : IoDec
+ printable string(zero terminated, variable size)
+ IoBin(2) | IoDec(10) | IoHex(16) | IoBinPrefix | IoHexPrefix
+
+ byte string(not zero terminated, fixed size)
+ IoArray | IoArrayRaw
+ IoArray = IoSerialize
+
+ // for Ec
+ affine(0) | IoEcCompY | IoComp
+ default : affine
+
+ affine and IoEcCompY are available with ioMode for Fp
+ IoSerialize ignores ioMode for Fp
+
+ IoAuto
+ dec or hex according to ios_base::fmtflags
+ IoBin
+ binary number([01]+)
+ IoDec
+ decimal number
+ IoHex
+ hexadecimal number([0-9a-fA-F]+)
+ IoBinPrefix
+ 0b + <binary number>
+ IoHexPrefix
+ 0x + <hexadecimal number>
+ IoArray
+ array of Unit(fixed size = Fp::getByteSize())
+ IoArrayRaw
+ array of Unit(fixed size = Fp::getByteSize()) without Montgomery conversion
+
+ // for Ec::setIoMode()
+ IoEcAffine(default)
+ "0" ; infinity
+ "1 <x> <y>" ; affine coordinate
+
+ IoEcProj
+ "4" <x> <y> <z> ; projective or jacobi coordinate
+
+ IoEcCompY
+ 1-bit y prepresentation of elliptic curve
+ "2 <x>" ; compressed for even y
+ "3 <x>" ; compressed for odd y
+
+ IoSerialize
+ if isMSBserialize(): // p is not full bit
+ size = Fp::getByteSize()
+ use MSB of array of x for 1-bit y for prime p where (p % 8 != 0)
+ [0] ; infinity
+ <x> ; for even y
+ <x>|1 ; for odd y ; |1 means set MSB of x
+ else:
+ size = Fp::getByteSize() + 1
+ [0] ; infinity
+ 2 <x> ; for even y
+ 3 <x> ; for odd y
+*/
+enum IoMode {
+ IoAuto = 0, // dec or hex according to ios_base::fmtflags
+ IoBin = 2, // binary number without prefix
+ IoDec = 10, // decimal number without prefix
+ IoHex = 16, // hexadecimal number without prefix
+ IoArray = 32, // array of Unit(fixed size)
+ IoArrayRaw = 64, // raw array of Unit without Montgomery conversion
+ IoPrefix = 128, // append '0b'(bin) or '0x'(hex)
+ IoBinPrefix = IoBin | IoPrefix,
+ IoHexPrefix = IoHex | IoPrefix,
+ IoEcAffine = 0, // affine coordinate
+ IoEcCompY = 256, // 1-bit y representation of elliptic curve
+ IoSerialize = 512, // use MBS for 1-bit y
+ IoFixedSizeByteSeq = IoSerialize, // obsolete
+ IoEcProj = 1024, // projective or jacobi coordinate
+ IoSerializeHexStr = 2048 // printable hex string
+};
+
+namespace fp {
+
+const size_t UnitBitSize = sizeof(Unit) * 8;
+
+const size_t maxUnitSize = (MCL_MAX_BIT_SIZE + UnitBitSize - 1) / UnitBitSize;
+#define MCL_MAX_UNIT_SIZE ((MCL_MAX_BIT_SIZE + MCL_UNIT_BIT_SIZE - 1) / MCL_UNIT_BIT_SIZE)
+
+struct FpGenerator;
+struct Op;
+
+typedef void (*void1u)(Unit*);
+typedef void (*void2u)(Unit*, const Unit*);
+typedef void (*void2uI)(Unit*, const Unit*, Unit);
+typedef void (*void2uIu)(Unit*, const Unit*, Unit, const Unit*);
+typedef void (*void2uOp)(Unit*, const Unit*, const Op&);
+typedef void (*void3u)(Unit*, const Unit*, const Unit*);
+typedef void (*void4u)(Unit*, const Unit*, const Unit*, const Unit*);
+typedef int (*int2u)(Unit*, const Unit*);
+
+typedef Unit (*u1uII)(Unit*, Unit, Unit);
+typedef Unit (*u3u)(Unit*, const Unit*, const Unit*);
+
+/*
+ disable -Wcast-function-type
+ the number of arguments of some JIT functions is smaller than that of T
+*/
+template<class T, class S>
+T func_ptr_cast(S func)
+{
+ return reinterpret_cast<T>(reinterpret_cast<void*>(func));
+}
+struct Block {
+ const Unit *p; // pointer to original FpT.v_
+ size_t n;
+ Unit v_[maxUnitSize];
+};
+
+enum Mode {
+ FP_AUTO,
+ FP_GMP,
+ FP_GMP_MONT,
+ FP_LLVM,
+ FP_LLVM_MONT,
+ FP_XBYAK
+};
+
+enum PrimeMode {
+ PM_GENERIC = 0,
+ PM_NIST_P192,
+ PM_SECP256K1,
+ PM_NIST_P521
+};
+
+enum MaskMode {
+ NoMask = 0, // throw if greater or equal
+ SmallMask = 1, // 1-bit smaller mask if greater or equal
+ MaskAndMod = 2, // mask and substract if greater or equal
+ Mod = 3 // mod p
+};
+
+struct Op {
+ /*
+ don't change the layout of rp and p
+ asm code assumes &rp + 1 == p
+ */
+ Unit rp;
+ Unit p[maxUnitSize];
+ mpz_class mp;
+ uint32_t pmod4;
+ mcl::SquareRoot sq;
+ mcl::Modp modp;
+ Unit half[maxUnitSize]; // (p + 1) / 2
+ Unit oneRep[maxUnitSize]; // 1(=inv R if Montgomery)
+ /*
+ for Montgomery
+ one = 1
+ R = (1 << (N * sizeof(Unit) * 8)) % p
+ R2 = (R * R) % p
+ R3 = RR^3
+ */
+ Unit one[maxUnitSize];
+ Unit R2[maxUnitSize];
+ Unit R3[maxUnitSize];
+#ifdef MCL_USE_XBYAK
+ FpGenerator *fg;
+ mcl::Array<Unit> invTbl;
+#endif
+ void3u fp_addA_;
+ void3u fp_subA_;
+ void2u fp_negA_;
+ void3u fp_mulA_;
+ void2u fp_sqrA_;
+ void3u fp2_addA_;
+ void3u fp2_subA_;
+ void2u fp2_negA_;
+ void3u fp2_mulA_;
+ void2u fp2_sqrA_;
+ void3u fpDbl_addA_;
+ void3u fpDbl_subA_;
+ void3u fpDbl_mulPreA_;
+ void2u fpDbl_sqrPreA_;
+ void2u fpDbl_modA_;
+ void3u fp2Dbl_mulPreA_;
+ void2u fp2Dbl_sqrPreA_;
+ size_t maxN;
+ size_t N;
+ size_t bitSize;
+ bool (*fp_isZero)(const Unit*);
+ void1u fp_clear;
+ void2u fp_copy;
+ void2u fp_shr1;
+ void3u fp_neg;
+ void4u fp_add;
+ void4u fp_sub;
+ void4u fp_mul;
+ void3u fp_sqr;
+ void2uOp fp_invOp;
+ void2uIu fp_mulUnit; // fpN1_mod + fp_mulUnitPre
+
+ void3u fpDbl_mulPre;
+ void2u fpDbl_sqrPre;
+ int2u fp_preInv;
+ void2uI fp_mulUnitPre; // z[N + 1] = x[N] * y
+ void3u fpN1_mod; // y[N] = x[N + 1] % p[N]
+
+ void4u fpDbl_add;
+ void4u fpDbl_sub;
+ void3u fpDbl_mod;
+
+ u3u fp_addPre; // without modulo p
+ u3u fp_subPre; // without modulo p
+ u3u fpDbl_addPre;
+ u3u fpDbl_subPre;
+ /*
+ for Fp2 = F[u] / (u^2 + 1)
+ x = a + bu
+ */
+ int xi_a; // xi = xi_a + u
+ void4u fp2_mulNF;
+ void2u fp2_inv;
+ void2u fp2_mul_xiA_;
+ uint32_t (*hash)(void *out, uint32_t maxOutSize, const void *msg, uint32_t msgSize);
+
+ PrimeMode primeMode;
+ bool isFullBit; // true if bitSize % uniSize == 0
+ bool isMont; // true if use Montgomery
+ bool isFastMod; // true if modulo is fast
+
+ Op()
+ {
+ clear();
+ }
+ ~Op()
+ {
+#ifdef MCL_USE_XBYAK
+ destroyFpGenerator(fg);
+#endif
+ }
+ void clear()
+ {
+ rp = 0;
+ memset(p, 0, sizeof(p));
+ mp = 0;
+ pmod4 = 0;
+ sq.clear();
+ // fg is not set
+ memset(half, 0, sizeof(half));
+ memset(oneRep, 0, sizeof(oneRep));
+ memset(one, 0, sizeof(one));
+ memset(R2, 0, sizeof(R2));
+ memset(R3, 0, sizeof(R3));
+#ifdef MCL_USE_XBYAK
+ invTbl.clear();
+#endif
+ fp_addA_ = 0;
+ fp_subA_ = 0;
+ fp_negA_ = 0;
+ fp_mulA_ = 0;
+ fp_sqrA_ = 0;
+ fp2_addA_ = 0;
+ fp2_subA_ = 0;
+ fp2_negA_ = 0;
+ fp2_mulA_ = 0;
+ fp2_sqrA_ = 0;
+ fpDbl_addA_ = 0;
+ fpDbl_subA_ = 0;
+ fpDbl_mulPreA_ = 0;
+ fpDbl_sqrPreA_ = 0;
+ fpDbl_modA_ = 0;
+ fp2Dbl_mulPreA_ = 0;
+ fp2Dbl_sqrPreA_ = 0;
+ maxN = 0;
+ N = 0;
+ bitSize = 0;
+ fp_isZero = 0;
+ fp_clear = 0;
+ fp_copy = 0;
+ fp_shr1 = 0;
+ fp_neg = 0;
+ fp_add = 0;
+ fp_sub = 0;
+ fp_mul = 0;
+ fp_sqr = 0;
+ fp_invOp = 0;
+ fp_mulUnit = 0;
+
+ fpDbl_mulPre = 0;
+ fpDbl_sqrPre = 0;
+ fp_preInv = 0;
+ fp_mulUnitPre = 0;
+ fpN1_mod = 0;
+
+ fpDbl_add = 0;
+ fpDbl_sub = 0;
+ fpDbl_mod = 0;
+
+ fp_addPre = 0;
+ fp_subPre = 0;
+ fpDbl_addPre = 0;
+ fpDbl_subPre = 0;
+
+ xi_a = 0;
+ fp2_mulNF = 0;
+ fp2_inv = 0;
+ fp2_mul_xiA_ = 0;
+
+ primeMode = PM_GENERIC;
+ isFullBit = false;
+ isMont = false;
+ isFastMod = false;
+ hash = 0;
+ }
+ void fromMont(Unit* y, const Unit *x) const
+ {
+ /*
+ M(x, y) = xyR^-1
+ y = M(x, 1) = xR^-1
+ */
+ fp_mul(y, x, one, p);
+ }
+ void toMont(Unit* y, const Unit *x) const
+ {
+ /*
+ y = M(x, R2) = xR^2 R^-1 = xR
+ */
+ fp_mul(y, x, R2, p);
+ }
+ bool init(const mpz_class& p, size_t maxBitSize, int xi_a, Mode mode, size_t mclMaxBitSize = MCL_MAX_BIT_SIZE);
+#ifdef MCL_USE_XBYAK
+ static FpGenerator* createFpGenerator();
+ static void destroyFpGenerator(FpGenerator *fg);
+#endif
+private:
+ Op(const Op&);
+ void operator=(const Op&);
+};
+
+inline const char* getIoSeparator(int ioMode)
+{
+ return (ioMode & (IoArray | IoArrayRaw | IoSerialize | IoSerializeHexStr)) ? "" : " ";
+}
+
+inline void dump(const char *s, size_t n)
+{
+ for (size_t i = 0; i < n; i++) {
+ printf("%02x ", (uint8_t)s[i]);
+ }
+ printf("\n");
+}
+
+#ifndef CYBOZU_DONT_USE_STRING
+int detectIoMode(int ioMode, const std::ios_base& ios);
+
+inline void dump(const std::string& s)
+{
+ dump(s.c_str(), s.size());
+}
+#endif
+
+} } // mcl::fp
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/operator.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/operator.hpp
new file mode 100644
index 000000000..e9bc506df
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/operator.hpp
@@ -0,0 +1,177 @@
+#pragma once
+/**
+ @file
+ @brief operator class
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/op.hpp>
+#include <mcl/util.hpp>
+#ifdef _MSC_VER
+ #ifndef MCL_FORCE_INLINE
+ #define MCL_FORCE_INLINE __forceinline
+ #endif
+ #pragma warning(push)
+ #pragma warning(disable : 4714)
+#else
+ #ifndef MCL_FORCE_INLINE
+ #define MCL_FORCE_INLINE __attribute__((always_inline))
+ #endif
+#endif
+
+namespace mcl { namespace fp {
+
+template<class T>
+struct Empty {};
+
+/*
+ T must have add, sub, mul, inv, neg
+*/
+template<class T, class E = Empty<T> >
+struct Operator : public E {
+ template<class S> MCL_FORCE_INLINE T& operator+=(const S& rhs) { T::add(static_cast<T&>(*this), static_cast<const T&>(*this), rhs); return static_cast<T&>(*this); }
+ template<class S> MCL_FORCE_INLINE T& operator-=(const S& rhs) { T::sub(static_cast<T&>(*this), static_cast<const T&>(*this), rhs); return static_cast<T&>(*this); }
+ template<class S> friend MCL_FORCE_INLINE T operator+(const T& a, const S& b) { T c; T::add(c, a, b); return c; }
+ template<class S> friend MCL_FORCE_INLINE T operator-(const T& a, const S& b) { T c; T::sub(c, a, b); return c; }
+ template<class S> MCL_FORCE_INLINE T& operator*=(const S& rhs) { T::mul(static_cast<T&>(*this), static_cast<const T&>(*this), rhs); return static_cast<T&>(*this); }
+ template<class S> friend MCL_FORCE_INLINE T operator*(const T& a, const S& b) { T c; T::mul(c, a, b); return c; }
+ MCL_FORCE_INLINE T& operator/=(const T& rhs) { T c; T::inv(c, rhs); T::mul(static_cast<T&>(*this), static_cast<const T&>(*this), c); return static_cast<T&>(*this); }
+ static MCL_FORCE_INLINE void div(T& c, const T& a, const T& b) { T t; T::inv(t, b); T::mul(c, a, t); }
+ friend MCL_FORCE_INLINE T operator/(const T& a, const T& b) { T c; T::inv(c, b); c *= a; return c; }
+ MCL_FORCE_INLINE T operator-() const { T c; T::neg(c, static_cast<const T&>(*this)); return c; }
+ template<class tag2, size_t maxBitSize2, template<class _tag, size_t _maxBitSize> class FpT>
+ static void pow(T& z, const T& x, const FpT<tag2, maxBitSize2>& y)
+ {
+ fp::Block b;
+ y.getBlock(b);
+ powArray(z, x, b.p, b.n, false, false);
+ }
+ template<class tag2, size_t maxBitSize2, template<class _tag, size_t _maxBitSize> class FpT>
+ static void powGeneric(T& z, const T& x, const FpT<tag2, maxBitSize2>& y)
+ {
+ fp::Block b;
+ y.getBlock(b);
+ powArrayBase(z, x, b.p, b.n, false, false);
+ }
+ template<class tag2, size_t maxBitSize2, template<class _tag, size_t _maxBitSize> class FpT>
+ static void powCT(T& z, const T& x, const FpT<tag2, maxBitSize2>& y)
+ {
+ fp::Block b;
+ y.getBlock(b);
+ powArray(z, x, b.p, b.n, false, true);
+ }
+ static void pow(T& z, const T& x, int64_t y)
+ {
+ const uint64_t u = fp::abs_(y);
+#if MCL_SIZEOF_UNIT == 8
+ powArray(z, x, &u, 1, y < 0, false);
+#else
+ uint32_t ua[2] = { uint32_t(u), uint32_t(u >> 32) };
+ size_t un = ua[1] ? 2 : 1;
+ powArray(z, x, ua, un, y < 0, false);
+#endif
+ }
+ static void pow(T& z, const T& x, const mpz_class& y)
+ {
+ powArray(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0, false);
+ }
+ static void powGeneric(T& z, const T& x, const mpz_class& y)
+ {
+ powArrayBase(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0, false);
+ }
+ static void powCT(T& z, const T& x, const mpz_class& y)
+ {
+ powArray(z, x, gmp::getUnit(y), gmp::getUnitSize(y), y < 0, true);
+ }
+ static void setPowArrayGLV(void f(T& z, const T& x, const Unit *y, size_t yn, bool isNegative, bool constTime))
+ {
+ powArrayGLV = f;
+ }
+private:
+ static void (*powArrayGLV)(T& z, const T& x, const Unit *y, size_t yn, bool isNegative, bool constTime);
+ static void powArray(T& z, const T& x, const Unit *y, size_t yn, bool isNegative, bool constTime)
+ {
+ if (powArrayGLV && (constTime || yn > 1)) {
+ powArrayGLV(z, x, y, yn, isNegative, constTime);
+ return;
+ }
+ powArrayBase(z, x, y, yn, isNegative, constTime);
+ }
+ static void powArrayBase(T& z, const T& x, const Unit *y, size_t yn, bool isNegative, bool constTime)
+ {
+ T tmp;
+ const T *px = &x;
+ if (&z == &x) {
+ tmp = x;
+ px = &tmp;
+ }
+ z = 1;
+ fp::powGeneric(z, *px, y, yn, T::mul, T::sqr, (void (*)(T&, const T&))0, constTime ? T::BaseFp::getBitSize() : 0);
+ if (isNegative) {
+ T::inv(z, z);
+ }
+ }
+};
+
+template<class T, class E>
+void (*Operator<T, E>::powArrayGLV)(T& z, const T& x, const Unit *y, size_t yn, bool isNegative, bool constTime);
+
+/*
+ T must have save and load
+*/
+template<class T, class E = Empty<T> >
+struct Serializable : public E {
+ void setStr(bool *pb, const char *str, int ioMode = 0)
+ {
+ size_t len = strlen(str);
+ size_t n = deserialize(str, len, ioMode);
+ *pb = n > 0 && n == len;
+ }
+ // return strlen(buf) if success else 0
+ size_t getStr(char *buf, size_t maxBufSize, int ioMode = 0) const
+ {
+ size_t n = serialize(buf, maxBufSize, ioMode);
+ if (n == 0 || n == maxBufSize - 1) return 0;
+ buf[n] = '\0';
+ return n;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ void setStr(const std::string& str, int ioMode = 0)
+ {
+ cybozu::StringInputStream is(str);
+ static_cast<T&>(*this).load(is, ioMode);
+ }
+ void getStr(std::string& str, int ioMode = 0) const
+ {
+ str.clear();
+ cybozu::StringOutputStream os(str);
+ static_cast<const T&>(*this).save(os, ioMode);
+ }
+ std::string getStr(int ioMode = 0) const
+ {
+ std::string str;
+ getStr(str, ioMode);
+ return str;
+ }
+#endif
+ // return written bytes
+ size_t serialize(void *buf, size_t maxBufSize, int ioMode = IoSerialize) const
+ {
+ cybozu::MemoryOutputStream os(buf, maxBufSize);
+ bool b;
+ static_cast<const T&>(*this).save(&b, os, ioMode);
+ return b ? os.getPos() : 0;
+ }
+ // return read bytes
+ size_t deserialize(const void *buf, size_t bufSize, int ioMode = IoSerialize)
+ {
+ cybozu::MemoryInputStream is(buf, bufSize);
+ bool b;
+ static_cast<T&>(*this).load(&b, is, ioMode);
+ return b ? is.getPos() : 0;
+ }
+};
+
+} } // mcl::fp
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/paillier.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/paillier.hpp
new file mode 100644
index 000000000..03e44cb16
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/paillier.hpp
@@ -0,0 +1,84 @@
+#pragma once
+/**
+ @file
+ @brief paillier encryption
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/gmp_util.hpp>
+
+namespace mcl { namespace paillier {
+
+class PublicKey {
+ size_t primeBitSize;
+ mpz_class g;
+ mpz_class n;
+ mpz_class n2;
+public:
+ PublicKey() : primeBitSize(0) {}
+ void init(size_t _primeBitSize, const mpz_class& _n)
+ {
+ primeBitSize = _primeBitSize;
+ n = _n;
+ g = 1 + _n;
+ n2 = _n * _n;
+ }
+ void enc(mpz_class& c, const mpz_class& m, mcl::fp::RandGen rg = mcl::fp::RandGen()) const
+ {
+ if (rg.isZero()) rg = mcl::fp::RandGen::get();
+ if (primeBitSize == 0) throw cybozu::Exception("paillier:PublicKey:not init");
+ mpz_class r;
+ mcl::gmp::getRand(r, primeBitSize, rg);
+ mpz_class a, b;
+ mcl::gmp::powMod(a, g, m, n2);
+ mcl::gmp::powMod(b, r, n, n2);
+ c = (a * b) % n2;
+ }
+ /*
+ additive homomorphic encryption
+ cz = cx + cy
+ */
+ void add(mpz_class& cz, mpz_class& cx, mpz_class& cy) const
+ {
+ cz = (cx * cy) % n2;
+ }
+};
+
+class SecretKey {
+ size_t primeBitSize;
+ mpz_class n;
+ mpz_class n2;
+ mpz_class lambda;
+ mpz_class invLambda;
+public:
+ SecretKey() : primeBitSize(0) {}
+ /*
+ the size of prime is half of bitSize
+ */
+ void init(size_t bitSize, mcl::fp::RandGen rg = mcl::fp::RandGen())
+ {
+ if (rg.isZero()) rg = mcl::fp::RandGen::get();
+ primeBitSize = bitSize / 2;
+ mpz_class p, q;
+ mcl::gmp::getRandPrime(p, primeBitSize, rg);
+ mcl::gmp::getRandPrime(q, primeBitSize, rg);
+ lambda = (p - 1) * (q - 1);
+ n = p * q;
+ n2 = n * n;
+ mcl::gmp::invMod(invLambda, lambda, n);
+ }
+ void getPublicKey(PublicKey& pub) const
+ {
+ pub.init(primeBitSize, n);
+ }
+ void dec(mpz_class& m, const mpz_class& c) const
+ {
+ mpz_class L;
+ mcl::gmp::powMod(L, c, lambda, n2);
+ L = ((L - 1) / n) % n;
+ m = (L * invLambda) % n;
+ }
+};
+
+} } // mcl::paillier
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/randgen.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/randgen.hpp
new file mode 100644
index 000000000..30502fc10
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/randgen.hpp
@@ -0,0 +1,156 @@
+#pragma once
+/**
+ @file
+ @brief definition of Op
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#ifdef MCL_DONT_USE_CSPRNG
+
+// nothing
+
+#elif defined(MCL_USE_WEB_CRYPTO_API)
+#include <emscripten.h>
+
+namespace mcl {
+struct RandomGeneratorJS {
+ void read(bool *pb, void *buf, uint32_t byteSize)
+ {
+ // cf. https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
+ if (byteSize > 65536) {
+ *pb = false;
+ return;
+ }
+ // use crypto.getRandomValues
+ EM_ASM({Module.cryptoGetRandomValues($0, $1)}, buf, byteSize);
+ *pb = true;
+ }
+};
+} // mcl
+
+#else
+#include <cybozu/random_generator.hpp>
+#if 0 // #if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+#include <random>
+#endif
+#endif
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4521)
+#endif
+namespace mcl { namespace fp {
+
+namespace local {
+
+template<class RG>
+uint32_t readWrapper(void *self, void *buf, uint32_t byteSize)
+{
+ bool b;
+ reinterpret_cast<RG*>(self)->read(&b, (uint8_t*)buf, byteSize);
+ if (b) return byteSize;
+ return 0;
+}
+
+#if 0 // #if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+template<>
+inline uint32_t readWrapper<std::random_device>(void *self, void *buf, uint32_t byteSize)
+{
+ const uint32_t keep = byteSize;
+ std::random_device& rg = *reinterpret_cast<std::random_device*>(self);
+ uint8_t *p = reinterpret_cast<uint8_t*>(buf);
+ uint32_t v;
+ while (byteSize >= 4) {
+ v = rg();
+ memcpy(p, &v, 4);
+ p += 4;
+ byteSize -= 4;
+ }
+ if (byteSize > 0) {
+ v = rg();
+ memcpy(p, &v, byteSize);
+ }
+ return keep;
+}
+#endif
+} // local
+/*
+ wrapper of cryptographically secure pseudo random number generator
+*/
+class RandGen {
+ typedef uint32_t (*readFuncType)(void *self, void *buf, uint32_t byteSize);
+ void *self_;
+ readFuncType readFunc_;
+public:
+ RandGen() : self_(0), readFunc_(0) {}
+ RandGen(void *self, readFuncType readFunc) : self_(self) , readFunc_(readFunc) {}
+ RandGen(const RandGen& rhs) : self_(rhs.self_), readFunc_(rhs.readFunc_) {}
+ RandGen(RandGen& rhs) : self_(rhs.self_), readFunc_(rhs.readFunc_) {}
+ RandGen& operator=(const RandGen& rhs)
+ {
+ self_ = rhs.self_;
+ readFunc_ = rhs.readFunc_;
+ return *this;
+ }
+ template<class RG>
+ RandGen(RG& rg)
+ : self_(reinterpret_cast<void*>(&rg))
+ , readFunc_(local::readWrapper<RG>)
+ {
+ }
+ void read(bool *pb, void *out, size_t byteSize)
+ {
+ uint32_t size = readFunc_(self_, out, static_cast<uint32_t>(byteSize));
+ *pb = size == byteSize;
+ }
+#ifdef MCL_DONT_USE_CSPRNG
+ bool isZero() const { return false; } /* return false to avoid copying default rg */
+#else
+ bool isZero() const { return self_ == 0 && readFunc_ == 0; }
+#endif
+ static RandGen& getDefaultRandGen()
+ {
+#ifdef MCL_DONT_USE_CSPRNG
+ static RandGen wrg;
+#elif defined(MCL_USE_WEB_CRYPTO_API)
+ static mcl::RandomGeneratorJS rg;
+ static RandGen wrg(rg);
+#else
+ static cybozu::RandomGenerator rg;
+ static RandGen wrg(rg);
+#endif
+ return wrg;
+ }
+ static RandGen& get()
+ {
+ static RandGen wrg(getDefaultRandGen());
+ return wrg;
+ }
+ /*
+ rg must be thread safe
+ rg.read(void *buf, size_t byteSize);
+ */
+ static void setRandGen(const RandGen& rg)
+ {
+ get() = rg;
+ }
+ /*
+ set rand function
+ if self and readFunc are NULL then set default rand function
+ */
+ static void setRandFunc(void *self, readFuncType readFunc)
+ {
+ if (self == 0 && readFunc == 0) {
+ setRandGen(getDefaultRandGen());
+ } else {
+ RandGen rg(self, readFunc);
+ setRandGen(rg);
+ }
+ }
+};
+
+} } // mcl::fp
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/she.h b/vendor/github.com/byzantine-lab/mcl/include/mcl/she.h
new file mode 100644
index 000000000..60b399c65
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/she.h
@@ -0,0 +1,270 @@
+#pragma once
+/**
+ @file
+ @brief C api of somewhat homomorphic encryption with one-time multiplication, based on prime-order pairings
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <mcl/bn.h>
+
+#ifdef _MSC_VER
+#ifdef MCLSHE_DLL_EXPORT
+#define MCLSHE_DLL_API __declspec(dllexport)
+#else
+#define MCLSHE_DLL_API __declspec(dllimport)
+#ifndef MCLSHE_NO_AUTOLINK
+ #if MCLBN_FP_UNIT_SIZE == 4
+ #pragma comment(lib, "mclshe256.lib")
+ #elif MCLBN_FP_UNIT_SIZE == 6
+ #pragma comment(lib, "mclshe384.lib")
+ #else
+ #pragma comment(lib, "mclshe512.lib")
+ #endif
+#endif
+#endif
+#else
+#ifdef __EMSCRIPTEN__
+ #define MCLSHE_DLL_API __attribute__((used))
+#elif defined(__wasm__)
+ #define MCLSHE_DLL_API __attribute__((visibility("default")))
+#else
+ #define MCLSHE_DLL_API
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+ mclBnFr x;
+ mclBnFr y;
+} sheSecretKey;
+
+typedef struct {
+ mclBnG1 xP;
+ mclBnG2 yQ;
+} shePublicKey;
+
+struct shePrecomputedPublicKey;
+
+typedef struct {
+ mclBnG1 S;
+ mclBnG1 T;
+} sheCipherTextG1;
+
+typedef struct {
+ mclBnG2 S;
+ mclBnG2 T;
+} sheCipherTextG2;
+
+typedef struct {
+ mclBnGT g[4];
+} sheCipherTextGT;
+
+typedef struct {
+ mclBnFr d[4];
+} sheZkpBin;
+
+typedef struct {
+ mclBnFr d[4];
+} sheZkpEq;
+
+typedef struct {
+ mclBnFr d[7];
+} sheZkpBinEq;
+/*
+ initialize this library
+ call this once before using the other functions
+ @param curve [in] enum value defined in mcl/bn.h
+ @param compiledTimeVar [in] specify MCLBN_COMPILED_TIME_VAR,
+ which macro is used to make sure that the values
+ are the same when the library is built and used
+ @return 0 if success
+ @note sheInit() is thread safe and serialized if it is called simultaneously
+ but don't call it while using other functions.
+*/
+MCLSHE_DLL_API int sheInit(int curve, int compiledTimeVar);
+
+// return written byte size if success else 0
+MCLSHE_DLL_API mclSize sheSecretKeySerialize(void *buf, mclSize maxBufSize, const sheSecretKey *sec);
+MCLSHE_DLL_API mclSize shePublicKeySerialize(void *buf, mclSize maxBufSize, const shePublicKey *pub);
+MCLSHE_DLL_API mclSize sheCipherTextG1Serialize(void *buf, mclSize maxBufSize, const sheCipherTextG1 *c);
+MCLSHE_DLL_API mclSize sheCipherTextG2Serialize(void *buf, mclSize maxBufSize, const sheCipherTextG2 *c);
+MCLSHE_DLL_API mclSize sheCipherTextGTSerialize(void *buf, mclSize maxBufSize, const sheCipherTextGT *c);
+MCLSHE_DLL_API mclSize sheZkpBinSerialize(void *buf, mclSize maxBufSize, const sheZkpBin *zkp);
+MCLSHE_DLL_API mclSize sheZkpEqSerialize(void *buf, mclSize maxBufSize, const sheZkpEq *zkp);
+MCLSHE_DLL_API mclSize sheZkpBinEqSerialize(void *buf, mclSize maxBufSize, const sheZkpBinEq *zkp);
+
+// return read byte size if sucess else 0
+MCLSHE_DLL_API mclSize sheSecretKeyDeserialize(sheSecretKey* sec, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize shePublicKeyDeserialize(shePublicKey* pub, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheCipherTextG1Deserialize(sheCipherTextG1* c, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheCipherTextG2Deserialize(sheCipherTextG2* c, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheCipherTextGTDeserialize(sheCipherTextGT* c, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheZkpBinDeserialize(sheZkpBin* zkp, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheZkpEqDeserialize(sheZkpEq* zkp, const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheZkpBinEqDeserialize(sheZkpBinEq* zkp, const void *buf, mclSize bufSize);
+
+/*
+ set secretKey if system has /dev/urandom or CryptGenRandom
+ return 0 if success
+*/
+MCLSHE_DLL_API int sheSecretKeySetByCSPRNG(sheSecretKey *sec);
+
+MCLSHE_DLL_API void sheGetPublicKey(shePublicKey *pub, const sheSecretKey *sec);
+
+/*
+ make table to decode DLP
+ return 0 if success
+*/
+MCLSHE_DLL_API int sheSetRangeForDLP(mclSize hashSize);
+MCLSHE_DLL_API int sheSetRangeForG1DLP(mclSize hashSize);
+MCLSHE_DLL_API int sheSetRangeForG2DLP(mclSize hashSize);
+MCLSHE_DLL_API int sheSetRangeForGTDLP(mclSize hashSize);
+
+/*
+ set tryNum to decode DLP
+*/
+MCLSHE_DLL_API void sheSetTryNum(mclSize tryNum);
+
+/*
+ decode G1 via GT if use != 0
+ @note faster if tryNum >= 300
+*/
+MCLSHE_DLL_API void sheUseDecG1ViaGT(int use);
+/*
+ decode G2 via GT if use != 0
+ @note faster if tryNum >= 100
+*/
+MCLSHE_DLL_API void sheUseDecG2ViaGT(int use);
+/*
+ load table for DLP
+ return read size if success else 0
+*/
+MCLSHE_DLL_API mclSize sheLoadTableForG1DLP(const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheLoadTableForG2DLP(const void *buf, mclSize bufSize);
+MCLSHE_DLL_API mclSize sheLoadTableForGTDLP(const void *buf, mclSize bufSize);
+
+/*
+ save table for DLP
+ return written size if success else 0
+*/
+MCLSHE_DLL_API mclSize sheSaveTableForG1DLP(void *buf, mclSize maxBufSize);
+MCLSHE_DLL_API mclSize sheSaveTableForG2DLP(void *buf, mclSize maxBufSize);
+MCLSHE_DLL_API mclSize sheSaveTableForGTDLP(void *buf, mclSize maxBufSize);
+
+// return 0 if success
+MCLSHE_DLL_API int sheEncG1(sheCipherTextG1 *c, const shePublicKey *pub, mclInt m);
+MCLSHE_DLL_API int sheEncG2(sheCipherTextG2 *c, const shePublicKey *pub, mclInt m);
+MCLSHE_DLL_API int sheEncGT(sheCipherTextGT *c, const shePublicKey *pub, mclInt m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncG1(sheCipherTextG1 *c, const shePrecomputedPublicKey *ppub, mclInt m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncG2(sheCipherTextG2 *c, const shePrecomputedPublicKey *ppub, mclInt m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncGT(sheCipherTextGT *c, const shePrecomputedPublicKey *ppub, mclInt m);
+
+/*
+ m must be 0 or 1
+*/
+MCLSHE_DLL_API int sheEncWithZkpBinG1(sheCipherTextG1 *c, sheZkpBin *zkp, const shePublicKey *pub, int m);
+MCLSHE_DLL_API int sheEncWithZkpBinG2(sheCipherTextG2 *c, sheZkpBin *zkp, const shePublicKey *pub, int m);
+MCLSHE_DLL_API int sheEncWithZkpBinEq(sheCipherTextG1 *c1, sheCipherTextG2 *c2, sheZkpBinEq *zkp, const shePublicKey *pub, int m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncWithZkpBinG1(sheCipherTextG1 *c, sheZkpBin *zkp, const shePrecomputedPublicKey *ppub, int m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncWithZkpBinG2(sheCipherTextG2 *c, sheZkpBin *zkp, const shePrecomputedPublicKey *ppub, int m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncWithZkpBinEq(sheCipherTextG1 *c1, sheCipherTextG2 *c2, sheZkpBinEq *zkp, const shePrecomputedPublicKey *ppub, int m);
+
+/*
+ arbitary m
+*/
+MCLSHE_DLL_API int sheEncWithZkpEq(sheCipherTextG1 *c1, sheCipherTextG2 *c2, sheZkpEq *zkp, const shePublicKey *pub, mclInt m);
+MCLSHE_DLL_API int shePrecomputedPublicKeyEncWithZkpEq(sheCipherTextG1 *c1, sheCipherTextG2 *c2, sheZkpEq *zkp, const shePrecomputedPublicKey *ppub, mclInt m);
+
+/*
+ decode c and set m
+ return 0 if success
+*/
+MCLSHE_DLL_API int sheDecG1(mclInt *m, const sheSecretKey *sec, const sheCipherTextG1 *c);
+MCLSHE_DLL_API int sheDecG2(mclInt *m, const sheSecretKey *sec, const sheCipherTextG2 *c);
+MCLSHE_DLL_API int sheDecGT(mclInt *m, const sheSecretKey *sec, const sheCipherTextGT *c);
+/*
+ verify zkp
+ return 1 if valid
+*/
+MCLSHE_DLL_API int sheVerifyZkpBinG1(const shePublicKey *pub, const sheCipherTextG1 *c, const sheZkpBin *zkp);
+MCLSHE_DLL_API int sheVerifyZkpBinG2(const shePublicKey *pub, const sheCipherTextG2 *c, const sheZkpBin *zkp);
+MCLSHE_DLL_API int sheVerifyZkpEq(const shePublicKey *pub, const sheCipherTextG1 *c1, const sheCipherTextG2 *c2, const sheZkpEq *zkp);
+MCLSHE_DLL_API int sheVerifyZkpBinEq(const shePublicKey *pub, const sheCipherTextG1 *c1, const sheCipherTextG2 *c2, const sheZkpBinEq *zkp);
+MCLSHE_DLL_API int shePrecomputedPublicKeyVerifyZkpBinG1(const shePrecomputedPublicKey *ppub, const sheCipherTextG1 *c, const sheZkpBin *zkp);
+MCLSHE_DLL_API int shePrecomputedPublicKeyVerifyZkpBinG2(const shePrecomputedPublicKey *ppub, const sheCipherTextG2 *c, const sheZkpBin *zkp);
+MCLSHE_DLL_API int shePrecomputedPublicKeyVerifyZkpEq(const shePrecomputedPublicKey *ppub, const sheCipherTextG1 *c1, const sheCipherTextG2 *c2, const sheZkpEq *zkp);
+MCLSHE_DLL_API int shePrecomputedPublicKeyVerifyZkpBinEq(const shePrecomputedPublicKey *ppub, const sheCipherTextG1 *c1, const sheCipherTextG2 *c2, const sheZkpBinEq *zkp);
+/*
+ decode c via GT and set m
+ return 0 if success
+*/
+MCLSHE_DLL_API int sheDecG1ViaGT(mclInt *m, const sheSecretKey *sec, const sheCipherTextG1 *c);
+MCLSHE_DLL_API int sheDecG2ViaGT(mclInt *m, const sheSecretKey *sec, const sheCipherTextG2 *c);
+
+/*
+ return 1 if dec(c) == 0
+*/
+MCLSHE_DLL_API int sheIsZeroG1(const sheSecretKey *sec, const sheCipherTextG1 *c);
+MCLSHE_DLL_API int sheIsZeroG2(const sheSecretKey *sec, const sheCipherTextG2 *c);
+MCLSHE_DLL_API int sheIsZeroGT(const sheSecretKey *sec, const sheCipherTextGT *c);
+
+// return 0 if success
+// y = -x
+MCLSHE_DLL_API int sheNegG1(sheCipherTextG1 *y, const sheCipherTextG1 *x);
+MCLSHE_DLL_API int sheNegG2(sheCipherTextG2 *y, const sheCipherTextG2 *x);
+MCLSHE_DLL_API int sheNegGT(sheCipherTextGT *y, const sheCipherTextGT *x);
+
+// return 0 if success
+// z = x + y
+MCLSHE_DLL_API int sheAddG1(sheCipherTextG1 *z, const sheCipherTextG1 *x, const sheCipherTextG1 *y);
+MCLSHE_DLL_API int sheAddG2(sheCipherTextG2 *z, const sheCipherTextG2 *x, const sheCipherTextG2 *y);
+MCLSHE_DLL_API int sheAddGT(sheCipherTextGT *z, const sheCipherTextGT *x, const sheCipherTextGT *y);
+
+// return 0 if success
+// z = x - y
+MCLSHE_DLL_API int sheSubG1(sheCipherTextG1 *z, const sheCipherTextG1 *x, const sheCipherTextG1 *y);
+MCLSHE_DLL_API int sheSubG2(sheCipherTextG2 *z, const sheCipherTextG2 *x, const sheCipherTextG2 *y);
+MCLSHE_DLL_API int sheSubGT(sheCipherTextGT *z, const sheCipherTextGT *x, const sheCipherTextGT *y);
+
+// return 0 if success
+// z = x * y
+MCLSHE_DLL_API int sheMulG1(sheCipherTextG1 *z, const sheCipherTextG1 *x, mclInt y);
+MCLSHE_DLL_API int sheMulG2(sheCipherTextG2 *z, const sheCipherTextG2 *x, mclInt y);
+MCLSHE_DLL_API int sheMulGT(sheCipherTextGT *z, const sheCipherTextGT *x, mclInt y);
+
+// return 0 if success
+// z = x * y
+MCLSHE_DLL_API int sheMul(sheCipherTextGT *z, const sheCipherTextG1 *x, const sheCipherTextG2 *y);
+/*
+ sheMul(z, x, y) = sheMulML(z, x, y) + sheFinalExpGT(z)
+ @note
+ Mul(x1, y1) + ... + Mul(xn, yn) = finalExp(MulML(x1, y1) + ... + MulML(xn, yn))
+*/
+MCLSHE_DLL_API int sheMulML(sheCipherTextGT *z, const sheCipherTextG1 *x, const sheCipherTextG2 *y);
+MCLSHE_DLL_API int sheFinalExpGT(sheCipherTextGT *y, const sheCipherTextGT *x);
+
+// return 0 if success
+// rerandomize(c)
+MCLSHE_DLL_API int sheReRandG1(sheCipherTextG1 *c, const shePublicKey *pub);
+MCLSHE_DLL_API int sheReRandG2(sheCipherTextG2 *c, const shePublicKey *pub);
+MCLSHE_DLL_API int sheReRandGT(sheCipherTextGT *c, const shePublicKey *pub);
+
+// return 0 if success
+// y = convert(x)
+MCLSHE_DLL_API int sheConvertG1(sheCipherTextGT *y, const shePublicKey *pub, const sheCipherTextG1 *x);
+MCLSHE_DLL_API int sheConvertG2(sheCipherTextGT *y, const shePublicKey *pub, const sheCipherTextG2 *x);
+
+// return nonzero if success
+MCLSHE_DLL_API shePrecomputedPublicKey *shePrecomputedPublicKeyCreate();
+// call this function to avoid memory leak
+MCLSHE_DLL_API void shePrecomputedPublicKeyDestroy(shePrecomputedPublicKey *ppub);
+// return 0 if success
+MCLSHE_DLL_API int shePrecomputedPublicKeyInit(shePrecomputedPublicKey *ppub, const shePublicKey *pub);
+
+#ifdef __cplusplus
+}
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/she.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/she.hpp
new file mode 100644
index 000000000..3ce361454
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/she.hpp
@@ -0,0 +1,1939 @@
+#pragma once
+/**
+ @file
+ @brief somewhat homomorphic encryption with one-time multiplication, based on prime-order pairings
+ @author MITSUNARI Shigeo(@herumi)
+ see https://github.com/herumi/mcl/blob/master/misc/she/she.pdf
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <cmath>
+#include <vector>
+#include <iosfwd>
+#ifndef MCLBN_FP_UNIT_SIZE
+ #define MCLBN_FP_UNIT_SIZE 4
+#endif
+#if MCLBN_FP_UNIT_SIZE == 4
+#include <mcl/bn256.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 6
+#include <mcl/bn384.hpp>
+#elif MCLBN_FP_UNIT_SIZE == 8
+#include <mcl/bn512.hpp>
+#else
+ #error "MCLBN_FP_UNIT_SIZE must be 4, 6, or 8"
+#endif
+
+#include <mcl/window_method.hpp>
+#include <cybozu/endian.hpp>
+#include <cybozu/serializer.hpp>
+
+namespace mcl { namespace she {
+
+using namespace mcl::bn;
+
+namespace local {
+
+#ifndef MCLSHE_WIN_SIZE
+ #define MCLSHE_WIN_SIZE 10
+#endif
+static const size_t winSize = MCLSHE_WIN_SIZE;
+static const size_t defaultTryNum = 2048;
+
+struct KeyCount {
+ uint32_t key;
+ int32_t count; // power
+ bool operator<(const KeyCount& rhs) const
+ {
+ return key < rhs.key;
+ }
+ bool isSame(const KeyCount& rhs) const
+ {
+ return key == rhs.key && count == rhs.count;
+ }
+};
+
+template<class G, bool = true>
+struct InterfaceForHashTable : G {
+ static G& castG(InterfaceForHashTable& x) { return static_cast<G&>(x); }
+ static const G& castG(const InterfaceForHashTable& x) { return static_cast<const G&>(x); }
+ void clear() { clear(castG(*this)); }
+ void normalize() { normalize(castG(*this)); }
+ static bool isOdd(const G& P) { return P.y.isOdd(); }
+ static bool isZero(const G& P) { return P.isZero(); }
+ static bool isSameX(const G& P, const G& Q) { return P.x == Q.x; }
+ static uint32_t getHash(const G& P) { return uint32_t(*P.x.getUnit()); }
+ static void clear(G& P) { P.clear(); }
+ static void normalize(G& P) { P.normalize(); }
+ static void dbl(G& Q, const G& P) { G::dbl(Q, P); }
+ static void neg(G& Q, const G& P) { G::neg(Q, P); }
+ static void add(G& R, const G& P, const G& Q) { G::add(R, P, Q); }
+ template<class INT>
+ static void mul(G& Q, const G& P, const INT& x) { G::mul(Q, P, x); }
+};
+
+/*
+ treat Fp12 as EC
+ unitary inverse of (a, b) = (a, -b)
+ then b.a.a or -b.a.a is odd
+*/
+template<class G>
+struct InterfaceForHashTable<G, false> : G {
+ static G& castG(InterfaceForHashTable& x) { return static_cast<G&>(x); }
+ static const G& castG(const InterfaceForHashTable& x) { return static_cast<const G&>(x); }
+ void clear() { clear(castG(*this)); }
+ void normalize() { normalize(castG(*this)); }
+ static bool isOdd(const G& x) { return x.b.a.a.isOdd(); }
+ static bool isZero(const G& x) { return x.isOne(); }
+ static bool isSameX(const G& x, const G& Q) { return x.a == Q.a; }
+ static uint32_t getHash(const G& x) { return uint32_t(*x.getFp0()->getUnit()); }
+ static void clear(G& x) { x = 1; }
+ static void normalize(G&) { }
+ static void dbl(G& y, const G& x) { G::sqr(y, x); }
+ static void neg(G& Q, const G& P) { G::unitaryInv(Q, P); }
+ static void add(G& z, const G& x, const G& y) { G::mul(z, x, y); }
+ template<class INT>
+ static void mul(G& z, const G& x, const INT& y) { G::pow(z, x, y); }
+};
+
+template<class G>
+char GtoChar();
+template<>char GtoChar<bn::G1>() { return '1'; }
+template<>char GtoChar<bn::G2>() { return '2'; }
+template<>char GtoChar<bn::GT>() { return 'T'; }
+
+/*
+ HashTable<EC, true> or HashTable<Fp12, false>
+*/
+template<class G, bool isEC = true>
+class HashTable {
+ typedef InterfaceForHashTable<G, isEC> I;
+ typedef std::vector<KeyCount> KeyCountVec;
+ KeyCountVec kcv_;
+ G P_;
+ mcl::fp::WindowMethod<I> wm_;
+ G nextP_;
+ G nextNegP_;
+ size_t tryNum_;
+ void setWindowMethod()
+ {
+ const size_t bitSize = G::BaseFp::BaseFp::getBitSize();
+ wm_.init(static_cast<const I&>(P_), bitSize, local::winSize);
+ }
+public:
+ HashTable() : tryNum_(local::defaultTryNum) {}
+ bool operator==(const HashTable& rhs) const
+ {
+ if (kcv_.size() != rhs.kcv_.size()) return false;
+ for (size_t i = 0; i < kcv_.size(); i++) {
+ if (!kcv_[i].isSame(rhs.kcv_[i])) return false;
+ }
+ return P_ == rhs.P_ && nextP_ == rhs.nextP_;
+ }
+ bool operator!=(const HashTable& rhs) const { return !operator==(rhs); }
+ /*
+ compute log_P(xP) for |x| <= hashSize * tryNum
+ */
+ void init(const G& P, size_t hashSize, size_t tryNum = local::defaultTryNum)
+ {
+ if (hashSize == 0) {
+ kcv_.clear();
+ return;
+ }
+ if (hashSize >= 0x80000000u) throw cybozu::Exception("HashTable:init:hashSize is too large");
+ P_ = P;
+ tryNum_ = tryNum;
+ kcv_.resize(hashSize);
+ G xP;
+ I::clear(xP);
+ for (int i = 1; i <= (int)kcv_.size(); i++) {
+ I::add(xP, xP, P_);
+ I::normalize(xP);
+ kcv_[i - 1].key = I::getHash(xP);
+ kcv_[i - 1].count = I::isOdd(xP) ? i : -i;
+ }
+ nextP_ = xP;
+ I::dbl(nextP_, nextP_);
+ I::add(nextP_, nextP_, P_); // nextP = (hasSize * 2 + 1)P
+ I::neg(nextNegP_, nextP_); // nextNegP = -nextP
+ /*
+ ascending order of abs(count) for same key
+ */
+ std::stable_sort(kcv_.begin(), kcv_.end());
+ setWindowMethod();
+ }
+ void setTryNum(size_t tryNum)
+ {
+ this->tryNum_ = tryNum;
+ }
+ /*
+ log_P(xP)
+ find range which has same hash of xP in kcv_,
+ and detect it
+ */
+ int basicLog(G xP, bool *ok = 0) const
+ {
+ if (ok) *ok = true;
+ if (I::isZero(xP)) return 0;
+ typedef KeyCountVec::const_iterator Iter;
+ KeyCount kc;
+ I::normalize(xP);
+ kc.key = I::getHash(xP);
+ kc.count = 0;
+ std::pair<Iter, Iter> p = std::equal_range(kcv_.begin(), kcv_.end(), kc);
+ G Q;
+ I::clear(Q);
+ int prev = 0;
+ /*
+ check range which has same hash
+ */
+ while (p.first != p.second) {
+ int count = p.first->count;
+ int abs_c = std::abs(count);
+ assert(abs_c >= prev); // assume ascending order
+ bool neg = count < 0;
+ G T;
+// I::mul(T, P, abs_c - prev);
+ mulByWindowMethod(T, abs_c - prev);
+ I::add(Q, Q, T);
+ I::normalize(Q);
+ if (I::isSameX(Q, xP)) {
+ bool QisOdd = I::isOdd(Q);
+ bool xPisOdd = I::isOdd(xP);
+ if (QisOdd ^ xPisOdd ^ neg) return -count;
+ return count;
+ }
+ prev = abs_c;
+ ++p.first;
+ }
+ if (ok) {
+ *ok = false;
+ return 0;
+ }
+ throw cybozu::Exception("HashTable:basicLog:not found");
+ }
+ /*
+ compute log_P(xP)
+ call basicLog at most 2 * tryNum
+ */
+ int64_t log(const G& xP) const
+ {
+ bool ok;
+ int c = basicLog(xP, &ok);
+ if (ok) {
+ return c;
+ }
+ G posP = xP, negP = xP;
+ int64_t posCenter = 0;
+ int64_t negCenter = 0;
+ int64_t next = (int64_t)kcv_.size() * 2 + 1;
+ for (size_t i = 1; i < tryNum_; i++) {
+ I::add(posP, posP, nextNegP_);
+ posCenter += next;
+ c = basicLog(posP, &ok);
+ if (ok) {
+ return posCenter + c;
+ }
+ I::add(negP, negP, nextP_);
+ negCenter -= next;
+ c = basicLog(negP, &ok);
+ if (ok) {
+ return negCenter + c;
+ }
+ }
+ throw cybozu::Exception("HashTable:log:not found");
+ }
+ /*
+ remark
+ tryNum is not saved.
+ */
+ template<class OutputStream>
+ void save(OutputStream& os) const
+ {
+ cybozu::save(os, BN::param.cp.curveType);
+ cybozu::writeChar(os, GtoChar<G>());
+ cybozu::save(os, kcv_.size());
+ cybozu::write(os, &kcv_[0], sizeof(kcv_[0]) * kcv_.size());
+ P_.save(os);
+ }
+ size_t save(void *buf, size_t maxBufSize) const
+ {
+ cybozu::MemoryOutputStream os(buf, maxBufSize);
+ save(os);
+ return os.getPos();
+ }
+ /*
+ remark
+ tryNum is not set
+ */
+ template<class InputStream>
+ void load(InputStream& is)
+ {
+ int curveType;
+ cybozu::load(curveType, is);
+ if (curveType != BN::param.cp.curveType) throw cybozu::Exception("HashTable:bad curveType") << curveType;
+ char c = 0;
+ if (!cybozu::readChar(&c, is) || c != GtoChar<G>()) throw cybozu::Exception("HashTable:bad c") << (int)c;
+ size_t kcvSize;
+ cybozu::load(kcvSize, is);
+ kcv_.resize(kcvSize);
+ cybozu::read(&kcv_[0], sizeof(kcv_[0]) * kcvSize, is);
+ P_.load(is);
+ I::mul(nextP_, P_, (kcvSize * 2) + 1);
+ I::neg(nextNegP_, nextP_);
+ setWindowMethod();
+ }
+ size_t load(const void *buf, size_t bufSize)
+ {
+ cybozu::MemoryInputStream is(buf, bufSize);
+ load(is);
+ return is.getPos();
+ }
+ const mcl::fp::WindowMethod<I>& getWM() const { return wm_; }
+ /*
+ mul(x, P, y);
+ */
+ template<class T>
+ void mulByWindowMethod(G& x, const T& y) const
+ {
+ wm_.mul(static_cast<I&>(x), y);
+ }
+};
+
+template<class G>
+int log(const G& P, const G& xP)
+{
+ if (xP.isZero()) return 0;
+ if (xP == P) return 1;
+ G negT;
+ G::neg(negT, P);
+ if (xP == negT) return -1;
+ G T = P;
+ for (int i = 2; i < 100; i++) {
+ T += P;
+ if (xP == T) return i;
+ G::neg(negT, T);
+ if (xP == negT) return -i;
+ }
+ throw cybozu::Exception("she:log:not found");
+}
+
+} // mcl::she::local
+
+template<size_t dummyInpl = 0>
+struct SHET {
+ class SecretKey;
+ class PublicKey;
+ class PrecomputedPublicKey;
+ // additive HE
+ class CipherTextA; // = CipherTextG1 + CipherTextG2
+ class CipherTextGT; // multiplicative HE
+ class CipherText; // CipherTextA + CipherTextGT
+
+ static G1 P_;
+ static G2 Q_;
+ static GT ePQ_; // e(P, Q)
+ static std::vector<Fp6> Qcoeff_;
+ static local::HashTable<G1> PhashTbl_;
+ static local::HashTable<G2> QhashTbl_;
+ static mcl::fp::WindowMethod<G2> Qwm_;
+ typedef local::InterfaceForHashTable<GT, false> GTasEC;
+ static local::HashTable<GT, false> ePQhashTbl_;
+ static bool useDecG1ViaGT_;
+ static bool useDecG2ViaGT_;
+ static bool isG1only_;
+private:
+ template<class G>
+ class CipherTextAT : public fp::Serializable<CipherTextAT<G> > {
+ G S_, T_;
+ friend class SecretKey;
+ friend class PublicKey;
+ friend class PrecomputedPublicKey;
+ friend class CipherTextA;
+ friend class CipherTextGT;
+ bool isZero(const Fr& x) const
+ {
+ G xT;
+ G::mul(xT, T_, x);
+ return S_ == xT;
+ }
+ public:
+ const G& getS() const { return S_; }
+ const G& getT() const { return T_; }
+ void clear()
+ {
+ S_.clear();
+ T_.clear();
+ }
+ static void add(CipherTextAT& z, const CipherTextAT& x, const CipherTextAT& y)
+ {
+ /*
+ (S, T) + (S', T') = (S + S', T + T')
+ */
+ G::add(z.S_, x.S_, y.S_);
+ G::add(z.T_, x.T_, y.T_);
+ }
+ static void sub(CipherTextAT& z, const CipherTextAT& x, const CipherTextAT& y)
+ {
+ /*
+ (S, T) - (S', T') = (S - S', T - T')
+ */
+ G::sub(z.S_, x.S_, y.S_);
+ G::sub(z.T_, x.T_, y.T_);
+ }
+ // INT = int64_t or Fr
+ template<class INT>
+ static void mul(CipherTextAT& z, const CipherTextAT& x, const INT& y)
+ {
+ G::mul(z.S_, x.S_, y);
+ G::mul(z.T_, x.T_, y);
+ }
+ static void neg(CipherTextAT& y, const CipherTextAT& x)
+ {
+ G::neg(y.S_, x.S_);
+ G::neg(y.T_, x.T_);
+ }
+ void add(const CipherTextAT& c) { add(*this, *this, c); }
+ void sub(const CipherTextAT& c) { sub(*this, *this, c); }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ S_.load(pb, is, ioMode); if (!*pb) return;
+ T_.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ S_.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ T_.save(pb, os, ioMode);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextA:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextA:save");
+ }
+ friend std::istream& operator>>(std::istream& is, CipherTextAT& self)
+ {
+ self.load(is, fp::detectIoMode(G::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const CipherTextAT& self)
+ {
+ self.save(os, fp::detectIoMode(G::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const CipherTextAT& rhs) const
+ {
+ return S_ == rhs.S_ && T_ == rhs.T_;
+ }
+ bool operator!=(const CipherTextAT& rhs) const { return !operator==(rhs); }
+ };
+ /*
+ g1 = millerLoop(P1, Q)
+ g2 = millerLoop(P2, Q)
+ */
+ static void doubleMillerLoop(GT& g1, GT& g2, const G1& P1, const G1& P2, const G2& Q)
+ {
+#if 1
+ std::vector<Fp6> Qcoeff;
+ precomputeG2(Qcoeff, Q);
+ precomputedMillerLoop(g1, P1, Qcoeff);
+ precomputedMillerLoop(g2, P2, Qcoeff);
+#else
+ millerLoop(g1, P1, Q);
+ millerLoop(g2, P2, Q);
+#endif
+ }
+ static void finalExp4(GT out[4], const GT in[4])
+ {
+ for (int i = 0; i < 4; i++) {
+ finalExp(out[i], in[i]);
+ }
+ }
+ static void tensorProductML(GT g[4], const G1& S1, const G1& T1, const G2& S2, const G2& T2)
+ {
+ /*
+ (S1, T1) x (S2, T2) = (ML(S1, S2), ML(S1, T2), ML(T1, S2), ML(T1, T2))
+ */
+ doubleMillerLoop(g[0], g[2], S1, T1, S2);
+ doubleMillerLoop(g[1], g[3], S1, T1, T2);
+ }
+ static void tensorProduct(GT g[4], const G1& S1, const G1& T1, const G2& S2, const G2& T2)
+ {
+ /*
+ (S1, T1) x (S2, T2) = (e(S1, S2), e(S1, T2), e(T1, S2), e(T1, T2))
+ */
+ tensorProductML(g,S1, T1, S2,T2);
+ finalExp4(g, g);
+ }
+ template<class Tag, size_t n>
+ struct ZkpT : public fp::Serializable<ZkpT<Tag, n> > {
+ Fr d_[n];
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ for (size_t i = 0; i < n; i++) {
+ d_[i].load(pb, is, ioMode); if (!*pb) return;
+ }
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ d_[0].save(pb, os, ioMode); if (!*pb) return;
+ for (size_t i = 1; i < n; i++) {
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ d_[i].save(pb, os, ioMode);
+ }
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:ZkpT:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:ZkpT:save");
+ }
+ friend std::istream& operator>>(std::istream& is, ZkpT& self)
+ {
+ self.load(is, fp::detectIoMode(Fr::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const ZkpT& self)
+ {
+ self.save(os, fp::detectIoMode(Fr::getIoMode(), os));
+ return os;
+ }
+ };
+ struct ZkpBinTag;
+ struct ZkpEqTag; // d_[] = { c, sp, ss, sm }
+ struct ZkpBinEqTag; // d_[] = { d0, d1, sp0, sp1, ss, sp, sm }
+public:
+ /*
+ Zkp for m = 0 or 1
+ */
+ typedef ZkpT<ZkpBinTag, 4> ZkpBin;
+ /*
+ Zkp for decG1(c1) == decG2(c2)
+ */
+ typedef ZkpT<ZkpEqTag, 4> ZkpEq;
+ /*
+ Zkp for (m = 0 or 1) and decG1(c1) == decG2(c2)
+ */
+ typedef ZkpT<ZkpBinEqTag, 7> ZkpBinEq;
+
+ typedef CipherTextAT<G1> CipherTextG1;
+ typedef CipherTextAT<G2> CipherTextG2;
+
+ static void init(const mcl::CurveParam& cp = mcl::BN254, size_t hashSize = 1024, size_t tryNum = local::defaultTryNum)
+ {
+ initPairing(cp);
+ hashAndMapToG1(P_, "0");
+ hashAndMapToG2(Q_, "0");
+ pairing(ePQ_, P_, Q_);
+ precomputeG2(Qcoeff_, Q_);
+ setRangeForDLP(hashSize);
+ useDecG1ViaGT_ = false;
+ useDecG2ViaGT_ = false;
+ isG1only_ = false;
+ setTryNum(tryNum);
+ }
+ static void init(size_t hashSize, size_t tryNum = local::defaultTryNum)
+ {
+ init(mcl::BN254, hashSize, tryNum);
+ }
+ /*
+ standard lifted ElGamal encryption
+ */
+ static void initG1only(const mcl::EcParam& para, size_t hashSize = 1024, size_t tryNum = local::defaultTryNum)
+ {
+ Fp::init(para.p);
+ Fr::init(para.n);
+ G1::init(para.a, para.b);
+ const Fp x0(para.gx);
+ const Fp y0(para.gy);
+ P_.set(x0, y0);
+
+ setRangeForG1DLP(hashSize);
+ useDecG1ViaGT_ = false;
+ useDecG2ViaGT_ = false;
+ isG1only_ = true;
+ setTryNum(tryNum);
+ }
+ /*
+ set range for G1-DLP
+ */
+ static void setRangeForG1DLP(size_t hashSize)
+ {
+ PhashTbl_.init(P_, hashSize);
+ }
+ /*
+ set range for G2-DLP
+ */
+ static void setRangeForG2DLP(size_t hashSize)
+ {
+ QhashTbl_.init(Q_, hashSize);
+ }
+ /*
+ set range for GT-DLP
+ */
+ static void setRangeForGTDLP(size_t hashSize)
+ {
+ ePQhashTbl_.init(ePQ_, hashSize);
+ }
+ /*
+ set range for G1/G2/GT DLP
+ decode message m for |m| <= hasSize * tryNum
+ decode time = O(log(hasSize) * tryNum)
+ */
+ static void setRangeForDLP(size_t hashSize)
+ {
+ setRangeForG1DLP(hashSize);
+ setRangeForG2DLP(hashSize);
+ setRangeForGTDLP(hashSize);
+ }
+ static void setTryNum(size_t tryNum)
+ {
+ PhashTbl_.setTryNum(tryNum);
+ QhashTbl_.setTryNum(tryNum);
+ ePQhashTbl_.setTryNum(tryNum);
+ }
+ static void useDecG1ViaGT(bool use = true)
+ {
+ useDecG1ViaGT_ = use;
+ }
+ static void useDecG2ViaGT(bool use = true)
+ {
+ useDecG2ViaGT_ = use;
+ }
+ /*
+ only one element is necessary for each G1 and G2.
+ this is better than David Mandell Freeman's algorithm
+ */
+ class SecretKey : public fp::Serializable<SecretKey> {
+ Fr x_, y_;
+ void getPowOfePQ(GT& v, const CipherTextGT& c) const
+ {
+ /*
+ (s, t, u, v) := (e(S, S'), e(S, T'), e(T, S'), e(T, T'))
+ s v^(xy) / (t^y u^x) = s (v^x / t) ^ y / u^x
+ = e(P, Q)^(mm')
+ */
+ GT t, u;
+ GT::unitaryInv(t, c.g_[1]);
+ GT::unitaryInv(u, c.g_[2]);
+ GT::pow(v, c.g_[3], x_);
+ v *= t;
+ GT::pow(v, v, y_);
+ GT::pow(u, u, x_);
+ v *= u;
+ v *= c.g_[0];
+ }
+ public:
+ void setByCSPRNG()
+ {
+ x_.setRand();
+ if (!isG1only_) y_.setRand();
+ }
+ /*
+ set xP and yQ
+ */
+ void getPublicKey(PublicKey& pub) const
+ {
+ pub.set(x_, y_);
+ }
+#if 0
+ // log_x(y)
+ int log(const GT& x, const GT& y) const
+ {
+ if (y == 1) return 0;
+ if (y == x) return 1;
+ GT inv;
+ GT::unitaryInv(inv, x);
+ if (y == inv) return -1;
+ GT t = x;
+ for (int i = 2; i < 100; i++) {
+ t *= x;
+ if (y == t) return i;
+ GT::unitaryInv(inv, t);
+ if (y == inv) return -i;
+ }
+ throw cybozu::Exception("she:dec:log:not found");
+ }
+#endif
+ int64_t dec(const CipherTextG1& c) const
+ {
+ if (useDecG1ViaGT_) return decViaGT(c);
+ /*
+ S = mP + rxP
+ T = rP
+ R = S - xT = mP
+ */
+ G1 R;
+ G1::mul(R, c.T_, x_);
+ G1::sub(R, c.S_, R);
+ return PhashTbl_.log(R);
+ }
+ int64_t dec(const CipherTextG2& c) const
+ {
+ if (useDecG2ViaGT_) return decViaGT(c);
+ G2 R;
+ G2::mul(R, c.T_, y_);
+ G2::sub(R, c.S_, R);
+ return QhashTbl_.log(R);
+ }
+ int64_t dec(const CipherTextA& c) const
+ {
+ return dec(c.c1_);
+ }
+ int64_t dec(const CipherTextGT& c) const
+ {
+ GT v;
+ getPowOfePQ(v, c);
+ return ePQhashTbl_.log(v);
+// return log(g, v);
+ }
+ int64_t decViaGT(const CipherTextG1& c) const
+ {
+ G1 R;
+ G1::mul(R, c.T_, x_);
+ G1::sub(R, c.S_, R);
+ GT v;
+ pairing(v, R, Q_);
+ return ePQhashTbl_.log(v);
+ }
+ int64_t decViaGT(const CipherTextG2& c) const
+ {
+ G2 R;
+ G2::mul(R, c.T_, y_);
+ G2::sub(R, c.S_, R);
+ GT v;
+ pairing(v, P_, R);
+ return ePQhashTbl_.log(v);
+ }
+ int64_t dec(const CipherText& c) const
+ {
+ if (c.isMultiplied()) {
+ return dec(c.m_);
+ } else {
+ return dec(c.a_);
+ }
+ }
+ bool isZero(const CipherTextG1& c) const
+ {
+ return c.isZero(x_);
+ }
+ bool isZero(const CipherTextG2& c) const
+ {
+ return c.isZero(y_);
+ }
+ bool isZero(const CipherTextA& c) const
+ {
+ return c.c1_.isZero(x_);
+ }
+ bool isZero(const CipherTextGT& c) const
+ {
+ GT v;
+ getPowOfePQ(v, c);
+ return v.isOne();
+ }
+ bool isZero(const CipherText& c) const
+ {
+ if (c.isMultiplied()) {
+ return isZero(c.m_);
+ } else {
+ return isZero(c.a_);
+ }
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ x_.load(pb, is, ioMode); if (!*pb) return;
+ if (!isG1only_) y_.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ x_.save(pb, os, ioMode); if (!*pb) return;
+ if (isG1only_) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ y_.save(os, ioMode);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:SecretKey:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:SecretKey:save");
+ }
+ friend std::istream& operator>>(std::istream& is, SecretKey& self)
+ {
+ self.load(is, fp::detectIoMode(Fr::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const SecretKey& self)
+ {
+ self.save(os, fp::detectIoMode(Fr::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const SecretKey& rhs) const
+ {
+ return x_ == rhs.x_ && (isG1only_ || y_ == rhs.y_);
+ }
+ bool operator!=(const SecretKey& rhs) const { return !operator==(rhs); }
+ };
+private:
+ /*
+ simple ElGamal encryptionfor G1 and G2
+ (S, T) = (m P + r xP, rP)
+ Pmul.mul(X, a) // X = a P
+ xPmul.mul(X, a) // X = a xP
+ use *encRand if encRand is not null
+ */
+ template<class G, class INT, class MulG, class I>
+ static void ElGamalEnc(G& S, G& T, const INT& m, const mcl::fp::WindowMethod<I>& Pmul, const MulG& xPmul, const Fr *encRand = 0)
+ {
+ Fr r;
+ if (encRand) {
+ r = *encRand;
+ } else {
+ r.setRand();
+ }
+ Pmul.mul(static_cast<I&>(T), r);
+ xPmul.mul(S, r); // S = r xP
+ if (m == 0) return;
+ G C;
+ Pmul.mul(static_cast<I&>(C), m);
+ S += C;
+ }
+ /*
+ https://github.com/herumi/mcl/blob/master/misc/she/nizkp.pdf
+
+ encRand is a random value used for ElGamalEnc()
+ d[1-m] ; rand
+ s[1-m] ; rand
+ R[0][1-m] = s[1-m] P - d[1-m] T
+ R[1][1-m] = s[1-m] xP - d[1-m] (S - (1-m) P)
+ r ; rand
+ R[0][m] = r P
+ R[1][m] = r xP
+ c = H(S, T, R[0][0], R[0][1], R[1][0], R[1][1])
+ d[m] = c - d[1-m]
+ s[m] = r + d[m] encRand
+ */
+ template<class G, class I, class MulG>
+ static void makeZkpBin(ZkpBin& zkp, const G& S, const G& T, const Fr& encRand, const G& P, int m, const mcl::fp::WindowMethod<I>& Pmul, const MulG& xPmul)
+ {
+ if (m != 0 && m != 1) throw cybozu::Exception("makeZkpBin:bad m") << m;
+ Fr *s = &zkp.d_[0];
+ Fr *d = &zkp.d_[2];
+ G R[2][2];
+ d[1-m].setRand();
+ s[1-m].setRand();
+ G T1, T2;
+ Pmul.mul(static_cast<I&>(T1), s[1-m]); // T1 = s[1-m] P
+ G::mul(T2, T, d[1-m]);
+ G::sub(R[0][1-m], T1, T2); // s[1-m] P - d[1-m]T
+ xPmul.mul(T1, s[1-m]); // T1 = s[1-m] xP
+ if (m == 0) {
+ G::sub(T2, S, P);
+ G::mul(T2, T2, d[1-m]);
+ } else {
+ G::mul(T2, S, d[1-m]);
+ }
+ G::sub(R[1][1-m], T1, T2); // s[1-m] xP - d[1-m](S - (1-m) P)
+ Fr r;
+ r.setRand();
+ Pmul.mul(static_cast<I&>(R[0][m]), r); // R[0][m] = r P
+ xPmul.mul(R[1][m], r); // R[1][m] = r xP
+ char buf[sizeof(G) * 2];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S.save(os);
+ T.save(os);
+ R[0][0].save(os);
+ R[0][1].save(os);
+ R[1][0].save(os);
+ R[1][1].save(os);
+ Fr c;
+ c.setHashOf(buf, os.getPos());
+ d[m] = c - d[1-m];
+ s[m] = r + d[m] * encRand;
+ }
+ /*
+ R[0][i] = s[i] P - d[i] T ; i = 0,1
+ R[1][0] = s[0] xP - d[0] S
+ R[1][1] = s[1] xP - d[1](S - P)
+ c = H(S, T, R[0][0], R[0][1], R[1][0], R[1][1])
+ c == d[0] + d[1]
+ */
+ template<class G, class I, class MulG>
+ static bool verifyZkpBin(const G& S, const G& T, const G& P, const ZkpBin& zkp, const mcl::fp::WindowMethod<I>& Pmul, const MulG& xPmul)
+ {
+ const Fr *s = &zkp.d_[0];
+ const Fr *d = &zkp.d_[2];
+ G R[2][2];
+ G T1, T2;
+ for (int i = 0; i < 2; i++) {
+ Pmul.mul(static_cast<I&>(T1), s[i]); // T1 = s[i] P
+ G::mul(T2, T, d[i]);
+ G::sub(R[0][i], T1, T2);
+ }
+ xPmul.mul(T1, s[0]); // T1 = s[0] xP
+ G::mul(T2, S, d[0]);
+ G::sub(R[1][0], T1, T2);
+ xPmul.mul(T1, s[1]); // T1 = x[1] xP
+ G::sub(T2, S, P);
+ G::mul(T2, T2, d[1]);
+ G::sub(R[1][1], T1, T2);
+ char buf[sizeof(G) * 2];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S.save(os);
+ T.save(os);
+ R[0][0].save(os);
+ R[0][1].save(os);
+ R[1][0].save(os);
+ R[1][1].save(os);
+ Fr c;
+ c.setHashOf(buf, os.getPos());
+ return c == d[0] + d[1];
+ }
+ /*
+ encRand1, encRand2 are random values use for ElGamalEnc()
+ */
+ template<class G1, class G2, class INT, class I1, class I2, class MulG1, class MulG2>
+ static void makeZkpEq(ZkpEq& zkp, G1& S1, G1& T1, G2& S2, G2& T2, const INT& m, const mcl::fp::WindowMethod<I1>& Pmul, const MulG1& xPmul, const mcl::fp::WindowMethod<I2>& Qmul, const MulG2& yQmul)
+ {
+ Fr p, s;
+ p.setRand();
+ s.setRand();
+ ElGamalEnc(S1, T1, m, Pmul, xPmul, &p);
+ ElGamalEnc(S2, T2, m, Qmul, yQmul, &s);
+ Fr rp, rs, rm;
+ rp.setRand();
+ rs.setRand();
+ rm.setRand();
+ G1 R1, R2;
+ G2 R3, R4;
+ ElGamalEnc(R1, R2, rm, Pmul, xPmul, &rp);
+ ElGamalEnc(R3, R4, rm, Qmul, yQmul, &rs);
+ char buf[sizeof(G1) * 4 + sizeof(G2) * 4];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S1.save(os);
+ T1.save(os);
+ S2.save(os);
+ T2.save(os);
+ R1.save(os);
+ R2.save(os);
+ R3.save(os);
+ R4.save(os);
+ Fr& c = zkp.d_[0];
+ Fr& sp = zkp.d_[1];
+ Fr& ss = zkp.d_[2];
+ Fr& sm = zkp.d_[3];
+ c.setHashOf(buf, os.getPos());
+ Fr::mul(sp, c, p);
+ sp += rp;
+ Fr::mul(ss, c, s);
+ ss += rs;
+ Fr::mul(sm, c, m);
+ sm += rm;
+ }
+ template<class G1, class G2, class I1, class I2, class MulG1, class MulG2>
+ static bool verifyZkpEq(const ZkpEq& zkp, const G1& S1, const G1& T1, const G2& S2, const G2& T2, const mcl::fp::WindowMethod<I1>& Pmul, const MulG1& xPmul, const mcl::fp::WindowMethod<I2>& Qmul, const MulG2& yQmul)
+ {
+ const Fr& c = zkp.d_[0];
+ const Fr& sp = zkp.d_[1];
+ const Fr& ss = zkp.d_[2];
+ const Fr& sm = zkp.d_[3];
+ G1 R1, R2, X1;
+ G2 R3, R4, X2;
+ ElGamalEnc(R1, R2, sm, Pmul, xPmul, &sp);
+ G1::mul(X1, S1, c);
+ R1 -= X1;
+ G1::mul(X1, T1, c);
+ R2 -= X1;
+ ElGamalEnc(R3, R4, sm, Qmul, yQmul, &ss);
+ G2::mul(X2, S2, c);
+ R3 -= X2;
+ G2::mul(X2, T2, c);
+ R4 -= X2;
+ char buf[sizeof(G1) * 4 + sizeof(G2) * 4];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S1.save(os);
+ T1.save(os);
+ S2.save(os);
+ T2.save(os);
+ R1.save(os);
+ R2.save(os);
+ R3.save(os);
+ R4.save(os);
+ Fr c2;
+ c2.setHashOf(buf, os.getPos());
+ return c == c2;
+ }
+ /*
+ encRand1, encRand2 are random values use for ElGamalEnc()
+ */
+ template<class G1, class G2, class I1, class I2, class MulG1, class MulG2>
+ static void makeZkpBinEq(ZkpBinEq& zkp, G1& S1, G1& T1, G2& S2, G2& T2, int m, const mcl::fp::WindowMethod<I1>& Pmul, const MulG1& xPmul, const mcl::fp::WindowMethod<I2>& Qmul, const MulG2& yQmul)
+ {
+ if (m != 0 && m != 1) throw cybozu::Exception("makeZkpBinEq:bad m") << m;
+ Fr *d = &zkp.d_[0];
+ Fr *spm = &zkp.d_[2];
+ Fr& ss = zkp.d_[4];
+ Fr& sp = zkp.d_[5];
+ Fr& sm = zkp.d_[6];
+ Fr p, s;
+ p.setRand();
+ s.setRand();
+ ElGamalEnc(S1, T1, m, Pmul, xPmul, &p);
+ ElGamalEnc(S2, T2, m, Qmul, yQmul, &s);
+ d[1-m].setRand();
+ spm[1-m].setRand();
+ G1 R1[2], R2[2], X1;
+ Pmul.mul(static_cast<I1&>(R1[1-m]), spm[1-m]);
+ G1::mul(X1, T1, d[1-m]);
+ R1[1-m] -= X1;
+ if (m == 0) {
+ G1::sub(X1, S1, P_);
+ G1::mul(X1, X1, d[1-m]);
+ } else {
+ G1::mul(X1, S1, d[1-m]);
+ }
+ xPmul.mul(R2[1-m], spm[1-m]);
+ R2[1-m] -= X1;
+ Fr rpm, rp, rs, rm;
+ rpm.setRand();
+ rp.setRand();
+ rs.setRand();
+ rm.setRand();
+ ElGamalEnc(R2[m], R1[m], 0, Pmul, xPmul, &rpm);
+ G1 R3, R4;
+ G2 R5, R6;
+ ElGamalEnc(R4, R3, rm, Pmul, xPmul, &rp);
+ ElGamalEnc(R6, R5, rm, Qmul, yQmul, &rs);
+ char buf[sizeof(Fr) * 12];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S1.save(os);
+ T1.save(os);
+ R1[0].save(os);
+ R1[1].save(os);
+ R2[0].save(os);
+ R2[1].save(os);
+ R3.save(os);
+ R4.save(os);
+ R5.save(os);
+ R6.save(os);
+ Fr c;
+ c.setHashOf(buf, os.getPos());
+ Fr::sub(d[m], c, d[1-m]);
+ Fr::mul(spm[m], d[m], p);
+ spm[m] += rpm;
+ Fr::mul(sp, c, p);
+ sp += rp;
+ Fr::mul(ss, c, s);
+ ss += rs;
+ Fr::mul(sm, c, m);
+ sm += rm;
+ }
+ template<class G1, class G2, class I1, class I2, class MulG1, class MulG2>
+ static bool verifyZkpBinEq(const ZkpBinEq& zkp, const G1& S1, const G1& T1, const G2& S2, const G2& T2, const mcl::fp::WindowMethod<I1>& Pmul, const MulG1& xPmul, const mcl::fp::WindowMethod<I2>& Qmul, const MulG2& yQmul)
+ {
+ const Fr *d = &zkp.d_[0];
+ const Fr *spm = &zkp.d_[2];
+ const Fr& ss = zkp.d_[4];
+ const Fr& sp = zkp.d_[5];
+ const Fr& sm = zkp.d_[6];
+ G1 R1[2], R2[2], X1;
+ for (int i = 0; i < 2; i++) {
+ Pmul.mul(static_cast<I1&>(R1[i]), spm[i]);
+ G1::mul(X1, T1, d[i]);
+ R1[i] -= X1;
+ }
+ xPmul.mul(R2[0], spm[0]);
+ G1::mul(X1, S1, d[0]);
+ R2[0] -= X1;
+ xPmul.mul(R2[1], spm[1]);
+ G1::sub(X1, S1, P_);
+ G1::mul(X1, X1, d[1]);
+ R2[1] -= X1;
+ Fr c;
+ Fr::add(c, d[0], d[1]);
+ G1 R3, R4;
+ G2 R5, R6;
+ ElGamalEnc(R4, R3, sm, Pmul, xPmul, &sp);
+ G1::mul(X1, T1, c);
+ R3 -= X1;
+ G1::mul(X1, S1, c);
+ R4 -= X1;
+ ElGamalEnc(R6, R5, sm, Qmul, yQmul, &ss);
+ G2 X2;
+ G2::mul(X2, T2, c);
+ R5 -= X2;
+ G2::mul(X2, S2, c);
+ R6 -= X2;
+ char buf[sizeof(Fr) * 12];
+ cybozu::MemoryOutputStream os(buf, sizeof(buf));
+ S1.save(os);
+ T1.save(os);
+ R1[0].save(os);
+ R1[1].save(os);
+ R2[0].save(os);
+ R2[1].save(os);
+ R3.save(os);
+ R4.save(os);
+ R5.save(os);
+ R6.save(os);
+ Fr c2;
+ c2.setHashOf(buf, os.getPos());
+ return c == c2;
+ }
+ /*
+ common method for PublicKey and PrecomputedPublicKey
+ */
+ template<class T>
+ struct PublicKeyMethod {
+ /*
+ you can use INT as int64_t and Fr,
+ but the return type of dec() is int64_t.
+ */
+ template<class INT>
+ void enc(CipherTextG1& c, const INT& m) const
+ {
+ static_cast<const T&>(*this).encG1(c, m);
+ }
+ template<class INT>
+ void enc(CipherTextG2& c, const INT& m) const
+ {
+ static_cast<const T&>(*this).encG2(c, m);
+ }
+ template<class INT>
+ void enc(CipherTextA& c, const INT& m) const
+ {
+ enc(c.c1_, m);
+ enc(c.c2_, m);
+ }
+ template<class INT>
+ void enc(CipherTextGT& c, const INT& m) const
+ {
+ static_cast<const T&>(*this).encGT(c, m);
+ }
+ template<class INT>
+ void enc(CipherText& c, const INT& m, bool multiplied = false) const
+ {
+ c.isMultiplied_ = multiplied;
+ if (multiplied) {
+ enc(c.m_, m);
+ } else {
+ enc(c.a_, m);
+ }
+ }
+ /*
+ reRand method is for circuit privacy
+ */
+ template<class CT>
+ void reRandT(CT& c) const
+ {
+ CT c0;
+ static_cast<const T&>(*this).enc(c0, 0);
+ CT::add(c, c, c0);
+ }
+ void reRand(CipherTextG1& c) const { reRandT(c); }
+ void reRand(CipherTextG2& c) const { reRandT(c); }
+ void reRand(CipherTextGT& c) const { reRandT(c); }
+ void reRand(CipherText& c) const
+ {
+ if (c.isMultiplied()) {
+ reRandT(c.m_);
+ } else {
+ reRandT(c.a_);
+ }
+ }
+ /*
+ convert from CipherTextG1 to CipherTextGT
+ */
+ void convert(CipherTextGT& cm, const CipherTextG1& c1) const
+ {
+ /*
+ Enc(1) = (S, T) = (Q + r yQ, rQ) = (Q, 0) if r = 0
+ cm = c1 * (Q, 0) = (S, T) * (Q, 0) = (e(S, Q), 1, e(T, Q), 1)
+ */
+ precomputedMillerLoop(cm.g_[0], c1.getS(), Qcoeff_);
+ finalExp(cm.g_[0], cm.g_[0]);
+ precomputedMillerLoop(cm.g_[2], c1.getT(), Qcoeff_);
+ finalExp(cm.g_[2], cm.g_[2]);
+
+ cm.g_[1] = cm.g_[3] = 1;
+ }
+ /*
+ convert from CipherTextG2 to CipherTextGT
+ */
+ void convert(CipherTextGT& cm, const CipherTextG2& c2) const
+ {
+ /*
+ Enc(1) = (S, T) = (P + r xP, rP) = (P, 0) if r = 0
+ cm = (P, 0) * c2 = (e(P, S), e(P, T), 1, 1)
+ */
+ pairing(cm.g_[0], P_, c2.getS());
+ pairing(cm.g_[1], P_, c2.getT());
+ cm.g_[2] = cm.g_[3] = 1;
+ }
+ void convert(CipherTextGT& cm, const CipherTextA& ca) const
+ {
+ convert(cm, ca.c1_);
+ }
+ void convert(CipherText& cm, const CipherText& ca) const
+ {
+ if (ca.isMultiplied()) throw cybozu::Exception("she:PublicKey:convertCipherText:already isMultiplied");
+ cm.isMultiplied_ = true;
+ convert(cm.m_, ca.a_);
+ }
+ };
+public:
+ class PublicKey : public fp::Serializable<PublicKey,
+ PublicKeyMethod<PublicKey> > {
+ G1 xP_;
+ G2 yQ_;
+ friend class SecretKey;
+ friend class PrecomputedPublicKey;
+ template<class T>
+ friend struct PublicKeyMethod;
+ template<class G>
+ struct MulG {
+ const G& base;
+ MulG(const G& base) : base(base) {}
+ template<class INT>
+ void mul(G& out, const INT& m) const
+ {
+ G::mul(out, base, m);
+ }
+ };
+ void set(const Fr& x, const Fr& y)
+ {
+ G1::mul(xP_, P_, x);
+ if (!isG1only_) G2::mul(yQ_, Q_, y);
+ }
+ template<class INT>
+ void encG1(CipherTextG1& c, const INT& m) const
+ {
+ const MulG<G1> xPmul(xP_);
+ ElGamalEnc(c.S_, c.T_, m, PhashTbl_.getWM(), xPmul);
+ }
+ template<class INT>
+ void encG2(CipherTextG2& c, const INT& m) const
+ {
+ const MulG<G2> yQmul(yQ_);
+ ElGamalEnc(c.S_, c.T_, m, QhashTbl_.getWM(), yQmul);
+ }
+public:
+ void encWithZkpBin(CipherTextG1& c, ZkpBin& zkp, int m) const
+ {
+ Fr encRand;
+ encRand.setRand();
+ const MulG<G1> xPmul(xP_);
+ ElGamalEnc(c.S_, c.T_, m, PhashTbl_.getWM(), xPmul, &encRand);
+ makeZkpBin(zkp, c.S_, c.T_, encRand, P_, m, PhashTbl_.getWM(), xPmul);
+ }
+ void encWithZkpBin(CipherTextG2& c, ZkpBin& zkp, int m) const
+ {
+ Fr encRand;
+ encRand.setRand();
+ const MulG<G2> yQmul(yQ_);
+ ElGamalEnc(c.S_, c.T_, m, QhashTbl_.getWM(), yQmul, &encRand);
+ makeZkpBin(zkp, c.S_, c.T_, encRand, Q_, m, QhashTbl_.getWM(), yQmul);
+ }
+ bool verify(const CipherTextG1& c, const ZkpBin& zkp) const
+ {
+ const MulG<G1> xPmul(xP_);
+ return verifyZkpBin(c.S_, c.T_, P_, zkp, PhashTbl_.getWM(), xPmul);
+ }
+ bool verify(const CipherTextG2& c, const ZkpBin& zkp) const
+ {
+ const MulG<G2> yQmul(yQ_);
+ return verifyZkpBin(c.S_, c.T_, Q_, zkp, QhashTbl_.getWM(), yQmul);
+ }
+ template<class INT>
+ void encWithZkpEq(CipherTextG1& c1, CipherTextG2& c2, ZkpEq& zkp, const INT& m) const
+ {
+ const MulG<G1> xPmul(xP_);
+ const MulG<G2> yQmul(yQ_);
+ makeZkpEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, m, PhashTbl_.getWM(), xPmul, QhashTbl_.getWM(), yQmul);
+ }
+ bool verify(const CipherTextG1& c1, const CipherTextG2& c2, const ZkpEq& zkp) const
+ {
+ const MulG<G1> xPmul(xP_);
+ const MulG<G2> yQmul(yQ_);
+ return verifyZkpEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, PhashTbl_.getWM(), xPmul, QhashTbl_.getWM(), yQmul);
+ }
+ void encWithZkpBinEq(CipherTextG1& c1, CipherTextG2& c2, ZkpBinEq& zkp, int m) const
+ {
+ const MulG<G1> xPmul(xP_);
+ const MulG<G2> yQmul(yQ_);
+ makeZkpBinEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, m, PhashTbl_.getWM(), xPmul, QhashTbl_.getWM(), yQmul);
+ }
+ bool verify(const CipherTextG1& c1, const CipherTextG2& c2, const ZkpBinEq& zkp) const
+ {
+ const MulG<G1> xPmul(xP_);
+ const MulG<G2> yQmul(yQ_);
+ return verifyZkpBinEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, PhashTbl_.getWM(), xPmul, QhashTbl_.getWM(), yQmul);
+ }
+ template<class INT>
+ void encGT(CipherTextGT& c, const INT& m) const
+ {
+ /*
+ (s, t, u, v) = ((e^x)^a (e^y)^b (e^-xy)^c e^m, e^b, e^a, e^c)
+ s = e(a xP + m P, Q)e(b P - c xP, yQ)
+ */
+ Fr ra, rb, rc;
+ ra.setRand();
+ rb.setRand();
+ rc.setRand();
+ GT e;
+
+ G1 P1, P2;
+ G1::mul(P1, xP_, ra);
+ if (m) {
+// G1::mul(P2, P, m);
+ PhashTbl_.mulByWindowMethod(P2, m);
+ P1 += P2;
+ }
+// millerLoop(c.g[0], P1, Q);
+ precomputedMillerLoop(c.g_[0], P1, Qcoeff_);
+// G1::mul(P1, P, rb);
+ PhashTbl_.mulByWindowMethod(P1, rb);
+ G1::mul(P2, xP_, rc);
+ P1 -= P2;
+ millerLoop(e, P1, yQ_);
+ c.g_[0] *= e;
+ finalExp(c.g_[0], c.g_[0]);
+#if 1
+ ePQhashTbl_.mulByWindowMethod(c.g_[1], rb);
+ ePQhashTbl_.mulByWindowMethod(c.g_[2], ra);
+ ePQhashTbl_.mulByWindowMethod(c.g_[3], rc);
+#else
+ GT::pow(c.g_[1], ePQ_, rb);
+ GT::pow(c.g_[2], ePQ_, ra);
+ GT::pow(c.g_[3], ePQ_, rc);
+#endif
+ }
+ public:
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ xP_.load(pb, is, ioMode); if (!*pb) return;
+ if (!isG1only_) yQ_.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ xP_.save(pb, os, ioMode); if (!*pb) return;
+ if (isG1only_) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ yQ_.save(pb, os, ioMode);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:PublicKey:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:PublicKey:save");
+ }
+ friend std::istream& operator>>(std::istream& is, PublicKey& self)
+ {
+ self.load(is, fp::detectIoMode(G1::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const PublicKey& self)
+ {
+ self.save(os, fp::detectIoMode(G1::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const PublicKey& rhs) const
+ {
+ return xP_ == rhs.xP_ && (isG1only_ || yQ_ == rhs.yQ_);
+ }
+ bool operator!=(const PublicKey& rhs) const { return !operator==(rhs); }
+ };
+
+ class PrecomputedPublicKey : public fp::Serializable<PrecomputedPublicKey,
+ PublicKeyMethod<PrecomputedPublicKey> > {
+ typedef local::InterfaceForHashTable<GT, false> GTasEC;
+ typedef mcl::fp::WindowMethod<GTasEC> GTwin;
+ template<class T>
+ friend struct PublicKeyMethod;
+ GT exPQ_;
+ GT eyPQ_;
+ GT exyPQ_;
+ GTwin exPQwm_;
+ GTwin eyPQwm_;
+ GTwin exyPQwm_;
+ mcl::fp::WindowMethod<G1> xPwm_;
+ mcl::fp::WindowMethod<G2> yQwm_;
+ template<class T>
+ void mulByWindowMethod(GT& x, const GTwin& wm, const T& y) const
+ {
+ wm.mul(static_cast<GTasEC&>(x), y);
+ }
+ template<class INT>
+ void encG1(CipherTextG1& c, const INT& m) const
+ {
+ ElGamalEnc(c.S_, c.T_, m, PhashTbl_.getWM(), xPwm_);
+ }
+ template<class INT>
+ void encG2(CipherTextG2& c, const INT& m) const
+ {
+ ElGamalEnc(c.S_, c.T_, m, QhashTbl_.getWM(), yQwm_);
+ }
+ template<class INT>
+ void encGT(CipherTextGT& c, const INT& m) const
+ {
+ /*
+ (s, t, u, v) = (e^m e^(xya), (e^x)^b, (e^y)^c, e^(b + c - a))
+ */
+ Fr ra, rb, rc;
+ ra.setRand();
+ rb.setRand();
+ rc.setRand();
+ GT t;
+ ePQhashTbl_.mulByWindowMethod(c.g_[0], m); // e^m
+ mulByWindowMethod(t, exyPQwm_, ra); // (e^xy)^a
+ c.g_[0] *= t;
+ mulByWindowMethod(c.g_[1], exPQwm_, rb); // (e^x)^b
+ mulByWindowMethod(c.g_[2], eyPQwm_, rc); // (e^y)^c
+ rb += rc;
+ rb -= ra;
+ ePQhashTbl_.mulByWindowMethod(c.g_[3], rb);
+ }
+ public:
+ void init(const PublicKey& pub)
+ {
+ const size_t bitSize = Fr::getBitSize();
+ xPwm_.init(pub.xP_, bitSize, local::winSize);
+ if (isG1only_) return;
+ yQwm_.init(pub.yQ_, bitSize, local::winSize);
+ pairing(exPQ_, pub.xP_, Q_);
+ pairing(eyPQ_, P_, pub.yQ_);
+ pairing(exyPQ_, pub.xP_, pub.yQ_);
+ exPQwm_.init(static_cast<const GTasEC&>(exPQ_), bitSize, local::winSize);
+ eyPQwm_.init(static_cast<const GTasEC&>(eyPQ_), bitSize, local::winSize);
+ exyPQwm_.init(static_cast<const GTasEC&>(exyPQ_), bitSize, local::winSize);
+ }
+ void encWithZkpBin(CipherTextG1& c, ZkpBin& zkp, int m) const
+ {
+ Fr encRand;
+ encRand.setRand();
+ ElGamalEnc(c.S_, c.T_, m, PhashTbl_.getWM(), xPwm_, &encRand);
+ makeZkpBin(zkp, c.S_, c.T_, encRand, P_, m, PhashTbl_.getWM(), xPwm_);
+ }
+ void encWithZkpBin(CipherTextG2& c, ZkpBin& zkp, int m) const
+ {
+ Fr encRand;
+ encRand.setRand();
+ ElGamalEnc(c.S_, c.T_, m, QhashTbl_.getWM(), yQwm_, &encRand);
+ makeZkpBin(zkp, c.S_, c.T_, encRand, Q_, m, QhashTbl_.getWM(), yQwm_);
+ }
+ bool verify(const CipherTextG1& c, const ZkpBin& zkp) const
+ {
+ return verifyZkpBin(c.S_, c.T_, P_, zkp, PhashTbl_.getWM(), xPwm_);
+ }
+ bool verify(const CipherTextG2& c, const ZkpBin& zkp) const
+ {
+ return verifyZkpBin(c.S_, c.T_, Q_, zkp, QhashTbl_.getWM(), yQwm_);
+ }
+ template<class INT>
+ void encWithZkpEq(CipherTextG1& c1, CipherTextG2& c2, ZkpEq& zkp, const INT& m) const
+ {
+ makeZkpEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, m, PhashTbl_.getWM(), xPwm_, QhashTbl_.getWM(), yQwm_);
+ }
+ bool verify(const CipherTextG1& c1, const CipherTextG2& c2, const ZkpEq& zkp) const
+ {
+ return verifyZkpEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, PhashTbl_.getWM(), xPwm_, QhashTbl_.getWM(), yQwm_);
+ }
+ void encWithZkpBinEq(CipherTextG1& c1, CipherTextG2& c2, ZkpBinEq& zkp, int m) const
+ {
+ makeZkpBinEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, m, PhashTbl_.getWM(), xPwm_, QhashTbl_.getWM(), yQwm_);
+ }
+ bool verify(const CipherTextG1& c1, const CipherTextG2& c2, const ZkpBinEq& zkp) const
+ {
+ return verifyZkpBinEq(zkp, c1.S_, c1.T_, c2.S_, c2.T_, PhashTbl_.getWM(), xPwm_, QhashTbl_.getWM(), yQwm_);
+ }
+ };
+ class CipherTextA {
+ CipherTextG1 c1_;
+ CipherTextG2 c2_;
+ friend class SecretKey;
+ friend class PublicKey;
+ friend class CipherTextGT;
+ template<class T>
+ friend struct PublicKeyMethod;
+ public:
+ void clear()
+ {
+ c1_.clear();
+ c2_.clear();
+ }
+ static void add(CipherTextA& z, const CipherTextA& x, const CipherTextA& y)
+ {
+ CipherTextG1::add(z.c1_, x.c1_, y.c1_);
+ CipherTextG2::add(z.c2_, x.c2_, y.c2_);
+ }
+ static void sub(CipherTextA& z, const CipherTextA& x, const CipherTextA& y)
+ {
+ CipherTextG1::sub(z.c1_, x.c1_, y.c1_);
+ CipherTextG2::sub(z.c2_, x.c2_, y.c2_);
+ }
+ static void mul(CipherTextA& z, const CipherTextA& x, int64_t y)
+ {
+ CipherTextG1::mul(z.c1_, x.c1_, y);
+ CipherTextG2::mul(z.c2_, x.c2_, y);
+ }
+ static void neg(CipherTextA& y, const CipherTextA& x)
+ {
+ CipherTextG1::neg(y.c1_, x.c1_);
+ CipherTextG2::neg(y.c2_, x.c2_);
+ }
+ void add(const CipherTextA& c) { add(*this, *this, c); }
+ void sub(const CipherTextA& c) { sub(*this, *this, c); }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ c1_.load(pb, is, ioMode); if (!*pb) return;
+ c2_.load(pb, is, ioMode);
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ c1_.save(pb, os, ioMode); if (!*pb) return;
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ c2_.save(pb, os, ioMode);
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextA:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextA:save");
+ }
+ friend std::istream& operator>>(std::istream& is, CipherTextA& self)
+ {
+ self.load(is, fp::detectIoMode(G1::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const CipherTextA& self)
+ {
+ self.save(os, fp::detectIoMode(G1::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const CipherTextA& rhs) const
+ {
+ return c1_ == rhs.c1_ && c2_ == rhs.c2_;
+ }
+ bool operator!=(const CipherTextA& rhs) const { return !operator==(rhs); }
+ };
+
+ class CipherTextGT : public fp::Serializable<CipherTextGT> {
+ GT g_[4];
+ friend class SecretKey;
+ friend class PublicKey;
+ friend class PrecomputedPublicKey;
+ friend class CipherTextA;
+ template<class T>
+ friend struct PublicKeyMethod;
+ public:
+ void clear()
+ {
+ for (int i = 0; i < 4; i++) {
+ g_[i].setOne();
+ }
+ }
+ static void neg(CipherTextGT& y, const CipherTextGT& x)
+ {
+ for (int i = 0; i < 4; i++) {
+ GT::unitaryInv(y.g_[i], x.g_[i]);
+ }
+ }
+ static void add(CipherTextGT& z, const CipherTextGT& x, const CipherTextGT& y)
+ {
+ /*
+ (g[i]) + (g'[i]) = (g[i] * g'[i])
+ */
+ for (int i = 0; i < 4; i++) {
+ GT::mul(z.g_[i], x.g_[i], y.g_[i]);
+ }
+ }
+ static void sub(CipherTextGT& z, const CipherTextGT& x, const CipherTextGT& y)
+ {
+ /*
+ (g[i]) - (g'[i]) = (g[i] / g'[i])
+ */
+ GT t;
+ for (size_t i = 0; i < 4; i++) {
+ GT::unitaryInv(t, y.g_[i]);
+ GT::mul(z.g_[i], x.g_[i], t);
+ }
+ }
+ static void mulML(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)
+ {
+ /*
+ (S1, T1) * (S2, T2) = (ML(S1, S2), ML(S1, T2), ML(T1, S2), ML(T1, T2))
+ */
+ tensorProductML(z.g_, x.S_, x.T_, y.S_, y.T_);
+ }
+ static void finalExp(CipherTextGT& y, const CipherTextGT& x)
+ {
+ finalExp4(y.g_, x.g_);
+ }
+ /*
+ mul(x, y) = mulML(x, y) + finalExp
+ mul(c11, c12) + mul(c21, c22)
+ = finalExp(mulML(c11, c12) + mulML(c21, c22)),
+ then one finalExp can be reduced
+ */
+ static void mul(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)
+ {
+ /*
+ (S1, T1) * (S2, T2) = (e(S1, S2), e(S1, T2), e(T1, S2), e(T1, T2))
+ */
+ mulML(z, x, y);
+ finalExp(z, z);
+ }
+ static void mul(CipherTextGT& z, const CipherTextA& x, const CipherTextA& y)
+ {
+ mul(z, x.c1_, y.c2_);
+ }
+ static void mul(CipherTextGT& z, const CipherTextGT& x, int64_t y)
+ {
+ for (int i = 0; i < 4; i++) {
+ GT::pow(z.g_[i], x.g_[i], y);
+ }
+ }
+ void add(const CipherTextGT& c) { add(*this, *this, c); }
+ void sub(const CipherTextGT& c) { sub(*this, *this, c); }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ for (int i = 0; i < 4; i++) {
+ g_[i].load(pb, is, ioMode); if (!*pb) return;
+ }
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ const char sep = *fp::getIoSeparator(ioMode);
+ g_[0].save(pb, os, ioMode); if (!*pb) return;
+ for (int i = 1; i < 4; i++) {
+ if (sep) {
+ cybozu::writeChar(pb, os, sep);
+ if (!*pb) return;
+ }
+ g_[i].save(pb, os, ioMode); if (!*pb) return;
+ }
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextGT:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherTextGT:save");
+ }
+ friend std::istream& operator>>(std::istream& is, CipherTextGT& self)
+ {
+ self.load(is, fp::detectIoMode(G1::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const CipherTextGT& self)
+ {
+ self.save(os, fp::detectIoMode(G1::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const CipherTextGT& rhs) const
+ {
+ for (int i = 0; i < 4; i++) {
+ if (g_[i] != rhs.g_[i]) return false;
+ }
+ return true;
+ }
+ bool operator!=(const CipherTextGT& rhs) const { return !operator==(rhs); }
+ };
+
+ class CipherText : public fp::Serializable<CipherText> {
+ bool isMultiplied_;
+ CipherTextA a_;
+ CipherTextGT m_;
+ friend class SecretKey;
+ friend class PublicKey;
+ template<class T>
+ friend struct PublicKeyMethod;
+ public:
+ CipherText() : isMultiplied_(false) {}
+ void clearAsAdded()
+ {
+ isMultiplied_ = false;
+ a_.clear();
+ }
+ void clearAsMultiplied()
+ {
+ isMultiplied_ = true;
+ m_.clear();
+ }
+ bool isMultiplied() const { return isMultiplied_; }
+ static void add(CipherText& z, const CipherText& x, const CipherText& y)
+ {
+ if (x.isMultiplied() && y.isMultiplied()) {
+ z.isMultiplied_ = true;
+ CipherTextGT::add(z.m_, x.m_, y.m_);
+ return;
+ }
+ if (!x.isMultiplied() && !y.isMultiplied()) {
+ z.isMultiplied_ = false;
+ CipherTextA::add(z.a_, x.a_, y.a_);
+ return;
+ }
+ throw cybozu::Exception("she:CipherText:add:mixed CipherText");
+ }
+ static void sub(CipherText& z, const CipherText& x, const CipherText& y)
+ {
+ if (x.isMultiplied() && y.isMultiplied()) {
+ z.isMultiplied_ = true;
+ CipherTextGT::sub(z.m_, x.m_, y.m_);
+ return;
+ }
+ if (!x.isMultiplied() && !y.isMultiplied()) {
+ z.isMultiplied_ = false;
+ CipherTextA::sub(z.a_, x.a_, y.a_);
+ return;
+ }
+ throw cybozu::Exception("she:CipherText:sub:mixed CipherText");
+ }
+ static void neg(CipherText& y, const CipherText& x)
+ {
+ if (x.isMultiplied()) {
+ y.isMultiplied_ = true;
+ CipherTextGT::neg(y.m_, x.m_);
+ return;
+ } else {
+ y.isMultiplied_ = false;
+ CipherTextA::neg(y.a_, x.a_);
+ return;
+ }
+ }
+ static void mul(CipherText& z, const CipherText& x, const CipherText& y)
+ {
+ if (x.isMultiplied() || y.isMultiplied()) {
+ throw cybozu::Exception("she:CipherText:mul:mixed CipherText");
+ }
+ z.isMultiplied_ = true;
+ CipherTextGT::mul(z.m_, x.a_, y.a_);
+ }
+ static void mul(CipherText& z, const CipherText& x, int64_t y)
+ {
+ if (x.isMultiplied()) {
+ CipherTextGT::mul(z.m_, x.m_, y);
+ } else {
+ CipherTextA::mul(z.a_, x.a_, y);
+ }
+ }
+ void add(const CipherText& c) { add(*this, *this, c); }
+ void sub(const CipherText& c) { sub(*this, *this, c); }
+ void mul(const CipherText& c) { mul(*this, *this, c); }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode = IoSerialize)
+ {
+ cybozu::writeChar(pb, isMultiplied_ ? '0' : '1', is); if (!*pb) return;
+ if (isMultiplied()) {
+ m_.load(pb, is, ioMode);
+ } else {
+ a_.load(pb, is, ioMode);
+ }
+ }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int ioMode = IoSerialize) const
+ {
+ char c;
+ if (!cybozu::readChar(&c, os)) return;
+ if (c == '0' || c == '1') {
+ isMultiplied_ = c == '0';
+ } else {
+ *pb = false;
+ return;
+ }
+ if (isMultiplied()) {
+ m_.save(pb, os, ioMode);
+ } else {
+ a_.save(pb, os, ioMode);
+ }
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = IoSerialize)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherText:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int ioMode = IoSerialize) const
+ {
+ bool b;
+ save(&b, os, ioMode);
+ if (!b) throw cybozu::Exception("she:CipherText:save");
+ }
+ friend std::istream& operator>>(std::istream& is, CipherText& self)
+ {
+ self.load(is, fp::detectIoMode(G1::getIoMode(), is));
+ return is;
+ }
+ friend std::ostream& operator<<(std::ostream& os, const CipherText& self)
+ {
+ self.save(os, fp::detectIoMode(G1::getIoMode(), os));
+ return os;
+ }
+ bool operator==(const CipherTextGT& rhs) const
+ {
+ if (isMultiplied() != rhs.isMultiplied()) return false;
+ if (isMultiplied()) {
+ return m_ == rhs.m_;
+ }
+ return a_ == rhs.a_;
+ }
+ bool operator!=(const CipherTextGT& rhs) const { return !operator==(rhs); }
+ };
+};
+typedef local::HashTable<G1> HashTableG1;
+typedef local::HashTable<G2> HashTableG2;
+typedef local::HashTable<Fp12, false> HashTableGT;
+
+template<size_t dummyInpl> G1 SHET<dummyInpl>::P_;
+template<size_t dummyInpl> G2 SHET<dummyInpl>::Q_;
+template<size_t dummyInpl> Fp12 SHET<dummyInpl>::ePQ_;
+template<size_t dummyInpl> std::vector<Fp6> SHET<dummyInpl>::Qcoeff_;
+template<size_t dummyInpl> HashTableG1 SHET<dummyInpl>::PhashTbl_;
+template<size_t dummyInpl> HashTableG2 SHET<dummyInpl>::QhashTbl_;
+template<size_t dummyInpl> HashTableGT SHET<dummyInpl>::ePQhashTbl_;
+template<size_t dummyInpl> bool SHET<dummyInpl>::useDecG1ViaGT_;
+template<size_t dummyInpl> bool SHET<dummyInpl>::useDecG2ViaGT_;
+template<size_t dummyInpl> bool SHET<dummyInpl>::isG1only_;
+typedef mcl::she::SHET<> SHE;
+typedef SHE::SecretKey SecretKey;
+typedef SHE::PublicKey PublicKey;
+typedef SHE::PrecomputedPublicKey PrecomputedPublicKey;
+typedef SHE::CipherTextG1 CipherTextG1;
+typedef SHE::CipherTextG2 CipherTextG2;
+typedef SHE::CipherTextGT CipherTextGT;
+typedef SHE::CipherTextA CipherTextA;
+typedef CipherTextGT CipherTextGM; // old class
+typedef SHE::CipherText CipherText;
+typedef SHE::ZkpBin ZkpBin;
+typedef SHE::ZkpEq ZkpEq;
+typedef SHE::ZkpBinEq ZkpBinEq;
+
+inline void init(const mcl::CurveParam& cp = mcl::BN254, size_t hashSize = 1024, size_t tryNum = local::defaultTryNum)
+{
+ SHE::init(cp, hashSize, tryNum);
+}
+inline void initG1only(const mcl::EcParam& para, size_t hashSize = 1024, size_t tryNum = local::defaultTryNum)
+{
+ SHE::initG1only(para, hashSize, tryNum);
+}
+inline void init(size_t hashSize, size_t tryNum = local::defaultTryNum) { SHE::init(hashSize, tryNum); }
+inline void setRangeForG1DLP(size_t hashSize) { SHE::setRangeForG1DLP(hashSize); }
+inline void setRangeForG2DLP(size_t hashSize) { SHE::setRangeForG2DLP(hashSize); }
+inline void setRangeForGTDLP(size_t hashSize) { SHE::setRangeForGTDLP(hashSize); }
+inline void setRangeForDLP(size_t hashSize) { SHE::setRangeForDLP(hashSize); }
+inline void setTryNum(size_t tryNum) { SHE::setTryNum(tryNum); }
+inline void useDecG1ViaGT(bool use = true) { SHE::useDecG1ViaGT(use); }
+inline void useDecG2ViaGT(bool use = true) { SHE::useDecG2ViaGT(use); }
+inline HashTableG1& getHashTableG1() { return SHE::PhashTbl_; }
+inline HashTableG2& getHashTableG2() { return SHE::QhashTbl_; }
+inline HashTableGT& getHashTableGT() { return SHE::ePQhashTbl_; }
+
+inline void add(CipherTextG1& z, const CipherTextG1& x, const CipherTextG1& y) { CipherTextG1::add(z, x, y); }
+inline void add(CipherTextG2& z, const CipherTextG2& x, const CipherTextG2& y) { CipherTextG2::add(z, x, y); }
+inline void add(CipherTextGT& z, const CipherTextGT& x, const CipherTextGT& y) { CipherTextGT::add(z, x, y); }
+inline void add(CipherText& z, const CipherText& x, const CipherText& y) { CipherText::add(z, x, y); }
+
+inline void sub(CipherTextG1& z, const CipherTextG1& x, const CipherTextG1& y) { CipherTextG1::sub(z, x, y); }
+inline void sub(CipherTextG2& z, const CipherTextG2& x, const CipherTextG2& y) { CipherTextG2::sub(z, x, y); }
+inline void sub(CipherTextGT& z, const CipherTextGT& x, const CipherTextGT& y) { CipherTextGT::sub(z, x, y); }
+inline void sub(CipherText& z, const CipherText& x, const CipherText& y) { CipherText::sub(z, x, y); }
+
+inline void neg(CipherTextG1& y, const CipherTextG1& x) { CipherTextG1::neg(y, x); }
+inline void neg(CipherTextG2& y, const CipherTextG2& x) { CipherTextG2::neg(y, x); }
+inline void neg(CipherTextGT& y, const CipherTextGT& x) { CipherTextGT::neg(y, x); }
+inline void neg(CipherText& y, const CipherText& x) { CipherText::neg(y, x); }
+
+template<class INT>
+inline void mul(CipherTextG1& z, const CipherTextG1& x, const INT& y) { CipherTextG1::mul(z, x, y); }
+template<class INT>
+inline void mul(CipherTextG2& z, const CipherTextG2& x, const INT& y) { CipherTextG2::mul(z, x, y); }
+template<class INT>
+inline void mul(CipherTextGT& z, const CipherTextGT& x, const INT& y) { CipherTextGT::mul(z, x, y); }
+template<class INT>
+inline void mul(CipherText& z, const CipherText& x, const INT& y) { CipherText::mul(z, x, y); }
+
+inline void mul(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y) { CipherTextGT::mul(z, x, y); }
+inline void mul(CipherText& z, const CipherText& x, const CipherText& y) { CipherText::mul(z, x, y); }
+
+} } // mcl::she
+
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/util.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/util.hpp
new file mode 100644
index 000000000..edef971cb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/util.hpp
@@ -0,0 +1,285 @@
+#pragma once
+/**
+ @file
+ @brief functions for T[]
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+*/
+#include <cybozu/bit_operation.hpp>
+
+#ifdef _MSC_VER
+ #pragma warning(push)
+ #pragma warning(disable : 4456)
+ #pragma warning(disable : 4459)
+#endif
+
+namespace mcl { namespace fp {
+
+template<class T>
+T abs_(T x) { return x < 0 ? -x : x; }
+
+template<class T>
+T min_(T x, T y) { return x < y ? x : y; }
+
+template<class T>
+T max_(T x, T y) { return x < y ? y : x; }
+
+template<class T>
+void swap_(T& x, T& y)
+{
+ T t;
+ t = x;
+ x = y;
+ y = t;
+}
+
+
+/*
+ get pp such that p * pp = -1 mod M,
+ where p is prime and M = 1 << 64(or 32).
+ @param pLow [in] p mod M
+*/
+template<class T>
+T getMontgomeryCoeff(T pLow)
+{
+ T ret = 0;
+ T t = 0;
+ T x = 1;
+ for (size_t i = 0; i < sizeof(T) * 8; i++) {
+ if ((t & 1) == 0) {
+ t += pLow;
+ ret += x;
+ }
+ t >>= 1;
+ x <<= 1;
+ }
+ return ret;
+}
+
+template<class T>
+int compareArray(const T* x, const T* y, size_t n)
+{
+ for (size_t i = n - 1; i != size_t(-1); i--) {
+ T a = x[i];
+ T b = y[i];
+ if (a != b) return a < b ? -1 : 1;
+ }
+ return 0;
+}
+
+template<class T>
+bool isLessArray(const T *x, const T* y, size_t n)
+{
+ for (size_t i = n - 1; i != size_t(-1); i--) {
+ T a = x[i];
+ T b = y[i];
+ if (a != b) return a < b;
+ }
+ return false;
+}
+
+template<class T>
+bool isGreaterOrEqualArray(const T *x, const T* y, size_t n)
+{
+ return !isLessArray(x, y, n);
+}
+
+template<class T>
+bool isLessOrEqualArray(const T *x, const T* y, size_t n)
+{
+ for (size_t i = n - 1; i != size_t(-1); i--) {
+ T a = x[i];
+ T b = y[i];
+ if (a != b) return a < b;
+ }
+ return true;
+}
+
+template<class T>
+bool isGreaterArray(const T *x, const T* y, size_t n)
+{
+ return !isLessOrEqualArray(x, y, n);
+}
+
+template<class T>
+bool isEqualArray(const T* x, const T* y, size_t n)
+{
+ for (size_t i = 0; i < n; i++) {
+ if (x[i] != y[i]) return false;
+ }
+ return true;
+}
+
+template<class T>
+bool isZeroArray(const T *x, size_t n)
+{
+ for (size_t i = 0; i < n; i++) {
+ if (x[i]) return false;
+ }
+ return true;
+}
+
+template<class T>
+void clearArray(T *x, size_t begin, size_t end)
+{
+ for (size_t i = begin; i < end; i++) x[i] = 0;
+}
+
+template<class T>
+void copyArray(T *y, const T *x, size_t n)
+{
+ for (size_t i = 0; i < n; i++) y[i] = x[i];
+}
+
+/*
+ x &= (1 << bitSize) - 1
+*/
+template<class T>
+void maskArray(T *x, size_t n, size_t bitSize)
+{
+ const size_t TbitSize = sizeof(T) * 8;
+ assert(bitSize <= TbitSize * n);
+ const size_t q = bitSize / TbitSize;
+ const size_t r = bitSize % TbitSize;
+ if (r) {
+ x[q] &= (T(1) << r) - 1;
+ clearArray(x, q + 1, n);
+ } else {
+ clearArray(x, q, n);
+ }
+}
+
+/*
+ return non zero size of x[]
+ return 1 if x[] == 0
+*/
+template<class T>
+size_t getNonZeroArraySize(const T *x, size_t n)
+{
+ assert(n > 0);
+ while (n > 0) {
+ if (x[n - 1]) return n;
+ n--;
+ }
+ return 1;
+}
+
+/*
+ @param out [inout] : set element of G ; out = x^y[]
+ @param x [in]
+ @param y [in]
+ @param n [in] size of y[]
+ @param limitBit [in] const time version if the value is positive
+ @note &out != x and out = the unit element of G
+*/
+template<class G, class Mul, class Sqr, class T>
+void powGeneric(G& out, const G& x, const T *y, size_t n, const Mul& mul, const Sqr& sqr, void normalize(G&, const G&), size_t limitBit = 0)
+{
+ assert(&out != &x);
+ G tbl[4]; // tbl = { discard, x, x^2, x^3 }
+ T v;
+ bool constTime = limitBit > 0;
+ int maxBit = 0;
+ int m = 0;
+ while (n > 0) {
+ if (y[n - 1]) break;
+ n--;
+ }
+ if (n == 0) {
+ if (constTime) goto DummyLoop;
+ return;
+ }
+ if (!constTime && n == 1) {
+ switch (y[0]) {
+ case 1:
+ out = x;
+ return;
+ case 2:
+ sqr(out, x);
+ return;
+ case 3:
+ sqr(out, x);
+ mul(out, out, x);
+ return;
+ case 4:
+ sqr(out, x);
+ sqr(out, out);
+ return;
+ }
+ }
+ if (normalize != 0) {
+ normalize(tbl[0], x);
+ } else {
+ tbl[0] = x;
+ }
+ tbl[1] = tbl[0];
+ sqr(tbl[2], tbl[1]);
+ if (normalize != 0) { normalize(tbl[2], tbl[2]); }
+ mul(tbl[3], tbl[2], x);
+ if (normalize != 0) { normalize(tbl[3], tbl[3]); }
+ v = y[n - 1];
+ assert(v);
+ m = cybozu::bsr<T>(v);
+ maxBit = int(m + (n - 1) * sizeof(T) * 8);
+ if (m & 1) {
+ m--;
+ T idx = (v >> m) & 3;
+ assert(idx > 0);
+ out = tbl[idx];
+ } else {
+ out = x;
+ }
+ for (int i = (int)n - 1; i >= 0; i--) {
+ T v = y[i];
+ for (int j = m - 2; j >= 0; j -= 2) {
+ sqr(out, out);
+ sqr(out, out);
+ T idx = (v >> j) & 3;
+ if (idx == 0) {
+ if (constTime) mul(tbl[0], tbl[0], tbl[1]);
+ } else {
+ mul(out, out, tbl[idx]);
+ }
+ }
+ m = (int)sizeof(T) * 8;
+ }
+DummyLoop:
+ if (!constTime) return;
+ G D = out;
+ for (size_t i = maxBit + 1; i < limitBit; i += 2) {
+ sqr(D, D);
+ sqr(D, D);
+ mul(D, D, tbl[1]);
+ }
+}
+
+/*
+ shortcut of multiplication by Unit
+*/
+template<class T, class U>
+bool mulSmallUnit(T& z, const T& x, U y)
+{
+ switch (y) {
+ case 0: z.clear(); break;
+ case 1: z = x; break;
+ case 2: T::add(z, x, x); break;
+ case 3: { T t; T::add(t, x, x); T::add(z, t, x); break; }
+ case 4: T::add(z, x, x); T::add(z, z, z); break;
+ case 5: { T t; T::add(t, x, x); T::add(t, t, t); T::add(z, t, x); break; }
+ case 6: { T t; T::add(t, x, x); T::add(t, t, x); T::add(z, t, t); break; }
+ case 7: { T t; T::add(t, x, x); T::add(t, t, t); T::add(t, t, t); T::sub(z, t, x); break; }
+ case 8: T::add(z, x, x); T::add(z, z, z); T::add(z, z, z); break;
+ case 9: { T t; T::add(t, x, x); T::add(t, t, t); T::add(t, t, t); T::add(z, t, x); break; }
+ case 10: { T t; T::add(t, x, x); T::add(t, t, t); T::add(t, t, x); T::add(z, t, t); break; }
+ default:
+ return false;
+ }
+ return true;
+}
+
+} } // mcl::fp
+
+#ifdef _MSC_VER
+ #pragma warning(pop)
+#endif
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/vint.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/vint.hpp
new file mode 100644
index 000000000..b087688c3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/vint.hpp
@@ -0,0 +1,1987 @@
+#pragma once
+/**
+ emulate mpz_class
+*/
+#include <cybozu/exception.hpp>
+#include <cybozu/bit_operation.hpp>
+#include <cybozu/xorshift.hpp>
+#include <assert.h>
+#ifndef CYBOZU_DONT_USE_STRING
+#include <iostream>
+#endif
+#include <mcl/array.hpp>
+#include <mcl/util.hpp>
+#include <mcl/randgen.hpp>
+#include <mcl/conversion.hpp>
+
+#if defined(__EMSCRIPTEN__) || defined(__wasm__)
+ #define MCL_VINT_64BIT_PORTABLE
+ #define MCL_VINT_FIXED_BUFFER
+#endif
+#ifndef MCL_MAX_BIT_SIZE
+ #define MCL_MAX_BIT_SIZE 384
+#endif
+
+#ifndef MCL_SIZEOF_UNIT
+ #if defined(CYBOZU_OS_BIT) && (CYBOZU_OS_BIT == 32)
+ #define MCL_SIZEOF_UNIT 4
+ #else
+ #define MCL_SIZEOF_UNIT 8
+ #endif
+#endif
+
+namespace mcl {
+
+namespace vint {
+
+#if MCL_SIZEOF_UNIT == 8
+typedef uint64_t Unit;
+#else
+typedef uint32_t Unit;
+#endif
+
+template<class T>
+void dump(const T *x, size_t n, const char *msg = "")
+{
+ const size_t is4byteUnit = sizeof(*x) == 4;
+ if (msg) printf("%s ", msg);
+ for (size_t i = 0; i < n; i++) {
+ if (is4byteUnit) {
+ printf("%08x", (uint32_t)x[n - 1 - i]);
+ } else {
+ printf("%016llx", (unsigned long long)x[n - 1 - i]);
+ }
+ }
+ printf("\n");
+}
+
+inline uint64_t make64(uint32_t H, uint32_t L)
+{
+ return ((uint64_t)H << 32) | L;
+}
+
+inline void split64(uint32_t *H, uint32_t *L, uint64_t x)
+{
+ *H = uint32_t(x >> 32);
+ *L = uint32_t(x);
+}
+
+/*
+ [H:L] <= x * y
+ @return L
+*/
+inline uint32_t mulUnit(uint32_t *pH, uint32_t x, uint32_t y)
+{
+ uint64_t t = uint64_t(x) * y;
+ uint32_t L;
+ split64(pH, &L, t);
+ return L;
+}
+#if MCL_SIZEOF_UNIT == 8
+inline uint64_t mulUnit(uint64_t *pH, uint64_t x, uint64_t y)
+{
+#ifdef MCL_VINT_64BIT_PORTABLE
+ uint32_t a = uint32_t(x >> 32);
+ uint32_t b = uint32_t(x);
+ uint32_t c = uint32_t(y >> 32);
+ uint32_t d = uint32_t(y);
+
+ uint64_t ad = uint64_t(d) * a;
+ uint64_t bd = uint64_t(d) * b;
+ uint64_t L = uint32_t(bd);
+ ad += bd >> 32; // [ad:L]
+
+ uint64_t ac = uint64_t(c) * a;
+ uint64_t bc = uint64_t(c) * b;
+ uint64_t H = uint32_t(bc);
+ ac += bc >> 32; // [ac:H]
+ /*
+ adL
+ acH
+ */
+ uint64_t t = (ac << 32) | H;
+ ac >>= 32;
+ H = t + ad;
+ if (H < t) {
+ ac++;
+ }
+ /*
+ ac:H:L
+ */
+ L |= H << 32;
+ H = (ac << 32) | uint32_t(H >> 32);
+ *pH = H;
+ return L;
+#elif defined(_WIN64) && !defined(__INTEL_COMPILER)
+ return _umul128(x, y, pH);
+#else
+ typedef __attribute__((mode(TI))) unsigned int uint128;
+ uint128 t = uint128(x) * y;
+ *pH = uint64_t(t >> 64);
+ return uint64_t(t);
+#endif
+}
+#endif
+
+template<class T>
+void divNM(T *q, size_t qn, T *r, const T *x, size_t xn, const T *y, size_t yn);
+
+/*
+ q = [H:L] / y
+ r = [H:L] % y
+ return q
+*/
+inline uint32_t divUnit(uint32_t *pr, uint32_t H, uint32_t L, uint32_t y)
+{
+ uint64_t t = make64(H, L);
+ uint32_t q = uint32_t(t / y);
+ *pr = uint32_t(t % y);
+ return q;
+}
+#if MCL_SIZEOF_UNIT == 8
+inline uint64_t divUnit(uint64_t *pr, uint64_t H, uint64_t L, uint64_t y)
+{
+#if defined(MCL_VINT_64BIT_PORTABLE)
+ uint32_t px[4] = { uint32_t(L), uint32_t(L >> 32), uint32_t(H), uint32_t(H >> 32) };
+ uint32_t py[2] = { uint32_t(y), uint32_t(y >> 32) };
+ size_t xn = 4;
+ size_t yn = 2;
+ uint32_t q[4];
+ uint32_t r[2];
+ size_t qn = xn - yn + 1;
+ divNM(q, qn, r, px, xn, py, yn);
+ *pr = make64(r[1], r[0]);
+ return make64(q[1], q[0]);
+#elif defined(_MSC_VER)
+ #error "divUnit for uint64_t is not supported"
+#else
+ typedef __attribute__((mode(TI))) unsigned int uint128;
+ uint128 t = (uint128(H) << 64) | L;
+ uint64_t q = uint64_t(t / y);
+ *pr = uint64_t(t % y);
+ return q;
+#endif
+}
+#endif
+
+/*
+ compare x[] and y[]
+ @retval positive if x > y
+ @retval 0 if x == y
+ @retval negative if x < y
+*/
+template<class T>
+int compareNM(const T *x, size_t xn, const T *y, size_t yn)
+{
+ assert(xn > 0 && yn > 0);
+ if (xn != yn) return xn > yn ? 1 : -1;
+ for (int i = (int)xn - 1; i >= 0; i--) {
+ if (x[i] != y[i]) return x[i] > y[i] ? 1 : -1;
+ }
+ return 0;
+}
+
+template<class T>
+void clearN(T *x, size_t n)
+{
+ for (size_t i = 0; i < n; i++) x[i] = 0;
+}
+
+template<class T>
+void copyN(T *y, const T *x, size_t n)
+{
+ for (size_t i = 0; i < n; i++) y[i] = x[i];
+}
+
+/*
+ z[] = x[n] + y[n]
+ @note return 1 if having carry
+ z may be equal to x or y
+*/
+template<class T>
+T addN(T *z, const T *x, const T *y, size_t n)
+{
+ T c = 0;
+ for (size_t i = 0; i < n; i++) {
+ T xc = x[i] + c;
+ if (xc < c) {
+ // x[i] = Unit(-1) and c = 1
+ z[i] = y[i];
+ } else {
+ xc += y[i];
+ c = y[i] > xc ? 1 : 0;
+ z[i] = xc;
+ }
+ }
+ return c;
+}
+
+/*
+ z[] = x[] + y
+*/
+template<class T>
+T addu1(T *z, const T *x, size_t n, T y)
+{
+ assert(n > 0);
+ T t = x[0] + y;
+ z[0] = t;
+ size_t i = 0;
+ if (t >= y) goto EXIT_0;
+ i = 1;
+ for (; i < n; i++) {
+ t = x[i] + 1;
+ z[i] = t;
+ if (t != 0) goto EXIT_0;
+ }
+ return 1;
+EXIT_0:
+ i++;
+ for (; i < n; i++) {
+ z[i] = x[i];
+ }
+ return 0;
+}
+
+/*
+ x[] += y
+*/
+template<class T>
+T addu1(T *x, size_t n, T y)
+{
+ assert(n > 0);
+ T t = x[0] + y;
+ x[0] = t;
+ size_t i = 0;
+ if (t >= y) return 0;
+ i = 1;
+ for (; i < n; i++) {
+ t = x[i] + 1;
+ x[i] = t;
+ if (t != 0) return 0;
+ }
+ return 1;
+}
+/*
+ z[zn] = x[xn] + y[yn]
+ @note zn = max(xn, yn)
+*/
+template<class T>
+T addNM(T *z, const T *x, size_t xn, const T *y, size_t yn)
+{
+ if (yn > xn) {
+ fp::swap_(xn, yn);
+ fp::swap_(x, y);
+ }
+ assert(xn >= yn);
+ size_t max = xn;
+ size_t min = yn;
+ T c = vint::addN(z, x, y, min);
+ if (max > min) {
+ c = vint::addu1(z + min, x + min, max - min, c);
+ }
+ return c;
+}
+
+/*
+ z[] = x[n] - y[n]
+ z may be equal to x or y
+*/
+template<class T>
+T subN(T *z, const T *x, const T *y, size_t n)
+{
+ assert(n > 0);
+ T c = 0;
+ for (size_t i = 0; i < n; i++) {
+ T yc = y[i] + c;
+ if (yc < c) {
+ // y[i] = T(-1) and c = 1
+ z[i] = x[i];
+ } else {
+ c = x[i] < yc ? 1 : 0;
+ z[i] = x[i] - yc;
+ }
+ }
+ return c;
+}
+
+/*
+ out[] = x[n] - y
+*/
+template<class T>
+T subu1(T *z, const T *x, size_t n, T y)
+{
+ assert(n > 0);
+#if 0
+ T t = x[0];
+ z[0] = t - y;
+ size_t i = 0;
+ if (t >= y) goto EXIT_0;
+ i = 1;
+ for (; i < n; i++ ){
+ t = x[i];
+ z[i] = t - 1;
+ if (t != 0) goto EXIT_0;
+ }
+ return 1;
+EXIT_0:
+ i++;
+ for (; i < n; i++) {
+ z[i] = x[i];
+ }
+ return 0;
+#else
+ T c = x[0] < y ? 1 : 0;
+ z[0] = x[0] - y;
+ for (size_t i = 1; i < n; i++) {
+ if (x[i] < c) {
+ z[i] = T(-1);
+ } else {
+ z[i] = x[i] - c;
+ c = 0;
+ }
+ }
+ return c;
+#endif
+}
+
+/*
+ z[xn] = x[xn] - y[yn]
+ @note xn >= yn
+*/
+template<class T>
+T subNM(T *z, const T *x, size_t xn, const T *y, size_t yn)
+{
+ assert(xn >= yn);
+ T c = vint::subN(z, x, y, yn);
+ if (xn > yn) {
+ c = vint::subu1(z + yn, x + yn, xn - yn, c);
+ }
+ return c;
+}
+
+/*
+ z[0..n) = x[0..n) * y
+ return z[n]
+ @note accept z == x
+*/
+template<class T>
+T mulu1(T *z, const T *x, size_t n, T y)
+{
+ assert(n > 0);
+ T H = 0;
+ for (size_t i = 0; i < n; i++) {
+ T t = H;
+ T L = mulUnit(&H, x[i], y);
+ z[i] = t + L;
+ if (z[i] < t) {
+ H++;
+ }
+ }
+ return H; // z[n]
+}
+
+/*
+ z[xn * yn] = x[xn] * y[ym]
+*/
+template<class T>
+static inline void mulNM(T *z, const T *x, size_t xn, const T *y, size_t yn)
+{
+ assert(xn > 0 && yn > 0);
+ if (yn > xn) {
+ fp::swap_(yn, xn);
+ fp::swap_(x, y);
+ }
+ assert(xn >= yn);
+ if (z == x) {
+ T *p = (T*)CYBOZU_ALLOCA(sizeof(T) * xn);
+ copyN(p, x, xn);
+ x = p;
+ }
+ if (z == y) {
+ T *p = (T*)CYBOZU_ALLOCA(sizeof(T) * yn);
+ copyN(p, y, yn);
+ y = p;
+ }
+ z[xn] = vint::mulu1(&z[0], x, xn, y[0]);
+ clearN(z + xn + 1, yn - 1);
+
+ T *t2 = (T*)CYBOZU_ALLOCA(sizeof(T) * (xn + 1));
+ for (size_t i = 1; i < yn; i++) {
+ t2[xn] = vint::mulu1(&t2[0], x, xn, y[i]);
+ vint::addN(&z[i], &z[i], &t2[0], xn + 1);
+ }
+}
+/*
+ out[xn * 2] = x[xn] * x[xn]
+ QQQ : optimize this
+*/
+template<class T>
+static inline void sqrN(T *y, const T *x, size_t xn)
+{
+ mulNM(y, x, xn, x, xn);
+}
+
+/*
+ q[] = x[] / y
+ @retval r = x[] % y
+ accept q == x
+*/
+template<class T>
+T divu1(T *q, const T *x, size_t n, T y)
+{
+ T r = 0;
+ for (int i = (int)n - 1; i >= 0; i--) {
+ q[i] = divUnit(&r, r, x[i], y);
+ }
+ return r;
+}
+/*
+ q[] = x[] / y
+ @retval r = x[] % y
+*/
+template<class T>
+T modu1(const T *x, size_t n, T y)
+{
+ T r = 0;
+ for (int i = (int)n - 1; i >= 0; i--) {
+ divUnit(&r, r, x[i], y);
+ }
+ return r;
+}
+
+/*
+ y[] = x[] << bit
+ 0 < bit < sizeof(T) * 8
+ accept y == x
+*/
+template<class T>
+T shlBit(T *y, const T *x, size_t xn, size_t bit)
+{
+ assert(0 < bit && bit < sizeof(T) * 8);
+ assert(xn > 0);
+ size_t rBit = sizeof(T) * 8 - bit;
+ T keep = x[xn - 1];
+ T prev = keep;
+ for (size_t i = xn - 1; i > 0; i--) {
+ T t = x[i - 1];
+ y[i] = (prev << bit) | (t >> rBit);
+ prev = t;
+ }
+ y[0] = prev << bit;
+ return keep >> rBit;
+}
+
+/*
+ y[yn] = x[xn] << bit
+ yn = xn + (bit + unitBitBit - 1) / unitBitSize
+ accept y == x
+*/
+template<class T>
+void shlN(T *y, const T *x, size_t xn, size_t bit)
+{
+ assert(xn > 0);
+ const size_t unitBitSize = sizeof(T) * 8;
+ size_t q = bit / unitBitSize;
+ size_t r = bit % unitBitSize;
+ if (r == 0) {
+ // don't use copyN(y + q, x, xn); if overlaped
+ for (size_t i = 0; i < xn; i++) {
+ y[q + xn - 1 - i] = x[xn - 1 - i];
+ }
+ } else {
+ y[q + xn] = shlBit(y + q, x, xn, r);
+ }
+ clearN(y, q);
+}
+
+/*
+ y[] = x[] >> bit
+ 0 < bit < sizeof(T) * 8
+*/
+template<class T>
+void shrBit(T *y, const T *x, size_t xn, size_t bit)
+{
+ assert(0 < bit && bit < sizeof(T) * 8);
+ assert(xn > 0);
+ size_t rBit = sizeof(T) * 8 - bit;
+ T prev = x[0];
+ for (size_t i = 1; i < xn; i++) {
+ T t = x[i];
+ y[i - 1] = (prev >> bit) | (t << rBit);
+ prev = t;
+ }
+ y[xn - 1] = prev >> bit;
+}
+/*
+ y[yn] = x[xn] >> bit
+ yn = xn - bit / unitBit
+*/
+template<class T>
+void shrN(T *y, const T *x, size_t xn, size_t bit)
+{
+ assert(xn > 0);
+ const size_t unitBitSize = sizeof(T) * 8;
+ size_t q = bit / unitBitSize;
+ size_t r = bit % unitBitSize;
+ assert(xn >= q);
+ if (r == 0) {
+ copyN(y, x + q, xn - q);
+ } else {
+ shrBit(y, x + q, xn - q, r);
+ }
+}
+
+template<class T>
+size_t getRealSize(const T *x, size_t xn)
+{
+ int i = (int)xn - 1;
+ for (; i > 0; i--) {
+ if (x[i]) {
+ return i + 1;
+ }
+ }
+ return 1;
+}
+
+template<class T>
+size_t getBitSize(const T *x, size_t n)
+{
+ if (n == 1 && x[0] == 0) return 1;
+ T v = x[n - 1];
+ assert(v);
+ return (n - 1) * sizeof(T) * 8 + 1 + cybozu::bsr<Unit>(v);
+}
+
+/*
+ q[qn] = x[xn] / y[yn] ; qn == xn - yn + 1 if xn >= yn if q
+ r[rn] = x[xn] % y[yn] ; rn = yn before getRealSize
+ allow q == 0
+*/
+template<class T>
+void divNM(T *q, size_t qn, T *r, const T *x, size_t xn, const T *y, size_t yn)
+{
+ assert(xn > 0 && yn > 0);
+ assert(xn < yn || (q == 0 || qn == xn - yn + 1));
+ assert(q != r);
+ const size_t rn = yn;
+ xn = getRealSize(x, xn);
+ yn = getRealSize(y, yn);
+ if (x == y) {
+ assert(xn == yn);
+ x_is_y:
+ clearN(r, rn);
+ if (q) {
+ q[0] = 1;
+ clearN(q + 1, qn - 1);
+ }
+ return;
+ }
+ if (yn > xn) {
+ /*
+ if y > x then q = 0 and r = x
+ */
+ q_is_zero:
+ copyN(r, x, xn);
+ clearN(r + xn, rn - xn);
+ if (q) clearN(q, qn);
+ return;
+ }
+ if (yn == 1) {
+ T t;
+ if (q) {
+ if (qn > xn) {
+ clearN(q + xn, qn - xn);
+ }
+ t = divu1(q, x, xn, y[0]);
+ } else {
+ t = modu1(x, xn, y[0]);
+ }
+ r[0] = t;
+ clearN(r + 1, rn - 1);
+ return;
+ }
+ const size_t yTopBit = cybozu::bsr(y[yn - 1]);
+ assert(yn >= 2);
+ if (xn == yn) {
+ const size_t xTopBit = cybozu::bsr(x[xn - 1]);
+ if (xTopBit < yTopBit) goto q_is_zero;
+ if (yTopBit == xTopBit) {
+ int ret = compareNM(x, xn, y, yn);
+ if (ret == 0) goto x_is_y;
+ if (ret < 0) goto q_is_zero;
+ if (r) {
+ subN(r, x, y, yn);
+ }
+ if (q) {
+ q[0] = 1;
+ clearN(q + 1, qn - 1);
+ }
+ return;
+ }
+ assert(xTopBit > yTopBit);
+ // fast reduction for larger than fullbit-3 size p
+ if (yTopBit >= sizeof(T) * 8 - 4) {
+ T *xx = (T*)CYBOZU_ALLOCA(sizeof(T) * xn);
+ T qv = 0;
+ if (yTopBit == sizeof(T) * 8 - 2) {
+ copyN(xx, x, xn);
+ } else {
+ qv = x[xn - 1] >> (yTopBit + 1);
+ mulu1(xx, y, yn, qv);
+ subN(xx, x, xx, xn);
+ xn = getRealSize(xx, xn);
+ }
+ for (;;) {
+ T ret = subN(xx, xx, y, yn);
+ if (ret) {
+ addN(xx, xx, y, yn);
+ break;
+ }
+ qv++;
+ xn = getRealSize(xx, xn);
+ }
+ if (r) {
+ copyN(r, xx, xn);
+ clearN(r + xn, rn - xn);
+ }
+ if (q) {
+ q[0] = qv;
+ clearN(q + 1, qn - 1);
+ }
+ return;
+ }
+ }
+ /*
+ bitwise left shift x and y to adjust MSB of y[yn - 1] = 1
+ */
+ const size_t shift = sizeof(T) * 8 - 1 - yTopBit;
+ T *xx = (T*)CYBOZU_ALLOCA(sizeof(T) * (xn + 1));
+ const T *yy;
+ if (shift) {
+ T v = shlBit(xx, x, xn, shift);
+ if (v) {
+ xx[xn] = v;
+ xn++;
+ }
+ T *yBuf = (T*)CYBOZU_ALLOCA(sizeof(T) * yn);
+ shlBit(yBuf, y, yn ,shift);
+ yy = yBuf;
+ } else {
+ copyN(xx, x, xn);
+ yy = y;
+ }
+ if (q) {
+ clearN(q, qn);
+ }
+ assert((yy[yn - 1] >> (sizeof(T) * 8 - 1)) != 0);
+ T *tt = (T*)CYBOZU_ALLOCA(sizeof(T) * (yn + 1));
+ while (xn > yn) {
+ size_t d = xn - yn;
+ T xTop = xx[xn - 1];
+ T yTop = yy[yn - 1];
+ if (xTop > yTop || (compareNM(xx + d, xn - d, yy, yn) >= 0)) {
+ vint::subN(xx + d, xx + d, yy, yn);
+ xn = getRealSize(xx, xn);
+ if (q) vint::addu1<T>(q + d, qn - d, 1);
+ continue;
+ }
+ if (xTop == 1) {
+ vint::subNM(xx + d - 1, xx + d - 1, xn - d + 1, yy, yn);
+ xn = getRealSize(xx, xn);
+ if (q) vint::addu1<T>(q + d - 1, qn - d + 1, 1);
+ continue;
+ }
+ tt[yn] = vint::mulu1(tt, yy, yn, xTop);
+ vint::subN(xx + d - 1, xx + d - 1, tt, yn + 1);
+ xn = getRealSize(xx, xn);
+ if (q) vint::addu1<T>(q + d - 1, qn - d + 1, xTop);
+ }
+ if (xn == yn && compareNM(xx, xn, yy, yn) >= 0) {
+ subN(xx, xx, yy, yn);
+ xn = getRealSize(xx, xn);
+ if (q) vint::addu1<T>(q, qn, 1);
+ }
+ if (shift) {
+ shrBit(r, xx, xn, shift);
+ } else {
+ copyN(r, xx, xn);
+ }
+ clearN(r + xn, rn - xn);
+}
+
+#ifndef MCL_VINT_FIXED_BUFFER
+template<class T>
+class Buffer {
+ size_t allocSize_;
+ T *ptr_;
+public:
+ typedef T Unit;
+ Buffer() : allocSize_(0), ptr_(0) {}
+ ~Buffer()
+ {
+ clear();
+ }
+ Buffer(const Buffer& rhs)
+ : allocSize_(rhs.allocSize_)
+ , ptr_(0)
+ {
+ ptr_ = (T*)malloc(allocSize_ * sizeof(T));
+ if (ptr_ == 0) throw cybozu::Exception("Buffer:malloc") << rhs.allocSize_;
+ memcpy(ptr_, rhs.ptr_, allocSize_ * sizeof(T));
+ }
+ Buffer& operator=(const Buffer& rhs)
+ {
+ Buffer t(rhs);
+ swap(t);
+ return *this;
+ }
+ void swap(Buffer& rhs)
+#if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+ noexcept
+#endif
+ {
+ fp::swap_(allocSize_, rhs.allocSize_);
+ fp::swap_(ptr_, rhs.ptr_);
+ }
+ void clear()
+ {
+ allocSize_ = 0;
+ free(ptr_);
+ ptr_ = 0;
+ }
+
+ /*
+ @note extended buffer may be not cleared
+ */
+ void alloc(bool *pb, size_t n)
+ {
+ if (n > allocSize_) {
+ T *p = (T*)malloc(n * sizeof(T));
+ if (p == 0) {
+ *pb = false;
+ return;
+ }
+ copyN(p, ptr_, allocSize_);
+ free(ptr_);
+ ptr_ = p;
+ allocSize_ = n;
+ }
+ *pb = true;
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void alloc(size_t n)
+ {
+ bool b;
+ alloc(&b, n);
+ if (!b) throw cybozu::Exception("Buffer:alloc");
+ }
+#endif
+ /*
+ *this = rhs
+ rhs may be destroyed
+ */
+ const T& operator[](size_t n) const { return ptr_[n]; }
+ T& operator[](size_t n) { return ptr_[n]; }
+};
+#endif
+
+template<class T, size_t BitLen>
+class FixedBuffer {
+ enum {
+ N = (BitLen + sizeof(T) * 8 - 1) / (sizeof(T) * 8)
+ };
+ size_t size_;
+ T v_[N];
+public:
+ typedef T Unit;
+ FixedBuffer()
+ : size_(0)
+ {
+ }
+ FixedBuffer(const FixedBuffer& rhs)
+ {
+ operator=(rhs);
+ }
+ FixedBuffer& operator=(const FixedBuffer& rhs)
+ {
+ size_ = rhs.size_;
+ for (size_t i = 0; i < size_; i++) {
+ v_[i] = rhs.v_[i];
+ }
+ return *this;
+ }
+ void clear() { size_ = 0; }
+ void alloc(bool *pb, size_t n)
+ {
+ if (n > N) {
+ *pb = false;
+ return;
+ }
+ size_ = n;
+ *pb = true;
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void alloc(size_t n)
+ {
+ bool b;
+ alloc(&b, n);
+ if (!b) throw cybozu::Exception("FixedBuffer:alloc");
+ }
+#endif
+ void swap(FixedBuffer& rhs)
+ {
+ FixedBuffer *p1 = this;
+ FixedBuffer *p2 = &rhs;
+ if (p1->size_ < p2->size_) {
+ fp::swap_(p1, p2);
+ }
+ assert(p1->size_ >= p2->size_);
+ for (size_t i = 0; i < p2->size_; i++) {
+ fp::swap_(p1->v_[i], p2->v_[i]);
+ }
+ for (size_t i = p2->size_; i < p1->size_; i++) {
+ p2->v_[i] = p1->v_[i];
+ }
+ fp::swap_(p1->size_, p2->size_);
+ }
+ // to avoid warning of gcc
+ void verify(size_t n) const
+ {
+ assert(n <= N);
+ (void)n;
+ }
+ const T& operator[](size_t n) const { verify(n); return v_[n]; }
+ T& operator[](size_t n) { verify(n); return v_[n]; }
+};
+
+#if MCL_SIZEOF_UNIT == 8
+/*
+ M = 1 << 256
+ a = M mod p = (1 << 32) + 0x3d1
+ [H:L] mod p = H * a + L
+
+ if H = L = M - 1, t = H * a + L = aM + (M - a - 1)
+ H' = a, L' = M - a - 1
+ t' = H' * a + L' = M + (a^2 - a - 1)
+ H'' = 1, L'' = a^2 - a - 1
+ t'' = H'' * a + L'' = a^2 - 1
+*/
+inline void mcl_fpDbl_mod_SECP256K1(Unit *z, const Unit *x, const Unit *p)
+{
+ const Unit a = (uint64_t(1) << 32) + 0x3d1;
+ Unit buf[5];
+ buf[4] = mulu1(buf, x + 4, 4, a); // H * a
+ buf[4] += addN(buf, buf, x, 4); // t = H * a + L
+ Unit x2[2];
+ x2[0] = mulUnit(&x2[1], buf[4], a);
+ Unit x3 = addN(buf, buf, x2, 2);
+ if (x3) {
+ x3 = addu1(buf + 2, buf + 2, 2, Unit(1)); // t' = H' * a + L'
+ if (x3) {
+ x3 = addu1(buf, buf, 4, a);
+ assert(x3 == 0);
+ }
+ }
+ if (fp::isGreaterOrEqualArray(buf, p, 4)) {
+ subN(z, buf, p, 4);
+ } else {
+ fp::copyArray(z, buf, 4);
+ }
+}
+
+inline void mcl_fp_mul_SECP256K1(Unit *z, const Unit *x, const Unit *y, const Unit *p)
+{
+ Unit xy[8];
+ mulNM(xy, x, 4, y, 4);
+ mcl_fpDbl_mod_SECP256K1(z, xy, p);
+}
+inline void mcl_fp_sqr_SECP256K1(Unit *y, const Unit *x, const Unit *p)
+{
+ Unit xx[8];
+ sqrN(xx, x, 4);
+ mcl_fpDbl_mod_SECP256K1(y, xx, p);
+}
+#endif
+
+} // vint
+
+/**
+ signed integer with variable length
+*/
+template<class _Buffer>
+class VintT {
+public:
+ typedef _Buffer Buffer;
+ typedef typename Buffer::Unit Unit;
+ static const size_t unitBitSize = sizeof(Unit) * 8;
+ static const int invalidVar = -2147483647 - 1; // abs(invalidVar) is not defined
+private:
+ Buffer buf_;
+ size_t size_;
+ bool isNeg_;
+ void trim(size_t n)
+ {
+ assert(n > 0);
+ int i = (int)n - 1;
+ for (; i > 0; i--) {
+ if (buf_[i]) {
+ size_ = i + 1;
+ return;
+ }
+ }
+ size_ = 1;
+ // zero
+ if (buf_[0] == 0) {
+ isNeg_ = false;
+ }
+ }
+ static int ucompare(const Buffer& x, size_t xn, const Buffer& y, size_t yn)
+ {
+ return vint::compareNM(&x[0], xn, &y[0], yn);
+ }
+ static void uadd(VintT& z, const Buffer& x, size_t xn, const Buffer& y, size_t yn)
+ {
+ size_t zn = fp::max_(xn, yn) + 1;
+ bool b;
+ z.buf_.alloc(&b, zn);
+ assert(b); (void)b;
+ z.buf_[zn - 1] = vint::addNM(&z.buf_[0], &x[0], xn, &y[0], yn);
+ z.trim(zn);
+ }
+ static void uadd1(VintT& z, const Buffer& x, size_t xn, Unit y)
+ {
+ size_t zn = xn + 1;
+ bool b;
+ z.buf_.alloc(&b, zn);
+ assert(b); (void)b;
+ z.buf_[zn - 1] = vint::addu1(&z.buf_[0], &x[0], xn, y);
+ z.trim(zn);
+ }
+ static void usub1(VintT& z, const Buffer& x, size_t xn, Unit y)
+ {
+ size_t zn = xn;
+ bool b;
+ z.buf_.alloc(&b, zn);
+ assert(b); (void)b;
+ Unit c = vint::subu1(&z.buf_[0], &x[0], xn, y);
+ (void)c;
+ assert(!c);
+ z.trim(zn);
+ }
+ static void usub(VintT& z, const Buffer& x, size_t xn, const Buffer& y, size_t yn)
+ {
+ assert(xn >= yn);
+ bool b;
+ z.buf_.alloc(&b, xn);
+ assert(b); (void)b;
+ Unit c = vint::subN(&z.buf_[0], &x[0], &y[0], yn);
+ if (xn > yn) {
+ c = vint::subu1(&z.buf_[yn], &x[yn], xn - yn, c);
+ }
+ assert(!c);
+ z.trim(xn);
+ }
+ static void _add(VintT& z, const VintT& x, bool xNeg, const VintT& y, bool yNeg)
+ {
+ if ((xNeg ^ yNeg) == 0) {
+ // same sign
+ uadd(z, x.buf_, x.size(), y.buf_, y.size());
+ z.isNeg_ = xNeg;
+ return;
+ }
+ int r = ucompare(x.buf_, x.size(), y.buf_, y.size());
+ if (r >= 0) {
+ usub(z, x.buf_, x.size(), y.buf_, y.size());
+ z.isNeg_ = xNeg;
+ } else {
+ usub(z, y.buf_, y.size(), x.buf_, x.size());
+ z.isNeg_ = yNeg;
+ }
+ }
+ static void _adds1(VintT& z, const VintT& x, int y, bool yNeg)
+ {
+ assert(y >= 0);
+ if ((x.isNeg_ ^ yNeg) == 0) {
+ // same sign
+ uadd1(z, x.buf_, x.size(), y);
+ z.isNeg_ = yNeg;
+ return;
+ }
+ if (x.size() > 1 || x.buf_[0] >= (Unit)y) {
+ usub1(z, x.buf_, x.size(), y);
+ z.isNeg_ = x.isNeg_;
+ } else {
+ z = y - x.buf_[0];
+ z.isNeg_ = yNeg;
+ }
+ }
+ static void _addu1(VintT& z, const VintT& x, Unit y, bool yNeg)
+ {
+ if ((x.isNeg_ ^ yNeg) == 0) {
+ // same sign
+ uadd1(z, x.buf_, x.size(), y);
+ z.isNeg_ = yNeg;
+ return;
+ }
+ if (x.size() > 1 || x.buf_[0] >= y) {
+ usub1(z, x.buf_, x.size(), y);
+ z.isNeg_ = x.isNeg_;
+ } else {
+ z = y - x.buf_[0];
+ z.isNeg_ = yNeg;
+ }
+ }
+ /**
+ @param q [out] x / y if q != 0
+ @param r [out] x % y
+ */
+ static void udiv(VintT* q, VintT& r, const Buffer& x, size_t xn, const Buffer& y, size_t yn)
+ {
+ assert(q != &r);
+ if (xn < yn) {
+ r.buf_ = x;
+ r.trim(xn);
+ if (q) q->clear();
+ return;
+ }
+ size_t qn = xn - yn + 1;
+ bool b;
+ if (q) {
+ q->buf_.alloc(&b, qn);
+ assert(b); (void)b;
+ }
+ r.buf_.alloc(&b, yn);
+ assert(b); (void)b;
+ vint::divNM(q ? &q->buf_[0] : 0, qn, &r.buf_[0], &x[0], xn, &y[0], yn);
+ if (q) {
+ q->trim(qn);
+ }
+ r.trim(yn);
+ }
+ /*
+ @param x [inout] x <- d
+ @retval s for x = 2^s d where d is odd
+ */
+ static uint32_t countTrailingZero(VintT& x)
+ {
+ uint32_t s = 0;
+ while (x.isEven()) {
+ x >>= 1;
+ s++;
+ }
+ return s;
+ }
+ struct MulMod {
+ const VintT *pm;
+ void operator()(VintT& z, const VintT& x, const VintT& y) const
+ {
+ VintT::mul(z, x, y);
+ z %= *pm;
+ }
+ };
+ struct SqrMod {
+ const VintT *pm;
+ void operator()(VintT& y, const VintT& x) const
+ {
+ VintT::sqr(y, x);
+ y %= *pm;
+ }
+ };
+public:
+ VintT(int x = 0)
+ : size_(0)
+ {
+ *this = x;
+ }
+ VintT(Unit x)
+ : size_(0)
+ {
+ *this = x;
+ }
+ VintT(const VintT& rhs)
+ : buf_(rhs.buf_)
+ , size_(rhs.size_)
+ , isNeg_(rhs.isNeg_)
+ {
+ }
+ VintT& operator=(int x)
+ {
+ assert(x != invalidVar);
+ isNeg_ = x < 0;
+ bool b;
+ buf_.alloc(&b, 1);
+ assert(b); (void)b;
+ buf_[0] = fp::abs_(x);
+ size_ = 1;
+ return *this;
+ }
+ VintT& operator=(Unit x)
+ {
+ isNeg_ = false;
+ bool b;
+ buf_.alloc(&b, 1);
+ assert(b); (void)b;
+ buf_[0] = x;
+ size_ = 1;
+ return *this;
+ }
+ VintT& operator=(const VintT& rhs)
+ {
+ buf_ = rhs.buf_;
+ size_ = rhs.size_;
+ isNeg_ = rhs.isNeg_;
+ return *this;
+ }
+#if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+ VintT(VintT&& rhs)
+ : buf_(rhs.buf_)
+ , size_(rhs.size_)
+ , isNeg_(rhs.isNeg_)
+ {
+ }
+ VintT& operator=(VintT&& rhs)
+ {
+ buf_ = std::move(rhs.buf_);
+ size_ = rhs.size_;
+ isNeg_ = rhs.isNeg_;
+ return *this;
+ }
+#endif
+ void swap(VintT& rhs)
+#if CYBOZU_CPP_VERSION >= CYBOZU_CPP_VERSION_CPP11
+ noexcept
+#endif
+ {
+ fp::swap_(buf_, rhs.buf_);
+ fp::swap_(size_, rhs.size_);
+ fp::swap_(isNeg_, rhs.isNeg_);
+ }
+ void dump(const char *msg = "") const
+ {
+ vint::dump(&buf_[0], size_, msg);
+ }
+ /*
+ set positive value
+ @note assume little endian system
+ */
+ template<class S>
+ void setArray(bool *pb, const S *x, size_t size)
+ {
+ isNeg_ = false;
+ if (size == 0) {
+ clear();
+ *pb = true;
+ return;
+ }
+ size_t unitSize = (sizeof(S) * size + sizeof(Unit) - 1) / sizeof(Unit);
+ buf_.alloc(pb, unitSize);
+ if (!*pb) return;
+ char *dst = (char *)&buf_[0];
+ const char *src = (const char *)x;
+ size_t i = 0;
+ for (; i < sizeof(S) * size; i++) {
+ dst[i] = src[i];
+ }
+ for (; i < sizeof(Unit) * unitSize; i++) {
+ dst[i] = 0;
+ }
+ trim(unitSize);
+ }
+ /*
+ set [0, max) randomly
+ */
+ void setRand(bool *pb, const VintT& max, fp::RandGen rg = fp::RandGen())
+ {
+ assert(max > 0);
+ if (rg.isZero()) rg = fp::RandGen::get();
+ size_t n = max.size();
+ buf_.alloc(pb, n);
+ if (!*pb) return;
+ rg.read(pb, &buf_[0], n * sizeof(buf_[0]));
+ if (!*pb) return;
+ trim(n);
+ *this %= max;
+ }
+ /*
+ get abs value
+ buf_[0, size) = x
+ buf_[size, maxSize) with zero
+ @note assume little endian system
+ */
+ void getArray(bool *pb, Unit *x, size_t maxSize) const
+ {
+ size_t n = size();
+ if (n > maxSize) {
+ *pb = false;
+ return;
+ }
+ vint::copyN(x, &buf_[0], n);
+ vint::clearN(x + n, maxSize - n);
+ *pb = true;
+ }
+ void clear() { *this = 0; }
+ template<class OutputStream>
+ void save(bool *pb, OutputStream& os, int base = 10) const
+ {
+ if (isNeg_) cybozu::writeChar(pb, os, '-');
+ char buf[1024];
+ size_t n = mcl::fp::arrayToStr(buf, sizeof(buf), &buf_[0], size_, base, false);
+ if (n == 0) {
+ *pb = false;
+ return;
+ }
+ cybozu::write(pb, os, buf + sizeof(buf) - n, n);
+ }
+ /*
+ set buf with string terminated by '\0'
+ return strlen(buf) if success else 0
+ */
+ size_t getStr(char *buf, size_t bufSize, int base = 10) const
+ {
+ cybozu::MemoryOutputStream os(buf, bufSize);
+ bool b;
+ save(&b, os, base);
+ const size_t n = os.getPos();
+ if (!b || n == bufSize) return 0;
+ buf[n] = '\0';
+ return n;
+ }
+ /*
+ return bitSize(abs(*this))
+ @note return 1 if zero
+ */
+ size_t getBitSize() const
+ {
+ if (isZero()) return 1;
+ size_t n = size();
+ Unit v = buf_[n - 1];
+ assert(v);
+ return (n - 1) * sizeof(Unit) * 8 + 1 + cybozu::bsr<Unit>(v);
+ }
+ // ignore sign
+ bool testBit(size_t i) const
+ {
+ size_t q = i / unitBitSize;
+ size_t r = i % unitBitSize;
+ assert(q <= size());
+ Unit mask = Unit(1) << r;
+ return (buf_[q] & mask) != 0;
+ }
+ void setBit(size_t i, bool v = true)
+ {
+ size_t q = i / unitBitSize;
+ size_t r = i % unitBitSize;
+ assert(q <= size());
+ bool b;
+ buf_.alloc(&b, q + 1);
+ assert(b); (void)b;
+ Unit mask = Unit(1) << r;
+ if (v) {
+ buf_[q] |= mask;
+ } else {
+ buf_[q] &= ~mask;
+ trim(q + 1);
+ }
+ }
+ /*
+ @param str [in] number string
+ @note "0x..." => base = 16
+ "0b..." => base = 2
+ otherwise => base = 10
+ */
+ void setStr(bool *pb, const char *str, int base = 0)
+ {
+ // allow twice size of MCL_MAX_BIT_SIZE because of multiplication
+ const size_t maxN = (MCL_MAX_BIT_SIZE * 2 + unitBitSize - 1) / unitBitSize;
+ buf_.alloc(pb, maxN);
+ if (!*pb) return;
+ *pb = false;
+ isNeg_ = false;
+ size_t len = strlen(str);
+ size_t n = fp::strToArray(&isNeg_, &buf_[0], maxN, str, len, base);
+ if (n == 0) return;
+ trim(n);
+ *pb = true;
+ }
+ static int compare(const VintT& x, const VintT& y)
+ {
+ if (x.isNeg_ ^ y.isNeg_) {
+ if (x.isZero() && y.isZero()) return 0;
+ return x.isNeg_ ? -1 : 1;
+ } else {
+ // same sign
+ int c = ucompare(x.buf_, x.size(), y.buf_, y.size());
+ if (x.isNeg_) {
+ return -c;
+ }
+ return c;
+ }
+ }
+ static int compares1(const VintT& x, int y)
+ {
+ assert(y != invalidVar);
+ if (x.isNeg_ ^ (y < 0)) {
+ if (x.isZero() && y == 0) return 0;
+ return x.isNeg_ ? -1 : 1;
+ } else {
+ // same sign
+ Unit y0 = fp::abs_(y);
+ int c = vint::compareNM(&x.buf_[0], x.size(), &y0, 1);
+ if (x.isNeg_) {
+ return -c;
+ }
+ return c;
+ }
+ }
+ static int compareu1(const VintT& x, uint32_t y)
+ {
+ if (x.isNeg_) return -1;
+ if (x.size() > 1) return 1;
+ Unit x0 = x.buf_[0];
+ return x0 > y ? 1 : x0 == y ? 0 : -1;
+ }
+ size_t size() const { return size_; }
+ bool isZero() const { return size() == 1 && buf_[0] == 0; }
+ bool isNegative() const { return !isZero() && isNeg_; }
+ uint32_t getLow32bit() const { return (uint32_t)buf_[0]; }
+ bool isOdd() const { return (buf_[0] & 1) == 1; }
+ bool isEven() const { return !isOdd(); }
+ const Unit *getUnit() const { return &buf_[0]; }
+ size_t getUnitSize() const { return size_; }
+ static void add(VintT& z, const VintT& x, const VintT& y)
+ {
+ _add(z, x, x.isNeg_, y, y.isNeg_);
+ }
+ static void sub(VintT& z, const VintT& x, const VintT& y)
+ {
+ _add(z, x, x.isNeg_, y, !y.isNeg_);
+ }
+ static void mul(VintT& z, const VintT& x, const VintT& y)
+ {
+ const size_t xn = x.size();
+ const size_t yn = y.size();
+ size_t zn = xn + yn;
+ bool b;
+ z.buf_.alloc(&b, zn);
+ assert(b); (void)b;
+ vint::mulNM(&z.buf_[0], &x.buf_[0], xn, &y.buf_[0], yn);
+ z.isNeg_ = x.isNeg_ ^ y.isNeg_;
+ z.trim(zn);
+ }
+ static void sqr(VintT& y, const VintT& x)
+ {
+ mul(y, x, x);
+ }
+ static void addu1(VintT& z, const VintT& x, Unit y)
+ {
+ _addu1(z, x, y, false);
+ }
+ static void subu1(VintT& z, const VintT& x, Unit y)
+ {
+ _addu1(z, x, y, true);
+ }
+ static void mulu1(VintT& z, const VintT& x, Unit y)
+ {
+ size_t xn = x.size();
+ size_t zn = xn + 1;
+ bool b;
+ z.buf_.alloc(&b, zn);
+ assert(b); (void)b;
+ z.buf_[zn - 1] = vint::mulu1(&z.buf_[0], &x.buf_[0], xn, y);
+ z.isNeg_ = x.isNeg_;
+ z.trim(zn);
+ }
+ static void divu1(VintT& q, const VintT& x, Unit y)
+ {
+ udivModu1(&q, x, y);
+ }
+ static void modu1(VintT& r, const VintT& x, Unit y)
+ {
+ bool xNeg = x.isNeg_;
+ r = divModu1(0, x, y);
+ r.isNeg_ = xNeg;
+ }
+ static void adds1(VintT& z, const VintT& x, int y)
+ {
+ assert(y != invalidVar);
+ _adds1(z, x, fp::abs_(y), y < 0);
+ }
+ static void subs1(VintT& z, const VintT& x, int y)
+ {
+ assert(y != invalidVar);
+ _adds1(z, x, fp::abs_(y), !(y < 0));
+ }
+ static void muls1(VintT& z, const VintT& x, int y)
+ {
+ assert(y != invalidVar);
+ mulu1(z, x, fp::abs_(y));
+ z.isNeg_ ^= (y < 0);
+ }
+ /*
+ @param q [out] q = x / y if q is not zero
+ @param x [in]
+ @param y [in] must be not zero
+ return x % y
+ */
+ static int divMods1(VintT *q, const VintT& x, int y)
+ {
+ assert(y != invalidVar);
+ bool xNeg = x.isNeg_;
+ bool yNeg = y < 0;
+ Unit absY = fp::abs_(y);
+ size_t xn = x.size();
+ int r;
+ if (q) {
+ q->isNeg_ = xNeg ^ yNeg;
+ bool b;
+ q->buf_.alloc(&b, xn);
+ assert(b); (void)b;
+ r = (int)vint::divu1(&q->buf_[0], &x.buf_[0], xn, absY);
+ q->trim(xn);
+ } else {
+ r = (int)vint::modu1(&x.buf_[0], xn, absY);
+ }
+ return xNeg ? -r : r;
+ }
+ /*
+ like C
+ 13 / 5 = 2 ... 3
+ 13 / -5 = -2 ... 3
+ -13 / 5 = -2 ... -3
+ -13 / -5 = 2 ... -3
+ */
+ static void divMod(VintT *q, VintT& r, const VintT& x, const VintT& y)
+ {
+ bool qsign = x.isNeg_ ^ y.isNeg_;
+ udiv(q, r, x.buf_, x.size(), y.buf_, y.size());
+ r.isNeg_ = x.isNeg_;
+ if (q) q->isNeg_ = qsign;
+ }
+ static void div(VintT& q, const VintT& x, const VintT& y)
+ {
+ VintT r;
+ divMod(&q, r, x, y);
+ }
+ static void mod(VintT& r, const VintT& x, const VintT& y)
+ {
+ divMod(0, r, x, y);
+ }
+ static void divs1(VintT& q, const VintT& x, int y)
+ {
+ divMods1(&q, x, y);
+ }
+ static void mods1(VintT& r, const VintT& x, int y)
+ {
+ bool xNeg = x.isNeg_;
+ r = divMods1(0, x, y);
+ r.isNeg_ = xNeg;
+ }
+ static Unit udivModu1(VintT *q, const VintT& x, Unit y)
+ {
+ assert(!x.isNeg_);
+ size_t xn = x.size();
+ if (q) {
+ bool b;
+ q->buf_.alloc(&b, xn);
+ assert(b); (void)b;
+ }
+ Unit r = vint::divu1(q ? &q->buf_[0] : 0, &x.buf_[0], xn, y);
+ if (q) {
+ q->trim(xn);
+ q->isNeg_ = false;
+ }
+ return r;
+ }
+ /*
+ like Python
+ 13 / 5 = 2 ... 3
+ 13 / -5 = -3 ... -2
+ -13 / 5 = -3 ... 2
+ -13 / -5 = 2 ... -3
+ */
+ static void quotRem(VintT *q, VintT& r, const VintT& x, const VintT& y)
+ {
+ VintT yy = y;
+ bool qsign = x.isNeg_ ^ y.isNeg_;
+ udiv(q, r, x.buf_, x.size(), y.buf_, y.size());
+ r.isNeg_ = y.isNeg_;
+ if (q) q->isNeg_ = qsign;
+ if (!r.isZero() && qsign) {
+ if (q) {
+ uadd1(*q, q->buf_, q->size(), 1);
+ }
+ usub(r, yy.buf_, yy.size(), r.buf_, r.size());
+ }
+ }
+ template<class InputStream>
+ void load(bool *pb, InputStream& is, int ioMode)
+ {
+ *pb = false;
+ char buf[1024];
+ size_t n = fp::local::loadWord(buf, sizeof(buf), is);
+ if (n == 0) return;
+ const size_t maxN = 384 / (sizeof(MCL_SIZEOF_UNIT) * 8);
+ buf_.alloc(pb, maxN);
+ if (!*pb) return;
+ isNeg_ = false;
+ n = fp::strToArray(&isNeg_, &buf_[0], maxN, buf, n, ioMode);
+ if (n == 0) return;
+ trim(n);
+ *pb = true;
+ }
+ // logical left shift (copy sign)
+ static void shl(VintT& y, const VintT& x, size_t shiftBit)
+ {
+ size_t xn = x.size();
+ size_t yn = xn + (shiftBit + unitBitSize - 1) / unitBitSize;
+ bool b;
+ y.buf_.alloc(&b, yn);
+ assert(b); (void)b;
+ vint::shlN(&y.buf_[0], &x.buf_[0], xn, shiftBit);
+ y.isNeg_ = x.isNeg_;
+ y.trim(yn);
+ }
+ // logical right shift (copy sign)
+ static void shr(VintT& y, const VintT& x, size_t shiftBit)
+ {
+ size_t xn = x.size();
+ if (xn * unitBitSize <= shiftBit) {
+ y.clear();
+ return;
+ }
+ size_t yn = xn - shiftBit / unitBitSize;
+ bool b;
+ y.buf_.alloc(&b, yn);
+ assert(b); (void)b;
+ vint::shrN(&y.buf_[0], &x.buf_[0], xn, shiftBit);
+ y.isNeg_ = x.isNeg_;
+ y.trim(yn);
+ }
+ static void neg(VintT& y, const VintT& x)
+ {
+ if (&y != &x) { y = x; }
+ y.isNeg_ = !x.isNeg_;
+ }
+ static void abs(VintT& y, const VintT& x)
+ {
+ if (&y != &x) { y = x; }
+ y.isNeg_ = false;
+ }
+ static VintT abs(const VintT& x)
+ {
+ VintT y = x;
+ abs(y, x);
+ return y;
+ }
+ // accept only non-negative value
+ static void orBit(VintT& z, const VintT& x, const VintT& y)
+ {
+ assert(!x.isNeg_ && !y.isNeg_);
+ const VintT *px = &x, *py = &y;
+ if (x.size() < y.size()) {
+ fp::swap_(px, py);
+ }
+ size_t xn = px->size();
+ size_t yn = py->size();
+ assert(xn >= yn);
+ bool b;
+ z.buf_.alloc(&b, xn);
+ assert(b); (void)b;
+ for (size_t i = 0; i < yn; i++) {
+ z.buf_[i] = x.buf_[i] | y.buf_[i];
+ }
+ vint::copyN(&z.buf_[0] + yn, &px->buf_[0] + yn, xn - yn);
+ z.trim(xn);
+ }
+ static void andBit(VintT& z, const VintT& x, const VintT& y)
+ {
+ assert(!x.isNeg_ && !y.isNeg_);
+ const VintT *px = &x, *py = &y;
+ if (x.size() < y.size()) {
+ fp::swap_(px, py);
+ }
+ size_t yn = py->size();
+ assert(px->size() >= yn);
+ bool b;
+ z.buf_.alloc(&b, yn);
+ assert(b); (void)b;
+ for (size_t i = 0; i < yn; i++) {
+ z.buf_[i] = x.buf_[i] & y.buf_[i];
+ }
+ z.trim(yn);
+ }
+ static void orBitu1(VintT& z, const VintT& x, Unit y)
+ {
+ assert(!x.isNeg_);
+ z = x;
+ z.buf_[0] |= y;
+ }
+ static void andBitu1(VintT& z, const VintT& x, Unit y)
+ {
+ assert(!x.isNeg_);
+ bool b;
+ z.buf_.alloc(&b, 1);
+ assert(b); (void)b;
+ z.buf_[0] = x.buf_[0] & y;
+ z.size_ = 1;
+ z.isNeg_ = false;
+ }
+ /*
+ REMARK y >= 0;
+ */
+ static void pow(VintT& z, const VintT& x, const VintT& y)
+ {
+ assert(!y.isNeg_);
+ const VintT xx = x;
+ z = 1;
+ mcl::fp::powGeneric(z, xx, &y.buf_[0], y.size(), mul, sqr, (void (*)(VintT&, const VintT&))0);
+ }
+ /*
+ REMARK y >= 0;
+ */
+ static void pow(VintT& z, const VintT& x, int64_t y)
+ {
+ assert(y >= 0);
+ const VintT xx = x;
+ z = 1;
+#if MCL_SIZEOF_UNIT == 8
+ Unit ua = fp::abs_(y);
+ mcl::fp::powGeneric(z, xx, &ua, 1, mul, sqr, (void (*)(VintT&, const VintT&))0);
+#else
+ uint64_t ua = fp::abs_(y);
+ Unit u[2] = { uint32_t(ua), uint32_t(ua >> 32) };
+ size_t un = u[1] ? 2 : 1;
+ mcl::fp::powGeneric(z, xx, u, un, mul, sqr, (void (*)(VintT&, const VintT&))0);
+#endif
+ }
+ /*
+ z = x ^ y mod m
+ REMARK y >= 0;
+ */
+ static void powMod(VintT& z, const VintT& x, const VintT& y, const VintT& m)
+ {
+ assert(!y.isNeg_);
+ VintT zz;
+ MulMod mulMod;
+ SqrMod sqrMod;
+ mulMod.pm = &m;
+ sqrMod.pm = &m;
+ zz = 1;
+ mcl::fp::powGeneric(zz, x, &y.buf_[0], y.size(), mulMod, sqrMod, (void (*)(VintT&, const VintT&))0);
+ z.swap(zz);
+ }
+ /*
+ inverse mod
+ y = 1/x mod m
+ REMARK x != 0 and m != 0;
+ */
+ static void invMod(VintT& y, const VintT& x, const VintT& m)
+ {
+ assert(!x.isZero() && !m.isZero());
+ if (x == 1) {
+ y = 1;
+ return;
+ }
+ VintT a = 1;
+ VintT t;
+ VintT q;
+ divMod(&q, t, m, x);
+ VintT s = x;
+ VintT b = -q;
+
+ for (;;) {
+ divMod(&q, s, s, t);
+ if (s.isZero()) {
+ if (b.isNeg_) {
+ b += m;
+ }
+ y = b;
+ return;
+ }
+ a -= b * q;
+
+ divMod(&q, t, t, s);
+ if (t.isZero()) {
+ if (a.isNeg_) {
+ a += m;
+ }
+ y = a;
+ return;
+ }
+ b -= a * q;
+ }
+ }
+ /*
+ Miller-Rabin
+ */
+ static bool isPrime(bool *pb, const VintT& n, int tryNum = 32)
+ {
+ *pb = true;
+ if (n <= 1) return false;
+ if (n == 2 || n == 3) return true;
+ if (n.isEven()) return false;
+ cybozu::XorShift rg;
+ const VintT nm1 = n - 1;
+ VintT d = nm1;
+ uint32_t r = countTrailingZero(d);
+ // n - 1 = 2^r d
+ VintT a, x;
+ for (int i = 0; i < tryNum; i++) {
+ a.setRand(pb, n - 3, rg);
+ if (!*pb) return false;
+ a += 2; // a in [2, n - 2]
+ powMod(x, a, d, n);
+ if (x == 1 || x == nm1) {
+ continue;
+ }
+ for (uint32_t j = 1; j < r; j++) {
+ sqr(x, x);
+ x %= n;
+ if (x == 1) return false;
+ if (x == nm1) goto NEXT_LOOP;
+ }
+ return false;
+ NEXT_LOOP:;
+ }
+ return true;
+ }
+ bool isPrime(bool *pb, int tryNum = 32) const
+ {
+ return isPrime(pb, *this, tryNum);
+ }
+ static void gcd(VintT& z, VintT x, VintT y)
+ {
+ VintT t;
+ for (;;) {
+ if (y.isZero()) {
+ z = x;
+ return;
+ }
+ t = x;
+ x = y;
+ mod(y, t, y);
+ }
+ }
+ static VintT gcd(const VintT& x, const VintT& y)
+ {
+ VintT z;
+ gcd(z, x, y);
+ return z;
+ }
+ static void lcm(VintT& z, const VintT& x, const VintT& y)
+ {
+ VintT c;
+ gcd(c, x, y);
+ div(c, x, c);
+ mul(z, c, y);
+ }
+ static VintT lcm(const VintT& x, const VintT& y)
+ {
+ VintT z;
+ lcm(z, x, y);
+ return z;
+ }
+ /*
+ 1 if m is quadratic residue modulo n (i.e., there exists an x s.t. x^2 = m mod n)
+ 0 if m = 0 mod n
+ -1 otherwise
+ @note return legendre_symbol(m, p) for m and odd prime p
+ */
+ static int jacobi(VintT m, VintT n)
+ {
+ assert(n.isOdd());
+ if (n == 1) return 1;
+ if (m < 0 || m > n) {
+ quotRem(0, m, m, n); // m = m mod n
+ }
+ if (m.isZero()) return 0;
+ if (m == 1) return 1;
+ if (gcd(m, n) != 1) return 0;
+
+ int j = 1;
+ VintT t;
+ goto START;
+ while (m != 1) {
+ if ((m.getLow32bit() % 4) == 3 && (n.getLow32bit() % 4) == 3) {
+ j = -j;
+ }
+ mod(t, n, m);
+ n = m;
+ m = t;
+ START:
+ int s = countTrailingZero(m);
+ uint32_t nmod8 = n.getLow32bit() % 8;
+ if ((s % 2) && (nmod8 == 3 || nmod8 == 5)) {
+ j = -j;
+ }
+ }
+ return j;
+ }
+#ifndef CYBOZU_DONT_USE_STRING
+ explicit VintT(const std::string& str)
+ : size_(0)
+ {
+ setStr(str);
+ }
+ void getStr(std::string& s, int base = 10) const
+ {
+ s.clear();
+ cybozu::StringOutputStream os(s);
+ save(os, base);
+ }
+ std::string getStr(int base = 10) const
+ {
+ std::string s;
+ getStr(s, base);
+ return s;
+ }
+ inline friend std::ostream& operator<<(std::ostream& os, const VintT& x)
+ {
+ return os << x.getStr(os.flags() & std::ios_base::hex ? 16 : 10);
+ }
+ inline friend std::istream& operator>>(std::istream& is, VintT& x)
+ {
+ x.load(is);
+ return is;
+ }
+#endif
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void setStr(const std::string& str, int base = 0)
+ {
+ bool b;
+ setStr(&b, str.c_str(), base);
+ if (!b) throw cybozu::Exception("Vint:setStr") << str;
+ }
+ void setRand(const VintT& max, fp::RandGen rg = fp::RandGen())
+ {
+ bool b;
+ setRand(&b, max, rg);
+ if (!b) throw cybozu::Exception("Vint:setRand");
+ }
+ void getArray(Unit *x, size_t maxSize) const
+ {
+ bool b;
+ getArray(&b, x, maxSize);
+ if (!b) throw cybozu::Exception("Vint:getArray");
+ }
+ template<class InputStream>
+ void load(InputStream& is, int ioMode = 0)
+ {
+ bool b;
+ load(&b, is, ioMode);
+ if (!b) throw cybozu::Exception("Vint:load");
+ }
+ template<class OutputStream>
+ void save(OutputStream& os, int base = 10) const
+ {
+ bool b;
+ save(&b, os, base);
+ if (!b) throw cybozu::Exception("Vint:save");
+ }
+ static bool isPrime(const VintT& n, int tryNum = 32)
+ {
+ bool b;
+ bool ret = isPrime(&b, n, tryNum);
+ if (!b) throw cybozu::Exception("Vint:isPrime");
+ return ret;
+ }
+ bool isPrime(int tryNum = 32) const
+ {
+ bool b;
+ bool ret = isPrime(&b, *this, tryNum);
+ if (!b) throw cybozu::Exception("Vint:isPrime");
+ return ret;
+ }
+ template<class S>
+ void setArray(const S *x, size_t size)
+ {
+ bool b;
+ setArray(&b, x, size);
+ if (!b) throw cybozu::Exception("Vint:setArray");
+ }
+#endif
+ VintT& operator++() { adds1(*this, *this, 1); return *this; }
+ VintT& operator--() { subs1(*this, *this, 1); return *this; }
+ VintT operator++(int) { VintT c = *this; adds1(*this, *this, 1); return c; }
+ VintT operator--(int) { VintT c = *this; subs1(*this, *this, 1); return c; }
+ friend bool operator<(const VintT& x, const VintT& y) { return compare(x, y) < 0; }
+ friend bool operator>=(const VintT& x, const VintT& y) { return !operator<(x, y); }
+ friend bool operator>(const VintT& x, const VintT& y) { return compare(x, y) > 0; }
+ friend bool operator<=(const VintT& x, const VintT& y) { return !operator>(x, y); }
+ friend bool operator==(const VintT& x, const VintT& y) { return compare(x, y) == 0; }
+ friend bool operator!=(const VintT& x, const VintT& y) { return !operator==(x, y); }
+
+ friend bool operator<(const VintT& x, int y) { return compares1(x, y) < 0; }
+ friend bool operator>=(const VintT& x, int y) { return !operator<(x, y); }
+ friend bool operator>(const VintT& x, int y) { return compares1(x, y) > 0; }
+ friend bool operator<=(const VintT& x, int y) { return !operator>(x, y); }
+ friend bool operator==(const VintT& x, int y) { return compares1(x, y) == 0; }
+ friend bool operator!=(const VintT& x, int y) { return !operator==(x, y); }
+
+ friend bool operator<(const VintT& x, uint32_t y) { return compareu1(x, y) < 0; }
+ friend bool operator>=(const VintT& x, uint32_t y) { return !operator<(x, y); }
+ friend bool operator>(const VintT& x, uint32_t y) { return compareu1(x, y) > 0; }
+ friend bool operator<=(const VintT& x, uint32_t y) { return !operator>(x, y); }
+ friend bool operator==(const VintT& x, uint32_t y) { return compareu1(x, y) == 0; }
+ friend bool operator!=(const VintT& x, uint32_t y) { return !operator==(x, y); }
+
+ VintT& operator+=(const VintT& rhs) { add(*this, *this, rhs); return *this; }
+ VintT& operator-=(const VintT& rhs) { sub(*this, *this, rhs); return *this; }
+ VintT& operator*=(const VintT& rhs) { mul(*this, *this, rhs); return *this; }
+ VintT& operator/=(const VintT& rhs) { div(*this, *this, rhs); return *this; }
+ VintT& operator%=(const VintT& rhs) { mod(*this, *this, rhs); return *this; }
+ VintT& operator&=(const VintT& rhs) { andBit(*this, *this, rhs); return *this; }
+ VintT& operator|=(const VintT& rhs) { orBit(*this, *this, rhs); return *this; }
+
+ VintT& operator+=(int rhs) { adds1(*this, *this, rhs); return *this; }
+ VintT& operator-=(int rhs) { subs1(*this, *this, rhs); return *this; }
+ VintT& operator*=(int rhs) { muls1(*this, *this, rhs); return *this; }
+ VintT& operator/=(int rhs) { divs1(*this, *this, rhs); return *this; }
+ VintT& operator%=(int rhs) { mods1(*this, *this, rhs); return *this; }
+ VintT& operator+=(Unit rhs) { addu1(*this, *this, rhs); return *this; }
+ VintT& operator-=(Unit rhs) { subu1(*this, *this, rhs); return *this; }
+ VintT& operator*=(Unit rhs) { mulu1(*this, *this, rhs); return *this; }
+ VintT& operator/=(Unit rhs) { divu1(*this, *this, rhs); return *this; }
+ VintT& operator%=(Unit rhs) { modu1(*this, *this, rhs); return *this; }
+
+ VintT& operator&=(Unit rhs) { andBitu1(*this, *this, rhs); return *this; }
+ VintT& operator|=(Unit rhs) { orBitu1(*this, *this, rhs); return *this; }
+
+ friend VintT operator+(const VintT& a, const VintT& b) { VintT c; add(c, a, b); return c; }
+ friend VintT operator-(const VintT& a, const VintT& b) { VintT c; sub(c, a, b); return c; }
+ friend VintT operator*(const VintT& a, const VintT& b) { VintT c; mul(c, a, b); return c; }
+ friend VintT operator/(const VintT& a, const VintT& b) { VintT c; div(c, a, b); return c; }
+ friend VintT operator%(const VintT& a, const VintT& b) { VintT c; mod(c, a, b); return c; }
+ friend VintT operator&(const VintT& a, const VintT& b) { VintT c; andBit(c, a, b); return c; }
+ friend VintT operator|(const VintT& a, const VintT& b) { VintT c; orBit(c, a, b); return c; }
+
+ friend VintT operator+(const VintT& a, int b) { VintT c; adds1(c, a, b); return c; }
+ friend VintT operator-(const VintT& a, int b) { VintT c; subs1(c, a, b); return c; }
+ friend VintT operator*(const VintT& a, int b) { VintT c; muls1(c, a, b); return c; }
+ friend VintT operator/(const VintT& a, int b) { VintT c; divs1(c, a, b); return c; }
+ friend VintT operator%(const VintT& a, int b) { VintT c; mods1(c, a, b); return c; }
+ friend VintT operator+(const VintT& a, Unit b) { VintT c; addu1(c, a, b); return c; }
+ friend VintT operator-(const VintT& a, Unit b) { VintT c; subu1(c, a, b); return c; }
+ friend VintT operator*(const VintT& a, Unit b) { VintT c; mulu1(c, a, b); return c; }
+ friend VintT operator/(const VintT& a, Unit b) { VintT c; divu1(c, a, b); return c; }
+ friend VintT operator%(const VintT& a, Unit b) { VintT c; modu1(c, a, b); return c; }
+
+ friend VintT operator&(const VintT& a, Unit b) { VintT c; andBitu1(c, a, b); return c; }
+ friend VintT operator|(const VintT& a, Unit b) { VintT c; orBitu1(c, a, b); return c; }
+
+ VintT operator-() const { VintT c; neg(c, *this); return c; }
+ VintT& operator<<=(size_t n) { shl(*this, *this, n); return *this; }
+ VintT& operator>>=(size_t n) { shr(*this, *this, n); return *this; }
+ VintT operator<<(size_t n) const { VintT c = *this; c <<= n; return c; }
+ VintT operator>>(size_t n) const { VintT c = *this; c >>= n; return c; }
+};
+
+#ifdef MCL_VINT_FIXED_BUFFER
+typedef VintT<vint::FixedBuffer<mcl::vint::Unit, MCL_MAX_BIT_SIZE * 2> > Vint;
+#else
+typedef VintT<vint::Buffer<mcl::vint::Unit> > Vint;
+#endif
+
+} // mcl
+
+//typedef mcl::Vint mpz_class;
diff --git a/vendor/github.com/byzantine-lab/mcl/include/mcl/window_method.hpp b/vendor/github.com/byzantine-lab/mcl/include/mcl/window_method.hpp
new file mode 100644
index 000000000..cb4fad37e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/include/mcl/window_method.hpp
@@ -0,0 +1,175 @@
+#pragma once
+/**
+ @file
+ @brief window method
+ @author MITSUNARI Shigeo(@herumi)
+*/
+#include <mcl/array.hpp>
+#include <mcl/fp.hpp>
+
+namespace mcl { namespace fp {
+
+/*
+ get w-bit size from x[0, bitSize)
+ @param x [in] data
+ @param bitSize [in] data size
+ @param w [in] split size < UnitBitSize
+*/
+template<class T>
+struct ArrayIterator {
+ static const size_t TbitSize = sizeof(T) * 8;
+ ArrayIterator(const T *x, size_t bitSize, size_t w)
+ : x(x)
+ , bitSize(bitSize)
+ , w(w)
+ , pos(0)
+ , mask((w == TbitSize ? 0 : (T(1) << w)) - 1)
+ {
+ assert(w <= TbitSize);
+ }
+ bool hasNext() const { return bitSize > 0; }
+ T getNext()
+ {
+ if (w == TbitSize) {
+ bitSize -= w;
+ return *x++;
+ }
+ if (pos + w < TbitSize) {
+ T v = (*x >> pos) & mask;
+ pos += w;
+ if (bitSize < w) {
+ bitSize = 0;
+ } else {
+ bitSize -= w;
+ }
+ return v;
+ }
+ if (pos + bitSize <= TbitSize) {
+ assert(bitSize <= w);
+ T v = *x >> pos;
+ assert((v >> bitSize) == 0);
+ bitSize = 0;
+ return v & mask;
+ }
+ assert(pos > 0);
+ T v = (x[0] >> pos) | (x[1] << (TbitSize - pos));
+ v &= mask;
+ pos = (pos + w) - TbitSize;
+ bitSize -= w;
+ x++;
+ return v;
+ }
+ const T *x;
+ size_t bitSize;
+ size_t w;
+ size_t pos;
+ T mask;
+};
+
+template<class Ec>
+class WindowMethod {
+public:
+ size_t bitSize_;
+ size_t winSize_;
+ mcl::Array<Ec> tbl_;
+ WindowMethod(const Ec& x, size_t bitSize, size_t winSize)
+ {
+ init(x, bitSize, winSize);
+ }
+ WindowMethod()
+ : bitSize_(0)
+ , winSize_(0)
+ {
+ }
+ /*
+ @param x [in] base index
+ @param bitSize [in] exponent bit length
+ @param winSize [in] window size
+ */
+ void init(bool *pb, const Ec& x, size_t bitSize, size_t winSize)
+ {
+ bitSize_ = bitSize;
+ winSize_ = winSize;
+ const size_t tblNum = (bitSize + winSize - 1) / winSize;
+ const size_t r = size_t(1) << winSize;
+ *pb = tbl_.resize(tblNum * r);
+ if (!*pb) return;
+ Ec t(x);
+ for (size_t i = 0; i < tblNum; i++) {
+ Ec* w = &tbl_[i * r];
+ w[0].clear();
+ for (size_t d = 1; d < r; d *= 2) {
+ for (size_t j = 0; j < d; j++) {
+ Ec::add(w[j + d], w[j], t);
+ }
+ Ec::dbl(t, t);
+ }
+ for (size_t j = 0; j < r; j++) {
+ w[j].normalize();
+ }
+ }
+ }
+#ifndef CYBOZU_DONT_USE_EXCEPTION
+ void init(const Ec& x, size_t bitSize, size_t winSize)
+ {
+ bool b;
+ init(&b, x, bitSize, winSize);
+ if (!b) throw cybozu::Exception("mcl:WindowMethod:init") << bitSize << winSize;
+ }
+#endif
+ /*
+ @param z [out] x multiplied by y
+ @param y [in] exponent
+ */
+ template<class tag2, size_t maxBitSize2>
+ void mul(Ec& z, const FpT<tag2, maxBitSize2>& y) const
+ {
+ fp::Block b;
+ y.getBlock(b);
+ powArray(z, b.p, b.n, false);
+ }
+ void mul(Ec& z, int64_t y) const
+ {
+#if MCL_SIZEOF_UNIT == 8
+ Unit u = fp::abs_(y);
+ powArray(z, &u, 1, y < 0);
+#else
+ uint64_t ua = fp::abs_(y);
+ Unit u[2] = { uint32_t(ua), uint32_t(ua >> 32) };
+ size_t un = u[1] ? 2 : 1;
+ powArray(z, u, un, y < 0);
+#endif
+ }
+ void mul(Ec& z, const mpz_class& y) const
+ {
+ powArray(z, gmp::getUnit(y), gmp::getUnitSize(y), y < 0);
+ }
+ void powArray(Ec& z, const Unit* y, size_t n, bool isNegative) const
+ {
+ z.clear();
+ while (n > 0) {
+ if (y[n - 1]) break;
+ n--;
+ }
+ if (n == 0) return;
+ assert((n << winSize_) <= tbl_.size());
+ if ((n << winSize_) > tbl_.size()) return;
+ assert(y[n - 1]);
+ const size_t bitSize = (n - 1) * UnitBitSize + cybozu::bsr<Unit>(y[n - 1]) + 1;
+ size_t i = 0;
+ ArrayIterator<Unit> ai(y, bitSize, winSize_);
+ do {
+ Unit v = ai.getNext();
+ if (v) {
+ Ec::add(z, z, tbl_[(i << winSize_) + v]);
+ }
+ i++;
+ } while (ai.hasNext());
+ if (isNegative) {
+ Ec::neg(z, z);
+ }
+ }
+};
+
+} } // mcl::fp
+
diff --git a/vendor/github.com/byzantine-lab/mcl/lib/.emptydir b/vendor/github.com/byzantine-lab/mcl/lib/.emptydir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/lib/.emptydir
diff --git a/vendor/github.com/byzantine-lab/mcl/mcl.sln b/vendor/github.com/byzantine-lab/mcl/mcl.sln
new file mode 100644
index 000000000..7c4fe8f0c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/mcl.sln
@@ -0,0 +1,57 @@
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.40629.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "fp_test", "test\proj\fp_test\fp_test.vcxproj", "{51266DE6-B57B-4AE3-B85C-282F170E1728}"
+ ProjectSection(ProjectDependencies) = postProject
+ {1DBB979A-C212-45CD-9563-446A96F87F71} = {1DBB979A-C212-45CD-9563-446A96F87F71}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ec_test", "test\proj\ec_test\ec_test.vcxproj", "{46B6E88E-739A-406B-9F68-BC46C5950FA3}"
+ ProjectSection(ProjectDependencies) = postProject
+ {1DBB979A-C212-45CD-9563-446A96F87F71} = {1DBB979A-C212-45CD-9563-446A96F87F71}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mcl", "src\proj\mcl.vcxproj", "{1DBB979A-C212-45CD-9563-446A96F87F71}"
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "fp_tower_test", "test\proj\fp_tower_test\fp_tower_test.vcxproj", "{733B6250-D249-4A99-B2A6-C8FAF6A90E97}"
+ ProjectSection(ProjectDependencies) = postProject
+ {1DBB979A-C212-45CD-9563-446A96F87F71} = {1DBB979A-C212-45CD-9563-446A96F87F71}
+ EndProjectSection
+EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "bn_test", "test\proj\bn_test\bn_test.vcxproj", "{9F935350-2F4C-45FA-A1C2-1D5AA0EADC96}"
+ ProjectSection(ProjectDependencies) = postProject
+ {1DBB979A-C212-45CD-9563-446A96F87F71} = {1DBB979A-C212-45CD-9563-446A96F87F71}
+ EndProjectSection
+EndProject
+Global
+ GlobalSection(SolutionConfigurationPlatforms) = preSolution
+ Debug|x64 = Debug|x64
+ Release|x64 = Release|x64
+ EndGlobalSection
+ GlobalSection(ProjectConfigurationPlatforms) = postSolution
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Debug|x64.ActiveCfg = Debug|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Debug|x64.Build.0 = Debug|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Release|x64.ActiveCfg = Release|x64
+ {51266DE6-B57B-4AE3-B85C-282F170E1728}.Release|x64.Build.0 = Release|x64
+ {46B6E88E-739A-406B-9F68-BC46C5950FA3}.Debug|x64.ActiveCfg = Debug|x64
+ {46B6E88E-739A-406B-9F68-BC46C5950FA3}.Debug|x64.Build.0 = Debug|x64
+ {46B6E88E-739A-406B-9F68-BC46C5950FA3}.Release|x64.ActiveCfg = Release|x64
+ {46B6E88E-739A-406B-9F68-BC46C5950FA3}.Release|x64.Build.0 = Release|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Debug|x64.ActiveCfg = Debug|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Debug|x64.Build.0 = Debug|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Release|x64.ActiveCfg = Release|x64
+ {1DBB979A-C212-45CD-9563-446A96F87F71}.Release|x64.Build.0 = Release|x64
+ {733B6250-D249-4A99-B2A6-C8FAF6A90E97}.Debug|x64.ActiveCfg = Debug|x64
+ {733B6250-D249-4A99-B2A6-C8FAF6A90E97}.Debug|x64.Build.0 = Debug|x64
+ {733B6250-D249-4A99-B2A6-C8FAF6A90E97}.Release|x64.ActiveCfg = Release|x64
+ {733B6250-D249-4A99-B2A6-C8FAF6A90E97}.Release|x64.Build.0 = Release|x64
+ {9F935350-2F4C-45FA-A1C2-1D5AA0EADC96}.Debug|x64.ActiveCfg = Debug|x64
+ {9F935350-2F4C-45FA-A1C2-1D5AA0EADC96}.Debug|x64.Build.0 = Debug|x64
+ {9F935350-2F4C-45FA-A1C2-1D5AA0EADC96}.Release|x64.ActiveCfg = Release|x64
+ {9F935350-2F4C-45FA-A1C2-1D5AA0EADC96}.Release|x64.Build.0 = Release|x64
+ EndGlobalSection
+ GlobalSection(SolutionProperties) = preSolution
+ HideSolutionNode = FALSE
+ EndGlobalSection
+EndGlobal
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/bench.txt b/vendor/github.com/byzantine-lab/mcl/misc/bench.txt
new file mode 100644
index 000000000..3e18e6b44
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/bench.txt
@@ -0,0 +1,21 @@
+Core i7-7700 @ 3.6GHz
+ BN254 BLS12_381
+G1::mul 185.863Kclk 360.723Kclk
+G1::add 812.01 clk 1.540Kclk
+G1::dbl 837.24 clk 1.977Kclk
+G2::mul 340.125Kclk 642.457Kclk
+G2::add 2.233Kclk 4.368Kclk
+G2::dbl 2.134Kclk 4.088Kclk
+GT::pow 615.052Kclk 1.055Mclk
+G1::setStr chk 1.546Kclk 534.376Kclk
+G1::setStr 1.592Kclk 4.000Kclk
+G2::setStr chk 609.195Kclk 1.402Mclk
+G2::setStr 5.444Kclk 8.282Kclk
+hashAndMapToG1 26.997Kclk 336.207Kclk
+hashAndMapToG2 212.800Kclk 775.072Kclk
+pairing 909.076Kclk 2.367Mclk
+millerLoop 549.957Kclk 983.935Kclk
+finalExp 375.203Kclk 1.404Mclk
+precomputeG2 126.000Kclk 236.912Kclk
+precomputedML 427.272Kclk 729.234Kclk
+
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/karatsuba.cpp b/vendor/github.com/byzantine-lab/mcl/misc/karatsuba.cpp
new file mode 100644
index 000000000..7c150c6e3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/karatsuba.cpp
@@ -0,0 +1,75 @@
+/*
+ sudo cpufreq-set -c 0 -g performance
+ mycl karatsuba.cpp -DMCL_USE_LLVM=1 ../lib/libmcl.a && ./a.out
+*/
+#include <stdio.h>
+#include <mcl/fp.hpp>
+#include <cybozu/xorshift.hpp>
+#include "../src/proto.hpp"
+#include "../src/low_func.hpp"
+#ifdef MCL_USE_LLVM
+#include "../src/low_func_llvm.hpp"
+#endif
+#include <cybozu/test.hpp>
+#include <cybozu/benchmark.hpp>
+
+typedef mcl::FpT<> Fp;
+
+using namespace mcl::fp;
+
+void dump(const Unit *x, size_t N)
+{
+ for (size_t i = 0; i < N; i++) {
+ printf("%016llx ", (long long)x[N - 1 - i]);
+ }
+ printf("\n");
+}
+
+void gggKara(uint64_t *z, const uint64_t *x, const uint64_t *)
+{
+ SqrPre<8, Gtag>::f(z, x);
+}
+void gggLLVM(uint64_t *z, const uint64_t *x, const uint64_t *y)
+{
+ MulPre<8, Ltag>::f(z, x, y);
+}
+
+template<size_t N>
+void benchKaratsuba()
+{
+ cybozu::XorShift rg;
+ printf("N=%d\n", (int)N);
+ Unit z[N * 2];
+ rg.read(z, N);
+ CYBOZU_BENCH("g:mulPre ", (MulPreCore<N, Gtag>::f), z, z, z);
+// CYBOZU_BENCH("g:mulKara", (MulPre<N, Gtag>::karatsuba), z, z, z);
+ CYBOZU_BENCH("g:sqrPre ", (SqrPreCore<N, Gtag>::f), z, z);
+// CYBOZU_BENCH("g:sqrKara", (SqrPre<N, Gtag>::karatsuba), z, z);
+
+#ifdef MCL_USE_LLVM
+ CYBOZU_BENCH("l:mulPre ", (MulPreCore<N, Ltag>::f), z, z, z);
+ CYBOZU_BENCH("l:sqrPre ", (SqrPreCore<N, Ltag>::f), z, z);
+ CYBOZU_BENCH("l:mulKara", (MulPre<N, Ltag>::karatsuba), z, z, z);
+ CYBOZU_BENCH("l:sqrKara", (SqrPre<N, Ltag>::karatsuba), z, z);
+#endif
+}
+
+CYBOZU_TEST_AUTO(karatsuba)
+{
+ benchKaratsuba<4>();
+ benchKaratsuba<6>();
+ benchKaratsuba<8>();
+#if MCL_MAX_BIT_SIZE >= 640
+ benchKaratsuba<10>();
+#endif
+#if MCL_MAX_BIT_SIZE >= 768
+ benchKaratsuba<12>();
+#endif
+#if MCL_MAX_BIT_SIZE >= 896
+ benchKaratsuba<14>();
+#endif
+#if MCL_MAX_BIT_SIZE >= 1024
+ benchKaratsuba<16>();
+#endif
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/mul.cpp b/vendor/github.com/byzantine-lab/mcl/misc/mul.cpp
new file mode 100644
index 000000000..146ac33a9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/mul.cpp
@@ -0,0 +1,58 @@
+/*
+ sudo cpufreq-set -c 0 -g performance
+ mycl mul.cpp -DMCL_USE_LLVM=1 ../lib/libmcl.a && ./a.out
+*/
+#include <stdio.h>
+#include <mcl/fp.hpp>
+#include <cybozu/xorshift.hpp>
+#include <cybozu/test.hpp>
+#include <cybozu/benchmark.hpp>
+
+typedef mcl::FpT<> Fp;
+
+using namespace mcl::fp;
+
+void dump(const Unit *x, size_t N)
+{
+ for (size_t i = 0; i < N; i++) {
+ printf("%016llx ", (long long)x[N - 1 - i]);
+ }
+ printf("\n");
+}
+
+CYBOZU_TEST_AUTO(mulPre)
+{
+ cybozu::XorShift rg;
+ const char *pTbl[] = {
+ "0x2523648240000001ba344d80000000086121000000000013a700000000000013",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+ "6701817056313037086248947066310538444882082605308124576230408038843357549886356779857393369967010764802541005796711440355753503701056323603", // 462 bit
+ "4562440617622195218641171605700291324893228507248559930579192517899275167208677386505912811317371399778642309573594407310688704721375437998252661319722214188251994674360264950082874192246603471", // 640 bit
+ "1552518092300708935148979488462502555256886017116696611139052038026050952686376886330878408828646477950487730697131073206171580044114814391444287275041181139204454976020849905550265285631598444825262999193716468750892846853816057031", // 768 bit
+ };
+ const size_t N = 16;
+ const Mode modeTbl[] = {
+ FP_GMP_MONT,
+#ifdef MCL_USE_LLVM
+ FP_LLVM_MONT,
+#endif
+ };
+ for (size_t j = 0; j < CYBOZU_NUM_OF_ARRAY(modeTbl); j++) {
+ Mode mode = modeTbl[j];
+ printf("%s\n", ModeToStr(mode));
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(pTbl); i++) {
+ const char *p = pTbl[i];
+ Fp::init(p, mode);
+ printf("bitSize=%d\n", (int)Fp::getBitSize());
+ const Op& op = Fp::getOp();
+ Unit x[N], y[N * 2];
+ rg.read(x, N);
+ rg.read(y, N * 2);
+ CYBOZU_BENCH("mul ", op.fp_mul, y, y, x, op.p);
+ CYBOZU_BENCH("sqr ", op.fp_sqr, y, y, op.p);
+ CYBOZU_BENCH("mulPre", op.fpDbl_mulPre, y, y, y);
+ CYBOZU_BENCH("sqrPre", op.fpDbl_sqrPre, y, y);
+ CYBOZU_BENCH("mod ", op.fpDbl_mod, y, y, op.p);
+ }
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/precompute.cpp b/vendor/github.com/byzantine-lab/mcl/misc/precompute.cpp
new file mode 100644
index 000000000..63cdd663b
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/precompute.cpp
@@ -0,0 +1,30 @@
+#include <mcl/bn256.hpp>
+#include <iostream>
+
+using namespace mcl::bn;
+
+int main()
+{
+ initPairing(mcl::BN254);
+ G2 Q;
+ mapToG2(Q, 1);
+ std::vector<Fp6> Qcoeff;
+ precomputeG2(Qcoeff, Q);
+ puts("#if MCL_SIZEOF_UNIT == 8");
+ puts("static const uint64_t QcoeffTblBN254[][6][4] = {");
+ for (size_t i = 0; i < Qcoeff.size(); i++) {
+ const Fp6& x6 = Qcoeff[i];
+ puts("\t{");
+ for (size_t j = 0; j < 6; j++) {
+ printf("\t\t{");
+ const Fp& x = x6.getFp0()[j];
+ for (size_t k = 0; k < 4; k++) {
+ printf("0x%016llxull,", (unsigned long long)x.getUnit()[k]);
+ }
+ puts("},");
+ }
+ puts("\t},");
+ }
+ puts("};");
+ puts("#endif");
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/bench.sh b/vendor/github.com/byzantine-lab/mcl/misc/she/bench.sh
new file mode 100644
index 000000000..ced87b4db
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/bench.sh
@@ -0,0 +1,6 @@
+for i in 4 6 8
+do echo $i
+touch test/she_test.cpp
+make bin/she_test.exe CFLAGS_USER=-DMCLBN_FP_UNIT_SIZE=$i
+bin/she_test.exe > misc/she/bench$i.txt
+done
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/bench4.txt b/vendor/github.com/byzantine-lab/mcl/misc/she/bench4.txt
new file mode 100644
index 000000000..99b2593c4
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/bench4.txt
@@ -0,0 +1,99 @@
+ctest:module=log
+CurveFp254BNb
+ctest:module=HashTable
+ctest:module=GTHashTable
+ctest:module=enc_dec
+ctest:module=add_sub_mul
+ctest:module=add_mul_add_sub
+ctest:module=innerProduct
+ctest:module=io
+ctest:module=bench
+enc 673.772Kclk
+add 8.021Kclk
+mul 4.042Mclk
+dec 2.194Mclk
+add after mul 20.693Kclk
+ctest:module=saveHash
+ctest:module=hashBench
+Kclk
+m=000fffff decG1 1.83e+02
+m=001fffff decG1 1.83e+02
+m=003fffff decG1 1.83e+02
+m=007fffff decG1 1.90e+02
+m=00ffffff decG1 2.04e+02
+m=01ffffff decG1 2.66e+02
+m=03ffffff decG1 4.17e+02
+m=07ffffff decG1 7.15e+02
+m=0fffffff decG1 1.29e+03
+m=1fffffff decG1 2.43e+03
+m=3fffffff decG1 4.70e+03
+m=7fffffff decG1 9.28e+03
+
+m=000fffff decG2 4.09e+02
+m=001fffff decG2 4.11e+02
+m=003fffff decG2 4.09e+02
+m=007fffff decG2 4.23e+02
+m=00ffffff decG2 4.48e+02
+m=01ffffff decG2 5.21e+02
+m=03ffffff decG2 7.25e+02
+m=07ffffff decG2 1.11e+03
+m=0fffffff decG2 1.87e+03
+m=1fffffff decG2 3.36e+03
+m=3fffffff decG2 6.38e+03
+m=7fffffff decG2 1.24e+04
+
+m=000fffff decGT 2.20e+03
+m=001fffff decGT 2.21e+03
+m=003fffff decGT 2.20e+03
+m=007fffff decGT 2.21e+03
+m=00ffffff decGT 2.23e+03
+m=01ffffff decGT 2.28e+03
+m=03ffffff decGT 2.37e+03
+m=07ffffff decGT 2.56e+03
+m=0fffffff decGT 2.94e+03
+m=1fffffff decGT 3.78e+03
+m=3fffffff decGT 5.41e+03
+m=7fffffff decGT 8.69e+03
+large m
+G1::add 7.36e-01
+G1::mul 1.92e+02
+G2::add 3.51e+00
+G2::mul 4.03e+02
+GT::mul 5.47e+00
+GT::pow 7.27e+02
+G1window 1.92e+01
+G2window 6.15e+01
+GTwindow 1.35e+02
+miller 6.69e+02
+finalExp 4.23e+02
+precomML 5.16e+02
+small m = 2097151
+G1::mul 4.52e+01
+G2::mul 1.01e+02
+GT::pow 1.33e+02
+G1window 1.55e+00
+G2window 5.02e+00
+GTwindow 1.55e+01
+encG1 2.10e+02
+encG2 4.82e+02
+encGT 2.47e+03
+encG1pre 5.31e+01
+encG2pre 1.47e+02
+encGTpre 6.01e+02
+decG1 1.84e+02
+decG2 3.96e+02
+degGT 2.20e+03
+mul 4.07e+03
+addG1 1.56e+00
+addG2 4.72e+00
+addGT 2.12e+01
+reRandG1 2.10e+02
+reRandG2 4.71e+02
+reRandGT 2.49e+03
+reRandG1pre 5.16e+01
+reRandG2pre 1.44e+02
+reRandGTpre 6.10e+02
+mulG1 9.03e+01
+mulG2 2.03e+02
+mulGT 5.34e+02
+ctest:name=she_test, module=11, total=2879, ok=2879, ng=0, exception=0
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/bench6.txt b/vendor/github.com/byzantine-lab/mcl/misc/she/bench6.txt
new file mode 100644
index 000000000..863f7129a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/bench6.txt
@@ -0,0 +1,99 @@
+ctest:module=log
+CurveFp382_1
+ctest:module=HashTable
+ctest:module=GTHashTable
+ctest:module=enc_dec
+ctest:module=add_sub_mul
+ctest:module=add_mul_add_sub
+ctest:module=innerProduct
+ctest:module=io
+ctest:module=bench
+enc 2.077Mclk
+add 17.694Kclk
+mul 13.408Mclk
+dec 5.854Mclk
+add after mul 41.570Kclk
+ctest:module=saveHash
+ctest:module=hashBench
+Kclk
+m=000fffff decG1 5.34e+02
+m=001fffff decG1 5.36e+02
+m=003fffff decG1 5.34e+02
+m=007fffff decG1 5.48e+02
+m=00ffffff decG1 5.87e+02
+m=01ffffff decG1 7.11e+02
+m=03ffffff decG1 9.53e+02
+m=07ffffff decG1 1.41e+03
+m=0fffffff decG1 2.30e+03
+m=1fffffff decG1 4.11e+03
+m=3fffffff decG1 7.71e+03
+m=7fffffff decG1 1.50e+04
+
+m=000fffff decG2 1.27e+03
+m=001fffff decG2 1.27e+03
+m=003fffff decG2 1.27e+03
+m=007fffff decG2 1.30e+03
+m=00ffffff decG2 1.35e+03
+m=01ffffff decG2 1.53e+03
+m=03ffffff decG2 1.88e+03
+m=07ffffff decG2 2.55e+03
+m=0fffffff decG2 3.87e+03
+m=1fffffff decG2 6.53e+03
+m=3fffffff decG2 1.18e+04
+m=7fffffff decG2 2.25e+04
+
+m=000fffff decGT 6.01e+03
+m=001fffff decGT 6.03e+03
+m=003fffff decGT 6.01e+03
+m=007fffff decGT 6.04e+03
+m=00ffffff decGT 6.08e+03
+m=01ffffff decGT 6.17e+03
+m=03ffffff decGT 6.39e+03
+m=07ffffff decGT 6.71e+03
+m=0fffffff decGT 7.44e+03
+m=1fffffff decGT 8.95e+03
+m=3fffffff decGT 1.20e+04
+m=7fffffff decGT 1.80e+04
+large m
+G1::add 1.48e+00
+G1::mul 5.44e+02
+G2::add 6.91e+00
+G2::mul 1.28e+03
+GT::mul 1.04e+01
+GT::pow 2.04e+03
+G1window 5.57e+01
+G2window 2.04e+02
+GTwindow 4.03e+02
+miller 2.09e+03
+finalExp 1.50e+03
+precomML 1.63e+03
+small m = 2097151
+G1::mul 8.29e+01
+G2::mul 2.05e+02
+GT::pow 2.66e+02
+G1window 3.18e+00
+G2window 1.14e+01
+GTwindow 3.19e+01
+encG1 6.01e+02
+encG2 1.49e+03
+encGT 7.66e+03
+encG1pre 1.41e+02
+encG2pre 4.71e+02
+encGTpre 1.76e+03
+decG1 5.37e+02
+decG2 1.27e+03
+degGT 6.02e+03
+mul 1.34e+04
+addG1 3.07e+00
+addG2 1.02e+01
+addGT 4.18e+01
+reRandG1 5.99e+02
+reRandG2 1.49e+03
+reRandGT 7.69e+03
+reRandG1pre 1.40e+02
+reRandG2pre 4.68e+02
+reRandGTpre 1.75e+03
+mulG1 1.65e+02
+mulG2 4.14e+02
+mulGT 1.06e+03
+ctest:name=she_test, module=11, total=2879, ok=2879, ng=0, exception=0
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/bench8.txt b/vendor/github.com/byzantine-lab/mcl/misc/she/bench8.txt
new file mode 100644
index 000000000..f8fe8fd75
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/bench8.txt
@@ -0,0 +1,99 @@
+ctest:module=log
+CurveFp462
+ctest:module=HashTable
+ctest:module=GTHashTable
+ctest:module=enc_dec
+ctest:module=add_sub_mul
+ctest:module=add_mul_add_sub
+ctest:module=innerProduct
+ctest:module=io
+ctest:module=bench
+enc 5.095Mclk
+add 36.280Kclk
+mul 30.163Mclk
+dec 12.974Mclk
+add after mul 76.646Kclk
+ctest:module=saveHash
+ctest:module=hashBench
+Kclk
+m=000fffff decG1 1.44e+03
+m=001fffff decG1 1.45e+03
+m=003fffff decG1 1.45e+03
+m=007fffff decG1 1.47e+03
+m=00ffffff decG1 1.54e+03
+m=01ffffff decG1 1.70e+03
+m=03ffffff decG1 2.03e+03
+m=07ffffff decG1 2.64e+03
+m=0fffffff decG1 3.88e+03
+m=1fffffff decG1 6.32e+03
+m=3fffffff decG1 1.12e+04
+m=7fffffff decG1 2.11e+04
+
+m=000fffff decG2 2.99e+03
+m=001fffff decG2 3.01e+03
+m=003fffff decG2 2.99e+03
+m=007fffff decG2 3.05e+03
+m=00ffffff decG2 3.15e+03
+m=01ffffff decG2 3.41e+03
+m=03ffffff decG2 3.93e+03
+m=07ffffff decG2 4.95e+03
+m=0fffffff decG2 6.97e+03
+m=1fffffff decG2 1.10e+04
+m=3fffffff decG2 1.91e+04
+m=7fffffff decG2 3.54e+04
+
+m=000fffff decGT 1.31e+04
+m=001fffff decGT 1.31e+04
+m=003fffff decGT 1.31e+04
+m=007fffff decGT 1.31e+04
+m=00ffffff decGT 1.32e+04
+m=01ffffff decGT 1.33e+04
+m=03ffffff decGT 1.36e+04
+m=07ffffff decGT 1.43e+04
+m=0fffffff decGT 1.56e+04
+m=1fffffff decGT 1.82e+04
+m=3fffffff decGT 2.34e+04
+m=7fffffff decGT 3.39e+04
+large m
+G1::add 3.40e+00
+G1::mul 1.41e+03
+G2::add 1.38e+01
+G2::mul 2.93e+03
+GT::mul 1.94e+01
+GT::pow 4.30e+03
+G1window 1.59e+02
+G2window 4.89e+02
+GTwindow 8.96e+02
+miller 4.99e+03
+finalExp 3.26e+03
+precomML 3.71e+03
+small m = 2097151
+G1::mul 1.53e+02
+G2::mul 3.85e+02
+GT::pow 4.88e+02
+G1window 6.96e+00
+G2window 2.17e+01
+GTwindow 5.83e+01
+encG1 1.62e+03
+encG2 3.48e+03
+encGT 1.79e+04
+encG1pre 3.67e+02
+encG2pre 1.09e+03
+encGTpre 3.88e+03
+decG1 1.45e+03
+decG2 3.02e+03
+degGT 1.31e+04
+mul 3.02e+04
+addG1 7.08e+00
+addG2 2.03e+01
+addGT 7.68e+01
+reRandG1 1.63e+03
+reRandG2 3.48e+03
+reRandGT 1.79e+04
+reRandG1pre 3.65e+02
+reRandG2pre 1.08e+03
+reRandGTpre 3.79e+03
+mulG1 3.08e+02
+mulG2 7.65e+02
+mulGT 1.95e+03
+ctest:name=she_test, module=11, total=2879, ok=2879, ng=0, exception=0
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/nizkp.pdf b/vendor/github.com/byzantine-lab/mcl/misc/she/nizkp.pdf
new file mode 100644
index 000000000..7e61b5a64
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/nizkp.pdf
Binary files differ
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/she-api-ja.md b/vendor/github.com/byzantine-lab/mcl/misc/she/she-api-ja.md
new file mode 100644
index 000000000..850f11ff3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/she-api-ja.md
@@ -0,0 +1,314 @@
+# L2準åŒåž‹æš—å·ãƒ©ã‚¤ãƒ–ラリshe
+
+# 概è¦
+she(somewhat homomorphic encryption)ã¯ãƒšã‚¢ãƒªãƒ³ã‚°ãƒ™ãƒ¼ã‚¹ã®L2準åŒåž‹æš—å·ã¨å‘¼ã°ã‚Œã‚‹å…¬é–‹éµæš—å·ãƒ©ã‚¤ãƒ–ラリã§ã‚る。
+L2準åŒåž‹æš—å·ã¨ã¯æš—å·æ–‡åŒå£«ã®åŠ ç®—を複数回ã€ä¹—算を一度ã ã‘ã§ãる性質を表ã™ã€‚
+
+特ã«2個ã®æ•´æ•°å€¤ãƒ™ã‚¯ãƒˆãƒ«x = (x_i), y = (y_i)ã®å„è¦ç´ ãŒæš—å·åŒ–ã•ã‚ŒãŸçŠ¶æ…‹ã§ã€ãã®2個ã®ãƒ™ã‚¯ãƒˆãƒ«ã®å†…ç©ã‚’æš—å·åŒ–ã—ãŸã¾ã¾è¨ˆç®—ã§ãる。
+
+ΣEnc(x_i) Enc(y_i) = Enc(Σx_i y_i).
+
+# 特長
+* ペアリングベースã®æœ€æ–°ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’実装
+ * [Efficient Two-level Homomorphic Encryption in Prime-order Bilinear Groups and A Fast Implementation in WebAssembly : ASIA CCS2018](http://asiaccs2018.org/?page_id=632)
+* C++版ã¯Windows(x64), Linux(x64, ARM64), OSX(x64)ã«å¯¾å¿œ
+* JavaScript(WebAssembly 以é™JSã¨è¨˜ã™)版ã¯Chrome, Firefox, Edge, Safari(Android, iPhoneå«ã‚€), Node.jsã«å¯¾å¿œ
+
+# クラスã¨ä¸»ãªæ©Ÿèƒ½
+
+## 主ãªã‚¯ãƒ©ã‚¹
+* 秘密éµã‚¯ãƒ©ã‚¹ SecretKey
+* 公開éµã‚¯ãƒ©ã‚¹ PublicKey
+* æš—å·æ–‡ã‚¯ãƒ©ã‚¹ CipherTextG1, CipherTextG2, CipherTextGT
+* ゼロ知識証明クラス ZkpBin, ZkpEq, ZkpBinEq
+
+## æš—å·åŒ–ã¨å¾©å·æ–¹æ³•
+* 秘密éµã‹ã‚‰å…¬é–‹éµã‚’作æˆã™ã‚‹
+* 公開éµã‚’用ã„ã¦æ•´æ•°ã‹ã‚‰æš—å·æ–‡ã‚’作る
+* 秘密éµã‚’用ã„ã¦æš—å·æ–‡ã‚’復å·ã™ã‚‹
+
+## æš—å·æ–‡åŒå£«ã®è¨ˆç®—
+* åŒã˜æš—å·æ–‡ã‚¯ãƒ©ã‚¹åŒå£«ã¯åŠ ç®—・減算ã§ãã‚‹
+* CipherTextG1ã¨CipherTextG2ã‚’ä¹—ç®—ã™ã‚‹ã¨CipherTextGTã«ãªã‚‹
+
+## 復å·ã®é‡è¦ãªæ³¨æ„点
+* ã“ã®sheã¯å¾©å·æ™‚ã«å°ã•ãªé›¢æ•£å¯¾æ•°å•é¡Œ(DLP)を解ãå¿…è¦ãŒã‚ã‚‹
+* DLPã®ãƒ†ãƒ¼ãƒ–ルサイズをsã€æš—å·æ–‡ã‚’Enc(m)ã¨ã™ã‚‹ã¨å¾©å·æ™‚é–“ã¯m/sã«æ¯”例ã™ã‚‹
+* テーブルサイズã®è¨­å®šã¯`setRangeForDLP(s)`を使ã†
+ * `m/s`ã®æœ€å¤§å€¤ã¯`setTryNum(tryNum)`ã§è¡Œã†
+
+## ゼロ知識証明クラス
+* mã‚’æš—å·ã™ã‚‹ã¨ãã«åŒæ™‚ã«ã‚¼ãƒ­çŸ¥è­˜è¨¼æ˜Žã‚’生æˆã™ã‚‹
+* æš—å·æ–‡ã¨ç”Ÿæˆã•ã‚ŒãŸã‚¼ãƒ­çŸ¥è­˜è¨¼æ˜Žã¨å…¬é–‹éµã§mã«é–¢ã™ã‚‹åˆ¶ç´„æ¡ä»¶ã‚’検証ã§ãã‚‹
+
+# JS版
+
+## Node.jsã§ã®èª­ã¿è¾¼ã¿
+
+```
+>npm install she-wasm
+>node
+>const she = require('she-wasm')
+```
+
+## ブラウザã§ã®èª­ã¿è¾¼ã¿
+[she-wasm](https://github.com/herumi/she-wasm/)ã®she.js, she\_c.js, she\_c.wasmファイルをåŒã˜ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ç½®ã„ã¦she.jsを読ã¿è¾¼ã‚€
+```
+// HTML
+<script src="she.js"></script>
+```
+
+## JS版サンプル
+
+```
+// システムã®åˆæœŸåŒ–
+she.init().then(() => {
+ const sec = new she.SecretKey()
+ // 秘密éµã®åˆæœŸåŒ–
+ sec.setByCSPRNG()
+
+ // 秘密éµsecã‹ã‚‰å…¬é–‹éµpubを作æˆ
+ const pub = sec.getPublicKey()
+
+ const m1 = 1
+ const m2 = 2
+ const m3 = 3
+ const m4 = -1
+
+ // 平文m1ã¨m2ã‚’CipherTextG1ã¨ã—ã¦æš—å·åŒ–
+ const c11 = pub.encG1(m1)
+ const c12 = pub.encG1(m2)
+
+ // 平文m3ã¨m4ã‚’CipherTextG2ã¨ã—ã¦æš—å·åŒ–
+ const c21 = pub.encG2(m3)
+ const c22 = pub.encG2(m4)
+
+ // c11ã¨c12, c21ã¨c22ã‚’ãã‚Œãžã‚ŒåŠ ç®—
+ const c1 = she.add(c11, c12)
+ const c2 = she.add(c21, c22)
+
+ // c1ã¨c2ã‚’ä¹—ç®—ã™ã‚‹ã¨CipherTextGTåž‹ã«ãªã‚‹
+ const ct = she.mul(c1, c2)
+
+ // æš—å·æ–‡ctを復å·ã™ã‚‹
+ console.log(`(${m1} + ${m2}) * (${m3} + ${m4}) = ${sec.dec(ct)}`)
+})
+```
+
+# C++版サンプル
+ライブラリã®ãƒ“ルドã¯[mcl](https://github.com/herumi/mcl/#installation-requirements)ã‚’å‚ç…§
+```
+#include <mcl/she.hpp>
+int main()
+ try
+{
+ using namespace mcl::she;
+ // システã®ãƒ åˆæœŸåŒ–
+ init();
+
+ SecretKey sec;
+
+ // 秘密éµã®åˆæœŸåŒ–
+ sec.setByCSPRNG();
+
+ // 秘密éµsecã‹ã‚‰å…¬é–‹éµpubを作æˆ
+ PublicKey pub;
+ sec.getPublicKey(pub);
+
+ int m1 = 1;
+ int m2 = 2;
+ int m3 = 3;
+ int m4 = -1;
+
+ // 平文m1ã¨m2ã‚’CipherTextG1ã¨ã—ã¦æš—å·åŒ–
+ CipherTextG1 c11, c12;
+ pub.enc(c11, m1);
+ pub.enc(c12, m2);
+
+ // 平文m3ã¨m4ã‚’CipherTextG2ã¨ã—ã¦æš—å·åŒ–
+ CipherTextG2 c21, c22;
+ pub.enc(c21, m3);
+ pub.enc(c22, m4);
+
+ // c11ã¨c12, c21ã¨c22ã‚’ãã‚Œãžã‚ŒåŠ ç®—
+ CipherTextG1 c1;
+ CipherTextG2 c2;
+ CipherTextG1::add(c1, c11, c12);
+ CipherTextG2::add(c2, c21, c22);
+
+ // c1ã¨c2ã‚’ä¹—ç®—ã™ã‚‹ã¨CipherTextGTåž‹ã«ãªã‚‹
+ CipherTextGT ct;
+ CipherTextGT::mul(ct, c1, c2);
+
+ // æš—å·æ–‡ctを復å·ã™ã‚‹
+ printf("(%d + %d) * (%d + %d) = %d\n", m1, m2, m3, m4, (int)sec.dec(ct));
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+ return 1;
+}
+
+```
+
+# クラス共通メソッド
+
+## シリアライズ(C++)
+
+* `setStr(const std::string& str, int ioMode = 0)`
+ * ioModeã«å¾“ã£ã¦strã§è¨­å®šã™ã‚‹
+
+* `getStr(std::string& str, int ioMode = 0) const`
+* `std::string getStr(int ioMode = 0) const`
+ * ioModeã«å¾“ã£ã¦strã‚’å–å¾—ã™ã‚‹
+* `size_t serialize(void *buf, size_t maxBufSize) const`
+ * maxBufSize確ä¿ã•ã‚ŒãŸbufã«ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã™ã‚‹
+ * bufã«æ›¸ãè¾¼ã¾ã‚ŒãŸbyteé•·ãŒè¿”ã‚‹
+ * エラーã®å ´åˆã¯0ãŒè¿”ã‚‹
+* `size_t deserialize(const void *buf, size_t bufSize)`
+ * bufã‹ã‚‰æœ€å¤§bufSizeã¾ã§å€¤ã‚’読ã¿è¾¼ã¿ãƒ‡ãƒªã‚·ã‚¢ãƒ©ã‚¤ã‚ºã™ã‚‹
+ * 読ã¿è¾¼ã¾ã‚ŒãŸbyteé•·ãŒè¿”ã‚‹
+ * エラーã®å ´åˆã¯0ãŒè¿”ã‚‹
+
+## シリアライズ(JS)
+
+* `deserialize(s)`
+ * Uint8Arrayåž‹sã§ãƒ‡ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚º
+* `serialize()`
+ * シリアライズã—ã¦Uint8Arrayã®å€¤ã‚’è¿”ã™
+* `deserializeHexStr(s)`
+ * 16進数文字列sã§ãƒ‡ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚º
+* `serializeToHexStr()`
+ * 16進数文字列sã§ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚º
+
+## ioMode
+
+* 2 ; 2進数
+* 10 ; 10進数
+* 16 ; 16進数
+* IoPrefix ; 2ã¾ãŸã¯16ã¨orã®å€¤ã‚’設定ã™ã‚‹ã¨0bã¾ãŸã¯0xãŒã¤ã
+* IoEcAffine ; (G1, G2ã®ã¿)アフィン座標
+* IoEcProj ; (G1, G2ã®ã¿)射影座標
+* IoSerialize ; serialize()/deserialize()ã¨åŒã˜
+
+## 注æ„
+* C++ã®åå‰ç©ºé–“ã¯`mcl::she`
+* 以下CTã¯CipherTextG1, CipherTextG2, CipherTextGTã®ã„ãšã‚Œã‹ã‚’表ã™
+* JS版ã®å¹³æ–‡ã¯32ビット整数ã®ç¯„囲ã«åˆ¶é™ã•ã‚Œã‚‹
+
+## SecretKeyクラス
+
+* `void setByCSPRNG()`(C++)
+* `void setByCSPRNG()`(JS)
+ * 疑似乱数ã§ç§˜å¯†éµã‚’åˆæœŸåŒ–ã™ã‚‹
+
+* `int64_t dec(const CT& c) const`(C++)
+* `int dec(CT c)`(JS)
+ * æš—å·æ–‡cを復å·ã™ã‚‹
+* `int64_t decViaGT(const CipherTextG1& c) const`(C++)
+* `int64_t decViaGT(const CipherTextG2& c) const`(C++)
+* `int decViaGT(CT c)`(JS)
+ * æš—å·æ–‡ã‚’GT経由ã§å¾©å·ã™ã‚‹
+* `bool isZero(const CT& c) const`(C++)
+* `bool isZero(CT c)`(JS)
+ * cã®å¾©å·çµæžœãŒ0ãªã‚‰ã°true
+ * decã—ã¦ã‹ã‚‰0ã¨æ¯”較ã™ã‚‹ã‚ˆã‚Šã‚‚高速
+
+## PublicKey, PrecomputedPublicKeyクラス
+PrecomputedPublicKeyã¯PublicKeyã®é«˜é€Ÿç‰ˆ
+
+* `void PrecomputedPublicKey::init(const PublicKey& pub)`(C++)
+* `void PrecomputedPublicKey::init(pub)`(JS)
+ * 公開éµpubã§PrecomputedPublicKeyã‚’åˆæœŸåŒ–ã™ã‚‹
+
+
+* `PrecomputedPublicKey::destroy()`(JS)
+ * JavaScriptã§ã¯PrecomputedPublicKeyãŒä¸è¦ã«ãªã£ãŸã‚‰ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã‚’呼ã¶å¿…è¦ãŒã‚ã‚‹
+ * ãã†ã—ãªã„ã¨ãƒ¡ãƒ¢ãƒªãƒªãƒ¼ã‚¯ã™ã‚‹
+
+以下ã¯PK = PublicKey or PrecomputedPublicKey
+
+* `void PK::enc(CT& c, int64_t m) const`(C++)
+* `CipherTextG1 PK::encG1(m)`(JS)
+* `CipherTextG2 PK::encG2(m)`(JS)
+* `CipherTextGT PK::encGT(m)`(JS)
+ * mã‚’æš—å·åŒ–ã—ã¦cã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+
+* `void PK::reRand(CT& c) const`(C++)
+* `CT PK::reRand(CT c)`(JS)
+ * cã‚’å†ãƒ©ãƒ³ãƒ€ãƒ åŒ–ã™ã‚‹
+ * å†ãƒ©ãƒ³ãƒ€ãƒ åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã¨å…ƒã®æš—å·æ–‡ã¯åŒã˜å¹³æ–‡ã‚’æš—å·åŒ–ã—ãŸã‚‚ã®ã‹ã©ã†ã‹åˆ¤å®šã§ããªã„
+
+* `void convert(CipherTextGT& cm, const CT& ca) const`
+* `CipherTextGT convert(CT ca)`
+ * æš—å·æ–‡ca(CipherTextG1ã‹CipherTextG2)ã‚’CipherTextGTã«å¤‰æ›ã™ã‚‹
+
+## CipherTextクラス
+
+* `void CT::add(CT& z, const CT& x const CT& y)`(C++)
+* `CT she.add(CT x, CT y)`(JS)
+ * æš—å·æ–‡xã¨æš—å·æ–‡yを足ã—ã¦zã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+* `void CT::sub(CT& z, const CT& x const CT& y)`(C++)
+* `CT she.sub(CT x, CT y)`(JS)
+ * æš—å·æ–‡xã‹ã‚‰æš—å·æ–‡yを引ã„ã¦zã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+* `void CT::neg(CT& y, const CT& x)`(C++)
+* `void she.neg(CT x)`(JS)
+ * æš—å·æ–‡xã®ç¬¦å·å転をyã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+* `void CT::mul(CT& z, const CT& x, int y)`(C++)
+* `CT she.mulInt(CT x, int y)`(JS)
+ * æš—å·æ–‡xã‚’æ•´æ•°å€yã—ã¦zã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+
+* `void CipherTextGT::mul(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)`(C++)
+* `CipherTextGT she.mul(CipherTextG1 x, CipherTextG2 y)`(JS)
+ * æš—å·æ–‡xã¨æš—å·æ–‡yを掛ã‘ã¦zã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+
+* `void CipherTextGT::mulML(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)`(C++)
+ * æš—å·æ–‡xã¨æš—å·æ–‡yを掛ã‘ã¦(Millerループã ã‘ã—ã¦)zã«ã‚»ãƒƒãƒˆã™ã‚‹(ã¾ãŸã¯ãã®å€¤ã‚’è¿”ã™)
+* `CipherTextGT::finalExp(CipherText& , const CipherTextG1& x, const CipherTextG2& y)`(C++)
+ * mul(a, b) = finalExp(mulML(a, b))
+ * add(mul(a, b), mul(c, d)) = finalExp(add(mulML(a, b), mulML(c, d)))
+ * ã™ãªã‚ã¡ç©å’Œæ¼”ç®—ã¯mulMLã—ãŸã‚‚ã®ã‚’足ã—ã¦ã‹ã‚‰æœ€å¾Œã«ä¸€åº¦finalExpã™ã‚‹ã®ãŒã‚ˆã„
+
+## ゼロ知識証明クラス
+
+### 概è¦
+* ZkpBin æš—å·æ–‡encGi(m)(i = 1, 2, T)ã«ã¤ã„ã¦m = 0ã¾ãŸã¯1ã§ã‚ã‚‹ã“ã¨ã‚’復å·ã›ãšã«æ¤œè¨¼ã§ãã‚‹
+* ZkpEq æš—å·æ–‡encG1(m1), encG2(m2)ã«ã¤ã„ã¦m1 = m2ã§ã‚ã‚‹ã“ã¨ã‚’検証ã§ãã‚‹
+* ZkpBinEq æš—å·æ–‡encG1(m1), encG2(m2)ã«ã¤ã„ã¦m1 = m2 = 0ã¾ãŸã¯1ã§ã‚ã‚‹ã“ã¨ã‚’検証ã§ãã‚‹
+
+### API
+PK = PublicKey or PrecomputedPublicKey
+
+* `void PK::encWithZkpBin(CipherTextG1& c, Zkp& zkp, int m) const`(C++)
+* `void PK::encWithZkpBin(CipherTextG2& c, Zkp& zkp, int m) const`(C++)
+* `[CipherTextG1, ZkpBin] PK::encWithZkpBinG1(m)`(JS)
+* `[CipherTextG2, ZkpBin] PK::encWithZkpBinG2(m)`(JS)
+ * m(=0 or 1)ã‚’æš—å·åŒ–ã—ã¦æš—å·æ–‡cã¨ã‚¼ãƒ­çŸ¥è­˜è¨¼æ˜Žzkpをセットã™ã‚‹(ã¾ãŸã¯[c, zkp]ã‚’è¿”ã™)
+ * mãŒ0ã§ã‚‚1ã§ã‚‚ãªã‘ã‚Œã°ä¾‹å¤–
+* `void PK::encWithZkpEq(CipherTextG1& c1, CipherTextG2& c2, ZkpEq& zkp, const INT& m) const`(C++)
+* `[CipherTextG1, CipherTextG2, ZkpEq] PK::encWithZkpEq(m)`(JS)
+ * mã‚’æš—å·åŒ–ã—ã¦æš—å·æ–‡c1, c2ã¨ã‚¼ãƒ­çŸ¥è­˜è¨¼æ˜Žzkpをセットã™ã‚‹(ã¾ãŸã¯[c1, c2, zkp]ã‚’è¿”ã™)
+* `void PK::encWithZkpBinEq(CipherTextG1& c1, CipherTextG2& c2, ZkpBinEq& zkp, int m) const`(C++)
+* `[CipherTextG1, CipherTextG2, ZkpEqBin] PK::encWithZkpBinEq(m)`(JS)
+ * m(=0 or 1)ã‚’æš—å·åŒ–ã—ã¦æš—å·æ–‡c1, c2ã¨ã‚¼ãƒ­çŸ¥è­˜è¨¼æ˜Žzkpをセットã™ã‚‹(ã¾ãŸã¯[c1, c2, zkp]ã‚’è¿”ã™)
+ * mãŒ0ã§ã‚‚1ã§ã‚‚ãªã‘ã‚Œã°ä¾‹å¤–
+
+## グローãƒãƒ«é–¢æ•°
+
+* `void init(const CurveParam& cp, size_t hashSize = 1024, size_t tryNum = 2048)`(C++)
+* `void init(curveType = she.BN254, hashSize = 1024, tryNum = 2048)`(JS)
+ * hashSizeã®å¤§ãã•ã®å¾©å·ç”¨ãƒ†ãƒ¼ãƒ–ルã¨tryNumã‚’å…ƒã«åˆæœŸåŒ–ã™ã‚‹
+ * 復å·å¯èƒ½ãªå¹³æ–‡mã®ç¯„囲ã¯|m| <= hashSize * tryNum
+* `she.loadTableForGTDLP(Uint8Array a)`(JS)
+ * 復å·ç”¨ãƒ†ãƒ¼ãƒ–ルを読ã¿è¾¼ã‚€
+ * ç¾åœ¨ã¯`https://herumi.github.io/she-dlp-table/she-dlp-0-20-gt.bin`ã®ã¿ãŒã‚ã‚‹
+* `void useDecG1ViaGT(bool use)`(C++/JS)
+* `void useDecG2ViaGT(bool use)`(C++/JS)
+ * CipherTextG1, CipherTextG2ã®å¾©å·ã‚’CipherTextGT経由ã§è¡Œã†
+ * 大ããªå€¤ã‚’復å·ã™ã‚‹ã¨ãã¯DLP用ã®å·¨å¤§ãªãƒ†ãƒ¼ãƒ–ルをãã‚Œãžã‚Œã«æŒã¤ã‚ˆã‚Šã‚‚GTã«é›†ç´„ã—ãŸæ–¹ãŒåŠ¹çŽ‡ãŒã‚ˆã„
+
+# ライセンス
+
+ã“ã®ãƒ©ã‚¤ãƒ–ラリã¯[修正BSDライセンス](https://github.com/herumi/mcl/blob/master/COPYRIGHT)ã§æä¾›ã•ã‚Œã¾ã™
+
+# 開発者
+
+å…‰æˆæ»‹ç”Ÿ MITSUNARI Shigeo(herumi@nifty.com)
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/she-api.md b/vendor/github.com/byzantine-lab/mcl/misc/she/she-api.md
new file mode 100644
index 000000000..af54311e9
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/she-api.md
@@ -0,0 +1,322 @@
+# she ; Two-level homomorphic encryption library for browser/Node.js by WebAssembly
+
+# Abstruct
+she is a somewhat(two-level) homomorphic encryption library,
+which is based on pairings.
+This library supports polynomially many homomorphic additions and
+one multiplication over encrypted data.
+
+Especially, the inner products of two encrypted integer vectors such as Enc(x) = (Enc(x_i)), Enc(y) = (Enc(y_i))
+can be computed.
+
+Sum_i Enc(x_i) Enc(y_i) = Enc(Sum_i x_i y_i).
+
+# Features
+* supports the latest pairing based algorithm
+ * [Efficient Two-level Homomorphic Encryption in Prime-order Bilinear Groups and A Fast Implementation in WebAssembly : ASIA CCS2018](http://asiaccs2018.org/?page_id=632)
+* supports Windows(x64), Linux(x64, ARM64), OSX(x64)
+* supports JavaScript(WebAssembly), Chrome, Firefox, Safari(contains Android, iPhone), Node.js
+
+# Classes
+
+## Main classes
+* secret key class ; SecretKey
+* public key class ; PublicKey
+* ciphertext class ; CipherTextG1, CipherTextG2, CipherTextGT
+* zero-knowledge proof class ; ZkpBin, ZkpEq, ZkpBinEq
+
+## Encryption and decryption
+* create the corresponding public key from a secret key
+* encrypt an integer(plaintext) with a public key
+* decrypt a ciphertext with a secret key
+
+## Homomorphic operations
+* homomorphic addtion/substraction over ciphertexts of the same ciphertext class
+* homomprphic multiplication over ciphertext of CipherTextG1 and CipherTextG2
+ * The class of the result is CipherTextGT.
+
+## Important notation of decryption
+* This library requires to solve a small DLP to decrypt a ciphertext.
+* The decryption timing is O(m/s), where s is the size of table to solve DLP, and m is the size fo a plaintext.
+* call `setRangeForDLP(s)` to set the table size.
+ * The maximun `m/s` is set by `setTryNum(tryNum)`.
+
+## Zero-knowledge proof class
+* A zero-knowledge proof is simultaneously created when encrypting a plaintext `m`.
+* The restriction according to `m` can be verified with a created zero-knowledge proof and a public key.
+
+# Setup for JavaScript(JS)
+
+## for Node.js
+
+```
+>npm install she-wasm
+>node
+>const she = require('she-wasm')
+```
+
+## for a browser
+
+Copy `she.js`, `she\_c.js`, `she\_c.wasm` to your directory from [she-wasm](https://github.com/herumi/she-wasm/),
+and read `she.js`.
+```
+// HTML
+<script src="she.js"></script>
+```
+
+## A sample for JS
+
+```
+// initialize a library
+she.init().then(() => {
+ const sec = new she.SecretKey()
+ // initialize a secret key by CSPRNG(cryptographically secure pseudo random number generator)
+ sec.setByCSPRNG()
+
+ // create a public key from a secret key
+ const pub = sec.getPublicKey()
+
+ const m1 = 1
+ const m2 = 2
+ const m3 = 3
+ const m4 = -1
+
+ // encrypt m1 and m2 as CipherTextG1 class
+ const c11 = pub.encG1(m1)
+ const c12 = pub.encG1(m2)
+
+ // encrypt m3 and m4 as CipherTextG2 class
+ const c21 = pub.encG2(m3)
+ const c22 = pub.encG2(m4)
+
+ // add c11 and c12, c21 and c22 respectively
+ const c1 = she.add(c11, c12)
+ const c2 = she.add(c21, c22)
+
+ // get ct as a CipherTextGT class by multiplying c1 with c2
+ const ct = she.mul(c1, c2)
+
+ // decrypt ct
+ console.log(`(${m1} + ${m2}) * (${m3} + ${m4}) = ${sec.dec(ct)}`)
+})
+```
+
+# A sample for C++
+How to build the library, see [mcl](https://github.com/herumi/mcl/#installation-requirements).
+```
+#include <mcl/she.hpp>
+int main()
+ try
+{
+ using namespace mcl::she;
+ // initialize a library
+ init();
+
+ SecretKey sec;
+
+ // initialize a secret key by CSPRNG
+ sec.setByCSPRNG();
+
+ // create a public key from a secret key
+ PublicKey pub;
+ sec.getPublicKey(pub);
+
+ int m1 = 1;
+ int m2 = 2;
+ int m3 = 3;
+ int m4 = -1;
+
+ // encrypt m1 and m2 as CipherTextG1 class
+ CipherTextG1 c11, c12;
+ pub.enc(c11, m1);
+ pub.enc(c12, m2);
+
+ // encrypt m3 and m4 as CipherTextG2 class
+ CipherTextG2 c21, c22;
+ pub.enc(c21, m3);
+ pub.enc(c22, m4);
+
+ // add c11 and c12, c21 and c22 respectively
+ CipherTextG1 c1;
+ CipherTextG2 c2;
+ CipherTextG1::add(c1, c11, c12);
+ CipherTextG2::add(c2, c21, c22);
+
+ // get ct as a CipherTextGT class by multiplying c1 with c2
+ CipherTextGT ct;
+ CipherTextGT::mul(ct, c1, c2);
+
+ // decrypt ct
+ printf("(%d + %d) * (%d + %d) = %d\n", m1, m2, m3, m4, (int)sec.dec(ct));
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+ return 1;
+}
+
+```
+# Class method
+
+## Serialization(C++)
+
+* `setStr(const std::string& str, int ioMode = 0)`
+ * set a value by `str` according to `ioMode`
+
+* `getStr(std::string& str, int ioMode = 0) const`
+* `std::string getStr(int ioMode = 0) const`
+ * get a string `str` according to `ioMode`
+* `size_t serialize(void *buf, size_t maxBufSize) const`
+ * serialize a value to buf which has maxBufSize byte size
+ * return the byte size to be written in `buf`
+ * return zero if error
+* `size_t deserialize(const void *buf, size_t bufSize)`
+ * deserialize a value from buf which has bufSize byte size
+ * return the byte size to be read from `buf`
+ * return zero if error
+
+## Serialization(JS)
+
+* `deserialize(s)`
+ * deserialize from `s` as Uint8Array type
+* `serialize()`
+ * serialize a value and return Uint8Array value
+* `deserializeHexStr(s)`
+ * deserialize as a hexadecimal string
+* `serializeToHexStr()`
+ * serialize as a hexadecimal string
+
+## ioMode
+
+* 2 ; binary number
+* 10 ; decimal number
+* 16 ; hexadecimal number
+* IoPrefix ; append a prefix 0b(resp. 2) or 0x(resp. 16)
+* IoEcAffine ; affine coordinate (for only G1, G2)
+* IoEcProj ; projective coordinate (for only G1, G2)
+* IoSerialize ; same as serialize()/deserialize()
+
+## Notation
+* the namespace of C++ is `mcl::she`
+* CT means one of CipherTextG1, CipherTextG2, CipherTextGT
+* The range of plaintext is rectricted as a 32-bit integer for JS
+
+## SecretKey class
+
+* `void setByCSPRNG()`(C++)
+* `void setByCSPRNG()`(JS)
+ * set a secret key by CSPRNG(cryptographically secure pseudo random number generator)
+
+* `int64_t dec(const CT& c) const`(C++)
+* `int dec(CT c)`(JS)
+ * decrypt `c`
+* `int64_t decViaGT(const CipherTextG1& c) const`(C++)
+* `int64_t decViaGT(const CipherTextG2& c) const`(C++)
+* `int decViaGT(CT c)`(JS)
+ * decrypt `c` through CipherTextGT
+* `bool isZero(const CT& c) const`(C++)
+* `bool isZero(CT c)`(JS)
+ * return true if decryption of `c` is zero
+ * it is faster than the timing of comparision with zero after decrypting `c`
+
+## PublicKey, PrecomputedPublicKey class
+`PrecomputedPublicKey` is a faster version of `PublicKey`
+
+* `void PrecomputedPublicKey::init(const PublicKey& pub)`(C++)
+* `void PrecomputedPublicKey::init(pub)`(JS)
+ * initialize `PrecomputedPublicKey` by a public key `pub`
+
+* `PrecomputedPublicKey::destroy()`(JS)
+ * It is necessary to call this method if this instance becomes unnecessary
+ * otherwise a memory leak will be caused
+
+PK means PublicKey or PrecomputedPublicKey
+
+* `void PK::enc(CT& c, int64_t m) const`(C++)
+* `CipherTextG1 PK::encG1(m)`(JS)
+* `CipherTextG2 PK::encG2(m)`(JS)
+* `CipherTextGT PK::encGT(m)`(JS)
+ * encrypt `m` and set `c`(or return the value)
+
+* `void PK::reRand(CT& c) const`(C++)
+* `CT PK::reRand(CT c)`(JS)
+ * rerandomize `c`
+ * For `c = Enc(m)`, the rerandomized ciphertext is hard to detect if it is generated by the rerandomization
+ or an encrypted `m` freshly again.
+
+* `void convert(CipherTextGT& cm, const CT& ca) const`
+* `CipherTextGT convert(CT ca)`
+ * convert `ca`(CipherTextG1 or CipherTextG2) to `CipherTextGT` class
+
+## CipherText class
+
+* `void CT::add(CT& z, const CT& x const CT& y)`(C++)
+* `CT she.add(CT x, CT y)`(JS)
+ * add `x` and `y` and set the value to `z`(or return the value)
+* `void CT::sub(CT& z, const CT& x const CT& y)`(C++)
+* `CT she.sub(CT x, CT y)`(JS)
+ * subtract `x` and `y` and set the value to `z`(or return the value)
+* `void CT::neg(CT& y, const CT& x)`(C++)
+* `void she.neg(CT x)`(JS)
+ * negate `x` and set the value to `y`(or return the value)
+* `void CT::mul(CT& z, const CT& x, int y)`(C++)
+* `CT she.mulInt(CT x, int y)`(JS)
+ * multiple `x` and `y` and set the value `y`(or return the value)
+
+* `void CipherTextGT::mul(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)`(C++)
+* `CipherTextGT she.mul(CipherTextG1 x, CipherTextG2 y)`(JS)
+ * multiple `x` and `y` and set the value `y`(or return the value)
+
+* `void CipherTextGT::mulML(CipherTextGT& z, const CipherTextG1& x, const CipherTextG2& y)`(C++)
+ * multiple(only Miller Loop) `x` and `y` and set the value `y`(or return the value)
+
+* `CipherTextGT::finalExp(CipherText& , const CipherTextG1& x, const CipherTextG2& y)`(C++)
+ * mul(a, b) = finalExp(mulML(a, b))
+ * add(mul(a, b), mul(c, d)) = finalExp(add(mulML(a, b), mulML(c, d)))
+ * i.e., innor product can be computed as once calling `finalExp` after computing `mulML` for each elements of two vectors and adding all
+
+## Zero knowledge proof class
+
+### Abstract
+* ZkpBin ; verify whether `m = 0` or `1` for ciphertexts `encGi(m)(i = 1, 2, T)`
+* ZkpEq ; verify whether `m1 = m2` for ciphertexts `encG1(m1)` and `encG2(m2)`
+* ZkpBinEq ; verify whether `m1 = m2 = 0` or `1` for ciphertexts `encG1(m1)` and `encG2(m2)`
+
+### API
+PK = PublicKey or PrecomputedPublicKey
+
+* `void PK::encWithZkpBin(CipherTextG1& c, Zkp& zkp, int m) const`(C++)
+* `void PK::encWithZkpBin(CipherTextG2& c, Zkp& zkp, int m) const`(C++)
+* `[CipherTextG1, ZkpBin] PK::encWithZkpBinG1(m)`(JS)
+* `[CipherTextG2, ZkpBin] PK::encWithZkpBinG2(m)`(JS)
+ * encrypt `m`(=0 or 1) and set the ciphertext `c` and zero-knowledge proof `zkp`(or returns [c, zkp])
+ * throw exception if m != 0 and m != 1
+* `void PK::encWithZkpEq(CipherTextG1& c1, CipherTextG2& c2, ZkpEq& zkp, const INT& m) const`(C++)
+* `[CipherTextG1, CipherTextG2, ZkpEq] PK::encWithZkpEq(m)`(JS)
+ * encrypt `m` and set the ciphertext `c1`, `c2` and zero-knowledge proof `zk`(or returns [c1, c2, zkp])
+* `void PK::encWithZkpBinEq(CipherTextG1& c1, CipherTextG2& c2, ZkpBinEq& zkp, int m) const`(C++)
+* `[CipherTextG1, CipherTextG2, ZkpEqBin] PK::encWithZkpBinEq(m)`(JS)
+ * encrypt `m`(=0 or 1) and set ciphertexts `c1`, `c2` and zero-knowledge proof `zkp`(or returns [c1, c2, zkp])
+ * throw exception if m != 0 and m != 1
+
+## Global functions
+
+* `void init(const CurveParam& cp, size_t hashSize = 1024, size_t tryNum = 2048)`(C++)
+* `void init(curveType = she.BN254, hashSize = 1024, tryNum = 2048)`(JS)
+ * initialize a table to solve a DLP with `hashSize` size and set maximum trying count `tryNum`.
+ * the range `m` to be solvable is |m| <= hashSize * tryNum
+* `getHashTableGT().load(InputStream& is)`(C++)
+* `she.loadTableForGTDLP(Uint8Array a)`(JS)
+ * load a DLP table for CipherTextGT
+ * reset the value of `hashSize` used in `init()`
+ * `https://herumi.github.io/she-dlp-table/she-dlp-0-20-gt.bin` is a precomputed table
+* `void useDecG1ViaGT(bool use)`(C++/JS)
+* `void useDecG2ViaGT(bool use)`(C++/JS)
+ * decrypt a ciphertext of CipherTextG1 and CipherTextG2 through CipherTextGT
+ * it is better when decrypt a big value
+
+# License
+
+[modified new BSD License](https://github.com/herumi/mcl/blob/master/COPYRIGHT)
+
+# Author
+
+å…‰æˆæ»‹ç”Ÿ MITSUNARI Shigeo(herumi@nifty.com)
diff --git a/vendor/github.com/byzantine-lab/mcl/misc/she/she.pdf b/vendor/github.com/byzantine-lab/mcl/misc/she/she.pdf
new file mode 100644
index 000000000..355a308b3
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/misc/she/she.pdf
Binary files differ
diff --git a/vendor/github.com/byzantine-lab/mcl/mk.bat b/vendor/github.com/byzantine-lab/mcl/mk.bat
new file mode 100644
index 000000000..19eb84197
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/mk.bat
@@ -0,0 +1,20 @@
+@echo off
+call setvar.bat
+if "%1"=="-s" (
+ echo use static lib
+ set CFLAGS=%CFLAGS% /DMCLBN_DONT_EXPORT
+) else if "%1"=="-d" (
+ echo use dynamic lib
+) else (
+ echo "mk (-s|-d) <source file>"
+ goto exit
+)
+set SRC=%2
+set EXE=%SRC:.cpp=.exe%
+set EXE=%EXE:.c=.exe%
+set EXE=%EXE:test\=bin\%
+set EXE=%EXE:sample\=bin\%
+echo cl %CFLAGS% %2 /Fe:%EXE% /link %LDFLAGS%
+cl %CFLAGS% %2 /Fe:%EXE% /link %LDFLAGS%
+
+:exit
diff --git a/vendor/github.com/byzantine-lab/mcl/mklib.bat b/vendor/github.com/byzantine-lab/mcl/mklib.bat
new file mode 100644
index 000000000..389b69009
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/mklib.bat
@@ -0,0 +1,39 @@
+@echo off
+call setvar.bat
+if "%1"=="dll" (
+ echo make dynamic library DLL
+) else (
+ echo make static library LIB
+)
+rem nasm -f win64 -D_WIN64 src\asm\low_x86-64.asm
+rem lib /OUT:lib\mcl.lib /nodefaultlib fp.obj src\asm\low_x86-64.obj
+
+echo cl /c %CFLAGS% src\fp.cpp /Foobj\fp.obj
+ cl /c %CFLAGS% src\fp.cpp /Foobj\fp.obj
+echo lib /nologo /OUT:lib\mcl.lib /nodefaultlib obj\fp.obj
+ lib /nologo /OUT:lib\mcl.lib /nodefaultlib obj\fp.obj
+
+if "%1"=="dll" (
+ echo cl /c %CFLAGS% src\bn_c256.cpp /Foobj\bn_c256.obj
+ cl /c %CFLAGS% src\bn_c256.cpp /Foobj\bn_c256.obj /DMCLBN_NO_AUTOLINK
+ echo link /nologo /DLL /OUT:bin\mclbn256.dll obj\bn_c256.obj obj\fp.obj %LDFLAGS% /implib:lib\mclbn256.lib
+ link /nologo /DLL /OUT:bin\mclbn256.dll obj\bn_c256.obj obj\fp.obj %LDFLAGS% /implib:lib\mclbn256.lib
+
+ echo cl /c %CFLAGS% src\bn_c384.cpp /Foobj\bn_c384.obj
+ cl /c %CFLAGS% src\bn_c384.cpp /Foobj\bn_c384.obj /DMCLBN_NO_AUTOLINK
+ echo link /nologo /DLL /OUT:bin\mclbn384.dll obj\bn_c384.obj obj\fp.obj %LDFLAGS% /implib:lib\mclbn384.lib
+ link /nologo /DLL /OUT:bin\mclbn384.dll obj\bn_c384.obj obj\fp.obj %LDFLAGS% /implib:lib\mclbn384.lib
+
+ echo cl /c %CFLAGS% src\she_c256.cpp /Foobj\she_c256.obj /DMCLBN_NO_AUTOLINK
+ cl /c %CFLAGS% src\she_c256.cpp /Foobj\she_c256.obj /DMCLBN_NO_AUTOLINK
+ echo link /nologo /DLL /OUT:bin\mclshe256.dll obj\she_c256.obj obj\fp.obj %LDFLAGS% /implib:lib\mclshe_c256.lib
+ link /nologo /DLL /OUT:bin\mclshe256.dll obj\she_c256.obj obj\fp.obj %LDFLAGS% /implib:lib\mclshe_c256.lib
+) else (
+ echo cl /c %CFLAGS% src\bn_c256.cpp /Foobj\bn_c256.obj
+ cl /c %CFLAGS% src\bn_c256.cpp /Foobj\bn_c256.obj
+ lib /nologo /OUT:lib\mclbn256.lib /nodefaultlib obj\bn_c256.obj lib\mcl.lib
+
+ echo cl /c %CFLAGS% src\bn_c384.cpp /Foobj\bn_c384.obj
+ cl /c %CFLAGS% src\bn_c384.cpp /Foobj\bn_c384.obj
+ lib /nologo /OUT:lib\mclbn384.lib /nodefaultlib obj\bn_c384.obj lib\mcl.lib
+)
diff --git a/vendor/github.com/byzantine-lab/mcl/obj/.emptydir b/vendor/github.com/byzantine-lab/mcl/obj/.emptydir
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/obj/.emptydir
diff --git a/vendor/github.com/byzantine-lab/mcl/readme.md b/vendor/github.com/byzantine-lab/mcl/readme.md
new file mode 100644
index 000000000..39b3d4d42
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/readme.md
@@ -0,0 +1,457 @@
+[![Build Status](https://travis-ci.org/herumi/mcl.png)](https://travis-ci.org/herumi/mcl)
+
+# mcl
+
+A portable and fast pairing-based cryptography library.
+
+# Abstract
+
+mcl is a library for pairing-based cryptography.
+The current version supports the optimal Ate pairing over BN curves and BLS12-381 curves.
+
+# News
+* (Break backward compatibility) libmcl_dy.a is renamed to libmcl.a
+ * The option SHARE_BASENAME_SUF is removed
+* 2nd argument of `mclBn_init` is changed from `maxUnitSize` to `compiledTimeVar`, which must be `MCLBN_COMPILED_TIME_VAR`.
+* break backward compatibility of mapToGi for BLS12. A map-to-function for BN is used.
+If `MCL_USE_OLD_MAPTO_FOR_BLS12` is defined, then the old function is used, but this will be removed in the future.
+
+# Support architecture
+
+* x86-64 Windows + Visual Studio
+* x86, x86-64 Linux + gcc/clang
+* ARM Linux
+* ARM64 Linux
+* (maybe any platform to be supported by LLVM)
+* WebAssembly
+
+# Support curves
+
+p(z) = 36z^4 + 36z^3 + 24z^2 + 6z + 1.
+
+* BN254 ; a BN curve over the 254-bit prime p(z) where z = -(2^62 + 2^55 + 1).
+* BN\_SNARK1 ; a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity.
+* BN381\_1 ; a BN curve over the 381-bit prime p(z) where z = -(2^94 + 2^76 + 2^72 + 1).
+* BN462 ; a BN curve over the 462-bit prime p(z) where z = 2^114 + 2^101 - 2^14 - 1.
+* BLS12\_381 ; [a BLS12-381 curve](https://blog.z.cash/new-snark-curve/)
+
+# Benchmark
+
+## The latest benchmark(2018/11/7)
+
+### Intel Core i7-6700 3.4GHz(Skylake), Ubuntu 18.04.1 LTS
+
+curveType | binary|clang-6.0.0|gcc-7.3.0|
+----------|--------------------|-----------|---------|
+BN254 | bin/bn\_test.exe| 882Kclk| 933Kclk|
+BLS12-381 | bin/bls12\_test.exe| 2290Kclk| 2630Kclk|
+
+### Intel Core i7-7700 3.6GHz(Kaby Lake), Ubuntu 18.04.1 LTS on Windows 10 Vmware
+
+curveType | binary|clang-6.0.0|gcc-7.3.0|
+----------|--------------------|-----------|---------|
+BN254 | bin/bn\_test.exe| 900Kclk| 954Kclk|
+BLS12-381 | bin/bls12\_test.exe| 2340Kclk| 2680Kclk|
+
+* now investigating the reason why gcc is slower than clang.
+
+## Higher-bit BN curve benchmark
+
+For JavaScript(WebAssembly), see [ID based encryption demo](https://herumi.github.io/mcl-wasm/ibe-demo.html).
+
+paramter | x64| Firefox on x64|Safari on iPhone7|
+-----------|-----|---------------|-----------------|
+BN254 | 0.25| 2.48| 4.78|
+BN381\_1 | 0.95| 7.91| 11.74|
+BN462 | 2.16| 14.73| 22.77|
+
+* x64 : 'Kaby Lake Core i7-7700(3.6GHz)'.
+* Firefox : 64-bit version 58.
+* iPhone7 : iOS 11.2.1.
+* BN254 is by `test/bn_test.cpp`.
+* BN381\_1 and BN462 are by `test/bn512_test.cpp`.
+* All the timings are given in ms(milliseconds).
+
+The other benchmark results are [bench.txt](bench.txt).
+
+## An old benchmark of a BN curve BN254(2016/12/25).
+
+* x64, x86 ; Inte Core i7-6700 3.4GHz(Skylake) upto 4GHz on Ubuntu 16.04.
+ * `sudo cpufreq-set -g performance`
+* arm ; 900MHz quad-core ARM Cortex-A7 on Raspberry Pi2, Linux 4.4.11-v7+
+* arm64 ; 1.2GHz ARM Cortex-A53 [HiKey](http://www.96boards.org/product/hikey/)
+
+software | x64| x86| arm|arm64(msec)
+---------------------------------------------------------|------|-----|----|-----
+[ate-pairing](https://github.com/herumi/ate-pairing) | 0.21 | - | - | -
+mcl | 0.31 | 1.6 |22.6| 3.9
+[TEPLA](http://www.cipher.risk.tsukuba.ac.jp/tepla/) | 1.76 | 3.7 | 37 | 17.9
+[RELIC](https://github.com/relic-toolkit/relic) PRIME=254| 0.30 | 3.5 | 36 | -
+[MIRACL](https://github.com/miracl/MIRACL) ake12bnx | 4.2 | - | 78 | -
+[NEONabe](http://sandia.cs.cinvestav.mx/Site/NEONabe) | - | - | 16 | -
+
+* compile option for RELIC
+```
+cmake -DARITH=x64-asm-254 -DFP_PRIME=254 -DFPX_METHD="INTEG;INTEG;LAZYR" -DPP_METHD="LAZYR;OATEP"
+```
+
+# Installation Requirements
+
+* [GMP](https://gmplib.org/) and OpenSSL
+```
+apt install libgmp-dev libssl-dev
+```
+
+Create a working directory (e.g., work) and clone the following repositories.
+```
+mkdir work
+cd work
+git clone git://github.com/herumi/mcl
+git clone git://github.com/herumi/cybozulib_ext ; for only Windows
+```
+* Cybozulib\_ext is a prerequisite for running OpenSSL and GMP on VC (Visual C++).
+
+# (Option) Without GMP
+```
+make MCL_USE_GMP=0
+```
+Define `MCL_USE_VINT` before including `bn.hpp`
+
+# (Option) Without Openssl
+```
+make MCL_USE_OPENSSL=0
+```
+Define `MCL_DONT_USE_OPENSSL` before including `bn.hpp`
+
+# Build and test on x86-64 Linux, macOS, ARM and ARM64 Linux
+To make lib/libmcl.a and test it:
+```
+cd work/mcl
+make test
+```
+To benchmark a pairing:
+```
+bin/bn_test.exe
+```
+To make sample programs:
+```
+make sample
+```
+
+if you want to change compiler options for optimization, then set `CFLAGS_OPT_USER`.
+```
+make CLFAGS_OPT_USER="-O2"
+```
+
+## Build for 32-bit Linux
+Build openssl and gmp for 32-bit mode and install `<lib32>`
+```
+make ARCH=x86 CFLAGS_USER="-I <lib32>/include" LDFLAGS_USER="-L <lib32>/lib -Wl,-rpath,<lib32>/lib"
+```
+
+## Build for 64-bit Windows
+1) make static library and use it
+
+```
+mklib
+mk -s test\bn_c256_test.cpp
+bin\bn_c256_test.exe
+```
+2) make dynamic library and use it
+
+```
+mklib dll
+mk -d test\bn_c256_test.cpp
+bin\bn_c256_test.exe
+```
+
+open mcl.sln and build or if you have msbuild.exe
+```
+msbuild /p:Configuration=Release
+```
+
+## Build with cmake
+For Linux,
+```
+mkdir build
+cd build
+cmake ..
+make
+```
+For Visual Studio,
+```
+mkdir build
+cd build
+cmake .. -A x64
+msbuild mcl.sln /p:Configuration=Release /m
+```
+## Build for wasm(WebAssembly)
+mcl supports emcc (Emscripten) and `test/bn_test.cpp` runs on browers such as Firefox, Chrome and Edge.
+
+* [IBE on browser](https://herumi.github.io/mcl-wasm/ibe-demo.html)
+* [SHE on browser](https://herumi.github.io/she-wasm/she-demo.html)
+* [BLS signature on brower](https://herumi.github.io/bls-wasm/bls-demo.html)
+
+The timing of a pairing on `BN254` is 2.8msec on 64-bit Firefox with Skylake 3.4GHz.
+
+### Node.js
+
+* [mcl-wasm](https://www.npmjs.com/package/mcl-wasm) pairing library
+* [bls-wasm](https://www.npmjs.com/package/bls-wasm) BLS signature library
+* [she-wasm](https://www.npmjs.com/package/she-wasm) 2 Level Homomorphic Encryption library
+
+### SELinux
+mcl uses Xbyak JIT engine if it is available on x64 architecture,
+otherwise mcl uses a little slower functions generated by LLVM.
+The default mode enables SELinux security policy on CentOS, then JIT is disabled.
+```
+% sudo setenforce 1
+% getenforce
+Enforcing
+% bin/bn_test.exe
+JIT 0
+pairing 1.496Mclk
+finalExp 581.081Kclk
+
+% sudo setenforce 0
+% getenforce
+Permissive
+% bin/bn_test.exe
+JIT 1
+pairing 1.394Mclk
+finalExp 546.259Kclk
+```
+
+# Libraries
+
+* G1 and G2 is defined over Fp
+* The order of G1 and G2 is r.
+* Use `bn256.hpp` if only BN254 is used.
+
+## C++ library
+
+* libmcl.a ; static C++ library of mcl
+* libmcl.so ; shared C++ library of mcl
+* the default parameter of curveType is BN254
+
+header |support curveType |sizeof Fr|sizeof Fp|
+--------------|-------------------------|---------|---------|
+bn256.hpp |BN254 | 32 | 32 |
+bls12_381.hpp |BLS12_381, BN254 | 32 | 48 |
+bn384.hpp |BN381_1, BLS12_381, BN254| 48 | 48 |
+
+## C library
+
+* Define `MCLBN_FR_UNIT_SIZE` and `MCLBN_FP_UNIT_SIZE` and include bn.h
+* set `MCLBN_FR_UNIT_SIZE = MCLBN_FP_UNIT_SIZE` unless `MCLBN_FR_UNIT_SIZE` is defined
+
+
+library |MCLBN_FR_UNIT_SIZE|MCLBN_FP_UNIT_SIZE|
+------------------|------------------|------------------|
+sizeof | Fr | Fp |
+libmclbn256.a | 4 | 4 |
+libmclbn384_256.a | 4 | 6 |
+libmclbn384.a | 6 | 6 |
+
+
+* libmclbn*.a ; static C library
+* libmclbn*.so ; shared C library
+
+### 2nd argument of `mclBn_init`
+Specify `MCLBN_COMPILED_TIME_VAR` to 2nd argument of `mclBn_init`, which
+is defined as `MCLBN_FR_UNIT_SIZE * 10 + MCLBN_FP_UNIT_SIZE`.
+This parameter is used to make sure that the values are the same when the library is built and used.
+
+# How to initialize pairing library
+Call `mcl::bn256::initPairing` before calling any operations.
+```
+#include <mcl/bn256.hpp>
+mcl::bn::CurveParam cp = mcl::BN254; // or mcl::BN_SNARK1
+mcl::bn256::initPairing(cp);
+mcl::bn256::G1 P(...);
+mcl::bn256::G2 Q(...);
+mcl::bn256::Fp12 e;
+mcl::bn256::pairing(e, P, Q);
+```
+1. (BN254) a BN curve over the 254-bit prime p = p(z) where z = -(2^62 + 2^55 + 1).
+2. (BN_SNARK1) a BN curve over a 254-bit prime p such that n := p + 1 - t has high 2-adicity.
+3. BN381_1 with `mcl/bn384.hpp`.
+4. BN462 with `mcl/bn512.hpp`.
+
+See [test/bn_test.cpp](https://github.com/herumi/mcl/blob/master/test/bn_test.cpp).
+
+## Default constructor of Fp, Ec, etc.
+A default constructor does not initialize the instance.
+Set a valid value before reffering it.
+
+## Definition of groups
+
+The curve equation for a BN curve is:
+
+ E/Fp: y^2 = x^3 + b .
+
+* the cyclic group G1 is instantiated as E(Fp)[n] where n := p + 1 - t;
+* the cyclic group G2 is instantiated as the inverse image of E'(Fp^2)[n] under a twisting isomorphism phi from E' to E; and
+* the pairing e: G1 x G2 -> Fp12 is the optimal ate pairing.
+
+The field Fp12 is constructed via the following tower:
+
+* Fp2 = Fp[u] / (u^2 + 1)
+* Fp6 = Fp2[v] / (v^3 - Xi) where Xi = u + 1
+* Fp12 = Fp6[w] / (w^2 - v)
+* GT = { x in Fp12 | x^r = 1 }
+
+
+## Arithmetic operations
+
+G1 and G2 is additive group and has the following operations:
+
+* T::add(T& z, const T& x, const T& y); // z = x + y
+* T::sub(T& z, const T& x, const T& y); // z = x - y
+* T::neg(T& y, const T& x); // y = -x
+* T::mul(T& z, const T& x, const INT& y); // z = y times scalar multiplication of x
+
+Remark: &z == &x or &y are allowed. INT means integer type such as Fr, int and mpz_class.
+
+`T::mul` uses GLV method then `G2::mul` returns wrong value if x is not in G2.
+Use `T::mulGeneric(T& z, const T& x, const INT& y)` for x in phi^-1(E'(Fp^2)) - G2.
+
+Fp, Fp2, Fp6 and Fp12 have the following operations:
+
+* T::add(T& z, const T& x, const T& y); // z = x + y
+* T::sub(T& z, const T& x, const T& y); // z = x - y
+* T::mul(T& z, const T& x, const T& y); // z = x * y
+* T::div(T& z, const T& x, const T& y); // z = x / y
+* T::neg(T& y, const T& x); // y = -x
+* T::inv(T& y, const T& x); // y = 1/x
+* T::pow(T& z, const T& x, const INT& y); // z = x^y
+* Fp12::unitaryInv(T& y, const T& x); // y = conjugate of x
+
+Remark: `Fp12::mul` uses GLV method then returns wrong value if x is not in GT.
+Use `Fp12::mulGeneric` for x in Fp12 - GT.
+
+## Map To points
+
+Use these functions to make a point of G1 and G2.
+
+* mapToG1(G1& P, const Fp& x); // assume x != 0
+* mapToG2(G2& P, const Fp2& x);
+* hashAndMapToG1(G1& P, const void *buf, size_t bufSize); // set P by the hash value of [buf, bufSize)
+* hashAndMapToG2(G2& P, const void *buf, size_t bufSize);
+
+These functions maps x into Gi according to [\[_Faster hashing to G2_\]].
+
+## String format of G1 and G2
+G1 and G2 have three elements of Fp (x, y, z) for Jacobi coordinate.
+normalize() method normalizes it to affine coordinate (x, y, 1) or (0, 0, 0).
+
+getStr() method gets
+
+* `0` ; infinity
+* `1 <x> <y>` ; not compressed format
+* `2 <x>` ; compressed format for even y
+* `3 <x>` ; compressed format for odd y
+
+## Generator of G1 and G2
+
+If you want to use the same generators of BLS12-381 with [zkcrypto](https://github.com/zkcrypto/pairing/tree/master/src/bls12_381#g2) then,
+
+```
+// G1 P
+P.setStr('1 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507 1339506544944476473020471379941921221584933875938349620426543736416511423956333506472724655353366534992391756441569')
+
+// G2 Q
+Q.setStr('1 352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905 927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582')
+```
+
+## Serialization format of G1 and G2
+
+pseudo-code to serialize of p
+```
+if bit-length(p) % 8 != 0:
+ size = Fp::getByteSize()
+ if p is zero:
+ return [0] * size
+ else:
+ s = x.serialize()
+ # x in Fp2 is odd <=> x.a is odd
+ if y is odd:
+ s[byte-length(s) - 1] |= 0x80
+ return s
+else:
+ size = Fp::getByteSize() + 1
+ if p is zero:
+ return [0] * size
+ else:
+ s = x.serialize()
+ if y is odd:
+ return 2:s
+ else:
+ return 3:s
+```
+
+## Verify an element in G2
+`G2::isValid()` checks that the element is in the curve of G2 and the order of it is r for subgroup attack.
+`G2::set()`, `G2::setStr` and `operator<<` also check the order.
+If you check it out of the library, then you can stop the verification by calling `G2::verifyOrderG2(false)`.
+
+# How to make asm files (optional)
+The asm files generated by this way are already put in `src/asm`, then it is not necessary to do this.
+
+Install [LLVM](http://llvm.org/).
+```
+make MCL_USE_LLVM=1 LLVM_VER=<llvm-version> UPDATE_ASM=1
+```
+For example, specify `-3.8` for `<llvm-version>` if `opt-3.8` and `llc-3.8` are installed.
+
+If you want to use Fp with 1024-bit prime on x86-64, then
+```
+make MCL_USE_LLVM=1 LLVM_VER=<llvm-version> UPDATE_ASM=1 MCL_MAX_BIT_SIZE=1024
+```
+
+# API for Two level homomorphic encryption
+* [_Efficient Two-level Homomorphic Encryption in Prime-order Bilinear Groups and A Fast Implementation in WebAssembly_](https://dl.acm.org/citation.cfm?doid=3196494.3196552), N. Attrapadung, G. Hanaoka, S. Mitsunari, Y. Sakai,
+K. Shimizu, and T. Teruya. ASIACCS 2018
+* [she-api](https://github.com/herumi/mcl/blob/master/misc/she/she-api.md)
+* [she-api(Japanese)](https://github.com/herumi/mcl/blob/master/misc/she/she-api-ja.md)
+
+# Java API
+See [java.md](https://github.com/herumi/mcl/blob/master/java/java.md)
+
+# License
+
+modified new BSD License
+http://opensource.org/licenses/BSD-3-Clause
+
+This library contains some part of the followings software licensed by BSD-3-Clause.
+* [xbyak](https://github.com/heurmi/xbyak)
+* [cybozulib](https://github.com/heurmi/cybozulib)
+* [Lifted-ElGamal](https://github.com/aistcrypt/Lifted-ElGamal)
+
+# References
+* [ate-pairing](https://github.com/herumi/ate-pairing/)
+* [_Faster Explicit Formulas for Computing Pairings over Ordinary Curves_](http://dx.doi.org/10.1007/978-3-642-20465-4_5),
+ D.F. Aranha, K. Karabina, P. Longa, C.H. Gebotys, J. Lopez,
+ EUROCRYPTO 2011, ([preprint](http://eprint.iacr.org/2010/526))
+* [_High-Speed Software Implementation of the Optimal Ate Pairing over Barreto-Naehrig Curves_](http://dx.doi.org/10.1007/978-3-642-17455-1_2),
+ Jean-Luc Beuchat, Jorge Enrique González Díaz, Shigeo Mitsunari, Eiji Okamoto, Francisco Rodríguez-Henríquez, Tadanori Teruya,
+ Pairing 2010, ([preprint](http://eprint.iacr.org/2010/354))
+* [_Faster hashing to G2_](http://dx.doi.org/10.1007/978-3-642-28496-0_25),Laura Fuentes-Castañeda, Edward Knapp, Francisco Rodríguez-Henríquez,
+ SAC 2011, ([preprint](https://eprint.iacr.org/2008/530))
+* [_Skew Frobenius Map and Efficient Scalar Multiplication for Pairing–Based Cryptography_](https://www.researchgate.net/publication/221282560_Skew_Frobenius_Map_and_Efficient_Scalar_Multiplication_for_Pairing-Based_Cryptography),
+Y. Sakemi, Y. Nogami, K. Okeya, Y. Morikawa, CANS 2008.
+
+# History
+
+* 2019/Mar/22 v0.92 shortcut for Ec::mul(Px, P, x) if P = 0
+* 2019/Mar/21 python binding of she256 for Linux/Mac/Windows
+* 2019/Mar/14 v0.91 modp supports mcl-wasm
+* 2019/Mar/12 v0.90 fix Vint::setArray(x) for x == this
+* 2019/Mar/07 add mclBnFr_setLittleEndianMod, mclBnFp_setLittleEndianMod
+* 2019/Feb/20 LagrangeInterpolation sets out = yVec[0] if k = 1
+* 2019/Jan/31 add mclBnFp_mapToG1, mclBnFp2_mapToG2
+* 2019/Jan/31 fix crash on x64-CPU without AVX (thanks to mortdeus)
+
+# Author
+
+å…‰æˆæ»‹ç”Ÿ MITSUNARI Shigeo(herumi@nifty.com)
diff --git a/vendor/github.com/byzantine-lab/mcl/release.props b/vendor/github.com/byzantine-lab/mcl/release.props
new file mode 100644
index 000000000..886ce6890
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/release.props
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ImportGroup Label="PropertySheets" />
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup />
+ <ItemDefinitionGroup>
+ <ClCompile>
+ <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+ </ClCompile>
+ </ItemDefinitionGroup>
+ <ItemGroup />
+</Project> \ No newline at end of file
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/bench.cpp b/vendor/github.com/byzantine-lab/mcl/sample/bench.cpp
new file mode 100644
index 000000000..0f865b189
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/bench.cpp
@@ -0,0 +1,233 @@
+#include <cybozu/benchmark.hpp>
+#include <cybozu/option.hpp>
+#include <cybozu/xorshift.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/conversion.hpp>
+#include <mcl/ecparam.hpp>
+
+typedef mcl::FpT<> Fp;
+typedef mcl::FpT<mcl::ZnTag> Zn;
+typedef mcl::EcT<Fp> Ec;
+
+void benchFpSub(const char *pStr, const char *xStr, const char *yStr, mcl::fp::Mode mode)
+{
+ const char *s = mcl::fp::ModeToStr(mode);
+ Fp::init(pStr, mode);
+ Fp x(xStr);
+ Fp y(yStr);
+
+ double addT, subT, mulT, sqrT, invT;
+ CYBOZU_BENCH_T(addT, Fp::add, x, x, x);
+ CYBOZU_BENCH_T(subT, Fp::sub, x, x, y);
+ CYBOZU_BENCH_T(mulT, Fp::mul, x, x, x);
+ CYBOZU_BENCH_T(sqrT, Fp::sqr, x, x);
+ CYBOZU_BENCH_T(invT, x += y;Fp::inv, x, x); // avoid same jmp
+ printf("%10s bit % 3d add %8.2f sub %8.2f mul %8.2f sqr %8.2f inv %8.2f\n", s, (int)Fp::getBitSize(), addT, subT, mulT, sqrT, invT);
+}
+
+void benchFp(size_t bitSize, int mode)
+{
+ const struct {
+ size_t bitSize;
+ const char *p;
+ const char *x;
+ const char *y;
+ } tbl[] = {
+ {
+ 192,
+ "0xfffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+ "0x148094810948190412345678901234567900342423332197",
+ "0x7fffffffffffffffffffffe26f2fc170f69466a74defd8d",
+ },
+ {
+ 256,
+ "0x2523648240000001ba344d80000000086121000000000013a700000000000013",
+ "0x1480948109481904123456789234234242423424201234567900342423332197",
+ "0x151342342342341517fffffffffffffffffffffe26f2fc170f69466a74defd8d",
+ },
+ {
+ 384,
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff",
+ "0x19481084109481094820948209482094820984290482212345678901234567900342308472047204720422423332197",
+ "0x209348209481094820984209842094820948204204243123456789012345679003423084720472047204224233321972",
+
+ },
+ {
+ 521,
+ "0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+ "0x2908209582095820941098410948109482094820984209840294829049240294242498540975555312345678901234567900342308472047204720422423332197",
+ "0x3948384209834029834092384204920349820948205872380573205782385729385729385723985837ffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+
+ },
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ if (bitSize != 0 && tbl[i].bitSize != bitSize) continue;
+ if (mode & 1) benchFpSub(tbl[i].p, tbl[i].x, tbl[i].y, mcl::fp::FP_GMP);
+ if (mode & 2) benchFpSub(tbl[i].p, tbl[i].x, tbl[i].y, mcl::fp::FP_GMP_MONT);
+#ifdef MCL_USE_LLVM
+ if (mode & 4) benchFpSub(tbl[i].p, tbl[i].x, tbl[i].y, mcl::fp::FP_LLVM);
+ if (mode & 8) benchFpSub(tbl[i].p, tbl[i].x, tbl[i].y, mcl::fp::FP_LLVM_MONT);
+#endif
+#ifdef MCL_USE_XBYAK
+ if (mode & 16) benchFpSub(tbl[i].p, tbl[i].x, tbl[i].y, mcl::fp::FP_XBYAK);
+#endif
+ }
+}
+
+void benchEcSub(const mcl::EcParam& para, mcl::fp::Mode mode, mcl::ec::Mode ecMode)
+{
+ Fp::init(para.p, mode);
+ Zn::init(para.n);
+ Ec::init(para.a, para.b, ecMode);
+ Fp x(para.gx);
+ Fp y(para.gy);
+ Ec P(x, y);
+ Ec P2; Ec::add(P2, P, P);
+ Ec Q = P + P + P;
+ double addT, add2T, subT, dblT, mulT, mulCTT, mulRandT, mulCTRandT, normT;
+ CYBOZU_BENCH_T(addT, P = P2; Ec::add, Q, P, Q);
+ P.normalize();
+ CYBOZU_BENCH_T(add2T, Ec::add, Q, P, Q);
+ CYBOZU_BENCH_T(subT, Ec::sub, Q, P, Q);
+ CYBOZU_BENCH_T(dblT, Ec::dbl, P, P);
+ Zn z("3");
+ CYBOZU_BENCH_T(mulT, Ec::mul, Q, P, z);
+ CYBOZU_BENCH_T(mulCTT, Ec::mulCT, Q, P, z);
+ cybozu::XorShift rg;
+ z.setRand(rg);
+ CYBOZU_BENCH_T(mulRandT, Ec::mul, Q, P, z);
+ CYBOZU_BENCH_T(mulCTRandT, Ec::mulCT, Q, P, z);
+ CYBOZU_BENCH_T(normT, Q = P; Q.normalize);
+ printf("%10s %10s add %8.2f add2 %8.2f sub %8.2f dbl %8.2f mul(3) %8.2f mulCT(3) %8.2f mul(rand) %8.2f mulCT(rand) %8.2f norm %8.2f\n", para.name, mcl::fp::ModeToStr(mode), addT, add2T, subT, dblT, mulT, mulCTT, mulRandT, mulCTRandT, normT);
+
+}
+void benchEc(size_t bitSize, int mode, mcl::ec::Mode ecMode)
+{
+ const struct mcl::EcParam tbl[] = {
+ mcl::ecparam::p160_1,
+ mcl::ecparam::secp160k1,
+ mcl::ecparam::secp192k1,
+ mcl::ecparam::NIST_P192,
+ mcl::ecparam::secp224k1,
+ mcl::ecparam::secp256k1,
+ mcl::ecparam::NIST_P224,
+ mcl::ecparam::NIST_P256,
+// mcl::ecparam::secp384r1,
+ mcl::ecparam::NIST_P384,
+// mcl::ecparam::secp521r1,
+ mcl::ecparam::NIST_P521,
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ if (bitSize != 0 && tbl[i].bitSize != bitSize) continue;
+ benchEcSub(tbl[i], mcl::fp::FP_AUTO, ecMode);
+ if (mode & 1) benchEcSub(tbl[i], mcl::fp::FP_GMP, ecMode);
+ if (mode & 2) benchEcSub(tbl[i], mcl::fp::FP_GMP_MONT, ecMode);
+#ifdef MCL_USE_LLVM
+ if (mode & 4) benchEcSub(tbl[i], mcl::fp::FP_LLVM, ecMode);
+ if (mode & 8) benchEcSub(tbl[i], mcl::fp::FP_LLVM_MONT, ecMode);
+#endif
+#ifdef MCL_USE_XBYAK
+ if (mode & 16) benchEcSub(tbl[i], mcl::fp::FP_XBYAK, ecMode);
+#endif
+ }
+}
+
+void benchToStr16()
+{
+ puts("benchToStr16");
+ const char *tbl[] = {
+ "0x0",
+ "0x5",
+ "0x123",
+ "0x123456789012345679adbc",
+ "0xffffffff26f2fc170f69466a74defd8d",
+ "0x100000000000000000000000000000033",
+ "0x11ee12312312940000000000000000000000000002342343"
+ };
+ Fp::init("0xffffffffffffffffffffffffffffffffffffffffffffff13");
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ char buf[128];
+ std::string str;
+ Fp x(tbl[i]);
+ CYBOZU_BENCH("fp::arrayToHex", mcl::fp::arrayToHex, buf, sizeof(buf), x.getUnit(), x.getUnitSize(), true);
+ mpz_class y(tbl[i]);
+ CYBOZU_BENCH("gmp:getStr ", mcl::gmp::getStr, str, y, 16);
+ }
+}
+
+void benchFromStr16()
+{
+ puts("benchFromStr16");
+ const char *tbl[] = {
+ "0",
+ "5",
+ "123",
+ "123456789012345679adbc",
+ "ffffffff26f2fc170f69466a74defd8d",
+ "100000000000000000000000000000033",
+ "11ee12312312940000000000000000000000000002342343"
+ };
+ Fp::init("0xffffffffffffffffffffffffffffffffffffffffffffff13");
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ std::string str = tbl[i];
+ Fp x;
+ const size_t N = 64;
+ mcl::fp::Unit buf[N];
+ CYBOZU_BENCH("fp:hexToArray", mcl::fp::hexToArray, buf, N, str.c_str(), str.size());
+
+ mpz_class y;
+ CYBOZU_BENCH("gmp:setStr ", mcl::gmp::setStr, y, str, 16);
+ }
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ size_t bitSize;
+ int mode;
+ bool ecOnly;
+ bool fpOnly;
+ bool misc;
+ mcl::ec::Mode ecMode;
+ std::string ecModeStr;
+ cybozu::Option opt;
+ opt.appendOpt(&bitSize, 0, "s", ": bitSize");
+ opt.appendOpt(&mode, 0, "m", ": mode(0:all, sum of 1:gmp, 2:gmp+mont, 4:llvm, 8:llvm+mont, 16:xbyak");
+ opt.appendBoolOpt(&ecOnly, "ec", ": ec only");
+ opt.appendBoolOpt(&fpOnly, "fp", ": fp only");
+ opt.appendBoolOpt(&misc, "misc", ": other benchmark");
+ opt.appendOpt(&ecModeStr, "jacobi", "ecmode", ": jacobi or proj");
+ opt.appendHelp("h", ": show this message");
+ if (!opt.parse(argc, argv)) {
+ opt.usage();
+ return 1;
+ }
+ if (ecModeStr == "jacobi") {
+ ecMode = mcl::ec::Jacobi;
+ } else if (ecModeStr == "proj") {
+ ecMode = mcl::ec::Proj;
+ } else {
+ printf("bad ecstr %s\n", ecModeStr.c_str());
+ opt.usage();
+ return 1;
+ }
+ if (mode < 0 || mode > 31) {
+ printf("bad mode %d\n", mode);
+ opt.usage();
+ return 1;
+ }
+ if (mode == 0) mode = 31;
+ if (misc) {
+ benchToStr16();
+ benchFromStr16();
+ } else {
+ if (!ecOnly) benchFp(bitSize, mode);
+ if (!fpOnly) {
+ printf("ecMode=%s\n", ecModeStr.c_str());
+ benchEc(bitSize, mode, ecMode);
+ }
+ }
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/bls_sig.cpp b/vendor/github.com/byzantine-lab/mcl/sample/bls_sig.cpp
new file mode 100644
index 000000000..d75f7d427
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/bls_sig.cpp
@@ -0,0 +1,70 @@
+/**
+ @file
+ @brief a sample of BLS signature
+ see https://github.com/herumi/bls
+ @author MITSUNARI Shigeo(@herumi)
+ @license modified new BSD license
+ http://opensource.org/licenses/BSD-3-Clause
+
+*/
+#include <mcl/bn256.hpp>
+#include <iostream>
+
+using namespace mcl::bn256;
+
+void Hash(G1& P, const std::string& m)
+{
+ Fp t;
+ t.setHashOf(m);
+ mapToG1(P, t);
+}
+
+void KeyGen(Fr& s, G2& pub, const G2& Q)
+{
+ s.setRand();
+ G2::mul(pub, Q, s); // pub = sQ
+}
+
+void Sign(G1& sign, const Fr& s, const std::string& m)
+{
+ G1 Hm;
+ Hash(Hm, m);
+ G1::mul(sign, Hm, s); // sign = s H(m)
+}
+
+bool Verify(const G1& sign, const G2& Q, const G2& pub, const std::string& m)
+{
+ Fp12 e1, e2;
+ G1 Hm;
+ Hash(Hm, m);
+ pairing(e1, sign, Q); // e1 = e(sign, Q)
+ pairing(e2, Hm, pub); // e2 = e(Hm, sQ)
+ return e1 == e2;
+}
+
+int main(int argc, char *argv[])
+{
+ std::string m = argc == 1 ? "hello mcl" : argv[1];
+
+ // setup parameter
+ initPairing();
+ G2 Q;
+ mapToG2(Q, 1);
+
+ // generate secret key and public key
+ Fr s;
+ G2 pub;
+ KeyGen(s, pub, Q);
+ std::cout << "secret key " << s << std::endl;
+ std::cout << "public key " << pub << std::endl;
+
+ // sign
+ G1 sign;
+ Sign(sign, s, m);
+ std::cout << "msg " << m << std::endl;
+ std::cout << "sign " << sign << std::endl;
+
+ // verify
+ bool ok = Verify(sign, Q, pub, m);
+ std::cout << "verify " << (ok ? "ok" : "ng") << std::endl;
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/ecdh.cpp b/vendor/github.com/byzantine-lab/mcl/sample/ecdh.cpp
new file mode 100644
index 000000000..d5c4a31b2
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/ecdh.cpp
@@ -0,0 +1,64 @@
+/*
+ sample of Elliptic Curve Diffie-Hellman key sharing
+*/
+#include <iostream>
+#include <fstream>
+#include <cybozu/random_generator.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/ecparam.hpp>
+
+typedef mcl::FpT<> Fp;
+typedef mcl::FpT<mcl::ZnTag> Zn;
+typedef mcl::EcT<Fp> Ec;
+
+int main()
+{
+ cybozu::RandomGenerator rg;
+ /*
+ system setup with a parameter secp192k1 recommended by SECG
+ Ec is an elliptic curve over Fp
+ the cyclic group of <P> is isomorphic to Zn
+ */
+ const mcl::EcParam& para = mcl::ecparam::secp192k1;
+ Zn::init(para.n);
+ Fp::init(para.p);
+ Ec::init(para.a, para.b);
+ const Ec P(Fp(para.gx), Fp(para.gy));
+
+ /*
+ Alice setups a private key a and public key aP
+ */
+ Zn a;
+ Ec aP;
+
+ a.setRand(rg);
+ Ec::mul(aP, P, a); // aP = a * P;
+
+ std::cout << "aP=" << aP << std::endl;
+
+ /*
+ Bob setups a private key b and public key bP
+ */
+ Zn b;
+ Ec bP;
+
+ b.setRand(rg);
+ Ec::mul(bP, P, b); // bP = b * P;
+
+ std::cout << "bP=" << bP << std::endl;
+
+ Ec abP, baP;
+
+ // Alice uses bP(B's public key) and a(A's priavte key)
+ Ec::mul(abP, bP, a); // abP = a * (bP)
+
+ // Bob uses aP(A's public key) and b(B's private key)
+ Ec::mul(baP, aP, b); // baP = b * (aP)
+
+ if (abP == baP) {
+ std::cout << "key sharing succeed:" << abP << std::endl;
+ } else {
+ std::cout << "ERR(not here)" << std::endl;
+ }
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/large.cpp b/vendor/github.com/byzantine-lab/mcl/sample/large.cpp
new file mode 100644
index 000000000..60b2ac900
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/large.cpp
@@ -0,0 +1,125 @@
+/*
+ large prime sample for 64-bit arch
+ make MCL_USE_LLVM=1 MCL_MAX_BIT_SIZE=768
+*/
+#include <mcl/fp.hpp>
+#include <cybozu/benchmark.hpp>
+#include <iostream>
+#include "../src/low_func.hpp"
+
+typedef mcl::FpT<> Fp;
+
+using namespace mcl::fp;
+const size_t N = 12;
+
+void testMul()
+{
+ Unit ux[N], uy[N], a[N * 2], b[N * 2];
+ for (size_t i = 0; i < N; i++) {
+ ux[i] = -i * i + 5;
+ uy[i] = -i * i + 9;
+ }
+ MulPreCore<N, Gtag>::f(a, ux, uy);
+ MulPreCore<N, Ltag>::f(b, ux, uy);
+ for (size_t i = 0; i < N * 2; i++) {
+ if (a[i] != b[i]) {
+ printf("ERR %016llx %016llx\n", (long long)a[i], (long long)b[i]);
+ }
+ }
+ puts("end testMul");
+ CYBOZU_BENCH("gmp ", (MulPreCore<N, Gtag>::f), ux, ux, uy);
+ CYBOZU_BENCH("kara", (MulPre<N, Gtag>::karatsuba), ux, ux, uy);
+}
+
+void mulGmp(mpz_class& z, const mpz_class& x, const mpz_class& y, const mpz_class& p)
+{
+ z = (x * y) % p;
+}
+void compareGmp(const std::string& pStr)
+{
+ Fp::init(pStr);
+ std::string xStr = "2104871209348712947120947102843728";
+ std::string s1, s2;
+ {
+ Fp x(xStr);
+ CYBOZU_BENCH_C("mul by mcl", 1000, Fp::mul, x, x, x);
+ std::ostringstream os;
+ os << x;
+ s1 = os.str();
+ }
+ {
+ const mpz_class p(pStr);
+ mpz_class x(xStr);
+ CYBOZU_BENCH_C("mul by GMP", 1000, mulGmp, x, x, x, p);
+ std::ostringstream os;
+ os << x;
+ s2 = os.str();
+ }
+ if (s1 != s2) {
+ puts("ERR");
+ }
+}
+
+void test(const std::string& pStr, mcl::fp::Mode mode)
+{
+ printf("test %s\n", mcl::fp::ModeToStr(mode));
+ Fp::init(pStr, mode);
+ const mcl::fp::Op& op = Fp::getOp();
+ printf("bitSize=%d\n", (int)Fp::getBitSize());
+ mpz_class p(pStr);
+ Fp x = 123456;
+ Fp y;
+ Fp::pow(y, x, p);
+ std::cout << y << std::endl;
+ if (x != y) {
+ std::cout << "err:pow:" << y << std::endl;
+ return;
+ }
+ const size_t N = 24;
+ mcl::fp::Unit ux[N], uy[N];
+ for (size_t i = 0; i < N; i++) {
+ ux[i] = -i * i + 5;
+ uy[i] = -i * i + 9;
+ }
+ CYBOZU_BENCH("mulPre", op.fpDbl_mulPre, ux, ux, uy);
+ CYBOZU_BENCH("sqrPre", op.fpDbl_sqrPre, ux, ux);
+ CYBOZU_BENCH("add", op.fpDbl_add, ux, ux, ux, op.p);
+ CYBOZU_BENCH("sub", op.fpDbl_sub, ux, ux, ux, op.p);
+ if (op.fpDbl_addPre) {
+ CYBOZU_BENCH("addPre", op.fpDbl_addPre, ux, ux, ux);
+ CYBOZU_BENCH("subPre", op.fpDbl_subPre, ux, ux, ux);
+ }
+ CYBOZU_BENCH("mont", op.fpDbl_mod, ux, ux, op.p);
+ CYBOZU_BENCH("mul", Fp::mul, x, x, x);
+ compareGmp(pStr);
+}
+
+void testAll(const std::string& pStr)
+{
+ test(pStr, mcl::fp::FP_GMP);
+ test(pStr, mcl::fp::FP_GMP_MONT);
+#ifdef MCL_USE_LLVM
+ test(pStr, mcl::fp::FP_LLVM);
+ test(pStr, mcl::fp::FP_LLVM_MONT);
+#endif
+ compareGmp(pStr);
+}
+int main()
+ try
+{
+ const char *pTbl[] = {
+ "40347654345107946713373737062547060536401653012956617387979052445947619094013143666088208645002153616185987062074179207",
+ "13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006083527",
+ "776259046150354467574489744231251277628443008558348305569526019013025476343188443165439204414323238975243865348565536603085790022057407195722143637520590569602227488010424952775132642815799222412631499596858234375446423426908029627",
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(pTbl); i++) {
+ testAll(pTbl[i]);
+ }
+ testMul();
+} catch (std::exception& e) {
+ printf("err %s\n", e.what());
+ puts("make clean");
+ puts("make -DMCL_MAX_BIT_SIZE=768");
+ return 1;
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/pairing.cpp b/vendor/github.com/byzantine-lab/mcl/sample/pairing.cpp
new file mode 100644
index 000000000..230583b6e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/pairing.cpp
@@ -0,0 +1,56 @@
+#include <mcl/bn256.hpp>
+
+using namespace mcl::bn256;
+
+void minimum_sample(const G1& P, const G2& Q)
+{
+ const mpz_class a = 123;
+ const mpz_class b = 456;
+ Fp12 e1, e2;
+ pairing(e1, P, Q);
+ G2 aQ;
+ G1 bP;
+ G2::mul(aQ, Q, a);
+ G1::mul(bP, P, b);
+ pairing(e2, bP, aQ);
+ Fp12::pow(e1, e1, a * b);
+ printf("%s\n", e1 == e2 ? "ok" : "ng");
+}
+
+void miller_and_finel_exp(const G1& P, const G2& Q)
+{
+ Fp12 e1, e2;
+ pairing(e1, P, Q);
+
+ millerLoop(e2, P, Q);
+ finalExp(e2, e2);
+ printf("%s\n", e1 == e2 ? "ok" : "ng");
+}
+
+void precomputed(const G1& P, const G2& Q)
+{
+ Fp12 e1, e2;
+ pairing(e1, P, Q);
+ std::vector<Fp6> Qcoeff;
+ precomputeG2(Qcoeff, Q);
+ precomputedMillerLoop(e2, P, Qcoeff);
+ finalExp(e2, e2);
+ printf("%s\n", e1 == e2 ? "ok" : "ng");
+}
+
+int main()
+{
+ const char *aa = "12723517038133731887338407189719511622662176727675373276651903807414909099441";
+ const char *ab = "4168783608814932154536427934509895782246573715297911553964171371032945126671";
+ const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
+ const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";
+
+ initPairing();
+ G2 Q(Fp2(aa, ab), Fp2(ba, bb));
+ G1 P(-1, 1);
+
+ minimum_sample(P, Q);
+ miller_and_finel_exp(P, Q);
+ precomputed(P, Q);
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/pairing_c.c b/vendor/github.com/byzantine-lab/mcl/sample/pairing_c.c
new file mode 100644
index 000000000..5c2cd222a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/pairing_c.c
@@ -0,0 +1,52 @@
+#include <stdio.h>
+#include <string.h>
+#define MCLBN_FP_UNIT_SIZE 4
+#include <mcl/bn.h>
+
+int g_err = 0;
+#define ASSERT(x) { if (!(x)) { printf("err %s:%d\n", __FILE__, __LINE__); g_err++; } }
+
+int main()
+{
+ char buf[1024];
+ const char *aStr = "123";
+ const char *bStr = "456";
+ mclBn_init(MCL_BN254, MCLBN_FP_UNIT_SIZE);
+ mclBnFr a, b, ab;
+ mclBnG1 P, aP;
+ mclBnG2 Q, bQ;
+ mclBnGT e, e1, e2;
+ mclBnFr_setStr(&a, aStr, strlen(aStr), 10);
+ mclBnFr_setStr(&b, bStr, strlen(bStr), 10);
+ mclBnFr_mul(&ab, &a, &b);
+ mclBnFr_getStr(buf, sizeof(buf), &ab, 10);
+ printf("%s x %s = %s\n", aStr, bStr, buf);
+
+ ASSERT(!mclBnG1_hashAndMapTo(&P, "this", 4));
+ ASSERT(!mclBnG2_hashAndMapTo(&Q, "that", 4));
+ mclBnG1_getStr(buf, sizeof(buf), &P, 16);
+ printf("P = %s\n", buf);
+ mclBnG2_getStr(buf, sizeof(buf), &Q, 16);
+ printf("Q = %s\n", buf);
+
+ mclBnG1_mul(&aP, &P, &a);
+ mclBnG2_mul(&bQ, &Q, &b);
+
+ mclBn_pairing(&e, &P, &Q);
+ mclBnGT_getStr(buf, sizeof(buf), &e, 16);
+ printf("e = %s\n", buf);
+ mclBnGT_pow(&e1, &e, &a);
+ mclBn_pairing(&e2, &aP, &Q);
+ ASSERT(mclBnGT_isEqual(&e1, &e2));
+
+ mclBnGT_pow(&e1, &e, &b);
+ mclBn_pairing(&e2, &P, &bQ);
+ ASSERT(mclBnGT_isEqual(&e1, &e2));
+ if (g_err) {
+ printf("err %d\n", g_err);
+ return 1;
+ } else {
+ printf("no err\n");
+ return 0;
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/random.cpp b/vendor/github.com/byzantine-lab/mcl/sample/random.cpp
new file mode 100644
index 000000000..a2a3619ad
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/random.cpp
@@ -0,0 +1,29 @@
+#include <mcl/fp.hpp>
+#include <mcl/gmp_util.hpp>
+#include <mcl/ecparam.hpp>
+#include <cybozu/random_generator.hpp>
+#include <map>
+#include <mcl/fp.hpp>
+typedef mcl::FpT<> Fp;
+
+typedef std::map<std::string, int> Map;
+
+int main(int argc, char *argv[])
+{
+ cybozu::RandomGenerator rg;
+ const char *p = mcl::ecparam::secp192k1.p;
+ if (argc == 2) {
+ p = argv[1];
+ }
+ Fp::init(p);
+ Fp x;
+ printf("p=%s\n", p);
+ Map m;
+ for (int i = 0; i < 10000; i++) {
+ x.setRand(rg);
+ m[x.getStr(16)]++;
+ }
+ for (Map::const_iterator i = m.begin(), ie = m.end(); i != ie; ++i) {
+ printf("%s %d\n", i->first.c_str(), i->second);
+ }
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/rawbench.cpp b/vendor/github.com/byzantine-lab/mcl/sample/rawbench.cpp
new file mode 100644
index 000000000..4d7506ef5
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/rawbench.cpp
@@ -0,0 +1,180 @@
+#define PUT(x) std::cout << #x "=" << (x) << std::endl
+#include <cybozu/benchmark.hpp>
+#include <cybozu/option.hpp>
+#include <cybozu/xorshift.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/fp_tower.hpp>
+
+typedef mcl::FpT<mcl::FpTag> Fp;
+typedef mcl::Fp2T<Fp> Fp2;
+typedef mcl::FpDblT<Fp> FpDbl;
+typedef mcl::Fp6T<Fp> Fp6;
+typedef mcl::Fp12T<Fp> Fp12;
+
+typedef mcl::fp::Unit Unit;
+
+void mul9(const mcl::fp::Op& op, Unit *y, const Unit *x, const Unit *p)
+{
+ const size_t maxN = sizeof(Fp) / sizeof(Unit);
+ Unit tmp[maxN];
+ op.fp_add(tmp, x, x, p); // 2x
+ op.fp_add(tmp, tmp, tmp, p); // 4x
+ op.fp_add(tmp, tmp, tmp, p); // 8x
+ op.fp_add(y, tmp, x, p); // 9x
+}
+
+void benchRaw(const char *p, mcl::fp::Mode mode)
+{
+ Fp::init(1, p, mode);
+ Fp2::init();
+ const size_t maxN = sizeof(Fp) / sizeof(Unit);
+ const mcl::fp::Op& op = Fp::getOp();
+ cybozu::XorShift rg;
+ Fp fx, fy;
+ fx.setRand(rg);
+ fy.setRand(rg);
+ Unit ux[maxN * 2] = {};
+ Unit uy[maxN * 2] = {};
+ Unit uz[maxN * 2] = {};
+ memcpy(ux, fx.getUnit(), sizeof(Unit) * op.N);
+ memcpy(ux + op.N, fx.getUnit(), sizeof(Unit) * op.N);
+ memcpy(uy, fy.getUnit(), sizeof(Unit) * op.N);
+ memcpy(ux + op.N, fx.getUnit(), sizeof(Unit) * op.N);
+ double fp_addT, fp_subT;
+ double fp_addPreT, fp_subPreT;
+ double fp_sqrT, fp_mulT;
+ double fp_mulUnitT;
+ double mul9T;
+ double fp_mulUnitPreT;
+ double fpN1_modT;
+ double fpDbl_addT, fpDbl_subT;
+ double fpDbl_sqrPreT, fpDbl_mulPreT, fpDbl_modT;
+ double fp2_sqrT, fp2_mulT;
+ CYBOZU_BENCH_T(fp_addT, op.fp_add, uz, ux, uy, op.p);
+ CYBOZU_BENCH_T(fp_subT, op.fp_sub, uz, uy, ux, op.p);
+ CYBOZU_BENCH_T(fp_addPreT, op.fp_addPre, uz, ux, uy);
+ CYBOZU_BENCH_T(fp_subPreT, op.fp_subPre, uz, uy, ux);
+ CYBOZU_BENCH_T(fp_sqrT, op.fp_sqr, uz, ux, op.p);
+ CYBOZU_BENCH_T(fp_mulT, op.fp_mul, uz, ux, uy, op.p);
+ CYBOZU_BENCH_T(fp_mulUnitT, op.fp_mulUnit, uz, ux, 9, op.p);
+ CYBOZU_BENCH_T(mul9T, mul9, op, uz, ux, op.p);
+ CYBOZU_BENCH_T(fp_mulUnitPreT, op.fp_mulUnitPre, ux, ux, 9);
+ CYBOZU_BENCH_T(fpN1_modT, op.fpN1_mod, ux, uy, op.p);
+ CYBOZU_BENCH_T(fpDbl_addT, op.fpDbl_add, uz, ux, uy, op.p);
+ CYBOZU_BENCH_T(fpDbl_subT, op.fpDbl_sub, uz, uy, ux, op.p);
+ CYBOZU_BENCH_T(fpDbl_sqrPreT, op.fpDbl_sqrPre, uz, ux);
+ CYBOZU_BENCH_T(fpDbl_mulPreT, op.fpDbl_mulPre, uz, ux, uy);
+ CYBOZU_BENCH_T(fpDbl_modT, op.fpDbl_mod, uz, ux, op.p);
+ Fp2 f2x, f2y;
+ f2x.a = fx;
+ f2x.b = fy;
+ f2y = f2x;
+ CYBOZU_BENCH_T(fp2_sqrT, Fp2::sqr, f2x, f2x);
+ CYBOZU_BENCH_T(fp2_mulT, Fp2::mul, f2x, f2x, f2y);
+ printf("%s\n", mcl::fp::ModeToStr(mode));
+ const char *tStrTbl[] = {
+ "fp_add", "fp_sub",
+ "addPre", "subPre",
+ "fp_sqr", "fp_mul",
+ "mulUnit",
+ "mul9",
+ "mulUnitP",
+ "fpN1_mod",
+ "D_add", "D_sub",
+ "D_sqrPre", "D_mulPre", "D_mod",
+ "fp2_sqr", "fp2_mul",
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tStrTbl); i++) {
+ printf(" %8s", tStrTbl[i]);
+ }
+ printf("\n");
+ const double tTbl[] = {
+ fp_addT, fp_subT,
+ fp_addPreT, fp_subPreT,
+ fp_sqrT, fp_mulT,
+ fp_mulUnitT,
+ mul9T,
+ fp_mulUnitPreT,
+ fpN1_modT,
+ fpDbl_addT, fpDbl_subT,
+ fpDbl_sqrPreT, fpDbl_mulPreT, fpDbl_modT,
+ fp2_sqrT, fp2_mulT,
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tTbl); i++) {
+ printf(" %8.2f", tTbl[i]);
+ }
+ printf("\n");
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ cybozu::Option opt;
+ size_t bitSize;
+ opt.appendOpt(&bitSize, 0, "s", ": bitSize");
+ opt.appendHelp("h", ": show this message");
+ if (!opt.parse(argc, argv)) {
+ opt.usage();
+ return 1;
+ }
+ const char *tbl[] = {
+ // N = 2
+ "0x0000000000000001000000000000000d",
+ "0x7fffffffffffffffffffffffffffffff",
+ "0x8000000000000000000000000000001d",
+ "0xffffffffffffffffffffffffffffff61",
+
+ // N = 3
+ "0x000000000000000100000000000000000000000000000033", // min prime
+ "0x70000000000000000000000000000000000000000000001f",
+ "0x800000000000000000000000000000000000000000000005",
+ "0xfffffffffffffffffffffffe26f2fc170f69466a74defd8d",
+ "0xfffffffffffffffffffffffffffffffeffffffffffffffff",
+ "0xffffffffffffffffffffffffffffffffffffffffffffff13", // max prime
+
+ // N = 4
+ "0x0000000000000001000000000000000000000000000000000000000000000085", // min prime
+ "0x2523648240000001ba344d80000000086121000000000013a700000000000013", // BN254
+ "0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47", // Snark
+ "0x7523648240000001ba344d80000000086121000000000013a700000000000017",
+ "0x800000000000000000000000000000000000000000000000000000000000005f",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff43", // max prime
+ // N = 5
+ "0x80000000000000000000000000000000000000000000000000000000000000000000000000000009",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3b",
+ // N = 6
+ "0x800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000171",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec3",
+ // N = 7
+ "0x8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000063",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff35",
+ // N = 8
+ "0x8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006f",
+ "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffdc7",
+#if MCL_MAX_BIT_SIZE == 1024
+ "0xc70b1ddda9b96e3965e5855942aa5852d8f8e052c760ac32cdfec16a2ed3d56981e1a475e20a70144ed2f5061ba64900f69451492803f815d446ee133d0668f7a7f3276d6301c95ce231f0e4b0d0f3882f10014fca04454cff55d2e2d4cfc1aad33b8d38397e2fc8b623177e63d0b783269c40a85b8f105654783b8ed2e737df",
+ "0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff97",
+#endif
+ };
+ for (size_t i = 0; i < CYBOZU_NUM_OF_ARRAY(tbl); i++) {
+ const char *p = tbl[i];
+ if (bitSize > 0 && (strlen(p) - 2) * 4 != bitSize) {
+ continue;
+ }
+ printf("prime=%s\n", p);
+ benchRaw(tbl[i], mcl::fp::FP_GMP);
+ benchRaw(tbl[i], mcl::fp::FP_GMP_MONT);
+#ifdef MCL_USE_LLVM
+ benchRaw(tbl[i], mcl::fp::FP_LLVM);
+ benchRaw(tbl[i], mcl::fp::FP_LLVM_MONT);
+#endif
+#ifdef MCL_USE_XBYAK
+ if (bitSize <= 384) {
+ benchRaw(tbl[i], mcl::fp::FP_XBYAK);
+ }
+#endif
+ }
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+ return 1;
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/she_make_dlp_table.cpp b/vendor/github.com/byzantine-lab/mcl/sample/she_make_dlp_table.cpp
new file mode 100644
index 000000000..41f18e225
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/she_make_dlp_table.cpp
@@ -0,0 +1,69 @@
+/*
+ make she DLP table
+*/
+#include <mcl/she.hpp>
+#include <cybozu/option.hpp>
+#include <fstream>
+
+using namespace mcl::she;
+
+struct Param {
+ int curveType;
+ int hashBitSize;
+ int group;
+ std::string path;
+};
+
+template<class HashTable, class G>
+void makeTable(const Param& param, const char *groupStr, HashTable& hashTbl, const G& P)
+{
+ char baseName[32];
+ CYBOZU_SNPRINTF(baseName, sizeof(baseName), "she-dlp-%d-%d-%s.bin", param.curveType, param.hashBitSize, groupStr);
+ const std::string fileName = param.path + baseName;
+ printf("file=%s\n", fileName.c_str());
+ std::ofstream ofs(fileName.c_str(), std::ios::binary);
+
+ const size_t hashSize = 1u << param.hashBitSize;
+ hashTbl.init(P, hashSize);
+ hashTbl.save(ofs);
+}
+
+void run(const Param& param)
+{
+ SHE::init(mcl::getCurveParam(param.curveType));
+
+ switch (param.group) {
+ case 1:
+ makeTable(param, "g1", getHashTableG1(), SHE::P_);
+ break;
+ case 2:
+ makeTable(param, "g2", getHashTableG2(), SHE::Q_);
+ break;
+ case 3:
+ makeTable(param, "gt", getHashTableGT(), SHE::ePQ_);
+ break;
+ default:
+ throw cybozu::Exception("bad group") << param.group;
+ }
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ cybozu::Option opt;
+ Param param;
+ opt.appendOpt(&param.curveType, 0, "ct", ": curveType(0:BN254, 1:BN381_1, 5:BLS12_381)");
+ opt.appendOpt(&param.hashBitSize, 20, "hb", ": hash bit size");
+ opt.appendOpt(&param.group, 3, "g", ": group(1:G1, 2:G2, 3:GT");
+ opt.appendOpt(&param.path, "./", "path", ": path to table");
+ opt.appendHelp("h");
+ if (opt.parse(argc, argv)) {
+ run(param);
+ } else {
+ opt.usage();
+ return 1;
+ }
+} catch (std::exception& e) {
+ printf("err %s\n", e.what());
+ return 1;
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/she_smpl.cpp b/vendor/github.com/byzantine-lab/mcl/sample/she_smpl.cpp
new file mode 100644
index 000000000..e01b9c130
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/she_smpl.cpp
@@ -0,0 +1,125 @@
+/*
+ sample of somewhat homomorphic encryption(SHE)
+*/
+#define PUT(x) std::cout << #x << "=" << (x) << std::endl;
+#include <cybozu/benchmark.hpp>
+#include <mcl/she.hpp>
+
+using namespace mcl::she;
+
+void miniSample()
+{
+ // init library
+ SHE::init();
+
+ SecretKey sec;
+
+ // init secret key by random_device
+ sec.setByCSPRNG();
+
+ // set range to decode GT DLP
+ SHE::setRangeForDLP(1000);
+
+ PublicKey pub;
+ // get public key
+ sec.getPublicKey(pub);
+
+ const int N = 5;
+ int a[] = { 1, 5, -3, 4, 6 };
+ int b[] = { 4, 2, 1, 9, -2 };
+ // compute correct value
+ int sum = 0;
+ for (size_t i = 0; i < N; i++) {
+ sum += a[i] * b[i];
+ }
+
+ std::vector<CipherText> ca(N), cb(N);
+
+ // encrypt each a[] and b[]
+ for (size_t i = 0; i < N; i++) {
+ pub.enc(ca[i], a[i]);
+ pub.enc(cb[i], b[i]);
+ }
+ CipherText c;
+ c.clearAsMultiplied(); // clear as multiplied before using c.add()
+ // inner product of encrypted vector
+ for (size_t i = 0; i < N; i++) {
+ CipherText t;
+ CipherText::mul(t, ca[i], cb[i]); // t = ca[i] * cb[i]
+ c.add(t); // c += t
+ }
+ // decode it
+ int m = (int)sec.dec(c);
+ // verify the value
+ if (m == sum) {
+ puts("ok");
+ } else {
+ printf("err correct %d err %d\n", sum, m);
+ }
+}
+
+void usePrimitiveCipherText()
+{
+ // init library
+ SHE::init();
+
+ SecretKey sec;
+
+ // init secret key by random_device
+ sec.setByCSPRNG();
+
+ // set range to decode GT DLP
+ SHE::setRangeForGTDLP(100);
+
+ PublicKey pub;
+ // get public key
+ sec.getPublicKey(pub);
+
+ int a1 = 1, a2 = 2;
+ int b1 = 5, b2 = -4;
+ CipherTextG1 c1, c2; // size of CipherTextG1 = N * 2 ; N = 256-bit for CurveFp254BNb
+ CipherTextG2 d1, d2; // size of CipherTextG2 = N * 4
+ pub.enc(c1, a1);
+ pub.enc(c2, a2);
+ pub.enc(d1, b1);
+ pub.enc(d2, b2);
+ c1.add(c2); // CipherTextG1 is additive HE
+ d1.add(d2); // CipherTextG2 is additive HE
+ CipherTextGT cm; // size of CipherTextGT = N * 12 * 4
+ CipherTextGT::mul(cm, c1, d1); // cm = c1 * d1
+ cm.add(cm); // 2cm
+ int m = (int)sec.dec(cm);
+ int ok = (a1 + a2) * (b1 + b2) * 2;
+ if (m == ok) {
+ puts("ok");
+ } else {
+ printf("err m=%d ok=%d\n", m, ok);
+ }
+ std::string s;
+ s = c1.getStr(mcl::IoSerialize); // serialize
+ printf("c1 data size %d byte\n", (int)s.size());
+
+ c2.setStr(s, mcl::IoSerialize);
+ printf("deserialize %s\n", c1 == c2 ? "ok" : "ng");
+
+ s = d1.getStr(mcl::IoSerialize); // serialize
+ printf("d1 data size %d byte\n", (int)s.size());
+ d2.setStr(s, mcl::IoSerialize);
+ printf("deserialize %s\n", d1 == d2 ? "ok" : "ng");
+
+ s = cm.getStr(mcl::IoSerialize); // serialize
+ printf("cm data size %d byte\n", (int)s.size());
+ CipherTextGT cm2;
+ cm2.setStr(s, mcl::IoSerialize);
+ printf("deserialize %s\n", cm == cm2 ? "ok" : "ng");
+}
+
+int main()
+ try
+{
+ miniSample();
+ usePrimitiveCipherText();
+} catch (std::exception& e) {
+ printf("err %s\n", e.what());
+ return 1;
+}
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/tri-dh.cpp b/vendor/github.com/byzantine-lab/mcl/sample/tri-dh.cpp
new file mode 100644
index 000000000..8b720edbf
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/tri-dh.cpp
@@ -0,0 +1,97 @@
+/*
+ tripartie Diffie-Hellman
+*/
+#include <iostream>
+#include <fstream>
+#include <cybozu/random_generator.hpp>
+#include <mcl/bn256.hpp>
+#include <cybozu/option.hpp>
+
+static cybozu::RandomGenerator rg;
+
+const std::string skSuf = ".sk.txt";
+const std::string pkSuf = ".pk.txt";
+
+using namespace mcl::bn256;
+
+void keygen(const std::string& user)
+{
+ if (user.empty()) {
+ throw cybozu::Exception("keygen:user is empty");
+ }
+ const char *aa = "12723517038133731887338407189719511622662176727675373276651903807414909099441";
+ const char *ab = "4168783608814932154536427934509895782246573715297911553964171371032945126671";
+ const char *ba = "13891744915211034074451795021214165905772212241412891944830863846330766296736";
+ const char *bb = "7937318970632701341203597196594272556916396164729705624521405069090520231616";
+
+
+ initPairing();
+ G2 Q(Fp2(aa, ab), Fp2(ba, bb));
+ G1 P(-1, 1);
+
+ Fr s;
+ s.setRand(rg);
+ G1::mul(P, P, s);
+ G2::mul(Q, Q, s);
+ {
+ std::string name = user + skSuf;
+ std::ofstream ofs(name.c_str(), std::ios::binary);
+ ofs << s << std::endl;
+ }
+ {
+ std::string name = user + pkSuf;
+ std::ofstream ofs(name.c_str(), std::ios::binary);
+ ofs << P << std::endl;
+ ofs << Q << std::endl;
+ }
+}
+
+void load(G1& P, G2& Q, const std::string& fileName)
+{
+ std::ifstream ifs(fileName.c_str(), std::ios::binary);
+ ifs >> P >> Q;
+}
+
+void share(const std::string& skFile, const std::string& pk1File, const std::string& pk2File)
+{
+ initPairing();
+ Fr s;
+ G1 P1, P2;
+ G2 Q1, Q2;
+ {
+ std::ifstream ifs(skFile.c_str(), std::ios::binary);
+ ifs >> s;
+ }
+ load(P1, Q1, pk1File);
+ load(P2, Q2, pk2File);
+ Fp12 e;
+ pairing(e, P1, Q2);
+ {
+ // verify(not necessary)
+ Fp12 e2;
+ pairing(e2, P2, Q1);
+ if (e != e2) {
+ throw cybozu::Exception("share:bad public key file") << e << e2;
+ }
+ }
+ Fp12::pow(e, e, s);
+ std::cout << "share key:\n" << e << std::endl;
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ if (argc == 3 && strcmp(argv[1], "keygen") == 0) {
+ keygen(argv[2]);
+ } else if (argc == 5 && strcmp(argv[1], "share") == 0) {
+ share(argv[2], argv[3], argv[4]);
+ } else {
+ fprintf(stderr, "tri-dh.exe keygen <user name>\n");
+ fprintf(stderr, "tri-dh.exe share <secret key file> <public key1 file> <public key2 file>\n");
+ return 1;
+ }
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+ return 1;
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/sample/vote.cpp b/vendor/github.com/byzantine-lab/mcl/sample/vote.cpp
new file mode 100644
index 000000000..88137187c
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/sample/vote.cpp
@@ -0,0 +1,206 @@
+/*
+ vote sample tool
+ Copyright (c) 2014, National Institute of Advanced Industrial
+ Science and Technology All rights reserved.
+ This source file is subject to BSD 3-Clause license.
+
+ modifyed for mcl by herumi
+*/
+#include <iostream>
+#include <fstream>
+#include <cybozu/random_generator.hpp>
+#include <cybozu/option.hpp>
+#include <cybozu/itoa.hpp>
+#include <mcl/fp.hpp>
+#include <mcl/ec.hpp>
+#include <mcl/elgamal.hpp>
+#include <mcl/ecparam.hpp>
+
+typedef mcl::FpT<> Fp;
+typedef mcl::FpT<mcl::ZnTag> Zn; // use ZnTag because Zn is different class with Fp
+typedef mcl::EcT<Fp> Ec;
+typedef mcl::ElgamalT<Ec, Zn> Elgamal;
+
+cybozu::RandomGenerator rg;
+
+const std::string pubFile = "vote_pub.txt";
+const std::string prvFile = "vote_prv.txt";
+const std::string resultFile = "vote_ret.txt";
+
+std::string GetSheetName(size_t n)
+{
+ return std::string("vote_") + cybozu::itoa(n) + ".txt";
+}
+
+struct Param {
+ std::string mode;
+ std::string voteList;
+ Param(int argc, const char *const argv[])
+ {
+ cybozu::Option opt;
+ opt.appendOpt(&voteList, "11001100", "l", ": list of voters for vote mode(eg. 11001100)");
+ opt.appendHelp("h", ": put this message");
+ opt.appendParam(&mode, "mode", ": init/vote/count/open");
+ if (!opt.parse(argc, argv)) {
+ opt.usage();
+ exit(1);
+ }
+ printf("mode=%s\n", mode.c_str());
+ if (mode == "vote") {
+ printf("voters=%s\n", voteList.c_str());
+ size_t pos = voteList.find_first_not_of("01");
+ if (pos != std::string::npos) {
+ printf("bad char %c\n", voteList[pos]);
+ exit(1);
+ }
+ }
+ }
+};
+
+void SysInit()
+{
+ const mcl::EcParam& para = mcl::ecparam::secp192k1;
+ Zn::init(para.n);
+ Fp::init(para.p);
+ Ec::init(para.a, para.b);
+}
+
+template<class T>
+bool Load(T& t, const std::string& name, bool doThrow = true)
+{
+ std::ifstream ifs(name.c_str(), std::ios::binary);
+ if (!ifs) {
+ if (doThrow) throw cybozu::Exception("Load:can't read") << name;
+ return false;
+ }
+ if (ifs >> t) return true;
+ if (doThrow) throw cybozu::Exception("Load:bad data") << name;
+ return false;
+}
+
+template<class T>
+void Save(const std::string& name, const T& t)
+{
+ std::ofstream ofs(name.c_str(), std::ios::binary);
+ ofs << t;
+}
+
+void Init()
+{
+ const mcl::EcParam& para = mcl::ecparam::secp192k1;
+ const Fp x0(para.gx);
+ const Fp y0(para.gy);
+ const Ec P(x0, y0);
+ const size_t bitSize = para.bitSize;
+
+ Elgamal::PrivateKey prv;
+ prv.init(P, bitSize, rg);
+ const Elgamal::PublicKey& pub = prv.getPublicKey();
+ printf("make privateKey=%s, publicKey=%s\n", prvFile.c_str(), pubFile.c_str());
+ Save(prvFile, prv);
+ Save(pubFile, pub);
+}
+
+struct CipherWithZkp {
+ Elgamal::CipherText c;
+ Elgamal::Zkp zkp;
+ bool verify(const Elgamal::PublicKey& pub) const
+ {
+ return pub.verify(c, zkp);
+ }
+};
+
+inline std::ostream& operator<<(std::ostream& os, const CipherWithZkp& self)
+{
+ return os << self.c << std::endl << self.zkp;
+}
+inline std::istream& operator>>(std::istream& is, CipherWithZkp& self)
+{
+ return is >> self.c >> self.zkp;
+}
+
+void Vote(const std::string& voteList)
+{
+ Elgamal::PublicKey pub;
+ Load(pub, pubFile);
+ puts("shuffle");
+ std::vector<size_t> idxTbl(voteList.size());
+ for (size_t i = 0; i < idxTbl.size(); i++) {
+ idxTbl[i] = i;
+ }
+ cybozu::shuffle(idxTbl, rg);
+ puts("each voter votes");
+ for (size_t i = 0; i < voteList.size(); i++) {
+ CipherWithZkp c;
+ pub.encWithZkp(c.c, c.zkp, voteList[i] - '0', rg);
+ const std::string sheetName = GetSheetName(idxTbl[i]);
+ printf("make %s\n", sheetName.c_str());
+ Save(sheetName, c);
+ }
+}
+
+void Count()
+{
+ Elgamal::PublicKey pub;
+ Load(pub, pubFile);
+ Elgamal::CipherText result;
+ puts("aggregate votes");
+ for (size_t i = 0; ; i++) {
+ const std::string sheetName = GetSheetName(i);
+ CipherWithZkp c;
+ if (!Load(c, sheetName, false)) break;
+ if (!c.verify(pub)) throw cybozu::Exception("bad cipher text") << i;
+ printf("add %s\n", sheetName.c_str());
+ result.add(c.c);
+ }
+ printf("create result file : %s\n", resultFile.c_str());
+ Save(resultFile, result);
+}
+
+void Open()
+{
+ Elgamal::PrivateKey prv;
+ Load(prv, prvFile);
+ Elgamal::CipherText c;
+ Load(c, resultFile);
+ Zn n;
+ prv.dec(n, c);
+ std::cout << "result of vote count " << n << std::endl;
+#if 0
+ puts("open real value");
+ for (size_t i = 0; ; i++) {
+ Elgamal::CipherText c;
+ const std::string sheetName = GetSheetName(i);
+ if (!Load(c, sheetName, false)) break;
+ Zn n;
+ prv.dec(n, c);
+ std::cout << sheetName << " " << n << std::endl;
+ }
+#endif
+}
+
+int main(int argc, char *argv[])
+ try
+{
+ const Param p(argc, argv);
+ SysInit();
+ if (p.mode == "init") {
+ Init();
+ } else
+ if (p.mode == "vote") {
+ Vote(p.voteList);
+ } else
+ if (p.mode == "count") {
+ Count();
+ } else
+ if (p.mode == "open") {
+ Open();
+ } else
+ {
+ printf("bad mode=%s\n", p.mode.c_str());
+ return 1;
+ }
+} catch (std::exception& e) {
+ printf("ERR %s\n", e.what());
+}
+
diff --git a/vendor/github.com/byzantine-lab/mcl/setvar.bat b/vendor/github.com/byzantine-lab/mcl/setvar.bat
new file mode 100644
index 000000000..1d57fa69e
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/setvar.bat
@@ -0,0 +1,2 @@
+set CFLAGS=/MT /DNOMINMAX /Ox /DNDEBUG /W4 /Zi /EHsc /nologo -I./include -I../cybozulib_ext/include
+set LDFLAGS=/LIBPATH:..\cybozulib_ext\lib /LIBPATH:.\lib
diff --git a/vendor/github.com/byzantine-lab/mcl/src/asm/aarch64.s b/vendor/github.com/byzantine-lab/mcl/src/asm/aarch64.s
new file mode 100644
index 000000000..a49a36e3a
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/src/asm/aarch64.s
@@ -0,0 +1,13197 @@
+ .text
+ .file "<stdin>"
+ .globl makeNIST_P192L
+ .align 2
+ .type makeNIST_P192L,@function
+makeNIST_P192L: // @makeNIST_P192L
+// BB#0:
+ movn x0, #0
+ orr x1, xzr, #0xfffffffffffffffe
+ movn x2, #0
+ ret
+.Lfunc_end0:
+ .size makeNIST_P192L, .Lfunc_end0-makeNIST_P192L
+
+ .globl mcl_fpDbl_mod_NIST_P192L
+ .align 2
+ .type mcl_fpDbl_mod_NIST_P192L,@function
+mcl_fpDbl_mod_NIST_P192L: // @mcl_fpDbl_mod_NIST_P192L
+// BB#0:
+ ldp x8, x9, [x1, #16]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x1]
+ orr w14, wzr, #0x1
+ adds x13, x11, x13
+ adcs x8, x8, xzr
+ adcs x15, xzr, xzr
+ adds x12, x12, x9
+ adcs x13, x13, x10
+ adcs x8, x8, x11
+ adcs x15, x15, xzr
+ adds x11, x12, x11
+ movn x12, #0
+ adcs x9, x13, x9
+ adcs x8, x8, x10
+ adcs x10, x15, xzr
+ adds x11, x10, x11
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ adcs x10, xzr, xzr
+ adds x13, x11, #1 // =1
+ adcs x14, x9, x14
+ adcs x15, x8, xzr
+ adcs x10, x10, x12
+ tst x10, #0x1
+ csel x10, x11, x13, ne
+ csel x9, x9, x14, ne
+ csel x8, x8, x15, ne
+ stp x10, x9, [x0]
+ str x8, [x0, #16]
+ ret
+.Lfunc_end1:
+ .size mcl_fpDbl_mod_NIST_P192L, .Lfunc_end1-mcl_fpDbl_mod_NIST_P192L
+
+ .globl mcl_fp_sqr_NIST_P192L
+ .align 2
+ .type mcl_fp_sqr_NIST_P192L,@function
+mcl_fp_sqr_NIST_P192L: // @mcl_fp_sqr_NIST_P192L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldr x10, [x1, #16]
+ orr w11, wzr, #0x1
+ umulh x12, x8, x8
+ mul x13, x9, x8
+ mul x14, x10, x8
+ umulh x15, x9, x8
+ adds x12, x12, x13
+ umulh x16, x10, x8
+ adcs x17, x15, x14
+ adcs x18, x16, xzr
+ mul x1, x9, x9
+ mul x2, x10, x9
+ adds x15, x15, x1
+ umulh x1, x9, x9
+ umulh x9, x10, x9
+ adcs x1, x1, x2
+ adcs x3, x9, xzr
+ adds x12, x13, x12
+ adcs x13, x15, x17
+ adcs x15, x1, x18
+ movn x17, #0
+ umulh x18, x10, x10
+ mul x10, x10, x10
+ mul x8, x8, x8
+ adcs x1, x3, xzr
+ adds x16, x16, x2
+ adcs x9, x9, x10
+ adcs x10, x18, xzr
+ adds x13, x14, x13
+ adcs x14, x16, x15
+ adcs x9, x9, x1
+ adcs x10, x10, xzr
+ adds x12, x12, x10
+ adcs x13, x13, xzr
+ adcs x15, xzr, xzr
+ adds x8, x8, x14
+ adcs x12, x12, x9
+ adcs x13, x13, x10
+ adcs x15, x15, xzr
+ adds x8, x8, x10
+ adcs x10, x12, x14
+ adcs x9, x13, x9
+ adcs x12, x15, xzr
+ adds x8, x12, x8
+ adcs x10, x12, x10
+ adcs x9, x9, xzr
+ adcs x12, xzr, xzr
+ adds x13, x8, #1 // =1
+ adcs x11, x10, x11
+ adcs x14, x9, xzr
+ adcs x12, x12, x17
+ tst x12, #0x1
+ csel x8, x8, x13, ne
+ csel x10, x10, x11, ne
+ csel x9, x9, x14, ne
+ stp x8, x10, [x0]
+ str x9, [x0, #16]
+ ret
+.Lfunc_end2:
+ .size mcl_fp_sqr_NIST_P192L, .Lfunc_end2-mcl_fp_sqr_NIST_P192L
+
+ .globl mcl_fp_mulNIST_P192L
+ .align 2
+ .type mcl_fp_mulNIST_P192L,@function
+mcl_fp_mulNIST_P192L: // @mcl_fp_mulNIST_P192L
+// BB#0:
+ stp x20, x19, [sp, #-32]!
+ stp x29, x30, [sp, #16]
+ add x29, sp, #16 // =16
+ sub sp, sp, #48 // =48
+ mov x19, x0
+ mov x0, sp
+ bl mcl_fpDbl_mulPre3L
+ ldp x9, x8, [sp, #8]
+ ldp x11, x10, [sp, #32]
+ ldr x12, [sp, #24]
+ ldr x13, [sp]
+ orr w14, wzr, #0x1
+ adds x9, x10, x9
+ adcs x8, x8, xzr
+ adcs x15, xzr, xzr
+ adds x13, x13, x12
+ adcs x9, x9, x11
+ adcs x8, x8, x10
+ adcs x15, x15, xzr
+ adds x10, x13, x10
+ movn x13, #0
+ adcs x9, x9, x12
+ adcs x8, x8, x11
+ adcs x11, x15, xzr
+ adds x10, x11, x10
+ adcs x9, x11, x9
+ adcs x8, x8, xzr
+ adcs x11, xzr, xzr
+ adds x12, x10, #1 // =1
+ adcs x14, x9, x14
+ adcs x15, x8, xzr
+ adcs x11, x11, x13
+ tst x11, #0x1
+ csel x10, x10, x12, ne
+ csel x9, x9, x14, ne
+ csel x8, x8, x15, ne
+ stp x10, x9, [x19]
+ str x8, [x19, #16]
+ sub sp, x29, #16 // =16
+ ldp x29, x30, [sp, #16]
+ ldp x20, x19, [sp], #32
+ ret
+.Lfunc_end3:
+ .size mcl_fp_mulNIST_P192L, .Lfunc_end3-mcl_fp_mulNIST_P192L
+
+ .globl mcl_fpDbl_mod_NIST_P521L
+ .align 2
+ .type mcl_fpDbl_mod_NIST_P521L,@function
+mcl_fpDbl_mod_NIST_P521L: // @mcl_fpDbl_mod_NIST_P521L
+// BB#0:
+ stp x29, x30, [sp, #-16]!
+ mov x29, sp
+ ldp x8, x9, [x1, #112]
+ ldr x10, [x1, #128]
+ ldp x11, x12, [x1, #96]
+ ldp x13, x14, [x1, #80]
+ ldp x15, x16, [x1, #64]
+ ldp x17, x18, [x1, #48]
+ ldp x2, x3, [x1, #32]
+ ldp x4, x5, [x1, #16]
+ ldp x6, x1, [x1]
+ extr x7, x10, x9, #9
+ extr x9, x9, x8, #9
+ extr x8, x8, x12, #9
+ extr x12, x12, x11, #9
+ extr x11, x11, x14, #9
+ extr x14, x14, x13, #9
+ extr x13, x13, x16, #9
+ extr x16, x16, x15, #9
+ and x15, x15, #0x1ff
+ lsr x10, x10, #9
+ adds x16, x16, x6
+ adcs x13, x13, x1
+ adcs x14, x14, x4
+ adcs x11, x11, x5
+ adcs x12, x12, x2
+ adcs x1, x8, x3
+ adcs x17, x9, x17
+ adcs x18, x7, x18
+ adcs x2, x10, x15
+ ubfx x8, x2, #9, #1
+ adds x8, x8, x16
+ adcs x9, x13, xzr
+ and x13, x9, x8
+ adcs x10, x14, xzr
+ and x13, x13, x10
+ adcs x11, x11, xzr
+ and x13, x13, x11
+ adcs x12, x12, xzr
+ and x14, x13, x12
+ adcs x13, x1, xzr
+ and x15, x14, x13
+ adcs x14, x17, xzr
+ and x16, x15, x14
+ adcs x15, x18, xzr
+ and x17, x16, x15
+ adcs x16, x2, xzr
+ orr x18, x16, #0xfffffffffffffe00
+ and x17, x17, x18
+ cmn x17, #1 // =1
+ b.eq .LBB4_2
+// BB#1: // %nonzero
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ stp x14, x15, [x0, #48]
+ and x8, x16, #0x1ff
+ str x8, [x0, #64]
+ ldp x29, x30, [sp], #16
+ ret
+.LBB4_2: // %zero
+ mov w1, wzr
+ movz w2, #0x48
+ bl memset
+ ldp x29, x30, [sp], #16
+ ret
+.Lfunc_end4:
+ .size mcl_fpDbl_mod_NIST_P521L, .Lfunc_end4-mcl_fpDbl_mod_NIST_P521L
+
+ .globl mcl_fp_mulUnitPre1L
+ .align 2
+ .type mcl_fp_mulUnitPre1L,@function
+mcl_fp_mulUnitPre1L: // @mcl_fp_mulUnitPre1L
+// BB#0:
+ ldr x8, [x1]
+ mul x9, x8, x2
+ umulh x8, x8, x2
+ stp x9, x8, [x0]
+ ret
+.Lfunc_end5:
+ .size mcl_fp_mulUnitPre1L, .Lfunc_end5-mcl_fp_mulUnitPre1L
+
+ .globl mcl_fpDbl_mulPre1L
+ .align 2
+ .type mcl_fpDbl_mulPre1L,@function
+mcl_fpDbl_mulPre1L: // @mcl_fpDbl_mulPre1L
+// BB#0:
+ ldr x8, [x1]
+ ldr x9, [x2]
+ mul x10, x9, x8
+ umulh x8, x9, x8
+ stp x10, x8, [x0]
+ ret
+.Lfunc_end6:
+ .size mcl_fpDbl_mulPre1L, .Lfunc_end6-mcl_fpDbl_mulPre1L
+
+ .globl mcl_fpDbl_sqrPre1L
+ .align 2
+ .type mcl_fpDbl_sqrPre1L,@function
+mcl_fpDbl_sqrPre1L: // @mcl_fpDbl_sqrPre1L
+// BB#0:
+ ldr x8, [x1]
+ mul x9, x8, x8
+ umulh x8, x8, x8
+ stp x9, x8, [x0]
+ ret
+.Lfunc_end7:
+ .size mcl_fpDbl_sqrPre1L, .Lfunc_end7-mcl_fpDbl_sqrPre1L
+
+ .globl mcl_fp_mont1L
+ .align 2
+ .type mcl_fp_mont1L,@function
+mcl_fp_mont1L: // @mcl_fp_mont1L
+// BB#0:
+ ldr x8, [x2]
+ ldr x9, [x1]
+ ldur x10, [x3, #-8]
+ ldr x11, [x3]
+ umulh x12, x9, x8
+ mul x8, x9, x8
+ mul x9, x8, x10
+ umulh x10, x9, x11
+ mul x9, x9, x11
+ cmn x9, x8
+ adcs x8, x10, x12
+ adcs x9, xzr, xzr
+ subs x10, x8, x11
+ sbcs x9, x9, xzr
+ tst x9, #0x1
+ csel x8, x8, x10, ne
+ str x8, [x0]
+ ret
+.Lfunc_end8:
+ .size mcl_fp_mont1L, .Lfunc_end8-mcl_fp_mont1L
+
+ .globl mcl_fp_montNF1L
+ .align 2
+ .type mcl_fp_montNF1L,@function
+mcl_fp_montNF1L: // @mcl_fp_montNF1L
+// BB#0:
+ ldr x8, [x2]
+ ldr x9, [x1]
+ ldur x10, [x3, #-8]
+ ldr x11, [x3]
+ umulh x12, x9, x8
+ mul x8, x9, x8
+ mul x9, x8, x10
+ umulh x10, x9, x11
+ mul x9, x9, x11
+ cmn x9, x8
+ adcs x8, x10, x12
+ sub x9, x8, x11
+ cmp x9, #0 // =0
+ csel x8, x8, x9, lt
+ str x8, [x0]
+ ret
+.Lfunc_end9:
+ .size mcl_fp_montNF1L, .Lfunc_end9-mcl_fp_montNF1L
+
+ .globl mcl_fp_montRed1L
+ .align 2
+ .type mcl_fp_montRed1L,@function
+mcl_fp_montRed1L: // @mcl_fp_montRed1L
+// BB#0:
+ ldur x8, [x2, #-8]
+ ldp x9, x11, [x1]
+ ldr x10, [x2]
+ mul x8, x9, x8
+ umulh x12, x8, x10
+ mul x8, x8, x10
+ cmn x9, x8
+ adcs x8, x11, x12
+ adcs x9, xzr, xzr
+ subs x10, x8, x10
+ sbcs x9, x9, xzr
+ tst x9, #0x1
+ csel x8, x8, x10, ne
+ str x8, [x0]
+ ret
+.Lfunc_end10:
+ .size mcl_fp_montRed1L, .Lfunc_end10-mcl_fp_montRed1L
+
+ .globl mcl_fp_addPre1L
+ .align 2
+ .type mcl_fp_addPre1L,@function
+mcl_fp_addPre1L: // @mcl_fp_addPre1L
+// BB#0:
+ ldr x8, [x1]
+ ldr x9, [x2]
+ adds x9, x9, x8
+ adcs x8, xzr, xzr
+ str x9, [x0]
+ mov x0, x8
+ ret
+.Lfunc_end11:
+ .size mcl_fp_addPre1L, .Lfunc_end11-mcl_fp_addPre1L
+
+ .globl mcl_fp_subPre1L
+ .align 2
+ .type mcl_fp_subPre1L,@function
+mcl_fp_subPre1L: // @mcl_fp_subPre1L
+// BB#0:
+ ldr x8, [x2]
+ ldr x9, [x1]
+ subs x9, x9, x8
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0]
+ mov x0, x8
+ ret
+.Lfunc_end12:
+ .size mcl_fp_subPre1L, .Lfunc_end12-mcl_fp_subPre1L
+
+ .globl mcl_fp_shr1_1L
+ .align 2
+ .type mcl_fp_shr1_1L,@function
+mcl_fp_shr1_1L: // @mcl_fp_shr1_1L
+// BB#0:
+ ldr x8, [x1]
+ lsr x8, x8, #1
+ str x8, [x0]
+ ret
+.Lfunc_end13:
+ .size mcl_fp_shr1_1L, .Lfunc_end13-mcl_fp_shr1_1L
+
+ .globl mcl_fp_add1L
+ .align 2
+ .type mcl_fp_add1L,@function
+mcl_fp_add1L: // @mcl_fp_add1L
+// BB#0:
+ ldr x8, [x1]
+ ldr x9, [x2]
+ ldr x10, [x3]
+ adds x8, x9, x8
+ str x8, [x0]
+ adcs x9, xzr, xzr
+ subs x8, x8, x10
+ sbcs x9, x9, xzr
+ and w9, w9, #0x1
+ tbnz w9, #0, .LBB14_2
+// BB#1: // %nocarry
+ str x8, [x0]
+.LBB14_2: // %carry
+ ret
+.Lfunc_end14:
+ .size mcl_fp_add1L, .Lfunc_end14-mcl_fp_add1L
+
+ .globl mcl_fp_addNF1L
+ .align 2
+ .type mcl_fp_addNF1L,@function
+mcl_fp_addNF1L: // @mcl_fp_addNF1L
+// BB#0:
+ ldr x8, [x1]
+ ldr x9, [x2]
+ ldr x10, [x3]
+ add x8, x9, x8
+ sub x9, x8, x10
+ cmp x9, #0 // =0
+ csel x8, x8, x9, lt
+ str x8, [x0]
+ ret
+.Lfunc_end15:
+ .size mcl_fp_addNF1L, .Lfunc_end15-mcl_fp_addNF1L
+
+ .globl mcl_fp_sub1L
+ .align 2
+ .type mcl_fp_sub1L,@function
+mcl_fp_sub1L: // @mcl_fp_sub1L
+// BB#0:
+ ldr x8, [x2]
+ ldr x9, [x1]
+ subs x8, x9, x8
+ str x8, [x0]
+ ngcs x9, xzr
+ and w9, w9, #0x1
+ tbnz w9, #0, .LBB16_2
+// BB#1: // %nocarry
+ ret
+.LBB16_2: // %carry
+ ldr x9, [x3]
+ add x8, x9, x8
+ str x8, [x0]
+ ret
+.Lfunc_end16:
+ .size mcl_fp_sub1L, .Lfunc_end16-mcl_fp_sub1L
+
+ .globl mcl_fp_subNF1L
+ .align 2
+ .type mcl_fp_subNF1L,@function
+mcl_fp_subNF1L: // @mcl_fp_subNF1L
+// BB#0:
+ ldr x8, [x2]
+ ldr x9, [x1]
+ ldr x10, [x3]
+ sub x8, x9, x8
+ and x9, x10, x8, asr #63
+ add x8, x9, x8
+ str x8, [x0]
+ ret
+.Lfunc_end17:
+ .size mcl_fp_subNF1L, .Lfunc_end17-mcl_fp_subNF1L
+
+ .globl mcl_fpDbl_add1L
+ .align 2
+ .type mcl_fpDbl_add1L,@function
+mcl_fpDbl_add1L: // @mcl_fpDbl_add1L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ ldr x12, [x3]
+ adds x8, x9, x8
+ str x8, [x0]
+ adcs x8, x10, x11
+ adcs x9, xzr, xzr
+ subs x10, x8, x12
+ sbcs x9, x9, xzr
+ tst x9, #0x1
+ csel x8, x8, x10, ne
+ str x8, [x0, #8]
+ ret
+.Lfunc_end18:
+ .size mcl_fpDbl_add1L, .Lfunc_end18-mcl_fpDbl_add1L
+
+ .globl mcl_fpDbl_sub1L
+ .align 2
+ .type mcl_fpDbl_sub1L,@function
+mcl_fpDbl_sub1L: // @mcl_fpDbl_sub1L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ ldr x12, [x3]
+ subs x8, x8, x9
+ str x8, [x0]
+ sbcs x8, x11, x10
+ ngcs x9, xzr
+ tst x9, #0x1
+ csel x9, x12, xzr, ne
+ add x8, x9, x8
+ str x8, [x0, #8]
+ ret
+.Lfunc_end19:
+ .size mcl_fpDbl_sub1L, .Lfunc_end19-mcl_fpDbl_sub1L
+
+ .globl mcl_fp_mulUnitPre2L
+ .align 2
+ .type mcl_fp_mulUnitPre2L,@function
+mcl_fp_mulUnitPre2L: // @mcl_fp_mulUnitPre2L
+// BB#0:
+ ldp x8, x9, [x1]
+ mul x10, x8, x2
+ mul x11, x9, x2
+ umulh x8, x8, x2
+ umulh x9, x9, x2
+ adds x8, x8, x11
+ stp x10, x8, [x0]
+ adcs x8, x9, xzr
+ str x8, [x0, #16]
+ ret
+.Lfunc_end20:
+ .size mcl_fp_mulUnitPre2L, .Lfunc_end20-mcl_fp_mulUnitPre2L
+
+ .globl mcl_fpDbl_mulPre2L
+ .align 2
+ .type mcl_fpDbl_mulPre2L,@function
+mcl_fpDbl_mulPre2L: // @mcl_fpDbl_mulPre2L
+// BB#0:
+ ldp x8, x11, [x2]
+ ldp x9, x10, [x1]
+ mul x12, x9, x8
+ umulh x13, x10, x8
+ mul x14, x10, x8
+ umulh x8, x9, x8
+ mul x15, x9, x11
+ mul x16, x10, x11
+ umulh x9, x9, x11
+ umulh x10, x10, x11
+ adds x8, x8, x14
+ adcs x11, x13, xzr
+ adds x8, x8, x15
+ stp x12, x8, [x0]
+ adcs x8, x11, x16
+ adcs x11, xzr, xzr
+ adds x8, x8, x9
+ str x8, [x0, #16]
+ adcs x8, x11, x10
+ str x8, [x0, #24]
+ ret
+.Lfunc_end21:
+ .size mcl_fpDbl_mulPre2L, .Lfunc_end21-mcl_fpDbl_mulPre2L
+
+ .globl mcl_fpDbl_sqrPre2L
+ .align 2
+ .type mcl_fpDbl_sqrPre2L,@function
+mcl_fpDbl_sqrPre2L: // @mcl_fpDbl_sqrPre2L
+// BB#0:
+ ldp x8, x9, [x1]
+ mul x10, x8, x8
+ umulh x11, x9, x8
+ mul x12, x9, x8
+ umulh x8, x8, x8
+ umulh x13, x9, x9
+ mul x9, x9, x9
+ str x10, [x0]
+ adds x8, x8, x12
+ adcs x10, x11, xzr
+ adds x9, x11, x9
+ adcs x11, x13, xzr
+ adds x8, x12, x8
+ str x8, [x0, #8]
+ adcs x8, x9, x10
+ str x8, [x0, #16]
+ adcs x8, x11, xzr
+ str x8, [x0, #24]
+ ret
+.Lfunc_end22:
+ .size mcl_fpDbl_sqrPre2L, .Lfunc_end22-mcl_fpDbl_sqrPre2L
+
+ .globl mcl_fp_mont2L
+ .align 2
+ .type mcl_fp_mont2L,@function
+mcl_fp_mont2L: // @mcl_fp_mont2L
+// BB#0:
+ ldp x8, x14, [x2]
+ ldp x9, x10, [x1]
+ ldur x11, [x3, #-8]
+ ldp x12, x13, [x3]
+ umulh x15, x10, x8
+ mul x16, x10, x8
+ umulh x17, x9, x8
+ mul x8, x9, x8
+ umulh x18, x14, x10
+ mul x10, x14, x10
+ umulh x1, x14, x9
+ mul x9, x14, x9
+ adds x14, x17, x16
+ mul x16, x8, x11
+ adcs x15, x15, xzr
+ mul x17, x16, x13
+ umulh x2, x16, x12
+ adds x17, x2, x17
+ umulh x2, x16, x13
+ mul x16, x16, x12
+ adcs x2, x2, xzr
+ cmn x16, x8
+ adcs x8, x17, x14
+ adcs x14, x2, x15
+ adcs x15, xzr, xzr
+ adds x10, x1, x10
+ adcs x16, x18, xzr
+ adds x8, x8, x9
+ adcs x9, x14, x10
+ mul x10, x8, x11
+ adcs x11, x15, x16
+ umulh x14, x10, x13
+ mul x15, x10, x13
+ umulh x16, x10, x12
+ mul x10, x10, x12
+ adcs x17, xzr, xzr
+ adds x15, x16, x15
+ adcs x14, x14, xzr
+ cmn x10, x8
+ adcs x8, x15, x9
+ adcs x9, x14, x11
+ adcs x10, x17, xzr
+ subs x11, x8, x12
+ sbcs x12, x9, x13
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x8, x8, x11, ne
+ csel x9, x9, x12, ne
+ stp x8, x9, [x0]
+ ret
+.Lfunc_end23:
+ .size mcl_fp_mont2L, .Lfunc_end23-mcl_fp_mont2L
+
+ .globl mcl_fp_montNF2L
+ .align 2
+ .type mcl_fp_montNF2L,@function
+mcl_fp_montNF2L: // @mcl_fp_montNF2L
+// BB#0:
+ ldp x8, x14, [x2]
+ ldp x9, x10, [x1]
+ ldur x11, [x3, #-8]
+ ldp x12, x13, [x3]
+ umulh x15, x10, x8
+ mul x16, x10, x8
+ umulh x17, x9, x8
+ mul x8, x9, x8
+ umulh x18, x14, x10
+ mul x10, x14, x10
+ umulh x1, x14, x9
+ mul x9, x14, x9
+ adds x14, x17, x16
+ mul x16, x8, x11
+ adcs x15, x15, xzr
+ mul x17, x16, x12
+ cmn x17, x8
+ mul x8, x16, x13
+ umulh x17, x16, x13
+ umulh x16, x16, x12
+ adcs x8, x8, x14
+ adcs x14, x15, xzr
+ adds x8, x8, x16
+ adcs x14, x14, x17
+ adds x10, x1, x10
+ adcs x15, x18, xzr
+ adds x8, x9, x8
+ adcs x9, x10, x14
+ mul x10, x8, x11
+ adcs x11, x15, xzr
+ mul x14, x10, x13
+ mul x15, x10, x12
+ umulh x16, x10, x13
+ umulh x10, x10, x12
+ cmn x15, x8
+ adcs x8, x14, x9
+ adcs x9, x11, xzr
+ adds x8, x8, x10
+ adcs x9, x9, x16
+ subs x10, x8, x12
+ sbcs x11, x9, x13
+ cmp x11, #0 // =0
+ csel x8, x8, x10, lt
+ csel x9, x9, x11, lt
+ stp x8, x9, [x0]
+ ret
+.Lfunc_end24:
+ .size mcl_fp_montNF2L, .Lfunc_end24-mcl_fp_montNF2L
+
+ .globl mcl_fp_montRed2L
+ .align 2
+ .type mcl_fp_montRed2L,@function
+mcl_fp_montRed2L: // @mcl_fp_montRed2L
+// BB#0:
+ ldur x8, [x2, #-8]
+ ldp x9, x14, [x1]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x1, #16]
+ mul x15, x9, x8
+ mul x16, x15, x11
+ umulh x17, x15, x10
+ adds x16, x17, x16
+ umulh x17, x15, x11
+ mul x15, x15, x10
+ adcs x17, x17, xzr
+ cmn x9, x15
+ adcs x9, x14, x16
+ adcs x12, x12, x17
+ mul x8, x9, x8
+ adcs x13, x13, xzr
+ umulh x14, x8, x11
+ mul x15, x8, x11
+ umulh x16, x8, x10
+ mul x8, x8, x10
+ adcs x17, xzr, xzr
+ adds x15, x16, x15
+ adcs x14, x14, xzr
+ cmn x8, x9
+ adcs x8, x15, x12
+ adcs x9, x14, x13
+ adcs x12, x17, xzr
+ subs x10, x8, x10
+ sbcs x11, x9, x11
+ sbcs x12, x12, xzr
+ tst x12, #0x1
+ csel x8, x8, x10, ne
+ csel x9, x9, x11, ne
+ stp x8, x9, [x0]
+ ret
+.Lfunc_end25:
+ .size mcl_fp_montRed2L, .Lfunc_end25-mcl_fp_montRed2L
+
+ .globl mcl_fp_addPre2L
+ .align 2
+ .type mcl_fp_addPre2L,@function
+mcl_fp_addPre2L: // @mcl_fp_addPre2L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ adds x8, x9, x8
+ str x8, [x0]
+ adcs x9, x10, x11
+ adcs x8, xzr, xzr
+ str x9, [x0, #8]
+ mov x0, x8
+ ret
+.Lfunc_end26:
+ .size mcl_fp_addPre2L, .Lfunc_end26-mcl_fp_addPre2L
+
+ .globl mcl_fp_subPre2L
+ .align 2
+ .type mcl_fp_subPre2L,@function
+mcl_fp_subPre2L: // @mcl_fp_subPre2L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ subs x8, x8, x9
+ str x8, [x0]
+ sbcs x9, x11, x10
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0, #8]
+ mov x0, x8
+ ret
+.Lfunc_end27:
+ .size mcl_fp_subPre2L, .Lfunc_end27-mcl_fp_subPre2L
+
+ .globl mcl_fp_shr1_2L
+ .align 2
+ .type mcl_fp_shr1_2L,@function
+mcl_fp_shr1_2L: // @mcl_fp_shr1_2L
+// BB#0:
+ ldp x8, x9, [x1]
+ extr x8, x9, x8, #1
+ lsr x9, x9, #1
+ stp x8, x9, [x0]
+ ret
+.Lfunc_end28:
+ .size mcl_fp_shr1_2L, .Lfunc_end28-mcl_fp_shr1_2L
+
+ .globl mcl_fp_add2L
+ .align 2
+ .type mcl_fp_add2L,@function
+mcl_fp_add2L: // @mcl_fp_add2L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ adds x8, x9, x8
+ ldp x9, x12, [x3]
+ adcs x10, x10, x11
+ stp x8, x10, [x0]
+ adcs x11, xzr, xzr
+ subs x9, x8, x9
+ sbcs x8, x10, x12
+ sbcs x10, x11, xzr
+ and w10, w10, #0x1
+ tbnz w10, #0, .LBB29_2
+// BB#1: // %nocarry
+ stp x9, x8, [x0]
+.LBB29_2: // %carry
+ ret
+.Lfunc_end29:
+ .size mcl_fp_add2L, .Lfunc_end29-mcl_fp_add2L
+
+ .globl mcl_fp_addNF2L
+ .align 2
+ .type mcl_fp_addNF2L,@function
+mcl_fp_addNF2L: // @mcl_fp_addNF2L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x3]
+ adds x8, x10, x8
+ adcs x9, x11, x9
+ subs x10, x8, x12
+ sbcs x11, x9, x13
+ cmp x11, #0 // =0
+ csel x8, x8, x10, lt
+ csel x9, x9, x11, lt
+ stp x8, x9, [x0]
+ ret
+.Lfunc_end30:
+ .size mcl_fp_addNF2L, .Lfunc_end30-mcl_fp_addNF2L
+
+ .globl mcl_fp_sub2L
+ .align 2
+ .type mcl_fp_sub2L,@function
+mcl_fp_sub2L: // @mcl_fp_sub2L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ subs x9, x8, x9
+ sbcs x8, x11, x10
+ stp x9, x8, [x0]
+ ngcs x10, xzr
+ and w10, w10, #0x1
+ tbnz w10, #0, .LBB31_2
+// BB#1: // %nocarry
+ ret
+.LBB31_2: // %carry
+ ldp x10, x11, [x3]
+ adds x9, x10, x9
+ adcs x8, x11, x8
+ stp x9, x8, [x0]
+ ret
+.Lfunc_end31:
+ .size mcl_fp_sub2L, .Lfunc_end31-mcl_fp_sub2L
+
+ .globl mcl_fp_subNF2L
+ .align 2
+ .type mcl_fp_subNF2L,@function
+mcl_fp_subNF2L: // @mcl_fp_subNF2L
+// BB#0:
+ ldp x8, x11, [x1]
+ ldp x9, x10, [x2]
+ subs x8, x8, x9
+ ldp x9, x12, [x3]
+ sbcs x10, x11, x10
+ asr x11, x10, #63
+ and x9, x11, x9
+ and x11, x11, x12
+ adds x8, x9, x8
+ str x8, [x0]
+ adcs x8, x11, x10
+ str x8, [x0, #8]
+ ret
+.Lfunc_end32:
+ .size mcl_fp_subNF2L, .Lfunc_end32-mcl_fp_subNF2L
+
+ .globl mcl_fpDbl_add2L
+ .align 2
+ .type mcl_fpDbl_add2L,@function
+mcl_fpDbl_add2L: // @mcl_fpDbl_add2L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x15, [x1]
+ ldp x11, x14, [x2]
+ ldp x12, x13, [x1, #16]
+ adds x10, x11, x10
+ ldp x11, x16, [x3]
+ str x10, [x0]
+ adcs x10, x14, x15
+ str x10, [x0, #8]
+ adcs x8, x8, x12
+ adcs x9, x9, x13
+ adcs x10, xzr, xzr
+ subs x11, x8, x11
+ sbcs x12, x9, x16
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x8, x8, x11, ne
+ csel x9, x9, x12, ne
+ stp x8, x9, [x0, #16]
+ ret
+.Lfunc_end33:
+ .size mcl_fpDbl_add2L, .Lfunc_end33-mcl_fpDbl_add2L
+
+ .globl mcl_fpDbl_sub2L
+ .align 2
+ .type mcl_fpDbl_sub2L,@function
+mcl_fpDbl_sub2L: // @mcl_fpDbl_sub2L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x14, [x2]
+ ldp x11, x15, [x1]
+ ldp x12, x13, [x1, #16]
+ subs x10, x11, x10
+ ldp x11, x16, [x3]
+ str x10, [x0]
+ sbcs x10, x15, x14
+ str x10, [x0, #8]
+ sbcs x8, x12, x8
+ sbcs x9, x13, x9
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x16, xzr, ne
+ csel x11, x11, xzr, ne
+ adds x8, x11, x8
+ str x8, [x0, #16]
+ adcs x8, x10, x9
+ str x8, [x0, #24]
+ ret
+.Lfunc_end34:
+ .size mcl_fpDbl_sub2L, .Lfunc_end34-mcl_fpDbl_sub2L
+
+ .globl mcl_fp_mulUnitPre3L
+ .align 2
+ .type mcl_fp_mulUnitPre3L,@function
+mcl_fp_mulUnitPre3L: // @mcl_fp_mulUnitPre3L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldr x10, [x1, #16]
+ mul x11, x8, x2
+ mul x12, x9, x2
+ umulh x8, x8, x2
+ mul x13, x10, x2
+ umulh x9, x9, x2
+ umulh x10, x10, x2
+ adds x8, x8, x12
+ stp x11, x8, [x0]
+ adcs x8, x9, x13
+ str x8, [x0, #16]
+ adcs x8, x10, xzr
+ str x8, [x0, #24]
+ ret
+.Lfunc_end35:
+ .size mcl_fp_mulUnitPre3L, .Lfunc_end35-mcl_fp_mulUnitPre3L
+
+ .globl mcl_fpDbl_mulPre3L
+ .align 2
+ .type mcl_fpDbl_mulPre3L,@function
+mcl_fpDbl_mulPre3L: // @mcl_fpDbl_mulPre3L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x8, x9, [x1]
+ ldp x10, x12, [x2]
+ ldr x11, [x1, #16]
+ ldr x13, [x2, #16]
+ mul x14, x8, x10
+ umulh x15, x11, x10
+ mul x16, x11, x10
+ umulh x17, x9, x10
+ mul x18, x9, x10
+ umulh x10, x8, x10
+ mul x1, x8, x12
+ mul x2, x11, x12
+ mul x3, x9, x12
+ umulh x4, x11, x12
+ umulh x5, x9, x12
+ umulh x12, x8, x12
+ mul x6, x8, x13
+ mul x7, x11, x13
+ mul x19, x9, x13
+ umulh x8, x8, x13
+ umulh x9, x9, x13
+ umulh x11, x11, x13
+ str x14, [x0]
+ adds x10, x10, x18
+ adcs x13, x17, x16
+ adcs x14, x15, xzr
+ adds x10, x10, x1
+ str x10, [x0, #8]
+ adcs x10, x13, x3
+ adcs x13, x14, x2
+ adcs x14, xzr, xzr
+ adds x10, x10, x12
+ adcs x12, x13, x5
+ adcs x13, x14, x4
+ adds x10, x10, x6
+ str x10, [x0, #16]
+ adcs x10, x12, x19
+ adcs x12, x13, x7
+ adcs x13, xzr, xzr
+ adds x8, x10, x8
+ str x8, [x0, #24]
+ adcs x8, x12, x9
+ str x8, [x0, #32]
+ adcs x8, x13, x11
+ str x8, [x0, #40]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end36:
+ .size mcl_fpDbl_mulPre3L, .Lfunc_end36-mcl_fpDbl_mulPre3L
+
+ .globl mcl_fpDbl_sqrPre3L
+ .align 2
+ .type mcl_fpDbl_sqrPre3L,@function
+mcl_fpDbl_sqrPre3L: // @mcl_fpDbl_sqrPre3L
+// BB#0:
+ ldp x8, x10, [x1]
+ ldr x9, [x1, #16]
+ mul x11, x8, x8
+ umulh x12, x9, x8
+ mul x13, x9, x8
+ umulh x14, x10, x8
+ mul x15, x10, x8
+ umulh x8, x8, x8
+ mul x16, x9, x10
+ str x11, [x0]
+ adds x8, x8, x15
+ adcs x11, x14, x13
+ adcs x17, x12, xzr
+ adds x8, x8, x15
+ mul x15, x10, x10
+ str x8, [x0, #8]
+ umulh x8, x9, x10
+ umulh x10, x10, x10
+ adcs x11, x11, x15
+ adcs x15, x17, x16
+ adcs x17, xzr, xzr
+ adds x11, x11, x14
+ umulh x14, x9, x9
+ mul x9, x9, x9
+ adcs x10, x15, x10
+ adcs x15, x17, x8
+ adds x12, x12, x16
+ adcs x8, x8, x9
+ adcs x9, x14, xzr
+ adds x11, x13, x11
+ adcs x10, x12, x10
+ stp x11, x10, [x0, #16]
+ adcs x8, x8, x15
+ str x8, [x0, #32]
+ adcs x8, x9, xzr
+ str x8, [x0, #40]
+ ret
+.Lfunc_end37:
+ .size mcl_fpDbl_sqrPre3L, .Lfunc_end37-mcl_fpDbl_sqrPre3L
+
+ .globl mcl_fp_mont3L
+ .align 2
+ .type mcl_fp_mont3L,@function
+mcl_fp_mont3L: // @mcl_fp_mont3L
+// BB#0:
+ stp x24, x23, [sp, #-48]!
+ stp x22, x21, [sp, #16]
+ stp x20, x19, [sp, #32]
+ ldp x15, x16, [x2]
+ ldp x13, x14, [x1, #8]
+ ldr x12, [x1]
+ ldur x11, [x3, #-8]
+ ldp x9, x8, [x3, #8]
+ ldr x10, [x3]
+ ldr x17, [x2, #16]
+ umulh x18, x14, x15
+ mul x1, x14, x15
+ umulh x2, x13, x15
+ mul x3, x13, x15
+ umulh x4, x12, x15
+ mul x15, x12, x15
+ umulh x5, x16, x14
+ mul x6, x16, x14
+ umulh x7, x16, x13
+ mul x19, x16, x13
+ umulh x20, x16, x12
+ mul x16, x16, x12
+ umulh x21, x17, x14
+ mul x14, x17, x14
+ adds x3, x4, x3
+ mul x4, x15, x11
+ adcs x1, x2, x1
+ mul x2, x4, x8
+ mul x22, x4, x9
+ umulh x23, x4, x10
+ adcs x18, x18, xzr
+ adds x22, x23, x22
+ umulh x23, x4, x9
+ adcs x2, x23, x2
+ umulh x23, x4, x8
+ mul x4, x4, x10
+ adcs x23, x23, xzr
+ cmn x4, x15
+ umulh x15, x17, x13
+ mul x13, x17, x13
+ umulh x4, x17, x12
+ mul x12, x17, x12
+ adcs x17, x22, x3
+ adcs x1, x2, x1
+ adcs x18, x23, x18
+ adcs x2, xzr, xzr
+ adds x3, x20, x19
+ adcs x6, x7, x6
+ adcs x5, x5, xzr
+ adds x16, x17, x16
+ adcs x17, x1, x3
+ mul x1, x16, x11
+ adcs x18, x18, x6
+ mul x3, x1, x8
+ mul x6, x1, x9
+ umulh x7, x1, x10
+ adcs x2, x2, x5
+ adcs x5, xzr, xzr
+ adds x6, x7, x6
+ umulh x7, x1, x9
+ adcs x3, x7, x3
+ umulh x7, x1, x8
+ mul x1, x1, x10
+ adcs x7, x7, xzr
+ cmn x1, x16
+ adcs x16, x6, x17
+ adcs x17, x3, x18
+ adcs x18, x7, x2
+ adcs x1, x5, xzr
+ adds x13, x4, x13
+ adcs x14, x15, x14
+ adcs x15, x21, xzr
+ adds x12, x16, x12
+ adcs x13, x17, x13
+ mul x11, x12, x11
+ adcs x14, x18, x14
+ umulh x16, x11, x8
+ mul x17, x11, x8
+ umulh x18, x11, x9
+ mul x2, x11, x9
+ umulh x3, x11, x10
+ mul x11, x11, x10
+ adcs x15, x1, x15
+ adcs x1, xzr, xzr
+ adds x2, x3, x2
+ adcs x17, x18, x17
+ adcs x16, x16, xzr
+ cmn x11, x12
+ adcs x11, x2, x13
+ adcs x12, x17, x14
+ adcs x13, x16, x15
+ adcs x14, x1, xzr
+ subs x10, x11, x10
+ sbcs x9, x12, x9
+ sbcs x8, x13, x8
+ sbcs x14, x14, xzr
+ tst x14, #0x1
+ csel x10, x11, x10, ne
+ csel x9, x12, x9, ne
+ csel x8, x13, x8, ne
+ stp x10, x9, [x0]
+ str x8, [x0, #16]
+ ldp x20, x19, [sp, #32]
+ ldp x22, x21, [sp, #16]
+ ldp x24, x23, [sp], #48
+ ret
+.Lfunc_end38:
+ .size mcl_fp_mont3L, .Lfunc_end38-mcl_fp_mont3L
+
+ .globl mcl_fp_montNF3L
+ .align 2
+ .type mcl_fp_montNF3L,@function
+mcl_fp_montNF3L: // @mcl_fp_montNF3L
+// BB#0:
+ stp x22, x21, [sp, #-32]!
+ stp x20, x19, [sp, #16]
+ ldp x14, x16, [x2]
+ ldp x15, x13, [x1, #8]
+ ldr x12, [x1]
+ ldur x11, [x3, #-8]
+ ldp x9, x8, [x3, #8]
+ ldr x10, [x3]
+ ldr x17, [x2, #16]
+ umulh x18, x13, x14
+ mul x1, x13, x14
+ umulh x2, x15, x14
+ mul x3, x15, x14
+ umulh x4, x12, x14
+ mul x14, x12, x14
+ umulh x5, x16, x13
+ mul x6, x16, x13
+ umulh x7, x16, x15
+ mul x19, x16, x15
+ umulh x20, x16, x12
+ mul x16, x16, x12
+ umulh x21, x17, x13
+ mul x13, x17, x13
+ adds x3, x4, x3
+ mul x4, x14, x11
+ adcs x1, x2, x1
+ mul x2, x4, x10
+ adcs x18, x18, xzr
+ cmn x2, x14
+ umulh x14, x17, x15
+ mul x15, x17, x15
+ umulh x2, x17, x12
+ mul x12, x17, x12
+ mul x17, x4, x9
+ adcs x17, x17, x3
+ mul x3, x4, x8
+ adcs x1, x3, x1
+ umulh x3, x4, x10
+ adcs x18, x18, xzr
+ adds x17, x17, x3
+ umulh x3, x4, x9
+ adcs x1, x1, x3
+ umulh x3, x4, x8
+ adcs x18, x18, x3
+ adds x3, x20, x19
+ adcs x4, x7, x6
+ adcs x5, x5, xzr
+ adds x16, x16, x17
+ adcs x17, x3, x1
+ mul x1, x16, x11
+ adcs x18, x4, x18
+ mul x3, x1, x8
+ mul x4, x1, x10
+ adcs x5, x5, xzr
+ cmn x4, x16
+ mul x16, x1, x9
+ umulh x4, x1, x8
+ adcs x16, x16, x17
+ umulh x17, x1, x9
+ umulh x1, x1, x10
+ adcs x18, x3, x18
+ adcs x3, x5, xzr
+ adds x16, x16, x1
+ adcs x17, x18, x17
+ adcs x18, x3, x4
+ adds x15, x2, x15
+ adcs x13, x14, x13
+ adcs x14, x21, xzr
+ adds x12, x12, x16
+ adcs x15, x15, x17
+ mul x11, x12, x11
+ adcs x13, x13, x18
+ mul x16, x11, x8
+ mul x17, x11, x9
+ mul x18, x11, x10
+ umulh x1, x11, x8
+ umulh x2, x11, x9
+ umulh x11, x11, x10
+ adcs x14, x14, xzr
+ cmn x18, x12
+ adcs x12, x17, x15
+ adcs x13, x16, x13
+ adcs x14, x14, xzr
+ adds x11, x12, x11
+ adcs x12, x13, x2
+ adcs x13, x14, x1
+ subs x10, x11, x10
+ sbcs x9, x12, x9
+ sbcs x8, x13, x8
+ asr x14, x8, #63
+ cmp x14, #0 // =0
+ csel x10, x11, x10, lt
+ csel x9, x12, x9, lt
+ csel x8, x13, x8, lt
+ stp x10, x9, [x0]
+ str x8, [x0, #16]
+ ldp x20, x19, [sp, #16]
+ ldp x22, x21, [sp], #32
+ ret
+.Lfunc_end39:
+ .size mcl_fp_montNF3L, .Lfunc_end39-mcl_fp_montNF3L
+
+ .globl mcl_fp_montRed3L
+ .align 2
+ .type mcl_fp_montRed3L,@function
+mcl_fp_montRed3L: // @mcl_fp_montRed3L
+// BB#0:
+ ldur x8, [x2, #-8]
+ ldp x9, x17, [x1]
+ ldp x12, x10, [x2, #8]
+ ldr x11, [x2]
+ ldp x13, x14, [x1, #32]
+ ldp x15, x16, [x1, #16]
+ mul x18, x9, x8
+ umulh x1, x18, x10
+ mul x2, x18, x10
+ umulh x3, x18, x12
+ mul x4, x18, x12
+ umulh x5, x18, x11
+ mul x18, x18, x11
+ adds x4, x5, x4
+ adcs x2, x3, x2
+ adcs x1, x1, xzr
+ cmn x9, x18
+ adcs x9, x17, x4
+ adcs x15, x15, x2
+ mul x17, x9, x8
+ adcs x16, x16, x1
+ umulh x18, x17, x10
+ mul x1, x17, x10
+ umulh x2, x17, x12
+ mul x3, x17, x12
+ umulh x4, x17, x11
+ mul x17, x17, x11
+ adcs x13, x13, xzr
+ adcs x14, x14, xzr
+ adcs x5, xzr, xzr
+ adds x3, x4, x3
+ adcs x1, x2, x1
+ adcs x18, x18, xzr
+ cmn x17, x9
+ adcs x9, x3, x15
+ adcs x15, x1, x16
+ mul x8, x9, x8
+ adcs x13, x18, x13
+ umulh x16, x8, x10
+ mul x17, x8, x10
+ umulh x18, x8, x12
+ mul x1, x8, x12
+ umulh x2, x8, x11
+ mul x8, x8, x11
+ adcs x14, x14, xzr
+ adcs x3, x5, xzr
+ adds x1, x2, x1
+ adcs x17, x18, x17
+ adcs x16, x16, xzr
+ cmn x8, x9
+ adcs x8, x1, x15
+ adcs x9, x17, x13
+ adcs x13, x16, x14
+ adcs x14, x3, xzr
+ subs x11, x8, x11
+ sbcs x12, x9, x12
+ sbcs x10, x13, x10
+ sbcs x14, x14, xzr
+ tst x14, #0x1
+ csel x8, x8, x11, ne
+ csel x9, x9, x12, ne
+ csel x10, x13, x10, ne
+ stp x8, x9, [x0]
+ str x10, [x0, #16]
+ ret
+.Lfunc_end40:
+ .size mcl_fp_montRed3L, .Lfunc_end40-mcl_fp_montRed3L
+
+ .globl mcl_fp_addPre3L
+ .align 2
+ .type mcl_fp_addPre3L,@function
+mcl_fp_addPre3L: // @mcl_fp_addPre3L
+// BB#0:
+ ldp x11, x8, [x2, #8]
+ ldp x9, x12, [x1]
+ ldr x10, [x2]
+ ldr x13, [x1, #16]
+ adds x9, x10, x9
+ str x9, [x0]
+ adcs x9, x11, x12
+ str x9, [x0, #8]
+ adcs x9, x8, x13
+ adcs x8, xzr, xzr
+ str x9, [x0, #16]
+ mov x0, x8
+ ret
+.Lfunc_end41:
+ .size mcl_fp_addPre3L, .Lfunc_end41-mcl_fp_addPre3L
+
+ .globl mcl_fp_subPre3L
+ .align 2
+ .type mcl_fp_subPre3L,@function
+mcl_fp_subPre3L: // @mcl_fp_subPre3L
+// BB#0:
+ ldp x11, x8, [x2, #8]
+ ldp x9, x12, [x1]
+ ldr x10, [x2]
+ ldr x13, [x1, #16]
+ subs x9, x9, x10
+ str x9, [x0]
+ sbcs x9, x12, x11
+ str x9, [x0, #8]
+ sbcs x9, x13, x8
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0, #16]
+ mov x0, x8
+ ret
+.Lfunc_end42:
+ .size mcl_fp_subPre3L, .Lfunc_end42-mcl_fp_subPre3L
+
+ .globl mcl_fp_shr1_3L
+ .align 2
+ .type mcl_fp_shr1_3L,@function
+mcl_fp_shr1_3L: // @mcl_fp_shr1_3L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldr x10, [x1, #16]
+ extr x8, x9, x8, #1
+ extr x9, x10, x9, #1
+ lsr x10, x10, #1
+ stp x8, x9, [x0]
+ str x10, [x0, #16]
+ ret
+.Lfunc_end43:
+ .size mcl_fp_shr1_3L, .Lfunc_end43-mcl_fp_shr1_3L
+
+ .globl mcl_fp_add3L
+ .align 2
+ .type mcl_fp_add3L,@function
+mcl_fp_add3L: // @mcl_fp_add3L
+// BB#0:
+ ldp x11, x8, [x2, #8]
+ ldp x9, x12, [x1]
+ ldr x10, [x2]
+ ldr x13, [x1, #16]
+ adds x9, x10, x9
+ adcs x11, x11, x12
+ ldr x10, [x3]
+ ldp x12, x14, [x3, #8]
+ stp x9, x11, [x0]
+ adcs x8, x8, x13
+ str x8, [x0, #16]
+ adcs x13, xzr, xzr
+ subs x10, x9, x10
+ sbcs x9, x11, x12
+ sbcs x8, x8, x14
+ sbcs x11, x13, xzr
+ and w11, w11, #0x1
+ tbnz w11, #0, .LBB44_2
+// BB#1: // %nocarry
+ stp x10, x9, [x0]
+ str x8, [x0, #16]
+.LBB44_2: // %carry
+ ret
+.Lfunc_end44:
+ .size mcl_fp_add3L, .Lfunc_end44-mcl_fp_add3L
+
+ .globl mcl_fp_addNF3L
+ .align 2
+ .type mcl_fp_addNF3L,@function
+mcl_fp_addNF3L: // @mcl_fp_addNF3L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x2]
+ ldr x12, [x1, #16]
+ ldr x13, [x2, #16]
+ adds x8, x10, x8
+ adcs x9, x11, x9
+ ldp x10, x11, [x3]
+ ldr x14, [x3, #16]
+ adcs x12, x13, x12
+ subs x10, x8, x10
+ sbcs x11, x9, x11
+ sbcs x13, x12, x14
+ asr x14, x13, #63
+ cmp x14, #0 // =0
+ csel x8, x8, x10, lt
+ csel x9, x9, x11, lt
+ csel x10, x12, x13, lt
+ stp x8, x9, [x0]
+ str x10, [x0, #16]
+ ret
+.Lfunc_end45:
+ .size mcl_fp_addNF3L, .Lfunc_end45-mcl_fp_addNF3L
+
+ .globl mcl_fp_sub3L
+ .align 2
+ .type mcl_fp_sub3L,@function
+mcl_fp_sub3L: // @mcl_fp_sub3L
+// BB#0:
+ ldp x11, x10, [x2, #8]
+ ldp x8, x12, [x1]
+ ldr x9, [x2]
+ ldr x13, [x1, #16]
+ subs x8, x8, x9
+ sbcs x9, x12, x11
+ stp x8, x9, [x0]
+ sbcs x10, x13, x10
+ str x10, [x0, #16]
+ ngcs x11, xzr
+ and w11, w11, #0x1
+ tbnz w11, #0, .LBB46_2
+// BB#1: // %nocarry
+ ret
+.LBB46_2: // %carry
+ ldp x13, x11, [x3, #8]
+ ldr x12, [x3]
+ adds x8, x12, x8
+ adcs x9, x13, x9
+ adcs x10, x11, x10
+ stp x8, x9, [x0]
+ str x10, [x0, #16]
+ ret
+.Lfunc_end46:
+ .size mcl_fp_sub3L, .Lfunc_end46-mcl_fp_sub3L
+
+ .globl mcl_fp_subNF3L
+ .align 2
+ .type mcl_fp_subNF3L,@function
+mcl_fp_subNF3L: // @mcl_fp_subNF3L
+// BB#0:
+ ldp x8, x9, [x2]
+ ldp x10, x11, [x1]
+ ldr x12, [x2, #16]
+ ldr x13, [x1, #16]
+ subs x8, x10, x8
+ sbcs x9, x11, x9
+ ldp x10, x11, [x3]
+ ldr x14, [x3, #16]
+ sbcs x12, x13, x12
+ asr x13, x12, #63
+ and x11, x13, x11
+ and x14, x13, x14
+ extr x13, x13, x12, #63
+ and x10, x13, x10
+ adds x8, x10, x8
+ str x8, [x0]
+ adcs x8, x11, x9
+ str x8, [x0, #8]
+ adcs x8, x14, x12
+ str x8, [x0, #16]
+ ret
+.Lfunc_end47:
+ .size mcl_fp_subNF3L, .Lfunc_end47-mcl_fp_subNF3L
+
+ .globl mcl_fpDbl_add3L
+ .align 2
+ .type mcl_fpDbl_add3L,@function
+mcl_fpDbl_add3L: // @mcl_fpDbl_add3L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x15, x18, [x2]
+ ldp x16, x17, [x1, #16]
+ ldp x14, x1, [x1]
+ adds x14, x15, x14
+ ldr x15, [x3, #16]
+ str x14, [x0]
+ ldp x14, x2, [x3]
+ adcs x18, x18, x1
+ adcs x12, x12, x16
+ stp x18, x12, [x0, #8]
+ adcs x12, x13, x17
+ adcs x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, xzr, xzr
+ subs x11, x12, x14
+ sbcs x13, x8, x2
+ sbcs x14, x9, x15
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x10, x12, x11, ne
+ csel x8, x8, x13, ne
+ csel x9, x9, x14, ne
+ stp x10, x8, [x0, #24]
+ str x9, [x0, #40]
+ ret
+.Lfunc_end48:
+ .size mcl_fpDbl_add3L, .Lfunc_end48-mcl_fpDbl_add3L
+
+ .globl mcl_fpDbl_sub3L
+ .align 2
+ .type mcl_fpDbl_sub3L,@function
+mcl_fpDbl_sub3L: // @mcl_fpDbl_sub3L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x14, x18, [x2]
+ ldp x16, x17, [x1, #16]
+ ldp x15, x1, [x1]
+ subs x14, x15, x14
+ ldr x15, [x3, #16]
+ str x14, [x0]
+ ldp x14, x2, [x3]
+ sbcs x18, x1, x18
+ sbcs x12, x16, x12
+ stp x18, x12, [x0, #8]
+ sbcs x12, x17, x13
+ sbcs x8, x10, x8
+ sbcs x9, x11, x9
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x15, xzr, ne
+ csel x11, x2, xzr, ne
+ csel x13, x14, xzr, ne
+ adds x12, x13, x12
+ adcs x8, x11, x8
+ stp x12, x8, [x0, #24]
+ adcs x8, x10, x9
+ str x8, [x0, #40]
+ ret
+.Lfunc_end49:
+ .size mcl_fpDbl_sub3L, .Lfunc_end49-mcl_fpDbl_sub3L
+
+ .globl mcl_fp_mulUnitPre4L
+ .align 2
+ .type mcl_fp_mulUnitPre4L,@function
+mcl_fp_mulUnitPre4L: // @mcl_fp_mulUnitPre4L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #16]
+ mul x12, x8, x2
+ mul x13, x9, x2
+ umulh x8, x8, x2
+ mul x14, x10, x2
+ umulh x9, x9, x2
+ mul x15, x11, x2
+ umulh x10, x10, x2
+ umulh x11, x11, x2
+ adds x8, x8, x13
+ stp x12, x8, [x0]
+ adcs x8, x9, x14
+ str x8, [x0, #16]
+ adcs x8, x10, x15
+ str x8, [x0, #24]
+ adcs x8, x11, xzr
+ str x8, [x0, #32]
+ ret
+.Lfunc_end50:
+ .size mcl_fp_mulUnitPre4L, .Lfunc_end50-mcl_fp_mulUnitPre4L
+
+ .globl mcl_fpDbl_mulPre4L
+ .align 2
+ .type mcl_fpDbl_mulPre4L,@function
+mcl_fpDbl_mulPre4L: // @mcl_fpDbl_mulPre4L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #32 // =32
+ ldp x8, x10, [x1]
+ ldp x9, x11, [x1]
+ ldp x12, x14, [x1, #16]
+ ldp x13, x1, [x1, #16]
+ ldp x15, x16, [x2]
+ ldp x17, x18, [x2, #16]
+ mul x2, x8, x15
+ umulh x3, x14, x15
+ mul x4, x14, x15
+ umulh x5, x12, x15
+ mul x6, x12, x15
+ umulh x7, x10, x15
+ mul x19, x10, x15
+ umulh x15, x8, x15
+ mul x20, x8, x16
+ mul x21, x14, x16
+ mul x22, x12, x16
+ mul x23, x10, x16
+ umulh x24, x14, x16
+ umulh x25, x12, x16
+ umulh x26, x10, x16
+ umulh x16, x8, x16
+ mul x27, x8, x17
+ mul x28, x14, x17
+ mul x29, x12, x17
+ mul x30, x10, x17
+ umulh x14, x14, x17
+ stp x3, x14, [sp, #16]
+ umulh x12, x12, x17
+ str x12, [sp, #8] // 8-byte Folded Spill
+ umulh x3, x10, x17
+ umulh x14, x8, x17
+ mul x17, x9, x18
+ umulh x12, x9, x18
+ mul x10, x11, x18
+ umulh x11, x11, x18
+ mul x9, x13, x18
+ umulh x13, x13, x18
+ mul x8, x1, x18
+ umulh x18, x1, x18
+ str x2, [x0]
+ adds x15, x15, x19
+ adcs x1, x7, x6
+ adcs x2, x5, x4
+ ldr x4, [sp, #16] // 8-byte Folded Reload
+ adcs x4, x4, xzr
+ adds x15, x20, x15
+ str x15, [x0, #8]
+ adcs x15, x23, x1
+ adcs x1, x22, x2
+ adcs x2, x21, x4
+ adcs x4, xzr, xzr
+ adds x15, x15, x16
+ adcs x16, x1, x26
+ adcs x1, x2, x25
+ adcs x2, x4, x24
+ adds x15, x15, x27
+ str x15, [x0, #16]
+ adcs x15, x16, x30
+ adcs x16, x1, x29
+ adcs x1, x2, x28
+ adcs x2, xzr, xzr
+ adds x14, x15, x14
+ adcs x15, x16, x3
+ ldr x16, [sp, #8] // 8-byte Folded Reload
+ adcs x16, x1, x16
+ ldr x1, [sp, #24] // 8-byte Folded Reload
+ adcs x1, x2, x1
+ adds x14, x14, x17
+ str x14, [x0, #24]
+ adcs x10, x15, x10
+ adcs x9, x16, x9
+ adcs x8, x1, x8
+ adcs x14, xzr, xzr
+ adds x10, x10, x12
+ adcs x9, x9, x11
+ stp x10, x9, [x0, #32]
+ adcs x8, x8, x13
+ str x8, [x0, #48]
+ adcs x8, x14, x18
+ str x8, [x0, #56]
+ add sp, sp, #32 // =32
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end51:
+ .size mcl_fpDbl_mulPre4L, .Lfunc_end51-mcl_fpDbl_mulPre4L
+
+ .globl mcl_fpDbl_sqrPre4L
+ .align 2
+ .type mcl_fpDbl_sqrPre4L,@function
+mcl_fpDbl_sqrPre4L: // @mcl_fpDbl_sqrPre4L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x13, [x1]
+ ldp x11, x12, [x1, #16]
+ ldr x14, [x1, #16]
+ mul x15, x10, x10
+ umulh x16, x12, x10
+ mul x17, x12, x10
+ umulh x18, x14, x10
+ mul x2, x14, x10
+ umulh x3, x9, x10
+ mul x4, x9, x10
+ umulh x10, x10, x10
+ str x15, [x0]
+ adds x10, x10, x4
+ adcs x15, x3, x2
+ adcs x17, x18, x17
+ adcs x16, x16, xzr
+ adds x10, x10, x4
+ mul x4, x12, x9
+ str x10, [x0, #8]
+ mul x10, x9, x9
+ adcs x10, x15, x10
+ mul x15, x14, x9
+ adcs x17, x17, x15
+ adcs x16, x16, x4
+ adcs x4, xzr, xzr
+ adds x10, x10, x3
+ umulh x3, x9, x9
+ adcs x17, x17, x3
+ umulh x3, x12, x9
+ umulh x9, x14, x9
+ adcs x16, x16, x9
+ adcs x3, x4, x3
+ ldr x1, [x1, #24]
+ adds x10, x10, x2
+ mul x2, x12, x14
+ str x10, [x0, #16]
+ mul x10, x14, x14
+ umulh x12, x12, x14
+ umulh x14, x14, x14
+ adcs x15, x17, x15
+ mul x17, x8, x1
+ adcs x10, x16, x10
+ mul x16, x11, x1
+ adcs x2, x3, x2
+ adcs x3, xzr, xzr
+ adds x15, x15, x18
+ mul x18, x13, x1
+ adcs x9, x10, x9
+ mul x10, x1, x1
+ umulh x8, x8, x1
+ umulh x13, x13, x1
+ umulh x11, x11, x1
+ umulh x1, x1, x1
+ adcs x14, x2, x14
+ adcs x12, x3, x12
+ adds x15, x15, x17
+ adcs x9, x9, x18
+ adcs x14, x14, x16
+ adcs x10, x12, x10
+ adcs x12, xzr, xzr
+ adds x8, x9, x8
+ stp x15, x8, [x0, #24]
+ adcs x8, x14, x13
+ str x8, [x0, #40]
+ adcs x8, x10, x11
+ str x8, [x0, #48]
+ adcs x8, x12, x1
+ str x8, [x0, #56]
+ ret
+.Lfunc_end52:
+ .size mcl_fpDbl_sqrPre4L, .Lfunc_end52-mcl_fpDbl_sqrPre4L
+
+ .globl mcl_fp_mont4L
+ .align 2
+ .type mcl_fp_mont4L,@function
+mcl_fp_mont4L: // @mcl_fp_mont4L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #16 // =16
+ str x0, [sp, #8] // 8-byte Folded Spill
+ ldp x13, x16, [x1, #16]
+ ldp x14, x15, [x1]
+ ldur x0, [x3, #-8]
+ ldp x9, x8, [x3, #16]
+ ldp x11, x10, [x3]
+ ldp x17, x18, [x2]
+ ldp x1, x2, [x2, #16]
+ umulh x3, x16, x17
+ mul x4, x16, x17
+ umulh x5, x13, x17
+ mul x6, x13, x17
+ umulh x7, x15, x17
+ mul x19, x15, x17
+ umulh x20, x14, x17
+ mul x17, x14, x17
+ umulh x21, x18, x16
+ mul x22, x18, x16
+ umulh x23, x18, x13
+ mul x24, x18, x13
+ umulh x25, x18, x15
+ mul x26, x18, x15
+ umulh x27, x18, x14
+ mul x18, x18, x14
+ umulh x28, x1, x16
+ adds x19, x20, x19
+ mul x20, x17, x0
+ adcs x6, x7, x6
+ mul x7, x20, x8
+ mul x29, x20, x9
+ mul x30, x20, x10
+ adcs x4, x5, x4
+ umulh x5, x20, x11
+ adcs x3, x3, xzr
+ adds x5, x5, x30
+ umulh x30, x20, x10
+ adcs x29, x30, x29
+ umulh x30, x20, x9
+ adcs x7, x30, x7
+ umulh x30, x20, x8
+ mul x20, x20, x11
+ adcs x30, x30, xzr
+ cmn x20, x17
+ mul x17, x1, x16
+ umulh x20, x1, x13
+ adcs x5, x5, x19
+ mul x19, x1, x13
+ adcs x6, x29, x6
+ umulh x29, x1, x15
+ adcs x4, x7, x4
+ mul x7, x1, x15
+ adcs x3, x30, x3
+ adcs x30, xzr, xzr
+ adds x26, x27, x26
+ umulh x27, x1, x14
+ mul x1, x1, x14
+ adcs x24, x25, x24
+ umulh x25, x2, x16
+ mul x16, x2, x16
+ adcs x22, x23, x22
+ adcs x21, x21, xzr
+ adds x18, x5, x18
+ adcs x5, x6, x26
+ mul x6, x18, x0
+ adcs x4, x4, x24
+ mul x23, x6, x8
+ mul x24, x6, x9
+ mul x26, x6, x10
+ adcs x3, x3, x22
+ umulh x22, x6, x11
+ adcs x21, x30, x21
+ adcs x30, xzr, xzr
+ adds x22, x22, x26
+ umulh x26, x6, x10
+ adcs x24, x26, x24
+ umulh x26, x6, x9
+ adcs x23, x26, x23
+ umulh x26, x6, x8
+ mul x6, x6, x11
+ adcs x26, x26, xzr
+ cmn x6, x18
+ umulh x18, x2, x13
+ mul x13, x2, x13
+ umulh x6, x2, x15
+ mul x15, x2, x15
+ umulh x12, x2, x14
+ mul x14, x2, x14
+ adcs x2, x22, x5
+ adcs x4, x24, x4
+ adcs x3, x23, x3
+ adcs x5, x26, x21
+ adcs x21, x30, xzr
+ adds x7, x27, x7
+ adcs x19, x29, x19
+ adcs x17, x20, x17
+ adcs x20, x28, xzr
+ adds x1, x2, x1
+ adcs x2, x4, x7
+ mul x4, x1, x0
+ adcs x3, x3, x19
+ mul x7, x4, x8
+ mul x19, x4, x9
+ mul x22, x4, x10
+ adcs x17, x5, x17
+ umulh x5, x4, x11
+ adcs x20, x21, x20
+ adcs x21, xzr, xzr
+ adds x5, x5, x22
+ umulh x22, x4, x10
+ adcs x19, x22, x19
+ umulh x22, x4, x9
+ adcs x7, x22, x7
+ umulh x22, x4, x8
+ mul x4, x4, x11
+ adcs x22, x22, xzr
+ cmn x4, x1
+ adcs x1, x5, x2
+ adcs x2, x19, x3
+ adcs x17, x7, x17
+ adcs x3, x22, x20
+ adcs x4, x21, xzr
+ adds x12, x12, x15
+ adcs x13, x6, x13
+ adcs x15, x18, x16
+ adcs x16, x25, xzr
+ adds x14, x1, x14
+ adcs x12, x2, x12
+ mul x18, x14, x0
+ adcs x13, x17, x13
+ umulh x17, x18, x8
+ mul x0, x18, x8
+ umulh x1, x18, x9
+ mul x2, x18, x9
+ umulh x5, x18, x10
+ mul x6, x18, x10
+ umulh x7, x18, x11
+ mul x18, x18, x11
+ adcs x15, x3, x15
+ adcs x16, x4, x16
+ adcs x3, xzr, xzr
+ adds x4, x7, x6
+ adcs x2, x5, x2
+ adcs x0, x1, x0
+ adcs x17, x17, xzr
+ cmn x18, x14
+ adcs x12, x4, x12
+ adcs x13, x2, x13
+ adcs x14, x0, x15
+ adcs x15, x17, x16
+ adcs x16, x3, xzr
+ subs x11, x12, x11
+ sbcs x10, x13, x10
+ sbcs x9, x14, x9
+ sbcs x8, x15, x8
+ sbcs x16, x16, xzr
+ tst x16, #0x1
+ csel x11, x12, x11, ne
+ csel x10, x13, x10, ne
+ csel x9, x14, x9, ne
+ csel x8, x15, x8, ne
+ ldr x12, [sp, #8] // 8-byte Folded Reload
+ stp x11, x10, [x12]
+ stp x9, x8, [x12, #16]
+ add sp, sp, #16 // =16
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end53:
+ .size mcl_fp_mont4L, .Lfunc_end53-mcl_fp_mont4L
+
+ .globl mcl_fp_montNF4L
+ .align 2
+ .type mcl_fp_montNF4L,@function
+mcl_fp_montNF4L: // @mcl_fp_montNF4L
+// BB#0:
+ stp x28, x27, [sp, #-80]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ ldp x14, x15, [x1, #16]
+ ldp x13, x16, [x1]
+ ldur x12, [x3, #-8]
+ ldp x9, x8, [x3, #16]
+ ldp x11, x10, [x3]
+ ldp x17, x18, [x2]
+ ldp x1, x2, [x2, #16]
+ umulh x3, x15, x17
+ mul x4, x15, x17
+ umulh x5, x14, x17
+ mul x6, x14, x17
+ umulh x7, x16, x17
+ mul x19, x16, x17
+ umulh x20, x13, x17
+ mul x17, x13, x17
+ umulh x21, x18, x15
+ mul x22, x18, x15
+ umulh x23, x18, x14
+ mul x24, x18, x14
+ umulh x25, x18, x16
+ mul x26, x18, x16
+ umulh x27, x18, x13
+ mul x18, x18, x13
+ adds x19, x20, x19
+ umulh x20, x1, x15
+ adcs x6, x7, x6
+ mul x7, x17, x12
+ adcs x4, x5, x4
+ mul x5, x7, x11
+ adcs x3, x3, xzr
+ cmn x5, x17
+ mul x17, x1, x15
+ mul x5, x7, x10
+ adcs x5, x5, x19
+ mul x19, x7, x9
+ adcs x6, x19, x6
+ mul x19, x7, x8
+ adcs x4, x19, x4
+ umulh x19, x7, x11
+ adcs x3, x3, xzr
+ adds x5, x5, x19
+ umulh x19, x7, x10
+ adcs x6, x6, x19
+ umulh x19, x7, x9
+ adcs x4, x4, x19
+ umulh x19, x1, x14
+ umulh x7, x7, x8
+ adcs x3, x3, x7
+ mul x7, x1, x14
+ adds x26, x27, x26
+ umulh x27, x1, x16
+ adcs x24, x25, x24
+ mul x25, x1, x16
+ adcs x22, x23, x22
+ umulh x23, x1, x13
+ mul x1, x1, x13
+ adcs x21, x21, xzr
+ adds x18, x18, x5
+ umulh x5, x2, x15
+ mul x15, x2, x15
+ adcs x6, x26, x6
+ umulh x26, x2, x14
+ mul x14, x2, x14
+ adcs x4, x24, x4
+ mul x24, x18, x12
+ adcs x3, x22, x3
+ mul x22, x24, x11
+ adcs x21, x21, xzr
+ cmn x22, x18
+ umulh x18, x2, x16
+ mul x16, x2, x16
+ umulh x22, x2, x13
+ mul x13, x2, x13
+ mul x2, x24, x10
+ adcs x2, x2, x6
+ mul x6, x24, x9
+ adcs x4, x6, x4
+ mul x6, x24, x8
+ adcs x3, x6, x3
+ umulh x6, x24, x11
+ adcs x21, x21, xzr
+ adds x2, x2, x6
+ umulh x6, x24, x10
+ adcs x4, x4, x6
+ umulh x6, x24, x9
+ adcs x3, x3, x6
+ umulh x6, x24, x8
+ adcs x6, x21, x6
+ adds x21, x23, x25
+ adcs x7, x27, x7
+ adcs x17, x19, x17
+ adcs x19, x20, xzr
+ adds x1, x1, x2
+ adcs x2, x21, x4
+ mul x4, x1, x12
+ adcs x3, x7, x3
+ mul x7, x4, x8
+ mul x20, x4, x9
+ adcs x17, x17, x6
+ mul x6, x4, x11
+ adcs x19, x19, xzr
+ cmn x6, x1
+ mul x1, x4, x10
+ umulh x6, x4, x8
+ adcs x1, x1, x2
+ umulh x2, x4, x9
+ adcs x3, x20, x3
+ umulh x20, x4, x10
+ umulh x4, x4, x11
+ adcs x17, x7, x17
+ adcs x7, x19, xzr
+ adds x1, x1, x4
+ adcs x3, x3, x20
+ adcs x17, x17, x2
+ adcs x2, x7, x6
+ adds x16, x22, x16
+ adcs x14, x18, x14
+ adcs x15, x26, x15
+ adcs x18, x5, xzr
+ adds x13, x13, x1
+ adcs x16, x16, x3
+ mul x12, x13, x12
+ adcs x14, x14, x17
+ mul x17, x12, x8
+ mul x1, x12, x9
+ mul x3, x12, x10
+ mul x4, x12, x11
+ umulh x5, x12, x8
+ umulh x6, x12, x9
+ umulh x7, x12, x10
+ umulh x12, x12, x11
+ adcs x15, x15, x2
+ adcs x18, x18, xzr
+ cmn x4, x13
+ adcs x13, x3, x16
+ adcs x14, x1, x14
+ adcs x15, x17, x15
+ adcs x16, x18, xzr
+ adds x12, x13, x12
+ adcs x13, x14, x7
+ adcs x14, x15, x6
+ adcs x15, x16, x5
+ subs x11, x12, x11
+ sbcs x10, x13, x10
+ sbcs x9, x14, x9
+ sbcs x8, x15, x8
+ cmp x8, #0 // =0
+ csel x11, x12, x11, lt
+ csel x10, x13, x10, lt
+ csel x9, x14, x9, lt
+ csel x8, x15, x8, lt
+ stp x11, x10, [x0]
+ stp x9, x8, [x0, #16]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #80
+ ret
+.Lfunc_end54:
+ .size mcl_fp_montNF4L, .Lfunc_end54-mcl_fp_montNF4L
+
+ .globl mcl_fp_montRed4L
+ .align 2
+ .type mcl_fp_montRed4L,@function
+mcl_fp_montRed4L: // @mcl_fp_montRed4L
+// BB#0:
+ stp x22, x21, [sp, #-32]!
+ stp x20, x19, [sp, #16]
+ ldur x12, [x2, #-8]
+ ldp x9, x8, [x2, #16]
+ ldp x11, x10, [x2]
+ ldp x14, x15, [x1, #48]
+ ldp x16, x17, [x1, #32]
+ ldp x18, x2, [x1, #16]
+ ldp x13, x1, [x1]
+ mul x3, x13, x12
+ umulh x4, x3, x8
+ mul x5, x3, x8
+ umulh x6, x3, x9
+ mul x7, x3, x9
+ umulh x19, x3, x10
+ mul x20, x3, x10
+ umulh x21, x3, x11
+ mul x3, x3, x11
+ adds x20, x21, x20
+ adcs x7, x19, x7
+ adcs x5, x6, x5
+ adcs x4, x4, xzr
+ cmn x13, x3
+ adcs x13, x1, x20
+ adcs x18, x18, x7
+ mul x1, x13, x12
+ adcs x2, x2, x5
+ umulh x3, x1, x8
+ mul x5, x1, x8
+ umulh x6, x1, x9
+ mul x7, x1, x9
+ umulh x19, x1, x10
+ mul x20, x1, x10
+ umulh x21, x1, x11
+ mul x1, x1, x11
+ adcs x16, x16, x4
+ adcs x17, x17, xzr
+ adcs x14, x14, xzr
+ adcs x15, x15, xzr
+ adcs x4, xzr, xzr
+ adds x20, x21, x20
+ adcs x7, x19, x7
+ adcs x5, x6, x5
+ adcs x3, x3, xzr
+ cmn x1, x13
+ adcs x13, x20, x18
+ adcs x18, x7, x2
+ mul x1, x13, x12
+ adcs x16, x5, x16
+ umulh x2, x1, x8
+ mul x5, x1, x8
+ umulh x6, x1, x9
+ mul x7, x1, x9
+ umulh x19, x1, x10
+ mul x20, x1, x10
+ umulh x21, x1, x11
+ mul x1, x1, x11
+ adcs x17, x3, x17
+ adcs x14, x14, xzr
+ adcs x15, x15, xzr
+ adcs x3, x4, xzr
+ adds x4, x21, x20
+ adcs x7, x19, x7
+ adcs x5, x6, x5
+ adcs x2, x2, xzr
+ cmn x1, x13
+ adcs x13, x4, x18
+ adcs x16, x7, x16
+ mul x12, x13, x12
+ adcs x17, x5, x17
+ umulh x18, x12, x8
+ mul x1, x12, x8
+ umulh x4, x12, x9
+ mul x5, x12, x9
+ umulh x6, x12, x10
+ mul x7, x12, x10
+ umulh x19, x12, x11
+ mul x12, x12, x11
+ adcs x14, x2, x14
+ adcs x15, x15, xzr
+ adcs x2, x3, xzr
+ adds x3, x19, x7
+ adcs x5, x6, x5
+ adcs x1, x4, x1
+ adcs x18, x18, xzr
+ cmn x12, x13
+ adcs x12, x3, x16
+ adcs x13, x5, x17
+ adcs x14, x1, x14
+ adcs x15, x18, x15
+ adcs x16, x2, xzr
+ subs x11, x12, x11
+ sbcs x10, x13, x10
+ sbcs x9, x14, x9
+ sbcs x8, x15, x8
+ sbcs x16, x16, xzr
+ tst x16, #0x1
+ csel x11, x12, x11, ne
+ csel x10, x13, x10, ne
+ csel x9, x14, x9, ne
+ csel x8, x15, x8, ne
+ stp x11, x10, [x0]
+ stp x9, x8, [x0, #16]
+ ldp x20, x19, [sp, #16]
+ ldp x22, x21, [sp], #32
+ ret
+.Lfunc_end55:
+ .size mcl_fp_montRed4L, .Lfunc_end55-mcl_fp_montRed4L
+
+ .globl mcl_fp_addPre4L
+ .align 2
+ .type mcl_fp_addPre4L,@function
+mcl_fp_addPre4L: // @mcl_fp_addPre4L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x1]
+ ldp x14, x15, [x1, #16]
+ adds x10, x10, x12
+ str x10, [x0]
+ adcs x10, x11, x13
+ adcs x8, x8, x14
+ stp x10, x8, [x0, #8]
+ adcs x9, x9, x15
+ adcs x8, xzr, xzr
+ str x9, [x0, #24]
+ mov x0, x8
+ ret
+.Lfunc_end56:
+ .size mcl_fp_addPre4L, .Lfunc_end56-mcl_fp_addPre4L
+
+ .globl mcl_fp_subPre4L
+ .align 2
+ .type mcl_fp_subPre4L,@function
+mcl_fp_subPre4L: // @mcl_fp_subPre4L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x1]
+ ldp x14, x15, [x1, #16]
+ subs x10, x12, x10
+ str x10, [x0]
+ sbcs x10, x13, x11
+ sbcs x8, x14, x8
+ stp x10, x8, [x0, #8]
+ sbcs x9, x15, x9
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0, #24]
+ mov x0, x8
+ ret
+.Lfunc_end57:
+ .size mcl_fp_subPre4L, .Lfunc_end57-mcl_fp_subPre4L
+
+ .globl mcl_fp_shr1_4L
+ .align 2
+ .type mcl_fp_shr1_4L,@function
+mcl_fp_shr1_4L: // @mcl_fp_shr1_4L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #16]
+ extr x8, x9, x8, #1
+ extr x9, x10, x9, #1
+ extr x10, x11, x10, #1
+ lsr x11, x11, #1
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ ret
+.Lfunc_end58:
+ .size mcl_fp_shr1_4L, .Lfunc_end58-mcl_fp_shr1_4L
+
+ .globl mcl_fp_add4L
+ .align 2
+ .type mcl_fp_add4L,@function
+mcl_fp_add4L: // @mcl_fp_add4L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x1]
+ ldp x14, x15, [x1, #16]
+ adds x10, x10, x12
+ adcs x12, x11, x13
+ ldp x11, x13, [x3]
+ stp x10, x12, [x0]
+ adcs x8, x8, x14
+ adcs x14, x9, x15
+ stp x8, x14, [x0, #16]
+ adcs x15, xzr, xzr
+ ldp x9, x16, [x3, #16]
+ subs x11, x10, x11
+ sbcs x10, x12, x13
+ sbcs x9, x8, x9
+ sbcs x8, x14, x16
+ sbcs x12, x15, xzr
+ and w12, w12, #0x1
+ tbnz w12, #0, .LBB59_2
+// BB#1: // %nocarry
+ stp x11, x10, [x0]
+ stp x9, x8, [x0, #16]
+.LBB59_2: // %carry
+ ret
+.Lfunc_end59:
+ .size mcl_fp_add4L, .Lfunc_end59-mcl_fp_add4L
+
+ .globl mcl_fp_addNF4L
+ .align 2
+ .type mcl_fp_addNF4L,@function
+mcl_fp_addNF4L: // @mcl_fp_addNF4L
+// BB#0:
+ ldp x8, x9, [x1, #16]
+ ldp x10, x11, [x1]
+ ldp x12, x13, [x2]
+ ldp x14, x15, [x2, #16]
+ adds x10, x12, x10
+ adcs x11, x13, x11
+ ldp x12, x13, [x3]
+ adcs x8, x14, x8
+ ldp x14, x16, [x3, #16]
+ adcs x9, x15, x9
+ subs x12, x10, x12
+ sbcs x13, x11, x13
+ sbcs x14, x8, x14
+ sbcs x15, x9, x16
+ cmp x15, #0 // =0
+ csel x10, x10, x12, lt
+ csel x11, x11, x13, lt
+ csel x8, x8, x14, lt
+ csel x9, x9, x15, lt
+ stp x10, x11, [x0]
+ stp x8, x9, [x0, #16]
+ ret
+.Lfunc_end60:
+ .size mcl_fp_addNF4L, .Lfunc_end60-mcl_fp_addNF4L
+
+ .globl mcl_fp_sub4L
+ .align 2
+ .type mcl_fp_sub4L,@function
+mcl_fp_sub4L: // @mcl_fp_sub4L
+// BB#0:
+ ldp x10, x11, [x2, #16]
+ ldp x8, x9, [x2]
+ ldp x12, x13, [x1]
+ ldp x14, x15, [x1, #16]
+ subs x8, x12, x8
+ sbcs x9, x13, x9
+ stp x8, x9, [x0]
+ sbcs x10, x14, x10
+ sbcs x11, x15, x11
+ stp x10, x11, [x0, #16]
+ ngcs x12, xzr
+ and w12, w12, #0x1
+ tbnz w12, #0, .LBB61_2
+// BB#1: // %nocarry
+ ret
+.LBB61_2: // %carry
+ ldp x12, x13, [x3, #16]
+ ldp x14, x15, [x3]
+ adds x8, x14, x8
+ adcs x9, x15, x9
+ adcs x10, x12, x10
+ adcs x11, x13, x11
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ ret
+.Lfunc_end61:
+ .size mcl_fp_sub4L, .Lfunc_end61-mcl_fp_sub4L
+
+ .globl mcl_fp_subNF4L
+ .align 2
+ .type mcl_fp_subNF4L,@function
+mcl_fp_subNF4L: // @mcl_fp_subNF4L
+// BB#0:
+ ldp x8, x9, [x2, #16]
+ ldp x10, x11, [x2]
+ ldp x12, x13, [x1]
+ ldp x14, x15, [x1, #16]
+ subs x10, x12, x10
+ sbcs x11, x13, x11
+ ldp x12, x13, [x3, #16]
+ sbcs x8, x14, x8
+ ldp x14, x16, [x3]
+ sbcs x9, x15, x9
+ asr x15, x9, #63
+ and x14, x15, x14
+ and x16, x15, x16
+ and x12, x15, x12
+ and x13, x15, x13
+ adds x10, x14, x10
+ str x10, [x0]
+ adcs x10, x16, x11
+ adcs x8, x12, x8
+ stp x10, x8, [x0, #8]
+ adcs x8, x13, x9
+ str x8, [x0, #24]
+ ret
+.Lfunc_end62:
+ .size mcl_fp_subNF4L, .Lfunc_end62-mcl_fp_subNF4L
+
+ .globl mcl_fpDbl_add4L
+ .align 2
+ .type mcl_fpDbl_add4L,@function
+mcl_fpDbl_add4L: // @mcl_fpDbl_add4L
+// BB#0:
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x4, x2, [x2]
+ ldp x5, x6, [x1, #16]
+ ldp x18, x1, [x1]
+ adds x18, x4, x18
+ str x18, [x0]
+ ldp x18, x4, [x3, #16]
+ adcs x1, x2, x1
+ ldp x2, x3, [x3]
+ adcs x16, x16, x5
+ stp x1, x16, [x0, #8]
+ adcs x16, x17, x6
+ str x16, [x0, #24]
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ adcs x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, xzr, xzr
+ subs x11, x12, x2
+ sbcs x14, x13, x3
+ sbcs x15, x8, x18
+ sbcs x16, x9, x4
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x10, x12, x11, ne
+ csel x11, x13, x14, ne
+ csel x8, x8, x15, ne
+ csel x9, x9, x16, ne
+ stp x10, x11, [x0, #32]
+ stp x8, x9, [x0, #48]
+ ret
+.Lfunc_end63:
+ .size mcl_fpDbl_add4L, .Lfunc_end63-mcl_fpDbl_add4L
+
+ .globl mcl_fpDbl_sub4L
+ .align 2
+ .type mcl_fpDbl_sub4L,@function
+mcl_fpDbl_sub4L: // @mcl_fpDbl_sub4L
+// BB#0:
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x18, x2, [x2]
+ ldp x5, x6, [x1, #16]
+ ldp x4, x1, [x1]
+ subs x18, x4, x18
+ str x18, [x0]
+ ldp x18, x4, [x3, #16]
+ sbcs x1, x1, x2
+ ldp x2, x3, [x3]
+ sbcs x16, x5, x16
+ stp x1, x16, [x0, #8]
+ sbcs x16, x6, x17
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ sbcs x8, x10, x8
+ sbcs x9, x11, x9
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x4, xzr, ne
+ csel x11, x18, xzr, ne
+ csel x14, x3, xzr, ne
+ csel x15, x2, xzr, ne
+ adds x12, x15, x12
+ stp x16, x12, [x0, #24]
+ adcs x12, x14, x13
+ adcs x8, x11, x8
+ stp x12, x8, [x0, #40]
+ adcs x8, x10, x9
+ str x8, [x0, #56]
+ ret
+.Lfunc_end64:
+ .size mcl_fpDbl_sub4L, .Lfunc_end64-mcl_fpDbl_sub4L
+
+ .globl mcl_fp_mulUnitPre5L
+ .align 2
+ .type mcl_fp_mulUnitPre5L,@function
+mcl_fp_mulUnitPre5L: // @mcl_fp_mulUnitPre5L
+// BB#0:
+ ldp x12, x8, [x1, #24]
+ ldp x9, x10, [x1]
+ ldr x11, [x1, #16]
+ mul x13, x9, x2
+ mul x14, x10, x2
+ umulh x9, x9, x2
+ mul x15, x11, x2
+ umulh x10, x10, x2
+ mul x16, x12, x2
+ umulh x11, x11, x2
+ mul x17, x8, x2
+ umulh x12, x12, x2
+ umulh x8, x8, x2
+ adds x9, x9, x14
+ stp x13, x9, [x0]
+ adcs x9, x10, x15
+ str x9, [x0, #16]
+ adcs x9, x11, x16
+ str x9, [x0, #24]
+ adcs x9, x12, x17
+ adcs x8, x8, xzr
+ stp x9, x8, [x0, #32]
+ ret
+.Lfunc_end65:
+ .size mcl_fp_mulUnitPre5L, .Lfunc_end65-mcl_fp_mulUnitPre5L
+
+ .globl mcl_fpDbl_mulPre5L
+ .align 2
+ .type mcl_fpDbl_mulPre5L,@function
+mcl_fpDbl_mulPre5L: // @mcl_fpDbl_mulPre5L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #176 // =176
+ ldp x8, x10, [x1]
+ ldp x9, x15, [x1]
+ ldp x11, x12, [x1, #24]
+ ldp x13, x14, [x2]
+ ldp x16, x18, [x1, #16]
+ ldr x17, [x1, #16]
+ ldr x3, [x1, #32]
+ ldp x4, x5, [x2, #16]
+ mul x6, x8, x13
+ str x6, [sp, #72] // 8-byte Folded Spill
+ umulh x6, x12, x13
+ str x6, [sp, #168] // 8-byte Folded Spill
+ mul x6, x12, x13
+ str x6, [sp, #152] // 8-byte Folded Spill
+ umulh x6, x11, x13
+ str x6, [sp, #112] // 8-byte Folded Spill
+ mul x6, x11, x13
+ str x6, [sp, #64] // 8-byte Folded Spill
+ umulh x6, x17, x13
+ mul x23, x17, x13
+ umulh x24, x10, x13
+ mul x25, x10, x13
+ umulh x7, x8, x13
+ mul x26, x8, x14
+ mul x13, x12, x14
+ str x13, [sp, #104] // 8-byte Folded Spill
+ mul x13, x11, x14
+ stp x13, x6, [sp, #40]
+ mul x29, x17, x14
+ mul x30, x10, x14
+ umulh x12, x12, x14
+ umulh x11, x11, x14
+ str x11, [sp, #96] // 8-byte Folded Spill
+ umulh x11, x17, x14
+ umulh x27, x10, x14
+ umulh x20, x8, x14
+ mul x8, x9, x4
+ stp x8, x11, [sp, #24]
+ mul x8, x3, x4
+ stp x8, x12, [sp, #136]
+ mul x8, x18, x4
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x8, x16, x4
+ str x8, [sp, #16] // 8-byte Folded Spill
+ mul x28, x15, x4
+ umulh x8, x3, x4
+ str x8, [sp, #160] // 8-byte Folded Spill
+ umulh x8, x18, x4
+ str x8, [sp, #128] // 8-byte Folded Spill
+ umulh x8, x16, x4
+ str x8, [sp, #80] // 8-byte Folded Spill
+ umulh x8, x15, x4
+ str x8, [sp, #8] // 8-byte Folded Spill
+ umulh x22, x9, x4
+ mul x8, x3, x5
+ str x8, [sp, #120] // 8-byte Folded Spill
+ umulh x8, x3, x5
+ str x8, [sp, #56] // 8-byte Folded Spill
+ mul x6, x18, x5
+ umulh x21, x18, x5
+ mul x3, x16, x5
+ umulh x19, x16, x5
+ mul x17, x15, x5
+ umulh x4, x15, x5
+ mul x16, x9, x5
+ umulh x18, x9, x5
+ ldr x2, [x2, #32]
+ ldp x10, x5, [x1, #16]
+ ldp x8, x9, [x1]
+ ldr x1, [x1, #32]
+ mul x15, x8, x2
+ umulh x14, x8, x2
+ mul x12, x9, x2
+ umulh x13, x9, x2
+ mul x11, x10, x2
+ umulh x10, x10, x2
+ mul x9, x5, x2
+ umulh x5, x5, x2
+ mul x8, x1, x2
+ umulh x1, x1, x2
+ ldr x2, [sp, #72] // 8-byte Folded Reload
+ str x2, [x0]
+ adds x2, x7, x25
+ adcs x7, x24, x23
+ ldr x23, [sp, #64] // 8-byte Folded Reload
+ ldr x24, [sp, #48] // 8-byte Folded Reload
+ adcs x23, x24, x23
+ ldr x24, [sp, #152] // 8-byte Folded Reload
+ ldr x25, [sp, #112] // 8-byte Folded Reload
+ adcs x24, x25, x24
+ ldr x25, [sp, #168] // 8-byte Folded Reload
+ adcs x25, x25, xzr
+ adds x2, x26, x2
+ str x2, [x0, #8]
+ adcs x2, x30, x7
+ adcs x7, x29, x23
+ ldr x23, [sp, #40] // 8-byte Folded Reload
+ adcs x23, x23, x24
+ ldr x24, [sp, #104] // 8-byte Folded Reload
+ adcs x24, x24, x25
+ adcs x25, xzr, xzr
+ adds x2, x2, x20
+ adcs x7, x7, x27
+ ldr x20, [sp, #32] // 8-byte Folded Reload
+ adcs x20, x23, x20
+ ldr x23, [sp, #96] // 8-byte Folded Reload
+ adcs x23, x24, x23
+ ldr x24, [sp, #144] // 8-byte Folded Reload
+ adcs x24, x25, x24
+ ldr x25, [sp, #24] // 8-byte Folded Reload
+ adds x2, x25, x2
+ str x2, [x0, #16]
+ adcs x2, x28, x7
+ ldr x7, [sp, #16] // 8-byte Folded Reload
+ adcs x7, x7, x20
+ ldr x20, [sp, #88] // 8-byte Folded Reload
+ adcs x20, x20, x23
+ ldr x23, [sp, #136] // 8-byte Folded Reload
+ adcs x23, x23, x24
+ adcs x24, xzr, xzr
+ adds x2, x2, x22
+ ldr x22, [sp, #8] // 8-byte Folded Reload
+ adcs x7, x7, x22
+ ldr x22, [sp, #80] // 8-byte Folded Reload
+ adcs x20, x20, x22
+ ldr x22, [sp, #128] // 8-byte Folded Reload
+ adcs x22, x23, x22
+ ldr x23, [sp, #160] // 8-byte Folded Reload
+ adcs x23, x24, x23
+ adds x16, x16, x2
+ str x16, [x0, #24]
+ adcs x16, x17, x7
+ adcs x17, x3, x20
+ adcs x2, x6, x22
+ ldr x3, [sp, #120] // 8-byte Folded Reload
+ adcs x3, x3, x23
+ adcs x6, xzr, xzr
+ adds x16, x16, x18
+ adcs x17, x17, x4
+ adcs x18, x2, x19
+ adcs x2, x3, x21
+ ldr x3, [sp, #56] // 8-byte Folded Reload
+ adcs x3, x6, x3
+ adds x15, x15, x16
+ str x15, [x0, #32]
+ adcs x12, x12, x17
+ adcs x11, x11, x18
+ adcs x9, x9, x2
+ adcs x8, x8, x3
+ adcs x15, xzr, xzr
+ adds x12, x12, x14
+ adcs x11, x11, x13
+ stp x12, x11, [x0, #40]
+ adcs x9, x9, x10
+ adcs x8, x8, x5
+ stp x9, x8, [x0, #56]
+ adcs x8, x15, x1
+ str x8, [x0, #72]
+ add sp, sp, #176 // =176
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end66:
+ .size mcl_fpDbl_mulPre5L, .Lfunc_end66-mcl_fpDbl_mulPre5L
+
+ .globl mcl_fpDbl_sqrPre5L
+ .align 2
+ .type mcl_fpDbl_sqrPre5L,@function
+mcl_fpDbl_sqrPre5L: // @mcl_fpDbl_sqrPre5L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #16]
+ ldp x12, x15, [x1]
+ ldp x13, x14, [x1, #24]
+ ldr x16, [x1, #16]
+ mul x17, x12, x12
+ mul x18, x14, x12
+ mul x2, x11, x12
+ umulh x3, x16, x12
+ mul x4, x16, x12
+ umulh x5, x9, x12
+ mul x6, x9, x12
+ str x17, [x0]
+ umulh x17, x12, x12
+ adds x17, x17, x6
+ adcs x4, x5, x4
+ adcs x2, x3, x2
+ umulh x3, x11, x12
+ adcs x18, x3, x18
+ umulh x12, x14, x12
+ adcs x12, x12, xzr
+ adds x17, x6, x17
+ ldr x3, [x1]
+ str x17, [x0, #8]
+ mul x17, x9, x9
+ adcs x17, x17, x4
+ mul x4, x16, x9
+ adcs x2, x4, x2
+ mul x4, x11, x9
+ adcs x18, x4, x18
+ mul x4, x14, x9
+ adcs x12, x4, x12
+ adcs x4, xzr, xzr
+ adds x17, x17, x5
+ umulh x5, x9, x9
+ adcs x2, x2, x5
+ umulh x5, x16, x9
+ adcs x18, x18, x5
+ ldr x5, [x1, #8]
+ umulh x11, x11, x9
+ adcs x11, x12, x11
+ ldr x12, [x1, #24]
+ umulh x9, x14, x9
+ adcs x9, x4, x9
+ mul x4, x3, x16
+ adds x17, x4, x17
+ mul x4, x14, x16
+ str x17, [x0, #16]
+ mul x17, x5, x16
+ adcs x17, x17, x2
+ mul x2, x16, x16
+ adcs x18, x2, x18
+ mul x2, x12, x16
+ adcs x11, x2, x11
+ umulh x2, x3, x16
+ adcs x9, x4, x9
+ adcs x4, xzr, xzr
+ adds x17, x17, x2
+ umulh x2, x5, x16
+ adcs x18, x18, x2
+ umulh x2, x16, x16
+ adcs x11, x11, x2
+ umulh x14, x14, x16
+ umulh x16, x12, x16
+ adcs x9, x9, x16
+ ldr x16, [x1, #32]
+ adcs x14, x4, x14
+ mul x1, x3, x12
+ adds x17, x1, x17
+ mul x1, x16, x12
+ str x17, [x0, #24]
+ mul x17, x5, x12
+ adcs x17, x17, x18
+ mul x18, x10, x12
+ adcs x11, x18, x11
+ mul x18, x12, x12
+ adcs x9, x18, x9
+ umulh x18, x16, x12
+ umulh x2, x3, x12
+ adcs x14, x1, x14
+ adcs x1, xzr, xzr
+ adds x17, x17, x2
+ umulh x2, x10, x12
+ umulh x3, x5, x12
+ umulh x12, x12, x12
+ adcs x11, x11, x3
+ mul x3, x8, x16
+ adcs x9, x9, x2
+ mul x2, x13, x16
+ adcs x12, x14, x12
+ mul x14, x10, x16
+ adcs x18, x1, x18
+ mul x1, x15, x16
+ adds x17, x17, x3
+ mul x3, x16, x16
+ umulh x8, x8, x16
+ umulh x15, x15, x16
+ umulh x10, x10, x16
+ umulh x13, x13, x16
+ umulh x16, x16, x16
+ str x17, [x0, #32]
+ adcs x11, x11, x1
+ adcs x9, x9, x14
+ adcs x12, x12, x2
+ adcs x14, x18, x3
+ adcs x17, xzr, xzr
+ adds x8, x11, x8
+ str x8, [x0, #40]
+ adcs x8, x9, x15
+ str x8, [x0, #48]
+ adcs x8, x12, x10
+ str x8, [x0, #56]
+ adcs x8, x14, x13
+ str x8, [x0, #64]
+ adcs x8, x17, x16
+ str x8, [x0, #72]
+ ret
+.Lfunc_end67:
+ .size mcl_fpDbl_sqrPre5L, .Lfunc_end67-mcl_fpDbl_sqrPre5L
+
+ .globl mcl_fp_mont5L
+ .align 2
+ .type mcl_fp_mont5L,@function
+mcl_fp_mont5L: // @mcl_fp_mont5L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #80 // =80
+ str x0, [sp, #72] // 8-byte Folded Spill
+ ldp x16, x10, [x1, #24]
+ ldp x18, x0, [x1, #8]
+ ldr x17, [x1]
+ ldur x9, [x3, #-8]
+ str x9, [sp, #16] // 8-byte Folded Spill
+ ldp x11, x8, [x3, #24]
+ ldp x14, x12, [x3, #8]
+ ldr x13, [x3]
+ ldp x3, x1, [x2]
+ ldp x4, x5, [x2, #16]
+ ldr x2, [x2, #32]
+ umulh x6, x10, x3
+ mul x7, x10, x3
+ umulh x19, x16, x3
+ mul x20, x16, x3
+ umulh x21, x0, x3
+ mul x22, x0, x3
+ umulh x23, x18, x3
+ mul x24, x18, x3
+ umulh x25, x17, x3
+ mul x3, x17, x3
+ umulh x26, x1, x10
+ mul x27, x1, x10
+ umulh x28, x1, x16
+ adds x24, x25, x24
+ mul x25, x3, x9
+ adcs x22, x23, x22
+ mul x23, x25, x8
+ mul x29, x25, x11
+ mul x30, x25, x12
+ adcs x20, x21, x20
+ mul x21, x25, x14
+ adcs x7, x19, x7
+ umulh x19, x25, x13
+ adcs x6, x6, xzr
+ adds x19, x19, x21
+ umulh x21, x25, x14
+ adcs x21, x21, x30
+ umulh x30, x25, x12
+ adcs x29, x30, x29
+ umulh x30, x25, x11
+ adcs x23, x30, x23
+ umulh x30, x25, x8
+ mul x25, x25, x13
+ adcs x30, x30, xzr
+ cmn x25, x3
+ mul x3, x1, x16
+ umulh x25, x1, x0
+ adcs x19, x19, x24
+ mul x24, x1, x0
+ adcs x21, x21, x22
+ umulh x22, x1, x18
+ adcs x20, x29, x20
+ mul x29, x1, x18
+ adcs x7, x23, x7
+ umulh x23, x1, x17
+ mul x1, x1, x17
+ adcs x6, x30, x6
+ adcs x30, xzr, xzr
+ adds x23, x23, x29
+ umulh x29, x4, x10
+ adcs x22, x22, x24
+ mul x24, x4, x10
+ adcs x3, x25, x3
+ umulh x25, x4, x16
+ adcs x27, x28, x27
+ adcs x26, x26, xzr
+ adds x1, x19, x1
+ adcs x19, x21, x23
+ mul x21, x1, x9
+ adcs x20, x20, x22
+ mul x22, x21, x8
+ mul x23, x21, x11
+ mul x28, x21, x12
+ adcs x3, x7, x3
+ mul x7, x21, x14
+ adcs x6, x6, x27
+ umulh x27, x21, x13
+ adcs x26, x30, x26
+ adcs x30, xzr, xzr
+ adds x7, x27, x7
+ umulh x27, x21, x14
+ adcs x27, x27, x28
+ umulh x28, x21, x12
+ adcs x23, x28, x23
+ umulh x28, x21, x11
+ adcs x22, x28, x22
+ umulh x28, x21, x8
+ mul x21, x21, x13
+ adcs x28, x28, xzr
+ cmn x21, x1
+ mul x1, x4, x16
+ umulh x21, x4, x0
+ adcs x7, x7, x19
+ mul x19, x4, x0
+ adcs x20, x27, x20
+ umulh x27, x4, x18
+ adcs x3, x23, x3
+ mul x23, x4, x18
+ adcs x6, x22, x6
+ umulh x22, x4, x17
+ mul x4, x4, x17
+ adcs x26, x28, x26
+ umulh x15, x5, x10
+ str x15, [sp, #64] // 8-byte Folded Spill
+ adcs x30, x30, xzr
+ adds x22, x22, x23
+ mul x15, x5, x10
+ str x15, [sp, #56] // 8-byte Folded Spill
+ adcs x19, x27, x19
+ umulh x15, x5, x16
+ str x15, [sp, #40] // 8-byte Folded Spill
+ adcs x1, x21, x1
+ mul x15, x5, x16
+ str x15, [sp, #32] // 8-byte Folded Spill
+ adcs x24, x25, x24
+ adcs x25, x29, xzr
+ adds x4, x7, x4
+ adcs x7, x20, x22
+ mul x20, x4, x9
+ adcs x3, x3, x19
+ mul x19, x20, x8
+ mul x22, x20, x11
+ mov x15, x12
+ mul x29, x20, x15
+ adcs x1, x6, x1
+ mov x21, x14
+ mul x6, x20, x21
+ adcs x24, x26, x24
+ mov x9, x13
+ umulh x26, x20, x9
+ adcs x25, x30, x25
+ adcs x30, xzr, xzr
+ adds x6, x26, x6
+ umulh x26, x20, x21
+ adcs x26, x26, x29
+ umulh x29, x20, x15
+ adcs x22, x29, x22
+ umulh x29, x20, x11
+ mov x13, x11
+ adcs x19, x29, x19
+ umulh x29, x20, x8
+ mov x12, x8
+ mul x20, x20, x9
+ mov x14, x9
+ adcs x29, x29, xzr
+ cmn x20, x4
+ umulh x4, x5, x0
+ mul x20, x5, x0
+ umulh x11, x5, x18
+ mul x9, x5, x18
+ umulh x8, x5, x17
+ mul x5, x5, x17
+ umulh x23, x2, x10
+ str x23, [sp, #48] // 8-byte Folded Spill
+ mul x10, x2, x10
+ str x10, [sp, #24] // 8-byte Folded Spill
+ umulh x10, x2, x16
+ str x10, [sp, #8] // 8-byte Folded Spill
+ mul x28, x2, x16
+ umulh x27, x2, x0
+ mul x23, x2, x0
+ umulh x16, x2, x18
+ mul x18, x2, x18
+ umulh x0, x2, x17
+ mul x17, x2, x17
+ adcs x2, x6, x7
+ adcs x3, x26, x3
+ adcs x1, x22, x1
+ adcs x6, x19, x24
+ adcs x7, x29, x25
+ adcs x19, x30, xzr
+ adds x8, x8, x9
+ adcs x9, x11, x20
+ ldr x10, [sp, #32] // 8-byte Folded Reload
+ adcs x10, x4, x10
+ ldr x11, [sp, #56] // 8-byte Folded Reload
+ ldr x4, [sp, #40] // 8-byte Folded Reload
+ adcs x4, x4, x11
+ ldr x11, [sp, #64] // 8-byte Folded Reload
+ adcs x20, x11, xzr
+ adds x2, x2, x5
+ adcs x8, x3, x8
+ ldr x24, [sp, #16] // 8-byte Folded Reload
+ mul x3, x2, x24
+ adcs x9, x1, x9
+ mul x1, x3, x12
+ mul x5, x3, x13
+ mul x22, x3, x15
+ adcs x10, x6, x10
+ mul x6, x3, x21
+ adcs x4, x7, x4
+ umulh x7, x3, x14
+ adcs x19, x19, x20
+ adcs x20, xzr, xzr
+ adds x6, x7, x6
+ umulh x7, x3, x21
+ adcs x7, x7, x22
+ umulh x22, x3, x15
+ mov x25, x15
+ adcs x5, x22, x5
+ umulh x22, x3, x13
+ adcs x1, x22, x1
+ umulh x22, x3, x12
+ mul x3, x3, x14
+ adcs x22, x22, xzr
+ cmn x3, x2
+ adcs x8, x6, x8
+ adcs x9, x7, x9
+ adcs x10, x5, x10
+ adcs x1, x1, x4
+ adcs x2, x22, x19
+ adcs x3, x20, xzr
+ adds x11, x0, x18
+ adcs x15, x16, x23
+ adcs x16, x27, x28
+ ldr x18, [sp, #24] // 8-byte Folded Reload
+ ldr x0, [sp, #8] // 8-byte Folded Reload
+ adcs x18, x0, x18
+ ldr x0, [sp, #48] // 8-byte Folded Reload
+ adcs x4, x0, xzr
+ adds x8, x8, x17
+ adcs x9, x9, x11
+ mul x11, x8, x24
+ adcs x10, x10, x15
+ umulh x15, x11, x12
+ mul x17, x11, x12
+ umulh x5, x11, x13
+ mul x6, x11, x13
+ mov x0, x13
+ mov x20, x25
+ umulh x7, x11, x20
+ mul x19, x11, x20
+ mov x23, x20
+ mov x13, x21
+ umulh x20, x11, x13
+ mul x21, x11, x13
+ umulh x22, x11, x14
+ mul x11, x11, x14
+ adcs x16, x1, x16
+ adcs x18, x2, x18
+ adcs x1, x3, x4
+ adcs x2, xzr, xzr
+ adds x3, x22, x21
+ adcs x4, x20, x19
+ adcs x6, x7, x6
+ adcs x17, x5, x17
+ adcs x15, x15, xzr
+ cmn x11, x8
+ adcs x8, x3, x9
+ adcs x9, x4, x10
+ adcs x10, x6, x16
+ adcs x11, x17, x18
+ adcs x15, x15, x1
+ adcs x16, x2, xzr
+ subs x1, x8, x14
+ sbcs x13, x9, x13
+ sbcs x14, x10, x23
+ sbcs x17, x11, x0
+ sbcs x18, x15, x12
+ sbcs x16, x16, xzr
+ tst x16, #0x1
+ csel x8, x8, x1, ne
+ csel x9, x9, x13, ne
+ csel x10, x10, x14, ne
+ csel x11, x11, x17, ne
+ csel x12, x15, x18, ne
+ ldr x13, [sp, #72] // 8-byte Folded Reload
+ stp x8, x9, [x13]
+ stp x10, x11, [x13, #16]
+ str x12, [x13, #32]
+ add sp, sp, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end68:
+ .size mcl_fp_mont5L, .Lfunc_end68-mcl_fp_mont5L
+
+ .globl mcl_fp_montNF5L
+ .align 2
+ .type mcl_fp_montNF5L,@function
+mcl_fp_montNF5L: // @mcl_fp_montNF5L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #32 // =32
+ str x0, [sp, #24] // 8-byte Folded Spill
+ ldp x16, x14, [x1, #24]
+ ldp x18, x15, [x1, #8]
+ ldr x17, [x1]
+ ldur x13, [x3, #-8]
+ ldp x9, x8, [x3, #24]
+ ldp x11, x10, [x3, #8]
+ ldr x12, [x3]
+ ldp x1, x3, [x2]
+ ldp x4, x5, [x2, #16]
+ ldr x2, [x2, #32]
+ umulh x6, x14, x1
+ mul x7, x14, x1
+ umulh x19, x16, x1
+ mul x20, x16, x1
+ umulh x21, x15, x1
+ mul x22, x15, x1
+ umulh x23, x18, x1
+ mul x24, x18, x1
+ umulh x25, x17, x1
+ mul x1, x17, x1
+ umulh x26, x3, x14
+ mul x27, x3, x14
+ umulh x28, x3, x16
+ mul x29, x3, x16
+ umulh x30, x3, x15
+ adds x24, x25, x24
+ mul x25, x3, x15
+ adcs x22, x23, x22
+ umulh x23, x3, x18
+ adcs x20, x21, x20
+ mul x21, x1, x13
+ adcs x7, x19, x7
+ mul x19, x21, x12
+ adcs x6, x6, xzr
+ cmn x19, x1
+ mul x1, x3, x18
+ mul x19, x21, x11
+ adcs x19, x19, x24
+ mul x24, x21, x10
+ adcs x22, x24, x22
+ mul x24, x21, x9
+ adcs x20, x24, x20
+ mul x24, x21, x8
+ adcs x7, x24, x7
+ umulh x24, x21, x12
+ adcs x6, x6, xzr
+ adds x19, x19, x24
+ umulh x24, x21, x11
+ adcs x22, x22, x24
+ umulh x24, x21, x10
+ adcs x20, x20, x24
+ umulh x24, x21, x9
+ adcs x7, x7, x24
+ umulh x24, x3, x17
+ mul x3, x3, x17
+ umulh x21, x21, x8
+ adcs x6, x6, x21
+ umulh x21, x4, x14
+ adds x1, x24, x1
+ mul x24, x4, x14
+ adcs x23, x23, x25
+ umulh x25, x4, x16
+ adcs x29, x30, x29
+ mul x30, x4, x16
+ adcs x27, x28, x27
+ umulh x28, x4, x15
+ adcs x26, x26, xzr
+ adds x3, x3, x19
+ mul x19, x4, x15
+ adcs x1, x1, x22
+ umulh x22, x4, x18
+ adcs x20, x23, x20
+ mul x23, x4, x18
+ adcs x7, x29, x7
+ mul x29, x3, x13
+ adcs x6, x27, x6
+ mul x27, x29, x12
+ adcs x26, x26, xzr
+ cmn x27, x3
+ umulh x3, x4, x17
+ mul x4, x4, x17
+ mul x27, x29, x11
+ adcs x1, x27, x1
+ mul x27, x29, x10
+ adcs x20, x27, x20
+ mul x27, x29, x9
+ adcs x7, x27, x7
+ mul x27, x29, x8
+ adcs x6, x27, x6
+ umulh x27, x29, x12
+ adcs x26, x26, xzr
+ adds x1, x1, x27
+ umulh x27, x29, x11
+ adcs x20, x20, x27
+ umulh x27, x29, x10
+ adcs x7, x7, x27
+ umulh x27, x29, x9
+ adcs x6, x6, x27
+ umulh x27, x5, x14
+ umulh x29, x29, x8
+ adcs x26, x26, x29
+ mul x29, x5, x14
+ adds x3, x3, x23
+ umulh x23, x5, x16
+ adcs x19, x22, x19
+ mul x22, x5, x16
+ adcs x28, x28, x30
+ umulh x30, x5, x15
+ adcs x24, x25, x24
+ mul x25, x5, x15
+ adcs x21, x21, xzr
+ adds x1, x4, x1
+ umulh x4, x5, x18
+ adcs x3, x3, x20
+ mul x20, x5, x18
+ adcs x7, x19, x7
+ umulh x19, x5, x17
+ mul x5, x5, x17
+ adcs x6, x28, x6
+ mul x28, x1, x13
+ adcs x24, x24, x26
+ mul x26, x28, x12
+ adcs x21, x21, xzr
+ cmn x26, x1
+ umulh x0, x2, x14
+ mul x14, x2, x14
+ stp x14, x0, [sp, #8]
+ umulh x26, x2, x16
+ mul x1, x2, x16
+ umulh x0, x2, x15
+ mul x16, x2, x15
+ umulh x15, x2, x18
+ mul x18, x2, x18
+ umulh x14, x2, x17
+ mul x17, x2, x17
+ mul x2, x28, x11
+ adcs x2, x2, x3
+ mul x3, x28, x10
+ adcs x3, x3, x7
+ mul x7, x28, x9
+ adcs x6, x7, x6
+ mul x7, x28, x8
+ adcs x7, x7, x24
+ adcs x21, x21, xzr
+ umulh x24, x28, x12
+ adds x2, x2, x24
+ umulh x24, x28, x11
+ adcs x3, x3, x24
+ umulh x24, x28, x10
+ adcs x6, x6, x24
+ umulh x24, x28, x9
+ adcs x7, x7, x24
+ umulh x24, x28, x8
+ adcs x21, x21, x24
+ adds x19, x19, x20
+ adcs x4, x4, x25
+ adcs x20, x30, x22
+ adcs x22, x23, x29
+ adcs x23, x27, xzr
+ adds x2, x5, x2
+ adcs x3, x19, x3
+ mov x24, x13
+ mul x5, x2, x24
+ adcs x4, x4, x6
+ mul x6, x5, x8
+ mul x19, x5, x9
+ adcs x7, x20, x7
+ mul x20, x5, x10
+ adcs x21, x22, x21
+ mul x22, x5, x12
+ adcs x23, x23, xzr
+ cmn x22, x2
+ mul x2, x5, x11
+ umulh x22, x5, x8
+ adcs x2, x2, x3
+ umulh x3, x5, x9
+ adcs x4, x20, x4
+ umulh x20, x5, x10
+ adcs x7, x19, x7
+ umulh x19, x5, x11
+ umulh x5, x5, x12
+ adcs x6, x6, x21
+ adcs x21, x23, xzr
+ adds x2, x2, x5
+ adcs x4, x4, x19
+ adcs x5, x7, x20
+ adcs x3, x6, x3
+ adcs x6, x21, x22
+ adds x13, x14, x18
+ adcs x14, x15, x16
+ adcs x15, x0, x1
+ ldp x16, x18, [sp, #8]
+ adcs x16, x26, x16
+ adcs x18, x18, xzr
+ adds x17, x17, x2
+ adcs x13, x13, x4
+ mul x0, x17, x24
+ adcs x14, x14, x5
+ mul x1, x0, x8
+ mul x2, x0, x9
+ mul x4, x0, x10
+ mul x5, x0, x11
+ mul x7, x0, x12
+ umulh x19, x0, x8
+ umulh x20, x0, x9
+ umulh x21, x0, x10
+ umulh x22, x0, x11
+ umulh x0, x0, x12
+ adcs x15, x15, x3
+ adcs x16, x16, x6
+ adcs x18, x18, xzr
+ cmn x7, x17
+ adcs x13, x5, x13
+ adcs x14, x4, x14
+ adcs x15, x2, x15
+ adcs x16, x1, x16
+ adcs x17, x18, xzr
+ adds x13, x13, x0
+ adcs x14, x14, x22
+ adcs x15, x15, x21
+ adcs x16, x16, x20
+ adcs x17, x17, x19
+ subs x12, x13, x12
+ sbcs x11, x14, x11
+ sbcs x10, x15, x10
+ sbcs x9, x16, x9
+ sbcs x8, x17, x8
+ asr x18, x8, #63
+ cmp x18, #0 // =0
+ csel x12, x13, x12, lt
+ csel x11, x14, x11, lt
+ csel x10, x15, x10, lt
+ csel x9, x16, x9, lt
+ csel x8, x17, x8, lt
+ ldr x13, [sp, #24] // 8-byte Folded Reload
+ stp x12, x11, [x13]
+ stp x10, x9, [x13, #16]
+ str x8, [x13, #32]
+ add sp, sp, #32 // =32
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end69:
+ .size mcl_fp_montNF5L, .Lfunc_end69-mcl_fp_montNF5L
+
+ .globl mcl_fp_montRed5L
+ .align 2
+ .type mcl_fp_montRed5L,@function
+mcl_fp_montRed5L: // @mcl_fp_montRed5L
+// BB#0:
+ stp x26, x25, [sp, #-64]!
+ stp x24, x23, [sp, #16]
+ stp x22, x21, [sp, #32]
+ stp x20, x19, [sp, #48]
+ ldur x13, [x2, #-8]
+ ldp x9, x8, [x2, #24]
+ ldp x11, x10, [x2, #8]
+ ldr x12, [x2]
+ ldp x15, x16, [x1, #64]
+ ldp x17, x18, [x1, #48]
+ ldp x2, x3, [x1, #32]
+ ldp x4, x5, [x1, #16]
+ ldp x14, x1, [x1]
+ mul x6, x14, x13
+ umulh x7, x6, x8
+ mul x19, x6, x8
+ umulh x20, x6, x9
+ mul x21, x6, x9
+ umulh x22, x6, x10
+ mul x23, x6, x10
+ umulh x24, x6, x11
+ mul x25, x6, x11
+ umulh x26, x6, x12
+ mul x6, x6, x12
+ adds x25, x26, x25
+ adcs x23, x24, x23
+ adcs x21, x22, x21
+ adcs x19, x20, x19
+ adcs x7, x7, xzr
+ cmn x14, x6
+ adcs x14, x1, x25
+ adcs x1, x4, x23
+ mul x4, x14, x13
+ adcs x5, x5, x21
+ umulh x6, x4, x8
+ mul x20, x4, x8
+ umulh x21, x4, x9
+ mul x22, x4, x9
+ umulh x23, x4, x10
+ mul x24, x4, x10
+ umulh x25, x4, x11
+ mul x26, x4, x11
+ adcs x2, x2, x19
+ umulh x19, x4, x12
+ mul x4, x4, x12
+ adcs x3, x3, x7
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x15, x15, xzr
+ adcs x16, x16, xzr
+ adcs x7, xzr, xzr
+ adds x19, x19, x26
+ adcs x24, x25, x24
+ adcs x22, x23, x22
+ adcs x20, x21, x20
+ adcs x6, x6, xzr
+ cmn x4, x14
+ adcs x14, x19, x1
+ adcs x1, x24, x5
+ mul x4, x14, x13
+ adcs x2, x22, x2
+ umulh x5, x4, x8
+ mul x19, x4, x8
+ umulh x21, x4, x9
+ mul x22, x4, x9
+ umulh x23, x4, x10
+ mul x24, x4, x10
+ umulh x25, x4, x11
+ mul x26, x4, x11
+ adcs x3, x20, x3
+ umulh x20, x4, x12
+ mul x4, x4, x12
+ adcs x17, x6, x17
+ adcs x18, x18, xzr
+ adcs x15, x15, xzr
+ adcs x16, x16, xzr
+ adcs x6, x7, xzr
+ adds x7, x20, x26
+ adcs x20, x25, x24
+ adcs x22, x23, x22
+ adcs x19, x21, x19
+ adcs x5, x5, xzr
+ cmn x4, x14
+ adcs x14, x7, x1
+ adcs x1, x20, x2
+ mul x2, x14, x13
+ adcs x3, x22, x3
+ umulh x4, x2, x8
+ mul x7, x2, x8
+ umulh x20, x2, x9
+ mul x21, x2, x9
+ umulh x22, x2, x10
+ mul x23, x2, x10
+ umulh x24, x2, x11
+ mul x25, x2, x11
+ umulh x26, x2, x12
+ mul x2, x2, x12
+ adcs x17, x19, x17
+ adcs x18, x5, x18
+ adcs x15, x15, xzr
+ adcs x16, x16, xzr
+ adcs x5, x6, xzr
+ adds x6, x26, x25
+ adcs x19, x24, x23
+ adcs x21, x22, x21
+ adcs x7, x20, x7
+ adcs x4, x4, xzr
+ cmn x2, x14
+ adcs x14, x6, x1
+ adcs x1, x19, x3
+ mul x13, x14, x13
+ adcs x17, x21, x17
+ umulh x2, x13, x8
+ mul x3, x13, x8
+ umulh x6, x13, x9
+ mul x19, x13, x9
+ umulh x20, x13, x10
+ mul x21, x13, x10
+ umulh x22, x13, x11
+ mul x23, x13, x11
+ umulh x24, x13, x12
+ mul x13, x13, x12
+ adcs x18, x7, x18
+ adcs x15, x4, x15
+ adcs x16, x16, xzr
+ adcs x4, x5, xzr
+ adds x5, x24, x23
+ adcs x7, x22, x21
+ adcs x19, x20, x19
+ adcs x3, x6, x3
+ adcs x2, x2, xzr
+ cmn x13, x14
+ adcs x13, x5, x1
+ adcs x14, x7, x17
+ adcs x17, x19, x18
+ adcs x15, x3, x15
+ adcs x16, x2, x16
+ adcs x18, x4, xzr
+ subs x12, x13, x12
+ sbcs x11, x14, x11
+ sbcs x10, x17, x10
+ sbcs x9, x15, x9
+ sbcs x8, x16, x8
+ sbcs x18, x18, xzr
+ tst x18, #0x1
+ csel x12, x13, x12, ne
+ csel x11, x14, x11, ne
+ csel x10, x17, x10, ne
+ csel x9, x15, x9, ne
+ csel x8, x16, x8, ne
+ stp x12, x11, [x0]
+ stp x10, x9, [x0, #16]
+ str x8, [x0, #32]
+ ldp x20, x19, [sp, #48]
+ ldp x22, x21, [sp, #32]
+ ldp x24, x23, [sp, #16]
+ ldp x26, x25, [sp], #64
+ ret
+.Lfunc_end70:
+ .size mcl_fp_montRed5L, .Lfunc_end70-mcl_fp_montRed5L
+
+ .globl mcl_fp_addPre5L
+ .align 2
+ .type mcl_fp_addPre5L,@function
+mcl_fp_addPre5L: // @mcl_fp_addPre5L
+// BB#0:
+ ldp x11, x8, [x2, #24]
+ ldp x17, x9, [x1, #24]
+ ldp x13, x10, [x2, #8]
+ ldr x12, [x2]
+ ldp x14, x15, [x1]
+ ldr x16, [x1, #16]
+ adds x12, x12, x14
+ str x12, [x0]
+ adcs x12, x13, x15
+ adcs x10, x10, x16
+ stp x12, x10, [x0, #8]
+ adcs x10, x11, x17
+ adcs x9, x8, x9
+ adcs x8, xzr, xzr
+ stp x10, x9, [x0, #24]
+ mov x0, x8
+ ret
+.Lfunc_end71:
+ .size mcl_fp_addPre5L, .Lfunc_end71-mcl_fp_addPre5L
+
+ .globl mcl_fp_subPre5L
+ .align 2
+ .type mcl_fp_subPre5L,@function
+mcl_fp_subPre5L: // @mcl_fp_subPre5L
+// BB#0:
+ ldp x11, x8, [x2, #24]
+ ldp x17, x9, [x1, #24]
+ ldp x13, x10, [x2, #8]
+ ldr x12, [x2]
+ ldp x14, x15, [x1]
+ ldr x16, [x1, #16]
+ subs x12, x14, x12
+ str x12, [x0]
+ sbcs x12, x15, x13
+ sbcs x10, x16, x10
+ stp x12, x10, [x0, #8]
+ sbcs x10, x17, x11
+ sbcs x9, x9, x8
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ stp x10, x9, [x0, #24]
+ mov x0, x8
+ ret
+.Lfunc_end72:
+ .size mcl_fp_subPre5L, .Lfunc_end72-mcl_fp_subPre5L
+
+ .globl mcl_fp_shr1_5L
+ .align 2
+ .type mcl_fp_shr1_5L,@function
+mcl_fp_shr1_5L: // @mcl_fp_shr1_5L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #16]
+ ldr x12, [x1, #32]
+ extr x8, x9, x8, #1
+ extr x9, x10, x9, #1
+ extr x10, x11, x10, #1
+ extr x11, x12, x11, #1
+ lsr x12, x12, #1
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ str x12, [x0, #32]
+ ret
+.Lfunc_end73:
+ .size mcl_fp_shr1_5L, .Lfunc_end73-mcl_fp_shr1_5L
+
+ .globl mcl_fp_add5L
+ .align 2
+ .type mcl_fp_add5L,@function
+mcl_fp_add5L: // @mcl_fp_add5L
+// BB#0:
+ ldp x11, x8, [x2, #24]
+ ldp x17, x9, [x1, #24]
+ ldp x13, x10, [x2, #8]
+ ldr x12, [x2]
+ ldp x14, x15, [x1]
+ ldr x16, [x1, #16]
+ adds x12, x12, x14
+ ldr x14, [x3, #32]
+ adcs x13, x13, x15
+ adcs x10, x10, x16
+ ldp x15, x16, [x3]
+ stp x12, x13, [x0]
+ adcs x17, x11, x17
+ stp x10, x17, [x0, #16]
+ adcs x8, x8, x9
+ str x8, [x0, #32]
+ adcs x18, xzr, xzr
+ ldp x9, x1, [x3, #16]
+ subs x12, x12, x15
+ sbcs x11, x13, x16
+ sbcs x10, x10, x9
+ sbcs x9, x17, x1
+ sbcs x8, x8, x14
+ sbcs x13, x18, xzr
+ and w13, w13, #0x1
+ tbnz w13, #0, .LBB74_2
+// BB#1: // %nocarry
+ stp x12, x11, [x0]
+ stp x10, x9, [x0, #16]
+ str x8, [x0, #32]
+.LBB74_2: // %carry
+ ret
+.Lfunc_end74:
+ .size mcl_fp_add5L, .Lfunc_end74-mcl_fp_add5L
+
+ .globl mcl_fp_addNF5L
+ .align 2
+ .type mcl_fp_addNF5L,@function
+mcl_fp_addNF5L: // @mcl_fp_addNF5L
+// BB#0:
+ ldp x11, x8, [x1, #24]
+ ldp x17, x9, [x2, #24]
+ ldp x13, x10, [x1, #8]
+ ldr x12, [x1]
+ ldp x14, x15, [x2]
+ ldr x16, [x2, #16]
+ adds x12, x14, x12
+ ldp x18, x14, [x3, #24]
+ adcs x13, x15, x13
+ adcs x10, x16, x10
+ ldp x15, x16, [x3]
+ adcs x11, x17, x11
+ ldr x17, [x3, #16]
+ adcs x8, x9, x8
+ subs x9, x12, x15
+ sbcs x15, x13, x16
+ sbcs x16, x10, x17
+ sbcs x17, x11, x18
+ sbcs x14, x8, x14
+ asr x18, x14, #63
+ cmp x18, #0 // =0
+ csel x9, x12, x9, lt
+ csel x12, x13, x15, lt
+ csel x10, x10, x16, lt
+ csel x11, x11, x17, lt
+ csel x8, x8, x14, lt
+ stp x9, x12, [x0]
+ stp x10, x11, [x0, #16]
+ str x8, [x0, #32]
+ ret
+.Lfunc_end75:
+ .size mcl_fp_addNF5L, .Lfunc_end75-mcl_fp_addNF5L
+
+ .globl mcl_fp_sub5L
+ .align 2
+ .type mcl_fp_sub5L,@function
+mcl_fp_sub5L: // @mcl_fp_sub5L
+// BB#0:
+ ldp x11, x12, [x2, #24]
+ ldp x17, x13, [x1, #24]
+ ldp x9, x10, [x2, #8]
+ ldr x8, [x2]
+ ldp x14, x15, [x1]
+ ldr x16, [x1, #16]
+ subs x8, x14, x8
+ sbcs x9, x15, x9
+ stp x8, x9, [x0]
+ sbcs x10, x16, x10
+ sbcs x11, x17, x11
+ stp x10, x11, [x0, #16]
+ sbcs x12, x13, x12
+ str x12, [x0, #32]
+ ngcs x13, xzr
+ and w13, w13, #0x1
+ tbnz w13, #0, .LBB76_2
+// BB#1: // %nocarry
+ ret
+.LBB76_2: // %carry
+ ldp x17, x13, [x3, #24]
+ ldp x14, x15, [x3]
+ ldr x16, [x3, #16]
+ adds x8, x14, x8
+ adcs x9, x15, x9
+ adcs x10, x16, x10
+ adcs x11, x17, x11
+ adcs x12, x13, x12
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ str x12, [x0, #32]
+ ret
+.Lfunc_end76:
+ .size mcl_fp_sub5L, .Lfunc_end76-mcl_fp_sub5L
+
+ .globl mcl_fp_subNF5L
+ .align 2
+ .type mcl_fp_subNF5L,@function
+mcl_fp_subNF5L: // @mcl_fp_subNF5L
+// BB#0:
+ ldp x11, x8, [x2, #24]
+ ldp x17, x9, [x1, #24]
+ ldp x13, x10, [x2, #8]
+ ldr x12, [x2]
+ ldp x14, x15, [x1]
+ ldr x16, [x1, #16]
+ subs x12, x14, x12
+ sbcs x13, x15, x13
+ ldp x1, x14, [x3, #8]
+ ldp x15, x18, [x3, #24]
+ sbcs x10, x16, x10
+ ldr x16, [x3]
+ sbcs x11, x17, x11
+ sbcs x8, x9, x8
+ asr x9, x8, #63
+ extr x17, x9, x8, #63
+ and x16, x17, x16
+ and x14, x14, x9, ror #63
+ and x15, x9, x15
+ and x17, x9, x18
+ ror x9, x9, #63
+ and x9, x9, x1
+ adds x12, x16, x12
+ adcs x9, x9, x13
+ stp x12, x9, [x0]
+ adcs x9, x14, x10
+ str x9, [x0, #16]
+ adcs x9, x15, x11
+ adcs x8, x17, x8
+ stp x9, x8, [x0, #24]
+ ret
+.Lfunc_end77:
+ .size mcl_fp_subNF5L, .Lfunc_end77-mcl_fp_subNF5L
+
+ .globl mcl_fpDbl_add5L
+ .align 2
+ .type mcl_fpDbl_add5L,@function
+mcl_fpDbl_add5L: // @mcl_fpDbl_add5L
+// BB#0:
+ stp x22, x21, [sp, #-32]!
+ stp x20, x19, [sp, #16]
+ ldp x8, x9, [x2, #64]
+ ldp x10, x11, [x1, #64]
+ ldp x12, x13, [x2, #48]
+ ldp x14, x15, [x1, #48]
+ ldp x16, x17, [x2, #32]
+ ldp x18, x4, [x1, #32]
+ ldp x5, x6, [x2, #16]
+ ldp x19, x2, [x2]
+ ldp x20, x21, [x1, #16]
+ ldp x7, x1, [x1]
+ adds x7, x19, x7
+ ldr x19, [x3, #32]
+ str x7, [x0]
+ adcs x1, x2, x1
+ ldp x2, x7, [x3, #16]
+ str x1, [x0, #8]
+ ldp x1, x3, [x3]
+ adcs x5, x5, x20
+ str x5, [x0, #16]
+ adcs x5, x6, x21
+ adcs x16, x16, x18
+ stp x5, x16, [x0, #24]
+ adcs x16, x17, x4
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ adcs x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, xzr, xzr
+ subs x11, x16, x1
+ sbcs x14, x12, x3
+ sbcs x15, x13, x2
+ sbcs x17, x8, x7
+ sbcs x18, x9, x19
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x10, x16, x11, ne
+ csel x11, x12, x14, ne
+ csel x12, x13, x15, ne
+ csel x8, x8, x17, ne
+ csel x9, x9, x18, ne
+ stp x10, x11, [x0, #40]
+ stp x12, x8, [x0, #56]
+ str x9, [x0, #72]
+ ldp x20, x19, [sp, #16]
+ ldp x22, x21, [sp], #32
+ ret
+.Lfunc_end78:
+ .size mcl_fpDbl_add5L, .Lfunc_end78-mcl_fpDbl_add5L
+
+ .globl mcl_fpDbl_sub5L
+ .align 2
+ .type mcl_fpDbl_sub5L,@function
+mcl_fpDbl_sub5L: // @mcl_fpDbl_sub5L
+// BB#0:
+ stp x22, x21, [sp, #-32]!
+ stp x20, x19, [sp, #16]
+ ldp x8, x9, [x2, #64]
+ ldp x10, x11, [x1, #64]
+ ldp x12, x13, [x2, #48]
+ ldp x14, x15, [x1, #48]
+ ldp x16, x17, [x2, #32]
+ ldp x18, x4, [x1, #32]
+ ldp x5, x6, [x2, #16]
+ ldp x7, x2, [x2]
+ ldp x20, x21, [x1, #16]
+ ldp x19, x1, [x1]
+ subs x7, x19, x7
+ ldr x19, [x3, #32]
+ str x7, [x0]
+ sbcs x1, x1, x2
+ ldp x2, x7, [x3, #16]
+ str x1, [x0, #8]
+ ldp x1, x3, [x3]
+ sbcs x5, x20, x5
+ str x5, [x0, #16]
+ sbcs x5, x21, x6
+ sbcs x16, x18, x16
+ stp x5, x16, [x0, #24]
+ sbcs x16, x4, x17
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ sbcs x8, x10, x8
+ sbcs x9, x11, x9
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x19, xzr, ne
+ csel x11, x7, xzr, ne
+ csel x14, x2, xzr, ne
+ csel x15, x3, xzr, ne
+ csel x17, x1, xzr, ne
+ adds x16, x17, x16
+ adcs x12, x15, x12
+ stp x16, x12, [x0, #40]
+ adcs x12, x14, x13
+ adcs x8, x11, x8
+ stp x12, x8, [x0, #56]
+ adcs x8, x10, x9
+ str x8, [x0, #72]
+ ldp x20, x19, [sp, #16]
+ ldp x22, x21, [sp], #32
+ ret
+.Lfunc_end79:
+ .size mcl_fpDbl_sub5L, .Lfunc_end79-mcl_fpDbl_sub5L
+
+ .globl mcl_fp_mulUnitPre6L
+ .align 2
+ .type mcl_fp_mulUnitPre6L,@function
+mcl_fp_mulUnitPre6L: // @mcl_fp_mulUnitPre6L
+// BB#0:
+ ldp x8, x9, [x1, #32]
+ ldp x10, x11, [x1]
+ ldp x12, x13, [x1, #16]
+ mul x14, x10, x2
+ mul x15, x11, x2
+ umulh x10, x10, x2
+ mul x16, x12, x2
+ umulh x11, x11, x2
+ mul x17, x13, x2
+ umulh x12, x12, x2
+ mul x18, x8, x2
+ umulh x13, x13, x2
+ mul x1, x9, x2
+ umulh x8, x8, x2
+ umulh x9, x9, x2
+ adds x10, x10, x15
+ stp x14, x10, [x0]
+ adcs x10, x11, x16
+ str x10, [x0, #16]
+ adcs x10, x12, x17
+ str x10, [x0, #24]
+ adcs x10, x13, x18
+ adcs x8, x8, x1
+ stp x10, x8, [x0, #32]
+ adcs x8, x9, xzr
+ str x8, [x0, #48]
+ ret
+.Lfunc_end80:
+ .size mcl_fp_mulUnitPre6L, .Lfunc_end80-mcl_fp_mulUnitPre6L
+
+ .globl mcl_fpDbl_mulPre6L
+ .align 2
+ .type mcl_fpDbl_mulPre6L,@function
+mcl_fpDbl_mulPre6L: // @mcl_fpDbl_mulPre6L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #400 // =400
+ ldp x8, x9, [x1]
+ ldp x11, x13, [x1]
+ ldp x10, x17, [x1, #16]
+ ldp x12, x14, [x1, #32]
+ ldp x15, x16, [x2]
+ ldr x3, [x1, #32]
+ mul x30, x8, x15
+ umulh x18, x14, x15
+ str x18, [sp, #392] // 8-byte Folded Spill
+ mul x18, x14, x15
+ str x18, [sp, #384] // 8-byte Folded Spill
+ umulh x18, x12, x15
+ str x18, [sp, #376] // 8-byte Folded Spill
+ mul x18, x12, x15
+ str x18, [sp, #360] // 8-byte Folded Spill
+ umulh x18, x17, x15
+ str x18, [sp, #336] // 8-byte Folded Spill
+ mul x18, x17, x15
+ str x18, [sp, #312] // 8-byte Folded Spill
+ umulh x18, x10, x15
+ str x18, [sp, #304] // 8-byte Folded Spill
+ mul x18, x10, x15
+ str x18, [sp, #272] // 8-byte Folded Spill
+ umulh x18, x9, x15
+ str x18, [sp, #248] // 8-byte Folded Spill
+ mul x18, x9, x15
+ umulh x15, x8, x15
+ stp x15, x18, [sp, #216]
+ mul x15, x8, x16
+ str x15, [sp, #280] // 8-byte Folded Spill
+ mul x15, x14, x16
+ str x15, [sp, #352] // 8-byte Folded Spill
+ mul x15, x12, x16
+ str x15, [sp, #328] // 8-byte Folded Spill
+ mul x15, x17, x16
+ str x15, [sp, #296] // 8-byte Folded Spill
+ mul x15, x10, x16
+ str x15, [sp, #264] // 8-byte Folded Spill
+ mul x15, x9, x16
+ umulh x14, x14, x16
+ str x14, [sp, #368] // 8-byte Folded Spill
+ umulh x12, x12, x16
+ str x12, [sp, #344] // 8-byte Folded Spill
+ umulh x12, x17, x16
+ str x12, [sp, #320] // 8-byte Folded Spill
+ umulh x10, x10, x16
+ str x10, [sp, #288] // 8-byte Folded Spill
+ umulh x9, x9, x16
+ str x9, [sp, #256] // 8-byte Folded Spill
+ umulh x8, x8, x16
+ stp x8, x15, [sp, #232]
+ ldp x12, x8, [x2, #16]
+ ldr x9, [x1, #40]
+ ldp x15, x10, [x1, #16]
+ mul x14, x11, x12
+ str x14, [sp, #144] // 8-byte Folded Spill
+ mul x14, x9, x12
+ str x14, [sp, #200] // 8-byte Folded Spill
+ mul x14, x3, x12
+ str x14, [sp, #176] // 8-byte Folded Spill
+ mul x14, x10, x12
+ str x14, [sp, #160] // 8-byte Folded Spill
+ mul x14, x15, x12
+ str x14, [sp, #128] // 8-byte Folded Spill
+ mul x14, x13, x12
+ str x14, [sp, #112] // 8-byte Folded Spill
+ umulh x14, x9, x12
+ str x14, [sp, #208] // 8-byte Folded Spill
+ umulh x14, x3, x12
+ str x14, [sp, #192] // 8-byte Folded Spill
+ umulh x14, x10, x12
+ str x14, [sp, #168] // 8-byte Folded Spill
+ umulh x14, x15, x12
+ str x14, [sp, #152] // 8-byte Folded Spill
+ umulh x14, x13, x12
+ str x14, [sp, #120] // 8-byte Folded Spill
+ umulh x12, x11, x12
+ str x12, [sp, #104] // 8-byte Folded Spill
+ mul x12, x9, x8
+ str x12, [sp, #184] // 8-byte Folded Spill
+ umulh x9, x9, x8
+ str x9, [sp, #136] // 8-byte Folded Spill
+ mul x9, x3, x8
+ str x9, [sp, #80] // 8-byte Folded Spill
+ umulh x9, x3, x8
+ str x9, [sp, #96] // 8-byte Folded Spill
+ mul x9, x10, x8
+ str x9, [sp, #64] // 8-byte Folded Spill
+ umulh x9, x10, x8
+ str x9, [sp, #88] // 8-byte Folded Spill
+ mul x9, x15, x8
+ str x9, [sp, #48] // 8-byte Folded Spill
+ umulh x9, x15, x8
+ str x9, [sp, #72] // 8-byte Folded Spill
+ mul x9, x13, x8
+ str x9, [sp, #32] // 8-byte Folded Spill
+ umulh x9, x13, x8
+ str x9, [sp, #56] // 8-byte Folded Spill
+ mul x9, x11, x8
+ str x9, [sp, #24] // 8-byte Folded Spill
+ umulh x8, x11, x8
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldp x12, x13, [x1, #32]
+ ldp x9, x10, [x1]
+ ldp x11, x1, [x1, #16]
+ ldp x8, x2, [x2, #32]
+ mul x22, x9, x8
+ mul x28, x13, x8
+ mul x27, x12, x8
+ mul x24, x1, x8
+ mul x20, x11, x8
+ mul x19, x10, x8
+ umulh x14, x13, x8
+ str x14, [sp, #16] // 8-byte Folded Spill
+ umulh x29, x12, x8
+ umulh x26, x1, x8
+ umulh x23, x11, x8
+ umulh x21, x10, x8
+ umulh x7, x9, x8
+ mul x25, x9, x2
+ umulh x6, x9, x2
+ mul x4, x10, x2
+ umulh x5, x10, x2
+ mul x18, x11, x2
+ umulh x3, x11, x2
+ mul x16, x1, x2
+ umulh x1, x1, x2
+ mul x15, x12, x2
+ umulh x17, x12, x2
+ mul x14, x13, x2
+ umulh x13, x13, x2
+ str x30, [x0]
+ ldp x9, x8, [sp, #216]
+ adds x2, x9, x8
+ ldp x8, x30, [sp, #272]
+ ldr x9, [sp, #248] // 8-byte Folded Reload
+ adcs x8, x9, x8
+ ldp x10, x9, [sp, #304]
+ adcs x9, x10, x9
+ ldr x10, [sp, #360] // 8-byte Folded Reload
+ ldr x11, [sp, #336] // 8-byte Folded Reload
+ adcs x10, x11, x10
+ ldp x12, x11, [sp, #376]
+ adcs x11, x12, x11
+ ldr x12, [sp, #392] // 8-byte Folded Reload
+ adcs x12, x12, xzr
+ adds x2, x30, x2
+ str x2, [x0, #8]
+ ldp x30, x2, [sp, #232]
+ adcs x8, x2, x8
+ ldr x2, [sp, #264] // 8-byte Folded Reload
+ adcs x9, x2, x9
+ ldr x2, [sp, #296] // 8-byte Folded Reload
+ adcs x10, x2, x10
+ ldr x2, [sp, #328] // 8-byte Folded Reload
+ adcs x11, x2, x11
+ ldr x2, [sp, #352] // 8-byte Folded Reload
+ adcs x12, x2, x12
+ adcs x2, xzr, xzr
+ adds x8, x8, x30
+ ldr x30, [sp, #256] // 8-byte Folded Reload
+ adcs x9, x9, x30
+ ldr x30, [sp, #288] // 8-byte Folded Reload
+ adcs x10, x10, x30
+ ldr x30, [sp, #320] // 8-byte Folded Reload
+ adcs x11, x11, x30
+ ldr x30, [sp, #344] // 8-byte Folded Reload
+ adcs x12, x12, x30
+ ldr x30, [sp, #368] // 8-byte Folded Reload
+ adcs x2, x2, x30
+ ldr x30, [sp, #144] // 8-byte Folded Reload
+ adds x8, x30, x8
+ str x8, [x0, #16]
+ ldp x30, x8, [sp, #104]
+ adcs x8, x8, x9
+ ldr x9, [sp, #128] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ ldr x10, [sp, #160] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #176] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #200] // 8-byte Folded Reload
+ adcs x12, x12, x2
+ adcs x2, xzr, xzr
+ adds x8, x8, x30
+ ldr x30, [sp, #120] // 8-byte Folded Reload
+ adcs x9, x9, x30
+ ldr x30, [sp, #152] // 8-byte Folded Reload
+ adcs x10, x10, x30
+ ldr x30, [sp, #168] // 8-byte Folded Reload
+ adcs x11, x11, x30
+ ldr x30, [sp, #192] // 8-byte Folded Reload
+ adcs x12, x12, x30
+ ldr x30, [sp, #208] // 8-byte Folded Reload
+ adcs x2, x2, x30
+ ldr x30, [sp, #24] // 8-byte Folded Reload
+ adds x8, x30, x8
+ str x8, [x0, #24]
+ ldp x8, x30, [sp, #32]
+ adcs x8, x8, x9
+ ldr x9, [sp, #48] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ ldr x10, [sp, #64] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #80] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #184] // 8-byte Folded Reload
+ adcs x12, x12, x2
+ adcs x2, xzr, xzr
+ adds x8, x8, x30
+ ldr x30, [sp, #56] // 8-byte Folded Reload
+ adcs x9, x9, x30
+ ldr x30, [sp, #72] // 8-byte Folded Reload
+ adcs x10, x10, x30
+ ldr x30, [sp, #88] // 8-byte Folded Reload
+ adcs x11, x11, x30
+ ldr x30, [sp, #96] // 8-byte Folded Reload
+ adcs x12, x12, x30
+ ldr x30, [sp, #136] // 8-byte Folded Reload
+ adcs x2, x2, x30
+ adds x8, x22, x8
+ str x8, [x0, #32]
+ adcs x8, x19, x9
+ adcs x9, x20, x10
+ adcs x10, x24, x11
+ adcs x11, x27, x12
+ adcs x12, x28, x2
+ adcs x2, xzr, xzr
+ adds x8, x8, x7
+ adcs x9, x9, x21
+ adcs x10, x10, x23
+ adcs x11, x11, x26
+ adcs x12, x12, x29
+ ldr x7, [sp, #16] // 8-byte Folded Reload
+ adcs x2, x2, x7
+ adds x8, x25, x8
+ str x8, [x0, #40]
+ adcs x8, x4, x9
+ adcs x9, x18, x10
+ adcs x10, x16, x11
+ adcs x11, x15, x12
+ adcs x12, x14, x2
+ adcs x14, xzr, xzr
+ adds x8, x8, x6
+ str x8, [x0, #48]
+ adcs x8, x9, x5
+ str x8, [x0, #56]
+ adcs x8, x10, x3
+ str x8, [x0, #64]
+ adcs x8, x11, x1
+ str x8, [x0, #72]
+ adcs x8, x12, x17
+ str x8, [x0, #80]
+ adcs x8, x14, x13
+ str x8, [x0, #88]
+ add sp, sp, #400 // =400
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end81:
+ .size mcl_fpDbl_mulPre6L, .Lfunc_end81-mcl_fpDbl_mulPre6L
+
+ .globl mcl_fpDbl_sqrPre6L
+ .align 2
+ .type mcl_fpDbl_sqrPre6L,@function
+mcl_fpDbl_sqrPre6L: // @mcl_fpDbl_sqrPre6L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x8, x9, [x1, #8]
+ ldp x15, x10, [x1, #32]
+ ldp x11, x13, [x1]
+ ldr x12, [x1]
+ ldp x17, x14, [x1, #32]
+ ldr x16, [x1, #24]
+ mul x18, x11, x11
+ umulh x2, x10, x11
+ mul x3, x15, x11
+ mul x4, x16, x11
+ umulh x5, x9, x11
+ mul x6, x9, x11
+ umulh x7, x8, x11
+ mul x19, x8, x11
+ str x18, [x0]
+ umulh x18, x11, x11
+ adds x18, x18, x19
+ adcs x6, x7, x6
+ adcs x4, x5, x4
+ umulh x5, x16, x11
+ adcs x3, x5, x3
+ mul x5, x10, x11
+ umulh x11, x15, x11
+ adcs x11, x11, x5
+ adcs x2, x2, xzr
+ adds x18, x19, x18
+ ldp x5, x19, [x1, #16]
+ str x18, [x0, #8]
+ mul x18, x8, x8
+ adcs x18, x18, x6
+ mul x6, x9, x8
+ adcs x4, x6, x4
+ mul x6, x16, x8
+ adcs x3, x6, x3
+ mul x6, x15, x8
+ adcs x11, x6, x11
+ mul x6, x10, x8
+ adcs x2, x6, x2
+ adcs x6, xzr, xzr
+ adds x18, x18, x7
+ ldr x7, [x1, #32]
+ umulh x10, x10, x8
+ umulh x15, x15, x8
+ umulh x16, x16, x8
+ umulh x9, x9, x8
+ umulh x8, x8, x8
+ adcs x8, x4, x8
+ adcs x9, x3, x9
+ ldp x3, x4, [x1]
+ adcs x11, x11, x16
+ mul x16, x12, x5
+ adcs x15, x2, x15
+ mul x2, x14, x5
+ adcs x10, x6, x10
+ mul x6, x7, x5
+ adds x16, x16, x18
+ mul x18, x19, x5
+ str x16, [x0, #16]
+ mul x16, x13, x5
+ adcs x8, x16, x8
+ mul x16, x5, x5
+ adcs x9, x16, x9
+ umulh x16, x7, x5
+ adcs x11, x18, x11
+ adcs x15, x6, x15
+ umulh x6, x12, x5
+ adcs x10, x2, x10
+ adcs x2, xzr, xzr
+ adds x8, x8, x6
+ umulh x6, x13, x5
+ adcs x9, x9, x6
+ umulh x6, x5, x5
+ adcs x11, x11, x6
+ umulh x6, x19, x5
+ adcs x15, x15, x6
+ adcs x10, x10, x16
+ umulh x5, x14, x5
+ adcs x2, x2, x5
+ mul x5, x12, x19
+ adds x8, x5, x8
+ ldp x16, x5, [x1, #16]
+ ldr x1, [x1, #40]
+ str x8, [x0, #24]
+ mul x8, x13, x19
+ adcs x8, x8, x9
+ mul x9, x14, x19
+ adcs x11, x18, x11
+ mul x18, x19, x19
+ adcs x15, x18, x15
+ mul x18, x7, x19
+ umulh x14, x14, x19
+ umulh x7, x7, x19
+ umulh x13, x13, x19
+ umulh x12, x12, x19
+ umulh x19, x19, x19
+ adcs x10, x18, x10
+ mul x18, x3, x17
+ adcs x9, x9, x2
+ adcs x2, xzr, xzr
+ adds x8, x8, x12
+ mul x12, x1, x17
+ adcs x11, x11, x13
+ mul x13, x5, x17
+ adcs x15, x15, x6
+ mul x6, x16, x17
+ adcs x10, x10, x19
+ mul x19, x4, x17
+ adcs x9, x9, x7
+ mul x7, x17, x17
+ adcs x14, x2, x14
+ umulh x2, x1, x17
+ adds x8, x18, x8
+ umulh x18, x5, x17
+ str x8, [x0, #32]
+ umulh x8, x16, x17
+ adcs x11, x19, x11
+ umulh x19, x4, x17
+ adcs x15, x6, x15
+ umulh x6, x3, x17
+ umulh x17, x17, x17
+ adcs x10, x13, x10
+ mul x13, x3, x1
+ adcs x9, x7, x9
+ adcs x14, x12, x14
+ adcs x7, xzr, xzr
+ adds x11, x11, x6
+ mul x6, x5, x1
+ adcs x15, x15, x19
+ mul x19, x16, x1
+ adcs x8, x10, x8
+ mul x10, x4, x1
+ adcs x9, x9, x18
+ mul x18, x1, x1
+ umulh x3, x3, x1
+ umulh x4, x4, x1
+ umulh x16, x16, x1
+ umulh x5, x5, x1
+ umulh x1, x1, x1
+ adcs x14, x14, x17
+ adcs x17, x7, x2
+ adds x11, x13, x11
+ str x11, [x0, #40]
+ adcs x10, x10, x15
+ adcs x8, x19, x8
+ adcs x9, x6, x9
+ adcs x11, x12, x14
+ adcs x12, x18, x17
+ adcs x13, xzr, xzr
+ adds x10, x10, x3
+ adcs x8, x8, x4
+ stp x10, x8, [x0, #48]
+ adcs x8, x9, x16
+ str x8, [x0, #64]
+ adcs x8, x11, x5
+ str x8, [x0, #72]
+ adcs x8, x12, x2
+ str x8, [x0, #80]
+ adcs x8, x13, x1
+ str x8, [x0, #88]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end82:
+ .size mcl_fpDbl_sqrPre6L, .Lfunc_end82-mcl_fpDbl_sqrPre6L
+
+ .globl mcl_fp_mont6L
+ .align 2
+ .type mcl_fp_mont6L,@function
+mcl_fp_mont6L: // @mcl_fp_mont6L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #48 // =48
+ str x0, [sp, #24] // 8-byte Folded Spill
+ ldr x5, [x2]
+ ldp x0, x4, [x1, #32]
+ ldp x16, x18, [x1, #16]
+ ldp x10, x1, [x1]
+ ldur x12, [x3, #-8]
+ str x12, [sp, #40] // 8-byte Folded Spill
+ ldp x11, x8, [x3, #32]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldp x13, x17, [x3, #16]
+ ldp x14, x15, [x3]
+ ldr x3, [x2, #8]
+ umulh x6, x4, x5
+ mul x7, x4, x5
+ umulh x19, x0, x5
+ mul x20, x0, x5
+ umulh x21, x18, x5
+ mul x22, x18, x5
+ umulh x23, x16, x5
+ mul x24, x16, x5
+ umulh x25, x1, x5
+ mul x26, x1, x5
+ umulh x27, x10, x5
+ mul x5, x10, x5
+ umulh x28, x3, x4
+ adds x26, x27, x26
+ mul x27, x5, x12
+ adcs x24, x25, x24
+ mul x25, x27, x8
+ mul x29, x27, x11
+ mul x30, x27, x17
+ adcs x22, x23, x22
+ mul x23, x27, x13
+ adcs x20, x21, x20
+ mul x21, x27, x15
+ adcs x7, x19, x7
+ umulh x19, x27, x14
+ adcs x6, x6, xzr
+ adds x19, x19, x21
+ umulh x21, x27, x15
+ adcs x21, x21, x23
+ umulh x23, x27, x13
+ adcs x23, x23, x30
+ umulh x30, x27, x17
+ adcs x29, x30, x29
+ umulh x30, x27, x11
+ adcs x25, x30, x25
+ umulh x30, x27, x8
+ mul x27, x27, x14
+ adcs x30, x30, xzr
+ cmn x27, x5
+ mul x5, x3, x4
+ umulh x27, x3, x0
+ adcs x19, x19, x26
+ mul x26, x3, x0
+ adcs x21, x21, x24
+ mul x24, x3, x18
+ adcs x22, x23, x22
+ mul x23, x3, x16
+ adcs x20, x29, x20
+ mul x29, x3, x1
+ adcs x7, x25, x7
+ umulh x25, x3, x10
+ adcs x30, x30, x6
+ adcs x6, xzr, xzr
+ adds x25, x25, x29
+ umulh x29, x3, x1
+ adcs x23, x29, x23
+ umulh x29, x3, x16
+ adcs x24, x29, x24
+ umulh x29, x3, x18
+ mul x3, x3, x10
+ adcs x26, x29, x26
+ adcs x27, x27, x5
+ adcs x29, x28, xzr
+ adds x3, x19, x3
+ adcs x5, x21, x25
+ mul x21, x3, x12
+ adcs x28, x22, x23
+ umulh x22, x21, x8
+ mul x23, x21, x8
+ mul x25, x21, x11
+ mul x9, x21, x17
+ adcs x19, x20, x24
+ mul x8, x21, x13
+ adcs x20, x7, x26
+ mul x24, x21, x15
+ adcs x30, x30, x27
+ umulh x26, x21, x14
+ adcs x6, x6, x29
+ adcs x7, xzr, xzr
+ adds x24, x26, x24
+ umulh x26, x21, x15
+ adcs x29, x26, x8
+ umulh x8, x21, x13
+ adcs x26, x8, x9
+ umulh x8, x21, x17
+ adcs x27, x8, x25
+ umulh x8, x21, x11
+ mul x9, x21, x14
+ adcs x8, x8, x23
+ adcs x21, x22, xzr
+ cmn x9, x3
+ ldp x23, x3, [x2, #16]
+ umulh x9, x23, x4
+ adcs x5, x24, x5
+ mul x22, x23, x4
+ adcs x24, x29, x28
+ mul x25, x23, x0
+ adcs x19, x26, x19
+ mul x26, x23, x18
+ adcs x20, x27, x20
+ mul x27, x23, x16
+ adcs x8, x8, x30
+ mul x28, x23, x1
+ adcs x21, x21, x6
+ umulh x6, x23, x10
+ adcs x7, x7, xzr
+ adds x6, x6, x28
+ umulh x28, x23, x1
+ adcs x27, x28, x27
+ umulh x28, x23, x16
+ adcs x26, x28, x26
+ umulh x28, x23, x18
+ adcs x25, x28, x25
+ umulh x28, x23, x0
+ mul x23, x23, x10
+ adcs x22, x28, x22
+ adcs x9, x9, xzr
+ adds x23, x5, x23
+ adcs x5, x24, x6
+ mul x29, x23, x12
+ adcs x6, x19, x27
+ ldr x12, [sp, #32] // 8-byte Folded Reload
+ mul x28, x29, x12
+ mul x27, x29, x11
+ mul x30, x29, x17
+ adcs x19, x20, x26
+ mul x26, x29, x13
+ adcs x20, x8, x25
+ mul x8, x29, x15
+ adcs x21, x21, x22
+ umulh x24, x29, x14
+ adcs x22, x7, x9
+ adcs x7, xzr, xzr
+ adds x24, x24, x8
+ umulh x8, x29, x15
+ adcs x25, x8, x26
+ umulh x8, x29, x13
+ adcs x26, x8, x30
+ umulh x8, x29, x17
+ adcs x27, x8, x27
+ umulh x8, x29, x11
+ adcs x28, x8, x28
+ umulh x8, x29, x12
+ mul x9, x29, x14
+ adcs x29, x8, xzr
+ cmn x9, x23
+ ldp x23, x8, [x2, #32]
+ umulh x30, x3, x4
+ adcs x2, x24, x5
+ mul x5, x3, x4
+ adcs x6, x25, x6
+ mul x24, x3, x0
+ adcs x19, x26, x19
+ mul x25, x3, x18
+ adcs x20, x27, x20
+ mul x26, x3, x16
+ adcs x21, x28, x21
+ mul x27, x3, x1
+ adcs x22, x29, x22
+ mov x9, x10
+ umulh x28, x3, x9
+ adcs x7, x7, xzr
+ adds x27, x28, x27
+ umulh x28, x3, x1
+ adcs x26, x28, x26
+ umulh x28, x3, x16
+ adcs x25, x28, x25
+ umulh x28, x3, x18
+ adcs x24, x28, x24
+ umulh x28, x3, x0
+ mul x3, x3, x9
+ adcs x5, x28, x5
+ adcs x29, x30, xzr
+ adds x2, x2, x3
+ adcs x3, x6, x27
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ mul x6, x2, x10
+ adcs x19, x19, x26
+ mul x26, x6, x12
+ mul x27, x6, x11
+ mov x30, x17
+ mul x28, x6, x30
+ adcs x20, x20, x25
+ mul x25, x6, x13
+ adcs x21, x21, x24
+ mov x17, x15
+ mul x24, x6, x17
+ adcs x5, x22, x5
+ umulh x22, x6, x14
+ adcs x29, x7, x29
+ adcs x7, xzr, xzr
+ adds x22, x22, x24
+ umulh x24, x6, x17
+ adcs x24, x24, x25
+ umulh x25, x6, x13
+ mov x15, x13
+ adcs x25, x25, x28
+ umulh x28, x6, x30
+ mov x13, x30
+ adcs x27, x28, x27
+ umulh x28, x6, x11
+ adcs x26, x28, x26
+ umulh x28, x6, x12
+ mul x6, x6, x14
+ adcs x28, x28, xzr
+ cmn x6, x2
+ umulh x2, x23, x4
+ mul x6, x23, x4
+ adcs x3, x22, x3
+ umulh x22, x23, x0
+ adcs x19, x24, x19
+ mul x24, x23, x0
+ adcs x20, x25, x20
+ mul x25, x23, x18
+ adcs x21, x27, x21
+ mul x27, x23, x16
+ adcs x5, x26, x5
+ mul x26, x23, x1
+ adcs x29, x28, x29
+ umulh x28, x23, x9
+ adcs x7, x7, xzr
+ adds x26, x28, x26
+ umulh x28, x23, x1
+ adcs x27, x28, x27
+ umulh x28, x23, x16
+ adcs x25, x28, x25
+ umulh x28, x23, x18
+ mul x23, x23, x9
+ adcs x24, x28, x24
+ umulh x28, x8, x4
+ str x28, [sp, #16] // 8-byte Folded Spill
+ mul x28, x8, x4
+ adcs x6, x22, x6
+ adcs x2, x2, xzr
+ adds x3, x3, x23
+ adcs x19, x19, x26
+ mul x22, x3, x10
+ adcs x20, x20, x27
+ mul x23, x22, x12
+ mul x26, x22, x11
+ mul x27, x22, x13
+ adcs x21, x21, x25
+ mul x25, x22, x15
+ adcs x5, x5, x24
+ mul x24, x22, x17
+ adcs x4, x29, x6
+ umulh x6, x22, x14
+ adcs x2, x7, x2
+ adcs x7, xzr, xzr
+ adds x6, x6, x24
+ umulh x24, x22, x17
+ adcs x24, x24, x25
+ umulh x25, x22, x15
+ adcs x25, x25, x27
+ umulh x27, x22, x13
+ adcs x26, x27, x26
+ umulh x27, x22, x11
+ adcs x23, x27, x23
+ umulh x27, x22, x12
+ mul x22, x22, x14
+ adcs x27, x27, xzr
+ cmn x22, x3
+ umulh x3, x8, x0
+ mul x0, x8, x0
+ umulh x22, x8, x18
+ mul x18, x8, x18
+ umulh x29, x8, x16
+ mul x16, x8, x16
+ umulh x30, x8, x1
+ mul x1, x8, x1
+ umulh x10, x8, x9
+ mul x8, x8, x9
+ adcs x6, x6, x19
+ adcs x19, x24, x20
+ adcs x20, x25, x21
+ adcs x5, x26, x5
+ adcs x9, x23, x4
+ str x9, [sp, #8] // 8-byte Folded Spill
+ adcs x2, x27, x2
+ adcs x7, x7, xzr
+ adds x9, x10, x1
+ adcs x16, x30, x16
+ adcs x18, x29, x18
+ adcs x0, x22, x0
+ adcs x1, x3, x28
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x3, x10, xzr
+ adds x8, x6, x8
+ adcs x9, x19, x9
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ mul x4, x8, x10
+ adcs x16, x20, x16
+ umulh x6, x4, x12
+ mul x19, x4, x12
+ mov x30, x11
+ umulh x20, x4, x30
+ mul x21, x4, x30
+ umulh x22, x4, x13
+ mul x23, x4, x13
+ mov x29, x13
+ umulh x24, x4, x15
+ mul x25, x4, x15
+ umulh x26, x4, x17
+ mul x27, x4, x17
+ umulh x28, x4, x14
+ mul x4, x4, x14
+ adcs x18, x5, x18
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x10, x10, x0
+ adcs x0, x2, x1
+ adcs x1, x7, x3
+ adcs x2, xzr, xzr
+ adds x3, x28, x27
+ adcs x5, x26, x25
+ adcs x7, x24, x23
+ adcs x21, x22, x21
+ adcs x19, x20, x19
+ adcs x6, x6, xzr
+ cmn x4, x8
+ adcs x8, x3, x9
+ adcs x9, x5, x16
+ adcs x16, x7, x18
+ adcs x10, x21, x10
+ adcs x18, x19, x0
+ adcs x0, x6, x1
+ adcs x1, x2, xzr
+ subs x13, x8, x14
+ sbcs x12, x9, x17
+ sbcs x11, x16, x15
+ sbcs x14, x10, x29
+ sbcs x15, x18, x30
+ ldr x17, [sp, #32] // 8-byte Folded Reload
+ sbcs x17, x0, x17
+ sbcs x1, x1, xzr
+ tst x1, #0x1
+ csel x8, x8, x13, ne
+ csel x9, x9, x12, ne
+ csel x11, x16, x11, ne
+ csel x10, x10, x14, ne
+ csel x12, x18, x15, ne
+ csel x13, x0, x17, ne
+ ldr x14, [sp, #24] // 8-byte Folded Reload
+ stp x8, x9, [x14]
+ stp x11, x10, [x14, #16]
+ stp x12, x13, [x14, #32]
+ add sp, sp, #48 // =48
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end83:
+ .size mcl_fp_mont6L, .Lfunc_end83-mcl_fp_mont6L
+
+ .globl mcl_fp_montNF6L
+ .align 2
+ .type mcl_fp_montNF6L,@function
+mcl_fp_montNF6L: // @mcl_fp_montNF6L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #112 // =112
+ str x0, [sp, #96] // 8-byte Folded Spill
+ ldp x16, x12, [x1, #32]
+ ldp x13, x11, [x1, #16]
+ ldp x17, x0, [x1]
+ ldur x18, [x3, #-8]
+ ldr x9, [x3, #32]
+ str x9, [sp, #104] // 8-byte Folded Spill
+ ldr x14, [x3, #40]
+ ldp x4, x10, [x3, #16]
+ ldr x15, [x3]
+ str x15, [sp, #8] // 8-byte Folded Spill
+ ldr x9, [x3, #8]
+ ldp x5, x3, [x2]
+ ldp x6, x7, [x2, #16]
+ ldp x19, x2, [x2, #32]
+ umulh x20, x12, x5
+ mul x21, x12, x5
+ umulh x22, x16, x5
+ mul x23, x16, x5
+ umulh x24, x11, x5
+ mul x25, x11, x5
+ mov x1, x13
+ umulh x26, x1, x5
+ mul x27, x1, x5
+ mov x13, x0
+ umulh x28, x13, x5
+ mul x29, x13, x5
+ mov x8, x17
+ umulh x30, x8, x5
+ mul x5, x8, x5
+ adds x29, x30, x29
+ mul x30, x3, x12
+ adcs x27, x28, x27
+ mul x28, x3, x16
+ adcs x25, x26, x25
+ mul x26, x3, x11
+ adcs x23, x24, x23
+ mul x24, x5, x18
+ adcs x21, x22, x21
+ mul x22, x24, x15
+ adcs x20, x20, xzr
+ cmn x22, x5
+ mul x5, x3, x1
+ mov x0, x9
+ mul x22, x24, x0
+ adcs x22, x22, x29
+ mul x29, x24, x4
+ adcs x17, x29, x27
+ mul x29, x24, x10
+ adcs x25, x29, x25
+ ldr x9, [sp, #104] // 8-byte Folded Reload
+ mul x29, x24, x9
+ adcs x23, x29, x23
+ mul x29, x24, x14
+ adcs x21, x29, x21
+ umulh x29, x24, x15
+ adcs x20, x20, xzr
+ adds x22, x22, x29
+ umulh x29, x24, x0
+ adcs x15, x17, x29
+ umulh x29, x24, x4
+ mov x17, x4
+ adcs x25, x25, x29
+ umulh x29, x24, x10
+ adcs x23, x23, x29
+ umulh x29, x24, x9
+ adcs x21, x21, x29
+ mul x29, x3, x13
+ umulh x24, x24, x14
+ adcs x20, x20, x24
+ umulh x24, x3, x8
+ adds x24, x24, x29
+ umulh x29, x3, x13
+ adcs x5, x29, x5
+ umulh x29, x3, x1
+ adcs x26, x29, x26
+ umulh x29, x3, x11
+ adcs x28, x29, x28
+ umulh x29, x3, x16
+ adcs x29, x29, x30
+ umulh x30, x3, x12
+ mul x3, x3, x8
+ adcs x30, x30, xzr
+ adds x3, x3, x22
+ umulh x22, x6, x12
+ adcs x24, x24, x15
+ mul x27, x6, x12
+ adcs x5, x5, x25
+ mul x25, x6, x16
+ adcs x23, x26, x23
+ mul x26, x6, x11
+ adcs x21, x28, x21
+ mul x28, x3, x18
+ mov x4, x18
+ adcs x20, x29, x20
+ ldr x18, [sp, #8] // 8-byte Folded Reload
+ mul x29, x28, x18
+ adcs x30, x30, xzr
+ cmn x29, x3
+ mul x3, x6, x1
+ mul x29, x28, x0
+ adcs x24, x29, x24
+ mul x29, x28, x17
+ adcs x5, x29, x5
+ mul x29, x28, x10
+ adcs x23, x29, x23
+ mul x29, x28, x9
+ adcs x21, x29, x21
+ mul x29, x28, x14
+ adcs x20, x29, x20
+ umulh x29, x28, x18
+ adcs x30, x30, xzr
+ adds x24, x24, x29
+ umulh x29, x28, x0
+ adcs x5, x5, x29
+ umulh x29, x28, x17
+ adcs x23, x23, x29
+ umulh x29, x28, x10
+ adcs x21, x21, x29
+ umulh x29, x28, x9
+ adcs x20, x20, x29
+ mul x29, x6, x13
+ umulh x28, x28, x14
+ adcs x28, x30, x28
+ umulh x30, x6, x8
+ adds x29, x30, x29
+ umulh x30, x6, x13
+ adcs x3, x30, x3
+ umulh x30, x6, x1
+ adcs x26, x30, x26
+ umulh x30, x6, x11
+ adcs x25, x30, x25
+ umulh x30, x6, x16
+ mul x6, x6, x8
+ adcs x27, x30, x27
+ umulh x30, x7, x12
+ adcs x22, x22, xzr
+ adds x6, x6, x24
+ mul x24, x7, x12
+ adcs x5, x29, x5
+ umulh x29, x7, x16
+ adcs x3, x3, x23
+ mul x23, x7, x16
+ adcs x21, x26, x21
+ mul x26, x7, x11
+ adcs x20, x25, x20
+ mul x25, x6, x4
+ adcs x27, x27, x28
+ mul x28, x25, x18
+ adcs x22, x22, xzr
+ cmn x28, x6
+ mul x6, x7, x1
+ mul x28, x25, x0
+ adcs x5, x28, x5
+ mul x28, x25, x17
+ adcs x3, x28, x3
+ mul x28, x25, x10
+ adcs x21, x28, x21
+ mul x28, x25, x9
+ adcs x20, x28, x20
+ mul x28, x25, x14
+ adcs x27, x28, x27
+ umulh x28, x25, x18
+ adcs x22, x22, xzr
+ adds x5, x5, x28
+ umulh x28, x25, x0
+ adcs x3, x3, x28
+ umulh x28, x25, x17
+ adcs x21, x21, x28
+ umulh x28, x25, x10
+ adcs x20, x20, x28
+ umulh x28, x25, x9
+ adcs x27, x27, x28
+ mul x28, x7, x13
+ umulh x25, x25, x14
+ adcs x22, x22, x25
+ umulh x25, x7, x8
+ adds x25, x25, x28
+ umulh x28, x7, x13
+ adcs x6, x28, x6
+ umulh x28, x7, x1
+ adcs x26, x28, x26
+ umulh x28, x7, x11
+ mul x7, x7, x8
+ adcs x23, x28, x23
+ umulh x9, x19, x12
+ str x9, [sp, #16] // 8-byte Folded Spill
+ adcs x24, x29, x24
+ mul x9, x19, x12
+ str x9, [sp, #32] // 8-byte Folded Spill
+ adcs x30, x30, xzr
+ adds x5, x7, x5
+ umulh x7, x19, x16
+ adcs x3, x25, x3
+ mul x25, x19, x16
+ adcs x6, x6, x21
+ umulh x21, x19, x11
+ adcs x20, x26, x20
+ mul x26, x19, x11
+ adcs x23, x23, x27
+ mul x27, x5, x4
+ adcs x22, x24, x22
+ mul x24, x27, x18
+ adcs x30, x30, xzr
+ cmn x24, x5
+ mov x28, x1
+ mul x5, x19, x28
+ mul x24, x19, x13
+ umulh x1, x19, x8
+ umulh x9, x19, x13
+ umulh x15, x19, x28
+ mul x19, x19, x8
+ umulh x29, x2, x12
+ str x29, [sp, #88] // 8-byte Folded Spill
+ mul x29, x2, x12
+ umulh x12, x2, x16
+ str x12, [sp, #80] // 8-byte Folded Spill
+ mul x12, x2, x16
+ str x12, [sp, #72] // 8-byte Folded Spill
+ umulh x12, x2, x11
+ mul x11, x2, x11
+ stp x11, x12, [sp, #56]
+ umulh x11, x2, x28
+ str x11, [sp, #48] // 8-byte Folded Spill
+ mul x11, x2, x28
+ str x11, [sp, #40] // 8-byte Folded Spill
+ umulh x11, x2, x13
+ str x11, [sp, #24] // 8-byte Folded Spill
+ mul x13, x2, x13
+ umulh x16, x2, x8
+ mul x28, x2, x8
+ mul x2, x27, x0
+ adcs x2, x2, x3
+ mul x3, x27, x17
+ adcs x3, x3, x6
+ mul x6, x27, x10
+ adcs x6, x6, x20
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ mul x20, x27, x8
+ adcs x20, x20, x23
+ mul x23, x27, x14
+ adcs x22, x23, x22
+ adcs x23, x30, xzr
+ umulh x30, x27, x18
+ adds x2, x2, x30
+ umulh x30, x27, x0
+ adcs x3, x3, x30
+ umulh x30, x27, x17
+ mov x12, x17
+ adcs x6, x6, x30
+ umulh x30, x27, x10
+ adcs x20, x20, x30
+ umulh x30, x27, x8
+ mov x11, x8
+ adcs x22, x22, x30
+ mov x30, x14
+ umulh x27, x27, x30
+ adcs x23, x23, x27
+ adds x8, x1, x24
+ adcs x9, x9, x5
+ adcs x14, x15, x26
+ adcs x5, x21, x25
+ ldr x15, [sp, #32] // 8-byte Folded Reload
+ adcs x7, x7, x15
+ ldr x15, [sp, #16] // 8-byte Folded Reload
+ adcs x21, x15, xzr
+ adds x2, x19, x2
+ adcs x8, x8, x3
+ adcs x9, x9, x6
+ mov x24, x4
+ mul x3, x2, x24
+ adcs x14, x14, x20
+ mul x6, x3, x30
+ adcs x5, x5, x22
+ mul x19, x3, x11
+ adcs x7, x7, x23
+ mul x20, x3, x18
+ adcs x21, x21, xzr
+ cmn x20, x2
+ mul x2, x3, x10
+ mul x20, x3, x0
+ adcs x8, x20, x8
+ mul x20, x3, x12
+ adcs x9, x20, x9
+ umulh x20, x3, x30
+ adcs x14, x2, x14
+ umulh x2, x3, x11
+ mov x27, x11
+ adcs x5, x19, x5
+ mov x11, x10
+ umulh x19, x3, x11
+ adcs x6, x6, x7
+ umulh x7, x3, x18
+ adcs x21, x21, xzr
+ adds x8, x8, x7
+ umulh x7, x3, x12
+ umulh x3, x3, x0
+ adcs x9, x9, x3
+ adcs x10, x14, x7
+ adcs x3, x5, x19
+ adcs x2, x6, x2
+ adcs x5, x21, x20
+ adds x15, x16, x13
+ ldr x13, [sp, #40] // 8-byte Folded Reload
+ ldr x14, [sp, #24] // 8-byte Folded Reload
+ adcs x16, x14, x13
+ ldp x14, x13, [sp, #48]
+ adcs x17, x14, x13
+ ldp x14, x13, [sp, #64]
+ adcs x1, x14, x13
+ ldr x13, [sp, #80] // 8-byte Folded Reload
+ adcs x4, x13, x29
+ ldr x13, [sp, #88] // 8-byte Folded Reload
+ adcs x6, x13, xzr
+ adds x8, x28, x8
+ adcs x9, x15, x9
+ mul x15, x8, x24
+ adcs x10, x16, x10
+ mul x16, x15, x30
+ mul x14, x15, x27
+ mul x7, x15, x11
+ mul x19, x15, x12
+ mul x20, x15, x0
+ mul x21, x15, x18
+ umulh x22, x15, x30
+ umulh x23, x15, x27
+ umulh x24, x15, x11
+ mov x28, x11
+ umulh x25, x15, x12
+ umulh x26, x15, x0
+ umulh x15, x15, x18
+ adcs x17, x17, x3
+ adcs x1, x1, x2
+ adcs x2, x4, x5
+ adcs x3, x6, xzr
+ cmn x21, x8
+ adcs x8, x20, x9
+ adcs x9, x19, x10
+ adcs x10, x7, x17
+ adcs x17, x14, x1
+ adcs x16, x16, x2
+ adcs x11, x3, xzr
+ adds x8, x8, x15
+ adcs x9, x9, x26
+ adcs x10, x10, x25
+ adcs x15, x17, x24
+ adcs x16, x16, x23
+ adcs x17, x11, x22
+ subs x3, x8, x18
+ sbcs x2, x9, x0
+ sbcs x11, x10, x12
+ sbcs x14, x15, x28
+ sbcs x18, x16, x27
+ sbcs x0, x17, x30
+ asr x1, x0, #63
+ cmp x1, #0 // =0
+ csel x8, x8, x3, lt
+ csel x9, x9, x2, lt
+ csel x10, x10, x11, lt
+ csel x11, x15, x14, lt
+ csel x12, x16, x18, lt
+ csel x13, x17, x0, lt
+ ldr x14, [sp, #96] // 8-byte Folded Reload
+ stp x8, x9, [x14]
+ stp x10, x11, [x14, #16]
+ stp x12, x13, [x14, #32]
+ add sp, sp, #112 // =112
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end84:
+ .size mcl_fp_montNF6L, .Lfunc_end84-mcl_fp_montNF6L
+
+ .globl mcl_fp_montRed6L
+ .align 2
+ .type mcl_fp_montRed6L,@function
+mcl_fp_montRed6L: // @mcl_fp_montRed6L
+// BB#0:
+ stp x26, x25, [sp, #-64]!
+ stp x24, x23, [sp, #16]
+ stp x22, x21, [sp, #32]
+ stp x20, x19, [sp, #48]
+ ldur x14, [x2, #-8]
+ ldp x9, x8, [x2, #32]
+ ldp x11, x10, [x2, #16]
+ ldp x13, x12, [x2]
+ ldp x16, x17, [x1, #80]
+ ldp x18, x2, [x1, #64]
+ ldp x3, x4, [x1, #48]
+ ldp x5, x6, [x1, #32]
+ ldp x7, x19, [x1, #16]
+ ldp x15, x1, [x1]
+ mul x20, x15, x14
+ mul x21, x20, x8
+ mul x22, x20, x9
+ mul x23, x20, x10
+ mul x24, x20, x11
+ mul x25, x20, x12
+ umulh x26, x20, x13
+ adds x25, x26, x25
+ umulh x26, x20, x12
+ adcs x24, x26, x24
+ umulh x26, x20, x11
+ adcs x23, x26, x23
+ umulh x26, x20, x10
+ adcs x22, x26, x22
+ umulh x26, x20, x9
+ adcs x21, x26, x21
+ umulh x26, x20, x8
+ mul x20, x20, x13
+ adcs x26, x26, xzr
+ cmn x15, x20
+ adcs x15, x1, x25
+ adcs x1, x7, x24
+ mul x7, x15, x14
+ adcs x19, x19, x23
+ mul x20, x7, x8
+ mul x23, x7, x9
+ mul x24, x7, x10
+ mul x25, x7, x11
+ adcs x5, x5, x22
+ mul x22, x7, x12
+ adcs x6, x6, x21
+ umulh x21, x7, x13
+ adcs x3, x3, x26
+ adcs x4, x4, xzr
+ adcs x18, x18, xzr
+ adcs x2, x2, xzr
+ adcs x16, x16, xzr
+ adcs x17, x17, xzr
+ adcs x26, xzr, xzr
+ adds x21, x21, x22
+ umulh x22, x7, x12
+ adcs x22, x22, x25
+ umulh x25, x7, x11
+ adcs x24, x25, x24
+ umulh x25, x7, x10
+ adcs x23, x25, x23
+ umulh x25, x7, x9
+ adcs x20, x25, x20
+ umulh x25, x7, x8
+ mul x7, x7, x13
+ adcs x25, x25, xzr
+ cmn x7, x15
+ adcs x15, x21, x1
+ adcs x1, x22, x19
+ mul x7, x15, x14
+ adcs x5, x24, x5
+ mul x19, x7, x8
+ mul x21, x7, x9
+ mul x22, x7, x10
+ adcs x6, x23, x6
+ mul x23, x7, x11
+ adcs x3, x20, x3
+ mul x20, x7, x12
+ adcs x4, x25, x4
+ umulh x24, x7, x13
+ adcs x18, x18, xzr
+ adcs x2, x2, xzr
+ adcs x16, x16, xzr
+ adcs x17, x17, xzr
+ adcs x25, x26, xzr
+ adds x20, x24, x20
+ umulh x24, x7, x12
+ adcs x23, x24, x23
+ umulh x24, x7, x11
+ adcs x22, x24, x22
+ umulh x24, x7, x10
+ adcs x21, x24, x21
+ umulh x24, x7, x9
+ adcs x19, x24, x19
+ umulh x24, x7, x8
+ mul x7, x7, x13
+ adcs x24, x24, xzr
+ cmn x7, x15
+ adcs x15, x20, x1
+ adcs x1, x23, x5
+ mul x5, x15, x14
+ adcs x6, x22, x6
+ mul x7, x5, x8
+ mul x20, x5, x9
+ mul x22, x5, x10
+ adcs x3, x21, x3
+ mul x21, x5, x11
+ adcs x4, x19, x4
+ mul x19, x5, x12
+ adcs x18, x24, x18
+ umulh x23, x5, x13
+ adcs x2, x2, xzr
+ adcs x16, x16, xzr
+ adcs x17, x17, xzr
+ adcs x24, x25, xzr
+ adds x19, x23, x19
+ umulh x23, x5, x12
+ adcs x21, x23, x21
+ umulh x23, x5, x11
+ adcs x22, x23, x22
+ umulh x23, x5, x10
+ adcs x20, x23, x20
+ umulh x23, x5, x9
+ adcs x7, x23, x7
+ umulh x23, x5, x8
+ mul x5, x5, x13
+ adcs x23, x23, xzr
+ cmn x5, x15
+ adcs x15, x19, x1
+ adcs x1, x21, x6
+ mul x5, x15, x14
+ adcs x3, x22, x3
+ mul x6, x5, x8
+ mul x19, x5, x9
+ mul x21, x5, x10
+ adcs x4, x20, x4
+ mul x20, x5, x11
+ adcs x18, x7, x18
+ mul x7, x5, x12
+ adcs x2, x23, x2
+ umulh x22, x5, x13
+ adcs x16, x16, xzr
+ adcs x17, x17, xzr
+ adcs x23, x24, xzr
+ adds x7, x22, x7
+ umulh x22, x5, x12
+ adcs x20, x22, x20
+ umulh x22, x5, x11
+ adcs x21, x22, x21
+ umulh x22, x5, x10
+ adcs x19, x22, x19
+ umulh x22, x5, x9
+ adcs x6, x22, x6
+ umulh x22, x5, x8
+ mul x5, x5, x13
+ adcs x22, x22, xzr
+ cmn x5, x15
+ adcs x15, x7, x1
+ adcs x1, x20, x3
+ mul x14, x15, x14
+ adcs x3, x21, x4
+ mul x4, x14, x8
+ mul x5, x14, x9
+ mul x7, x14, x10
+ adcs x18, x19, x18
+ mul x19, x14, x11
+ adcs x2, x6, x2
+ mul x6, x14, x12
+ adcs x16, x22, x16
+ umulh x20, x14, x13
+ adcs x17, x17, xzr
+ adcs x21, x23, xzr
+ adds x6, x20, x6
+ umulh x20, x14, x12
+ adcs x19, x20, x19
+ umulh x20, x14, x11
+ adcs x7, x20, x7
+ umulh x20, x14, x10
+ adcs x5, x20, x5
+ umulh x20, x14, x9
+ adcs x4, x20, x4
+ umulh x20, x14, x8
+ mul x14, x14, x13
+ adcs x20, x20, xzr
+ cmn x14, x15
+ adcs x14, x6, x1
+ adcs x15, x19, x3
+ adcs x18, x7, x18
+ adcs x1, x5, x2
+ adcs x16, x4, x16
+ adcs x17, x20, x17
+ adcs x2, x21, xzr
+ subs x13, x14, x13
+ sbcs x12, x15, x12
+ sbcs x11, x18, x11
+ sbcs x10, x1, x10
+ sbcs x9, x16, x9
+ sbcs x8, x17, x8
+ sbcs x2, x2, xzr
+ tst x2, #0x1
+ csel x13, x14, x13, ne
+ csel x12, x15, x12, ne
+ csel x11, x18, x11, ne
+ csel x10, x1, x10, ne
+ csel x9, x16, x9, ne
+ csel x8, x17, x8, ne
+ stp x13, x12, [x0]
+ stp x11, x10, [x0, #16]
+ stp x9, x8, [x0, #32]
+ ldp x20, x19, [sp, #48]
+ ldp x22, x21, [sp, #32]
+ ldp x24, x23, [sp, #16]
+ ldp x26, x25, [sp], #64
+ ret
+.Lfunc_end85:
+ .size mcl_fp_montRed6L, .Lfunc_end85-mcl_fp_montRed6L
+
+ .globl mcl_fp_addPre6L
+ .align 2
+ .type mcl_fp_addPre6L,@function
+mcl_fp_addPre6L: // @mcl_fp_addPre6L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x14, x15, [x2]
+ ldp x16, x17, [x1]
+ ldp x18, x1, [x1, #16]
+ adds x14, x14, x16
+ str x14, [x0]
+ adcs x14, x15, x17
+ adcs x12, x12, x18
+ stp x14, x12, [x0, #8]
+ adcs x12, x13, x1
+ adcs x8, x8, x10
+ stp x12, x8, [x0, #24]
+ adcs x9, x9, x11
+ adcs x8, xzr, xzr
+ str x9, [x0, #40]
+ mov x0, x8
+ ret
+.Lfunc_end86:
+ .size mcl_fp_addPre6L, .Lfunc_end86-mcl_fp_addPre6L
+
+ .globl mcl_fp_subPre6L
+ .align 2
+ .type mcl_fp_subPre6L,@function
+mcl_fp_subPre6L: // @mcl_fp_subPre6L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x14, x15, [x2]
+ ldp x16, x17, [x1]
+ ldp x18, x1, [x1, #16]
+ subs x14, x16, x14
+ str x14, [x0]
+ sbcs x14, x17, x15
+ sbcs x12, x18, x12
+ stp x14, x12, [x0, #8]
+ sbcs x12, x1, x13
+ sbcs x8, x10, x8
+ stp x12, x8, [x0, #24]
+ sbcs x9, x11, x9
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0, #40]
+ mov x0, x8
+ ret
+.Lfunc_end87:
+ .size mcl_fp_subPre6L, .Lfunc_end87-mcl_fp_subPre6L
+
+ .globl mcl_fp_shr1_6L
+ .align 2
+ .type mcl_fp_shr1_6L,@function
+mcl_fp_shr1_6L: // @mcl_fp_shr1_6L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #16]
+ ldp x12, x13, [x1, #32]
+ extr x8, x9, x8, #1
+ extr x9, x10, x9, #1
+ extr x10, x11, x10, #1
+ extr x11, x12, x11, #1
+ extr x12, x13, x12, #1
+ lsr x13, x13, #1
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ ret
+.Lfunc_end88:
+ .size mcl_fp_shr1_6L, .Lfunc_end88-mcl_fp_shr1_6L
+
+ .globl mcl_fp_add6L
+ .align 2
+ .type mcl_fp_add6L,@function
+mcl_fp_add6L: // @mcl_fp_add6L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x14, x15, [x2]
+ ldp x16, x17, [x1]
+ ldp x18, x1, [x1, #16]
+ adds x14, x14, x16
+ adcs x15, x15, x17
+ ldp x16, x17, [x3, #32]
+ adcs x18, x12, x18
+ adcs x1, x13, x1
+ ldp x12, x2, [x3]
+ stp x14, x15, [x0]
+ stp x18, x1, [x0, #16]
+ adcs x8, x8, x10
+ adcs x4, x9, x11
+ stp x8, x4, [x0, #32]
+ adcs x5, xzr, xzr
+ ldp x9, x10, [x3, #16]
+ subs x13, x14, x12
+ sbcs x12, x15, x2
+ sbcs x11, x18, x9
+ sbcs x10, x1, x10
+ sbcs x9, x8, x16
+ sbcs x8, x4, x17
+ sbcs x14, x5, xzr
+ and w14, w14, #0x1
+ tbnz w14, #0, .LBB89_2
+// BB#1: // %nocarry
+ stp x13, x12, [x0]
+ stp x11, x10, [x0, #16]
+ stp x9, x8, [x0, #32]
+.LBB89_2: // %carry
+ ret
+.Lfunc_end89:
+ .size mcl_fp_add6L, .Lfunc_end89-mcl_fp_add6L
+
+ .globl mcl_fp_addNF6L
+ .align 2
+ .type mcl_fp_addNF6L,@function
+mcl_fp_addNF6L: // @mcl_fp_addNF6L
+// BB#0:
+ ldp x8, x9, [x1, #32]
+ ldp x10, x11, [x2, #32]
+ ldp x12, x13, [x1, #16]
+ ldp x14, x15, [x1]
+ ldp x16, x17, [x2]
+ ldp x18, x1, [x2, #16]
+ adds x14, x16, x14
+ adcs x15, x17, x15
+ ldp x16, x17, [x3, #32]
+ adcs x12, x18, x12
+ adcs x13, x1, x13
+ ldp x18, x1, [x3]
+ adcs x8, x10, x8
+ ldp x10, x2, [x3, #16]
+ adcs x9, x11, x9
+ subs x11, x14, x18
+ sbcs x18, x15, x1
+ sbcs x10, x12, x10
+ sbcs x1, x13, x2
+ sbcs x16, x8, x16
+ sbcs x17, x9, x17
+ asr x2, x17, #63
+ cmp x2, #0 // =0
+ csel x11, x14, x11, lt
+ csel x14, x15, x18, lt
+ csel x10, x12, x10, lt
+ csel x12, x13, x1, lt
+ csel x8, x8, x16, lt
+ csel x9, x9, x17, lt
+ stp x11, x14, [x0]
+ stp x10, x12, [x0, #16]
+ stp x8, x9, [x0, #32]
+ ret
+.Lfunc_end90:
+ .size mcl_fp_addNF6L, .Lfunc_end90-mcl_fp_addNF6L
+
+ .globl mcl_fp_sub6L
+ .align 2
+ .type mcl_fp_sub6L,@function
+mcl_fp_sub6L: // @mcl_fp_sub6L
+// BB#0:
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x10, x11, [x2, #16]
+ ldp x8, x9, [x2]
+ ldp x16, x17, [x1]
+ ldp x18, x1, [x1, #16]
+ subs x8, x16, x8
+ sbcs x9, x17, x9
+ stp x8, x9, [x0]
+ sbcs x10, x18, x10
+ sbcs x11, x1, x11
+ stp x10, x11, [x0, #16]
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ stp x12, x13, [x0, #32]
+ ngcs x14, xzr
+ and w14, w14, #0x1
+ tbnz w14, #0, .LBB91_2
+// BB#1: // %nocarry
+ ret
+.LBB91_2: // %carry
+ ldp x14, x15, [x3, #32]
+ ldp x16, x17, [x3]
+ ldp x18, x1, [x3, #16]
+ adds x8, x16, x8
+ adcs x9, x17, x9
+ adcs x10, x18, x10
+ adcs x11, x1, x11
+ adcs x12, x14, x12
+ adcs x13, x15, x13
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ ret
+.Lfunc_end91:
+ .size mcl_fp_sub6L, .Lfunc_end91-mcl_fp_sub6L
+
+ .globl mcl_fp_subNF6L
+ .align 2
+ .type mcl_fp_subNF6L,@function
+mcl_fp_subNF6L: // @mcl_fp_subNF6L
+// BB#0:
+ ldp x8, x9, [x2, #32]
+ ldp x10, x11, [x1, #32]
+ ldp x12, x13, [x2, #16]
+ ldp x14, x18, [x2]
+ ldp x16, x17, [x1, #16]
+ ldp x15, x1, [x1]
+ subs x14, x15, x14
+ ldp x15, x2, [x3, #32]
+ sbcs x18, x1, x18
+ sbcs x12, x16, x12
+ ldp x16, x1, [x3, #16]
+ sbcs x13, x17, x13
+ ldp x17, x3, [x3]
+ sbcs x8, x10, x8
+ sbcs x9, x11, x9
+ asr x10, x9, #63
+ adds x11, x10, x10
+ and x16, x10, x16
+ and x1, x10, x1
+ and x15, x10, x15
+ and x2, x10, x2
+ adcs x10, x10, x10
+ orr x11, x11, x9, lsr #63
+ and x11, x11, x17
+ and x10, x10, x3
+ adds x11, x11, x14
+ adcs x10, x10, x18
+ stp x11, x10, [x0]
+ adcs x10, x16, x12
+ str x10, [x0, #16]
+ adcs x10, x1, x13
+ adcs x8, x15, x8
+ stp x10, x8, [x0, #24]
+ adcs x8, x2, x9
+ str x8, [x0, #40]
+ ret
+.Lfunc_end92:
+ .size mcl_fp_subNF6L, .Lfunc_end92-mcl_fp_subNF6L
+
+ .globl mcl_fpDbl_add6L
+ .align 2
+ .type mcl_fpDbl_add6L,@function
+mcl_fpDbl_add6L: // @mcl_fpDbl_add6L
+// BB#0:
+ stp x26, x25, [sp, #-64]!
+ stp x24, x23, [sp, #16]
+ stp x22, x21, [sp, #32]
+ stp x20, x19, [sp, #48]
+ ldp x8, x9, [x2, #80]
+ ldp x10, x11, [x1, #80]
+ ldp x12, x13, [x2, #64]
+ ldp x14, x15, [x1, #64]
+ ldp x16, x17, [x2, #48]
+ ldp x18, x4, [x1, #48]
+ ldp x5, x6, [x2, #32]
+ ldp x7, x19, [x1, #32]
+ ldp x20, x21, [x2, #16]
+ ldp x23, x2, [x2]
+ ldp x24, x25, [x1, #16]
+ ldp x22, x1, [x1]
+ adds x22, x23, x22
+ str x22, [x0]
+ ldp x22, x23, [x3, #32]
+ adcs x1, x2, x1
+ str x1, [x0, #8]
+ ldp x1, x2, [x3, #16]
+ adcs x20, x20, x24
+ ldp x24, x3, [x3]
+ str x20, [x0, #16]
+ adcs x20, x21, x25
+ adcs x5, x5, x7
+ stp x20, x5, [x0, #24]
+ adcs x5, x6, x19
+ str x5, [x0, #40]
+ adcs x16, x16, x18
+ adcs x17, x17, x4
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ adcs x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, xzr, xzr
+ subs x11, x16, x24
+ sbcs x14, x17, x3
+ sbcs x15, x12, x1
+ sbcs x18, x13, x2
+ sbcs x1, x8, x22
+ sbcs x2, x9, x23
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x10, x16, x11, ne
+ csel x11, x17, x14, ne
+ csel x12, x12, x15, ne
+ csel x13, x13, x18, ne
+ csel x8, x8, x1, ne
+ csel x9, x9, x2, ne
+ stp x10, x11, [x0, #48]
+ stp x12, x13, [x0, #64]
+ stp x8, x9, [x0, #80]
+ ldp x20, x19, [sp, #48]
+ ldp x22, x21, [sp, #32]
+ ldp x24, x23, [sp, #16]
+ ldp x26, x25, [sp], #64
+ ret
+.Lfunc_end93:
+ .size mcl_fpDbl_add6L, .Lfunc_end93-mcl_fpDbl_add6L
+
+ .globl mcl_fpDbl_sub6L
+ .align 2
+ .type mcl_fpDbl_sub6L,@function
+mcl_fpDbl_sub6L: // @mcl_fpDbl_sub6L
+// BB#0:
+ stp x26, x25, [sp, #-64]!
+ stp x24, x23, [sp, #16]
+ stp x22, x21, [sp, #32]
+ stp x20, x19, [sp, #48]
+ ldp x8, x9, [x2, #80]
+ ldp x10, x11, [x1, #80]
+ ldp x12, x13, [x2, #64]
+ ldp x14, x15, [x1, #64]
+ ldp x16, x17, [x2, #48]
+ ldp x18, x4, [x1, #48]
+ ldp x5, x6, [x2, #32]
+ ldp x7, x19, [x1, #32]
+ ldp x20, x21, [x2, #16]
+ ldp x22, x2, [x2]
+ ldp x24, x25, [x1, #16]
+ ldp x23, x1, [x1]
+ subs x22, x23, x22
+ str x22, [x0]
+ ldp x22, x23, [x3, #32]
+ sbcs x1, x1, x2
+ str x1, [x0, #8]
+ ldp x1, x2, [x3, #16]
+ sbcs x20, x24, x20
+ ldp x24, x3, [x3]
+ str x20, [x0, #16]
+ sbcs x20, x25, x21
+ sbcs x5, x7, x5
+ stp x20, x5, [x0, #24]
+ sbcs x5, x19, x6
+ sbcs x16, x18, x16
+ sbcs x17, x4, x17
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ sbcs x8, x10, x8
+ sbcs x9, x11, x9
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x23, xzr, ne
+ csel x11, x22, xzr, ne
+ csel x14, x2, xzr, ne
+ csel x15, x1, xzr, ne
+ csel x18, x3, xzr, ne
+ csel x1, x24, xzr, ne
+ adds x16, x1, x16
+ stp x5, x16, [x0, #40]
+ adcs x16, x18, x17
+ adcs x12, x15, x12
+ stp x16, x12, [x0, #56]
+ adcs x12, x14, x13
+ adcs x8, x11, x8
+ stp x12, x8, [x0, #72]
+ adcs x8, x10, x9
+ str x8, [x0, #88]
+ ldp x20, x19, [sp, #48]
+ ldp x22, x21, [sp, #32]
+ ldp x24, x23, [sp, #16]
+ ldp x26, x25, [sp], #64
+ ret
+.Lfunc_end94:
+ .size mcl_fpDbl_sub6L, .Lfunc_end94-mcl_fpDbl_sub6L
+
+ .globl mcl_fp_mulUnitPre7L
+ .align 2
+ .type mcl_fp_mulUnitPre7L,@function
+mcl_fp_mulUnitPre7L: // @mcl_fp_mulUnitPre7L
+// BB#0:
+ ldp x10, x8, [x1, #40]
+ ldp x14, x9, [x1, #24]
+ ldp x11, x12, [x1]
+ ldr x13, [x1, #16]
+ mul x15, x11, x2
+ mul x16, x12, x2
+ umulh x11, x11, x2
+ mul x17, x13, x2
+ umulh x12, x12, x2
+ mul x18, x14, x2
+ umulh x13, x13, x2
+ mul x1, x9, x2
+ umulh x14, x14, x2
+ mul x3, x10, x2
+ umulh x9, x9, x2
+ mul x4, x8, x2
+ umulh x10, x10, x2
+ umulh x8, x8, x2
+ adds x11, x11, x16
+ stp x15, x11, [x0]
+ adcs x11, x12, x17
+ str x11, [x0, #16]
+ adcs x11, x13, x18
+ str x11, [x0, #24]
+ adcs x11, x14, x1
+ adcs x9, x9, x3
+ stp x11, x9, [x0, #32]
+ adcs x9, x10, x4
+ adcs x8, x8, xzr
+ stp x9, x8, [x0, #48]
+ ret
+.Lfunc_end95:
+ .size mcl_fp_mulUnitPre7L, .Lfunc_end95-mcl_fp_mulUnitPre7L
+
+ .globl mcl_fpDbl_mulPre7L
+ .align 2
+ .type mcl_fpDbl_mulPre7L,@function
+mcl_fpDbl_mulPre7L: // @mcl_fpDbl_mulPre7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #624 // =624
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #24]
+ ldp x12, x13, [x1, #40]
+ ldp x14, x15, [x2]
+ ldp x16, x18, [x1, #16]
+ mul x17, x8, x14
+ str x17, [sp, #528] // 8-byte Folded Spill
+ umulh x17, x13, x14
+ str x17, [sp, #616] // 8-byte Folded Spill
+ mul x17, x13, x14
+ str x17, [sp, #608] // 8-byte Folded Spill
+ umulh x17, x12, x14
+ str x17, [sp, #592] // 8-byte Folded Spill
+ mul x17, x12, x14
+ str x17, [sp, #568] // 8-byte Folded Spill
+ umulh x17, x11, x14
+ str x17, [sp, #552] // 8-byte Folded Spill
+ mul x17, x11, x14
+ str x17, [sp, #512] // 8-byte Folded Spill
+ umulh x17, x10, x14
+ str x17, [sp, #496] // 8-byte Folded Spill
+ mul x17, x10, x14
+ str x17, [sp, #456] // 8-byte Folded Spill
+ umulh x17, x16, x14
+ str x17, [sp, #424] // 8-byte Folded Spill
+ mul x17, x16, x14
+ str x17, [sp, #368] // 8-byte Folded Spill
+ umulh x17, x9, x14
+ str x17, [sp, #352] // 8-byte Folded Spill
+ mul x17, x9, x14
+ str x17, [sp, #304] // 8-byte Folded Spill
+ umulh x14, x8, x14
+ str x14, [sp, #272] // 8-byte Folded Spill
+ mul x14, x13, x15
+ str x14, [sp, #560] // 8-byte Folded Spill
+ mul x14, x12, x15
+ str x14, [sp, #520] // 8-byte Folded Spill
+ mul x14, x11, x15
+ str x14, [sp, #488] // 8-byte Folded Spill
+ mul x14, x10, x15
+ str x14, [sp, #448] // 8-byte Folded Spill
+ mul x14, x16, x15
+ umulh x13, x13, x15
+ str x13, [sp, #600] // 8-byte Folded Spill
+ umulh x12, x12, x15
+ str x12, [sp, #576] // 8-byte Folded Spill
+ umulh x11, x11, x15
+ str x11, [sp, #544] // 8-byte Folded Spill
+ umulh x10, x10, x15
+ str x10, [sp, #504] // 8-byte Folded Spill
+ umulh x10, x16, x15
+ str x10, [sp, #472] // 8-byte Folded Spill
+ mul x10, x9, x15
+ str x10, [sp, #208] // 8-byte Folded Spill
+ umulh x9, x9, x15
+ stp x9, x14, [sp, #400]
+ mul x9, x8, x15
+ str x9, [sp, #96] // 8-byte Folded Spill
+ umulh x8, x8, x15
+ str x8, [sp, #320] // 8-byte Folded Spill
+ ldp x9, x11, [x1]
+ ldp x10, x17, [x2, #16]
+ ldp x12, x13, [x1, #16]
+ ldp x14, x16, [x1, #32]
+ ldr x15, [x1, #48]
+ mul x8, x9, x10
+ str x8, [sp, #248] // 8-byte Folded Spill
+ mul x8, x15, x10
+ str x8, [sp, #392] // 8-byte Folded Spill
+ mul x8, x16, x10
+ str x8, [sp, #344] // 8-byte Folded Spill
+ mul x8, x14, x10
+ str x8, [sp, #296] // 8-byte Folded Spill
+ mul x8, x13, x10
+ str x8, [sp, #240] // 8-byte Folded Spill
+ mul x8, x12, x10
+ str x8, [sp, #192] // 8-byte Folded Spill
+ mul x8, x11, x10
+ str x8, [sp, #136] // 8-byte Folded Spill
+ umulh x8, x15, x10
+ str x8, [sp, #440] // 8-byte Folded Spill
+ umulh x8, x16, x10
+ str x8, [sp, #384] // 8-byte Folded Spill
+ umulh x8, x14, x10
+ str x8, [sp, #336] // 8-byte Folded Spill
+ umulh x8, x13, x10
+ str x8, [sp, #288] // 8-byte Folded Spill
+ umulh x8, x12, x10
+ str x8, [sp, #232] // 8-byte Folded Spill
+ umulh x8, x11, x10
+ str x8, [sp, #184] // 8-byte Folded Spill
+ umulh x8, x9, x10
+ str x8, [sp, #128] // 8-byte Folded Spill
+ mul x8, x15, x17
+ str x8, [sp, #464] // 8-byte Folded Spill
+ umulh x8, x15, x17
+ str x8, [sp, #584] // 8-byte Folded Spill
+ mul x8, x16, x17
+ str x8, [sp, #376] // 8-byte Folded Spill
+ umulh x8, x16, x17
+ str x8, [sp, #536] // 8-byte Folded Spill
+ mul x8, x14, x17
+ str x8, [sp, #312] // 8-byte Folded Spill
+ umulh x8, x14, x17
+ str x8, [sp, #480] // 8-byte Folded Spill
+ mul x8, x13, x17
+ str x8, [sp, #224] // 8-byte Folded Spill
+ umulh x8, x13, x17
+ str x8, [sp, #416] // 8-byte Folded Spill
+ mul x8, x12, x17
+ str x8, [sp, #144] // 8-byte Folded Spill
+ umulh x8, x12, x17
+ str x8, [sp, #328] // 8-byte Folded Spill
+ mul x8, x11, x17
+ str x8, [sp, #80] // 8-byte Folded Spill
+ umulh x8, x11, x17
+ str x8, [sp, #264] // 8-byte Folded Spill
+ mul x28, x9, x17
+ umulh x8, x9, x17
+ str x8, [sp, #176] // 8-byte Folded Spill
+ ldp x14, x12, [x1, #24]
+ ldp x10, x9, [x1]
+ ldr x7, [x1, #16]
+ ldp x30, x5, [x1, #40]
+ ldp x27, x8, [x2, #32]
+ ldr x13, [x1, #48]
+ mul x11, x10, x27
+ str x11, [sp, #48] // 8-byte Folded Spill
+ mul x11, x5, x27
+ str x11, [sp, #168] // 8-byte Folded Spill
+ mul x11, x30, x27
+ str x11, [sp, #120] // 8-byte Folded Spill
+ mul x11, x12, x27
+ str x11, [sp, #72] // 8-byte Folded Spill
+ mul x11, x14, x27
+ str x11, [sp, #40] // 8-byte Folded Spill
+ mul x11, x7, x27
+ str x11, [sp, #16] // 8-byte Folded Spill
+ mul x24, x9, x27
+ umulh x11, x5, x27
+ str x11, [sp, #216] // 8-byte Folded Spill
+ umulh x11, x30, x27
+ str x11, [sp, #160] // 8-byte Folded Spill
+ umulh x11, x12, x27
+ str x11, [sp, #112] // 8-byte Folded Spill
+ umulh x11, x14, x27
+ str x11, [sp, #64] // 8-byte Folded Spill
+ umulh x11, x7, x27
+ str x11, [sp, #32] // 8-byte Folded Spill
+ umulh x29, x9, x27
+ umulh x23, x10, x27
+ mul x11, x5, x8
+ str x11, [sp, #256] // 8-byte Folded Spill
+ umulh x11, x5, x8
+ str x11, [sp, #432] // 8-byte Folded Spill
+ mul x11, x30, x8
+ str x11, [sp, #152] // 8-byte Folded Spill
+ umulh x11, x30, x8
+ str x11, [sp, #360] // 8-byte Folded Spill
+ mul x11, x12, x8
+ str x11, [sp, #88] // 8-byte Folded Spill
+ umulh x11, x12, x8
+ str x11, [sp, #280] // 8-byte Folded Spill
+ mul x11, x14, x8
+ str x11, [sp, #24] // 8-byte Folded Spill
+ umulh x11, x14, x8
+ str x11, [sp, #200] // 8-byte Folded Spill
+ mul x25, x7, x8
+ umulh x11, x7, x8
+ str x11, [sp, #104] // 8-byte Folded Spill
+ mul x22, x9, x8
+ umulh x9, x9, x8
+ str x9, [sp, #56] // 8-byte Folded Spill
+ mul x20, x10, x8
+ umulh x26, x10, x8
+ ldr x10, [x2, #48]
+ ldp x2, x8, [x1]
+ ldr x9, [x1, #16]
+ ldp x11, x1, [x1, #32]
+ mul x27, x2, x10
+ umulh x21, x2, x10
+ mul x5, x8, x10
+ umulh x19, x8, x10
+ mul x3, x9, x10
+ umulh x7, x9, x10
+ mul x2, x18, x10
+ umulh x6, x18, x10
+ mul x17, x11, x10
+ umulh x4, x11, x10
+ mul x16, x1, x10
+ umulh x1, x1, x10
+ mul x15, x13, x10
+ umulh x18, x13, x10
+ ldr x8, [sp, #528] // 8-byte Folded Reload
+ str x8, [x0]
+ ldr x8, [sp, #304] // 8-byte Folded Reload
+ ldr x9, [sp, #272] // 8-byte Folded Reload
+ adds x13, x9, x8
+ ldr x8, [sp, #368] // 8-byte Folded Reload
+ ldr x9, [sp, #352] // 8-byte Folded Reload
+ adcs x8, x9, x8
+ ldr x9, [sp, #456] // 8-byte Folded Reload
+ ldr x10, [sp, #424] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ ldr x10, [sp, #512] // 8-byte Folded Reload
+ ldr x11, [sp, #496] // 8-byte Folded Reload
+ adcs x10, x11, x10
+ ldr x11, [sp, #568] // 8-byte Folded Reload
+ ldr x12, [sp, #552] // 8-byte Folded Reload
+ adcs x11, x12, x11
+ ldr x12, [sp, #608] // 8-byte Folded Reload
+ ldr x14, [sp, #592] // 8-byte Folded Reload
+ adcs x12, x14, x12
+ ldr x14, [sp, #616] // 8-byte Folded Reload
+ adcs x14, x14, xzr
+ ldr x30, [sp, #96] // 8-byte Folded Reload
+ adds x13, x30, x13
+ str x13, [x0, #8]
+ ldr x13, [sp, #208] // 8-byte Folded Reload
+ adcs x8, x13, x8
+ ldr x13, [sp, #408] // 8-byte Folded Reload
+ adcs x9, x13, x9
+ ldr x13, [sp, #448] // 8-byte Folded Reload
+ adcs x10, x13, x10
+ ldr x13, [sp, #488] // 8-byte Folded Reload
+ adcs x11, x13, x11
+ ldr x13, [sp, #520] // 8-byte Folded Reload
+ adcs x12, x13, x12
+ ldr x13, [sp, #560] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, xzr, xzr
+ ldr x30, [sp, #320] // 8-byte Folded Reload
+ adds x8, x8, x30
+ ldr x30, [sp, #400] // 8-byte Folded Reload
+ adcs x9, x9, x30
+ ldr x30, [sp, #472] // 8-byte Folded Reload
+ adcs x10, x10, x30
+ ldr x30, [sp, #504] // 8-byte Folded Reload
+ adcs x11, x11, x30
+ ldr x30, [sp, #544] // 8-byte Folded Reload
+ adcs x12, x12, x30
+ ldr x30, [sp, #576] // 8-byte Folded Reload
+ adcs x13, x13, x30
+ ldr x30, [sp, #600] // 8-byte Folded Reload
+ adcs x14, x14, x30
+ ldr x30, [sp, #248] // 8-byte Folded Reload
+ adds x8, x30, x8
+ str x8, [x0, #16]
+ ldp x30, x8, [sp, #128]
+ adcs x8, x8, x9
+ ldr x9, [sp, #192] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ ldr x10, [sp, #240] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #296] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #344] // 8-byte Folded Reload
+ adcs x12, x12, x13
+ ldr x13, [sp, #392] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, xzr, xzr
+ adds x8, x8, x30
+ ldr x30, [sp, #184] // 8-byte Folded Reload
+ adcs x9, x9, x30
+ ldr x30, [sp, #232] // 8-byte Folded Reload
+ adcs x10, x10, x30
+ ldr x30, [sp, #288] // 8-byte Folded Reload
+ adcs x11, x11, x30
+ ldr x30, [sp, #336] // 8-byte Folded Reload
+ adcs x12, x12, x30
+ ldr x30, [sp, #384] // 8-byte Folded Reload
+ adcs x13, x13, x30
+ ldr x30, [sp, #440] // 8-byte Folded Reload
+ adcs x14, x14, x30
+ adds x8, x28, x8
+ str x8, [x0, #24]
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, x9
+ ldr x9, [sp, #144] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ ldr x10, [sp, #224] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #312] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #376] // 8-byte Folded Reload
+ adcs x12, x12, x13
+ ldr x13, [sp, #464] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, xzr, xzr
+ ldr x28, [sp, #176] // 8-byte Folded Reload
+ adds x8, x8, x28
+ ldr x28, [sp, #264] // 8-byte Folded Reload
+ adcs x9, x9, x28
+ ldr x28, [sp, #328] // 8-byte Folded Reload
+ adcs x10, x10, x28
+ ldr x28, [sp, #416] // 8-byte Folded Reload
+ adcs x11, x11, x28
+ ldr x28, [sp, #480] // 8-byte Folded Reload
+ adcs x12, x12, x28
+ ldr x28, [sp, #536] // 8-byte Folded Reload
+ adcs x13, x13, x28
+ ldr x28, [sp, #584] // 8-byte Folded Reload
+ adcs x14, x14, x28
+ ldr x28, [sp, #48] // 8-byte Folded Reload
+ adds x8, x28, x8
+ str x8, [x0, #32]
+ adcs x8, x24, x9
+ ldr x9, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #72] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #120] // 8-byte Folded Reload
+ adcs x12, x12, x13
+ ldr x13, [sp, #168] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, xzr, xzr
+ adds x8, x8, x23
+ adcs x9, x9, x29
+ ldr x23, [sp, #32] // 8-byte Folded Reload
+ adcs x10, x10, x23
+ ldr x23, [sp, #64] // 8-byte Folded Reload
+ adcs x11, x11, x23
+ ldr x23, [sp, #112] // 8-byte Folded Reload
+ adcs x12, x12, x23
+ ldr x23, [sp, #160] // 8-byte Folded Reload
+ adcs x13, x13, x23
+ ldr x23, [sp, #216] // 8-byte Folded Reload
+ adcs x14, x14, x23
+ adds x8, x20, x8
+ str x8, [x0, #40]
+ adcs x8, x22, x9
+ adcs x9, x25, x10
+ ldr x10, [sp, #24] // 8-byte Folded Reload
+ adcs x10, x10, x11
+ ldr x11, [sp, #88] // 8-byte Folded Reload
+ adcs x11, x11, x12
+ ldr x12, [sp, #152] // 8-byte Folded Reload
+ adcs x12, x12, x13
+ ldr x13, [sp, #256] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, xzr, xzr
+ adds x8, x8, x26
+ ldr x20, [sp, #56] // 8-byte Folded Reload
+ adcs x9, x9, x20
+ ldr x20, [sp, #104] // 8-byte Folded Reload
+ adcs x10, x10, x20
+ ldr x20, [sp, #200] // 8-byte Folded Reload
+ adcs x11, x11, x20
+ ldr x20, [sp, #280] // 8-byte Folded Reload
+ adcs x12, x12, x20
+ ldr x20, [sp, #360] // 8-byte Folded Reload
+ adcs x13, x13, x20
+ ldr x20, [sp, #432] // 8-byte Folded Reload
+ adcs x14, x14, x20
+ adds x8, x27, x8
+ str x8, [x0, #48]
+ adcs x8, x5, x9
+ adcs x9, x3, x10
+ adcs x10, x2, x11
+ adcs x11, x17, x12
+ adcs x12, x16, x13
+ adcs x13, x15, x14
+ adcs x14, xzr, xzr
+ adds x8, x8, x21
+ str x8, [x0, #56]
+ adcs x8, x9, x19
+ str x8, [x0, #64]
+ adcs x8, x10, x7
+ str x8, [x0, #72]
+ adcs x8, x11, x6
+ str x8, [x0, #80]
+ adcs x8, x12, x4
+ str x8, [x0, #88]
+ adcs x8, x13, x1
+ str x8, [x0, #96]
+ adcs x8, x14, x18
+ str x8, [x0, #104]
+ add sp, sp, #624 // =624
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end96:
+ .size mcl_fpDbl_mulPre7L, .Lfunc_end96-mcl_fpDbl_mulPre7L
+
+ .globl mcl_fpDbl_sqrPre7L
+ .align 2
+ .type mcl_fpDbl_sqrPre7L,@function
+mcl_fpDbl_sqrPre7L: // @mcl_fpDbl_sqrPre7L
+// BB#0:
+ stp x24, x23, [sp, #-48]!
+ stp x22, x21, [sp, #16]
+ stp x20, x19, [sp, #32]
+ ldp x11, x8, [x1]
+ ldp x9, x10, [x1, #40]
+ ldp x15, x12, [x1, #16]
+ ldp x16, x3, [x1, #16]
+ ldp x13, x14, [x1, #32]
+ ldp x18, x17, [x1, #32]
+ ldr x2, [x1, #32]
+ mul x4, x11, x11
+ umulh x5, x10, x11
+ mul x6, x9, x11
+ mul x7, x18, x11
+ mul x19, x3, x11
+ umulh x20, x16, x11
+ mul x21, x16, x11
+ umulh x22, x8, x11
+ mul x23, x8, x11
+ str x4, [x0]
+ umulh x4, x11, x11
+ adds x4, x4, x23
+ adcs x21, x22, x21
+ adcs x19, x20, x19
+ umulh x20, x3, x11
+ adcs x7, x20, x7
+ umulh x20, x18, x11
+ adcs x6, x20, x6
+ mul x20, x10, x11
+ umulh x11, x9, x11
+ adcs x20, x11, x20
+ adcs x5, x5, xzr
+ adds x4, x23, x4
+ ldp x11, x23, [x1, #40]
+ str x4, [x0, #8]
+ mul x4, x8, x8
+ adcs x4, x4, x21
+ mul x21, x16, x8
+ adcs x19, x21, x19
+ mul x21, x3, x8
+ adcs x7, x21, x7
+ mul x21, x18, x8
+ adcs x6, x21, x6
+ mul x21, x9, x8
+ adcs x20, x21, x20
+ mul x21, x10, x8
+ umulh x10, x10, x8
+ umulh x9, x9, x8
+ umulh x18, x18, x8
+ umulh x3, x3, x8
+ umulh x16, x16, x8
+ umulh x8, x8, x8
+ adcs x5, x21, x5
+ adcs x21, xzr, xzr
+ adds x4, x4, x22
+ adcs x8, x19, x8
+ ldp x19, x22, [x1]
+ adcs x16, x7, x16
+ adcs x3, x6, x3
+ ldp x6, x7, [x1, #8]
+ adcs x18, x20, x18
+ mul x20, x19, x15
+ adcs x9, x5, x9
+ mul x5, x23, x15
+ adcs x10, x21, x10
+ mul x21, x14, x15
+ adds x4, x20, x4
+ mul x20, x13, x15
+ str x4, [x0, #16]
+ mul x4, x6, x15
+ adcs x8, x4, x8
+ mul x4, x15, x15
+ adcs x16, x4, x16
+ mul x4, x12, x15
+ adcs x3, x4, x3
+ adcs x18, x20, x18
+ umulh x20, x13, x15
+ adcs x9, x21, x9
+ umulh x21, x19, x15
+ adcs x10, x5, x10
+ adcs x5, xzr, xzr
+ adds x8, x8, x21
+ umulh x21, x6, x15
+ adcs x16, x16, x21
+ umulh x21, x15, x15
+ adcs x3, x3, x21
+ umulh x21, x12, x15
+ adcs x18, x18, x21
+ adcs x9, x9, x20
+ umulh x20, x14, x15
+ adcs x10, x10, x20
+ umulh x15, x23, x15
+ adcs x15, x5, x15
+ mul x5, x19, x12
+ adds x8, x5, x8
+ ldr x5, [x1, #32]
+ str x8, [x0, #24]
+ mul x8, x6, x12
+ adcs x8, x8, x16
+ ldr x16, [x1]
+ adcs x3, x4, x3
+ mul x4, x12, x12
+ adcs x18, x4, x18
+ mul x4, x13, x12
+ adcs x9, x4, x9
+ mul x4, x14, x12
+ adcs x10, x4, x10
+ mul x4, x23, x12
+ umulh x19, x19, x12
+ adcs x15, x4, x15
+ adcs x4, xzr, xzr
+ adds x8, x8, x19
+ ldr x19, [x1, #24]
+ umulh x6, x6, x12
+ adcs x3, x3, x6
+ ldr x6, [x1, #48]
+ adcs x18, x18, x21
+ ldr x20, [x1, #48]
+ umulh x21, x23, x12
+ umulh x14, x14, x12
+ umulh x13, x13, x12
+ umulh x12, x12, x12
+ adcs x9, x9, x12
+ adcs x10, x10, x13
+ ldp x12, x13, [x1]
+ adcs x14, x15, x14
+ mul x15, x16, x5
+ adcs x4, x4, x21
+ mul x21, x6, x5
+ adds x8, x15, x8
+ mul x15, x17, x5
+ str x8, [x0, #32]
+ mul x8, x22, x5
+ adcs x8, x8, x3
+ mul x3, x7, x5
+ adcs x18, x3, x18
+ mul x3, x19, x5
+ adcs x9, x3, x9
+ mul x3, x5, x5
+ adcs x10, x3, x10
+ umulh x3, x16, x5
+ adcs x14, x15, x14
+ adcs x4, x21, x4
+ adcs x21, xzr, xzr
+ adds x8, x8, x3
+ umulh x3, x22, x5
+ adcs x18, x18, x3
+ umulh x3, x7, x5
+ adcs x9, x9, x3
+ umulh x3, x19, x5
+ adcs x10, x10, x3
+ umulh x3, x5, x5
+ adcs x14, x14, x3
+ umulh x3, x6, x5
+ umulh x5, x17, x5
+ adcs x4, x4, x5
+ adcs x3, x21, x3
+ mul x21, x16, x17
+ adds x8, x21, x8
+ ldp x21, x1, [x1, #16]
+ str x8, [x0, #40]
+ mul x8, x22, x17
+ adcs x8, x8, x18
+ mul x18, x7, x17
+ adcs x9, x18, x9
+ mul x18, x19, x17
+ adcs x10, x18, x10
+ mul x18, x6, x17
+ adcs x14, x15, x14
+ mul x15, x17, x17
+ umulh x6, x6, x17
+ umulh x19, x19, x17
+ umulh x7, x7, x17
+ umulh x22, x22, x17
+ umulh x16, x16, x17
+ umulh x17, x17, x17
+ adcs x15, x15, x4
+ mul x4, x12, x20
+ adcs x18, x18, x3
+ adcs x3, xzr, xzr
+ adds x8, x8, x16
+ mul x16, x11, x20
+ adcs x9, x9, x22
+ mul x22, x2, x20
+ adcs x10, x10, x7
+ mul x7, x1, x20
+ adcs x14, x14, x19
+ mul x19, x21, x20
+ adcs x15, x15, x5
+ mul x5, x13, x20
+ adcs x17, x18, x17
+ mul x18, x20, x20
+ umulh x12, x12, x20
+ umulh x13, x13, x20
+ umulh x21, x21, x20
+ umulh x1, x1, x20
+ umulh x2, x2, x20
+ umulh x11, x11, x20
+ umulh x20, x20, x20
+ adcs x3, x3, x6
+ adds x8, x4, x8
+ str x8, [x0, #48]
+ adcs x8, x5, x9
+ adcs x9, x19, x10
+ adcs x10, x7, x14
+ adcs x14, x22, x15
+ adcs x15, x16, x17
+ adcs x16, x18, x3
+ adcs x17, xzr, xzr
+ adds x8, x8, x12
+ str x8, [x0, #56]
+ adcs x8, x9, x13
+ str x8, [x0, #64]
+ adcs x8, x10, x21
+ str x8, [x0, #72]
+ adcs x8, x14, x1
+ str x8, [x0, #80]
+ adcs x8, x15, x2
+ str x8, [x0, #88]
+ adcs x8, x16, x11
+ str x8, [x0, #96]
+ adcs x8, x17, x20
+ str x8, [x0, #104]
+ ldp x20, x19, [sp, #32]
+ ldp x22, x21, [sp, #16]
+ ldp x24, x23, [sp], #48
+ ret
+.Lfunc_end97:
+ .size mcl_fpDbl_sqrPre7L, .Lfunc_end97-mcl_fpDbl_sqrPre7L
+
+ .globl mcl_fp_mont7L
+ .align 2
+ .type mcl_fp_mont7L,@function
+mcl_fp_mont7L: // @mcl_fp_mont7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #144 // =144
+ str x2, [sp, #112] // 8-byte Folded Spill
+ str x0, [sp, #64] // 8-byte Folded Spill
+ ldr x6, [x2]
+ ldr x15, [x1, #48]
+ str x15, [sp, #96] // 8-byte Folded Spill
+ ldr x0, [x1, #32]
+ str x0, [sp, #56] // 8-byte Folded Spill
+ ldr x18, [x1, #40]
+ ldp x11, x13, [x1, #16]
+ ldp x17, x5, [x1]
+ str x5, [sp, #88] // 8-byte Folded Spill
+ ldur x12, [x3, #-8]
+ str x12, [sp, #128] // 8-byte Folded Spill
+ ldr x1, [x3, #32]
+ str x1, [sp, #104] // 8-byte Folded Spill
+ ldr x9, [x3, #40]
+ str x9, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [x3, #16]
+ str x8, [sp, #136] // 8-byte Folded Spill
+ ldr x10, [x3, #24]
+ str x10, [sp, #120] // 8-byte Folded Spill
+ ldr x14, [x3]
+ str x14, [sp, #24] // 8-byte Folded Spill
+ ldr x4, [x3, #8]
+ str x4, [sp, #72] // 8-byte Folded Spill
+ ldr x7, [x2, #8]
+ umulh x19, x15, x6
+ mul x20, x15, x6
+ umulh x21, x18, x6
+ mul x22, x18, x6
+ mov x15, x0
+ umulh x23, x15, x6
+ mul x24, x15, x6
+ mov x16, x13
+ umulh x25, x16, x6
+ mul x26, x16, x6
+ mov x13, x11
+ umulh x27, x13, x6
+ mul x28, x13, x6
+ mul x29, x5, x6
+ mov x11, x17
+ umulh x30, x11, x6
+ adds x29, x30, x29
+ umulh x30, x5, x6
+ mul x6, x11, x6
+ adcs x28, x30, x28
+ mul x30, x6, x12
+ adcs x26, x27, x26
+ mul x27, x30, x10
+ adcs x24, x25, x24
+ mul x25, x30, x8
+ adcs x22, x23, x22
+ mul x23, x30, x4
+ adcs x20, x21, x20
+ umulh x21, x30, x14
+ adcs x19, x19, xzr
+ adds x21, x21, x23
+ umulh x23, x30, x4
+ adcs x23, x23, x25
+ umulh x25, x30, x8
+ adcs x25, x25, x27
+ mul x27, x30, x1
+ umulh x17, x30, x10
+ adcs x17, x17, x27
+ ldr x3, [x3, #48]
+ str x3, [sp, #48] // 8-byte Folded Spill
+ mul x27, x30, x9
+ umulh x0, x30, x1
+ adcs x0, x0, x27
+ mul x27, x30, x3
+ umulh x2, x30, x9
+ adcs x2, x2, x27
+ umulh x27, x30, x3
+ mul x30, x30, x14
+ adcs x27, x27, xzr
+ cmn x30, x6
+ adcs x6, x21, x29
+ adcs x21, x23, x28
+ mul x23, x7, x15
+ adcs x25, x25, x26
+ mul x26, x7, x16
+ adcs x17, x17, x24
+ mul x24, x7, x13
+ adcs x0, x0, x22
+ mul x22, x7, x5
+ adcs x2, x2, x20
+ umulh x20, x7, x11
+ adcs x19, x27, x19
+ adcs x27, xzr, xzr
+ adds x20, x20, x22
+ umulh x22, x7, x5
+ adcs x22, x22, x24
+ umulh x24, x7, x13
+ mov x5, x13
+ adcs x24, x24, x26
+ umulh x26, x7, x16
+ adcs x23, x26, x23
+ mul x26, x7, x18
+ umulh x28, x7, x15
+ adcs x26, x28, x26
+ ldr x15, [sp, #96] // 8-byte Folded Reload
+ mul x28, x7, x15
+ umulh x29, x7, x18
+ adcs x28, x29, x28
+ umulh x29, x7, x15
+ mul x7, x7, x11
+ adcs x29, x29, xzr
+ adds x30, x6, x7
+ adcs x6, x21, x20
+ adcs x25, x25, x22
+ mul x22, x30, x12
+ adcs x24, x17, x24
+ mul x17, x22, x10
+ adcs x0, x0, x23
+ mul x23, x22, x8
+ adcs x7, x2, x26
+ mul x2, x22, x4
+ adcs x20, x19, x28
+ umulh x26, x22, x14
+ adcs x21, x27, x29
+ adcs x19, xzr, xzr
+ adds x2, x26, x2
+ umulh x26, x22, x4
+ adcs x23, x26, x23
+ umulh x26, x22, x8
+ adcs x17, x26, x17
+ mul x26, x22, x1
+ umulh x27, x22, x10
+ adcs x26, x27, x26
+ mul x27, x22, x9
+ umulh x28, x22, x1
+ adcs x27, x28, x27
+ mul x28, x22, x3
+ umulh x29, x22, x9
+ adcs x28, x29, x28
+ umulh x29, x22, x3
+ mul x22, x22, x14
+ mov x10, x14
+ adcs x29, x29, xzr
+ cmn x22, x30
+ adcs x22, x2, x6
+ adcs x23, x23, x25
+ ldr x8, [sp, #112] // 8-byte Folded Reload
+ adcs x24, x17, x24
+ ldp x25, x17, [x8, #16]
+ adcs x0, x26, x0
+ mul x2, x25, x16
+ adcs x6, x27, x7
+ mul x7, x25, x5
+ adcs x20, x28, x20
+ ldp x15, x8, [sp, #88]
+ mul x26, x25, x15
+ adcs x21, x29, x21
+ mov x12, x11
+ umulh x27, x25, x12
+ adcs x19, x19, xzr
+ adds x26, x27, x26
+ umulh x27, x25, x15
+ adcs x7, x27, x7
+ umulh x27, x25, x5
+ mov x9, x5
+ adcs x2, x27, x2
+ ldr x11, [sp, #56] // 8-byte Folded Reload
+ mul x27, x25, x11
+ umulh x28, x25, x16
+ mov x13, x16
+ adcs x27, x28, x27
+ mul x28, x25, x18
+ umulh x29, x25, x11
+ adcs x28, x29, x28
+ mul x29, x25, x8
+ umulh x30, x25, x18
+ adcs x29, x30, x29
+ umulh x30, x25, x8
+ mov x14, x8
+ mul x25, x25, x12
+ mov x5, x12
+ adcs x30, x30, xzr
+ adds x22, x22, x25
+ adcs x23, x23, x26
+ adcs x7, x24, x7
+ adcs x0, x0, x2
+ ldp x8, x12, [sp, #128]
+ mul x2, x22, x8
+ adcs x6, x6, x27
+ mul x24, x2, x12
+ adcs x20, x20, x28
+ mul x25, x2, x4
+ adcs x21, x21, x29
+ mov x1, x10
+ umulh x26, x2, x1
+ adcs x19, x19, x30
+ adcs x27, xzr, xzr
+ adds x25, x26, x25
+ umulh x26, x2, x4
+ adcs x24, x26, x24
+ ldr x10, [sp, #120] // 8-byte Folded Reload
+ mul x26, x2, x10
+ umulh x28, x2, x12
+ adcs x26, x28, x26
+ ldr x12, [sp, #104] // 8-byte Folded Reload
+ mul x28, x2, x12
+ umulh x29, x2, x10
+ adcs x28, x29, x28
+ ldr x10, [sp, #80] // 8-byte Folded Reload
+ mul x29, x2, x10
+ umulh x30, x2, x12
+ adcs x29, x30, x29
+ mul x30, x2, x3
+ umulh x12, x2, x10
+ adcs x12, x12, x30
+ umulh x30, x2, x3
+ mul x2, x2, x1
+ adcs x30, x30, xzr
+ cmn x2, x22
+ adcs x2, x25, x23
+ adcs x7, x24, x7
+ adcs x0, x26, x0
+ mul x22, x17, x11
+ adcs x6, x28, x6
+ mul x23, x17, x13
+ adcs x20, x29, x20
+ mul x24, x17, x9
+ adcs x12, x12, x21
+ mul x21, x17, x15
+ adcs x19, x30, x19
+ umulh x25, x17, x5
+ adcs x26, x27, xzr
+ adds x21, x25, x21
+ umulh x25, x17, x15
+ adcs x24, x25, x24
+ umulh x25, x17, x9
+ mov x16, x9
+ adcs x23, x25, x23
+ umulh x25, x17, x13
+ adcs x22, x25, x22
+ mul x25, x17, x18
+ umulh x27, x17, x11
+ adcs x25, x27, x25
+ mov x9, x14
+ mul x27, x17, x9
+ umulh x28, x17, x18
+ adcs x27, x28, x27
+ umulh x28, x17, x9
+ mul x17, x17, x5
+ mov x15, x5
+ adcs x28, x28, xzr
+ adds x17, x2, x17
+ adcs x2, x7, x21
+ adcs x0, x0, x24
+ mul x24, x17, x8
+ adcs x29, x6, x23
+ ldr x9, [sp, #120] // 8-byte Folded Reload
+ mul x23, x24, x9
+ adcs x6, x20, x22
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ mul x22, x24, x8
+ adcs x7, x12, x25
+ mul x12, x24, x4
+ adcs x20, x19, x27
+ umulh x25, x24, x1
+ adcs x21, x26, x28
+ adcs x19, xzr, xzr
+ adds x12, x25, x12
+ umulh x25, x24, x4
+ adcs x25, x25, x22
+ umulh x22, x24, x8
+ adcs x26, x22, x23
+ ldr x5, [sp, #104] // 8-byte Folded Reload
+ mul x22, x24, x5
+ umulh x23, x24, x9
+ adcs x27, x23, x22
+ mov x9, x10
+ mul x22, x24, x9
+ umulh x23, x24, x5
+ adcs x28, x23, x22
+ mul x22, x24, x3
+ umulh x23, x24, x9
+ adcs x30, x23, x22
+ umulh x22, x24, x3
+ mul x23, x24, x1
+ mov x3, x1
+ adcs x24, x22, xzr
+ cmn x23, x17
+ adcs x22, x12, x2
+ adcs x23, x25, x0
+ ldr x10, [sp, #112] // 8-byte Folded Reload
+ ldp x12, x0, [x10, #32]
+ adcs x17, x26, x29
+ adcs x2, x27, x6
+ mul x6, x12, x13
+ adcs x7, x28, x7
+ mov x10, x16
+ mul x25, x12, x10
+ adcs x20, x30, x20
+ ldr x16, [sp, #88] // 8-byte Folded Reload
+ mul x26, x12, x16
+ adcs x21, x24, x21
+ umulh x24, x12, x15
+ adcs x1, x19, xzr
+ adds x24, x24, x26
+ umulh x26, x12, x16
+ adcs x25, x26, x25
+ umulh x26, x12, x10
+ adcs x6, x26, x6
+ mul x26, x12, x11
+ umulh x27, x12, x13
+ adcs x26, x27, x26
+ mul x27, x12, x18
+ umulh x28, x12, x11
+ adcs x27, x28, x27
+ mul x28, x12, x14
+ umulh x29, x12, x18
+ adcs x28, x29, x28
+ umulh x29, x12, x14
+ mul x12, x12, x15
+ adcs x29, x29, xzr
+ adds x12, x22, x12
+ adcs x22, x23, x24
+ adcs x17, x17, x25
+ adcs x2, x2, x6
+ ldr x19, [sp, #128] // 8-byte Folded Reload
+ mul x6, x12, x19
+ adcs x7, x7, x26
+ mov x30, x8
+ mul x23, x6, x30
+ adcs x20, x20, x27
+ mul x24, x6, x4
+ adcs x21, x21, x28
+ mov x8, x3
+ umulh x25, x6, x8
+ adcs x1, x1, x29
+ adcs x26, xzr, xzr
+ adds x24, x25, x24
+ umulh x25, x6, x4
+ adcs x23, x25, x23
+ ldr x4, [sp, #120] // 8-byte Folded Reload
+ mul x25, x6, x4
+ umulh x27, x6, x30
+ adcs x25, x27, x25
+ mul x27, x6, x5
+ umulh x28, x6, x4
+ adcs x27, x28, x27
+ mov x3, x9
+ mul x28, x6, x3
+ umulh x29, x6, x5
+ adcs x28, x29, x28
+ ldr x9, [sp, #48] // 8-byte Folded Reload
+ mul x29, x6, x9
+ umulh x30, x6, x3
+ adcs x29, x30, x29
+ umulh x30, x6, x9
+ mov x3, x9
+ mul x6, x6, x8
+ mov x5, x8
+ adcs x30, x30, xzr
+ cmn x6, x12
+ adcs x12, x24, x22
+ adcs x17, x23, x17
+ adcs x2, x25, x2
+ mul x6, x0, x11
+ adcs x7, x27, x7
+ mul x22, x0, x13
+ adcs x20, x28, x20
+ mul x23, x0, x10
+ adcs x21, x29, x21
+ mul x24, x0, x16
+ adcs x29, x30, x1
+ mov x1, x15
+ umulh x25, x0, x1
+ adcs x26, x26, xzr
+ adds x24, x25, x24
+ umulh x25, x0, x16
+ adcs x23, x25, x23
+ umulh x25, x0, x10
+ adcs x22, x25, x22
+ umulh x25, x0, x13
+ adcs x6, x25, x6
+ mul x25, x0, x18
+ umulh x27, x0, x11
+ adcs x25, x27, x25
+ mov x9, x14
+ mul x27, x0, x9
+ umulh x28, x0, x18
+ adcs x27, x28, x27
+ umulh x28, x0, x9
+ mul x0, x0, x1
+ adcs x28, x28, xzr
+ adds x12, x12, x0
+ adcs x8, x17, x24
+ str x8, [sp, #40] // 8-byte Folded Spill
+ adcs x8, x2, x23
+ str x8, [sp, #32] // 8-byte Folded Spill
+ mul x2, x12, x19
+ adcs x7, x7, x22
+ mul x22, x2, x4
+ adcs x8, x20, x6
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ mul x20, x2, x8
+ adcs x21, x21, x25
+ ldr x9, [sp, #72] // 8-byte Folded Reload
+ mul x23, x2, x9
+ adcs x19, x29, x27
+ mov x15, x5
+ umulh x24, x2, x15
+ adcs x17, x26, x28
+ str x17, [sp, #8] // 8-byte Folded Spill
+ adcs x26, xzr, xzr
+ adds x23, x24, x23
+ umulh x24, x2, x9
+ adcs x20, x24, x20
+ umulh x24, x2, x8
+ adcs x22, x24, x22
+ ldp x25, x8, [sp, #104]
+ mul x24, x2, x25
+ umulh x27, x2, x4
+ adcs x6, x27, x24
+ ldr x5, [sp, #80] // 8-byte Folded Reload
+ mul x27, x2, x5
+ umulh x28, x2, x25
+ adcs x27, x28, x27
+ mul x28, x2, x3
+ umulh x29, x2, x5
+ adcs x28, x29, x28
+ ldr x29, [x8, #48]
+ mul x30, x2, x15
+ umulh x2, x2, x3
+ adcs x2, x2, xzr
+ cmn x30, x12
+ umulh x24, x29, x14
+ mul x30, x29, x14
+ umulh x0, x29, x18
+ mul x18, x29, x18
+ umulh x17, x29, x11
+ mul x15, x29, x11
+ umulh x14, x29, x13
+ mul x13, x29, x13
+ umulh x12, x29, x10
+ mul x11, x29, x10
+ mul x10, x29, x16
+ umulh x9, x29, x16
+ umulh x8, x29, x1
+ mul x29, x29, x1
+ ldr x16, [sp, #40] // 8-byte Folded Reload
+ adcs x23, x23, x16
+ ldr x16, [sp, #32] // 8-byte Folded Reload
+ adcs x20, x20, x16
+ adcs x7, x22, x7
+ ldr x16, [sp, #16] // 8-byte Folded Reload
+ adcs x6, x6, x16
+ adcs x21, x27, x21
+ adcs x19, x28, x19
+ ldr x16, [sp, #8] // 8-byte Folded Reload
+ adcs x2, x2, x16
+ adcs x22, x26, xzr
+ adds x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, x12, x13
+ adcs x11, x14, x15
+ adcs x12, x17, x18
+ adcs x13, x0, x30
+ adcs x14, x24, xzr
+ adds x15, x23, x29
+ adcs x8, x20, x8
+ ldr x16, [sp, #128] // 8-byte Folded Reload
+ mul x16, x15, x16
+ adcs x9, x7, x9
+ mul x17, x16, x3
+ mul x18, x16, x5
+ mul x0, x16, x25
+ adcs x10, x6, x10
+ mul x6, x16, x4
+ adcs x11, x21, x11
+ ldr x21, [sp, #136] // 8-byte Folded Reload
+ mul x7, x16, x21
+ adcs x12, x19, x12
+ ldr x23, [sp, #72] // 8-byte Folded Reload
+ mul x19, x16, x23
+ adcs x13, x2, x13
+ ldr x24, [sp, #24] // 8-byte Folded Reload
+ umulh x2, x16, x24
+ adcs x14, x22, x14
+ adcs x20, xzr, xzr
+ adds x2, x2, x19
+ umulh x19, x16, x23
+ adcs x7, x19, x7
+ umulh x19, x16, x21
+ adcs x6, x19, x6
+ umulh x19, x16, x4
+ adcs x0, x19, x0
+ umulh x19, x16, x25
+ adcs x18, x19, x18
+ umulh x19, x16, x5
+ adcs x17, x19, x17
+ umulh x19, x16, x3
+ mul x16, x16, x24
+ adcs x19, x19, xzr
+ cmn x16, x15
+ adcs x8, x2, x8
+ adcs x9, x7, x9
+ adcs x10, x6, x10
+ adcs x11, x0, x11
+ adcs x12, x18, x12
+ adcs x13, x17, x13
+ adcs x14, x19, x14
+ adcs x15, x20, xzr
+ subs x16, x8, x24
+ sbcs x17, x9, x23
+ sbcs x18, x10, x21
+ sbcs x0, x11, x4
+ sbcs x1, x12, x25
+ sbcs x2, x13, x5
+ sbcs x3, x14, x3
+ sbcs x15, x15, xzr
+ tst x15, #0x1
+ csel x8, x8, x16, ne
+ csel x9, x9, x17, ne
+ csel x10, x10, x18, ne
+ csel x11, x11, x0, ne
+ csel x12, x12, x1, ne
+ csel x13, x13, x2, ne
+ csel x14, x14, x3, ne
+ ldr x15, [sp, #64] // 8-byte Folded Reload
+ stp x8, x9, [x15]
+ stp x10, x11, [x15, #16]
+ stp x12, x13, [x15, #32]
+ str x14, [x15, #48]
+ add sp, sp, #144 // =144
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end98:
+ .size mcl_fp_mont7L, .Lfunc_end98-mcl_fp_mont7L
+
+ .globl mcl_fp_montNF7L
+ .align 2
+ .type mcl_fp_montNF7L,@function
+mcl_fp_montNF7L: // @mcl_fp_montNF7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ sub sp, sp, #32 // =32
+ stp x0, x2, [sp, #8]
+ ldr x7, [x2]
+ ldp x5, x16, [x1, #40]
+ ldp x6, x17, [x1, #24]
+ ldr x4, [x1]
+ ldp x1, x18, [x1, #8]
+ ldur x8, [x3, #-8]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x15, x0, [x3, #40]
+ ldp x11, x10, [x3, #24]
+ ldp x13, x12, [x3, #8]
+ ldr x14, [x3]
+ ldr x25, [x2, #8]
+ umulh x3, x16, x7
+ mul x19, x16, x7
+ umulh x20, x5, x7
+ mul x21, x5, x7
+ umulh x22, x17, x7
+ mul x23, x17, x7
+ umulh x24, x6, x7
+ mul x26, x6, x7
+ umulh x27, x18, x7
+ mul x28, x18, x7
+ mul x29, x1, x7
+ umulh x30, x4, x7
+ adds x29, x30, x29
+ umulh x30, x1, x7
+ mul x7, x4, x7
+ adcs x28, x30, x28
+ mul x30, x25, x5
+ adcs x26, x27, x26
+ mul x27, x25, x17
+ adcs x23, x24, x23
+ mul x24, x25, x6
+ adcs x21, x22, x21
+ mul x22, x7, x8
+ adcs x19, x20, x19
+ mul x20, x22, x14
+ adcs x3, x3, xzr
+ cmn x20, x7
+ mul x9, x25, x18
+ mul x7, x22, x13
+ adcs x7, x7, x29
+ mul x20, x22, x12
+ adcs x20, x20, x28
+ mul x28, x22, x11
+ adcs x26, x28, x26
+ mul x28, x22, x10
+ adcs x23, x28, x23
+ mul x28, x22, x15
+ adcs x21, x28, x21
+ mul x28, x22, x0
+ adcs x19, x28, x19
+ umulh x28, x22, x14
+ adcs x29, x3, xzr
+ adds x28, x7, x28
+ umulh x3, x22, x13
+ adcs x8, x20, x3
+ umulh x3, x22, x12
+ adcs x26, x26, x3
+ umulh x3, x22, x11
+ adcs x3, x23, x3
+ umulh x7, x22, x10
+ adcs x7, x21, x7
+ umulh x20, x22, x15
+ adcs x19, x19, x20
+ mul x21, x25, x1
+ umulh x20, x22, x0
+ adcs x20, x29, x20
+ umulh x22, x25, x4
+ adds x29, x22, x21
+ umulh x21, x25, x1
+ adcs x23, x21, x9
+ umulh x9, x25, x18
+ adcs x21, x9, x24
+ umulh x9, x25, x6
+ adcs x22, x9, x27
+ umulh x9, x25, x17
+ adcs x30, x9, x30
+ mul x9, x25, x16
+ umulh x24, x25, x5
+ adcs x24, x24, x9
+ umulh x9, x25, x16
+ mul x25, x25, x4
+ adcs x9, x9, xzr
+ adds x27, x25, x28
+ adcs x25, x29, x8
+ ldp x28, x8, [x2, #16]
+ adcs x29, x23, x26
+ adcs x3, x21, x3
+ mul x21, x28, x17
+ adcs x7, x22, x7
+ mul x22, x28, x6
+ adcs x19, x30, x19
+ ldr x2, [sp, #24] // 8-byte Folded Reload
+ mul x23, x27, x2
+ adcs x20, x24, x20
+ mul x24, x23, x14
+ adcs x9, x9, xzr
+ cmn x24, x27
+ mul x24, x28, x18
+ mul x26, x23, x13
+ adcs x25, x26, x25
+ mul x26, x23, x12
+ adcs x26, x26, x29
+ mul x27, x23, x11
+ adcs x3, x27, x3
+ mul x27, x23, x10
+ adcs x7, x27, x7
+ mul x27, x23, x15
+ adcs x19, x27, x19
+ mul x27, x23, x0
+ adcs x20, x27, x20
+ umulh x27, x23, x14
+ adcs x9, x9, xzr
+ adds x25, x25, x27
+ umulh x27, x23, x13
+ adcs x26, x26, x27
+ umulh x27, x23, x12
+ adcs x3, x3, x27
+ umulh x27, x23, x11
+ adcs x7, x7, x27
+ umulh x27, x23, x10
+ adcs x19, x19, x27
+ umulh x27, x23, x15
+ adcs x20, x20, x27
+ mul x27, x28, x1
+ umulh x23, x23, x0
+ adcs x9, x9, x23
+ umulh x23, x28, x4
+ adds x23, x23, x27
+ umulh x27, x28, x1
+ adcs x24, x27, x24
+ umulh x27, x28, x18
+ adcs x22, x27, x22
+ umulh x27, x28, x6
+ adcs x21, x27, x21
+ mul x27, x28, x5
+ umulh x29, x28, x17
+ adcs x27, x29, x27
+ mul x29, x28, x16
+ umulh x30, x28, x5
+ adcs x29, x30, x29
+ umulh x30, x28, x16
+ mul x28, x28, x4
+ adcs x30, x30, xzr
+ adds x25, x28, x25
+ adcs x23, x23, x26
+ adcs x3, x24, x3
+ mul x26, x8, x5
+ adcs x7, x22, x7
+ mul x22, x8, x17
+ adcs x19, x21, x19
+ mul x24, x8, x6
+ adcs x20, x27, x20
+ mul x21, x25, x2
+ adcs x9, x29, x9
+ mul x27, x21, x14
+ adcs x28, x30, xzr
+ cmn x27, x25
+ mul x25, x8, x18
+ mul x27, x21, x13
+ adcs x23, x27, x23
+ mul x27, x21, x12
+ adcs x3, x27, x3
+ mul x27, x21, x11
+ adcs x7, x27, x7
+ mul x27, x21, x10
+ adcs x19, x27, x19
+ mul x27, x21, x15
+ adcs x20, x27, x20
+ mul x27, x21, x0
+ adcs x9, x27, x9
+ umulh x27, x21, x14
+ adcs x28, x28, xzr
+ adds x27, x23, x27
+ umulh x23, x21, x13
+ adcs x3, x3, x23
+ umulh x23, x21, x12
+ adcs x30, x7, x23
+ umulh x7, x21, x11
+ adcs x7, x19, x7
+ umulh x19, x21, x10
+ adcs x19, x20, x19
+ umulh x20, x21, x15
+ adcs x20, x9, x20
+ mul x9, x8, x1
+ umulh x21, x21, x0
+ adcs x21, x28, x21
+ umulh x23, x8, x4
+ adds x9, x23, x9
+ umulh x23, x8, x1
+ adcs x28, x23, x25
+ umulh x23, x8, x18
+ adcs x23, x23, x24
+ umulh x24, x8, x6
+ adcs x24, x24, x22
+ umulh x22, x8, x17
+ adcs x25, x22, x26
+ mul x22, x8, x16
+ umulh x26, x8, x5
+ adcs x26, x26, x22
+ umulh x22, x8, x16
+ mul x29, x8, x4
+ adcs x2, x22, xzr
+ adds x29, x29, x27
+ adcs x27, x9, x3
+ ldr x8, [sp, #16] // 8-byte Folded Reload
+ ldp x22, x3, [x8, #32]
+ adcs x9, x28, x30
+ adcs x7, x23, x7
+ mul x23, x22, x17
+ adcs x19, x24, x19
+ mul x24, x22, x6
+ adcs x20, x25, x20
+ ldr x8, [sp, #24] // 8-byte Folded Reload
+ mul x25, x29, x8
+ adcs x21, x26, x21
+ mul x26, x25, x14
+ adcs x2, x2, xzr
+ cmn x26, x29
+ mul x26, x22, x18
+ mul x28, x25, x13
+ adcs x27, x28, x27
+ mul x28, x25, x12
+ adcs x9, x28, x9
+ mul x28, x25, x11
+ adcs x7, x28, x7
+ mul x28, x25, x10
+ adcs x19, x28, x19
+ mul x28, x25, x15
+ adcs x20, x28, x20
+ mul x28, x25, x0
+ adcs x21, x28, x21
+ umulh x28, x25, x14
+ adcs x2, x2, xzr
+ adds x27, x27, x28
+ umulh x28, x25, x13
+ adcs x9, x9, x28
+ umulh x28, x25, x12
+ adcs x7, x7, x28
+ umulh x28, x25, x11
+ adcs x19, x19, x28
+ umulh x28, x25, x10
+ adcs x20, x20, x28
+ umulh x28, x25, x15
+ adcs x21, x21, x28
+ mul x28, x22, x1
+ umulh x25, x25, x0
+ adcs x2, x2, x25
+ umulh x25, x22, x4
+ adds x25, x25, x28
+ umulh x28, x22, x1
+ adcs x26, x28, x26
+ umulh x28, x22, x18
+ adcs x24, x28, x24
+ umulh x28, x22, x6
+ adcs x23, x28, x23
+ mul x28, x22, x5
+ umulh x29, x22, x17
+ adcs x28, x29, x28
+ mul x29, x22, x16
+ umulh x30, x22, x5
+ adcs x29, x30, x29
+ umulh x30, x22, x16
+ mul x22, x22, x4
+ adcs x30, x30, xzr
+ adds x22, x22, x27
+ adcs x9, x25, x9
+ adcs x7, x26, x7
+ mul x25, x3, x5
+ adcs x19, x24, x19
+ mul x24, x3, x17
+ adcs x20, x23, x20
+ mul x23, x3, x6
+ adcs x21, x28, x21
+ mul x26, x22, x8
+ adcs x8, x29, x2
+ mul x27, x26, x14
+ adcs x28, x30, xzr
+ cmn x27, x22
+ mul x22, x3, x18
+ mul x27, x26, x13
+ adcs x9, x27, x9
+ mul x27, x26, x12
+ adcs x7, x27, x7
+ mul x27, x26, x11
+ adcs x19, x27, x19
+ mul x27, x26, x10
+ adcs x20, x27, x20
+ mul x27, x26, x15
+ adcs x21, x27, x21
+ mul x27, x26, x0
+ adcs x8, x27, x8
+ umulh x27, x26, x14
+ adcs x28, x28, xzr
+ adds x9, x9, x27
+ umulh x27, x26, x13
+ adcs x7, x7, x27
+ umulh x27, x26, x12
+ adcs x19, x19, x27
+ umulh x27, x26, x11
+ adcs x20, x20, x27
+ umulh x27, x26, x10
+ adcs x21, x21, x27
+ umulh x27, x26, x15
+ adcs x8, x8, x27
+ mul x27, x3, x1
+ umulh x26, x26, x0
+ adcs x26, x28, x26
+ umulh x28, x3, x4
+ adds x27, x28, x27
+ umulh x28, x3, x1
+ adcs x22, x28, x22
+ umulh x28, x3, x18
+ adcs x23, x28, x23
+ umulh x28, x3, x6
+ adcs x24, x28, x24
+ umulh x28, x3, x17
+ adcs x25, x28, x25
+ mul x28, x3, x16
+ umulh x29, x3, x5
+ adcs x28, x29, x28
+ ldp x2, x30, [sp, #16]
+ ldr x2, [x2, #48]
+ umulh x29, x3, x16
+ mul x3, x3, x4
+ adcs x29, x29, xzr
+ adds x9, x3, x9
+ adcs x3, x27, x7
+ umulh x7, x2, x16
+ mul x16, x2, x16
+ adcs x19, x22, x19
+ umulh x22, x2, x5
+ mul x5, x2, x5
+ adcs x20, x23, x20
+ umulh x23, x2, x17
+ mul x17, x2, x17
+ adcs x21, x24, x21
+ umulh x24, x2, x6
+ mul x6, x2, x6
+ adcs x8, x25, x8
+ mul x25, x9, x30
+ adcs x26, x28, x26
+ mul x27, x25, x14
+ adcs x28, x29, xzr
+ cmn x27, x9
+ umulh x9, x2, x18
+ mul x18, x2, x18
+ umulh x27, x2, x1
+ mul x1, x2, x1
+ umulh x29, x2, x4
+ mul x2, x2, x4
+ mul x4, x25, x13
+ adcs x3, x4, x3
+ mul x4, x25, x12
+ adcs x4, x4, x19
+ mul x19, x25, x11
+ adcs x19, x19, x20
+ mul x20, x25, x10
+ adcs x20, x20, x21
+ mul x21, x25, x15
+ adcs x8, x21, x8
+ mul x21, x25, x0
+ adcs x21, x21, x26
+ adcs x26, x28, xzr
+ umulh x28, x25, x14
+ adds x3, x3, x28
+ umulh x28, x25, x13
+ adcs x4, x4, x28
+ umulh x28, x25, x12
+ adcs x19, x19, x28
+ umulh x28, x25, x11
+ adcs x20, x20, x28
+ umulh x28, x25, x10
+ adcs x8, x8, x28
+ umulh x28, x25, x15
+ adcs x21, x21, x28
+ umulh x25, x25, x0
+ adcs x25, x26, x25
+ adds x1, x29, x1
+ adcs x18, x27, x18
+ adcs x9, x9, x6
+ adcs x17, x24, x17
+ adcs x5, x23, x5
+ adcs x16, x22, x16
+ adcs x6, x7, xzr
+ adds x2, x2, x3
+ adcs x1, x1, x4
+ adcs x18, x18, x19
+ adcs x9, x9, x20
+ adcs x8, x17, x8
+ adcs x17, x5, x21
+ mul x3, x2, x30
+ adcs x16, x16, x25
+ mul x4, x3, x14
+ adcs x5, x6, xzr
+ cmn x4, x2
+ mul x2, x3, x13
+ adcs x1, x2, x1
+ mul x2, x3, x12
+ adcs x18, x2, x18
+ mul x2, x3, x11
+ adcs x9, x2, x9
+ mul x2, x3, x10
+ adcs x8, x2, x8
+ mul x2, x3, x15
+ adcs x17, x2, x17
+ mul x2, x3, x0
+ adcs x16, x2, x16
+ umulh x2, x3, x14
+ adcs x4, x5, xzr
+ adds x1, x1, x2
+ umulh x2, x3, x13
+ adcs x18, x18, x2
+ umulh x2, x3, x12
+ adcs x9, x9, x2
+ umulh x2, x3, x11
+ adcs x8, x8, x2
+ umulh x2, x3, x10
+ adcs x17, x17, x2
+ umulh x2, x3, x15
+ adcs x16, x16, x2
+ umulh x2, x3, x0
+ adcs x2, x4, x2
+ subs x14, x1, x14
+ sbcs x13, x18, x13
+ sbcs x12, x9, x12
+ sbcs x11, x8, x11
+ sbcs x10, x17, x10
+ sbcs x15, x16, x15
+ sbcs x0, x2, x0
+ asr x3, x0, #63
+ cmp x3, #0 // =0
+ csel x14, x1, x14, lt
+ csel x13, x18, x13, lt
+ csel x9, x9, x12, lt
+ csel x8, x8, x11, lt
+ csel x10, x17, x10, lt
+ csel x11, x16, x15, lt
+ csel x12, x2, x0, lt
+ ldr x15, [sp, #8] // 8-byte Folded Reload
+ stp x14, x13, [x15]
+ stp x9, x8, [x15, #16]
+ stp x10, x11, [x15, #32]
+ str x12, [x15, #48]
+ add sp, sp, #32 // =32
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end99:
+ .size mcl_fp_montNF7L, .Lfunc_end99-mcl_fp_montNF7L
+
+ .globl mcl_fp_montRed7L
+ .align 2
+ .type mcl_fp_montRed7L,@function
+mcl_fp_montRed7L: // @mcl_fp_montRed7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ ldur x15, [x2, #-8]
+ ldp x9, x8, [x2, #40]
+ ldp x11, x10, [x2, #24]
+ ldp x13, x12, [x2, #8]
+ ldr x14, [x2]
+ ldp x17, x18, [x1, #96]
+ ldp x2, x3, [x1, #80]
+ ldp x4, x5, [x1, #64]
+ ldp x6, x7, [x1, #48]
+ ldp x19, x20, [x1, #32]
+ ldp x21, x22, [x1, #16]
+ ldp x16, x1, [x1]
+ mul x23, x16, x15
+ mul x24, x23, x8
+ mul x25, x23, x9
+ mul x26, x23, x10
+ mul x27, x23, x11
+ mul x28, x23, x12
+ mul x29, x23, x13
+ umulh x30, x23, x14
+ adds x29, x30, x29
+ umulh x30, x23, x13
+ adcs x28, x30, x28
+ umulh x30, x23, x12
+ adcs x27, x30, x27
+ umulh x30, x23, x11
+ adcs x26, x30, x26
+ umulh x30, x23, x10
+ adcs x25, x30, x25
+ umulh x30, x23, x9
+ adcs x24, x30, x24
+ umulh x30, x23, x8
+ mul x23, x23, x14
+ adcs x30, x30, xzr
+ cmn x16, x23
+ adcs x16, x1, x29
+ adcs x1, x21, x28
+ mul x21, x16, x15
+ adcs x22, x22, x27
+ mul x23, x21, x8
+ mul x27, x21, x9
+ mul x28, x21, x10
+ mul x29, x21, x11
+ adcs x19, x19, x26
+ mul x26, x21, x12
+ adcs x20, x20, x25
+ mul x25, x21, x13
+ adcs x6, x6, x24
+ umulh x24, x21, x14
+ adcs x7, x7, x30
+ adcs x4, x4, xzr
+ adcs x5, x5, xzr
+ adcs x2, x2, xzr
+ adcs x3, x3, xzr
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x30, xzr, xzr
+ adds x24, x24, x25
+ umulh x25, x21, x13
+ adcs x25, x25, x26
+ umulh x26, x21, x12
+ adcs x26, x26, x29
+ umulh x29, x21, x11
+ adcs x28, x29, x28
+ umulh x29, x21, x10
+ adcs x27, x29, x27
+ umulh x29, x21, x9
+ adcs x23, x29, x23
+ umulh x29, x21, x8
+ mul x21, x21, x14
+ adcs x29, x29, xzr
+ cmn x21, x16
+ adcs x16, x24, x1
+ adcs x1, x25, x22
+ mul x21, x16, x15
+ adcs x19, x26, x19
+ mul x22, x21, x8
+ mul x24, x21, x9
+ mul x25, x21, x10
+ adcs x20, x28, x20
+ mul x26, x21, x11
+ adcs x6, x27, x6
+ mul x27, x21, x12
+ adcs x7, x23, x7
+ mul x23, x21, x13
+ adcs x4, x29, x4
+ umulh x28, x21, x14
+ adcs x5, x5, xzr
+ adcs x2, x2, xzr
+ adcs x3, x3, xzr
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x29, x30, xzr
+ adds x23, x28, x23
+ umulh x28, x21, x13
+ adcs x27, x28, x27
+ umulh x28, x21, x12
+ adcs x26, x28, x26
+ umulh x28, x21, x11
+ adcs x25, x28, x25
+ umulh x28, x21, x10
+ adcs x24, x28, x24
+ umulh x28, x21, x9
+ adcs x22, x28, x22
+ umulh x28, x21, x8
+ mul x21, x21, x14
+ adcs x28, x28, xzr
+ cmn x21, x16
+ adcs x16, x23, x1
+ adcs x1, x27, x19
+ mul x19, x16, x15
+ adcs x20, x26, x20
+ mul x21, x19, x8
+ mul x23, x19, x9
+ mul x26, x19, x10
+ adcs x6, x25, x6
+ mul x25, x19, x11
+ adcs x7, x24, x7
+ mul x24, x19, x12
+ adcs x4, x22, x4
+ mul x22, x19, x13
+ adcs x5, x28, x5
+ umulh x27, x19, x14
+ adcs x2, x2, xzr
+ adcs x3, x3, xzr
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x28, x29, xzr
+ adds x22, x27, x22
+ umulh x27, x19, x13
+ adcs x24, x27, x24
+ umulh x27, x19, x12
+ adcs x25, x27, x25
+ umulh x27, x19, x11
+ adcs x26, x27, x26
+ umulh x27, x19, x10
+ adcs x23, x27, x23
+ umulh x27, x19, x9
+ adcs x21, x27, x21
+ umulh x27, x19, x8
+ mul x19, x19, x14
+ adcs x27, x27, xzr
+ cmn x19, x16
+ adcs x16, x22, x1
+ adcs x1, x24, x20
+ mul x19, x16, x15
+ adcs x6, x25, x6
+ mul x20, x19, x8
+ mul x22, x19, x9
+ mul x24, x19, x10
+ adcs x7, x26, x7
+ mul x25, x19, x11
+ adcs x4, x23, x4
+ mul x23, x19, x12
+ adcs x5, x21, x5
+ mul x21, x19, x13
+ adcs x2, x27, x2
+ umulh x26, x19, x14
+ adcs x3, x3, xzr
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x27, x28, xzr
+ adds x21, x26, x21
+ umulh x26, x19, x13
+ adcs x23, x26, x23
+ umulh x26, x19, x12
+ adcs x25, x26, x25
+ umulh x26, x19, x11
+ adcs x24, x26, x24
+ umulh x26, x19, x10
+ adcs x22, x26, x22
+ umulh x26, x19, x9
+ adcs x20, x26, x20
+ umulh x26, x19, x8
+ mul x19, x19, x14
+ adcs x26, x26, xzr
+ cmn x19, x16
+ adcs x16, x21, x1
+ adcs x1, x23, x6
+ mul x6, x16, x15
+ adcs x7, x25, x7
+ mul x19, x6, x8
+ mul x21, x6, x9
+ mul x23, x6, x10
+ adcs x4, x24, x4
+ mul x24, x6, x11
+ adcs x5, x22, x5
+ mul x22, x6, x12
+ adcs x2, x20, x2
+ mul x20, x6, x13
+ adcs x3, x26, x3
+ umulh x25, x6, x14
+ adcs x17, x17, xzr
+ adcs x18, x18, xzr
+ adcs x26, x27, xzr
+ adds x20, x25, x20
+ umulh x25, x6, x13
+ adcs x22, x25, x22
+ umulh x25, x6, x12
+ adcs x24, x25, x24
+ umulh x25, x6, x11
+ adcs x23, x25, x23
+ umulh x25, x6, x10
+ adcs x21, x25, x21
+ umulh x25, x6, x9
+ adcs x19, x25, x19
+ umulh x25, x6, x8
+ mul x6, x6, x14
+ adcs x25, x25, xzr
+ cmn x6, x16
+ adcs x16, x20, x1
+ adcs x1, x22, x7
+ mul x15, x16, x15
+ adcs x4, x24, x4
+ mul x6, x15, x8
+ mul x7, x15, x9
+ mul x20, x15, x10
+ adcs x5, x23, x5
+ mul x22, x15, x11
+ adcs x2, x21, x2
+ mul x21, x15, x12
+ adcs x3, x19, x3
+ mul x19, x15, x13
+ adcs x17, x25, x17
+ umulh x23, x15, x14
+ adcs x18, x18, xzr
+ adcs x24, x26, xzr
+ adds x19, x23, x19
+ umulh x23, x15, x13
+ adcs x21, x23, x21
+ umulh x23, x15, x12
+ adcs x22, x23, x22
+ umulh x23, x15, x11
+ adcs x20, x23, x20
+ umulh x23, x15, x10
+ adcs x7, x23, x7
+ umulh x23, x15, x9
+ adcs x6, x23, x6
+ umulh x23, x15, x8
+ mul x15, x15, x14
+ adcs x23, x23, xzr
+ cmn x15, x16
+ adcs x15, x19, x1
+ adcs x16, x21, x4
+ adcs x1, x22, x5
+ adcs x2, x20, x2
+ adcs x3, x7, x3
+ adcs x17, x6, x17
+ adcs x18, x23, x18
+ adcs x4, x24, xzr
+ subs x14, x15, x14
+ sbcs x13, x16, x13
+ sbcs x12, x1, x12
+ sbcs x11, x2, x11
+ sbcs x10, x3, x10
+ sbcs x9, x17, x9
+ sbcs x8, x18, x8
+ sbcs x4, x4, xzr
+ tst x4, #0x1
+ csel x14, x15, x14, ne
+ csel x13, x16, x13, ne
+ csel x12, x1, x12, ne
+ csel x11, x2, x11, ne
+ csel x10, x3, x10, ne
+ csel x9, x17, x9, ne
+ csel x8, x18, x8, ne
+ stp x14, x13, [x0]
+ stp x12, x11, [x0, #16]
+ stp x10, x9, [x0, #32]
+ str x8, [x0, #48]
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end100:
+ .size mcl_fp_montRed7L, .Lfunc_end100-mcl_fp_montRed7L
+
+ .globl mcl_fp_addPre7L
+ .align 2
+ .type mcl_fp_addPre7L,@function
+mcl_fp_addPre7L: // @mcl_fp_addPre7L
+// BB#0:
+ ldp x11, x8, [x2, #40]
+ ldp x13, x9, [x1, #40]
+ ldp x15, x10, [x2, #24]
+ ldp x17, x14, [x2, #8]
+ ldr x16, [x2]
+ ldp x18, x2, [x1]
+ ldr x3, [x1, #16]
+ ldp x1, x12, [x1, #24]
+ adds x16, x16, x18
+ str x16, [x0]
+ adcs x16, x17, x2
+ adcs x14, x14, x3
+ stp x16, x14, [x0, #8]
+ adcs x14, x15, x1
+ adcs x10, x10, x12
+ stp x14, x10, [x0, #24]
+ adcs x10, x11, x13
+ adcs x9, x8, x9
+ adcs x8, xzr, xzr
+ stp x10, x9, [x0, #40]
+ mov x0, x8
+ ret
+.Lfunc_end101:
+ .size mcl_fp_addPre7L, .Lfunc_end101-mcl_fp_addPre7L
+
+ .globl mcl_fp_subPre7L
+ .align 2
+ .type mcl_fp_subPre7L,@function
+mcl_fp_subPre7L: // @mcl_fp_subPre7L
+// BB#0:
+ ldp x11, x8, [x2, #40]
+ ldp x13, x9, [x1, #40]
+ ldp x15, x10, [x2, #24]
+ ldp x17, x14, [x2, #8]
+ ldr x16, [x2]
+ ldp x18, x2, [x1]
+ ldr x3, [x1, #16]
+ ldp x1, x12, [x1, #24]
+ subs x16, x18, x16
+ str x16, [x0]
+ sbcs x16, x2, x17
+ sbcs x14, x3, x14
+ stp x16, x14, [x0, #8]
+ sbcs x14, x1, x15
+ sbcs x10, x12, x10
+ stp x14, x10, [x0, #24]
+ sbcs x10, x13, x11
+ sbcs x9, x9, x8
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ stp x10, x9, [x0, #40]
+ mov x0, x8
+ ret
+.Lfunc_end102:
+ .size mcl_fp_subPre7L, .Lfunc_end102-mcl_fp_subPre7L
+
+ .globl mcl_fp_shr1_7L
+ .align 2
+ .type mcl_fp_shr1_7L,@function
+mcl_fp_shr1_7L: // @mcl_fp_shr1_7L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x14, x10, [x1, #40]
+ ldp x11, x12, [x1, #16]
+ ldr x13, [x1, #32]
+ extr x8, x9, x8, #1
+ extr x9, x11, x9, #1
+ extr x11, x12, x11, #1
+ extr x12, x13, x12, #1
+ extr x13, x14, x13, #1
+ extr x14, x10, x14, #1
+ lsr x10, x10, #1
+ stp x8, x9, [x0]
+ stp x11, x12, [x0, #16]
+ stp x13, x14, [x0, #32]
+ str x10, [x0, #48]
+ ret
+.Lfunc_end103:
+ .size mcl_fp_shr1_7L, .Lfunc_end103-mcl_fp_shr1_7L
+
+ .globl mcl_fp_add7L
+ .align 2
+ .type mcl_fp_add7L,@function
+mcl_fp_add7L: // @mcl_fp_add7L
+// BB#0:
+ ldp x11, x8, [x2, #40]
+ ldp x13, x9, [x1, #40]
+ ldp x15, x10, [x2, #24]
+ ldp x17, x14, [x2, #8]
+ ldr x16, [x2]
+ ldp x18, x2, [x1]
+ ldr x4, [x1, #16]
+ ldp x1, x12, [x1, #24]
+ adds x16, x16, x18
+ ldp x5, x18, [x3, #40]
+ adcs x17, x17, x2
+ adcs x2, x14, x4
+ ldr x4, [x3, #32]
+ adcs x15, x15, x1
+ adcs x10, x10, x12
+ ldp x12, x1, [x3]
+ stp x16, x17, [x0]
+ stp x2, x15, [x0, #16]
+ adcs x6, x11, x13
+ stp x10, x6, [x0, #32]
+ adcs x8, x8, x9
+ str x8, [x0, #48]
+ adcs x7, xzr, xzr
+ ldp x9, x11, [x3, #16]
+ subs x14, x16, x12
+ sbcs x13, x17, x1
+ sbcs x12, x2, x9
+ sbcs x11, x15, x11
+ sbcs x10, x10, x4
+ sbcs x9, x6, x5
+ sbcs x8, x8, x18
+ sbcs x15, x7, xzr
+ and w15, w15, #0x1
+ tbnz w15, #0, .LBB104_2
+// BB#1: // %nocarry
+ stp x14, x13, [x0]
+ stp x12, x11, [x0, #16]
+ stp x10, x9, [x0, #32]
+ str x8, [x0, #48]
+.LBB104_2: // %carry
+ ret
+.Lfunc_end104:
+ .size mcl_fp_add7L, .Lfunc_end104-mcl_fp_add7L
+
+ .globl mcl_fp_addNF7L
+ .align 2
+ .type mcl_fp_addNF7L,@function
+mcl_fp_addNF7L: // @mcl_fp_addNF7L
+// BB#0:
+ ldp x11, x8, [x1, #40]
+ ldp x13, x9, [x2, #40]
+ ldp x15, x10, [x1, #24]
+ ldp x17, x14, [x1, #8]
+ ldr x16, [x1]
+ ldp x18, x1, [x2]
+ ldr x4, [x2, #16]
+ ldp x2, x12, [x2, #24]
+ adds x16, x18, x16
+ adcs x17, x1, x17
+ adcs x14, x4, x14
+ ldp x4, x18, [x3, #40]
+ adcs x15, x2, x15
+ adcs x10, x12, x10
+ ldp x12, x2, [x3]
+ adcs x11, x13, x11
+ ldr x13, [x3, #16]
+ ldp x3, x1, [x3, #24]
+ adcs x8, x9, x8
+ subs x9, x16, x12
+ sbcs x12, x17, x2
+ sbcs x13, x14, x13
+ sbcs x2, x15, x3
+ sbcs x1, x10, x1
+ sbcs x3, x11, x4
+ sbcs x18, x8, x18
+ asr x4, x18, #63
+ cmp x4, #0 // =0
+ csel x9, x16, x9, lt
+ csel x12, x17, x12, lt
+ csel x13, x14, x13, lt
+ csel x14, x15, x2, lt
+ csel x10, x10, x1, lt
+ csel x11, x11, x3, lt
+ csel x8, x8, x18, lt
+ stp x9, x12, [x0]
+ stp x13, x14, [x0, #16]
+ stp x10, x11, [x0, #32]
+ str x8, [x0, #48]
+ ret
+.Lfunc_end105:
+ .size mcl_fp_addNF7L, .Lfunc_end105-mcl_fp_addNF7L
+
+ .globl mcl_fp_sub7L
+ .align 2
+ .type mcl_fp_sub7L,@function
+mcl_fp_sub7L: // @mcl_fp_sub7L
+// BB#0:
+ ldp x13, x14, [x2, #40]
+ ldp x17, x15, [x1, #40]
+ ldp x11, x12, [x2, #24]
+ ldp x9, x10, [x2, #8]
+ ldr x8, [x2]
+ ldp x18, x2, [x1]
+ ldr x4, [x1, #16]
+ ldp x1, x16, [x1, #24]
+ subs x8, x18, x8
+ sbcs x9, x2, x9
+ stp x8, x9, [x0]
+ sbcs x10, x4, x10
+ sbcs x11, x1, x11
+ stp x10, x11, [x0, #16]
+ sbcs x12, x16, x12
+ sbcs x13, x17, x13
+ stp x12, x13, [x0, #32]
+ sbcs x14, x15, x14
+ str x14, [x0, #48]
+ ngcs x15, xzr
+ and w15, w15, #0x1
+ tbnz w15, #0, .LBB106_2
+// BB#1: // %nocarry
+ ret
+.LBB106_2: // %carry
+ ldp x16, x17, [x3]
+ ldp x18, x1, [x3, #16]
+ ldr x2, [x3, #32]
+ ldp x3, x15, [x3, #40]
+ adds x8, x16, x8
+ adcs x9, x17, x9
+ adcs x10, x18, x10
+ adcs x11, x1, x11
+ adcs x12, x2, x12
+ adcs x13, x3, x13
+ adcs x14, x15, x14
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ str x14, [x0, #48]
+ ret
+.Lfunc_end106:
+ .size mcl_fp_sub7L, .Lfunc_end106-mcl_fp_sub7L
+
+ .globl mcl_fp_subNF7L
+ .align 2
+ .type mcl_fp_subNF7L,@function
+mcl_fp_subNF7L: // @mcl_fp_subNF7L
+// BB#0:
+ ldp x11, x8, [x2, #40]
+ ldp x13, x9, [x1, #40]
+ ldp x15, x10, [x2, #24]
+ ldp x17, x14, [x2, #8]
+ ldr x16, [x2]
+ ldp x18, x2, [x1]
+ ldr x4, [x1, #16]
+ ldp x1, x12, [x1, #24]
+ subs x16, x18, x16
+ sbcs x17, x2, x17
+ sbcs x14, x4, x14
+ ldp x4, x18, [x3, #40]
+ sbcs x15, x1, x15
+ sbcs x10, x12, x10
+ ldp x12, x1, [x3]
+ sbcs x11, x13, x11
+ ldr x13, [x3, #16]
+ ldp x3, x2, [x3, #24]
+ sbcs x8, x9, x8
+ asr x9, x8, #63
+ and x1, x9, x1
+ and x13, x9, x13
+ and x3, x9, x3
+ and x2, x9, x2
+ and x4, x9, x4
+ and x18, x9, x18
+ extr x9, x9, x8, #63
+ and x9, x9, x12
+ adds x9, x9, x16
+ str x9, [x0]
+ adcs x9, x1, x17
+ str x9, [x0, #8]
+ adcs x9, x13, x14
+ str x9, [x0, #16]
+ adcs x9, x3, x15
+ str x9, [x0, #24]
+ adcs x9, x2, x10
+ str x9, [x0, #32]
+ adcs x9, x4, x11
+ adcs x8, x18, x8
+ stp x9, x8, [x0, #40]
+ ret
+.Lfunc_end107:
+ .size mcl_fp_subNF7L, .Lfunc_end107-mcl_fp_subNF7L
+
+ .globl mcl_fpDbl_add7L
+ .align 2
+ .type mcl_fpDbl_add7L,@function
+mcl_fpDbl_add7L: // @mcl_fpDbl_add7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ ldp x8, x9, [x2, #96]
+ ldp x10, x11, [x1, #96]
+ ldp x12, x13, [x2, #80]
+ ldp x14, x15, [x1, #80]
+ ldp x16, x17, [x2, #64]
+ ldp x18, x4, [x1, #64]
+ ldp x5, x6, [x2, #48]
+ ldp x7, x19, [x1, #48]
+ ldp x20, x21, [x2, #32]
+ ldp x22, x23, [x1, #32]
+ ldp x24, x25, [x2, #16]
+ ldp x27, x2, [x2]
+ ldp x28, x29, [x1, #16]
+ ldp x26, x1, [x1]
+ adds x26, x27, x26
+ ldr x27, [x3, #48]
+ str x26, [x0]
+ adcs x1, x2, x1
+ ldp x2, x26, [x3, #32]
+ str x1, [x0, #8]
+ adcs x1, x24, x28
+ ldp x24, x28, [x3, #16]
+ str x1, [x0, #16]
+ ldp x1, x3, [x3]
+ adcs x25, x25, x29
+ adcs x20, x20, x22
+ stp x25, x20, [x0, #24]
+ adcs x20, x21, x23
+ adcs x5, x5, x7
+ stp x20, x5, [x0, #40]
+ adcs x5, x6, x19
+ adcs x16, x16, x18
+ adcs x17, x17, x4
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ adcs x8, x8, x10
+ adcs x9, x9, x11
+ adcs x10, xzr, xzr
+ subs x11, x5, x1
+ sbcs x14, x16, x3
+ sbcs x15, x17, x24
+ sbcs x18, x12, x28
+ sbcs x1, x13, x2
+ sbcs x2, x8, x26
+ sbcs x3, x9, x27
+ sbcs x10, x10, xzr
+ tst x10, #0x1
+ csel x10, x5, x11, ne
+ csel x11, x16, x14, ne
+ csel x14, x17, x15, ne
+ csel x12, x12, x18, ne
+ csel x13, x13, x1, ne
+ csel x8, x8, x2, ne
+ csel x9, x9, x3, ne
+ stp x10, x11, [x0, #56]
+ stp x14, x12, [x0, #72]
+ stp x13, x8, [x0, #88]
+ str x9, [x0, #104]
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end108:
+ .size mcl_fpDbl_add7L, .Lfunc_end108-mcl_fpDbl_add7L
+
+ .globl mcl_fpDbl_sub7L
+ .align 2
+ .type mcl_fpDbl_sub7L,@function
+mcl_fpDbl_sub7L: // @mcl_fpDbl_sub7L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ ldp x9, x8, [x2, #96]
+ ldp x11, x10, [x1, #96]
+ ldp x12, x13, [x2, #80]
+ ldp x14, x15, [x1, #80]
+ ldp x16, x17, [x2, #64]
+ ldp x18, x4, [x1, #64]
+ ldp x5, x6, [x2, #48]
+ ldp x7, x19, [x1, #48]
+ ldp x20, x21, [x2, #32]
+ ldp x22, x23, [x1, #32]
+ ldp x24, x25, [x2, #16]
+ ldp x26, x2, [x2]
+ ldp x28, x29, [x1, #16]
+ ldp x27, x1, [x1]
+ subs x26, x27, x26
+ ldr x27, [x3, #48]
+ str x26, [x0]
+ sbcs x1, x1, x2
+ ldp x2, x26, [x3, #32]
+ str x1, [x0, #8]
+ sbcs x1, x28, x24
+ ldp x24, x28, [x3, #16]
+ str x1, [x0, #16]
+ ldp x1, x3, [x3]
+ sbcs x25, x29, x25
+ sbcs x20, x22, x20
+ stp x25, x20, [x0, #24]
+ sbcs x20, x23, x21
+ sbcs x5, x7, x5
+ stp x20, x5, [x0, #40]
+ sbcs x5, x19, x6
+ sbcs x16, x18, x16
+ sbcs x17, x4, x17
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ sbcs x9, x11, x9
+ sbcs x8, x10, x8
+ ngcs x10, xzr
+ tst x10, #0x1
+ csel x10, x27, xzr, ne
+ csel x11, x26, xzr, ne
+ csel x14, x2, xzr, ne
+ csel x15, x28, xzr, ne
+ csel x18, x24, xzr, ne
+ csel x2, x3, xzr, ne
+ csel x1, x1, xzr, ne
+ adds x1, x1, x5
+ adcs x16, x2, x16
+ stp x1, x16, [x0, #56]
+ adcs x16, x18, x17
+ adcs x12, x15, x12
+ stp x16, x12, [x0, #72]
+ adcs x12, x14, x13
+ adcs x9, x11, x9
+ stp x12, x9, [x0, #88]
+ adcs x8, x10, x8
+ str x8, [x0, #104]
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end109:
+ .size mcl_fpDbl_sub7L, .Lfunc_end109-mcl_fpDbl_sub7L
+
+ .align 2
+ .type .LmulPv512x64,@function
+.LmulPv512x64: // @mulPv512x64
+// BB#0:
+ ldr x9, [x0]
+ mul x10, x9, x1
+ str x10, [x8]
+ ldr x10, [x0, #8]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adds x9, x9, x11
+ str x9, [x8, #8]
+ ldr x9, [x0, #16]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #16]
+ ldr x10, [x0, #24]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #24]
+ ldr x9, [x0, #32]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #32]
+ ldr x10, [x0, #40]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #40]
+ ldr x9, [x0, #48]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #48]
+ ldr x10, [x0, #56]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ umulh x10, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #56]
+ adcs x9, x10, xzr
+ str x9, [x8, #64]
+ ret
+.Lfunc_end110:
+ .size .LmulPv512x64, .Lfunc_end110-.LmulPv512x64
+
+ .globl mcl_fp_mulUnitPre8L
+ .align 2
+ .type mcl_fp_mulUnitPre8L,@function
+mcl_fp_mulUnitPre8L: // @mcl_fp_mulUnitPre8L
+// BB#0:
+ stp x20, x19, [sp, #-32]!
+ stp x29, x30, [sp, #16]
+ add x29, sp, #16 // =16
+ sub sp, sp, #80 // =80
+ mov x19, x0
+ mov x8, sp
+ mov x0, x1
+ mov x1, x2
+ bl .LmulPv512x64
+ ldp x9, x8, [sp, #56]
+ ldp x11, x10, [sp, #40]
+ ldp x16, x12, [sp, #24]
+ ldp x13, x14, [sp]
+ ldr x15, [sp, #16]
+ stp x13, x14, [x19]
+ stp x15, x16, [x19, #16]
+ stp x12, x11, [x19, #32]
+ stp x10, x9, [x19, #48]
+ str x8, [x19, #64]
+ sub sp, x29, #16 // =16
+ ldp x29, x30, [sp, #16]
+ ldp x20, x19, [sp], #32
+ ret
+.Lfunc_end111:
+ .size mcl_fp_mulUnitPre8L, .Lfunc_end111-mcl_fp_mulUnitPre8L
+
+ .globl mcl_fpDbl_mulPre8L
+ .align 2
+ .type mcl_fpDbl_mulPre8L,@function
+mcl_fpDbl_mulPre8L: // @mcl_fpDbl_mulPre8L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #144 // =144
+ mov x20, x2
+ mov x21, x1
+ mov x19, x0
+ bl mcl_fpDbl_mulPre4L
+ add x0, x19, #64 // =64
+ add x1, x21, #32 // =32
+ add x2, x20, #32 // =32
+ bl mcl_fpDbl_mulPre4L
+ ldp x8, x9, [x20, #48]
+ ldp x10, x11, [x20, #32]
+ ldp x12, x13, [x20]
+ ldp x14, x15, [x20, #16]
+ adds x18, x12, x10
+ str x18, [sp, #8] // 8-byte Folded Spill
+ ldp x10, x12, [x21, #16]
+ ldp x16, x17, [x21, #48]
+ adcs x22, x13, x11
+ ldp x11, x13, [x21]
+ adcs x23, x14, x8
+ ldp x8, x14, [x21, #32]
+ stp x18, x22, [sp, #16]
+ adcs x21, x15, x9
+ stp x23, x21, [sp, #32]
+ adcs x24, xzr, xzr
+ adds x25, x11, x8
+ adcs x26, x13, x14
+ stp x25, x26, [sp, #48]
+ adcs x27, x10, x16
+ adcs x28, x12, x17
+ stp x27, x28, [sp, #64]
+ adcs x20, xzr, xzr
+ add x0, sp, #80 // =80
+ add x1, sp, #48 // =48
+ add x2, sp, #16 // =16
+ bl mcl_fpDbl_mulPre4L
+ cmp x24, #0 // =0
+ csel x8, x28, xzr, ne
+ and x9, x24, x20
+ ldp x11, x10, [sp, #128]
+ ldp x13, x12, [sp, #112]
+ ldp x14, x15, [x19, #48]
+ ldp x16, x17, [x19, #32]
+ ldp x18, x0, [x19, #16]
+ csel x1, x27, xzr, ne
+ csel x2, x26, xzr, ne
+ csel x3, x25, xzr, ne
+ cmp x20, #0 // =0
+ ldp x4, x5, [x19]
+ csel x6, x21, xzr, ne
+ csel x7, x23, xzr, ne
+ csel x20, x22, xzr, ne
+ ldr x21, [sp, #8] // 8-byte Folded Reload
+ csel x21, x21, xzr, ne
+ adds x3, x21, x3
+ adcs x2, x20, x2
+ ldp x20, x21, [sp, #96]
+ adcs x1, x7, x1
+ adcs x8, x6, x8
+ adcs x6, xzr, xzr
+ adds x13, x3, x13
+ ldp x3, x7, [sp, #80]
+ adcs x12, x2, x12
+ adcs x11, x1, x11
+ ldp x1, x2, [x19, #112]
+ adcs x8, x8, x10
+ adcs x9, x6, x9
+ ldp x10, x6, [x19, #96]
+ subs x3, x3, x4
+ sbcs x4, x7, x5
+ ldp x5, x7, [x19, #80]
+ sbcs x18, x20, x18
+ sbcs x0, x21, x0
+ ldp x20, x21, [x19, #64]
+ sbcs x13, x13, x16
+ sbcs x12, x12, x17
+ sbcs x11, x11, x14
+ sbcs x8, x8, x15
+ sbcs x9, x9, xzr
+ subs x3, x3, x20
+ sbcs x4, x4, x21
+ sbcs x18, x18, x5
+ sbcs x0, x0, x7
+ sbcs x13, x13, x10
+ sbcs x12, x12, x6
+ sbcs x11, x11, x1
+ sbcs x8, x8, x2
+ sbcs x9, x9, xzr
+ adds x16, x16, x3
+ str x16, [x19, #32]
+ adcs x16, x17, x4
+ adcs x14, x14, x18
+ stp x16, x14, [x19, #40]
+ adcs x14, x15, x0
+ adcs x13, x20, x13
+ stp x14, x13, [x19, #56]
+ adcs x12, x21, x12
+ adcs x11, x5, x11
+ stp x12, x11, [x19, #72]
+ adcs x8, x7, x8
+ str x8, [x19, #88]
+ adcs x8, x10, x9
+ str x8, [x19, #96]
+ adcs x8, x6, xzr
+ str x8, [x19, #104]
+ adcs x8, x1, xzr
+ str x8, [x19, #112]
+ adcs x8, x2, xzr
+ str x8, [x19, #120]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end112:
+ .size mcl_fpDbl_mulPre8L, .Lfunc_end112-mcl_fpDbl_mulPre8L
+
+ .globl mcl_fpDbl_sqrPre8L
+ .align 2
+ .type mcl_fpDbl_sqrPre8L,@function
+mcl_fpDbl_sqrPre8L: // @mcl_fpDbl_sqrPre8L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #128 // =128
+ mov x20, x1
+ mov x19, x0
+ mov x2, x20
+ bl mcl_fpDbl_mulPre4L
+ add x0, x19, #64 // =64
+ add x1, x20, #32 // =32
+ mov x2, x1
+ bl mcl_fpDbl_mulPre4L
+ ldp x8, x9, [x20, #16]
+ ldp x10, x11, [x20, #32]
+ ldp x12, x13, [x20]
+ ldp x14, x15, [x20, #48]
+ adds x22, x12, x10
+ adcs x23, x13, x11
+ adcs x20, x8, x14
+ adcs x21, x9, x15
+ stp x22, x23, [sp, #32]
+ stp x22, x23, [sp]
+ stp x20, x21, [sp, #48]
+ stp x20, x21, [sp, #16]
+ adcs x24, xzr, xzr
+ add x0, sp, #64 // =64
+ add x1, sp, #32 // =32
+ mov x2, sp
+ bl mcl_fpDbl_mulPre4L
+ ldp x8, x9, [x19, #48]
+ ldp x10, x11, [x19]
+ ldp x12, x13, [sp, #64]
+ ldp x14, x15, [x19, #16]
+ ldp x16, x17, [sp, #80]
+ ldp x18, x0, [x19, #32]
+ subs x10, x12, x10
+ ldp x1, x12, [sp, #96]
+ sbcs x11, x13, x11
+ sbcs x14, x16, x14
+ ldp x13, x16, [sp, #112]
+ sbcs x15, x17, x15
+ sbcs x17, x1, x18
+ ldp x1, x2, [x19, #64]
+ ldp x3, x4, [x19, #80]
+ ldp x5, x6, [x19, #96]
+ ldp x7, x25, [x19, #112]
+ lsr x26, x21, #63
+ sbcs x12, x12, x0
+ sbcs x13, x13, x8
+ sbcs x16, x16, x9
+ sbcs x27, x24, xzr
+ subs x10, x10, x1
+ sbcs x11, x11, x2
+ sbcs x14, x14, x3
+ sbcs x15, x15, x4
+ sbcs x17, x17, x5
+ sbcs x12, x12, x6
+ sbcs x13, x13, x7
+ sbcs x16, x16, x25
+ sbcs x27, x27, xzr
+ adds x22, x22, x22
+ adcs x23, x23, x23
+ adcs x20, x20, x20
+ adcs x21, x21, x21
+ cmp x24, #0 // =0
+ csel x24, x26, xzr, ne
+ csel x21, x21, xzr, ne
+ csel x20, x20, xzr, ne
+ csel x23, x23, xzr, ne
+ csel x22, x22, xzr, ne
+ adds x17, x17, x22
+ adcs x12, x12, x23
+ adcs x13, x13, x20
+ adcs x16, x16, x21
+ adcs x20, x27, x24
+ adds x10, x10, x18
+ str x10, [x19, #32]
+ adcs x10, x11, x0
+ adcs x8, x14, x8
+ stp x10, x8, [x19, #40]
+ adcs x8, x15, x9
+ str x8, [x19, #56]
+ adcs x8, x17, x1
+ str x8, [x19, #64]
+ adcs x8, x12, x2
+ str x8, [x19, #72]
+ adcs x8, x13, x3
+ str x8, [x19, #80]
+ adcs x8, x16, x4
+ str x8, [x19, #88]
+ adcs x8, x20, x5
+ str x8, [x19, #96]
+ adcs x8, x6, xzr
+ str x8, [x19, #104]
+ adcs x8, x7, xzr
+ str x8, [x19, #112]
+ adcs x8, x25, xzr
+ str x8, [x19, #120]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end113:
+ .size mcl_fpDbl_sqrPre8L, .Lfunc_end113-mcl_fpDbl_sqrPre8L
+
+ .globl mcl_fp_mont8L
+ .align 2
+ .type mcl_fp_mont8L,@function
+mcl_fp_mont8L: // @mcl_fp_mont8L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #1424 // =1424
+ mov x20, x3
+ mov x26, x2
+ str x26, [sp, #120] // 8-byte Folded Spill
+ ldur x19, [x20, #-8]
+ str x19, [sp, #136] // 8-byte Folded Spill
+ ldr x9, [x26]
+ mov x27, x1
+ str x27, [sp, #128] // 8-byte Folded Spill
+ str x0, [sp, #112] // 8-byte Folded Spill
+ sub x8, x29, #160 // =160
+ mov x0, x27
+ mov x1, x9
+ bl .LmulPv512x64
+ ldur x24, [x29, #-160]
+ ldur x8, [x29, #-96]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldur x8, [x29, #-104]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldur x8, [x29, #-112]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldur x8, [x29, #-120]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldur x8, [x29, #-128]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldur x8, [x29, #-136]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldur x8, [x29, #-144]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldur x8, [x29, #-152]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ mul x1, x24, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv512x64
+ ldur x8, [x29, #-176]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldur x8, [x29, #-184]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldur x8, [x29, #-192]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x19, x28, [x29, #-208]
+ ldp x21, x23, [x29, #-224]
+ ldp x25, x22, [x29, #-240]
+ ldr x1, [x26, #8]
+ add x8, sp, #1184 // =1184
+ mov x0, x27
+ bl .LmulPv512x64
+ cmn x25, x24
+ ldr x8, [sp, #1248]
+ ldr x9, [sp, #1240]
+ ldp x10, x12, [sp, #48]
+ adcs x10, x22, x10
+ ldr x11, [sp, #1232]
+ adcs x12, x21, x12
+ ldr x13, [sp, #1224]
+ ldp x14, x16, [sp, #64]
+ adcs x14, x23, x14
+ ldr x15, [sp, #1216]
+ adcs x16, x19, x16
+ ldr x17, [sp, #1208]
+ ldp x18, x1, [sp, #80]
+ adcs x18, x28, x18
+ ldr x0, [sp, #1200]
+ ldp x2, x4, [sp, #24]
+ adcs x1, x2, x1
+ ldr x2, [sp, #1184]
+ ldp x3, x5, [sp, #96]
+ adcs x3, x4, x3
+ ldr x4, [sp, #1192]
+ ldr x6, [sp, #40] // 8-byte Folded Reload
+ adcs x5, x6, x5
+ adcs x6, xzr, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ ldr x22, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x22
+ add x8, sp, #1104 // =1104
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #1168]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1160]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1152]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #1144]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x25, [sp, #1136]
+ ldr x26, [sp, #1128]
+ ldr x27, [sp, #1120]
+ ldr x21, [sp, #1112]
+ ldr x28, [sp, #1104]
+ ldp x24, x23, [sp, #120]
+ ldr x1, [x24, #16]
+ add x8, sp, #1024 // =1024
+ mov x0, x23
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldr x8, [sp, #1088]
+ ldr x9, [sp, #1080]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldr x11, [sp, #1072]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ ldr x13, [sp, #1064]
+ adcs x14, x14, x26
+ ldr x15, [sp, #1056]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ ldr x17, [sp, #1048]
+ ldp x0, x2, [sp, #8]
+ adcs x18, x18, x0
+ ldr x0, [sp, #1040]
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ adcs x1, x1, x2
+ ldr x2, [sp, #1024]
+ ldp x5, x3, [sp, #96]
+ ldp x4, x6, [sp, #24]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1032]
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ mul x1, x19, x22
+ add x8, sp, #944 // =944
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #1008]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1000]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #992]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #984]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x25, [sp, #976]
+ ldr x26, [sp, #968]
+ ldr x27, [sp, #960]
+ ldr x21, [sp, #952]
+ ldr x28, [sp, #944]
+ mov x22, x24
+ ldr x1, [x22, #24]
+ add x8, sp, #864 // =864
+ mov x0, x23
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldr x8, [sp, #928]
+ ldr x9, [sp, #920]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldr x11, [sp, #912]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ ldr x13, [sp, #904]
+ adcs x14, x14, x26
+ ldr x15, [sp, #896]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ ldr x17, [sp, #888]
+ ldp x0, x2, [sp, #8]
+ adcs x18, x18, x0
+ ldr x0, [sp, #880]
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ adcs x1, x1, x2
+ ldr x2, [sp, #864]
+ ldp x5, x3, [sp, #96]
+ ldp x4, x6, [sp, #24]
+ adcs x3, x3, x4
+ ldr x4, [sp, #872]
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ ldr x23, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x23
+ add x8, sp, #784 // =784
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #848]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #840]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #832]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x24, [sp, #824]
+ ldr x25, [sp, #816]
+ ldr x26, [sp, #808]
+ ldr x27, [sp, #800]
+ ldr x21, [sp, #792]
+ ldr x28, [sp, #784]
+ ldr x1, [x22, #32]
+ add x8, sp, #704 // =704
+ ldr x22, [sp, #128] // 8-byte Folded Reload
+ mov x0, x22
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldr x8, [sp, #768]
+ ldr x9, [sp, #760]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldr x11, [sp, #752]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ ldr x13, [sp, #744]
+ adcs x14, x14, x26
+ ldr x15, [sp, #736]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ ldr x17, [sp, #728]
+ adcs x18, x18, x24
+ ldr x0, [sp, #720]
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #704]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #712]
+ ldr x6, [sp, #32] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ mul x1, x19, x23
+ add x8, sp, #624 // =624
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #688]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #680]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #672]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x24, [sp, #664]
+ ldr x25, [sp, #656]
+ ldr x26, [sp, #648]
+ ldr x27, [sp, #640]
+ ldr x21, [sp, #632]
+ ldr x28, [sp, #624]
+ ldr x23, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x23, #40]
+ add x8, sp, #544 // =544
+ mov x0, x22
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldr x8, [sp, #608]
+ ldr x9, [sp, #600]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldr x11, [sp, #592]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ ldr x13, [sp, #584]
+ adcs x14, x14, x26
+ ldr x15, [sp, #576]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ ldr x17, [sp, #568]
+ adcs x18, x18, x24
+ ldr x0, [sp, #560]
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #544]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #552]
+ ldr x6, [sp, #32] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ ldr x22, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x22
+ add x8, sp, #464 // =464
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #528]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #520]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #512]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldp x25, x24, [sp, #496]
+ ldp x27, x26, [sp, #480]
+ ldp x28, x21, [sp, #464]
+ ldr x1, [x23, #48]
+ add x8, sp, #384 // =384
+ ldr x23, [sp, #128] // 8-byte Folded Reload
+ mov x0, x23
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldp x9, x8, [sp, #440]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldp x13, x11, [sp, #424]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ adcs x14, x14, x26
+ ldp x17, x15, [sp, #408]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ adcs x18, x18, x24
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #384]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldp x4, x0, [sp, #392]
+ ldr x6, [sp, #32] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x10, x12, x4
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x0
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ adcs x8, x6, x8
+ stp x8, x9, [sp, #96]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #48]
+ mul x1, x19, x22
+ add x8, sp, #304 // =304
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #368]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldp x22, x8, [sp, #352]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x25, x24, [sp, #336]
+ ldp x27, x26, [sp, #320]
+ ldp x28, x21, [sp, #304]
+ ldr x8, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x8, #56]
+ add x8, sp, #224 // =224
+ mov x0, x23
+ bl .LmulPv512x64
+ cmn x19, x28
+ ldp x9, x8, [sp, #280]
+ ldr x10, [sp, #40] // 8-byte Folded Reload
+ adcs x10, x10, x21
+ ldp x13, x11, [sp, #264]
+ ldp x14, x12, [sp, #80]
+ adcs x12, x12, x27
+ adcs x14, x14, x26
+ ldp x17, x15, [sp, #248]
+ ldp x18, x16, [sp, #64]
+ adcs x16, x16, x25
+ adcs x18, x18, x24
+ ldr x1, [sp, #56] // 8-byte Folded Reload
+ adcs x1, x1, x22
+ ldr x2, [sp, #224]
+ ldp x5, x3, [sp, #96]
+ ldp x4, x6, [sp, #24]
+ adcs x3, x3, x4
+ ldp x4, x0, [sp, #232]
+ adcs x5, x5, x6
+ ldr x6, [sp, #48] // 8-byte Folded Reload
+ adcs x6, x6, xzr
+ adds x19, x10, x2
+ adcs x21, x12, x4
+ adcs x22, x14, x0
+ adcs x23, x16, x17
+ adcs x24, x18, x15
+ adcs x25, x1, x13
+ adcs x10, x3, x11
+ str x10, [sp, #128] // 8-byte Folded Spill
+ adcs x27, x5, x9
+ adcs x28, x6, x8
+ adcs x26, xzr, xzr
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x8
+ add x8, sp, #144 // =144
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x15, x8, [sp, #200]
+ ldp x9, x10, [sp, #144]
+ ldp x11, x12, [sp, #160]
+ cmn x19, x9
+ ldp x13, x9, [sp, #176]
+ adcs x10, x21, x10
+ ldr x14, [sp, #192]
+ adcs x11, x22, x11
+ adcs x12, x23, x12
+ adcs x13, x24, x13
+ adcs x9, x25, x9
+ ldp x16, x17, [x20, #48]
+ ldp x18, x0, [x20, #32]
+ ldp x1, x2, [x20, #16]
+ ldp x3, x4, [x20]
+ ldr x5, [sp, #128] // 8-byte Folded Reload
+ adcs x14, x5, x14
+ adcs x15, x27, x15
+ adcs x8, x28, x8
+ adcs x5, x26, xzr
+ subs x3, x10, x3
+ sbcs x4, x11, x4
+ sbcs x1, x12, x1
+ sbcs x2, x13, x2
+ sbcs x18, x9, x18
+ sbcs x0, x14, x0
+ sbcs x16, x15, x16
+ sbcs x17, x8, x17
+ sbcs x5, x5, xzr
+ tst x5, #0x1
+ csel x10, x10, x3, ne
+ csel x11, x11, x4, ne
+ csel x12, x12, x1, ne
+ csel x13, x13, x2, ne
+ csel x9, x9, x18, ne
+ csel x14, x14, x0, ne
+ csel x15, x15, x16, ne
+ csel x8, x8, x17, ne
+ ldr x16, [sp, #112] // 8-byte Folded Reload
+ stp x10, x11, [x16]
+ stp x12, x13, [x16, #16]
+ stp x9, x14, [x16, #32]
+ stp x15, x8, [x16, #48]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end114:
+ .size mcl_fp_mont8L, .Lfunc_end114-mcl_fp_mont8L
+
+ .globl mcl_fp_montNF8L
+ .align 2
+ .type mcl_fp_montNF8L,@function
+mcl_fp_montNF8L: // @mcl_fp_montNF8L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #1424 // =1424
+ mov x20, x3
+ mov x26, x2
+ str x26, [sp, #128] // 8-byte Folded Spill
+ ldur x19, [x20, #-8]
+ str x19, [sp, #136] // 8-byte Folded Spill
+ ldr x9, [x26]
+ mov x27, x1
+ stp x0, x27, [sp, #112]
+ sub x8, x29, #160 // =160
+ mov x0, x27
+ mov x1, x9
+ bl .LmulPv512x64
+ ldur x24, [x29, #-160]
+ ldur x8, [x29, #-96]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldur x8, [x29, #-104]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldur x8, [x29, #-112]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldur x8, [x29, #-120]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldur x8, [x29, #-128]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldur x8, [x29, #-136]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldur x8, [x29, #-144]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldur x8, [x29, #-152]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ mul x1, x24, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv512x64
+ ldur x8, [x29, #-176]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldur x8, [x29, #-184]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldur x8, [x29, #-192]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x19, x28, [x29, #-208]
+ ldp x21, x23, [x29, #-224]
+ ldp x25, x22, [x29, #-240]
+ ldr x1, [x26, #8]
+ add x8, sp, #1184 // =1184
+ mov x0, x27
+ bl .LmulPv512x64
+ cmn x25, x24
+ ldr x8, [sp, #1248]
+ ldr x9, [sp, #1240]
+ ldp x10, x12, [sp, #48]
+ adcs x10, x22, x10
+ ldr x11, [sp, #1232]
+ adcs x12, x21, x12
+ ldr x13, [sp, #1224]
+ ldp x14, x16, [sp, #64]
+ adcs x14, x23, x14
+ ldr x15, [sp, #1216]
+ adcs x16, x19, x16
+ ldr x17, [sp, #1208]
+ ldp x18, x1, [sp, #80]
+ adcs x18, x28, x18
+ ldr x0, [sp, #1192]
+ ldp x2, x4, [sp, #24]
+ adcs x1, x2, x1
+ ldr x2, [sp, #1184]
+ ldp x3, x5, [sp, #96]
+ adcs x3, x4, x3
+ ldr x4, [sp, #1200]
+ ldr x6, [sp, #40] // 8-byte Folded Reload
+ adcs x5, x6, x5
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x27, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x27
+ add x8, sp, #1104 // =1104
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #1168]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #1160]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1152]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1144]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x23, [sp, #1136]
+ ldr x24, [sp, #1128]
+ ldr x25, [sp, #1120]
+ ldr x21, [sp, #1112]
+ ldr x26, [sp, #1104]
+ ldp x22, x28, [sp, #120]
+ ldr x1, [x28, #16]
+ add x8, sp, #1024 // =1024
+ mov x0, x22
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldr x8, [sp, #1088]
+ ldr x9, [sp, #1080]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldr x11, [sp, #1072]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ ldr x13, [sp, #1064]
+ adcs x14, x14, x24
+ ldr x15, [sp, #1056]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ ldr x17, [sp, #1048]
+ ldp x0, x2, [sp, #16]
+ adcs x18, x18, x0
+ ldr x0, [sp, #1032]
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x2
+ ldr x2, [sp, #1024]
+ ldp x4, x6, [sp, #32]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1040]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x27
+ add x8, sp, #944 // =944
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #1008]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #1000]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #992]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #984]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x23, [sp, #976]
+ ldr x24, [sp, #968]
+ ldr x25, [sp, #960]
+ ldr x21, [sp, #952]
+ ldr x26, [sp, #944]
+ ldr x1, [x28, #24]
+ add x8, sp, #864 // =864
+ mov x27, x22
+ mov x0, x27
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldr x8, [sp, #928]
+ ldr x9, [sp, #920]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldr x11, [sp, #912]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ ldr x13, [sp, #904]
+ adcs x14, x14, x24
+ ldr x15, [sp, #896]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ ldr x17, [sp, #888]
+ ldp x0, x2, [sp, #16]
+ adcs x18, x18, x0
+ ldr x0, [sp, #872]
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x2
+ ldr x2, [sp, #864]
+ ldp x4, x6, [sp, #32]
+ adcs x3, x3, x4
+ ldr x4, [sp, #880]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x28, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x28
+ add x8, sp, #784 // =784
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #848]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #840]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #832]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #824]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x23, [sp, #816]
+ ldr x24, [sp, #808]
+ ldr x25, [sp, #800]
+ ldr x21, [sp, #792]
+ ldr x26, [sp, #784]
+ ldr x22, [sp, #128] // 8-byte Folded Reload
+ ldr x1, [x22, #32]
+ add x8, sp, #704 // =704
+ mov x0, x27
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldr x8, [sp, #768]
+ ldr x9, [sp, #760]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldr x11, [sp, #752]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ ldr x13, [sp, #744]
+ adcs x14, x14, x24
+ ldr x15, [sp, #736]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ ldr x17, [sp, #728]
+ ldp x0, x2, [sp, #16]
+ adcs x18, x18, x0
+ ldr x0, [sp, #712]
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x2
+ ldr x2, [sp, #704]
+ ldp x4, x6, [sp, #32]
+ adcs x3, x3, x4
+ ldr x4, [sp, #720]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x28
+ add x8, sp, #624 // =624
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #688]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #680]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #672]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #664]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x23, [sp, #656]
+ ldr x24, [sp, #648]
+ ldr x25, [sp, #640]
+ ldr x21, [sp, #632]
+ ldr x26, [sp, #624]
+ mov x27, x22
+ ldr x1, [x27, #40]
+ add x8, sp, #544 // =544
+ ldr x28, [sp, #120] // 8-byte Folded Reload
+ mov x0, x28
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldr x8, [sp, #608]
+ ldr x9, [sp, #600]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldr x11, [sp, #592]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ ldr x13, [sp, #584]
+ adcs x14, x14, x24
+ ldr x15, [sp, #576]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ ldr x17, [sp, #568]
+ ldp x0, x2, [sp, #16]
+ adcs x18, x18, x0
+ ldr x0, [sp, #552]
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x2
+ ldr x2, [sp, #544]
+ ldp x4, x6, [sp, #32]
+ adcs x3, x3, x4
+ ldr x4, [sp, #560]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x22, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x22
+ add x8, sp, #464 // =464
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #528]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #520]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #512]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x23, x8, [sp, #496]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldp x25, x24, [sp, #480]
+ ldp x26, x21, [sp, #464]
+ ldr x1, [x27, #48]
+ add x8, sp, #384 // =384
+ mov x0, x28
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldp x9, x8, [sp, #440]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldp x13, x11, [sp, #424]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ adcs x14, x14, x24
+ ldp x17, x15, [sp, #408]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ ldp x0, x2, [sp, #16]
+ adcs x18, x18, x0
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x2
+ ldp x2, x0, [sp, #384]
+ ldp x4, x6, [sp, #32]
+ adcs x3, x3, x4
+ ldr x4, [sp, #400]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x10, x12, x0
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x4
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x17
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x15
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x13
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x11
+ adcs x9, x5, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x22
+ add x8, sp, #304 // =304
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x27, x8, [sp, #360]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldp x22, x28, [sp, #344]
+ ldp x24, x23, [sp, #328]
+ ldp x21, x25, [sp, #312]
+ ldr x26, [sp, #304]
+ ldp x0, x8, [sp, #120]
+ ldr x1, [x8, #56]
+ add x8, sp, #224 // =224
+ bl .LmulPv512x64
+ cmn x19, x26
+ ldp x9, x8, [sp, #280]
+ ldp x10, x18, [sp, #48]
+ adcs x10, x10, x21
+ ldp x13, x11, [sp, #264]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x25
+ adcs x14, x14, x24
+ ldp x17, x15, [sp, #248]
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x16, x16, x23
+ adcs x18, x18, x22
+ ldp x2, x0, [sp, #224]
+ ldp x3, x1, [sp, #96]
+ adcs x1, x1, x28
+ adcs x3, x3, x27
+ ldr x4, [sp, #240]
+ ldr x5, [sp, #88] // 8-byte Folded Reload
+ ldr x6, [sp, #40] // 8-byte Folded Reload
+ adcs x5, x5, x6
+ adds x19, x10, x2
+ adcs x21, x12, x0
+ adcs x22, x14, x4
+ adcs x23, x16, x17
+ adcs x24, x18, x15
+ adcs x25, x1, x13
+ adcs x26, x3, x11
+ adcs x27, x5, x9
+ adcs x28, x8, xzr
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ mul x1, x19, x8
+ add x8, sp, #144 // =144
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x15, x8, [sp, #200]
+ ldp x9, x10, [sp, #144]
+ ldp x11, x12, [sp, #160]
+ cmn x19, x9
+ ldp x13, x9, [sp, #176]
+ adcs x10, x21, x10
+ ldr x14, [sp, #192]
+ adcs x11, x22, x11
+ adcs x12, x23, x12
+ adcs x13, x24, x13
+ adcs x9, x25, x9
+ ldp x16, x17, [x20, #48]
+ ldp x18, x0, [x20, #32]
+ ldp x1, x2, [x20, #16]
+ ldp x3, x4, [x20]
+ adcs x14, x26, x14
+ adcs x15, x27, x15
+ adcs x8, x28, x8
+ subs x3, x10, x3
+ sbcs x4, x11, x4
+ sbcs x1, x12, x1
+ sbcs x2, x13, x2
+ sbcs x18, x9, x18
+ sbcs x0, x14, x0
+ sbcs x16, x15, x16
+ sbcs x17, x8, x17
+ cmp x17, #0 // =0
+ csel x10, x10, x3, lt
+ csel x11, x11, x4, lt
+ csel x12, x12, x1, lt
+ csel x13, x13, x2, lt
+ csel x9, x9, x18, lt
+ csel x14, x14, x0, lt
+ csel x15, x15, x16, lt
+ csel x8, x8, x17, lt
+ ldr x16, [sp, #112] // 8-byte Folded Reload
+ stp x10, x11, [x16]
+ stp x12, x13, [x16, #16]
+ stp x9, x14, [x16, #32]
+ stp x15, x8, [x16, #48]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end115:
+ .size mcl_fp_montNF8L, .Lfunc_end115-mcl_fp_montNF8L
+
+ .globl mcl_fp_montRed8L
+ .align 2
+ .type mcl_fp_montRed8L,@function
+mcl_fp_montRed8L: // @mcl_fp_montRed8L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #800 // =800
+ mov x20, x2
+ ldur x9, [x20, #-8]
+ str x9, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [x20, #48]
+ str x8, [sp, #144] // 8-byte Folded Spill
+ ldr x8, [x20, #56]
+ str x8, [sp, #152] // 8-byte Folded Spill
+ ldr x8, [x20, #32]
+ str x8, [sp, #120] // 8-byte Folded Spill
+ ldr x8, [x20, #40]
+ str x8, [sp, #128] // 8-byte Folded Spill
+ ldr x8, [x20, #16]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [x20, #24]
+ str x8, [sp, #112] // 8-byte Folded Spill
+ ldr x8, [x20]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [x20, #8]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [x1, #112]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [x1, #120]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [x1, #96]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldr x8, [x1, #104]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [x1, #80]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [x1, #88]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ ldp x28, x8, [x1, #64]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x22, x25, [x1, #48]
+ ldp x24, x19, [x1, #32]
+ ldp x27, x26, [x1, #16]
+ ldp x21, x23, [x1]
+ str x0, [sp, #136] // 8-byte Folded Spill
+ mul x1, x21, x9
+ sub x8, x29, #160 // =160
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [x29, #-104]
+ ldp x11, x10, [x29, #-120]
+ ldp x16, x12, [x29, #-136]
+ ldp x13, x14, [x29, #-160]
+ ldur x15, [x29, #-144]
+ cmn x21, x13
+ adcs x21, x23, x14
+ adcs x13, x27, x15
+ adcs x26, x26, x16
+ adcs x24, x24, x12
+ adcs x11, x19, x11
+ stp x11, x13, [sp, #8]
+ adcs x22, x22, x10
+ adcs x25, x25, x9
+ adcs x27, x28, x8
+ ldr x8, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x8, xzr
+ ldp x19, x8, [sp, #32]
+ adcs x23, x8, xzr
+ ldr x8, [sp, #48] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #48] // 8-byte Folded Spill
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ adcs x8, xzr, xzr
+ str x8, [sp, #40] // 8-byte Folded Spill
+ mul x1, x21, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [x29, #-184]
+ ldp x11, x10, [x29, #-200]
+ ldp x16, x12, [x29, #-216]
+ ldp x13, x14, [x29, #-240]
+ ldur x15, [x29, #-224]
+ cmn x21, x13
+ ldr x13, [sp, #16] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ adcs x13, x26, x15
+ str x13, [sp, #24] // 8-byte Folded Spill
+ adcs x24, x24, x16
+ ldr x13, [sp, #8] // 8-byte Folded Reload
+ adcs x12, x13, x12
+ str x12, [sp, #16] // 8-byte Folded Spill
+ adcs x22, x22, x11
+ adcs x25, x25, x10
+ adcs x27, x27, x9
+ adcs x28, x28, x8
+ adcs x23, x23, xzr
+ ldr x8, [sp, #48] // 8-byte Folded Reload
+ adcs x26, x8, xzr
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #40] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #48] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #560 // =560
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #624]
+ ldr x9, [sp, #616]
+ ldr x10, [sp, #608]
+ ldr x11, [sp, #600]
+ ldr x12, [sp, #592]
+ ldr x13, [sp, #560]
+ ldr x14, [sp, #568]
+ ldr x15, [sp, #576]
+ ldr x16, [sp, #584]
+ cmn x21, x13
+ ldr x13, [sp, #24] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ adcs x13, x24, x15
+ str x13, [sp, #40] // 8-byte Folded Spill
+ ldr x13, [sp, #16] // 8-byte Folded Reload
+ adcs x13, x13, x16
+ str x13, [sp, #24] // 8-byte Folded Spill
+ adcs x22, x22, x12
+ adcs x25, x25, x11
+ adcs x27, x27, x10
+ adcs x28, x28, x9
+ adcs x23, x23, x8
+ adcs x26, x26, xzr
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x24, x8, xzr
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #48] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #56] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #480 // =480
+ mov x0, x20
+ bl .LmulPv512x64
+ ldr x8, [sp, #544]
+ ldr x9, [sp, #536]
+ ldr x10, [sp, #528]
+ ldr x11, [sp, #520]
+ ldr x12, [sp, #512]
+ ldp x13, x14, [sp, #480]
+ ldp x15, x16, [sp, #496]
+ cmn x21, x13
+ ldr x13, [sp, #40] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ ldr x13, [sp, #24] // 8-byte Folded Reload
+ adcs x13, x13, x15
+ adcs x22, x22, x16
+ adcs x25, x25, x12
+ adcs x27, x27, x11
+ adcs x28, x28, x10
+ adcs x23, x23, x9
+ adcs x26, x26, x8
+ adcs x24, x24, xzr
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ stp x13, x8, [sp, #48]
+ mul x1, x21, x19
+ add x8, sp, #400 // =400
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [sp, #456]
+ ldp x11, x10, [sp, #440]
+ ldp x16, x12, [sp, #424]
+ ldp x13, x14, [sp, #400]
+ ldr x15, [sp, #416]
+ cmn x21, x13
+ ldr x13, [sp, #48] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ adcs x13, x22, x15
+ str x13, [sp, #48] // 8-byte Folded Spill
+ adcs x25, x25, x16
+ adcs x27, x27, x12
+ adcs x28, x28, x11
+ adcs x23, x23, x10
+ adcs x26, x26, x9
+ adcs x24, x24, x8
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x22, x8, xzr
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #320 // =320
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [sp, #376]
+ ldp x11, x10, [sp, #360]
+ ldp x16, x12, [sp, #344]
+ ldp x13, x14, [sp, #320]
+ ldr x15, [sp, #336]
+ cmn x21, x13
+ ldr x13, [sp, #48] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ adcs x13, x25, x15
+ adcs x27, x27, x16
+ adcs x28, x28, x12
+ adcs x23, x23, x11
+ adcs x26, x26, x10
+ adcs x24, x24, x9
+ ldr x9, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x9, x8
+ stp x13, x8, [sp, #56]
+ adcs x22, x22, xzr
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x25, x8, xzr
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #240 // =240
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [sp, #296]
+ ldp x11, x10, [sp, #280]
+ ldp x16, x12, [sp, #264]
+ ldp x13, x14, [sp, #240]
+ ldr x15, [sp, #256]
+ cmn x21, x13
+ ldr x13, [sp, #56] // 8-byte Folded Reload
+ adcs x21, x13, x14
+ adcs x13, x27, x15
+ adcs x28, x28, x16
+ adcs x23, x23, x12
+ adcs x26, x26, x11
+ adcs x24, x24, x10
+ ldr x10, [sp, #64] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ stp x9, x13, [sp, #64]
+ adcs x22, x22, x8
+ adcs x25, x25, xzr
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x27, x8, xzr
+ mul x1, x21, x19
+ add x8, sp, #160 // =160
+ mov x0, x20
+ bl .LmulPv512x64
+ ldp x9, x8, [sp, #216]
+ ldp x11, x10, [sp, #200]
+ ldp x16, x12, [sp, #184]
+ ldp x13, x14, [sp, #160]
+ ldr x15, [sp, #176]
+ cmn x21, x13
+ ldr x13, [sp, #72] // 8-byte Folded Reload
+ adcs x13, x13, x14
+ adcs x14, x28, x15
+ adcs x15, x23, x16
+ adcs x12, x26, x12
+ adcs x11, x24, x11
+ ldr x16, [sp, #64] // 8-byte Folded Reload
+ adcs x10, x16, x10
+ adcs x9, x22, x9
+ adcs x8, x25, x8
+ adcs x16, x27, xzr
+ ldp x17, x18, [sp, #88]
+ subs x17, x13, x17
+ sbcs x18, x14, x18
+ ldp x0, x1, [sp, #104]
+ sbcs x0, x15, x0
+ sbcs x1, x12, x1
+ ldp x2, x3, [sp, #120]
+ sbcs x2, x11, x2
+ sbcs x3, x10, x3
+ ldp x4, x5, [sp, #144]
+ sbcs x4, x9, x4
+ sbcs x5, x8, x5
+ sbcs x16, x16, xzr
+ tst x16, #0x1
+ csel x13, x13, x17, ne
+ csel x14, x14, x18, ne
+ csel x15, x15, x0, ne
+ csel x12, x12, x1, ne
+ csel x11, x11, x2, ne
+ csel x10, x10, x3, ne
+ csel x9, x9, x4, ne
+ csel x8, x8, x5, ne
+ ldr x16, [sp, #136] // 8-byte Folded Reload
+ stp x13, x14, [x16]
+ stp x15, x12, [x16, #16]
+ stp x11, x10, [x16, #32]
+ stp x9, x8, [x16, #48]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end116:
+ .size mcl_fp_montRed8L, .Lfunc_end116-mcl_fp_montRed8L
+
+ .globl mcl_fp_addPre8L
+ .align 2
+ .type mcl_fp_addPre8L,@function
+mcl_fp_addPre8L: // @mcl_fp_addPre8L
+// BB#0:
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x18, x2, [x2]
+ ldp x3, x4, [x1]
+ ldp x5, x1, [x1, #16]
+ adds x18, x18, x3
+ str x18, [x0]
+ adcs x18, x2, x4
+ adcs x16, x16, x5
+ stp x18, x16, [x0, #8]
+ adcs x16, x17, x1
+ adcs x12, x12, x14
+ stp x16, x12, [x0, #24]
+ adcs x12, x13, x15
+ adcs x8, x8, x10
+ stp x12, x8, [x0, #40]
+ adcs x9, x9, x11
+ adcs x8, xzr, xzr
+ str x9, [x0, #56]
+ mov x0, x8
+ ret
+.Lfunc_end117:
+ .size mcl_fp_addPre8L, .Lfunc_end117-mcl_fp_addPre8L
+
+ .globl mcl_fp_subPre8L
+ .align 2
+ .type mcl_fp_subPre8L,@function
+mcl_fp_subPre8L: // @mcl_fp_subPre8L
+// BB#0:
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x18, x2, [x2]
+ ldp x3, x4, [x1]
+ ldp x5, x1, [x1, #16]
+ subs x18, x3, x18
+ str x18, [x0]
+ sbcs x18, x4, x2
+ sbcs x16, x5, x16
+ stp x18, x16, [x0, #8]
+ sbcs x16, x1, x17
+ sbcs x12, x14, x12
+ stp x16, x12, [x0, #24]
+ sbcs x12, x15, x13
+ sbcs x8, x10, x8
+ stp x12, x8, [x0, #40]
+ sbcs x9, x11, x9
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ str x9, [x0, #56]
+ mov x0, x8
+ ret
+.Lfunc_end118:
+ .size mcl_fp_subPre8L, .Lfunc_end118-mcl_fp_subPre8L
+
+ .globl mcl_fp_shr1_8L
+ .align 2
+ .type mcl_fp_shr1_8L,@function
+mcl_fp_shr1_8L: // @mcl_fp_shr1_8L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x1, #16]
+ ldp x14, x15, [x1, #32]
+ extr x8, x9, x8, #1
+ extr x9, x12, x9, #1
+ extr x12, x13, x12, #1
+ extr x13, x14, x13, #1
+ extr x14, x15, x14, #1
+ extr x15, x10, x15, #1
+ extr x10, x11, x10, #1
+ lsr x11, x11, #1
+ stp x8, x9, [x0]
+ stp x12, x13, [x0, #16]
+ stp x14, x15, [x0, #32]
+ stp x10, x11, [x0, #48]
+ ret
+.Lfunc_end119:
+ .size mcl_fp_shr1_8L, .Lfunc_end119-mcl_fp_shr1_8L
+
+ .globl mcl_fp_add8L
+ .align 2
+ .type mcl_fp_add8L,@function
+mcl_fp_add8L: // @mcl_fp_add8L
+// BB#0:
+ stp x22, x21, [sp, #-32]!
+ stp x20, x19, [sp, #16]
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x18, x2, [x2]
+ ldp x4, x5, [x1]
+ ldp x6, x1, [x1, #16]
+ adds x18, x18, x4
+ adcs x2, x2, x5
+ ldp x4, x5, [x3, #48]
+ adcs x16, x16, x6
+ adcs x17, x17, x1
+ ldp x1, x6, [x3, #32]
+ adcs x7, x12, x14
+ adcs x19, x13, x15
+ ldp x12, x13, [x3]
+ stp x18, x2, [x0]
+ stp x16, x17, [x0, #16]
+ stp x7, x19, [x0, #32]
+ adcs x8, x8, x10
+ adcs x20, x9, x11
+ stp x8, x20, [x0, #48]
+ adcs x21, xzr, xzr
+ ldp x9, x10, [x3, #16]
+ subs x15, x18, x12
+ sbcs x14, x2, x13
+ sbcs x13, x16, x9
+ sbcs x12, x17, x10
+ sbcs x11, x7, x1
+ sbcs x10, x19, x6
+ sbcs x9, x8, x4
+ sbcs x8, x20, x5
+ sbcs x16, x21, xzr
+ and w16, w16, #0x1
+ tbnz w16, #0, .LBB120_2
+// BB#1: // %nocarry
+ stp x15, x14, [x0]
+ stp x13, x12, [x0, #16]
+ stp x11, x10, [x0, #32]
+ stp x9, x8, [x0, #48]
+.LBB120_2: // %carry
+ ldp x20, x19, [sp, #16]
+ ldp x22, x21, [sp], #32
+ ret
+.Lfunc_end120:
+ .size mcl_fp_add8L, .Lfunc_end120-mcl_fp_add8L
+
+ .globl mcl_fp_addNF8L
+ .align 2
+ .type mcl_fp_addNF8L,@function
+mcl_fp_addNF8L: // @mcl_fp_addNF8L
+// BB#0:
+ ldp x8, x9, [x1, #48]
+ ldp x10, x11, [x2, #48]
+ ldp x12, x13, [x1, #32]
+ ldp x14, x15, [x2, #32]
+ ldp x16, x17, [x1, #16]
+ ldp x18, x1, [x1]
+ ldp x4, x5, [x2]
+ ldp x6, x2, [x2, #16]
+ adds x18, x4, x18
+ adcs x1, x5, x1
+ ldp x4, x5, [x3, #48]
+ adcs x16, x6, x16
+ adcs x17, x2, x17
+ ldp x2, x6, [x3, #32]
+ adcs x12, x14, x12
+ adcs x13, x15, x13
+ ldp x14, x15, [x3]
+ adcs x8, x10, x8
+ ldp x10, x3, [x3, #16]
+ adcs x9, x11, x9
+ subs x11, x18, x14
+ sbcs x14, x1, x15
+ sbcs x10, x16, x10
+ sbcs x15, x17, x3
+ sbcs x2, x12, x2
+ sbcs x3, x13, x6
+ sbcs x4, x8, x4
+ sbcs x5, x9, x5
+ cmp x5, #0 // =0
+ csel x11, x18, x11, lt
+ csel x14, x1, x14, lt
+ csel x10, x16, x10, lt
+ csel x15, x17, x15, lt
+ csel x12, x12, x2, lt
+ csel x13, x13, x3, lt
+ csel x8, x8, x4, lt
+ csel x9, x9, x5, lt
+ stp x11, x14, [x0]
+ stp x10, x15, [x0, #16]
+ stp x12, x13, [x0, #32]
+ stp x8, x9, [x0, #48]
+ ret
+.Lfunc_end121:
+ .size mcl_fp_addNF8L, .Lfunc_end121-mcl_fp_addNF8L
+
+ .globl mcl_fp_sub8L
+ .align 2
+ .type mcl_fp_sub8L,@function
+mcl_fp_sub8L: // @mcl_fp_sub8L
+// BB#0:
+ ldp x14, x15, [x2, #48]
+ ldp x16, x17, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x18, x4, [x1, #32]
+ ldp x10, x11, [x2, #16]
+ ldp x8, x9, [x2]
+ ldp x2, x5, [x1]
+ ldp x6, x1, [x1, #16]
+ subs x8, x2, x8
+ sbcs x9, x5, x9
+ stp x8, x9, [x0]
+ sbcs x10, x6, x10
+ sbcs x11, x1, x11
+ stp x10, x11, [x0, #16]
+ sbcs x12, x18, x12
+ sbcs x13, x4, x13
+ stp x12, x13, [x0, #32]
+ sbcs x14, x16, x14
+ sbcs x15, x17, x15
+ stp x14, x15, [x0, #48]
+ ngcs x16, xzr
+ and w16, w16, #0x1
+ tbnz w16, #0, .LBB122_2
+// BB#1: // %nocarry
+ ret
+.LBB122_2: // %carry
+ ldp x16, x17, [x3, #48]
+ ldp x18, x1, [x3]
+ ldp x2, x4, [x3, #16]
+ ldp x5, x3, [x3, #32]
+ adds x8, x18, x8
+ adcs x9, x1, x9
+ adcs x10, x2, x10
+ adcs x11, x4, x11
+ adcs x12, x5, x12
+ adcs x13, x3, x13
+ adcs x14, x16, x14
+ adcs x15, x17, x15
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ stp x14, x15, [x0, #48]
+ ret
+.Lfunc_end122:
+ .size mcl_fp_sub8L, .Lfunc_end122-mcl_fp_sub8L
+
+ .globl mcl_fp_subNF8L
+ .align 2
+ .type mcl_fp_subNF8L,@function
+mcl_fp_subNF8L: // @mcl_fp_subNF8L
+// BB#0:
+ ldp x8, x9, [x2, #48]
+ ldp x10, x11, [x1, #48]
+ ldp x12, x13, [x2, #32]
+ ldp x14, x15, [x1, #32]
+ ldp x16, x17, [x2, #16]
+ ldp x18, x2, [x2]
+ ldp x4, x5, [x1]
+ ldp x6, x1, [x1, #16]
+ subs x18, x4, x18
+ sbcs x2, x5, x2
+ ldp x4, x5, [x3, #48]
+ sbcs x16, x6, x16
+ sbcs x17, x1, x17
+ ldp x1, x6, [x3, #32]
+ sbcs x12, x14, x12
+ sbcs x13, x15, x13
+ ldp x14, x15, [x3, #16]
+ sbcs x8, x10, x8
+ ldp x10, x3, [x3]
+ sbcs x9, x11, x9
+ asr x11, x9, #63
+ and x10, x11, x10
+ and x3, x11, x3
+ and x14, x11, x14
+ and x15, x11, x15
+ and x1, x11, x1
+ and x6, x11, x6
+ and x4, x11, x4
+ and x11, x11, x5
+ adds x10, x10, x18
+ str x10, [x0]
+ adcs x10, x3, x2
+ str x10, [x0, #8]
+ adcs x10, x14, x16
+ str x10, [x0, #16]
+ adcs x10, x15, x17
+ str x10, [x0, #24]
+ adcs x10, x1, x12
+ str x10, [x0, #32]
+ adcs x10, x6, x13
+ adcs x8, x4, x8
+ stp x10, x8, [x0, #40]
+ adcs x8, x11, x9
+ str x8, [x0, #56]
+ ret
+.Lfunc_end123:
+ .size mcl_fp_subNF8L, .Lfunc_end123-mcl_fp_subNF8L
+
+ .globl mcl_fpDbl_add8L
+ .align 2
+ .type mcl_fpDbl_add8L,@function
+mcl_fpDbl_add8L: // @mcl_fpDbl_add8L
+// BB#0:
+ ldp x8, x9, [x2, #112]
+ ldp x10, x11, [x1, #112]
+ ldp x12, x13, [x2, #96]
+ ldp x14, x15, [x1, #96]
+ ldp x16, x5, [x2]
+ ldp x17, x6, [x1]
+ ldp x18, x4, [x2, #80]
+ adds x16, x16, x17
+ ldr x17, [x1, #16]
+ str x16, [x0]
+ adcs x16, x5, x6
+ ldp x5, x6, [x2, #16]
+ str x16, [x0, #8]
+ adcs x17, x5, x17
+ ldp x16, x5, [x1, #24]
+ str x17, [x0, #16]
+ adcs x16, x6, x16
+ ldp x17, x6, [x2, #32]
+ str x16, [x0, #24]
+ adcs x17, x17, x5
+ ldp x16, x5, [x1, #40]
+ str x17, [x0, #32]
+ adcs x16, x6, x16
+ ldp x17, x6, [x2, #48]
+ str x16, [x0, #40]
+ ldr x16, [x1, #56]
+ adcs x17, x17, x5
+ ldp x5, x2, [x2, #64]
+ str x17, [x0, #48]
+ adcs x16, x6, x16
+ ldp x17, x6, [x1, #64]
+ str x16, [x0, #56]
+ ldp x16, x1, [x1, #80]
+ adcs x17, x5, x17
+ adcs x2, x2, x6
+ ldp x5, x6, [x3, #48]
+ adcs x16, x18, x16
+ adcs x18, x4, x1
+ ldp x1, x4, [x3, #32]
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ ldp x14, x15, [x3, #16]
+ adcs x8, x8, x10
+ ldp x10, x3, [x3]
+ adcs x9, x9, x11
+ adcs x11, xzr, xzr
+ subs x10, x17, x10
+ sbcs x3, x2, x3
+ sbcs x14, x16, x14
+ sbcs x15, x18, x15
+ sbcs x1, x12, x1
+ sbcs x4, x13, x4
+ sbcs x5, x8, x5
+ sbcs x6, x9, x6
+ sbcs x11, x11, xzr
+ tst x11, #0x1
+ csel x10, x17, x10, ne
+ csel x11, x2, x3, ne
+ csel x14, x16, x14, ne
+ csel x15, x18, x15, ne
+ csel x12, x12, x1, ne
+ csel x13, x13, x4, ne
+ csel x8, x8, x5, ne
+ csel x9, x9, x6, ne
+ stp x10, x11, [x0, #64]
+ stp x14, x15, [x0, #80]
+ stp x12, x13, [x0, #96]
+ stp x8, x9, [x0, #112]
+ ret
+.Lfunc_end124:
+ .size mcl_fpDbl_add8L, .Lfunc_end124-mcl_fpDbl_add8L
+
+ .globl mcl_fpDbl_sub8L
+ .align 2
+ .type mcl_fpDbl_sub8L,@function
+mcl_fpDbl_sub8L: // @mcl_fpDbl_sub8L
+// BB#0:
+ ldp x10, x8, [x2, #112]
+ ldp x11, x9, [x1, #112]
+ ldp x12, x13, [x2, #96]
+ ldp x14, x15, [x1, #96]
+ ldp x16, x5, [x1]
+ ldp x17, x4, [x2]
+ ldr x18, [x1, #80]
+ subs x16, x16, x17
+ ldr x17, [x1, #16]
+ str x16, [x0]
+ sbcs x16, x5, x4
+ ldp x4, x5, [x2, #16]
+ str x16, [x0, #8]
+ sbcs x17, x17, x4
+ ldp x16, x4, [x1, #24]
+ str x17, [x0, #16]
+ sbcs x16, x16, x5
+ ldp x17, x5, [x2, #32]
+ str x16, [x0, #24]
+ sbcs x17, x4, x17
+ ldp x16, x4, [x1, #40]
+ str x17, [x0, #32]
+ sbcs x16, x16, x5
+ ldp x17, x5, [x2, #48]
+ str x16, [x0, #40]
+ sbcs x17, x4, x17
+ ldp x16, x4, [x1, #56]
+ str x17, [x0, #48]
+ sbcs x16, x16, x5
+ ldp x17, x5, [x2, #64]
+ str x16, [x0, #56]
+ ldr x16, [x1, #72]
+ sbcs x17, x4, x17
+ ldp x4, x2, [x2, #80]
+ ldr x1, [x1, #88]
+ sbcs x16, x16, x5
+ sbcs x18, x18, x4
+ ldp x4, x5, [x3, #48]
+ sbcs x1, x1, x2
+ sbcs x12, x14, x12
+ ldp x14, x2, [x3, #32]
+ sbcs x13, x15, x13
+ sbcs x10, x11, x10
+ ldp x11, x15, [x3, #16]
+ sbcs x8, x9, x8
+ ngcs x9, xzr
+ tst x9, #0x1
+ ldp x9, x3, [x3]
+ csel x5, x5, xzr, ne
+ csel x4, x4, xzr, ne
+ csel x2, x2, xzr, ne
+ csel x14, x14, xzr, ne
+ csel x15, x15, xzr, ne
+ csel x11, x11, xzr, ne
+ csel x3, x3, xzr, ne
+ csel x9, x9, xzr, ne
+ adds x9, x9, x17
+ str x9, [x0, #64]
+ adcs x9, x3, x16
+ str x9, [x0, #72]
+ adcs x9, x11, x18
+ str x9, [x0, #80]
+ adcs x9, x15, x1
+ str x9, [x0, #88]
+ adcs x9, x14, x12
+ str x9, [x0, #96]
+ adcs x9, x2, x13
+ str x9, [x0, #104]
+ adcs x9, x4, x10
+ adcs x8, x5, x8
+ stp x9, x8, [x0, #112]
+ ret
+.Lfunc_end125:
+ .size mcl_fpDbl_sub8L, .Lfunc_end125-mcl_fpDbl_sub8L
+
+ .align 2
+ .type .LmulPv576x64,@function
+.LmulPv576x64: // @mulPv576x64
+// BB#0:
+ ldr x9, [x0]
+ mul x10, x9, x1
+ str x10, [x8]
+ ldr x10, [x0, #8]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adds x9, x9, x11
+ str x9, [x8, #8]
+ ldr x9, [x0, #16]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #16]
+ ldr x10, [x0, #24]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #24]
+ ldr x9, [x0, #32]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #32]
+ ldr x10, [x0, #40]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #40]
+ ldr x9, [x0, #48]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ adcs x10, x10, x11
+ str x10, [x8, #48]
+ ldr x10, [x0, #56]
+ umulh x9, x9, x1
+ mul x11, x10, x1
+ adcs x9, x9, x11
+ str x9, [x8, #56]
+ ldr x9, [x0, #64]
+ umulh x10, x10, x1
+ mul x11, x9, x1
+ umulh x9, x9, x1
+ adcs x10, x10, x11
+ adcs x9, x9, xzr
+ stp x10, x9, [x8, #64]
+ ret
+.Lfunc_end126:
+ .size .LmulPv576x64, .Lfunc_end126-.LmulPv576x64
+
+ .globl mcl_fp_mulUnitPre9L
+ .align 2
+ .type mcl_fp_mulUnitPre9L,@function
+mcl_fp_mulUnitPre9L: // @mcl_fp_mulUnitPre9L
+// BB#0:
+ stp x20, x19, [sp, #-32]!
+ stp x29, x30, [sp, #16]
+ add x29, sp, #16 // =16
+ sub sp, sp, #80 // =80
+ mov x19, x0
+ mov x8, sp
+ mov x0, x1
+ mov x1, x2
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #64]
+ ldp x11, x10, [sp, #48]
+ ldp x13, x12, [sp, #32]
+ ldp x14, x15, [sp]
+ ldp x16, x17, [sp, #16]
+ stp x14, x15, [x19]
+ stp x16, x17, [x19, #16]
+ stp x13, x12, [x19, #32]
+ stp x11, x10, [x19, #48]
+ stp x9, x8, [x19, #64]
+ sub sp, x29, #16 // =16
+ ldp x29, x30, [sp, #16]
+ ldp x20, x19, [sp], #32
+ ret
+.Lfunc_end127:
+ .size mcl_fp_mulUnitPre9L, .Lfunc_end127-mcl_fp_mulUnitPre9L
+
+ .globl mcl_fpDbl_mulPre9L
+ .align 2
+ .type mcl_fpDbl_mulPre9L,@function
+mcl_fpDbl_mulPre9L: // @mcl_fpDbl_mulPre9L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #752 // =752
+ mov x21, x2
+ ldr x9, [x21]
+ mov x20, x1
+ mov x19, x0
+ sub x8, x29, #160 // =160
+ mov x0, x20
+ mov x1, x9
+ bl .LmulPv576x64
+ ldur x8, [x29, #-88]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldur x8, [x29, #-96]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldp x25, x24, [x29, #-112]
+ ldp x27, x26, [x29, #-128]
+ ldp x22, x28, [x29, #-144]
+ ldp x8, x23, [x29, #-160]
+ ldr x1, [x21, #8]
+ str x8, [x19]
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [x29, #-176]
+ ldp x11, x10, [x29, #-192]
+ ldp x13, x12, [x29, #-208]
+ ldp x14, x16, [x29, #-240]
+ ldp x17, x15, [x29, #-224]
+ adds x14, x14, x23
+ str x14, [x19, #8]
+ adcs x22, x16, x22
+ adcs x23, x17, x28
+ adcs x27, x15, x27
+ adcs x26, x13, x26
+ adcs x25, x12, x25
+ adcs x24, x11, x24
+ ldr x1, [x21, #16]
+ ldr x11, [sp, #16] // 8-byte Folded Reload
+ adcs x28, x10, x11
+ ldr x10, [sp, #24] // 8-byte Folded Reload
+ adcs x9, x9, x10
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #512 // =512
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #584]
+ ldr x9, [sp, #576]
+ ldr x10, [sp, #568]
+ ldr x11, [sp, #560]
+ ldr x12, [sp, #552]
+ ldr x13, [sp, #544]
+ ldr x14, [sp, #512]
+ ldr x15, [sp, #536]
+ ldr x16, [sp, #520]
+ ldr x17, [sp, #528]
+ adds x14, x22, x14
+ str x14, [x19, #16]
+ adcs x22, x23, x16
+ adcs x23, x27, x17
+ adcs x26, x26, x15
+ adcs x25, x25, x13
+ adcs x24, x24, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #24]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #432 // =432
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #496]
+ ldp x11, x10, [sp, #480]
+ ldp x13, x12, [sp, #464]
+ ldp x14, x16, [sp, #432]
+ ldp x17, x15, [sp, #448]
+ adds x14, x22, x14
+ str x14, [x19, #24]
+ adcs x22, x23, x16
+ adcs x23, x26, x17
+ adcs x25, x25, x15
+ adcs x24, x24, x13
+ adcs x26, x27, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #32]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #352 // =352
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #416]
+ ldp x11, x10, [sp, #400]
+ ldp x13, x12, [sp, #384]
+ ldp x14, x16, [sp, #352]
+ ldp x17, x15, [sp, #368]
+ adds x14, x22, x14
+ str x14, [x19, #32]
+ adcs x22, x23, x16
+ adcs x23, x25, x17
+ adcs x24, x24, x15
+ adcs x25, x26, x13
+ adcs x26, x27, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #40]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #272 // =272
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #336]
+ ldp x11, x10, [sp, #320]
+ ldp x13, x12, [sp, #304]
+ ldp x14, x16, [sp, #272]
+ ldp x17, x15, [sp, #288]
+ adds x14, x22, x14
+ str x14, [x19, #40]
+ adcs x22, x23, x16
+ adcs x23, x24, x17
+ adcs x24, x25, x15
+ adcs x25, x26, x13
+ adcs x26, x27, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #48]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #192 // =192
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #256]
+ ldp x11, x10, [sp, #240]
+ ldp x13, x12, [sp, #224]
+ ldp x14, x16, [sp, #192]
+ ldp x17, x15, [sp, #208]
+ adds x14, x22, x14
+ str x14, [x19, #48]
+ adcs x22, x23, x16
+ adcs x23, x24, x17
+ adcs x24, x25, x15
+ adcs x25, x26, x13
+ adcs x26, x27, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #56]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x28, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x8, x9, [sp, #16]
+ add x8, sp, #112 // =112
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #176]
+ ldp x11, x10, [sp, #160]
+ ldp x13, x12, [sp, #144]
+ ldp x14, x16, [sp, #112]
+ ldp x17, x15, [sp, #128]
+ adds x14, x22, x14
+ str x14, [x19, #56]
+ adcs x22, x23, x16
+ adcs x23, x24, x17
+ adcs x24, x25, x15
+ adcs x25, x26, x13
+ adcs x26, x27, x12
+ adcs x27, x28, x11
+ ldr x1, [x21, #64]
+ ldr x11, [sp, #24] // 8-byte Folded Reload
+ adcs x21, x11, x10
+ ldr x10, [sp, #16] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #24] // 8-byte Folded Spill
+ add x8, sp, #32 // =32
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #96]
+ ldp x11, x10, [sp, #80]
+ ldp x13, x12, [sp, #64]
+ ldp x14, x16, [sp, #32]
+ ldp x17, x15, [sp, #48]
+ adds x14, x22, x14
+ str x14, [x19, #64]
+ adcs x14, x23, x16
+ str x14, [x19, #72]
+ adcs x14, x24, x17
+ str x14, [x19, #80]
+ adcs x14, x25, x15
+ adcs x13, x26, x13
+ stp x14, x13, [x19, #88]
+ adcs x12, x27, x12
+ adcs x11, x21, x11
+ stp x12, x11, [x19, #104]
+ adcs x10, x28, x10
+ str x10, [x19, #120]
+ ldr x10, [sp, #24] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x9, x8, [x19, #128]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end128:
+ .size mcl_fpDbl_mulPre9L, .Lfunc_end128-mcl_fpDbl_mulPre9L
+
+ .globl mcl_fpDbl_sqrPre9L
+ .align 2
+ .type mcl_fpDbl_sqrPre9L,@function
+mcl_fpDbl_sqrPre9L: // @mcl_fpDbl_sqrPre9L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #736 // =736
+ mov x20, x1
+ ldr x1, [x20]
+ mov x19, x0
+ sub x8, x29, #160 // =160
+ mov x0, x20
+ bl .LmulPv576x64
+ ldur x8, [x29, #-88]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldp x23, x22, [x29, #-104]
+ ldp x25, x24, [x29, #-120]
+ ldp x27, x26, [x29, #-136]
+ ldp x21, x28, [x29, #-152]
+ ldur x8, [x29, #-160]
+ ldr x1, [x20, #8]
+ str x8, [x19]
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [x29, #-176]
+ ldp x11, x10, [x29, #-192]
+ ldp x13, x12, [x29, #-208]
+ ldp x14, x16, [x29, #-240]
+ ldp x17, x15, [x29, #-224]
+ adds x14, x14, x21
+ str x14, [x19, #8]
+ adcs x21, x16, x28
+ adcs x27, x17, x27
+ adcs x26, x15, x26
+ adcs x25, x13, x25
+ adcs x24, x12, x24
+ adcs x23, x11, x23
+ ldr x1, [x20, #16]
+ adcs x22, x10, x22
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x9, x10
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #496 // =496
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #568]
+ ldr x9, [sp, #560]
+ ldr x10, [sp, #552]
+ ldr x11, [sp, #544]
+ ldr x12, [sp, #536]
+ ldr x13, [sp, #528]
+ ldp x14, x16, [sp, #496]
+ ldr x15, [sp, #520]
+ ldr x17, [sp, #512]
+ adds x14, x21, x14
+ str x14, [x19, #16]
+ adcs x21, x27, x16
+ adcs x26, x26, x17
+ adcs x25, x25, x15
+ adcs x24, x24, x13
+ adcs x23, x23, x12
+ adcs x22, x22, x11
+ ldr x1, [x20, #24]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #416 // =416
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #480]
+ ldp x11, x10, [sp, #464]
+ ldp x13, x12, [sp, #448]
+ ldp x14, x16, [sp, #416]
+ ldp x17, x15, [sp, #432]
+ adds x14, x21, x14
+ str x14, [x19, #24]
+ adcs x21, x26, x16
+ adcs x25, x25, x17
+ adcs x24, x24, x15
+ adcs x23, x23, x13
+ adcs x22, x22, x12
+ adcs x26, x27, x11
+ ldr x1, [x20, #32]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #336 // =336
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #400]
+ ldp x11, x10, [sp, #384]
+ ldp x13, x12, [sp, #368]
+ ldp x14, x16, [sp, #336]
+ ldp x17, x15, [sp, #352]
+ adds x14, x21, x14
+ str x14, [x19, #32]
+ adcs x21, x25, x16
+ adcs x24, x24, x17
+ adcs x23, x23, x15
+ adcs x22, x22, x13
+ adcs x25, x26, x12
+ adcs x26, x27, x11
+ ldr x1, [x20, #40]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #256 // =256
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #320]
+ ldp x11, x10, [sp, #304]
+ ldp x13, x12, [sp, #288]
+ ldp x14, x16, [sp, #256]
+ ldp x17, x15, [sp, #272]
+ adds x14, x21, x14
+ str x14, [x19, #40]
+ adcs x21, x24, x16
+ adcs x23, x23, x17
+ adcs x22, x22, x15
+ adcs x24, x25, x13
+ adcs x25, x26, x12
+ adcs x26, x27, x11
+ ldr x1, [x20, #48]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #176 // =176
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #240]
+ ldp x11, x10, [sp, #224]
+ ldp x13, x12, [sp, #208]
+ ldp x14, x16, [sp, #176]
+ ldp x17, x15, [sp, #192]
+ adds x14, x21, x14
+ str x14, [x19, #48]
+ adcs x21, x23, x16
+ adcs x22, x22, x17
+ adcs x23, x24, x15
+ adcs x24, x25, x13
+ adcs x25, x26, x12
+ adcs x26, x27, x11
+ ldr x1, [x20, #56]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #96 // =96
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #160]
+ ldp x11, x10, [sp, #144]
+ ldp x13, x12, [sp, #128]
+ ldp x14, x16, [sp, #96]
+ ldp x17, x15, [sp, #112]
+ adds x14, x21, x14
+ str x14, [x19, #56]
+ adcs x21, x22, x16
+ adcs x22, x23, x17
+ adcs x23, x24, x15
+ adcs x24, x25, x13
+ adcs x25, x26, x12
+ adcs x26, x27, x11
+ ldr x1, [x20, #64]
+ adcs x27, x28, x10
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x28, x10, x9
+ adcs x8, x8, xzr
+ str x8, [sp, #8] // 8-byte Folded Spill
+ add x8, sp, #16 // =16
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #80]
+ ldp x11, x10, [sp, #64]
+ ldp x13, x12, [sp, #48]
+ ldp x14, x16, [sp, #16]
+ ldp x17, x15, [sp, #32]
+ adds x14, x21, x14
+ str x14, [x19, #64]
+ adcs x14, x22, x16
+ str x14, [x19, #72]
+ adcs x14, x23, x17
+ str x14, [x19, #80]
+ adcs x14, x24, x15
+ adcs x13, x25, x13
+ stp x14, x13, [x19, #88]
+ adcs x12, x26, x12
+ adcs x11, x27, x11
+ stp x12, x11, [x19, #104]
+ adcs x10, x28, x10
+ str x10, [x19, #120]
+ ldr x10, [sp, #8] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ adcs x8, x8, xzr
+ stp x9, x8, [x19, #128]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end129:
+ .size mcl_fpDbl_sqrPre9L, .Lfunc_end129-mcl_fpDbl_sqrPre9L
+
+ .globl mcl_fp_mont9L
+ .align 2
+ .type mcl_fp_mont9L,@function
+mcl_fp_mont9L: // @mcl_fp_mont9L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #1600 // =1600
+ mov x20, x3
+ mov x28, x2
+ str x28, [sp, #136] // 8-byte Folded Spill
+ ldur x19, [x20, #-8]
+ str x19, [sp, #144] // 8-byte Folded Spill
+ ldr x9, [x28]
+ mov x23, x1
+ str x23, [sp, #152] // 8-byte Folded Spill
+ str x0, [sp, #128] // 8-byte Folded Spill
+ sub x8, x29, #160 // =160
+ mov x0, x23
+ mov x1, x9
+ bl .LmulPv576x64
+ ldur x24, [x29, #-160]
+ ldur x8, [x29, #-88]
+ str x8, [sp, #120] // 8-byte Folded Spill
+ ldur x8, [x29, #-96]
+ str x8, [sp, #112] // 8-byte Folded Spill
+ ldur x8, [x29, #-104]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldur x8, [x29, #-112]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldur x8, [x29, #-120]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldur x8, [x29, #-128]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldur x8, [x29, #-136]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldur x8, [x29, #-144]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldur x8, [x29, #-152]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ mul x1, x24, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv576x64
+ ldur x8, [x29, #-168]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldur x8, [x29, #-176]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldur x8, [x29, #-184]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldur x8, [x29, #-192]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x21, x19, [x29, #-208]
+ ldp x26, x22, [x29, #-224]
+ ldp x27, x25, [x29, #-240]
+ ldr x1, [x28, #8]
+ add x8, sp, #1360 // =1360
+ mov x0, x23
+ bl .LmulPv576x64
+ cmn x27, x24
+ ldr x8, [sp, #1432]
+ ldr x9, [sp, #1424]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x25, x10
+ ldr x11, [sp, #1416]
+ ldp x12, x14, [sp, #64]
+ adcs x12, x26, x12
+ ldr x13, [sp, #1408]
+ adcs x14, x22, x14
+ ldr x15, [sp, #1400]
+ ldp x16, x18, [sp, #80]
+ adcs x16, x21, x16
+ ldr x17, [sp, #1392]
+ adcs x18, x19, x18
+ ldr x0, [sp, #1384]
+ ldp x1, x3, [sp, #96]
+ ldp x2, x4, [sp, #24]
+ adcs x1, x2, x1
+ ldr x2, [sp, #1376]
+ adcs x3, x4, x3
+ ldr x4, [sp, #1360]
+ ldp x5, x7, [sp, #112]
+ ldr x6, [sp, #40] // 8-byte Folded Reload
+ adcs x5, x6, x5
+ ldr x6, [sp, #1368]
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x7, x19, x7
+ adcs x19, xzr, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ ldr x24, [sp, #144] // 8-byte Folded Reload
+ mul x1, x21, x24
+ add x8, sp, #1280 // =1280
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1352]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #1344]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1336]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1328]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #1320]
+ ldr x27, [sp, #1312]
+ ldr x28, [sp, #1304]
+ ldr x22, [sp, #1296]
+ ldr x19, [sp, #1288]
+ ldr x23, [sp, #1280]
+ ldr x25, [sp, #136] // 8-byte Folded Reload
+ ldr x1, [x25, #16]
+ add x8, sp, #1200 // =1200
+ ldr x0, [sp, #152] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldr x8, [sp, #1272]
+ ldr x9, [sp, #1264]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldr x11, [sp, #1256]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ ldr x13, [sp, #1248]
+ adcs x14, x14, x28
+ ldr x15, [sp, #1240]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ ldr x17, [sp, #1232]
+ adcs x18, x18, x26
+ ldr x0, [sp, #1224]
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #1216]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1200]
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldr x6, [sp, #1208]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ mul x1, x21, x24
+ add x8, sp, #1120 // =1120
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1192]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #1184]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1176]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1168]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #1160]
+ ldr x27, [sp, #1152]
+ ldr x28, [sp, #1144]
+ ldr x22, [sp, #1136]
+ ldr x19, [sp, #1128]
+ ldr x23, [sp, #1120]
+ ldr x1, [x25, #24]
+ add x8, sp, #1040 // =1040
+ ldr x24, [sp, #152] // 8-byte Folded Reload
+ mov x0, x24
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldr x8, [sp, #1112]
+ ldr x9, [sp, #1104]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldr x11, [sp, #1096]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ ldr x13, [sp, #1088]
+ adcs x14, x14, x28
+ ldr x15, [sp, #1080]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ ldr x17, [sp, #1072]
+ adcs x18, x18, x26
+ ldr x0, [sp, #1064]
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #1056]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1040]
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldr x6, [sp, #1048]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ ldr x8, [sp, #144] // 8-byte Folded Reload
+ mul x1, x21, x8
+ add x8, sp, #960 // =960
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1032]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #1024]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1016]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1008]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #1000]
+ ldr x27, [sp, #992]
+ ldr x28, [sp, #984]
+ ldr x22, [sp, #976]
+ ldr x19, [sp, #968]
+ ldr x23, [sp, #960]
+ ldr x1, [x25, #32]
+ add x8, sp, #880 // =880
+ mov x0, x24
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldr x8, [sp, #952]
+ ldr x9, [sp, #944]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldr x11, [sp, #936]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ ldr x13, [sp, #928]
+ adcs x14, x14, x28
+ ldr x15, [sp, #920]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ ldr x17, [sp, #912]
+ adcs x18, x18, x26
+ ldr x0, [sp, #904]
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #896]
+ adcs x3, x3, x4
+ ldr x4, [sp, #880]
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldr x6, [sp, #888]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ ldr x25, [sp, #144] // 8-byte Folded Reload
+ mul x1, x21, x25
+ add x8, sp, #800 // =800
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #872]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #864]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #856]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #848]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #840]
+ ldr x27, [sp, #832]
+ ldr x28, [sp, #824]
+ ldr x22, [sp, #816]
+ ldr x19, [sp, #808]
+ ldr x23, [sp, #800]
+ ldr x24, [sp, #136] // 8-byte Folded Reload
+ ldr x1, [x24, #40]
+ add x8, sp, #720 // =720
+ ldr x0, [sp, #152] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldr x8, [sp, #792]
+ ldr x9, [sp, #784]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldr x11, [sp, #776]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ ldr x13, [sp, #768]
+ adcs x14, x14, x28
+ ldr x15, [sp, #760]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ ldr x17, [sp, #752]
+ adcs x18, x18, x26
+ ldr x0, [sp, #744]
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #736]
+ adcs x3, x3, x4
+ ldr x4, [sp, #720]
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldr x6, [sp, #728]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ mul x1, x21, x25
+ add x8, sp, #640 // =640
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #712]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #704]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #696]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #688]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #680]
+ ldr x27, [sp, #672]
+ ldr x28, [sp, #664]
+ ldr x22, [sp, #656]
+ ldr x19, [sp, #648]
+ ldr x23, [sp, #640]
+ ldr x1, [x24, #48]
+ add x8, sp, #560 // =560
+ ldr x25, [sp, #152] // 8-byte Folded Reload
+ mov x0, x25
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldr x8, [sp, #632]
+ ldr x9, [sp, #624]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldr x11, [sp, #616]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ ldr x13, [sp, #608]
+ adcs x14, x14, x28
+ ldr x15, [sp, #600]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ ldr x17, [sp, #592]
+ adcs x18, x18, x26
+ ldr x0, [sp, #584]
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldr x2, [sp, #576]
+ adcs x3, x3, x4
+ ldr x4, [sp, #560]
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldr x6, [sp, #568]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ ldr x24, [sp, #144] // 8-byte Folded Reload
+ mul x1, x21, x24
+ add x8, sp, #480 // =480
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #552]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [sp, #544]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #536]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #528]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x26, [sp, #520]
+ ldr x27, [sp, #512]
+ ldp x22, x28, [sp, #496]
+ ldp x23, x19, [sp, #480]
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ ldr x1, [x8, #56]
+ add x8, sp, #400 // =400
+ mov x0, x25
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldp x9, x8, [sp, #464]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldp x13, x11, [sp, #448]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ adcs x14, x14, x28
+ ldp x17, x15, [sp, #432]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ adcs x18, x18, x26
+ ldp x3, x1, [sp, #64]
+ ldp x2, x4, [sp, #16]
+ adcs x1, x1, x2
+ ldp x2, x0, [sp, #416]
+ adcs x3, x3, x4
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldp x4, x6, [sp, #400]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x10, x12, x6
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x14, x2
+ str x10, [sp, #104] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #96] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #88] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ adcs x8, x19, x8
+ stp x8, x9, [sp, #112]
+ adcs x8, xzr, xzr
+ stp x8, x10, [sp, #56]
+ mul x1, x21, x24
+ add x8, sp, #320 // =320
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #392]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldp x24, x8, [sp, #376]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldp x26, x25, [sp, #360]
+ ldp x28, x27, [sp, #344]
+ ldp x19, x22, [sp, #328]
+ ldr x23, [sp, #320]
+ ldr x8, [sp, #136] // 8-byte Folded Reload
+ ldr x1, [x8, #64]
+ add x8, sp, #240 // =240
+ ldr x0, [sp, #152] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x21, x23
+ ldp x9, x8, [sp, #304]
+ ldr x10, [sp, #48] // 8-byte Folded Reload
+ adcs x10, x10, x19
+ ldp x13, x11, [sp, #288]
+ ldp x14, x12, [sp, #96]
+ adcs x12, x12, x22
+ adcs x14, x14, x28
+ ldp x17, x15, [sp, #272]
+ ldp x18, x16, [sp, #80]
+ adcs x16, x16, x27
+ adcs x18, x18, x26
+ ldp x2, x0, [sp, #256]
+ ldp x3, x1, [sp, #64]
+ adcs x1, x1, x25
+ adcs x3, x3, x24
+ ldp x7, x5, [sp, #112]
+ ldp x6, x19, [sp, #32]
+ adcs x5, x5, x6
+ ldp x4, x6, [sp, #240]
+ adcs x7, x7, x19
+ ldr x19, [sp, #56] // 8-byte Folded Reload
+ adcs x19, x19, xzr
+ adds x21, x10, x4
+ adcs x22, x12, x6
+ adcs x23, x14, x2
+ adcs x24, x16, x0
+ adcs x25, x18, x17
+ adcs x26, x1, x15
+ adcs x27, x3, x13
+ adcs x10, x5, x11
+ str x10, [sp, #152] // 8-byte Folded Spill
+ adcs x9, x7, x9
+ str x9, [sp, #136] // 8-byte Folded Spill
+ adcs x19, x19, x8
+ adcs x28, xzr, xzr
+ ldr x8, [sp, #144] // 8-byte Folded Reload
+ mul x1, x21, x8
+ add x8, sp, #160 // =160
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x16, x8, [sp, #224]
+ ldp x9, x10, [sp, #160]
+ ldp x11, x12, [sp, #176]
+ cmn x21, x9
+ ldp x13, x9, [sp, #192]
+ adcs x10, x22, x10
+ ldp x14, x15, [sp, #208]
+ adcs x11, x23, x11
+ adcs x12, x24, x12
+ adcs x13, x25, x13
+ adcs x9, x26, x9
+ adcs x14, x27, x14
+ ldp x0, x17, [x20, #56]
+ ldp x2, x18, [x20, #40]
+ ldp x4, x1, [x20, #24]
+ ldp x6, x3, [x20, #8]
+ ldr x5, [x20]
+ ldr x7, [sp, #152] // 8-byte Folded Reload
+ adcs x15, x7, x15
+ ldr x7, [sp, #136] // 8-byte Folded Reload
+ adcs x16, x7, x16
+ adcs x8, x19, x8
+ adcs x7, x28, xzr
+ subs x5, x10, x5
+ sbcs x6, x11, x6
+ sbcs x3, x12, x3
+ sbcs x4, x13, x4
+ sbcs x1, x9, x1
+ sbcs x2, x14, x2
+ sbcs x18, x15, x18
+ sbcs x0, x16, x0
+ sbcs x17, x8, x17
+ sbcs x7, x7, xzr
+ tst x7, #0x1
+ csel x10, x10, x5, ne
+ csel x11, x11, x6, ne
+ csel x12, x12, x3, ne
+ csel x13, x13, x4, ne
+ csel x9, x9, x1, ne
+ csel x14, x14, x2, ne
+ csel x15, x15, x18, ne
+ csel x16, x16, x0, ne
+ csel x8, x8, x17, ne
+ ldr x17, [sp, #128] // 8-byte Folded Reload
+ stp x10, x11, [x17]
+ stp x12, x13, [x17, #16]
+ stp x9, x14, [x17, #32]
+ stp x15, x16, [x17, #48]
+ str x8, [x17, #64]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end130:
+ .size mcl_fp_mont9L, .Lfunc_end130-mcl_fp_mont9L
+
+ .globl mcl_fp_montNF9L
+ .align 2
+ .type mcl_fp_montNF9L,@function
+mcl_fp_montNF9L: // @mcl_fp_montNF9L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #1584 // =1584
+ mov x20, x3
+ mov x28, x2
+ str x28, [sp, #120] // 8-byte Folded Spill
+ ldur x19, [x20, #-8]
+ str x19, [sp, #128] // 8-byte Folded Spill
+ ldr x9, [x28]
+ mov x23, x1
+ str x23, [sp, #136] // 8-byte Folded Spill
+ str x0, [sp, #112] // 8-byte Folded Spill
+ sub x8, x29, #160 // =160
+ mov x0, x23
+ mov x1, x9
+ bl .LmulPv576x64
+ ldur x24, [x29, #-160]
+ ldur x8, [x29, #-88]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldur x8, [x29, #-96]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldur x8, [x29, #-104]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldur x8, [x29, #-112]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldur x8, [x29, #-120]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldur x8, [x29, #-128]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldur x8, [x29, #-136]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldur x8, [x29, #-144]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ ldur x8, [x29, #-152]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ mul x1, x24, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv576x64
+ ldur x8, [x29, #-168]
+ str x8, [sp, #40] // 8-byte Folded Spill
+ ldur x8, [x29, #-176]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldur x8, [x29, #-184]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldur x8, [x29, #-192]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldp x21, x19, [x29, #-208]
+ ldp x26, x22, [x29, #-224]
+ ldp x27, x25, [x29, #-240]
+ ldr x1, [x28, #8]
+ add x8, sp, #1344 // =1344
+ mov x0, x23
+ bl .LmulPv576x64
+ cmn x27, x24
+ ldr x8, [sp, #1416]
+ ldr x9, [sp, #1408]
+ ldr x10, [sp, #32] // 8-byte Folded Reload
+ adcs x10, x25, x10
+ ldr x11, [sp, #1400]
+ ldp x12, x14, [sp, #48]
+ adcs x12, x26, x12
+ ldr x13, [sp, #1392]
+ adcs x14, x22, x14
+ ldr x15, [sp, #1384]
+ ldp x16, x18, [sp, #64]
+ adcs x16, x21, x16
+ ldr x17, [sp, #1376]
+ adcs x18, x19, x18
+ ldr x0, [sp, #1368]
+ ldp x1, x3, [sp, #80]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x2, x1
+ ldr x2, [sp, #1352]
+ adcs x3, x4, x3
+ ldr x4, [sp, #1344]
+ ldp x5, x7, [sp, #96]
+ ldr x6, [sp, #24] // 8-byte Folded Reload
+ adcs x5, x6, x5
+ ldr x6, [sp, #1360]
+ ldr x19, [sp, #40] // 8-byte Folded Reload
+ adcs x7, x19, x7
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x22, [sp, #128] // 8-byte Folded Reload
+ mul x1, x19, x22
+ add x8, sp, #1264 // =1264
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1336]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1328]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1320]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #1312]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x24, [sp, #1304]
+ ldr x25, [sp, #1296]
+ ldr x26, [sp, #1288]
+ ldr x21, [sp, #1280]
+ ldr x27, [sp, #1272]
+ ldr x28, [sp, #1264]
+ ldr x23, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x23, #16]
+ add x8, sp, #1184 // =1184
+ ldr x0, [sp, #136] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldr x8, [sp, #1256]
+ ldr x9, [sp, #1248]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldr x11, [sp, #1240]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ ldr x13, [sp, #1232]
+ adcs x14, x14, x26
+ ldr x15, [sp, #1224]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ ldr x17, [sp, #1216]
+ adcs x18, x18, x24
+ ldr x0, [sp, #1208]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldr x2, [sp, #1192]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1184]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldr x6, [sp, #1200]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x22
+ add x8, sp, #1104 // =1104
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1176]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1168]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1160]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #1152]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x24, [sp, #1144]
+ ldr x25, [sp, #1136]
+ ldr x26, [sp, #1128]
+ ldr x21, [sp, #1120]
+ ldr x27, [sp, #1112]
+ ldr x28, [sp, #1104]
+ ldr x1, [x23, #24]
+ add x8, sp, #1024 // =1024
+ ldr x22, [sp, #136] // 8-byte Folded Reload
+ mov x0, x22
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldr x8, [sp, #1096]
+ ldr x9, [sp, #1088]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldr x11, [sp, #1080]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ ldr x13, [sp, #1072]
+ adcs x14, x14, x26
+ ldr x15, [sp, #1064]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ ldr x17, [sp, #1056]
+ adcs x18, x18, x24
+ ldr x0, [sp, #1048]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldr x2, [sp, #1032]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #1024]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldr x6, [sp, #1040]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #128] // 8-byte Folded Reload
+ mul x1, x19, x8
+ add x8, sp, #944 // =944
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #1016]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #1008]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #1000]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #992]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x24, [sp, #984]
+ ldr x25, [sp, #976]
+ ldr x26, [sp, #968]
+ ldr x21, [sp, #960]
+ ldr x27, [sp, #952]
+ ldr x28, [sp, #944]
+ ldr x1, [x23, #32]
+ add x8, sp, #864 // =864
+ mov x0, x22
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldr x8, [sp, #936]
+ ldr x9, [sp, #928]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldr x11, [sp, #920]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ ldr x13, [sp, #912]
+ adcs x14, x14, x26
+ ldr x15, [sp, #904]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ ldr x17, [sp, #896]
+ adcs x18, x18, x24
+ ldr x0, [sp, #888]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldr x2, [sp, #872]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #864]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldr x6, [sp, #880]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x23, [sp, #128] // 8-byte Folded Reload
+ mul x1, x19, x23
+ add x8, sp, #784 // =784
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #856]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #848]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #840]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #832]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x24, [sp, #824]
+ ldr x25, [sp, #816]
+ ldr x26, [sp, #808]
+ ldr x21, [sp, #800]
+ ldr x27, [sp, #792]
+ ldr x28, [sp, #784]
+ ldr x22, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x22, #40]
+ add x8, sp, #704 // =704
+ ldr x0, [sp, #136] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldr x8, [sp, #776]
+ ldr x9, [sp, #768]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldr x11, [sp, #760]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ ldr x13, [sp, #752]
+ adcs x14, x14, x26
+ ldr x15, [sp, #744]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ ldr x17, [sp, #736]
+ adcs x18, x18, x24
+ ldr x0, [sp, #728]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldr x2, [sp, #712]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #704]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldr x6, [sp, #720]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x23
+ add x8, sp, #624 // =624
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #696]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #688]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #680]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #672]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldr x24, [sp, #664]
+ ldr x25, [sp, #656]
+ ldr x26, [sp, #648]
+ ldr x21, [sp, #640]
+ ldr x27, [sp, #632]
+ ldr x28, [sp, #624]
+ ldr x1, [x22, #48]
+ add x8, sp, #544 // =544
+ ldr x23, [sp, #136] // 8-byte Folded Reload
+ mov x0, x23
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldr x8, [sp, #616]
+ ldr x9, [sp, #608]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldr x11, [sp, #600]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ ldr x13, [sp, #592]
+ adcs x14, x14, x26
+ ldr x15, [sp, #584]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ ldr x17, [sp, #576]
+ adcs x18, x18, x24
+ ldr x0, [sp, #568]
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldr x2, [sp, #552]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldr x4, [sp, #544]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldr x6, [sp, #560]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x22, [sp, #128] // 8-byte Folded Reload
+ mul x1, x19, x22
+ add x8, sp, #464 // =464
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #536]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldr x8, [sp, #528]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldr x8, [sp, #520]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldr x8, [sp, #512]
+ str x8, [sp, #8] // 8-byte Folded Spill
+ ldp x25, x24, [sp, #496]
+ ldp x21, x26, [sp, #480]
+ ldp x28, x27, [sp, #464]
+ ldr x8, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x8, #56]
+ add x8, sp, #384 // =384
+ mov x0, x23
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldp x9, x8, [sp, #448]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldp x13, x11, [sp, #432]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ adcs x14, x14, x26
+ ldp x17, x15, [sp, #416]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ adcs x18, x18, x24
+ ldp x2, x4, [sp, #8]
+ adcs x1, x1, x2
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x4
+ ldp x4, x2, [sp, #384]
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldp x6, x0, [sp, #400]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x10, x12, x2
+ str x10, [sp, #40] // 8-byte Folded Spill
+ adcs x10, x14, x6
+ str x10, [sp, #80] // 8-byte Folded Spill
+ adcs x10, x16, x0
+ str x10, [sp, #72] // 8-byte Folded Spill
+ adcs x10, x18, x17
+ str x10, [sp, #64] // 8-byte Folded Spill
+ adcs x10, x1, x15
+ str x10, [sp, #56] // 8-byte Folded Spill
+ adcs x10, x3, x13
+ str x10, [sp, #48] // 8-byte Folded Spill
+ adcs x10, x5, x11
+ adcs x9, x7, x9
+ stp x9, x10, [sp, #96]
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ mul x1, x19, x22
+ add x8, sp, #304 // =304
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #376]
+ str x8, [sp, #32] // 8-byte Folded Spill
+ ldp x22, x8, [sp, #360]
+ str x8, [sp, #24] // 8-byte Folded Spill
+ ldp x24, x23, [sp, #344]
+ ldp x26, x25, [sp, #328]
+ ldp x27, x21, [sp, #312]
+ ldr x28, [sp, #304]
+ ldr x8, [sp, #120] // 8-byte Folded Reload
+ ldr x1, [x8, #64]
+ add x8, sp, #224 // =224
+ ldr x0, [sp, #136] // 8-byte Folded Reload
+ bl .LmulPv576x64
+ cmn x19, x28
+ ldp x9, x8, [sp, #288]
+ ldp x10, x1, [sp, #40]
+ adcs x10, x10, x27
+ ldp x13, x11, [sp, #272]
+ ldp x14, x12, [sp, #72]
+ adcs x12, x12, x21
+ adcs x14, x14, x26
+ ldp x17, x15, [sp, #256]
+ ldp x18, x16, [sp, #56]
+ adcs x16, x16, x25
+ adcs x18, x18, x24
+ adcs x1, x1, x23
+ ldp x4, x2, [sp, #224]
+ ldp x5, x3, [sp, #96]
+ adcs x3, x3, x22
+ ldp x6, x19, [sp, #24]
+ adcs x5, x5, x6
+ ldp x6, x0, [sp, #240]
+ ldr x7, [sp, #88] // 8-byte Folded Reload
+ adcs x7, x7, x19
+ adds x19, x10, x4
+ adcs x21, x12, x2
+ adcs x22, x14, x6
+ adcs x23, x16, x0
+ adcs x24, x18, x17
+ adcs x25, x1, x15
+ adcs x26, x3, x13
+ adcs x10, x5, x11
+ str x10, [sp, #136] // 8-byte Folded Spill
+ adcs x28, x7, x9
+ adcs x27, x8, xzr
+ ldr x8, [sp, #128] // 8-byte Folded Reload
+ mul x1, x19, x8
+ add x8, sp, #144 // =144
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x16, x8, [sp, #208]
+ ldp x9, x10, [sp, #144]
+ ldp x11, x12, [sp, #160]
+ cmn x19, x9
+ ldp x13, x9, [sp, #176]
+ adcs x10, x21, x10
+ ldp x14, x15, [sp, #192]
+ adcs x11, x22, x11
+ adcs x12, x23, x12
+ adcs x13, x24, x13
+ adcs x9, x25, x9
+ adcs x14, x26, x14
+ ldp x0, x17, [x20, #56]
+ ldp x2, x18, [x20, #40]
+ ldp x4, x1, [x20, #24]
+ ldp x6, x3, [x20, #8]
+ ldr x5, [x20]
+ ldr x7, [sp, #136] // 8-byte Folded Reload
+ adcs x15, x7, x15
+ adcs x16, x28, x16
+ adcs x8, x27, x8
+ subs x5, x10, x5
+ sbcs x6, x11, x6
+ sbcs x3, x12, x3
+ sbcs x4, x13, x4
+ sbcs x1, x9, x1
+ sbcs x2, x14, x2
+ sbcs x18, x15, x18
+ sbcs x0, x16, x0
+ sbcs x17, x8, x17
+ asr x7, x17, #63
+ cmp x7, #0 // =0
+ csel x10, x10, x5, lt
+ csel x11, x11, x6, lt
+ csel x12, x12, x3, lt
+ csel x13, x13, x4, lt
+ csel x9, x9, x1, lt
+ csel x14, x14, x2, lt
+ csel x15, x15, x18, lt
+ csel x16, x16, x0, lt
+ csel x8, x8, x17, lt
+ ldr x17, [sp, #112] // 8-byte Folded Reload
+ stp x10, x11, [x17]
+ stp x12, x13, [x17, #16]
+ stp x9, x14, [x17, #32]
+ stp x15, x16, [x17, #48]
+ str x8, [x17, #64]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end131:
+ .size mcl_fp_montNF9L, .Lfunc_end131-mcl_fp_montNF9L
+
+ .globl mcl_fp_montRed9L
+ .align 2
+ .type mcl_fp_montRed9L,@function
+mcl_fp_montRed9L: // @mcl_fp_montRed9L
+// BB#0:
+ stp x28, x27, [sp, #-96]!
+ stp x26, x25, [sp, #16]
+ stp x24, x23, [sp, #32]
+ stp x22, x21, [sp, #48]
+ stp x20, x19, [sp, #64]
+ stp x29, x30, [sp, #80]
+ add x29, sp, #80 // =80
+ sub sp, sp, #912 // =912
+ mov x20, x2
+ ldur x9, [x20, #-8]
+ str x9, [sp, #40] // 8-byte Folded Spill
+ ldr x8, [x20, #64]
+ str x8, [sp, #184] // 8-byte Folded Spill
+ ldr x8, [x20, #48]
+ str x8, [sp, #168] // 8-byte Folded Spill
+ ldr x8, [x20, #56]
+ str x8, [sp, #176] // 8-byte Folded Spill
+ ldr x8, [x20, #32]
+ str x8, [sp, #144] // 8-byte Folded Spill
+ ldr x8, [x20, #40]
+ str x8, [sp, #152] // 8-byte Folded Spill
+ ldr x8, [x20, #16]
+ str x8, [sp, #128] // 8-byte Folded Spill
+ ldr x8, [x20, #24]
+ str x8, [sp, #136] // 8-byte Folded Spill
+ ldr x8, [x20]
+ str x8, [sp, #112] // 8-byte Folded Spill
+ ldr x8, [x20, #8]
+ str x8, [sp, #120] // 8-byte Folded Spill
+ ldr x8, [x1, #128]
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [x1, #136]
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [x1, #112]
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [x1, #120]
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [x1, #96]
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [x1, #104]
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [x1, #80]
+ str x8, [sp, #48] // 8-byte Folded Spill
+ ldr x8, [x1, #88]
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldp x23, x8, [x1, #64]
+ str x8, [sp, #16] // 8-byte Folded Spill
+ ldp x25, x19, [x1, #48]
+ ldp x28, x27, [x1, #32]
+ ldp x22, x24, [x1, #16]
+ ldp x21, x26, [x1]
+ str x0, [sp, #160] // 8-byte Folded Spill
+ mul x1, x21, x9
+ sub x8, x29, #160 // =160
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [x29, #-96]
+ ldp x11, x10, [x29, #-112]
+ ldp x13, x12, [x29, #-128]
+ ldp x14, x15, [x29, #-160]
+ ldp x16, x17, [x29, #-144]
+ cmn x21, x14
+ adcs x21, x26, x15
+ adcs x14, x22, x16
+ adcs x24, x24, x17
+ adcs x26, x28, x13
+ adcs x27, x27, x12
+ adcs x25, x25, x11
+ adcs x10, x19, x10
+ stp x10, x14, [sp, #24]
+ adcs x23, x23, x9
+ ldr x9, [sp, #16] // 8-byte Folded Reload
+ adcs x28, x9, x8
+ ldr x8, [sp, #48] // 8-byte Folded Reload
+ adcs x22, x8, xzr
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #56] // 8-byte Folded Spill
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ adcs x8, xzr, xzr
+ str x8, [sp, #48] // 8-byte Folded Spill
+ ldr x19, [sp, #40] // 8-byte Folded Reload
+ mul x1, x21, x19
+ sub x8, x29, #240 // =240
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [x29, #-176]
+ ldp x11, x10, [x29, #-192]
+ ldp x13, x12, [x29, #-208]
+ ldp x14, x15, [x29, #-240]
+ ldp x16, x17, [x29, #-224]
+ cmn x21, x14
+ ldr x14, [sp, #32] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x24, x16
+ adcs x26, x26, x17
+ adcs x27, x27, x13
+ adcs x25, x25, x12
+ ldr x12, [sp, #24] // 8-byte Folded Reload
+ adcs x11, x12, x11
+ stp x11, x14, [sp, #24]
+ adcs x23, x23, x10
+ adcs x28, x28, x9
+ adcs x22, x22, x8
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x24, x8, xzr
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #48] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #56] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #672 // =672
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #744]
+ ldr x9, [sp, #736]
+ ldr x10, [sp, #728]
+ ldr x11, [sp, #720]
+ ldr x12, [sp, #712]
+ ldr x13, [sp, #704]
+ ldr x14, [sp, #672]
+ ldr x15, [sp, #680]
+ ldr x16, [sp, #688]
+ ldr x17, [sp, #696]
+ cmn x21, x14
+ ldr x14, [sp, #32] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x26, x16
+ str x14, [sp, #48] // 8-byte Folded Spill
+ adcs x27, x27, x17
+ adcs x25, x25, x13
+ ldr x13, [sp, #24] // 8-byte Folded Reload
+ adcs x12, x13, x12
+ str x12, [sp, #32] // 8-byte Folded Spill
+ adcs x23, x23, x11
+ adcs x28, x28, x10
+ adcs x22, x22, x9
+ adcs x24, x24, x8
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x26, x8, xzr
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #56] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #64] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #592 // =592
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #664]
+ ldr x9, [sp, #656]
+ ldr x10, [sp, #648]
+ ldr x11, [sp, #640]
+ ldr x12, [sp, #632]
+ ldr x13, [sp, #624]
+ ldr x14, [sp, #592]
+ ldr x15, [sp, #600]
+ ldr x16, [sp, #608]
+ ldr x17, [sp, #616]
+ cmn x21, x14
+ ldr x14, [sp, #48] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x27, x16
+ str x14, [sp, #56] // 8-byte Folded Spill
+ adcs x25, x25, x17
+ ldr x14, [sp, #32] // 8-byte Folded Reload
+ adcs x13, x14, x13
+ str x13, [sp, #48] // 8-byte Folded Spill
+ adcs x23, x23, x12
+ adcs x28, x28, x11
+ adcs x22, x22, x10
+ adcs x24, x24, x9
+ adcs x26, x26, x8
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x27, x8, xzr
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #64] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #72] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #512 // =512
+ mov x0, x20
+ bl .LmulPv576x64
+ ldr x8, [sp, #584]
+ ldr x9, [sp, #576]
+ ldr x10, [sp, #568]
+ ldr x11, [sp, #560]
+ ldr x12, [sp, #552]
+ ldr x13, [sp, #544]
+ ldr x14, [sp, #512]
+ ldr x15, [sp, #520]
+ ldr x16, [sp, #528]
+ ldr x17, [sp, #536]
+ cmn x21, x14
+ ldr x14, [sp, #56] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x25, x16
+ str x14, [sp, #64] // 8-byte Folded Spill
+ ldr x14, [sp, #48] // 8-byte Folded Reload
+ adcs x14, x14, x17
+ str x14, [sp, #56] // 8-byte Folded Spill
+ adcs x23, x23, x13
+ adcs x28, x28, x12
+ adcs x22, x22, x11
+ adcs x24, x24, x10
+ adcs x26, x26, x9
+ adcs x27, x27, x8
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x25, x8, xzr
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #72] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #80] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #432 // =432
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #496]
+ ldp x11, x10, [sp, #480]
+ ldp x13, x12, [sp, #464]
+ ldp x14, x15, [sp, #432]
+ ldp x16, x17, [sp, #448]
+ cmn x21, x14
+ ldr x14, [sp, #64] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ ldr x14, [sp, #56] // 8-byte Folded Reload
+ adcs x14, x14, x16
+ adcs x23, x23, x17
+ adcs x28, x28, x13
+ adcs x22, x22, x12
+ adcs x24, x24, x11
+ adcs x26, x26, x10
+ adcs x27, x27, x9
+ adcs x25, x25, x8
+ ldr x8, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ stp x14, x8, [sp, #72]
+ mul x1, x21, x19
+ add x8, sp, #352 // =352
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #416]
+ ldp x11, x10, [sp, #400]
+ ldp x13, x12, [sp, #384]
+ ldp x14, x15, [sp, #352]
+ ldp x16, x17, [sp, #368]
+ cmn x21, x14
+ ldr x14, [sp, #72] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x23, x16
+ str x14, [sp, #72] // 8-byte Folded Spill
+ adcs x28, x28, x17
+ adcs x22, x22, x13
+ adcs x24, x24, x12
+ adcs x26, x26, x11
+ adcs x27, x27, x10
+ adcs x25, x25, x9
+ ldr x9, [sp, #88] // 8-byte Folded Reload
+ adcs x8, x9, x8
+ str x8, [sp, #88] // 8-byte Folded Spill
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x23, x8, xzr
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ ldr x8, [sp, #80] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #96] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #272 // =272
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #336]
+ ldp x11, x10, [sp, #320]
+ ldp x13, x12, [sp, #304]
+ ldp x14, x15, [sp, #272]
+ ldp x16, x17, [sp, #288]
+ cmn x21, x14
+ ldr x14, [sp, #72] // 8-byte Folded Reload
+ adcs x21, x14, x15
+ adcs x14, x28, x16
+ adcs x22, x22, x17
+ adcs x24, x24, x13
+ adcs x26, x26, x12
+ adcs x27, x27, x11
+ adcs x25, x25, x10
+ ldr x10, [sp, #88] // 8-byte Folded Reload
+ adcs x9, x10, x9
+ stp x14, x9, [sp, #80]
+ adcs x23, x23, x8
+ ldr x8, [sp, #104] // 8-byte Folded Reload
+ adcs x28, x8, xzr
+ ldr x8, [sp, #96] // 8-byte Folded Reload
+ adcs x8, x8, xzr
+ str x8, [sp, #104] // 8-byte Folded Spill
+ mul x1, x21, x19
+ add x8, sp, #192 // =192
+ mov x0, x20
+ bl .LmulPv576x64
+ ldp x9, x8, [sp, #256]
+ ldp x11, x10, [sp, #240]
+ ldp x13, x12, [sp, #224]
+ ldp x14, x15, [sp, #192]
+ ldp x16, x17, [sp, #208]
+ cmn x21, x14
+ ldr x14, [sp, #80] // 8-byte Folded Reload
+ adcs x14, x14, x15
+ adcs x15, x22, x16
+ adcs x16, x24, x17
+ adcs x13, x26, x13
+ adcs x12, x27, x12
+ adcs x11, x25, x11
+ ldr x17, [sp, #88] // 8-byte Folded Reload
+ adcs x10, x17, x10
+ adcs x9, x23, x9
+ adcs x8, x28, x8
+ ldp x17, x18, [sp, #104]
+ adcs x17, x17, xzr
+ subs x18, x14, x18
+ ldp x0, x1, [sp, #120]
+ sbcs x0, x15, x0
+ sbcs x1, x16, x1
+ ldp x2, x3, [sp, #136]
+ sbcs x2, x13, x2
+ sbcs x3, x12, x3
+ ldr x4, [sp, #152] // 8-byte Folded Reload
+ sbcs x4, x11, x4
+ ldp x5, x6, [sp, #168]
+ sbcs x5, x10, x5
+ sbcs x6, x9, x6
+ ldr x7, [sp, #184] // 8-byte Folded Reload
+ sbcs x7, x8, x7
+ sbcs x17, x17, xzr
+ tst x17, #0x1
+ csel x14, x14, x18, ne
+ csel x15, x15, x0, ne
+ csel x16, x16, x1, ne
+ csel x13, x13, x2, ne
+ csel x12, x12, x3, ne
+ csel x11, x11, x4, ne
+ csel x10, x10, x5, ne
+ csel x9, x9, x6, ne
+ csel x8, x8, x7, ne
+ ldr x17, [sp, #160] // 8-byte Folded Reload
+ stp x14, x15, [x17]
+ stp x16, x13, [x17, #16]
+ stp x12, x11, [x17, #32]
+ stp x10, x9, [x17, #48]
+ str x8, [x17, #64]
+ sub sp, x29, #80 // =80
+ ldp x29, x30, [sp, #80]
+ ldp x20, x19, [sp, #64]
+ ldp x22, x21, [sp, #48]
+ ldp x24, x23, [sp, #32]
+ ldp x26, x25, [sp, #16]
+ ldp x28, x27, [sp], #96
+ ret
+.Lfunc_end132:
+ .size mcl_fp_montRed9L, .Lfunc_end132-mcl_fp_montRed9L
+
+ .globl mcl_fp_addPre9L
+ .align 2
+ .type mcl_fp_addPre9L,@function
+mcl_fp_addPre9L: // @mcl_fp_addPre9L
+// BB#0:
+ ldp x11, x8, [x2, #56]
+ ldp x13, x9, [x1, #56]
+ ldp x15, x10, [x2, #40]
+ ldp x17, x12, [x1, #40]
+ ldp x3, x14, [x2, #24]
+ ldr x4, [x2]
+ ldp x2, x18, [x2, #8]
+ ldp x5, x6, [x1]
+ ldr x7, [x1, #16]
+ ldp x1, x16, [x1, #24]
+ adds x4, x4, x5
+ adcs x2, x2, x6
+ stp x4, x2, [x0]
+ adcs x18, x18, x7
+ str x18, [x0, #16]
+ adcs x18, x3, x1
+ adcs x14, x14, x16
+ stp x18, x14, [x0, #24]
+ adcs x14, x15, x17
+ adcs x10, x10, x12
+ stp x14, x10, [x0, #40]
+ adcs x10, x11, x13
+ adcs x9, x8, x9
+ adcs x8, xzr, xzr
+ stp x10, x9, [x0, #56]
+ mov x0, x8
+ ret
+.Lfunc_end133:
+ .size mcl_fp_addPre9L, .Lfunc_end133-mcl_fp_addPre9L
+
+ .globl mcl_fp_subPre9L
+ .align 2
+ .type mcl_fp_subPre9L,@function
+mcl_fp_subPre9L: // @mcl_fp_subPre9L
+// BB#0:
+ ldp x11, x8, [x2, #56]
+ ldp x13, x9, [x1, #56]
+ ldp x15, x10, [x2, #40]
+ ldp x17, x12, [x1, #40]
+ ldp x3, x14, [x2, #24]
+ ldr x4, [x2]
+ ldp x2, x18, [x2, #8]
+ ldp x5, x6, [x1]
+ ldr x7, [x1, #16]
+ ldp x1, x16, [x1, #24]
+ subs x4, x5, x4
+ sbcs x2, x6, x2
+ stp x4, x2, [x0]
+ sbcs x18, x7, x18
+ str x18, [x0, #16]
+ sbcs x18, x1, x3
+ sbcs x14, x16, x14
+ stp x18, x14, [x0, #24]
+ sbcs x14, x17, x15
+ sbcs x10, x12, x10
+ stp x14, x10, [x0, #40]
+ sbcs x10, x13, x11
+ sbcs x9, x9, x8
+ ngcs x8, xzr
+ and x8, x8, #0x1
+ stp x10, x9, [x0, #56]
+ mov x0, x8
+ ret
+.Lfunc_end134:
+ .size mcl_fp_subPre9L, .Lfunc_end134-mcl_fp_subPre9L
+
+ .globl mcl_fp_shr1_9L
+ .align 2
+ .type mcl_fp_shr1_9L,@function
+mcl_fp_shr1_9L: // @mcl_fp_shr1_9L
+// BB#0:
+ ldp x8, x9, [x1]
+ ldp x12, x10, [x1, #56]
+ ldp x16, x11, [x1, #40]
+ ldp x13, x14, [x1, #16]
+ ldr x15, [x1, #32]
+ extr x8, x9, x8, #1
+ extr x9, x13, x9, #1
+ extr x13, x14, x13, #1
+ extr x14, x15, x14, #1
+ extr x15, x16, x15, #1
+ extr x16, x11, x16, #1
+ extr x11, x12, x11, #1
+ extr x12, x10, x12, #1
+ lsr x10, x10, #1
+ stp x8, x9, [x0]
+ stp x13, x14, [x0, #16]
+ stp x15, x16, [x0, #32]
+ stp x11, x12, [x0, #48]
+ str x10, [x0, #64]
+ ret
+.Lfunc_end135:
+ .size mcl_fp_shr1_9L, .Lfunc_end135-mcl_fp_shr1_9L
+
+ .globl mcl_fp_add9L
+ .align 2
+ .type mcl_fp_add9L,@function
+mcl_fp_add9L: // @mcl_fp_add9L
+// BB#0:
+ stp x24, x23, [sp, #-48]!
+ stp x22, x21, [sp, #16]
+ stp x20, x19, [sp, #32]
+ ldp x11, x8, [x2, #56]
+ ldp x13, x9, [x1, #56]
+ ldp x15, x10, [x2, #40]
+ ldp x17, x12, [x1, #40]
+ ldp x4, x14, [x2, #24]
+ ldr x5, [x2]
+ ldp x2, x18, [x2, #8]
+ ldp x6, x7, [x1]
+ ldr x19, [x1, #16]
+ ldp x1, x16, [x1, #24]
+ adds x5, x5, x6
+ adcs x2, x2, x7
+ adcs x18, x18, x19
+ ldp x21, x7, [x3, #40]
+ ldp x19, x6, [x3, #56]
+ adcs x1, x4, x1
+ adcs x4, x14, x16
+ ldr x20, [x3, #32]
+ adcs x17, x15, x17
+ adcs x10, x10, x12
+ ldp x12, x14, [x3]
+ stp x5, x2, [x0]
+ stp x18, x1, [x0, #16]
+ stp x4, x17, [x0, #32]
+ adcs x22, x11, x13
+ stp x10, x22, [x0, #48]
+ adcs x8, x8, x9
+ str x8, [x0, #64]
+ adcs x23, xzr, xzr
+ ldp x9, x11, [x3, #16]
+ subs x16, x5, x12
+ sbcs x15, x2, x14
+ sbcs x14, x18, x9
+ sbcs x13, x1, x11
+ sbcs x12, x4, x20
+ sbcs x11, x17, x21
+ sbcs x10, x10, x7
+ sbcs x9, x22, x19
+ sbcs x8, x8, x6
+ sbcs x17, x23, xzr
+ and w17, w17, #0x1
+ tbnz w17, #0, .LBB136_2
+// BB#1: // %nocarry
+ stp x16, x15, [x0]
+ stp x14, x13, [x0, #16]
+ stp x12, x11, [x0, #32]
+ stp x10, x9, [x0, #48]
+ str x8, [x0, #64]
+.LBB136_2: // %carry
+ ldp x20, x19, [sp, #32]
+ ldp x22, x21, [sp, #16]
+ ldp x24, x23, [sp], #48
+ ret
+.Lfunc_end136:
+ .size mcl_fp_add9L, .Lfunc_end136-mcl_fp_add9L
+
+ .globl mcl_fp_addNF9L
+ .align 2
+ .type mcl_fp_addNF9L,@function
+mcl_fp_addNF9L: // @mcl_fp_addNF9L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x11, x8, [x1, #56]
+ ldp x13, x9, [x2, #56]
+ ldp x15, x10, [x1, #40]
+ ldp x17, x12, [x2, #40]
+ ldp x4, x14, [x1, #24]
+ ldr x5, [x1]
+ ldp x1, x18, [x1, #8]
+ ldp x6, x7, [x2]
+ ldr x19, [x2, #16]
+ ldp x2, x16, [x2, #24]
+ adds x5, x6, x5
+ adcs x1, x7, x1
+ adcs x18, x19, x18
+ ldp x19, x6, [x3, #56]
+ adcs x2, x2, x4
+ adcs x14, x16, x14
+ ldp x4, x7, [x3, #40]
+ adcs x15, x17, x15
+ adcs x10, x12, x10
+ ldp x12, x17, [x3]
+ adcs x11, x13, x11
+ ldr x13, [x3, #16]
+ ldp x3, x16, [x3, #24]
+ adcs x8, x9, x8
+ subs x9, x5, x12
+ sbcs x12, x1, x17
+ sbcs x13, x18, x13
+ sbcs x17, x2, x3
+ sbcs x16, x14, x16
+ sbcs x3, x15, x4
+ sbcs x4, x10, x7
+ sbcs x7, x11, x19
+ sbcs x6, x8, x6
+ asr x19, x6, #63
+ cmp x19, #0 // =0
+ csel x9, x5, x9, lt
+ csel x12, x1, x12, lt
+ csel x13, x18, x13, lt
+ csel x17, x2, x17, lt
+ csel x14, x14, x16, lt
+ csel x15, x15, x3, lt
+ csel x10, x10, x4, lt
+ csel x11, x11, x7, lt
+ csel x8, x8, x6, lt
+ stp x9, x12, [x0]
+ stp x13, x17, [x0, #16]
+ stp x14, x15, [x0, #32]
+ stp x10, x11, [x0, #48]
+ str x8, [x0, #64]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end137:
+ .size mcl_fp_addNF9L, .Lfunc_end137-mcl_fp_addNF9L
+
+ .globl mcl_fp_sub9L
+ .align 2
+ .type mcl_fp_sub9L,@function
+mcl_fp_sub9L: // @mcl_fp_sub9L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x15, x16, [x2, #56]
+ ldp x4, x17, [x1, #56]
+ ldp x13, x14, [x2, #40]
+ ldp x6, x18, [x1, #40]
+ ldp x11, x12, [x2, #24]
+ ldp x9, x10, [x2, #8]
+ ldr x8, [x2]
+ ldp x2, x7, [x1]
+ ldr x19, [x1, #16]
+ ldp x1, x5, [x1, #24]
+ subs x8, x2, x8
+ sbcs x9, x7, x9
+ stp x8, x9, [x0]
+ sbcs x10, x19, x10
+ sbcs x11, x1, x11
+ stp x10, x11, [x0, #16]
+ sbcs x12, x5, x12
+ sbcs x13, x6, x13
+ stp x12, x13, [x0, #32]
+ sbcs x14, x18, x14
+ sbcs x15, x4, x15
+ stp x14, x15, [x0, #48]
+ sbcs x16, x17, x16
+ str x16, [x0, #64]
+ ngcs x17, xzr
+ and w17, w17, #0x1
+ tbnz w17, #0, .LBB138_2
+// BB#1: // %nocarry
+ ldp x20, x19, [sp], #16
+ ret
+.LBB138_2: // %carry
+ ldp x18, x1, [x3]
+ ldp x2, x4, [x3, #16]
+ ldp x5, x6, [x3, #32]
+ adds x8, x18, x8
+ adcs x9, x1, x9
+ ldr x18, [x3, #48]
+ ldp x1, x17, [x3, #56]
+ adcs x10, x2, x10
+ adcs x11, x4, x11
+ adcs x12, x5, x12
+ adcs x13, x6, x13
+ adcs x14, x18, x14
+ adcs x15, x1, x15
+ adcs x16, x17, x16
+ stp x8, x9, [x0]
+ stp x10, x11, [x0, #16]
+ stp x12, x13, [x0, #32]
+ stp x14, x15, [x0, #48]
+ str x16, [x0, #64]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end138:
+ .size mcl_fp_sub9L, .Lfunc_end138-mcl_fp_sub9L
+
+ .globl mcl_fp_subNF9L
+ .align 2
+ .type mcl_fp_subNF9L,@function
+mcl_fp_subNF9L: // @mcl_fp_subNF9L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x11, x8, [x2, #56]
+ ldp x13, x9, [x1, #56]
+ ldp x15, x10, [x2, #40]
+ ldp x17, x12, [x1, #40]
+ ldp x4, x14, [x2, #24]
+ ldr x5, [x2]
+ ldp x2, x18, [x2, #8]
+ ldp x6, x7, [x1]
+ ldr x19, [x1, #16]
+ ldp x1, x16, [x1, #24]
+ subs x5, x6, x5
+ sbcs x2, x7, x2
+ sbcs x18, x19, x18
+ ldp x19, x6, [x3, #56]
+ sbcs x1, x1, x4
+ sbcs x14, x16, x14
+ ldp x4, x7, [x3, #40]
+ sbcs x15, x17, x15
+ sbcs x10, x12, x10
+ ldp x12, x17, [x3]
+ sbcs x11, x13, x11
+ sbcs x8, x9, x8
+ asr x9, x8, #63
+ extr x13, x9, x8, #63
+ and x12, x13, x12
+ ldr x13, [x3, #16]
+ ldp x3, x16, [x3, #24]
+ and x19, x9, x19
+ and x6, x9, x6
+ ror x9, x9, #63
+ and x17, x9, x17
+ and x13, x9, x13
+ and x3, x9, x3
+ and x16, x9, x16
+ and x4, x9, x4
+ and x9, x9, x7
+ adds x12, x12, x5
+ str x12, [x0]
+ adcs x12, x17, x2
+ str x12, [x0, #8]
+ adcs x12, x13, x18
+ str x12, [x0, #16]
+ adcs x12, x3, x1
+ str x12, [x0, #24]
+ adcs x12, x16, x14
+ str x12, [x0, #32]
+ adcs x12, x4, x15
+ adcs x9, x9, x10
+ stp x12, x9, [x0, #40]
+ adcs x9, x19, x11
+ adcs x8, x6, x8
+ stp x9, x8, [x0, #56]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end139:
+ .size mcl_fp_subNF9L, .Lfunc_end139-mcl_fp_subNF9L
+
+ .globl mcl_fpDbl_add9L
+ .align 2
+ .type mcl_fpDbl_add9L,@function
+mcl_fpDbl_add9L: // @mcl_fpDbl_add9L
+// BB#0:
+ stp x20, x19, [sp, #-16]!
+ ldp x10, x8, [x2, #128]
+ ldp x11, x9, [x1, #128]
+ ldp x12, x13, [x2, #112]
+ ldp x14, x15, [x1, #112]
+ ldp x16, x17, [x2, #96]
+ ldp x18, x4, [x2]
+ ldp x5, x6, [x1]
+ ldp x7, x19, [x2, #16]
+ adds x18, x18, x5
+ adcs x4, x4, x6
+ ldp x5, x6, [x1, #16]
+ str x18, [x0]
+ adcs x18, x7, x5
+ ldp x5, x7, [x1, #96]
+ str x4, [x0, #8]
+ ldr x4, [x1, #32]
+ str x18, [x0, #16]
+ adcs x18, x19, x6
+ ldp x6, x19, [x2, #32]
+ str x18, [x0, #24]
+ adcs x4, x6, x4
+ ldp x18, x6, [x1, #40]
+ str x4, [x0, #32]
+ adcs x18, x19, x18
+ ldp x4, x19, [x2, #48]
+ str x18, [x0, #40]
+ adcs x4, x4, x6
+ ldp x18, x6, [x1, #56]
+ str x4, [x0, #48]
+ adcs x18, x19, x18
+ ldp x4, x19, [x2, #64]
+ str x18, [x0, #56]
+ ldr x18, [x1, #72]
+ adcs x4, x4, x6
+ ldp x6, x2, [x2, #80]
+ str x4, [x0, #64]
+ ldp x4, x1, [x1, #80]
+ adcs x18, x19, x18
+ adcs x4, x6, x4
+ adcs x1, x2, x1
+ ldp x6, x19, [x3, #56]
+ adcs x16, x16, x5
+ adcs x17, x17, x7
+ ldp x7, x2, [x3, #40]
+ adcs x12, x12, x14
+ adcs x13, x13, x15
+ ldp x15, x5, [x3, #24]
+ adcs x10, x10, x11
+ ldr x11, [x3]
+ ldp x3, x14, [x3, #8]
+ adcs x8, x8, x9
+ adcs x9, xzr, xzr
+ subs x11, x18, x11
+ sbcs x3, x4, x3
+ sbcs x14, x1, x14
+ sbcs x15, x16, x15
+ sbcs x5, x17, x5
+ sbcs x7, x12, x7
+ sbcs x2, x13, x2
+ sbcs x6, x10, x6
+ sbcs x19, x8, x19
+ sbcs x9, x9, xzr
+ tst x9, #0x1
+ csel x9, x18, x11, ne
+ csel x11, x4, x3, ne
+ csel x14, x1, x14, ne
+ csel x15, x16, x15, ne
+ csel x16, x17, x5, ne
+ csel x12, x12, x7, ne
+ csel x13, x13, x2, ne
+ csel x10, x10, x6, ne
+ csel x8, x8, x19, ne
+ stp x9, x11, [x0, #72]
+ stp x14, x15, [x0, #88]
+ stp x16, x12, [x0, #104]
+ stp x13, x10, [x0, #120]
+ str x8, [x0, #136]
+ ldp x20, x19, [sp], #16
+ ret
+.Lfunc_end140:
+ .size mcl_fpDbl_add9L, .Lfunc_end140-mcl_fpDbl_add9L
+
+ .globl mcl_fpDbl_sub9L
+ .align 2
+ .type mcl_fpDbl_sub9L,@function
+mcl_fpDbl_sub9L: // @mcl_fpDbl_sub9L
+// BB#0:
+ ldp x10, x8, [x2, #128]
+ ldp x11, x9, [x1, #128]
+ ldp x14, x12, [x2, #112]
+ ldp x15, x13, [x1, #112]
+ ldp x16, x17, [x2]
+ ldp x18, x4, [x1]
+ ldp x5, x6, [x2, #96]
+ ldr x7, [x1, #16]
+ subs x16, x18, x16
+ sbcs x17, x4, x17
+ ldp x18, x4, [x2, #16]
+ str x16, [x0]
+ ldr x16, [x1, #24]
+ sbcs x18, x7, x18
+ str x17, [x0, #8]
+ ldp x17, x7, [x2, #32]
+ str x18, [x0, #16]
+ sbcs x16, x16, x4
+ ldp x18, x4, [x1, #32]
+ str x16, [x0, #24]
+ sbcs x16, x18, x17
+ ldp x17, x18, [x2, #48]
+ str x16, [x0, #32]
+ sbcs x4, x4, x7
+ ldp x16, x7, [x1, #48]
+ str x4, [x0, #40]
+ sbcs x16, x16, x17
+ ldp x17, x4, [x2, #80]
+ str x16, [x0, #48]
+ ldr x16, [x1, #64]
+ sbcs x18, x7, x18
+ ldp x7, x2, [x2, #64]
+ str x18, [x0, #56]
+ ldr x18, [x1, #72]
+ sbcs x16, x16, x7
+ str x16, [x0, #64]
+ ldp x16, x7, [x1, #80]
+ sbcs x18, x18, x2
+ ldp x2, x1, [x1, #96]
+ sbcs x16, x16, x17
+ sbcs x4, x7, x4
+ sbcs x2, x2, x5
+ ldp x7, x17, [x3, #56]
+ sbcs x1, x1, x6
+ sbcs x14, x15, x14
+ ldp x6, x5, [x3, #40]
+ sbcs x12, x13, x12
+ sbcs x10, x11, x10
+ ldp x13, x15, [x3, #24]
+ sbcs x8, x9, x8
+ ngcs x9, xzr
+ tst x9, #0x1
+ ldr x9, [x3]
+ ldp x3, x11, [x3, #8]
+ csel x17, x17, xzr, ne
+ csel x7, x7, xzr, ne
+ csel x5, x5, xzr, ne
+ csel x6, x6, xzr, ne
+ csel x15, x15, xzr, ne
+ csel x13, x13, xzr, ne
+ csel x11, x11, xzr, ne
+ csel x3, x3, xzr, ne
+ csel x9, x9, xzr, ne
+ adds x9, x9, x18
+ str x9, [x0, #72]
+ adcs x9, x3, x16
+ str x9, [x0, #80]
+ adcs x9, x11, x4
+ str x9, [x0, #88]
+ adcs x9, x13, x2
+ str x9, [x0, #96]
+ adcs x9, x15, x1
+ str x9, [x0, #104]
+ adcs x9, x6, x14
+ str x9, [x0, #112]
+ adcs x9, x5, x12
+ str x9, [x0, #120]
+ adcs x9, x7, x10
+ adcs x8, x17, x8
+ stp x9, x8, [x0, #128]
+ ret
+.Lfunc_end141:
+ .size mcl_fpDbl_sub9L, .Lfunc_end141-mcl_fpDbl_sub9L
+
+
+ .section ".note.GNU-stack","",@progbits
diff --git a/vendor/github.com/byzantine-lab/mcl/src/asm/arm.s b/vendor/github.com/byzantine-lab/mcl/src/asm/arm.s
new file mode 100644
index 000000000..2df9bfb92
--- /dev/null
+++ b/vendor/github.com/byzantine-lab/mcl/src/asm/arm.s
@@ -0,0 +1,84189 @@
+ .text
+ .syntax unified
+ .eabi_attribute 67, "2.09" @ Tag_conformance
+ .eabi_attribute 6, 1 @ Tag_CPU_arch
+ .eabi_attribute 8, 1 @ Tag_ARM_ISA_use
+ .eabi_attribute 15, 1 @ Tag_ABI_PCS_RW_data
+ .eabi_attribute 16, 1 @ Tag_ABI_PCS_RO_data
+ .eabi_attribute 17, 2 @ Tag_ABI_PCS_GOT_use
+ .eabi_attribute 20, 1 @ Tag_ABI_FP_denormal
+ .eabi_attribute 21, 1 @ Tag_ABI_FP_exceptions
+ .eabi_attribute 23, 3 @ Tag_ABI_FP_number_model
+ .eabi_attribute 34, 1 @ Tag_CPU_unaligned_access
+ .eabi_attribute 24, 1 @ Tag_ABI_align_needed
+ .eabi_attribute 25, 1 @ Tag_ABI_align_preserved
+ .eabi_attribute 28, 1 @ Tag_ABI_VFP_args
+ .eabi_attribute 38, 1 @ Tag_ABI_FP_16bit_format
+ .eabi_attribute 14, 0 @ Tag_ABI_PCS_R9_use
+ .file "<stdin>"
+ .globl makeNIST_P192L
+ .align 2
+ .type makeNIST_P192L,%function
+makeNIST_P192L: @ @makeNIST_P192L
+ .fnstart
+@ BB#0:
+ mvn r1, #0
+ mvn r2, #1
+ str r1, [r0]
+ stmib r0, {r1, r2}
+ str r1, [r0, #12]
+ str r1, [r0, #16]
+ str r1, [r0, #20]
+ mov pc, lr
+.Lfunc_end0:
+ .size makeNIST_P192L, .Lfunc_end0-makeNIST_P192L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mod_NIST_P192L
+ .align 2
+ .type mcl_fpDbl_mod_NIST_P192L,%function
+mcl_fpDbl_mod_NIST_P192L: @ @mcl_fpDbl_mod_NIST_P192L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #8
+ sub sp, sp, #8
+ add lr, r1, #24
+ ldr r2, [r1, #40]
+ ldr r3, [r1, #44]
+ ldr r7, [r1, #16]
+ ldr r8, [r1, #20]
+ ldm lr, {r4, r5, r6, lr}
+ ldm r1, {r1, r9, r10, r12}
+ adds r11, r4, r1
+ adcs r9, r5, r9
+ adcs r10, r6, r10
+ adcs r1, lr, r12
+ str r1, [sp, #4] @ 4-byte Spill
+ adcs r1, r2, r7
+ mov r7, #0
+ str r1, [sp] @ 4-byte Spill
+ adcs r8, r3, r8
+ mov r1, #0
+ adcs r1, r1, #0
+ adc r12, r7, #0
+ ldr r7, [sp, #4] @ 4-byte Reload
+ adds r11, r11, r2
+ adcs r9, r9, r3
+ adcs r4, r10, r4
+ adcs r5, r7, r5
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r6, r7, r6
+ adcs r7, r8, lr
+ adcs r1, r1, #0
+ adc r12, r12, #0
+ adds lr, r4, r2
+ adcs r3, r5, r3
+ adcs r6, r6, #0
+ adcs r7, r7, #0
+ adcs r1, r1, #0
+ adc r5, r12, #0
+ adds r12, r1, r11
+ adcs r11, r5, r9
+ adcs r10, r1, lr
+ mov r1, #0
+ adcs r8, r5, r3
+ adcs lr, r6, #0
+ adcs r2, r7, #0
+ adc r9, r1, #0
+ adds r7, r12, #1
+ str r2, [sp, #4] @ 4-byte Spill
+ adcs r6, r11, #0
+ adcs r3, r10, #1
+ adcs r5, r8, #0
+ adcs r1, lr, #0
+ adcs r2, r2, #0
+ sbc r4, r9, #0
+ ands r4, r4, #1
+ movne r7, r12
+ movne r6, r11
+ movne r3, r10
+ cmp r4, #0
+ movne r5, r8
+ movne r1, lr
+ str r7, [r0]
+ str r6, [r0, #4]
+ str r3, [r0, #8]
+ str r5, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ movne r2, r1
+ str r2, [r0, #20]
+ add sp, sp, #8
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end1:
+ .size mcl_fpDbl_mod_NIST_P192L, .Lfunc_end1-mcl_fpDbl_mod_NIST_P192L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sqr_NIST_P192L
+ .align 2
+ .type mcl_fp_sqr_NIST_P192L,%function
+mcl_fp_sqr_NIST_P192L: @ @mcl_fp_sqr_NIST_P192L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ mov r8, r0
+ add r0, sp, #12
+ bl mcl_fpDbl_sqrPre6L(PLT)
+ add r12, sp, #12
+ ldr lr, [sp, #48]
+ ldr r2, [sp, #44]
+ ldr r3, [sp, #40]
+ mov r4, #0
+ ldm r12, {r0, r1, r5, r6, r12}
+ ldr r7, [sp, #36]
+ adds r0, r7, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ adcs r0, r3, r1
+ mov r1, #0
+ adcs r10, r2, r5
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #52]
+ ldr r5, [sp, #32]
+ adcs r11, lr, r6
+ ldr r6, [sp, #56]
+ adcs r9, r0, r12
+ adcs r5, r6, r5
+ adcs r1, r1, #0
+ adc r12, r4, #0
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adds r4, r4, r0
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r4, r4, r6
+ adcs r7, r10, r7
+ adcs r3, r11, r3
+ adcs r2, r9, r2
+ adcs r5, r5, lr
+ adcs r1, r1, #0
+ adc r12, r12, #0
+ adds lr, r7, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r6
+ adcs r2, r2, #0
+ adcs r7, r5, #0
+ adcs r1, r1, #0
+ adc r6, r12, #0
+ adds r5, r1, r0
+ mov r0, #0
+ adcs r11, r6, r4
+ adcs r10, r1, lr
+ adcs r12, r6, r3
+ adcs lr, r2, #0
+ adcs r4, r7, #0
+ adc r9, r0, #0
+ adds r7, r5, #1
+ str r4, [sp, #8] @ 4-byte Spill
+ adcs r2, r11, #0
+ adcs r3, r10, #1
+ adcs r6, r12, #0
+ adcs r1, lr, #0
+ adcs r0, r4, #0
+ sbc r4, r9, #0
+ ands r4, r4, #1
+ movne r7, r5
+ movne r2, r11
+ movne r3, r10
+ cmp r4, #0
+ movne r6, r12
+ movne r1, lr
+ str r7, [r8]
+ str r2, [r8, #4]
+ str r3, [r8, #8]
+ str r6, [r8, #12]
+ str r1, [r8, #16]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ movne r0, r1
+ str r0, [r8, #20]
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end2:
+ .size mcl_fp_sqr_NIST_P192L, .Lfunc_end2-mcl_fp_sqr_NIST_P192L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulNIST_P192L
+ .align 2
+ .type mcl_fp_mulNIST_P192L,%function
+mcl_fp_mulNIST_P192L: @ @mcl_fp_mulNIST_P192L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ mov r8, r0
+ add r0, sp, #12
+ bl mcl_fpDbl_mulPre6L(PLT)
+ add r12, sp, #12
+ ldr lr, [sp, #48]
+ ldr r2, [sp, #44]
+ ldr r3, [sp, #40]
+ mov r4, #0
+ ldm r12, {r0, r1, r5, r6, r12}
+ ldr r7, [sp, #36]
+ adds r0, r7, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ adcs r0, r3, r1
+ mov r1, #0
+ adcs r10, r2, r5
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #52]
+ ldr r5, [sp, #32]
+ adcs r11, lr, r6
+ ldr r6, [sp, #56]
+ adcs r9, r0, r12
+ adcs r5, r6, r5
+ adcs r1, r1, #0
+ adc r12, r4, #0
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adds r4, r4, r0
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r4, r4, r6
+ adcs r7, r10, r7
+ adcs r3, r11, r3
+ adcs r2, r9, r2
+ adcs r5, r5, lr
+ adcs r1, r1, #0
+ adc r12, r12, #0
+ adds lr, r7, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r6
+ adcs r2, r2, #0
+ adcs r7, r5, #0
+ adcs r1, r1, #0
+ adc r6, r12, #0
+ adds r5, r1, r0
+ mov r0, #0
+ adcs r11, r6, r4
+ adcs r10, r1, lr
+ adcs r12, r6, r3
+ adcs lr, r2, #0
+ adcs r4, r7, #0
+ adc r9, r0, #0
+ adds r7, r5, #1
+ str r4, [sp, #8] @ 4-byte Spill
+ adcs r2, r11, #0
+ adcs r3, r10, #1
+ adcs r6, r12, #0
+ adcs r1, lr, #0
+ adcs r0, r4, #0
+ sbc r4, r9, #0
+ ands r4, r4, #1
+ movne r7, r5
+ movne r2, r11
+ movne r3, r10
+ cmp r4, #0
+ movne r6, r12
+ movne r1, lr
+ str r7, [r8]
+ str r2, [r8, #4]
+ str r3, [r8, #8]
+ str r6, [r8, #12]
+ str r1, [r8, #16]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ movne r0, r1
+ str r0, [r8, #20]
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end3:
+ .size mcl_fp_mulNIST_P192L, .Lfunc_end3-mcl_fp_mulNIST_P192L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mod_NIST_P521L
+ .align 2
+ .type mcl_fpDbl_mod_NIST_P521L,%function
+mcl_fpDbl_mod_NIST_P521L: @ @mcl_fpDbl_mod_NIST_P521L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldr r6, [r1, #64]
+ mov r5, #255
+ ldr r3, [r1, #72]
+ ldr r2, [r1, #76]
+ mov r9, r0
+ orr r5, r5, #256
+ and r5, r6, r5
+ lsr r6, r6, #9
+ lsr r7, r3, #9
+ str r5, [sp, #40] @ 4-byte Spill
+ ldr r5, [r1, #68]
+ orr r12, r7, r2, lsl #23
+ lsr r2, r2, #9
+ lsr r4, r5, #9
+ orr r6, r6, r5, lsl #23
+ ldr r5, [r1]
+ orr r3, r4, r3, lsl #23
+ ldmib r1, {r4, r7, lr}
+ adds r5, r6, r5
+ ldr r6, [r1, #36]
+ str r5, [sp, #36] @ 4-byte Spill
+ ldr r5, [r1, #80]
+ adcs r3, r3, r4
+ str r3, [sp, #32] @ 4-byte Spill
+ adcs r7, r12, r7
+ ldr r3, [r1, #84]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r1, #88]
+ orr r2, r2, r5, lsl #23
+ lsr r5, r5, #9
+ adcs r12, r2, lr
+ ldr r2, [r1, #16]
+ orr r4, r5, r3, lsl #23
+ lsr r3, r3, #9
+ orr r3, r3, r7, lsl #23
+ lsr r5, r7, #9
+ ldr r7, [r1, #40]
+ adcs r2, r4, r2
+ ldr r4, [r1, #24]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [r1, #20]
+ adcs r2, r3, r2
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ orr r3, r5, r2, lsl #23
+ ldr r5, [r1, #28]
+ lsr r2, r2, #9
+ adcs lr, r3, r4
+ ldr r3, [r1, #96]
+ ldr r4, [r1, #44]
+ orr r2, r2, r3, lsl #23
+ adcs r2, r2, r5
+ ldr r5, [r1, #32]
+ str r2, [sp, #16] @ 4-byte Spill
+ lsr r2, r3, #9
+ ldr r3, [r1, #100]
+ orr r2, r2, r3, lsl #23
+ adcs r2, r2, r5
+ ldr r5, [r1, #48]
+ str r2, [sp, #12] @ 4-byte Spill
+ lsr r2, r3, #9
+ ldr r3, [r1, #104]
+ orr r2, r2, r3, lsl #23
+ adcs r0, r2, r6
+ lsr r2, r3, #9
+ ldr r3, [r1, #108]
+ ldr r6, [r1, #52]
+ str r0, [sp, #8] @ 4-byte Spill
+ orr r2, r2, r3, lsl #23
+ adcs r7, r2, r7
+ lsr r2, r3, #9
+ ldr r3, [r1, #112]
+ orr r2, r2, r3, lsl #23
+ lsr r3, r3, #9
+ adcs r2, r2, r4
+ ldr r4, [r1, #116]
+ orr r3, r3, r4, lsl #23
+ lsr r4, r4, #9
+ adcs r3, r3, r5
+ ldr r5, [r1, #120]
+ orr r4, r4, r5, lsl #23
+ adcs r11, r4, r6
+ lsr r4, r5, #9
+ ldr r5, [r1, #124]
+ ldr r6, [r1, #56]
+ orr r4, r4, r5, lsl #23
+ adcs r10, r4, r6
+ lsr r4, r5, #9
+ ldr r5, [r1, #128]
+ ldr r1, [r1, #60]
+ orr r4, r4, r5, lsl #23
+ adcs r8, r4, r1
+ ldr r4, [sp, #40] @ 4-byte Reload
+ lsr r1, r5, #9
+ ldr r5, [sp, #36] @ 4-byte Reload
+ adc r1, r1, r4
+ mov r4, #1
+ and r4, r4, r1, lsr #9
+ adds r5, r4, r5
+ ldr r4, [sp, #32] @ 4-byte Reload
+ str r5, [sp, #40] @ 4-byte Spill
+ adcs r6, r4, #0
+ ldr r4, [sp, #28] @ 4-byte Reload
+ str r6, [sp, #36] @ 4-byte Spill
+ adcs r0, r4, #0
+ and r4, r6, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ and r4, r4, r0
+ adcs r0, r12, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ and r6, r4, r0
+ adcs r0, r5, #0
+ and r4, r6, r0
+ ldr r6, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r6, #0
+ ldr r6, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ and r5, r4, r0
+ adcs r0, lr, #0
+ and r5, r5, r0
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs lr, r6, #0
+ and r6, r5, lr
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r5, r5, #0
+ and r12, r6, r5
+ adcs r6, r0, #0
+ adcs r7, r7, #0
+ and r4, r12, r6
+ adcs r2, r2, #0
+ and r4, r4, r7
+ adcs r3, r3, #0
+ and r4, r4, r2
+ adcs r0, r11, #0
+ and r4, r4, r3
+ adcs r10, r10, #0
+ and r4, r4, r0
+ adcs r11, r8, #0
+ and r4, r4, r10
+ adc r8, r1, #0
+ ldr r1, .LCPI4_0
+ and r4, r4, r11
+ orr r1, r8, r1
+ and r1, r4, r1
+ cmn r1, #1
+ beq .LBB4_2
+@ BB#1: @ %nonzero
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r1, [r9]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r1, [r9, #4]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r1, [r9, #8]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r1, [r9, #12]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r1, [r9, #16]
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r1, [r9, #20]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r1, [r9, #24]
+ add r1, r9, #32
+ str lr, [r9, #28]
+ stm r1, {r5, r6, r7}
+ add r1, r9, #52
+ str r2, [r9, #44]
+ str r3, [r9, #48]
+ stm r1, {r0, r10, r11}
+ mov r1, #255
+ orr r1, r1, #256
+ and r1, r8, r1
+ str r1, [r9, #64]
+ b .LBB4_3
+.LBB4_2: @ %zero
+ mov r0, r9
+ mov r1, #0
+ mov r2, #68
+ bl memset(PLT)
+.LBB4_3: @ %zero
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+ .align 2
+@ BB#4:
+.LCPI4_0:
+ .long 4294966784 @ 0xfffffe00
+.Lfunc_end4:
+ .size mcl_fpDbl_mod_NIST_P521L, .Lfunc_end4-mcl_fpDbl_mod_NIST_P521L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre1L
+ .align 2
+ .type mcl_fp_mulUnitPre1L,%function
+mcl_fp_mulUnitPre1L: @ @mcl_fp_mulUnitPre1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ umull r3, r12, r1, r2
+ stm r0, {r3, r12}
+ mov pc, lr
+.Lfunc_end5:
+ .size mcl_fp_mulUnitPre1L, .Lfunc_end5-mcl_fp_mulUnitPre1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre1L
+ .align 2
+ .type mcl_fpDbl_mulPre1L,%function
+mcl_fpDbl_mulPre1L: @ @mcl_fpDbl_mulPre1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ ldr r2, [r2]
+ umull r3, r12, r2, r1
+ stm r0, {r3, r12}
+ mov pc, lr
+.Lfunc_end6:
+ .size mcl_fpDbl_mulPre1L, .Lfunc_end6-mcl_fpDbl_mulPre1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre1L
+ .align 2
+ .type mcl_fpDbl_sqrPre1L,%function
+mcl_fpDbl_sqrPre1L: @ @mcl_fpDbl_sqrPre1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ umull r2, r3, r1, r1
+ stm r0, {r2, r3}
+ mov pc, lr
+.Lfunc_end7:
+ .size mcl_fpDbl_sqrPre1L, .Lfunc_end7-mcl_fpDbl_sqrPre1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont1L
+ .align 2
+ .type mcl_fp_mont1L,%function
+mcl_fp_mont1L: @ @mcl_fp_mont1L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldr r12, [r2]
+ ldr r1, [r1]
+ mov r6, #0
+ umull lr, r2, r1, r12
+ ldr r12, [r3, #-4]
+ ldr r3, [r3]
+ mul r1, lr, r12
+ umull r12, r4, r1, r3
+ adds r5, r12, lr
+ adcs r5, r4, r2
+ umlal lr, r2, r1, r3
+ adc r6, r6, #0
+ subs r1, r2, r3
+ sbc r3, r6, #0
+ tst r3, #1
+ movne r1, r2
+ str r1, [r0]
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end8:
+ .size mcl_fp_mont1L, .Lfunc_end8-mcl_fp_mont1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF1L
+ .align 2
+ .type mcl_fp_montNF1L,%function
+mcl_fp_montNF1L: @ @mcl_fp_montNF1L
+ .fnstart
+@ BB#0:
+ .save {r11, lr}
+ push {r11, lr}
+ ldr r12, [r2]
+ ldr r1, [r1]
+ umull lr, r2, r1, r12
+ ldr r12, [r3, #-4]
+ ldr r3, [r3]
+ mul r1, lr, r12
+ umlal lr, r2, r1, r3
+ sub r1, r2, r3
+ cmp r1, #0
+ movge r2, r1
+ str r2, [r0]
+ pop {r11, lr}
+ mov pc, lr
+.Lfunc_end9:
+ .size mcl_fp_montNF1L, .Lfunc_end9-mcl_fp_montNF1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed1L
+ .align 2
+ .type mcl_fp_montRed1L,%function
+mcl_fp_montRed1L: @ @mcl_fp_montRed1L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldr r12, [r2, #-4]
+ ldr r3, [r1]
+ ldr r2, [r2]
+ ldr r1, [r1, #4]
+ mov r6, #0
+ mul lr, r3, r12
+ umull r12, r4, lr, r2
+ adds r5, r3, r12
+ adcs r5, r1, r4
+ umlal r3, r1, lr, r2
+ adc r6, r6, #0
+ subs r2, r1, r2
+ sbc r3, r6, #0
+ tst r3, #1
+ movne r2, r1
+ str r2, [r0]
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end10:
+ .size mcl_fp_montRed1L, .Lfunc_end10-mcl_fp_montRed1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre1L
+ .align 2
+ .type mcl_fp_addPre1L,%function
+mcl_fp_addPre1L: @ @mcl_fp_addPre1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ ldr r2, [r2]
+ adds r1, r2, r1
+ str r1, [r0]
+ mov r0, #0
+ adc r0, r0, #0
+ mov pc, lr
+.Lfunc_end11:
+ .size mcl_fp_addPre1L, .Lfunc_end11-mcl_fp_addPre1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre1L
+ .align 2
+ .type mcl_fp_subPre1L,%function
+mcl_fp_subPre1L: @ @mcl_fp_subPre1L
+ .fnstart
+@ BB#0:
+ ldr r2, [r2]
+ ldr r1, [r1]
+ subs r1, r1, r2
+ str r1, [r0]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ mov pc, lr
+.Lfunc_end12:
+ .size mcl_fp_subPre1L, .Lfunc_end12-mcl_fp_subPre1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_1L
+ .align 2
+ .type mcl_fp_shr1_1L,%function
+mcl_fp_shr1_1L: @ @mcl_fp_shr1_1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ lsr r1, r1, #1
+ str r1, [r0]
+ mov pc, lr
+.Lfunc_end13:
+ .size mcl_fp_shr1_1L, .Lfunc_end13-mcl_fp_shr1_1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add1L
+ .align 2
+ .type mcl_fp_add1L,%function
+mcl_fp_add1L: @ @mcl_fp_add1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ ldr r2, [r2]
+ ldr r3, [r3]
+ adds r1, r2, r1
+ mov r2, #0
+ str r1, [r0]
+ adc r2, r2, #0
+ subs r1, r1, r3
+ sbc r2, r2, #0
+ tst r2, #1
+ streq r1, [r0]
+ mov pc, lr
+.Lfunc_end14:
+ .size mcl_fp_add1L, .Lfunc_end14-mcl_fp_add1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF1L
+ .align 2
+ .type mcl_fp_addNF1L,%function
+mcl_fp_addNF1L: @ @mcl_fp_addNF1L
+ .fnstart
+@ BB#0:
+ ldr r1, [r1]
+ ldr r2, [r2]
+ add r1, r2, r1
+ ldr r2, [r3]
+ sub r2, r1, r2
+ cmp r2, #0
+ movlt r2, r1
+ str r2, [r0]
+ mov pc, lr
+.Lfunc_end15:
+ .size mcl_fp_addNF1L, .Lfunc_end15-mcl_fp_addNF1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub1L
+ .align 2
+ .type mcl_fp_sub1L,%function
+mcl_fp_sub1L: @ @mcl_fp_sub1L
+ .fnstart
+@ BB#0:
+ ldr r2, [r2]
+ ldr r1, [r1]
+ subs r1, r1, r2
+ mov r2, #0
+ sbc r2, r2, #0
+ str r1, [r0]
+ tst r2, #1
+ ldrne r2, [r3]
+ addne r1, r2, r1
+ strne r1, [r0]
+ movne pc, lr
+ mov pc, lr
+.Lfunc_end16:
+ .size mcl_fp_sub1L, .Lfunc_end16-mcl_fp_sub1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF1L
+ .align 2
+ .type mcl_fp_subNF1L,%function
+mcl_fp_subNF1L: @ @mcl_fp_subNF1L
+ .fnstart
+@ BB#0:
+ ldr r2, [r2]
+ ldr r1, [r1]
+ sub r1, r1, r2
+ ldr r2, [r3]
+ cmp r1, #0
+ addlt r1, r1, r2
+ str r1, [r0]
+ mov pc, lr
+.Lfunc_end17:
+ .size mcl_fp_subNF1L, .Lfunc_end17-mcl_fp_subNF1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add1L
+ .align 2
+ .type mcl_fpDbl_add1L,%function
+mcl_fpDbl_add1L: @ @mcl_fpDbl_add1L
+ .fnstart
+@ BB#0:
+ .save {r11, lr}
+ push {r11, lr}
+ ldm r1, {r12, lr}
+ ldm r2, {r1, r2}
+ ldr r3, [r3]
+ adds r1, r1, r12
+ str r1, [r0]
+ mov r1, #0
+ adcs r2, r2, lr
+ adc r1, r1, #0
+ subs r3, r2, r3
+ sbc r1, r1, #0
+ tst r1, #1
+ movne r3, r2
+ str r3, [r0, #4]
+ pop {r11, lr}
+ mov pc, lr
+.Lfunc_end18:
+ .size mcl_fpDbl_add1L, .Lfunc_end18-mcl_fpDbl_add1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub1L
+ .align 2
+ .type mcl_fpDbl_sub1L,%function
+mcl_fpDbl_sub1L: @ @mcl_fpDbl_sub1L
+ .fnstart
+@ BB#0:
+ .save {r11, lr}
+ push {r11, lr}
+ ldm r2, {r12, lr}
+ ldr r2, [r1]
+ ldr r1, [r1, #4]
+ ldr r3, [r3]
+ subs r2, r2, r12
+ str r2, [r0]
+ mov r2, #0
+ sbcs r1, r1, lr
+ sbc r2, r2, #0
+ tst r2, #1
+ addne r1, r1, r3
+ str r1, [r0, #4]
+ pop {r11, lr}
+ mov pc, lr
+.Lfunc_end19:
+ .size mcl_fpDbl_sub1L, .Lfunc_end19-mcl_fpDbl_sub1L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre2L
+ .align 2
+ .type mcl_fp_mulUnitPre2L,%function
+mcl_fp_mulUnitPre2L: @ @mcl_fp_mulUnitPre2L
+ .fnstart
+@ BB#0:
+ .save {r11, lr}
+ push {r11, lr}
+ ldm r1, {r3, lr}
+ umull r12, r1, r3, r2
+ mov r3, #0
+ umlal r1, r3, lr, r2
+ str r12, [r0]
+ stmib r0, {r1, r3}
+ pop {r11, lr}
+ mov pc, lr
+.Lfunc_end20:
+ .size mcl_fp_mulUnitPre2L, .Lfunc_end20-mcl_fp_mulUnitPre2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre2L
+ .align 2
+ .type mcl_fpDbl_mulPre2L,%function
+mcl_fpDbl_mulPre2L: @ @mcl_fpDbl_mulPre2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldr r3, [r2]
+ ldm r1, {r12, lr}
+ ldr r2, [r2, #4]
+ mov r5, #0
+ umull r1, r4, r12, r3
+ umlal r4, r5, lr, r3
+ umull r3, r6, r12, r2
+ str r1, [r0]
+ mov r1, #0
+ adds r3, r3, r4
+ str r3, [r0, #4]
+ umull r3, r4, lr, r2
+ adcs r2, r3, r5
+ adc r1, r1, #0
+ adds r2, r2, r6
+ adc r1, r1, r4
+ str r2, [r0, #8]
+ str r1, [r0, #12]
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end21:
+ .size mcl_fpDbl_mulPre2L, .Lfunc_end21-mcl_fpDbl_mulPre2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre2L
+ .align 2
+ .type mcl_fpDbl_sqrPre2L,%function
+mcl_fpDbl_sqrPre2L: @ @mcl_fpDbl_sqrPre2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldr r2, [r1]
+ ldr r1, [r1, #4]
+ mov r4, #0
+ mov lr, #0
+ umull r12, r3, r2, r2
+ umull r5, r6, r1, r2
+ umlal r3, r4, r1, r2
+ str r12, [r0]
+ adds r2, r3, r5
+ umull r3, r5, r1, r1
+ adcs r1, r4, r3
+ str r2, [r0, #4]
+ adc r3, lr, #0
+ adds r1, r1, r6
+ adc r3, r3, r5
+ str r1, [r0, #8]
+ str r3, [r0, #12]
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end22:
+ .size mcl_fpDbl_sqrPre2L, .Lfunc_end22-mcl_fpDbl_sqrPre2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont2L
+ .align 2
+ .type mcl_fp_mont2L,%function
+mcl_fp_mont2L: @ @mcl_fp_mont2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r1, {r12, lr}
+ ldm r2, {r1, r2}
+ mov r7, #0
+ mov r5, #0
+ mov r6, #0
+ umull r8, r9, r2, r12
+ umull r11, r4, r12, r1
+ umlal r9, r7, r2, lr
+ umlal r4, r5, lr, r1
+ ldmda r3, {r12, lr}
+ ldr r10, [r3, #4]
+ mul r1, r11, r12
+ umull r3, r2, r1, lr
+ adds r3, r3, r11
+ mov r3, #0
+ umlal r2, r3, r1, r10
+ adcs r1, r2, r4
+ adcs r2, r3, r5
+ adc r3, r6, #0
+ adds r1, r1, r8
+ adcs r8, r2, r9
+ mul r5, r1, r12
+ adcs r3, r3, r7
+ umull r7, r2, r5, lr
+ adc r4, r6, #0
+ umlal r2, r6, r5, r10
+ adds r1, r7, r1
+ adcs r1, r2, r8
+ adcs r2, r6, r3
+ adc r3, r4, #0
+ subs r7, r1, lr
+ sbcs r6, r2, r10
+ sbc r3, r3, #0
+ ands r3, r3, #1
+ movne r7, r1
+ movne r6, r2
+ str r7, [r0]
+ str r6, [r0, #4]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end23:
+ .size mcl_fp_mont2L, .Lfunc_end23-mcl_fp_mont2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF2L
+ .align 2
+ .type mcl_fp_montNF2L,%function
+mcl_fp_montNF2L: @ @mcl_fp_montNF2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r11, [r1]
+ ldr r8, [r3, #-4]
+ ldr r7, [r3]
+ ldr r9, [r1, #4]
+ ldr r3, [r3, #4]
+ umull r4, r5, r11, r12
+ mul r6, r4, r8
+ umull r1, r10, r6, r7
+ adds r1, r1, r4
+ mov r4, #0
+ umlal r5, r4, r9, r12
+ umull r2, r12, r6, r3
+ mov r1, #0
+ adcs r2, r2, r5
+ adc r4, r4, #0
+ adds r2, r2, r10
+ adc r6, r4, r12
+ umull r5, r4, lr, r11
+ adds r2, r5, r2
+ umlal r4, r1, lr, r9
+ adcs r9, r4, r6
+ mul r5, r2, r8
+ adc lr, r1, #0
+ umull r1, r6, r5, r7
+ umull r4, r12, r5, r3
+ adds r1, r1, r2
+ adcs r1, r4, r9
+ adc r2, lr, #0
+ adds r1, r1, r6
+ adc r2, r2, r12
+ subs r7, r1, r7
+ sbc r3, r2, r3
+ cmp r3, #0
+ movlt r7, r1
+ movlt r3, r2
+ str r7, [r0]
+ str r3, [r0, #4]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end24:
+ .size mcl_fp_montNF2L, .Lfunc_end24-mcl_fp_montNF2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed2L
+ .align 2
+ .type mcl_fp_montRed2L,%function
+mcl_fp_montRed2L: @ @mcl_fp_montRed2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldr r12, [r2, #-4]
+ ldm r2, {r3, lr}
+ ldm r1, {r2, r9, r10}
+ ldr r8, [r1, #12]
+ mov r5, #0
+ mov r7, #0
+ mul r6, r2, r12
+ umull r1, r4, r6, r3
+ umlal r4, r5, r6, lr
+ adds r1, r2, r1
+ adcs r1, r9, r4
+ adcs r9, r10, r5
+ mul r6, r1, r12
+ adcs r8, r8, #0
+ umull r2, r4, r6, r3
+ adc r5, r7, #0
+ umlal r4, r7, r6, lr
+ adds r1, r2, r1
+ adcs r1, r4, r9
+ adcs r2, r7, r8
+ adc r7, r5, #0
+ subs r3, r1, r3
+ sbcs r6, r2, lr
+ sbc r7, r7, #0
+ ands r7, r7, #1
+ movne r3, r1
+ movne r6, r2
+ stm r0, {r3, r6}
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end25:
+ .size mcl_fp_montRed2L, .Lfunc_end25-mcl_fp_montRed2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre2L
+ .align 2
+ .type mcl_fp_addPre2L,%function
+mcl_fp_addPre2L: @ @mcl_fp_addPre2L
+ .fnstart
+@ BB#0:
+ ldm r1, {r3, r12}
+ ldm r2, {r1, r2}
+ adds r1, r1, r3
+ adcs r2, r2, r12
+ stm r0, {r1, r2}
+ mov r0, #0
+ adc r0, r0, #0
+ mov pc, lr
+.Lfunc_end26:
+ .size mcl_fp_addPre2L, .Lfunc_end26-mcl_fp_addPre2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre2L
+ .align 2
+ .type mcl_fp_subPre2L,%function
+mcl_fp_subPre2L: @ @mcl_fp_subPre2L
+ .fnstart
+@ BB#0:
+ ldm r2, {r3, r12}
+ ldr r2, [r1]
+ ldr r1, [r1, #4]
+ subs r2, r2, r3
+ sbcs r1, r1, r12
+ str r2, [r0]
+ str r1, [r0, #4]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ mov pc, lr
+.Lfunc_end27:
+ .size mcl_fp_subPre2L, .Lfunc_end27-mcl_fp_subPre2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_2L
+ .align 2
+ .type mcl_fp_shr1_2L,%function
+mcl_fp_shr1_2L: @ @mcl_fp_shr1_2L
+ .fnstart
+@ BB#0:
+ ldr r2, [r1]
+ ldr r1, [r1, #4]
+ lsrs r3, r1, #1
+ lsr r1, r1, #1
+ rrx r2, r2
+ str r2, [r0]
+ str r1, [r0, #4]
+ mov pc, lr
+.Lfunc_end28:
+ .size mcl_fp_shr1_2L, .Lfunc_end28-mcl_fp_shr1_2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add2L
+ .align 2
+ .type mcl_fp_add2L,%function
+mcl_fp_add2L: @ @mcl_fp_add2L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r1, {r12, lr}
+ ldm r2, {r1, r2}
+ adds r12, r1, r12
+ mov r1, #0
+ adcs r2, r2, lr
+ str r12, [r0]
+ str r2, [r0, #4]
+ adc lr, r1, #0
+ ldm r3, {r1, r4}
+ subs r3, r12, r1
+ sbcs r2, r2, r4
+ sbc r1, lr, #0
+ tst r1, #1
+ streq r3, [r0]
+ streq r2, [r0, #4]
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end29:
+ .size mcl_fp_add2L, .Lfunc_end29-mcl_fp_add2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF2L
+ .align 2
+ .type mcl_fp_addNF2L,%function
+mcl_fp_addNF2L: @ @mcl_fp_addNF2L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r1, {r12, lr}
+ ldm r2, {r1, r2}
+ adds r1, r1, r12
+ adc r4, r2, lr
+ ldm r3, {r12, lr}
+ subs r3, r1, r12
+ sbc r2, r4, lr
+ cmp r2, #0
+ movlt r3, r1
+ movlt r2, r4
+ str r3, [r0]
+ str r2, [r0, #4]
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end30:
+ .size mcl_fp_addNF2L, .Lfunc_end30-mcl_fp_addNF2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub2L
+ .align 2
+ .type mcl_fp_sub2L,%function
+mcl_fp_sub2L: @ @mcl_fp_sub2L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r2, {r12, lr}
+ ldm r1, {r2, r4}
+ subs r1, r2, r12
+ sbcs r2, r4, lr
+ mov r4, #0
+ sbc r4, r4, #0
+ stm r0, {r1, r2}
+ tst r4, #1
+ popeq {r4, lr}
+ moveq pc, lr
+ ldr r4, [r3]
+ ldr r3, [r3, #4]
+ adds r1, r4, r1
+ adc r2, r3, r2
+ stm r0, {r1, r2}
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end31:
+ .size mcl_fp_sub2L, .Lfunc_end31-mcl_fp_sub2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF2L
+ .align 2
+ .type mcl_fp_subNF2L,%function
+mcl_fp_subNF2L: @ @mcl_fp_subNF2L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r2, {r12, lr}
+ ldr r2, [r1]
+ ldr r1, [r1, #4]
+ subs r4, r2, r12
+ sbc r1, r1, lr
+ ldm r3, {r12, lr}
+ adds r3, r4, r12
+ adc r2, r1, lr
+ cmp r1, #0
+ movge r3, r4
+ movge r2, r1
+ str r3, [r0]
+ str r2, [r0, #4]
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end32:
+ .size mcl_fp_subNF2L, .Lfunc_end32-mcl_fp_subNF2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add2L
+ .align 2
+ .type mcl_fpDbl_add2L,%function
+mcl_fpDbl_add2L: @ @mcl_fpDbl_add2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldm r1, {r12, lr}
+ ldr r4, [r1, #8]
+ ldr r1, [r1, #12]
+ ldm r2, {r5, r6, r7}
+ ldr r2, [r2, #12]
+ adds r5, r5, r12
+ adcs r6, r6, lr
+ str r5, [r0]
+ adcs r7, r7, r4
+ str r6, [r0, #4]
+ mov r6, #0
+ adcs r1, r2, r1
+ adc r2, r6, #0
+ ldr r6, [r3]
+ ldr r3, [r3, #4]
+ subs r6, r7, r6
+ sbcs r3, r1, r3
+ sbc r2, r2, #0
+ ands r2, r2, #1
+ movne r6, r7
+ movne r3, r1
+ str r6, [r0, #8]
+ str r3, [r0, #12]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end33:
+ .size mcl_fpDbl_add2L, .Lfunc_end33-mcl_fpDbl_add2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub2L
+ .align 2
+ .type mcl_fpDbl_sub2L,%function
+mcl_fpDbl_sub2L: @ @mcl_fpDbl_sub2L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r4, [r2, #8]
+ ldr r2, [r2, #12]
+ ldm r1, {r5, r6, r7}
+ ldr r1, [r1, #12]
+ subs r5, r5, r12
+ sbcs r6, r6, lr
+ str r5, [r0]
+ sbcs r7, r7, r4
+ str r6, [r0, #4]
+ mov r6, #0
+ sbcs r1, r1, r2
+ sbc r2, r6, #0
+ ldr r6, [r3]
+ ldr r3, [r3, #4]
+ adds r6, r7, r6
+ adc r3, r1, r3
+ ands r2, r2, #1
+ moveq r6, r7
+ moveq r3, r1
+ str r6, [r0, #8]
+ str r3, [r0, #12]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end34:
+ .size mcl_fpDbl_sub2L, .Lfunc_end34-mcl_fpDbl_sub2L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre3L
+ .align 2
+ .type mcl_fp_mulUnitPre3L,%function
+mcl_fp_mulUnitPre3L: @ @mcl_fp_mulUnitPre3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, r5}
+ umull lr, r4, r12, r2
+ umull r1, r12, r5, r2
+ umull r7, r8, r3, r2
+ mov r5, r1
+ mov r6, r4
+ str lr, [r0]
+ umlal r6, r5, r3, r2
+ adds r2, r4, r7
+ adcs r1, r8, r1
+ str r6, [r0, #4]
+ str r5, [r0, #8]
+ adc r1, r12, #0
+ str r1, [r0, #12]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end35:
+ .size mcl_fp_mulUnitPre3L, .Lfunc_end35-mcl_fp_mulUnitPre3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre3L
+ .align 2
+ .type mcl_fpDbl_mulPre3L,%function
+mcl_fpDbl_mulPre3L: @ @mcl_fpDbl_mulPre3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldr r3, [r2]
+ ldm r1, {r12, lr}
+ ldr r1, [r1, #8]
+ umull r4, r5, r12, r3
+ str r4, [r0]
+ umull r4, r6, lr, r3
+ adds r4, r5, r4
+ umull r7, r4, r1, r3
+ adcs r6, r6, r7
+ umlal r5, r7, lr, r3
+ ldr r3, [r2, #4]
+ ldr r2, [r2, #8]
+ adc r8, r4, #0
+ umull r6, r10, r12, r3
+ adds r9, r6, r5
+ umull r6, r5, lr, r3
+ adcs r6, r6, r7
+ umull r7, r4, r1, r3
+ str r9, [r0, #4]
+ adcs r3, r7, r8
+ mov r8, #0
+ adc r7, r8, #0
+ adds r6, r6, r10
+ adcs r11, r3, r5
+ umull r5, r9, r1, r2
+ umull r1, r10, lr, r2
+ adc r4, r7, r4
+ umull r7, r3, r12, r2
+ adds r2, r6, r7
+ adcs r1, r11, r1
+ str r2, [r0, #8]
+ adcs r2, r4, r5
+ adc r7, r8, #0
+ adds r1, r1, r3
+ str r1, [r0, #12]
+ adcs r1, r2, r10
+ str r1, [r0, #16]
+ adc r1, r7, r9
+ str r1, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end36:
+ .size mcl_fpDbl_mulPre3L, .Lfunc_end36-mcl_fpDbl_mulPre3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre3L
+ .align 2
+ .type mcl_fpDbl_sqrPre3L,%function
+mcl_fpDbl_sqrPre3L: @ @mcl_fpDbl_sqrPre3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldm r1, {r2, r3, r12}
+ mov r10, #0
+ umull r1, lr, r2, r2
+ umull r7, r4, r3, r2
+ str r1, [r0]
+ umull r1, r8, r12, r2
+ mov r5, lr
+ mov r6, r1
+ umlal r5, r6, r3, r2
+ adds r2, lr, r7
+ adcs r2, r4, r1
+ adc r2, r8, #0
+ adds lr, r5, r7
+ umull r5, r9, r3, r3
+ adcs r5, r6, r5
+ umull r6, r7, r12, r3
+ str lr, [r0, #4]
+ adcs r2, r2, r6
+ adc r3, r10, #0
+ adds r4, r5, r4
+ adcs r2, r2, r9
+ adc r3, r3, r7
+ adds r1, r4, r1
+ umull r5, r4, r12, r12
+ str r1, [r0, #8]
+ adcs r1, r2, r6
+ adcs r2, r3, r5
+ adc r3, r10, #0
+ adds r1, r1, r8
+ str r1, [r0, #12]
+ adcs r1, r2, r7
+ str r1, [r0, #16]
+ adc r1, r3, r4
+ str r1, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end37:
+ .size mcl_fpDbl_sqrPre3L, .Lfunc_end37-mcl_fpDbl_sqrPre3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont3L
+ .align 2
+ .type mcl_fp_mont3L,%function
+mcl_fp_mont3L: @ @mcl_fp_mont3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r2, {r8, lr}
+ ldr r0, [r2, #8]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldmib r1, {r4, r9}
+ ldr r2, [r3, #-4]
+ umull r7, r6, r0, r8
+ ldr r0, [r3]
+ ldr r1, [r3, #8]
+ ldr r10, [r3, #4]
+ str r7, [sp, #12] @ 4-byte Spill
+ mul r5, r7, r2
+ str r2, [sp, #16] @ 4-byte Spill
+ str r9, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #40] @ 4-byte Spill
+ str r1, [sp, #28] @ 4-byte Spill
+ umull r12, r2, r5, r1
+ umull r1, r3, r5, r0
+ umull r0, r7, r9, r8
+ umull r11, r9, r4, r8
+ str r7, [sp] @ 4-byte Spill
+ adds r7, r6, r11
+ str r1, [sp, #8] @ 4-byte Spill
+ mov r1, r3
+ str r2, [sp, #4] @ 4-byte Spill
+ mov r2, r12
+ adcs r7, r9, r0
+ umlal r1, r2, r5, r10
+ umlal r6, r0, r4, r8
+ mov r8, #0
+ ldr r7, [sp] @ 4-byte Reload
+ adc r9, r7, #0
+ umull r7, r11, r5, r10
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adds r3, r3, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r3, r11, r12
+ ldr r3, [sp, #4] @ 4-byte Reload
+ adc r3, r3, #0
+ adds r7, r5, r7
+ adcs r11, r1, r6
+ adcs r12, r2, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r9, r3, r9
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adc r8, r8, #0
+ umull r6, r7, lr, r0
+ umull r5, r0, lr, r4
+ umull r1, r2, lr, r3
+ adds r5, r2, r5
+ adcs r0, r0, r6
+ umlal r2, r6, lr, r4
+ adc r0, r7, #0
+ adds r1, r11, r1
+ ldr r11, [sp, #16] @ 4-byte Reload
+ adcs r2, r12, r2
+ ldr r12, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #12] @ 4-byte Spill
+ adcs r2, r9, r6
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #4] @ 4-byte Spill
+ mov r0, #0
+ mul r6, r1, r11
+ adc r0, r0, #0
+ umull r7, r9, r6, r12
+ str r0, [sp] @ 4-byte Spill
+ mov r5, r7
+ umull r8, r0, r6, r2
+ umull lr, r2, r6, r10
+ mov r3, r0
+ adds r0, r0, lr
+ ldr lr, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r7
+ umlal r3, r5, r6, r10
+ adc r0, r9, #0
+ adds r1, r8, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r1, r3, r1
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r8, r5, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r9, r0, r1
+ ldr r0, [sp] @ 4-byte Reload
+ umull r1, r2, r3, lr
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ umull r6, r7, r3, r0
+ umull r5, r0, r3, r4
+ adds r5, r2, r5
+ adcs r0, r0, r6
+ umlal r2, r6, r3, r4
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adc r0, r7, #0
+ adds r1, r3, r1
+ adcs r2, r8, r2
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r9, r9, r6
+ mul r6, r1, r11
+ umull r7, r4, r6, r12
+ ldr r12, [sp, #40] @ 4-byte Reload
+ mov r5, r7
+ adcs r0, r2, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ umull r11, r3, r6, r12
+ adc r8, r0, #0
+ umull r0, lr, r6, r10
+ mov r2, r3
+ adds r0, r3, r0
+ ldr r3, [sp, #32] @ 4-byte Reload
+ umlal r2, r5, r6, r10
+ adcs r0, lr, r7
+ adc r0, r4, #0
+ adds r1, r11, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r2, r1
+ adcs r2, r5, r9
+ ldr r5, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r3
+ adc r3, r8, #0
+ subs r7, r1, r12
+ sbcs r6, r2, r10
+ sbcs r5, r0, r5
+ sbc r3, r3, #0
+ ands r3, r3, #1
+ movne r5, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ movne r7, r1
+ movne r6, r2
+ str r7, [r0]
+ str r6, [r0, #4]
+ str r5, [r0, #8]
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end38:
+ .size mcl_fp_mont3L, .Lfunc_end38-mcl_fp_mont3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF3L
+ .align 2
+ .type mcl_fp_montNF3L,%function
+mcl_fp_montNF3L: @ @mcl_fp_montNF3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r8, [r1]
+ ldmib r1, {r6, r9}
+ ldm r2, {r4, r7}
+ ldr r0, [r2, #8]
+ mov r10, r3
+ umull r3, r1, r0, r9
+ str r1, [sp, #52] @ 4-byte Spill
+ umull r1, r2, r0, r8
+ str r3, [sp, #44] @ 4-byte Spill
+ str r1, [sp, #48] @ 4-byte Spill
+ str r2, [sp, #40] @ 4-byte Spill
+ mov r1, r2
+ mov r2, r3
+ umull r3, r5, r0, r6
+ umlal r1, r2, r0, r6
+ str r3, [sp, #32] @ 4-byte Spill
+ umull r3, r0, r7, r6
+ str r5, [sp, #36] @ 4-byte Spill
+ str r1, [sp, #56] @ 4-byte Spill
+ str r2, [sp, #60] @ 4-byte Spill
+ umull r2, r1, r7, r9
+ str r0, [sp, #8] @ 4-byte Spill
+ str r3, [sp, #4] @ 4-byte Spill
+ str r1, [sp, #28] @ 4-byte Spill
+ umull r1, r11, r7, r8
+ str r2, [sp, #16] @ 4-byte Spill
+ str r1, [sp, #24] @ 4-byte Spill
+ mov r1, r2
+ str r11, [sp, #12] @ 4-byte Spill
+ umlal r11, r1, r7, r6
+ umull r0, r7, r6, r4
+ str r1, [sp, #20] @ 4-byte Spill
+ umull lr, r1, r9, r4
+ umull r9, r2, r8, r4
+ ldr r8, [r10, #-4]
+ adds r0, r2, r0
+ str r1, [sp] @ 4-byte Spill
+ mov r1, r2
+ mov r12, lr
+ adcs r0, r7, lr
+ umlal r1, r12, r6, r4
+ ldr r0, [sp] @ 4-byte Reload
+ ldm r10, {r6, r7}
+ mul r2, r9, r8
+ adc r3, r0, #0
+ ldr r0, [r10, #8]
+ umull r4, lr, r2, r6
+ adds r4, r4, r9
+ umull r4, r9, r2, r7
+ adcs r1, r4, r1
+ umull r4, r5, r2, r0
+ adcs r2, r4, r12
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adc r3, r3, #0
+ adds r1, r1, lr
+ adcs r2, r2, r9
+ adc r3, r3, r5
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adds r5, r5, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adcs r5, r4, r5
+ ldr r4, [sp, #24] @ 4-byte Reload
+ ldr r5, [sp, #28] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r1, r4, r1
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r2, r11, r2
+ adcs r12, r4, r3
+ mul r4, r1, r8
+ umull r3, r9, r4, r6
+ adc lr, r5, #0
+ adds r1, r3, r1
+ umull r1, r3, r4, r7
+ adcs r1, r1, r2
+ umull r2, r5, r4, r0
+ adcs r2, r2, r12
+ adc r4, lr, #0
+ adds r1, r1, r9
+ adcs r12, r2, r3
+ ldr r2, [sp, #40] @ 4-byte Reload
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adc r9, r4, r5
+ adds r5, r2, r3
+ ldr r2, [sp, #44] @ 4-byte Reload
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r5, r3, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adc lr, r2, #0
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adds r1, r2, r1
+ mul r4, r1, r8
+ umull r10, r2, r4, r0
+ umull r3, r8, r4, r7
+ str r2, [sp, #52] @ 4-byte Spill
+ umull r2, r11, r4, r6
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r4, r4, r12
+ adcs r12, r5, r9
+ adc r5, lr, #0
+ adds r1, r2, r1
+ adcs r1, r3, r4
+ adcs r2, r10, r12
+ adc r3, r5, #0
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adds r1, r1, r11
+ adcs r2, r2, r8
+ adc r3, r3, r5
+ subs r6, r1, r6
+ sbcs r7, r2, r7
+ sbc r0, r3, r0
+ asr r5, r0, #31
+ cmp r5, #0
+ movlt r6, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ movlt r7, r2
+ movlt r0, r3
+ stm r1, {r6, r7}
+ str r0, [r1, #8]
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end39:
+ .size mcl_fp_montNF3L, .Lfunc_end39-mcl_fp_montNF3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed3L
+ .align 2
+ .type mcl_fp_montRed3L,%function
+mcl_fp_montRed3L: @ @mcl_fp_montRed3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ ldr r5, [r2]
+ ldr lr, [r2, #-4]
+ ldr r3, [r2, #4]
+ ldr r2, [r2, #8]
+ str r0, [sp, #24] @ 4-byte Spill
+ str r5, [sp, #20] @ 4-byte Spill
+ str r2, [sp] @ 4-byte Spill
+ ldm r1, {r4, r7}
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r1, #8]
+ mul r6, r4, lr
+ umull r10, r8, r6, r3
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r1, #12]
+ str r7, [sp, #12] @ 4-byte Spill
+ umull r7, r9, r6, r2
+ umull r11, r2, r6, r5
+ mov r0, r2
+ adds r2, r2, r10
+ mov r12, r7
+ adcs r2, r8, r7
+ umlal r0, r12, r6, r3
+ ldr r8, [r1, #20]
+ ldr r1, [r1, #16]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adc r10, r9, #0
+ adds r7, r4, r11
+ mov r11, lr
+ adcs r9, r2, r0
+ ldr r2, [sp] @ 4-byte Reload
+ mul r7, r9, lr
+ umull lr, r0, r7, r2
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r4, r0, r7, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ mov r6, lr
+ str r4, [sp, #4] @ 4-byte Spill
+ mov r4, r0
+ umlal r4, r6, r7, r3
+ adcs r12, r5, r12
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r10, r5, r10
+ adcs r1, r1, #0
+ str r1, [sp, #16] @ 4-byte Spill
+ adcs r1, r8, #0
+ str r1, [sp, #12] @ 4-byte Spill
+ mov r1, #0
+ adc r8, r1, #0
+ umull r1, r5, r7, r3
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adds r1, r0, r1
+ adcs r0, r5, lr
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r1, r1, r9
+ adcs r1, r4, r12
+ adcs lr, r6, r10
+ ldr r6, [sp, #20] @ 4-byte Reload
+ mul r5, r1, r11
+ mov r11, r2
+ adcs r0, r0, r7
+ umull r4, r12, r5, r2
+ umull r2, r7, r5, r3
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r10, r0, #0
+ umull r9, r0, r5, r6
+ adc r8, r8, #0
+ adds r2, r0, r2
+ mov r2, r4
+ adcs r4, r7, r4
+ adc r7, r12, #0
+ adds r1, r9, r1
+ umlal r0, r2, r5, r3
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, lr
+ adcs r1, r2, r1
+ adcs r2, r7, r10
+ adc r7, r8, #0
+ subs r6, r0, r6
+ sbcs r3, r1, r3
+ sbcs r5, r2, r11
+ sbc r7, r7, #0
+ ands r7, r7, #1
+ movne r6, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ movne r3, r1
+ movne r5, r2
+ str r6, [r0]
+ stmib r0, {r3, r5}
+ add sp, sp, #28
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end40:
+ .size mcl_fp_montRed3L, .Lfunc_end40-mcl_fp_montRed3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre3L
+ .align 2
+ .type mcl_fp_addPre3L,%function
+mcl_fp_addPre3L: @ @mcl_fp_addPre3L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r1, {r3, r12, lr}
+ ldm r2, {r1, r4}
+ ldr r2, [r2, #8]
+ adds r1, r1, r3
+ adcs r3, r4, r12
+ adcs r2, r2, lr
+ stm r0, {r1, r3}
+ str r2, [r0, #8]
+ mov r0, #0
+ adc r0, r0, #0
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end41:
+ .size mcl_fp_addPre3L, .Lfunc_end41-mcl_fp_addPre3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre3L
+ .align 2
+ .type mcl_fp_subPre3L,%function
+mcl_fp_subPre3L: @ @mcl_fp_subPre3L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldm r2, {r3, r12, lr}
+ ldm r1, {r2, r4}
+ ldr r1, [r1, #8]
+ subs r2, r2, r3
+ sbcs r3, r4, r12
+ sbcs r1, r1, lr
+ stm r0, {r2, r3}
+ str r1, [r0, #8]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end42:
+ .size mcl_fp_subPre3L, .Lfunc_end42-mcl_fp_subPre3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_3L
+ .align 2
+ .type mcl_fp_shr1_3L,%function
+mcl_fp_shr1_3L: @ @mcl_fp_shr1_3L
+ .fnstart
+@ BB#0:
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr r1, [r1, #8]
+ lsrs r2, r3, #1
+ lsr r3, r3, #1
+ orr r3, r3, r1, lsl #31
+ rrx r2, r12
+ lsr r1, r1, #1
+ stm r0, {r2, r3}
+ str r1, [r0, #8]
+ mov pc, lr
+.Lfunc_end43:
+ .size mcl_fp_shr1_3L, .Lfunc_end43-mcl_fp_shr1_3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add3L
+ .align 2
+ .type mcl_fp_add3L,%function
+mcl_fp_add3L: @ @mcl_fp_add3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r11, lr}
+ push {r4, r5, r11, lr}
+ ldm r1, {r12, lr}
+ ldr r1, [r1, #8]
+ ldm r2, {r4, r5}
+ ldr r2, [r2, #8]
+ adds r4, r4, r12
+ adcs r5, r5, lr
+ adcs r1, r2, r1
+ stm r0, {r4, r5}
+ mov r2, #0
+ str r1, [r0, #8]
+ adc r12, r2, #0
+ ldm r3, {r2, lr}
+ ldr r3, [r3, #8]
+ subs r4, r4, r2
+ sbcs r5, r5, lr
+ sbcs r3, r1, r3
+ sbc r1, r12, #0
+ tst r1, #1
+ stmeq r0, {r4, r5}
+ streq r3, [r0, #8]
+ pop {r4, r5, r11, lr}
+ mov pc, lr
+.Lfunc_end44:
+ .size mcl_fp_add3L, .Lfunc_end44-mcl_fp_add3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF3L
+ .align 2
+ .type mcl_fp_addNF3L,%function
+mcl_fp_addNF3L: @ @mcl_fp_addNF3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldm r1, {r12, lr}
+ ldr r1, [r1, #8]
+ ldm r2, {r4, r5}
+ ldr r2, [r2, #8]
+ adds r4, r4, r12
+ adcs r5, r5, lr
+ adc r7, r2, r1
+ ldm r3, {r2, r12, lr}
+ subs r2, r4, r2
+ sbcs r3, r5, r12
+ sbc r1, r7, lr
+ asr r6, r1, #31
+ cmp r6, #0
+ movlt r2, r4
+ movlt r3, r5
+ movlt r1, r7
+ stm r0, {r2, r3}
+ str r1, [r0, #8]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end45:
+ .size mcl_fp_addNF3L, .Lfunc_end45-mcl_fp_addNF3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub3L
+ .align 2
+ .type mcl_fp_sub3L,%function
+mcl_fp_sub3L: @ @mcl_fp_sub3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldm r2, {r12, lr}
+ ldr r4, [r2, #8]
+ ldm r1, {r2, r5, r6}
+ subs r1, r2, r12
+ sbcs r2, r5, lr
+ sbcs r12, r6, r4
+ mov r6, #0
+ sbc r6, r6, #0
+ stm r0, {r1, r2, r12}
+ tst r6, #1
+ popeq {r4, r5, r6, lr}
+ moveq pc, lr
+ ldr r6, [r3]
+ ldr r5, [r3, #4]
+ ldr r3, [r3, #8]
+ adds r1, r6, r1
+ adcs r2, r5, r2
+ adc r3, r3, r12
+ stm r0, {r1, r2, r3}
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end46:
+ .size mcl_fp_sub3L, .Lfunc_end46-mcl_fp_sub3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF3L
+ .align 2
+ .type mcl_fp_subNF3L,%function
+mcl_fp_subNF3L: @ @mcl_fp_subNF3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r2, [r2, #8]
+ ldm r1, {r4, r5}
+ ldr r1, [r1, #8]
+ subs r4, r4, r12
+ sbcs r7, r5, lr
+ sbc r1, r1, r2
+ ldm r3, {r2, r12, lr}
+ asr r6, r1, #31
+ adds r2, r4, r2
+ adcs r3, r7, r12
+ adc r5, r1, lr
+ cmp r6, #0
+ movge r2, r4
+ movge r3, r7
+ movge r5, r1
+ stm r0, {r2, r3, r5}
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end47:
+ .size mcl_fp_subNF3L, .Lfunc_end47-mcl_fp_subNF3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add3L
+ .align 2
+ .type mcl_fpDbl_add3L,%function
+mcl_fpDbl_add3L: @ @mcl_fpDbl_add3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r1, {r12, lr}
+ ldr r7, [r2]
+ ldr r11, [r1, #8]
+ ldr r9, [r1, #12]
+ ldr r10, [r1, #16]
+ ldr r8, [r1, #20]
+ ldmib r2, {r1, r5, r6}
+ ldr r4, [r2, #16]
+ ldr r2, [r2, #20]
+ adds r7, r7, r12
+ adcs r1, r1, lr
+ str r7, [r0]
+ str r1, [r0, #4]
+ adcs r1, r5, r11
+ ldr r5, [r3]
+ adcs r7, r6, r9
+ str r1, [r0, #8]
+ mov r1, #0
+ adcs r6, r4, r10
+ ldr r4, [r3, #4]
+ ldr r3, [r3, #8]
+ adcs r2, r2, r8
+ adc r1, r1, #0
+ subs r5, r7, r5
+ sbcs r4, r6, r4
+ sbcs r3, r2, r3
+ sbc r1, r1, #0
+ ands r1, r1, #1
+ movne r5, r7
+ movne r4, r6
+ movne r3, r2
+ str r5, [r0, #12]
+ str r4, [r0, #16]
+ str r3, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end48:
+ .size mcl_fpDbl_add3L, .Lfunc_end48-mcl_fpDbl_add3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub3L
+ .align 2
+ .type mcl_fpDbl_sub3L,%function
+mcl_fpDbl_sub3L: @ @mcl_fpDbl_sub3L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r7, [r1]
+ ldr r11, [r2, #8]
+ ldr r9, [r2, #12]
+ ldr r10, [r2, #16]
+ ldr r8, [r2, #20]
+ ldmib r1, {r2, r5, r6}
+ ldr r4, [r1, #16]
+ ldr r1, [r1, #20]
+ subs r7, r7, r12
+ sbcs r2, r2, lr
+ str r7, [r0]
+ str r2, [r0, #4]
+ sbcs r2, r5, r11
+ ldr r5, [r3]
+ sbcs r7, r6, r9
+ str r2, [r0, #8]
+ mov r2, #0
+ sbcs r6, r4, r10
+ ldr r4, [r3, #4]
+ ldr r3, [r3, #8]
+ sbcs r1, r1, r8
+ sbc r2, r2, #0
+ adds r5, r7, r5
+ adcs r4, r6, r4
+ adc r3, r1, r3
+ ands r2, r2, #1
+ moveq r5, r7
+ moveq r4, r6
+ moveq r3, r1
+ str r5, [r0, #12]
+ str r4, [r0, #16]
+ str r3, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end49:
+ .size mcl_fpDbl_sub3L, .Lfunc_end49-mcl_fpDbl_sub3L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre4L
+ .align 2
+ .type mcl_fp_mulUnitPre4L,%function
+mcl_fp_mulUnitPre4L: @ @mcl_fp_mulUnitPre4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r1, [r1, #12]
+ umull r4, r6, r12, r2
+ umull r7, r12, lr, r2
+ str r4, [r0]
+ mov r5, r6
+ mov r4, r7
+ umlal r5, r4, r3, r2
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ umull r5, lr, r1, r2
+ umull r1, r4, r3, r2
+ adds r1, r6, r1
+ adcs r1, r4, r7
+ adcs r1, r12, r5
+ str r1, [r0, #12]
+ adc r1, lr, #0
+ str r1, [r0, #16]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end50:
+ .size mcl_fp_mulUnitPre4L, .Lfunc_end50-mcl_fp_mulUnitPre4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre4L
+ .align 2
+ .type mcl_fpDbl_mulPre4L,%function
+mcl_fpDbl_mulPre4L: @ @mcl_fpDbl_mulPre4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #40
+ sub sp, sp, #40
+ mov lr, r2
+ ldr r11, [r1]
+ ldr r4, [lr]
+ ldmib r1, {r8, r12}
+ ldr r3, [r1, #12]
+ umull r2, r7, r11, r4
+ umull r6, r9, r8, r4
+ str r12, [sp] @ 4-byte Spill
+ adds r6, r7, r6
+ str r2, [sp, #36] @ 4-byte Spill
+ mov r2, r3
+ umull r6, r10, r12, r4
+ adcs r5, r9, r6
+ umlal r7, r6, r8, r4
+ umull r5, r9, r3, r4
+ ldr r3, [sp, #36] @ 4-byte Reload
+ ldr r4, [lr, #4]
+ adcs r10, r10, r5
+ str r3, [r0]
+ adc r3, r9, #0
+ str r3, [sp, #24] @ 4-byte Spill
+ umull r5, r3, r11, r4
+ adds r7, r5, r7
+ str r3, [sp, #32] @ 4-byte Spill
+ str r7, [sp, #36] @ 4-byte Spill
+ umull r7, r3, r8, r4
+ str r3, [sp, #28] @ 4-byte Spill
+ adcs r3, r7, r6
+ umull r7, r9, r12, r4
+ mov r12, r2
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs r7, r7, r10
+ umull r5, r10, r2, r4
+ ldr r2, [sp, #24] @ 4-byte Reload
+ mov r4, #0
+ adcs r5, r5, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r6, r3, r6
+ adcs r7, r7, r2
+ ldr r2, [lr, #12]
+ str r7, [sp, #24] @ 4-byte Spill
+ adcs r7, r5, r9
+ str r7, [sp, #20] @ 4-byte Spill
+ adc r7, r4, r10
+ ldr r4, [lr, #8]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #36] @ 4-byte Reload
+ str r7, [r0, #4]
+ umull r5, r7, r11, r4
+ adds r5, r5, r6
+ str r7, [sp, #12] @ 4-byte Spill
+ str r5, [r0, #8]
+ ldm r1, {r11, lr}
+ ldr r5, [r1, #8]
+ ldr r1, [r1, #12]
+ ldr r3, [sp, #24] @ 4-byte Reload
+ umull r6, r7, r1, r2
+ umull r10, r1, r5, r2
+ str r1, [sp, #32] @ 4-byte Spill
+ umull r5, r1, lr, r2
+ str r6, [sp, #8] @ 4-byte Spill
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ umull r6, r1, r11, r2
+ umull r2, r11, r12, r4
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp] @ 4-byte Reload
+ umull lr, r12, r1, r4
+ umull r9, r1, r8, r4
+ ldr r4, [sp, #20] @ 4-byte Reload
+ mov r8, #0
+ adcs r3, r9, r3
+ adcs r4, lr, r4
+ adcs r2, r2, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adc lr, r8, #0
+ adds r3, r3, r7
+ adcs r1, r4, r1
+ adcs r2, r2, r12
+ adc r4, lr, r11
+ adds r3, r6, r3
+ ldr r6, [sp, #4] @ 4-byte Reload
+ str r3, [r0, #12]
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r1, r5, r1
+ adcs r2, r10, r2
+ adcs r3, r3, r4
+ adc r7, r8, #0
+ adds r1, r1, r6
+ str r1, [r0, #16]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [r0, #20]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r3, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adc r1, r7, r1
+ str r1, [r0, #28]
+ add sp, sp, #40
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end51:
+ .size mcl_fpDbl_mulPre4L, .Lfunc_end51-mcl_fpDbl_mulPre4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre4L
+ .align 2
+ .type mcl_fpDbl_sqrPre4L,%function
+mcl_fpDbl_sqrPre4L: @ @mcl_fpDbl_sqrPre4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r1, {r2, r3, r12}
+ ldr r8, [r1, #12]
+ umull r4, r6, r2, r2
+ umull r11, lr, r12, r2
+ str r4, [r0]
+ umull r10, r4, r8, r2
+ mov r7, r11
+ mov r5, r6
+ str lr, [sp, #12] @ 4-byte Spill
+ str r4, [sp, #8] @ 4-byte Spill
+ umull r4, r9, r3, r2
+ umlal r5, r7, r3, r2
+ adds r2, r6, r4
+ adcs r2, r9, r11
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r10, lr, r10
+ adc r2, r2, #0
+ adds r4, r4, r5
+ str r2, [sp] @ 4-byte Spill
+ umull r6, r2, r3, r3
+ str r4, [sp, #8] @ 4-byte Spill
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r5, r6, r7
+ umull r6, r7, r12, r3
+ adcs lr, r6, r10
+ umull r4, r10, r8, r3
+ adcs r3, r4, r2
+ ldr r2, [sp, #4] @ 4-byte Reload
+ mov r4, #0
+ adc r4, r4, #0
+ adds r5, r5, r9
+ adcs r9, lr, r2
+ adcs r2, r3, r7
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adc r4, r4, r10
+ adds r5, r11, r5
+ str r2, [sp, #4] @ 4-byte Spill
+ umull r2, r10, r8, r12
+ umull lr, r8, r12, r12
+ adcs r6, r6, r9
+ stmib r0, {r3, r5}
+ mov r5, #0
+ ldr r3, [sp, #4] @ 4-byte Reload
+ adcs r3, lr, r3
+ adcs r2, r2, r4
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r6, r6, r4
+ adcs r11, r3, r7
+ adcs lr, r2, r8
+ adc r8, r5, r10
+ ldr r5, [r1]
+ ldmib r1, {r4, r7}
+ ldr r1, [r1, #12]
+ umull r12, r2, r1, r1
+ umull r3, r9, r7, r1
+ umull r7, r10, r4, r1
+ str r2, [sp, #12] @ 4-byte Spill
+ umull r4, r2, r5, r1
+ adds r1, r4, r6
+ adcs r4, r7, r11
+ str r1, [r0, #12]
+ mov r7, #0
+ adcs r3, r3, lr
+ adcs r1, r12, r8
+ adc r7, r7, #0
+ adds r2, r4, r2
+ str r2, [r0, #16]
+ adcs r2, r3, r10
+ adcs r1, r1, r9
+ str r2, [r0, #20]
+ str r1, [r0, #24]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adc r1, r7, r1
+ str r1, [r0, #28]
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end52:
+ .size mcl_fpDbl_sqrPre4L, .Lfunc_end52-mcl_fpDbl_sqrPre4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont4L
+ .align 2
+ .type mcl_fp_mont4L,%function
+mcl_fp_mont4L: @ @mcl_fp_mont4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #76
+ sub sp, sp, #76
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r2, #8]
+ ldr r9, [r2]
+ ldr r8, [r2, #4]
+ ldr r6, [r3, #-4]
+ ldr r11, [r1, #8]
+ ldr r10, [r1, #12]
+ ldr r7, [r3, #8]
+ ldr r5, [r3, #4]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r2, #12]
+ ldr r2, [r1, #4]
+ str r6, [sp, #44] @ 4-byte Spill
+ str r7, [sp, #40] @ 4-byte Spill
+ str r5, [sp, #52] @ 4-byte Spill
+ str r11, [sp, #60] @ 4-byte Spill
+ str r10, [sp, #56] @ 4-byte Spill
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1]
+ ldr r1, [r3]
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r3, [r3, #12]
+ umull r4, r2, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ str r1, [sp, #48] @ 4-byte Spill
+ mul r0, r4, r6
+ str r4, [sp, #24] @ 4-byte Spill
+ mov r4, r5
+ umull lr, r6, r0, r7
+ umull r7, r12, r0, r1
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [sp, #72] @ 4-byte Reload
+ str r6, [sp, #16] @ 4-byte Spill
+ mov r6, r12
+ str lr, [sp, #8] @ 4-byte Spill
+ umlal r6, lr, r0, r5
+ umull r5, r1, r10, r9
+ str r1, [sp, #68] @ 4-byte Spill
+ str r5, [sp, #12] @ 4-byte Spill
+ umull r1, r10, r11, r9
+ umull r11, r5, r7, r9
+ adds r7, r2, r11
+ adcs r5, r5, r1
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r11, r10, r5
+ ldr r5, [sp, #68] @ 4-byte Reload
+ str r3, [sp, #68] @ 4-byte Spill
+ adc r5, r5, #0
+ str r5, [sp, #12] @ 4-byte Spill
+ umull r5, r7, r0, r3
+ umull r10, r3, r0, r4
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adds r0, r12, r10
+ mov r12, #0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ adc r3, r7, #0
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adds r4, r5, r4
+ umlal r2, r1, r7, r9
+ adcs r2, r6, r2
+ adcs r1, lr, r1
+ str r2, [sp, #24] @ 4-byte Spill
+ adcs r9, r0, r11
+ ldr r0, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ adcs r6, r3, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r3, r7
+ adc r10, r12, #0
+ umull r2, r12, r8, r7
+ ldr r7, [sp, #64] @ 4-byte Reload
+ umull r5, r4, r8, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ umull r1, lr, r8, r0
+ umull r11, r0, r8, r7
+ adds r2, r0, r2
+ adcs r2, r12, r1
+ umlal r0, r1, r8, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ ldr r8, [sp, #48] @ 4-byte Reload
+ adcs r2, lr, r5
+ adc r5, r4, #0
+ adds r7, r3, r11
+ ldr r3, [sp, #20] @ 4-byte Reload
+ ldr r11, [sp, #40] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r9, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r6, r2
+ str r0, [sp, #16] @ 4-byte Spill
+ adcs r0, r10, r5
+ ldr r10, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ mul r5, r7, r10
+ umull r6, r0, r5, r11
+ str r0, [sp] @ 4-byte Spill
+ umull r0, r3, r5, r8
+ mov r4, r6
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ mov r2, r3
+ umlal r2, r4, r5, r1
+ umull r9, r12, r5, r0
+ umull lr, r0, r5, r1
+ adds r3, r3, lr
+ adcs r0, r0, r6
+ ldr r3, [sp, #4] @ 4-byte Reload
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r0, r0, r9
+ adc r1, r12, #0
+ adds r3, r3, r7
+ ldr r12, [sp, #64] @ 4-byte Reload
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r2, r2, r3
+ ldr r3, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ umull r9, r7, r3, r12
+ adcs r2, r4, r2
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ umull r6, r5, r3, r0
+ umull r0, r4, r3, r1
+ umull r1, lr, r3, r2
+ adds r1, r7, r1
+ adcs r1, lr, r0
+ umlal r7, r0, r3, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r1, r4, r6
+ adc r6, r5, #0
+ adds r3, r2, r9
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r7
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r6
+ mul r6, r3, r10
+ str r0, [sp, #16] @ 4-byte Spill
+ mov r0, #0
+ umull r7, r9, r6, r11
+ umull r10, r4, r6, r8
+ adc r0, r0, #0
+ mov r2, r4
+ mov r5, r7
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ umlal r2, r5, r6, r1
+ umull r8, r12, r6, r0
+ umull lr, r0, r6, r1
+ adds r6, r4, lr
+ adcs r0, r0, r7
+ adcs r0, r9, r8
+ adc r1, r12, #0
+ adds r3, r10, r3
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r2, r2, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r8, r5, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r9, r0, r2
+ ldr r0, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #72] @ 4-byte Reload
+ umull lr, r7, r3, r5
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ umull r6, r10, r3, r0
+ umull r0, r4, r3, r1
+ umull r1, r12, r3, r2
+ adds r1, r7, r1
+ adcs r1, r12, r0
+ umlal r7, r0, r3, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ ldr r12, [sp, #68] @ 4-byte Reload
+ adcs r1, r4, r6
+ ldr r4, [sp, #40] @ 4-byte Reload
+ adc r6, r10, #0
+ adds lr, r2, lr
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r10, r8, r7
+ adcs r0, r9, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ adcs r0, r11, r1
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r8, r0, r6
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ mul r6, lr, r0
+ umull r1, r3, r6, r5
+ umull r11, r7, r6, r2
+ umull r0, r9, r6, r4
+ adds r1, r7, r1
+ adcs r1, r3, r0
+ umlal r7, r0, r6, r5
+ umull r1, r3, r6, r12
+ adcs r1, r9, r1
+ mov r9, r5
+ adc r5, r3, #0
+ adds r3, r11, lr
+ adcs r3, r7, r10
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r7
+ adcs lr, r5, r8
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adc r8, r5, #0
+ subs r6, r3, r2
+ sbcs r5, r0, r9
+ sbcs r4, r1, r4
+ sbcs r7, lr, r12
+ sbc r2, r8, #0
+ ands r2, r2, #1
+ movne r5, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ movne r6, r3
+ movne r4, r1
+ cmp r2, #0
+ movne r7, lr
+ str r6, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ str r7, [r0, #12]
+ add sp, sp, #76
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end53:
+ .size mcl_fp_mont4L, .Lfunc_end53-mcl_fp_mont4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF4L
+ .align 2
+ .type mcl_fp_montNF4L,%function
+mcl_fp_montNF4L: @ @mcl_fp_montNF4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #140
+ sub sp, sp, #140
+ mov r10, r3
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr lr, [r1]
+ ldmib r1, {r4, r8, r12}
+ ldr r3, [r2]
+ ldr r1, [r2, #4]
+ ldr r0, [r2, #8]
+ ldr r2, [r2, #12]
+ umull r6, r5, r2, r8
+ str r5, [sp, #124] @ 4-byte Spill
+ umull r5, r7, r2, lr
+ str r6, [sp, #112] @ 4-byte Spill
+ str r5, [sp, #128] @ 4-byte Spill
+ mov r5, r6
+ mov r6, r7
+ str r7, [sp, #108] @ 4-byte Spill
+ umlal r6, r5, r2, r4
+ str r5, [sp, #120] @ 4-byte Spill
+ umull r7, r5, r0, r8
+ str r6, [sp, #116] @ 4-byte Spill
+ str r5, [sp, #84] @ 4-byte Spill
+ umull r5, r6, r0, lr
+ str r7, [sp, #72] @ 4-byte Spill
+ str r5, [sp, #88] @ 4-byte Spill
+ str r6, [sp, #68] @ 4-byte Spill
+ mov r5, r6
+ mov r6, r7
+ umlal r5, r6, r0, r4
+ str r5, [sp, #76] @ 4-byte Spill
+ str r6, [sp, #80] @ 4-byte Spill
+ umull r6, r5, r1, r8
+ str r5, [sp, #44] @ 4-byte Spill
+ umull r5, r7, r1, lr
+ str r6, [sp, #32] @ 4-byte Spill
+ str r5, [sp, #48] @ 4-byte Spill
+ mov r5, r6
+ mov r6, r7
+ str r7, [sp, #28] @ 4-byte Spill
+ umlal r6, r5, r1, r4
+ str r5, [sp, #40] @ 4-byte Spill
+ umull r9, r5, r8, r3
+ str r6, [sp, #36] @ 4-byte Spill
+ str r5, [sp, #136] @ 4-byte Spill
+ umull r6, r5, lr, r3
+ mov r8, r9
+ str r6, [sp, #4] @ 4-byte Spill
+ umull r11, r6, r2, r12
+ mov lr, r5
+ str r6, [sp, #104] @ 4-byte Spill
+ umull r7, r6, r2, r4
+ umlal lr, r8, r4, r3
+ str r11, [sp, #100] @ 4-byte Spill
+ str r6, [sp, #96] @ 4-byte Spill
+ umull r6, r2, r0, r12
+ str r7, [sp, #92] @ 4-byte Spill
+ str r6, [sp, #60] @ 4-byte Spill
+ str r2, [sp, #64] @ 4-byte Spill
+ umull r6, r2, r0, r4
+ str r2, [sp, #56] @ 4-byte Spill
+ umull r2, r0, r1, r12
+ str r6, [sp, #52] @ 4-byte Spill
+ str r2, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r2, r0, r1, r4
+ str r2, [sp, #12] @ 4-byte Spill
+ umull r2, r6, r4, r3
+ str r0, [sp, #16] @ 4-byte Spill
+ umull r0, r1, r12, r3
+ ldr r4, [r10, #4]
+ adds r2, r5, r2
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r2, r6, r9
+ ldr r9, [r10, #8]
+ ldr r2, [sp, #136] @ 4-byte Reload
+ str r4, [sp, #136] @ 4-byte Spill
+ adcs r12, r2, r0
+ ldr r2, [r10, #-4]
+ adc r0, r1, #0
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [r10]
+ mul r1, r5, r2
+ mov r7, r2
+ umull r3, r11, r1, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ mov r6, r0
+ umull r2, r0, r1, r9
+ adds r3, r3, r5
+ umull r3, r5, r1, r4
+ adcs r3, r3, lr
+ ldr lr, [r10, #12]
+ adcs r2, r2, r8
+ umull r4, r8, r1, lr
+ adcs r1, r4, r12
+ ldr r4, [sp] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r3, r3, r11
+ adcs r2, r2, r5
+ adcs r12, r1, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r1, r4, r8
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adds r4, r0, r4
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adcs r4, r4, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r5, r0, #0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adds r3, r0, r3
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r2, r0, r2
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r12
+ mov r12, r7
+ adcs r8, r4, r1
+ ldr r1, [sp, #136] @ 4-byte Reload
+ adc r10, r5, #0
+ mul r5, r3, r7
+ umull r7, r11, r5, r6
+ adds r3, r7, r3
+ umull r3, r7, r5, r1
+ adcs r2, r3, r2
+ umull r3, r4, r5, r9
+ adcs r0, r3, r0
+ umull r3, r6, r5, lr
+ adcs r3, r3, r8
+ ldr r8, [sp, #8] @ 4-byte Reload
+ adc r5, r10, #0
+ adds r2, r2, r11
+ adcs r0, r0, r7
+ adcs r3, r3, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adc r7, r5, r6
+ ldr r5, [sp, #52] @ 4-byte Reload
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adds r4, r4, r5
+ ldr r5, [sp, #56] @ 4-byte Reload
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r4, r5, r4
+ ldr r5, [sp, #60] @ 4-byte Reload
+ ldr r4, [sp, #84] @ 4-byte Reload
+ adcs r4, r4, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r2, r6, r2
+ ldr r6, [sp, #76] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #80] @ 4-byte Reload
+ adcs r3, r6, r3
+ adcs r6, r4, r7
+ adc r10, r5, #0
+ mul r5, r2, r12
+ umull r7, r11, r5, r8
+ adds r2, r7, r2
+ umull r2, r7, r5, r1
+ adcs r0, r2, r0
+ umull r2, r4, r5, r9
+ adcs r2, r2, r3
+ umull r3, r1, r5, lr
+ adcs r3, r3, r6
+ ldr r6, [sp, #128] @ 4-byte Reload
+ adc r5, r10, #0
+ adds r0, r0, r11
+ adcs r2, r2, r7
+ adcs r3, r3, r4
+ ldr r4, [sp, #108] @ 4-byte Reload
+ adc r1, r5, r1
+ ldr r5, [sp, #92] @ 4-byte Reload
+ adds r4, r4, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r4, [sp, #112] @ 4-byte Reload
+ adcs r4, r5, r4
+ ldr r5, [sp, #100] @ 4-byte Reload
+ ldr r4, [sp, #124] @ 4-byte Reload
+ adcs r4, r4, r5
+ ldr r5, [sp, #104] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r0, r6, r0
+ ldr r6, [sp, #116] @ 4-byte Reload
+ adcs r2, r6, r2
+ ldr r6, [sp, #120] @ 4-byte Reload
+ adcs r3, r6, r3
+ adcs r11, r4, r1
+ adc r10, r5, #0
+ mul r5, r0, r12
+ umull r7, r1, r5, r8
+ adds r0, r7, r0
+ ldr r7, [sp, #136] @ 4-byte Reload
+ umull r0, r12, r5, r9
+ umull r6, r4, r5, r7
+ adcs r2, r6, r2
+ adcs r0, r0, r3
+ umull r3, r6, r5, lr
+ adcs r3, r3, r11
+ adc r5, r10, #0
+ adds r1, r2, r1
+ adcs r0, r0, r4
+ adcs r2, r3, r12
+ adc r3, r5, r6
+ subs r4, r1, r8
+ sbcs r7, r0, r7
+ sbcs r6, r2, r9
+ sbc r5, r3, lr
+ cmp r5, #0
+ movlt r7, r0
+ ldr r0, [sp, #132] @ 4-byte Reload
+ movlt r4, r1
+ movlt r6, r2
+ cmp r5, #0
+ movlt r5, r3
+ stm r0, {r4, r7}
+ str r6, [r0, #8]
+ str r5, [r0, #12]
+ add sp, sp, #140
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end54:
+ .size mcl_fp_montNF4L, .Lfunc_end54-mcl_fp_montNF4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed4L
+ .align 2
+ .type mcl_fp_montRed4L,%function
+mcl_fp_montRed4L: @ @mcl_fp_montRed4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ ldr r7, [r1, #4]
+ ldr r6, [r2, #-4]
+ ldr r10, [r1]
+ ldr r3, [r2, #8]
+ ldr r8, [r2]
+ ldr r12, [r2, #4]
+ ldr r2, [r2, #12]
+ str r0, [sp, #52] @ 4-byte Spill
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r1, #8]
+ str r6, [sp, #56] @ 4-byte Spill
+ str r3, [sp, #40] @ 4-byte Spill
+ str r2, [sp, #36] @ 4-byte Spill
+ str r8, [sp, #32] @ 4-byte Spill
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #12]
+ str r7, [sp, #44] @ 4-byte Spill
+ mul r7, r10, r6
+ umull r6, r5, r7, r3
+ str r5, [sp, #20] @ 4-byte Spill
+ mov r5, r3
+ umull r4, r3, r7, r8
+ mov lr, r6
+ str r4, [sp, #24] @ 4-byte Spill
+ umull r9, r4, r7, r2
+ umull r11, r2, r7, r12
+ mov r0, r3
+ adds r3, r3, r11
+ umlal r0, lr, r7, r12
+ adcs r2, r2, r6
+ ldr r6, [sp, #56] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r9
+ str r2, [sp, #20] @ 4-byte Spill
+ adc r2, r4, #0
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adds r4, r10, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ add r10, r1, #16
+ adcs r11, r2, r0
+ mul r4, r11, r6
+ umull r9, r0, r4, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r0, r2, r4, r8
+ mov r5, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ mov r7, r2
+ umlal r7, r5, r4, r12
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r1, r8, r10}
+ ldr r3, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, lr
+ ldr r3, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ str r3, [sp, #48] @ 4-byte Spill
+ adcs r1, r1, r0
+ adcs r0, r8, #0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r8, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r10, #0
+ ldr r10, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ umull r1, lr, r4, r10
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r3, r0, r4, r12
+ adds r3, r2, r3
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #40] @ 4-byte Reload
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adc r1, lr, #0
+ adds r2, r2, r11
+ adcs r11, r7, r0
+ mul r3, r11, r6
+ umull r2, r0, r3, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r0, r6, r3, r8
+ mov r7, r2
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ mov r4, r6
+ umlal r4, r7, r3, r12
+ adcs r0, r5, r0
+ ldr r5, [sp] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r1, r0
+ umull r1, r5, r3, r10
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ umull lr, r0, r3, r12
+ adds r3, r6, lr
+ mov lr, r8
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ ldr r3, [sp, #44] @ 4-byte Reload
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ adc r1, r5, #0
+ adds r2, r2, r11
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r2, r4, r2
+ adcs r3, r7, r3
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r3
+ mov r3, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mul r5, r2, r0
+ umull r4, r0, r5, r12
+ umull r8, r6, r5, lr
+ adds r4, r6, r4
+ umull r1, r4, r5, r3
+ adcs r0, r0, r1
+ umlal r6, r1, r5, r12
+ umull r0, r7, r5, r10
+ adcs r0, r4, r0
+ ldr r4, [sp, #44] @ 4-byte Reload
+ adc r5, r7, #0
+ adds r2, r8, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r2, r6, r2
+ adcs r1, r1, r4
+ ldr r4, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r9, r5, r4
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adc r8, r4, #0
+ subs r6, r2, lr
+ sbcs r5, r1, r12
+ sbcs r4, r0, r3
+ sbcs r7, r9, r10
+ sbc r3, r8, #0
+ ands r3, r3, #1
+ movne r4, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ movne r6, r2
+ movne r5, r1
+ cmp r3, #0
+ movne r7, r9
+ str r6, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ str r7, [r0, #12]
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end55:
+ .size mcl_fp_montRed4L, .Lfunc_end55-mcl_fp_montRed4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre4L
+ .align 2
+ .type mcl_fp_addPre4L,%function
+mcl_fp_addPre4L: @ @mcl_fp_addPre4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldm r1, {r3, r12, lr}
+ ldr r1, [r1, #12]
+ ldm r2, {r4, r5, r6}
+ ldr r2, [r2, #12]
+ adds r3, r4, r3
+ adcs r5, r5, r12
+ adcs r6, r6, lr
+ adcs r1, r2, r1
+ stm r0, {r3, r5, r6}
+ str r1, [r0, #12]
+ mov r0, #0
+ adc r0, r0, #0
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end56:
+ .size mcl_fp_addPre4L, .Lfunc_end56-mcl_fp_addPre4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre4L
+ .align 2
+ .type mcl_fp_subPre4L,%function
+mcl_fp_subPre4L: @ @mcl_fp_subPre4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldm r2, {r3, r12, lr}
+ ldr r2, [r2, #12]
+ ldm r1, {r4, r5, r6}
+ ldr r1, [r1, #12]
+ subs r3, r4, r3
+ sbcs r5, r5, r12
+ sbcs r6, r6, lr
+ sbcs r1, r1, r2
+ stm r0, {r3, r5, r6}
+ str r1, [r0, #12]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end57:
+ .size mcl_fp_subPre4L, .Lfunc_end57-mcl_fp_subPre4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_4L
+ .align 2
+ .type mcl_fp_shr1_4L,%function
+mcl_fp_shr1_4L: @ @mcl_fp_shr1_4L
+ .fnstart
+@ BB#0:
+ .save {r11, lr}
+ push {r11, lr}
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr lr, [r1, #12]
+ ldr r2, [r1, #8]
+ lsrs r1, r3, #1
+ lsr r3, r3, #1
+ rrx r12, r12
+ lsrs r1, lr, #1
+ orr r3, r3, r2, lsl #31
+ rrx r1, r2
+ lsr r2, lr, #1
+ str r12, [r0]
+ str r3, [r0, #4]
+ str r1, [r0, #8]
+ str r2, [r0, #12]
+ pop {r11, lr}
+ mov pc, lr
+.Lfunc_end58:
+ .size mcl_fp_shr1_4L, .Lfunc_end58-mcl_fp_shr1_4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add4L
+ .align 2
+ .type mcl_fp_add4L,%function
+mcl_fp_add4L: @ @mcl_fp_add4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldm r1, {r12, lr}
+ ldr r4, [r1, #8]
+ ldr r1, [r1, #12]
+ ldm r2, {r5, r6, r7}
+ ldr r2, [r2, #12]
+ adds r5, r5, r12
+ adcs r6, r6, lr
+ adcs r7, r7, r4
+ stm r0, {r5, r6, r7}
+ adcs r4, r2, r1
+ mov r1, #0
+ ldr r2, [r3]
+ adc lr, r1, #0
+ str r4, [r0, #12]
+ ldmib r3, {r1, r12}
+ ldr r3, [r3, #12]
+ subs r5, r5, r2
+ sbcs r2, r6, r1
+ sbcs r1, r7, r12
+ sbcs r12, r4, r3
+ sbc r3, lr, #0
+ tst r3, #1
+ streq r5, [r0]
+ streq r2, [r0, #4]
+ streq r1, [r0, #8]
+ streq r12, [r0, #12]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end59:
+ .size mcl_fp_add4L, .Lfunc_end59-mcl_fp_add4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF4L
+ .align 2
+ .type mcl_fp_addNF4L,%function
+mcl_fp_addNF4L: @ @mcl_fp_addNF4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldm r1, {r12, lr}
+ ldr r4, [r1, #8]
+ ldr r1, [r1, #12]
+ ldm r2, {r5, r6, r7}
+ ldr r2, [r2, #12]
+ adds r5, r5, r12
+ adcs r6, r6, lr
+ adcs r7, r7, r4
+ adc r8, r2, r1
+ ldm r3, {r2, r4, r12, lr}
+ subs r2, r5, r2
+ sbcs r4, r6, r4
+ sbcs r3, r7, r12
+ sbc r1, r8, lr
+ cmp r1, #0
+ movlt r2, r5
+ movlt r4, r6
+ movlt r3, r7
+ cmp r1, #0
+ movlt r1, r8
+ stm r0, {r2, r4}
+ str r3, [r0, #8]
+ str r1, [r0, #12]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end60:
+ .size mcl_fp_addNF4L, .Lfunc_end60-mcl_fp_addNF4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub4L
+ .align 2
+ .type mcl_fp_sub4L,%function
+mcl_fp_sub4L: @ @mcl_fp_sub4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldm r2, {r12, lr}
+ ldr r4, [r2, #8]
+ ldr r5, [r2, #12]
+ ldm r1, {r2, r6, r7}
+ ldr r1, [r1, #12]
+ subs r8, r2, r12
+ sbcs r2, r6, lr
+ str r8, [r0]
+ sbcs r12, r7, r4
+ sbcs lr, r1, r5
+ mov r1, #0
+ sbc r1, r1, #0
+ stmib r0, {r2, r12, lr}
+ tst r1, #1
+ popeq {r4, r5, r6, r7, r8, lr}
+ moveq pc, lr
+ ldm r3, {r1, r4, r5}
+ ldr r3, [r3, #12]
+ adds r1, r1, r8
+ adcs r2, r4, r2
+ adcs r7, r5, r12
+ adc r3, r3, lr
+ stm r0, {r1, r2, r7}
+ str r3, [r0, #12]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end61:
+ .size mcl_fp_sub4L, .Lfunc_end61-mcl_fp_sub4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF4L
+ .align 2
+ .type mcl_fp_subNF4L,%function
+mcl_fp_subNF4L: @ @mcl_fp_subNF4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldm r2, {r12, lr}
+ ldr r4, [r2, #8]
+ ldr r2, [r2, #12]
+ ldm r1, {r5, r6, r7}
+ ldr r1, [r1, #12]
+ subs r5, r5, r12
+ sbcs r6, r6, lr
+ sbcs r8, r7, r4
+ sbc r1, r1, r2
+ ldm r3, {r2, r4, r12, lr}
+ adds r2, r5, r2
+ adcs r4, r6, r4
+ adcs r3, r8, r12
+ adc r7, r1, lr
+ cmp r1, #0
+ movge r2, r5
+ movge r4, r6
+ movge r3, r8
+ cmp r1, #0
+ movge r7, r1
+ stm r0, {r2, r4}
+ str r3, [r0, #8]
+ str r7, [r0, #12]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end62:
+ .size mcl_fp_subNF4L, .Lfunc_end62-mcl_fp_subNF4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add4L
+ .align 2
+ .type mcl_fpDbl_add4L,%function
+mcl_fpDbl_add4L: @ @mcl_fpDbl_add4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r1, {r8, r9, r10, r11}
+ ldr r7, [r1, #16]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r1, #24]
+ ldr r1, [r1, #28]
+ str r7, [sp, #8] @ 4-byte Spill
+ str r1, [sp, #12] @ 4-byte Spill
+ ldm r2, {r1, r6, r7, r12, lr}
+ ldr r4, [r2, #20]
+ ldr r5, [r2, #24]
+ ldr r2, [r2, #28]
+ adds r1, r1, r8
+ adcs r6, r6, r9
+ adcs r7, r7, r10
+ adcs r12, r12, r11
+ stm r0, {r1, r6, r7, r12}
+ mov r1, #0
+ ldr r7, [sp] @ 4-byte Reload
+ ldr r6, [sp, #4] @ 4-byte Reload
+ adcs r7, lr, r7
+ adcs r6, r4, r6
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r8, r5, r4
+ ldr r5, [sp, #12] @ 4-byte Reload
+ ldr r4, [r3]
+ adcs lr, r2, r5
+ adc r12, r1, #0
+ ldmib r3, {r1, r2, r3}
+ subs r4, r7, r4
+ sbcs r1, r6, r1
+ sbcs r2, r8, r2
+ sbcs r3, lr, r3
+ sbc r5, r12, #0
+ ands r5, r5, #1
+ movne r4, r7
+ movne r1, r6
+ movne r2, r8
+ cmp r5, #0
+ movne r3, lr
+ str r4, [r0, #16]
+ str r1, [r0, #20]
+ str r2, [r0, #24]
+ str r3, [r0, #28]
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end63:
+ .size mcl_fpDbl_add4L, .Lfunc_end63-mcl_fpDbl_add4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub4L
+ .align 2
+ .type mcl_fpDbl_sub4L,%function
+mcl_fpDbl_sub4L: @ @mcl_fpDbl_sub4L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r2, {r8, r9, r10, r11}
+ ldr r7, [r2, #16]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r2, #28]
+ str r7, [sp, #8] @ 4-byte Spill
+ str r2, [sp, #12] @ 4-byte Spill
+ ldm r1, {r2, r6, r7, r12, lr}
+ ldr r4, [r1, #20]
+ ldr r5, [r1, #24]
+ ldr r1, [r1, #28]
+ subs r2, r2, r8
+ str r2, [r0]
+ sbcs r2, r6, r9
+ ldr r6, [sp, #4] @ 4-byte Reload
+ str r2, [r0, #4]
+ sbcs r2, r7, r10
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #8]
+ sbcs r2, r12, r11
+ str r2, [r0, #12]
+ mov r2, #0
+ sbcs r7, lr, r7
+ sbcs r6, r4, r6
+ ldr r4, [sp, #8] @ 4-byte Reload
+ sbcs r5, r5, r4
+ ldr r4, [sp, #12] @ 4-byte Reload
+ sbcs lr, r1, r4
+ ldr r4, [r3]
+ ldr r1, [r3, #8]
+ sbc r12, r2, #0
+ ldr r2, [r3, #4]
+ ldr r3, [r3, #12]
+ adds r4, r7, r4
+ adcs r2, r6, r2
+ adcs r1, r5, r1
+ adc r3, lr, r3
+ ands r12, r12, #1
+ moveq r4, r7
+ moveq r2, r6
+ moveq r1, r5
+ cmp r12, #0
+ moveq r3, lr
+ str r4, [r0, #16]
+ str r2, [r0, #20]
+ str r1, [r0, #24]
+ str r3, [r0, #28]
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end64:
+ .size mcl_fpDbl_sub4L, .Lfunc_end64-mcl_fpDbl_sub4L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre5L
+ .align 2
+ .type mcl_fp_mulUnitPre5L,%function
+mcl_fp_mulUnitPre5L: @ @mcl_fp_mulUnitPre5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r10, [r1, #12]
+ ldr r8, [r1, #16]
+ umull r4, r9, lr, r2
+ umull r1, r6, r12, r2
+ mov r7, r6
+ mov r5, r4
+ umlal r7, r5, r3, r2
+ stm r0, {r1, r7}
+ str r5, [r0, #8]
+ umull r5, r7, r3, r2
+ umull r1, r12, r10, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r1, r9, r1
+ str r1, [r0, #12]
+ umull r1, r3, r8, r2
+ adcs r1, r12, r1
+ str r1, [r0, #16]
+ adc r1, r3, #0
+ str r1, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end65:
+ .size mcl_fp_mulUnitPre5L, .Lfunc_end65-mcl_fp_mulUnitPre5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre5L
+ .align 2
+ .type mcl_fpDbl_mulPre5L,%function
+mcl_fpDbl_mulPre5L: @ @mcl_fpDbl_mulPre5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #36
+ sub sp, sp, #36
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r3, [r2]
+ ldm r1, {r12, lr}
+ ldr r9, [r1, #8]
+ ldr r10, [r1, #12]
+ umull r5, r4, r12, r3
+ umull r6, r7, lr, r3
+ adds r6, r4, r6
+ str r5, [sp, #24] @ 4-byte Spill
+ umull r5, r6, r9, r3
+ adcs r7, r7, r5
+ umlal r4, r5, lr, r3
+ umull r7, r11, r10, r3
+ adcs r6, r6, r7
+ ldr r7, [r1, #16]
+ str r6, [sp, #28] @ 4-byte Spill
+ umull r6, r8, r7, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r11, r11, r6
+ ldr r6, [r2, #4]
+ str r3, [r0]
+ umull r3, r2, r12, r6
+ adc r12, r8, #0
+ adds r8, r3, r4
+ str r2, [sp, #24] @ 4-byte Spill
+ umull r3, r2, lr, r6
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r5, r3, r5
+ umull r3, lr, r10, r6
+ umull r4, r10, r9, r6
+ str r8, [r0, #4]
+ adcs r4, r4, r2
+ umull r2, r9, r7, r6
+ adcs r3, r3, r11
+ adcs r7, r2, r12
+ mov r2, #0
+ adc r6, r2, #0
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adds r5, r5, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r11, r4, r2
+ adcs r2, r3, r10
+ ldr r3, [sp, #32] @ 4-byte Reload
+ str r2, [sp, #16] @ 4-byte Spill
+ adcs r2, r7, lr
+ ldr r7, [r1]
+ str r2, [sp, #8] @ 4-byte Spill
+ adc r2, r6, r9
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [r3, #8]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldmib r1, {r8, lr}
+ ldr r6, [r1, #12]
+ umull r12, r4, r7, r2
+ adds r7, r12, r5
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r12, [r1, #16]
+ str r7, [sp, #20] @ 4-byte Spill
+ umull r5, r7, r8, r2
+ str r7, [sp, #4] @ 4-byte Spill
+ adcs r10, r5, r11
+ umull r5, r7, lr, r2
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r9, r5, r7
+ umull r4, r7, r6, r2
+ mov r5, #0
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #8] @ 4-byte Reload
+ adcs r4, r4, r7
+ umull r11, r7, r12, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r2, r11, r2
+ adc r11, r5, #0
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adds r5, r10, r5
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r5, r9, r5
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [sp] @ 4-byte Reload
+ adcs r4, r4, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adcs r10, r2, r5
+ adc r2, r11, r7
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r2, [r0, #8]
+ ldr r2, [r3, #12]
+ umull r11, r3, r6, r2
+ str r3, [sp, #20] @ 4-byte Spill
+ umull r6, r3, lr, r2
+ umull lr, r9, r8, r2
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [sp, #28] @ 4-byte Reload
+ umull r7, r8, r3, r2
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adds r3, r7, r3
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r5, lr, r3
+ mov r3, #0
+ adcs r6, r6, r4
+ umull r4, lr, r12, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r7, r11, r10
+ adcs r2, r4, r2
+ adc r3, r3, #0
+ adds r10, r5, r8
+ adcs r11, r6, r9
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adcs r7, r7, r6
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r7
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r2, [r0, #12]
+ adc r2, r3, lr
+ ldr r3, [r1]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ ldr r4, [r2, #16]
+ ldmib r1, {r2, r5, r6}
+ ldr r1, [r1, #16]
+ umull lr, r9, r6, r4
+ umull r6, r8, r5, r4
+ umull r5, r7, r2, r4
+ umull r2, r12, r3, r4
+ adds r10, r2, r10
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r3, r5, r11
+ str r10, [r0, #16]
+ adcs r5, r6, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r6, lr, r2
+ umull r2, lr, r1, r4
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r2, r1
+ mov r2, #0
+ adc r2, r2, #0
+ adds r3, r3, r12
+ adcs r7, r5, r7
+ str r3, [r0, #20]
+ adcs r6, r6, r8
+ str r7, [r0, #24]
+ adcs r1, r1, r9
+ str r6, [r0, #28]
+ adc r2, r2, lr
+ str r1, [r0, #32]
+ str r2, [r0, #36]
+ add sp, sp, #36
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end66:
+ .size mcl_fpDbl_mulPre5L, .Lfunc_end66-mcl_fpDbl_mulPre5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre5L
+ .align 2
+ .type mcl_fpDbl_sqrPre5L,%function
+mcl_fpDbl_sqrPre5L: @ @mcl_fpDbl_sqrPre5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #32
+ sub sp, sp, #32
+ ldm r1, {r2, r3, r12}
+ ldr lr, [r1, #16]
+ ldr r9, [r1, #12]
+ umull r5, r6, r2, r2
+ umull r7, r11, r3, r2
+ str r5, [r0]
+ umull r5, r4, lr, r2
+ adds r8, r6, r7
+ str r5, [sp, #24] @ 4-byte Spill
+ umull r5, r10, r12, r2
+ str r4, [sp, #28] @ 4-byte Spill
+ adcs r4, r11, r5
+ umlal r6, r5, r3, r2
+ umull r4, r8, r9, r2
+ adcs r10, r10, r4
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs r8, r8, r4
+ ldr r4, [sp, #28] @ 4-byte Reload
+ adc r4, r4, #0
+ str r4, [sp, #24] @ 4-byte Spill
+ umull r2, r4, r3, r3
+ str r4, [sp, #28] @ 4-byte Spill
+ adds r4, r7, r6
+ str r4, [sp, #16] @ 4-byte Spill
+ adcs r5, r2, r5
+ umull r2, r4, r12, r3
+ str r4, [sp, #12] @ 4-byte Spill
+ adcs r4, r2, r10
+ umull r2, r6, r9, r3
+ adcs r2, r2, r8
+ umull r7, r8, lr, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r7, r7, r3
+ mov r3, #0
+ adc r3, r3, #0
+ adds r5, r5, r11
+ str r5, [sp, #24] @ 4-byte Spill
+ ldr r5, [sp, #28] @ 4-byte Reload
+ adcs r4, r4, r5
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [sp, #16] @ 4-byte Reload
+ str r4, [r0, #4]
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r4
+ str r2, [sp, #12] @ 4-byte Spill
+ adcs r2, r7, r6
+ str r2, [sp, #8] @ 4-byte Spill
+ adc r2, r3, r8
+ str r2, [sp, #4] @ 4-byte Spill
+ umull r11, r2, lr, r12
+ umull lr, r10, r12, r12
+ str r2, [sp, #28] @ 4-byte Spill
+ ldm r1, {r4, r6}
+ ldr r2, [r1, #12]
+ ldr r7, [sp, #24] @ 4-byte Reload
+ umull r8, r3, r2, r12
+ str r3, [sp, #16] @ 4-byte Spill
+ umull r5, r3, r6, r12
+ str r3, [sp] @ 4-byte Spill
+ umull r3, r9, r4, r12
+ adds r3, r3, r7
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r5, r5, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r12, lr, r3
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r7, r8, r3
+ ldr r3, [sp, #4] @ 4-byte Reload
+ adcs lr, r11, r3
+ mov r3, #0
+ adc r11, r3, #0
+ ldr r3, [sp] @ 4-byte Reload
+ adds r5, r5, r9
+ adcs r12, r12, r3
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r9, r7, r10
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r8, lr, r3
+ adc r11, r11, r7
+ umull r7, r3, r4, r2
+ adds r7, r7, r5
+ str r3, [sp, #20] @ 4-byte Spill
+ umull r5, r3, r6, r2
+ ldr r6, [r1, #8]
+ str r3, [sp, #16] @ 4-byte Spill
+ adcs r10, r5, r12
+ ldr r3, [sp, #24] @ 4-byte Reload
+ ldr r5, [r1, #16]
+ str r7, [sp, #28] @ 4-byte Spill
+ umull r4, lr, r6, r2
+ adcs r12, r4, r9
+ ldr r4, [sp, #20] @ 4-byte Reload
+ umull r7, r9, r2, r2
+ str r3, [r0, #8]
+ adcs r7, r7, r8
+ umull r3, r8, r5, r2
+ adcs r2, r3, r11
+ mov r3, #0
+ adc r3, r3, #0
+ adds r11, r10, r4
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adcs r4, r12, r4
+ adcs r10, r7, lr
+ adcs r12, r2, r9
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adc r8, r3, r8
+ ldr r3, [r1]
+ str r2, [r0, #12]
+ ldr r2, [r1, #4]
+ ldr r1, [r1, #12]
+ umull r7, r9, r3, r5
+ adds lr, r7, r11
+ str lr, [r0, #16]
+ umull r7, r11, r2, r5
+ adcs r2, r7, r4
+ umull r4, r7, r6, r5
+ adcs r4, r4, r10
+ umull r6, r10, r1, r5
+ adcs r1, r6, r12
+ umull r6, r3, r5, r5
+ mov r5, #0
+ adcs r6, r6, r8
+ adc r5, r5, #0
+ adds r2, r2, r9
+ adcs r4, r4, r11
+ str r2, [r0, #20]
+ adcs r1, r1, r7
+ str r4, [r0, #24]
+ adcs r7, r6, r10
+ str r1, [r0, #28]
+ adc r3, r5, r3
+ str r7, [r0, #32]
+ str r3, [r0, #36]
+ add sp, sp, #32
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end67:
+ .size mcl_fpDbl_sqrPre5L, .Lfunc_end67-mcl_fpDbl_sqrPre5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont5L
+ .align 2
+ .type mcl_fp_mont5L,%function
+mcl_fp_mont5L: @ @mcl_fp_mont5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #100
+ sub sp, sp, #100
+ str r0, [sp, #52] @ 4-byte Spill
+ mov r0, r2
+ str r2, [sp, #48] @ 4-byte Spill
+ ldm r0, {r2, r8}
+ ldr r7, [r0, #8]
+ ldr r0, [r0, #12]
+ ldr r6, [r3, #-4]
+ ldr r5, [r3, #8]
+ ldr r9, [r3]
+ ldr r11, [r1, #8]
+ ldr r12, [r1, #12]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r1, #4]
+ ldr r1, [r1, #16]
+ str r6, [sp, #84] @ 4-byte Spill
+ str r5, [sp, #88] @ 4-byte Spill
+ str r9, [sp, #80] @ 4-byte Spill
+ str r11, [sp, #60] @ 4-byte Spill
+ str r12, [sp, #56] @ 4-byte Spill
+ umull r4, lr, r0, r2
+ str r0, [sp, #72] @ 4-byte Spill
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r3, #4]
+ str r1, [sp, #64] @ 4-byte Spill
+ mul r0, r4, r6
+ str r4, [sp, #36] @ 4-byte Spill
+ umull r6, r4, r0, r5
+ str r4, [sp, #28] @ 4-byte Spill
+ umull r4, r5, r0, r9
+ mov r10, r6
+ mov r9, r5
+ str r4, [sp, #32] @ 4-byte Spill
+ str r7, [sp, #76] @ 4-byte Spill
+ str r5, [sp, #12] @ 4-byte Spill
+ mov r4, r7
+ umlal r9, r10, r0, r7
+ umull r7, r5, r1, r2
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [sp, #96] @ 4-byte Reload
+ str r5, [sp, #92] @ 4-byte Spill
+ umull r5, r1, r12, r2
+ str r1, [sp, #20] @ 4-byte Spill
+ str r5, [sp, #24] @ 4-byte Spill
+ umull r12, r1, r11, r2
+ umull r11, r5, r7, r2
+ adds r7, lr, r11
+ adcs r5, r5, r12
+ ldr r5, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r5, r1
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r1, [sp, #68] @ 4-byte Spill
+ umull r7, r11, r0, r1
+ ldr r1, [r3, #12]
+ umull r3, r5, r0, r4
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adds r3, r4, r3
+ str r1, [sp, #92] @ 4-byte Spill
+ umull r3, r4, r0, r1
+ adcs r0, r5, r6
+ mov r1, #0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r3
+ adcs r3, r4, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ ldr r4, [sp, #32] @ 4-byte Reload
+ adc r5, r11, #0
+ umlal lr, r12, r7, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adds r2, r4, r2
+ adcs r2, r9, lr
+ ldr r9, [sp, #64] @ 4-byte Reload
+ str r2, [sp, #36] @ 4-byte Spill
+ adcs r2, r10, r12
+ ldr r10, [sp, #72] @ 4-byte Reload
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r5, r0
+ umull r5, lr, r8, r9
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r0, r1, #0
+ umull r6, r1, r8, r7
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ umull r12, r4, r8, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ umull r3, r2, r8, r0
+ umull r11, r0, r8, r10
+ ldr r10, [sp, #68] @ 4-byte Reload
+ adds r6, r0, r6
+ adcs r1, r1, r3
+ umlal r0, r3, r8, r7
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r1, r2, r12
+ adcs r2, r4, r5
+ adc r6, lr, #0
+ adds r8, r7, r11
+ ldr r7, [sp, #32] @ 4-byte Reload
+ adcs r11, r7, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ mul r4, r8, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r6, r1, r4, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #12] @ 4-byte Spill
+ umull r1, r5, r4, r0
+ mov r0, r6
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ mov r3, r5
+ umull r12, lr, r4, r1
+ umlal r3, r0, r4, r1
+ umull r1, r2, r4, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adds r5, r5, r12
+ adcs r6, lr, r6
+ umull r5, r12, r4, r10
+ adcs r1, r7, r1
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r2, r2, r5
+ adc r6, r12, #0
+ adds r7, r7, r8
+ ldr r8, [sp, #60] @ 4-byte Reload
+ adcs r3, r3, r11
+ ldr r11, [sp, #72] @ 4-byte Reload
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ umull r2, r1, r0, r9
+ ldr r9, [sp, #56] @ 4-byte Reload
+ umull r3, r12, r0, r8
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r2, [sp, #4] @ 4-byte Spill
+ mov r2, r0
+ umull r4, r5, r0, r9
+ umull r6, r7, r0, r1
+ umull lr, r0, r2, r11
+ adds r6, r0, r6
+ str lr, [sp, #8] @ 4-byte Spill
+ adcs r6, r7, r3
+ ldr r7, [sp, #4] @ 4-byte Reload
+ umlal r0, r3, r2, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r12, r12, r4
+ adcs r4, r5, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adc r7, r7, #0
+ adds r2, r1, r2
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r2, [sp] @ 4-byte Spill
+ adcs r0, r1, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ mul r4, r2, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r5, r1, r4, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #12] @ 4-byte Spill
+ mov r2, r5
+ umull r1, r7, r4, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r1, [sp, #16] @ 4-byte Spill
+ umull r6, r1, r4, r10
+ mov r3, r7
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r6, [sp, #4] @ 4-byte Spill
+ umlal r3, r2, r4, r0
+ umull r12, lr, r4, r1
+ umull r10, r1, r4, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adds r4, r7, r10
+ adcs r1, r1, r5
+ ldr r4, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp] @ 4-byte Reload
+ adcs r10, r0, r12
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r12, lr, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc lr, r0, #0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adds r6, r0, r1
+ ldr r0, [sp, #44] @ 4-byte Reload
+ umull r5, r1, r0, r4
+ mov r6, r0
+ str r1, [sp, #16] @ 4-byte Spill
+ umull r4, r1, r0, r9
+ str r5, [sp, #8] @ 4-byte Spill
+ umull r5, r9, r0, r8
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r4, [sp] @ 4-byte Spill
+ umull r4, r8, r0, r1
+ umull r7, r0, r6, r11
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [sp, #40] @ 4-byte Reload
+ adcs r11, r3, r7
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ str r2, [sp, #40] @ 4-byte Spill
+ adcs r10, r10, r3
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r12, r12, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r7, lr, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adc r2, r3, #0
+ adds r4, r0, r4
+ ldr r3, [sp, #4] @ 4-byte Reload
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r4, r8, r5
+ umlal r0, r5, r6, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r4, r9, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adc r8, r2, #0
+ adds lr, r11, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r9, r10, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r10, [sp, #92] @ 4-byte Reload
+ adcs r0, r12, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ mul r4, lr, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r12, r3, r4, r1
+ umull r7, r11, r4, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ umull r8, r6, r4, r0
+ mov r0, r7
+ mov r5, r6
+ adds r6, r6, r12
+ umlal r5, r0, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r3, r3, r7
+ umull r6, r12, r4, r1
+ umull r1, r2, r4, r10
+ adcs r1, r11, r1
+ adcs r2, r2, r6
+ adc r3, r12, #0
+ adds r7, r8, lr
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r7, r5, r7
+ adcs r0, r0, r9
+ ldr r9, [sp, #72] @ 4-byte Reload
+ str r7, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r5, [r0, #16]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ umull r4, r8, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ umull r7, r1, r5, r2
+ umull r12, lr, r5, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ umull r6, r3, r5, r0
+ umull r11, r0, r5, r9
+ ldr r9, [sp, #76] @ 4-byte Reload
+ adds r7, r0, r7
+ adcs r1, r1, r6
+ umlal r0, r6, r5, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r1, r3, r12
+ ldr r12, [sp, #80] @ 4-byte Reload
+ adcs r4, lr, r4
+ ldr lr, [sp, #88] @ 4-byte Reload
+ adc r3, r8, #0
+ adds r7, r2, r11
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ mul r4, r7, r0
+ umull r0, r1, r4, r9
+ umull r8, r3, r4, r12
+ adds r0, r3, r0
+ umull r5, r0, r4, lr
+ adcs r1, r1, r5
+ umlal r3, r5, r4, r9
+ umull r1, r6, r4, r10
+ adcs r10, r0, r1
+ umull r1, r0, r4, r2
+ mov r4, r9
+ adcs r1, r6, r1
+ ldr r6, [sp, #96] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r7, r8, r7
+ adcs r3, r3, r6
+ adcs r7, r5, r11
+ ldr r5, [sp, #72] @ 4-byte Reload
+ adcs r11, r10, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r8, r1, r5
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adc r9, r0, #0
+ subs r5, r3, r12
+ sbcs r4, r7, r4
+ sbcs r0, r11, lr
+ sbcs r6, r8, r1
+ sbcs r1, r10, r2
+ sbc r2, r9, #0
+ ands r2, r2, #1
+ movne r5, r3
+ ldr r3, [sp, #52] @ 4-byte Reload
+ movne r4, r7
+ movne r0, r11
+ cmp r2, #0
+ movne r6, r8
+ movne r1, r10
+ str r5, [r3]
+ str r4, [r3, #4]
+ str r0, [r3, #8]
+ str r6, [r3, #12]
+ str r1, [r3, #16]
+ add sp, sp, #100
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end68:
+ .size mcl_fp_mont5L, .Lfunc_end68-mcl_fp_mont5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF5L
+ .align 2
+ .type mcl_fp_montNF5L,%function
+mcl_fp_montNF5L: @ @mcl_fp_montNF5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #76
+ sub sp, sp, #76
+ str r2, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r2, {r4, r9, r10}
+ ldr r6, [r1, #4]
+ ldr r0, [r2, #12]
+ ldr r7, [r1]
+ ldr r5, [r1, #8]
+ ldr lr, [r3, #8]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ str r6, [sp, #32] @ 4-byte Spill
+ umull r2, r8, r6, r4
+ mov r11, r6
+ umull r6, r12, r7, r4
+ str r7, [sp, #56] @ 4-byte Spill
+ str r5, [sp, #48] @ 4-byte Spill
+ str lr, [sp, #36] @ 4-byte Spill
+ adds r7, r12, r2
+ umull r2, r7, r5, r4
+ adcs r5, r8, r2
+ umlal r12, r2, r11, r4
+ umull r5, r8, r0, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ adcs r0, r7, r5
+ ldr r5, [r3, #4]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ str r5, [sp, #60] @ 4-byte Spill
+ umull r1, r7, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ adcs r0, r8, r1
+ ldr r1, [r3]
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r7, #0
+ ldr r7, [r3, #-4]
+ str r0, [sp, #12] @ 4-byte Spill
+ str r1, [sp, #40] @ 4-byte Spill
+ mul r0, r6, r7
+ str r7, [sp, #72] @ 4-byte Spill
+ umull r8, r7, r0, r1
+ ldr r1, [r3, #12]
+ ldr r3, [r3, #16]
+ adds r6, r8, r6
+ umull r4, r8, r0, r5
+ str r7, [sp, #8] @ 4-byte Spill
+ umull r5, r7, r0, lr
+ ldr lr, [sp, #64] @ 4-byte Reload
+ adcs r6, r4, r12
+ adcs r5, r5, r2
+ str r1, [sp, #52] @ 4-byte Spill
+ umull r2, r4, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r3, [sp, #44] @ 4-byte Spill
+ adcs r2, r2, r1
+ umull r12, r1, r0, r3
+ ldr r0, [sp, #16] @ 4-byte Reload
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r0, r12, r0
+ adc r12, r3, #0
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adds r6, r6, r3
+ adcs r3, r5, r8
+ ldr r8, [sp, #56] @ 4-byte Reload
+ adcs r2, r2, r7
+ str r3, [sp, #16] @ 4-byte Spill
+ adcs r0, r0, r4
+ umull r7, r4, r9, r11
+ str r2, [sp, #12] @ 4-byte Spill
+ str r0, [sp, #8] @ 4-byte Spill
+ adc r0, r12, r1
+ ldr r12, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ umull r5, r1, r9, r8
+ adds r7, r1, r7
+ umull r2, r7, r9, r0
+ adcs r4, r4, r2
+ umlal r1, r2, r9, r11
+ ldr r11, [sp, #44] @ 4-byte Reload
+ umull r4, r0, r9, r12
+ adcs r4, r7, r4
+ umull r7, r3, r9, lr
+ ldr r9, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ adc r3, r3, #0
+ adds r7, r5, r6
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r6, r4, r5
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r3, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r5, r7, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ umull r4, r3, r5, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adds r7, r4, r7
+ ldr r4, [sp, #52] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ umull r7, r3, r5, r0
+ adcs r1, r7, r1
+ umull r7, r0, r5, r9
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp, #8] @ 4-byte Reload
+ str r0, [sp] @ 4-byte Spill
+ adcs r2, r7, r2
+ umull r7, r0, r5, r4
+ adcs r6, r7, r6
+ umull r7, r4, r5, r11
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adcs r7, r7, r5
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r1, r1, r3
+ ldr r3, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp] @ 4-byte Reload
+ adcs r1, r6, r1
+ adcs r0, r7, r0
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #8] @ 4-byte Spill
+ adc r11, r5, r4
+ str r0, [sp, #4] @ 4-byte Spill
+ umull r4, r0, r10, r8
+ ldr r8, [sp, #60] @ 4-byte Reload
+ umull r6, r5, r10, r7
+ adds r6, r0, r6
+ umull r1, r6, r10, r3
+ adcs r5, r5, r1
+ umlal r0, r1, r10, r7
+ umull r5, r2, r10, r12
+ adcs r12, r6, r5
+ umull r6, r5, r10, lr
+ mov lr, r7
+ adcs r2, r2, r6
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r6, r4, r6
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r10, r12, r4
+ adcs r2, r2, r11
+ ldr r11, [sp, #40] @ 4-byte Reload
+ str r2, [sp, #8] @ 4-byte Spill
+ adc r2, r5, #0
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #72] @ 4-byte Reload
+ mul r7, r6, r2
+ umull r4, r2, r7, r11
+ adds r6, r4, r6
+ str r2, [sp, #12] @ 4-byte Spill
+ umull r6, r2, r7, r8
+ str r2, [sp, #4] @ 4-byte Spill
+ adcs r0, r6, r0
+ umull r6, r2, r7, r9
+ ldr r9, [sp, #52] @ 4-byte Reload
+ adcs r1, r6, r1
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [sp, #8] @ 4-byte Reload
+ umull r6, r12, r7, r9
+ adcs r5, r6, r10
+ ldr r10, [sp, #44] @ 4-byte Reload
+ umull r6, r4, r7, r10
+ adcs r7, r6, r2
+ ldr r6, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ adc r6, r6, #0
+ adds r0, r0, r2
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ adcs r0, r7, r12
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ adc r0, r6, r4
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ umull r1, r5, r7, r3
+ mov r6, r1
+ umull r4, r2, r7, r0
+ mov r0, lr
+ mov r12, r2
+ umull r3, lr, r7, r0
+ umlal r12, r6, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adds r2, r2, r3
+ adcs r1, lr, r1
+ umull r1, r2, r7, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r5, r1
+ umull r3, r5, r7, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r2, r2, r3
+ adc r3, r5, #0
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adds r7, r4, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r12, r0
+ adcs r6, r6, r5
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp] @ 4-byte Reload
+ adcs r2, r2, r5
+ str r2, [sp, #20] @ 4-byte Spill
+ adc r2, r3, #0
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #72] @ 4-byte Reload
+ mul r5, r7, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ umull r4, lr, r5, r11
+ adds r7, r4, r7
+ umull r7, r12, r5, r8
+ adcs r0, r7, r0
+ umull r7, r3, r5, r2
+ adcs r6, r7, r6
+ umull r7, r2, r5, r9
+ adcs r1, r7, r1
+ umull r7, r4, r5, r10
+ ldr r5, [sp, #20] @ 4-byte Reload
+ adcs r7, r7, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r0, r0, lr
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r10, r6, r12
+ adcs lr, r1, r3
+ adcs r8, r7, r2
+ adc r9, r5, r4
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r7, [r0, #16]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ umull r3, r11, r7, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r5, r3
+ umull r12, r2, r7, r0
+ umull r6, r0, r7, r4
+ mov r1, r2
+ adds r2, r2, r6
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [sp, #68] @ 4-byte Reload
+ umlal r1, r5, r7, r4
+ umull r0, r2, r7, r3
+ umull r3, r4, r7, r6
+ adcs r0, r11, r0
+ adcs r2, r2, r3
+ adc r3, r4, #0
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adds r7, r12, r4
+ ldr r12, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r10
+ adcs r6, r5, lr
+ adcs r11, r0, r8
+ ldr r8, [sp, #40] @ 4-byte Reload
+ adcs r0, r2, r9
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ adc r0, r3, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r5, r7, r0
+ umull r4, r0, r5, r8
+ umull r3, lr, r5, r12
+ adds r7, r4, r7
+ ldr r4, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ adcs r1, r3, r1
+ ldr r9, [sp, #72] @ 4-byte Reload
+ umull r7, r0, r5, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r3, r7, r6
+ umull r6, r10, r5, r2
+ adcs r7, r6, r11
+ umull r6, r11, r5, r0
+ ldr r5, [sp, #68] @ 4-byte Reload
+ adcs r6, r6, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r1, r1, r9
+ adcs lr, r3, lr
+ ldr r3, [sp, #56] @ 4-byte Reload
+ adcs r9, r7, r3
+ adcs r10, r6, r10
+ adc r11, r5, r11
+ subs r6, r1, r8
+ sbcs r5, lr, r12
+ sbcs r4, r9, r4
+ sbcs r7, r10, r2
+ sbc r3, r11, r0
+ asr r0, r3, #31
+ cmp r0, #0
+ movlt r6, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ movlt r5, lr
+ movlt r4, r9
+ cmp r0, #0
+ movlt r7, r10
+ movlt r3, r11
+ str r6, [r1]
+ str r5, [r1, #4]
+ str r4, [r1, #8]
+ str r7, [r1, #12]
+ str r3, [r1, #16]
+ add sp, sp, #76
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end69:
+ .size mcl_fp_montNF5L, .Lfunc_end69-mcl_fp_montNF5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed5L
+ .align 2
+ .type mcl_fp_montRed5L,%function
+mcl_fp_montRed5L: @ @mcl_fp_montRed5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #84
+ sub sp, sp, #84
+ ldr r6, [r1, #4]
+ ldr r9, [r2, #-4]
+ ldr r4, [r1]
+ ldr r8, [r2, #8]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r2]
+ ldr r10, [r2, #4]
+ str r6, [sp, #48] @ 4-byte Spill
+ ldr r6, [r1, #8]
+ mul r5, r4, r9
+ str r4, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #72] @ 4-byte Spill
+ str r9, [sp, #64] @ 4-byte Spill
+ str r8, [sp, #68] @ 4-byte Spill
+ umull lr, r4, r5, r8
+ str r4, [sp, #40] @ 4-byte Spill
+ umull r4, r3, r5, r0
+ mov r12, lr
+ str r4, [sp, #44] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ ldr r2, [r2, #12]
+ mov r0, r3
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [r1, #12]
+ umlal r0, r12, r5, r10
+ str r4, [sp, #76] @ 4-byte Spill
+ str r2, [sp, #80] @ 4-byte Spill
+ str r6, [sp, #52] @ 4-byte Spill
+ umull r7, r6, r5, r4
+ str r6, [sp, #28] @ 4-byte Spill
+ umull r4, r6, r5, r2
+ umull r11, r2, r5, r10
+ str r7, [sp, #32] @ 4-byte Spill
+ adds r3, r3, r11
+ ldr r11, [r1, #36]
+ adcs r2, r2, lr
+ ldr r3, [sp, #24] @ 4-byte Reload
+ add lr, r1, #16
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r2, r2, r4
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r2, r6, r2
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adc r2, r2, #0
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adds r5, r3, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ ldr r3, [sp, #72] @ 4-byte Reload
+ adcs r2, r2, r0
+ mul r0, r2, r9
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r9, [r1, #28]
+ umull r6, r2, r0, r8
+ str r2, [sp, #40] @ 4-byte Spill
+ umull r2, r4, r0, r3
+ mov r5, r6
+ mov r8, r6
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #32]
+ mov r7, r4
+ umlal r7, r5, r0, r10
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm lr, {r1, r2, lr}
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r3, r6, r12
+ ldr r6, [sp, #52] @ 4-byte Reload
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r6, r6, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ str r6, [sp, #56] @ 4-byte Spill
+ adcs r1, r1, r3
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #36] @ 4-byte Spill
+ adcs r1, lr, #0
+ ldr lr, [sp, #76] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ adcs r1, r9, #0
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, #0
+ str r1, [sp, #24] @ 4-byte Spill
+ adcs r1, r11, #0
+ umull r6, r11, r0, lr
+ str r1, [sp, #20] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ umull r2, r3, r0, r1
+ umull r9, r1, r0, r10
+ adds r0, r4, r9
+ adcs r0, r1, r8
+ ldr r1, [sp, #44] @ 4-byte Reload
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r9, r0, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r6
+ ldr r6, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r11, r11, #0
+ adds r3, r1, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r0, r7, r0
+ mul r7, r0, r2
+ str r0, [sp, #12] @ 4-byte Spill
+ umull r8, r0, r7, r1
+ str r0, [sp, #4] @ 4-byte Spill
+ umull r3, r0, r7, r6
+ mov r12, r8
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [sp, #56] @ 4-byte Reload
+ mov r4, r0
+ umlal r4, r12, r7, r10
+ adcs r3, r5, r3
+ ldr r5, [sp, #40] @ 4-byte Reload
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adcs r3, r9, r3
+ str r3, [sp, #56] @ 4-byte Spill
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r3, r5, r3
+ str r3, [sp, #52] @ 4-byte Spill
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r3, r11, r3
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r3, r3, #0
+ str r3, [sp, #44] @ 4-byte Spill
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r3, r3, #0
+ str r3, [sp, #40] @ 4-byte Spill
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, #0
+ str r3, [sp, #36] @ 4-byte Spill
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adc r3, r3, #0
+ str r3, [sp, #32] @ 4-byte Spill
+ umull r5, r3, r7, lr
+ ldr lr, [sp, #80] @ 4-byte Reload
+ str r3, [sp, #28] @ 4-byte Spill
+ umull r9, r3, r7, r10
+ str r5, [sp, #24] @ 4-byte Spill
+ adds r0, r0, r9
+ adcs r0, r3, r8
+ ldr r3, [sp, #8] @ 4-byte Reload
+ ldr r0, [sp, #4] @ 4-byte Reload
+ umull r5, r11, r7, lr
+ adcs r9, r0, r5
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r8, r0, #0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adds r3, r3, r0
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r11, r4, r0
+ mul r7, r11, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ umull r3, r0, r7, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r1, r0, r7, r6
+ mov r5, r3
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ mov r4, r0
+ umlal r4, r5, r7, r10
+ adcs r1, r12, r1
+ umull r12, r6, r7, lr
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #76] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r8, r1
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, #0
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, #0
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #32] @ 4-byte Spill
+ umull r9, r1, r7, r2
+ str r1, [sp, #20] @ 4-byte Spill
+ umull r8, r1, r7, r10
+ adds r0, r0, r8
+ ldr r8, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r12
+ adcs r1, r6, r9
+ adc r7, r3, #0
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adds r3, r3, r11
+ ldr r3, [sp, #56] @ 4-byte Reload
+ adcs r12, r4, r3
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adcs r3, r5, r3
+ str r3, [sp, #56] @ 4-byte Spill
+ ldr r3, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ mul r4, r12, r0
+ umull r0, r1, r4, r10
+ umull r11, r5, r4, r8
+ adds r0, r5, r0
+ umull r6, r0, r4, r7
+ adcs r1, r1, r6
+ umlal r5, r6, r4, r10
+ umull r1, r3, r4, lr
+ adcs r9, r0, r1
+ umull r1, r0, r4, r2
+ adcs r1, r3, r1
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r2, r11, r12
+ ldr r2, [sp, #56] @ 4-byte Reload
+ adcs r2, r5, r2
+ adcs r3, r6, r3
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs lr, r9, r6
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r9, r1, r6
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adc r12, r0, #0
+ subs r5, r2, r8
+ sbcs r4, r3, r10
+ sbcs r0, lr, r7
+ sbcs r6, r9, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ sbcs r1, r11, r1
+ sbc r7, r12, #0
+ ands r7, r7, #1
+ movne r5, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ movne r4, r3
+ movne r0, lr
+ cmp r7, #0
+ movne r6, r9
+ movne r1, r11
+ str r5, [r2]
+ str r4, [r2, #4]
+ str r0, [r2, #8]
+ str r6, [r2, #12]
+ str r1, [r2, #16]
+ add sp, sp, #84
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end70:
+ .size mcl_fp_montRed5L, .Lfunc_end70-mcl_fp_montRed5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre5L
+ .align 2
+ .type mcl_fp_addPre5L,%function
+mcl_fp_addPre5L: @ @mcl_fp_addPre5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldm r2, {r3, r12, lr}
+ ldr r4, [r2, #12]
+ ldr r8, [r2, #16]
+ ldm r1, {r5, r6, r7}
+ ldr r2, [r1, #12]
+ ldr r1, [r1, #16]
+ adds r3, r3, r5
+ adcs r6, r12, r6
+ adcs r7, lr, r7
+ adcs r2, r4, r2
+ stm r0, {r3, r6, r7}
+ adcs r1, r8, r1
+ str r2, [r0, #12]
+ str r1, [r0, #16]
+ mov r0, #0
+ adc r0, r0, #0
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end71:
+ .size mcl_fp_addPre5L, .Lfunc_end71-mcl_fp_addPre5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre5L
+ .align 2
+ .type mcl_fp_subPre5L,%function
+mcl_fp_subPre5L: @ @mcl_fp_subPre5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldm r2, {r3, r12, lr}
+ ldr r4, [r2, #12]
+ ldr r8, [r2, #16]
+ ldm r1, {r5, r6, r7}
+ ldr r2, [r1, #12]
+ ldr r1, [r1, #16]
+ subs r3, r5, r3
+ sbcs r6, r6, r12
+ sbcs r7, r7, lr
+ sbcs r2, r2, r4
+ stm r0, {r3, r6, r7}
+ sbcs r1, r1, r8
+ str r2, [r0, #12]
+ str r1, [r0, #16]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end72:
+ .size mcl_fp_subPre5L, .Lfunc_end72-mcl_fp_subPre5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_5L
+ .align 2
+ .type mcl_fp_shr1_5L,%function
+mcl_fp_shr1_5L: @ @mcl_fp_shr1_5L
+ .fnstart
+@ BB#0:
+ .save {r4, lr}
+ push {r4, lr}
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr lr, [r1, #12]
+ ldr r2, [r1, #8]
+ ldr r1, [r1, #16]
+ lsrs r4, r3, #1
+ lsr r3, r3, #1
+ rrx r12, r12
+ lsrs r4, lr, #1
+ orr r3, r3, r2, lsl #31
+ lsr r4, lr, #1
+ rrx r2, r2
+ str r12, [r0]
+ str r3, [r0, #4]
+ orr r4, r4, r1, lsl #31
+ lsr r1, r1, #1
+ str r2, [r0, #8]
+ str r4, [r0, #12]
+ str r1, [r0, #16]
+ pop {r4, lr}
+ mov pc, lr
+.Lfunc_end73:
+ .size mcl_fp_shr1_5L, .Lfunc_end73-mcl_fp_shr1_5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add5L
+ .align 2
+ .type mcl_fp_add5L,%function
+mcl_fp_add5L: @ @mcl_fp_add5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r9, [r2, #8]
+ ldr r5, [r2, #12]
+ ldr r8, [r2, #16]
+ ldm r1, {r6, r7}
+ ldr r2, [r1, #8]
+ ldr r4, [r1, #12]
+ ldr r1, [r1, #16]
+ adds r6, r12, r6
+ adcs r7, lr, r7
+ adcs r2, r9, r2
+ stm r0, {r6, r7}
+ adcs r5, r5, r4
+ mov r4, #0
+ str r2, [r0, #8]
+ adcs r1, r8, r1
+ str r5, [r0, #12]
+ str r1, [r0, #16]
+ adc r8, r4, #0
+ ldm r3, {r4, r12, lr}
+ ldr r9, [r3, #12]
+ ldr r3, [r3, #16]
+ subs r6, r6, r4
+ sbcs r7, r7, r12
+ sbcs r2, r2, lr
+ sbcs r12, r5, r9
+ sbcs lr, r1, r3
+ sbc r1, r8, #0
+ tst r1, #1
+ stmeq r0!, {r6, r7}
+ stmeq r0, {r2, r12, lr}
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end74:
+ .size mcl_fp_add5L, .Lfunc_end74-mcl_fp_add5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF5L
+ .align 2
+ .type mcl_fp_addNF5L,%function
+mcl_fp_addNF5L: @ @mcl_fp_addNF5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldm r1, {r12, lr}
+ ldr r9, [r1, #8]
+ ldr r5, [r1, #12]
+ ldr r8, [r1, #16]
+ ldm r2, {r6, r7}
+ ldr r1, [r2, #8]
+ ldr r4, [r2, #12]
+ ldr r2, [r2, #16]
+ adds r6, r6, r12
+ adcs r10, r7, lr
+ adcs r9, r1, r9
+ adcs lr, r4, r5
+ ldr r4, [r3]
+ adc r12, r2, r8
+ ldmib r3, {r2, r5}
+ ldr r1, [r3, #12]
+ ldr r3, [r3, #16]
+ subs r4, r6, r4
+ sbcs r2, r10, r2
+ sbcs r5, r9, r5
+ sbcs r1, lr, r1
+ sbc r3, r12, r3
+ asr r7, r3, #31
+ cmp r7, #0
+ movlt r4, r6
+ movlt r2, r10
+ movlt r5, r9
+ cmp r7, #0
+ movlt r1, lr
+ movlt r3, r12
+ str r4, [r0]
+ str r2, [r0, #4]
+ str r5, [r0, #8]
+ str r1, [r0, #12]
+ str r3, [r0, #16]
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end75:
+ .size mcl_fp_addNF5L, .Lfunc_end75-mcl_fp_addNF5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub5L
+ .align 2
+ .type mcl_fp_sub5L,%function
+mcl_fp_sub5L: @ @mcl_fp_sub5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldm r2, {r8, r12, lr}
+ ldr r9, [r2, #12]
+ ldr r6, [r2, #16]
+ ldm r1, {r2, r7}
+ ldr r4, [r1, #8]
+ ldr r5, [r1, #12]
+ ldr r1, [r1, #16]
+ subs r8, r2, r8
+ sbcs r2, r7, r12
+ str r8, [r0]
+ sbcs r12, r4, lr
+ sbcs lr, r5, r9
+ sbcs r4, r1, r6
+ mov r1, #0
+ stmib r0, {r2, r12, lr}
+ sbc r1, r1, #0
+ str r4, [r0, #16]
+ tst r1, #1
+ popeq {r4, r5, r6, r7, r8, r9, r11, lr}
+ moveq pc, lr
+ ldm r3, {r1, r5, r6, r7}
+ ldr r3, [r3, #16]
+ adds r1, r1, r8
+ adcs r2, r5, r2
+ adcs r6, r6, r12
+ adcs r7, r7, lr
+ adc r3, r3, r4
+ stm r0, {r1, r2, r6, r7}
+ str r3, [r0, #16]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end76:
+ .size mcl_fp_sub5L, .Lfunc_end76-mcl_fp_sub5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF5L
+ .align 2
+ .type mcl_fp_subNF5L,%function
+mcl_fp_subNF5L: @ @mcl_fp_subNF5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r2, {r12, lr}
+ ldr r9, [r2, #8]
+ ldr r5, [r2, #12]
+ ldr r8, [r2, #16]
+ ldm r1, {r6, r7}
+ ldr r2, [r1, #8]
+ ldr r4, [r1, #12]
+ ldr r1, [r1, #16]
+ subs r11, r6, r12
+ sbcs r10, r7, lr
+ sbcs lr, r2, r9
+ add r9, r3, #8
+ sbcs r12, r4, r5
+ ldm r3, {r4, r5}
+ sbc r1, r1, r8
+ ldm r9, {r2, r8, r9}
+ asr r6, r1, #31
+ adds r4, r11, r4
+ adcs r5, r10, r5
+ adcs r2, lr, r2
+ adcs r3, r12, r8
+ adc r7, r1, r9
+ cmp r6, #0
+ movge r4, r11
+ movge r5, r10
+ movge r2, lr
+ cmp r6, #0
+ movge r3, r12
+ movge r7, r1
+ str r4, [r0]
+ str r5, [r0, #4]
+ str r2, [r0, #8]
+ str r3, [r0, #12]
+ str r7, [r0, #16]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end77:
+ .size mcl_fp_subNF5L, .Lfunc_end77-mcl_fp_subNF5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add5L
+ .align 2
+ .type mcl_fpDbl_add5L,%function
+mcl_fpDbl_add5L: @ @mcl_fpDbl_add5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldr r12, [r1]
+ ldr r9, [r1, #4]
+ ldr r8, [r1, #8]
+ ldr r10, [r1, #12]
+ ldmib r2, {r6, r7}
+ ldr r5, [r2, #16]
+ ldr r11, [r2]
+ ldr r4, [r2, #12]
+ str r5, [sp] @ 4-byte Spill
+ ldr r5, [r2, #20]
+ adds lr, r11, r12
+ ldr r11, [r2, #32]
+ add r12, r1, #16
+ adcs r6, r6, r9
+ add r9, r1, #28
+ adcs r7, r7, r8
+ str r5, [sp, #4] @ 4-byte Spill
+ ldr r5, [r2, #24]
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [r2, #28]
+ ldr r2, [r2, #36]
+ str r5, [sp, #16] @ 4-byte Spill
+ str r2, [sp, #8] @ 4-byte Spill
+ adcs r5, r4, r10
+ ldm r9, {r4, r8, r9}
+ ldm r12, {r1, r2, r12}
+ str lr, [r0]
+ stmib r0, {r6, r7}
+ ldr r7, [sp] @ 4-byte Reload
+ str r5, [r0, #12]
+ adcs r1, r7, r1
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r2, r7, r2
+ mov r7, #0
+ adcs r12, r1, r12
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r10, r1, r4
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r8, r11, r8
+ adcs lr, r1, r9
+ adc r1, r7, #0
+ ldr r7, [r3]
+ ldmib r3, {r4, r5, r6}
+ ldr r3, [r3, #16]
+ subs r7, r2, r7
+ sbcs r4, r12, r4
+ sbcs r5, r10, r5
+ sbcs r6, r8, r6
+ sbcs r3, lr, r3
+ sbc r1, r1, #0
+ ands r1, r1, #1
+ movne r7, r2
+ movne r4, r12
+ movne r5, r10
+ cmp r1, #0
+ movne r6, r8
+ movne r3, lr
+ str r7, [r0, #20]
+ str r4, [r0, #24]
+ str r5, [r0, #28]
+ str r6, [r0, #32]
+ str r3, [r0, #36]
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end78:
+ .size mcl_fpDbl_add5L, .Lfunc_end78-mcl_fpDbl_add5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub5L
+ .align 2
+ .type mcl_fpDbl_sub5L,%function
+mcl_fpDbl_sub5L: @ @mcl_fpDbl_sub5L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #32
+ sub sp, sp, #32
+ ldr r7, [r2, #32]
+ add r8, r1, #12
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r1, #36]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldmib r2, {r9, r10, r11}
+ ldr r7, [r2, #16]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ ldr r2, [r2]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldm r8, {r4, r5, r6, r7, r8}
+ ldm r1, {r1, r12, lr}
+ subs r1, r1, r2
+ sbcs r2, r12, r9
+ stm r0, {r1, r2}
+ sbcs r1, lr, r10
+ str r1, [r0, #8]
+ sbcs r1, r4, r11
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r1, [r0, #12]
+ ldr r1, [sp] @ 4-byte Reload
+ sbcs r1, r5, r1
+ ldr r5, [sp, #16] @ 4-byte Reload
+ sbcs r2, r6, r2
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r1, [r0, #16]
+ mov r1, #0
+ sbcs r7, r7, r6
+ ldr r6, [sp, #12] @ 4-byte Reload
+ sbcs r9, r8, r6
+ ldr r6, [sp, #24] @ 4-byte Reload
+ sbcs r8, r5, r6
+ ldr r6, [sp, #28] @ 4-byte Reload
+ ldr r5, [sp, #20] @ 4-byte Reload
+ sbcs lr, r5, r6
+ sbc r12, r1, #0
+ ldm r3, {r1, r4, r5, r6}
+ ldr r3, [r3, #16]
+ adds r1, r2, r1
+ adcs r4, r7, r4
+ adcs r5, r9, r5
+ adcs r6, r8, r6
+ adc r3, lr, r3
+ ands r12, r12, #1
+ moveq r1, r2
+ moveq r4, r7
+ moveq r5, r9
+ cmp r12, #0
+ moveq r6, r8
+ moveq r3, lr
+ str r1, [r0, #20]
+ str r4, [r0, #24]
+ str r5, [r0, #28]
+ str r6, [r0, #32]
+ str r3, [r0, #36]
+ add sp, sp, #32
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end79:
+ .size mcl_fpDbl_sub5L, .Lfunc_end79-mcl_fpDbl_sub5L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre6L
+ .align 2
+ .type mcl_fp_mulUnitPre6L,%function
+mcl_fp_mulUnitPre6L: @ @mcl_fp_mulUnitPre6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r11, [r1, #12]
+ ldr r9, [r1, #16]
+ ldr r8, [r1, #20]
+ umull r4, r10, lr, r2
+ umull r1, r7, r12, r2
+ mov r5, r7
+ mov r6, r4
+ umlal r5, r6, r3, r2
+ stm r0, {r1, r5, r6}
+ umull r5, r6, r3, r2
+ umull r1, r12, r11, r2
+ adds r3, r7, r5
+ adcs r3, r6, r4
+ adcs r1, r10, r1
+ str r1, [r0, #12]
+ umull r1, r3, r9, r2
+ adcs r1, r12, r1
+ str r1, [r0, #16]
+ umull r1, r7, r8, r2
+ adcs r1, r3, r1
+ str r1, [r0, #20]
+ adc r1, r7, #0
+ str r1, [r0, #24]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end80:
+ .size mcl_fp_mulUnitPre6L, .Lfunc_end80-mcl_fp_mulUnitPre6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre6L
+ .align 2
+ .type mcl_fpDbl_mulPre6L,%function
+mcl_fpDbl_mulPre6L: @ @mcl_fpDbl_mulPre6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #48
+ sub sp, sp, #48
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r3, [r2]
+ ldm r1, {r12, lr}
+ ldr r2, [r1, #8]
+ mov r8, r0
+ ldr r10, [r1, #12]
+ umull r0, r4, r12, r3
+ umull r6, r7, lr, r3
+ str r2, [sp, #24] @ 4-byte Spill
+ adds r6, r4, r6
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r5, r6, r2, r3
+ adcs r7, r7, r5
+ umlal r4, r5, lr, r3
+ umull r7, r11, r10, r3
+ adcs r0, r6, r7
+ ldr r7, [r1, #16]
+ str r0, [sp, #40] @ 4-byte Spill
+ umull r6, r0, r7, r3
+ adcs r2, r11, r6
+ ldr r6, [r1, #20]
+ str r2, [sp, #36] @ 4-byte Spill
+ umull r11, r2, r6, r3
+ adcs r0, r0, r11
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r2, r2, #0
+ str r2, [sp, #12] @ 4-byte Spill
+ str r0, [r8]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r3, [r0, #4]
+ umull r11, r9, r12, r3
+ adds r2, r11, r4
+ umull r4, r11, lr, r3
+ str r9, [sp, #28] @ 4-byte Spill
+ adcs lr, r4, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r2, [sp, #32] @ 4-byte Spill
+ umull r4, r2, r10, r3
+ str r2, [sp, #20] @ 4-byte Spill
+ umull r2, r10, r5, r3
+ ldr r5, [sp, #40] @ 4-byte Reload
+ adcs r2, r2, r5
+ ldr r5, [sp, #36] @ 4-byte Reload
+ adcs r4, r4, r5
+ umull r5, r9, r7, r3
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r5, r5, r7
+ umull r7, r12, r6, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r7, r7, r3
+ mov r3, #0
+ adc r6, r3, #0
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adds r3, lr, r3
+ adcs r2, r2, r11
+ adcs lr, r4, r10
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r10, r5, r4
+ ldr r4, [r1, #8]
+ adcs r11, r7, r9
+ ldr r9, [r1, #4]
+ adc r7, r6, r12
+ ldr r6, [r0, #8]
+ ldr r0, [r1]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r9, [sp, #8] @ 4-byte Spill
+ umull r12, r5, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ adds r0, r12, r3
+ str r7, [r8, #4]
+ ldr r7, [r1, #12]
+ ldr r12, [r1, #20]
+ str r5, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r3, r0, r9, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r3, r2
+ str r0, [sp, #12] @ 4-byte Spill
+ umull r3, r0, r4, r6
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r3, lr
+ ldr lr, [r1, #16]
+ ldr r9, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ umull r2, r0, r7, r6
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, r10
+ umull r10, r5, lr, r6
+ adcs r10, r10, r11
+ umull r11, r3, r12, r6
+ adcs r6, r11, r0
+ mov r0, #0
+ adc r11, r0, #0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adds r0, r9, r0
+ ldr r9, [sp, #4] @ 4-byte Reload
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r9, r2, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r10, r10, r0
+ adcs r0, r6, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r11, r3
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ str r0, [r8, #8]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r6, [r0, #12]
+ umull r11, r3, r7, r6
+ str r3, [sp, #36] @ 4-byte Spill
+ umull r7, r3, r4, r6
+ str r3, [sp, #32] @ 4-byte Spill
+ umull r4, r3, r5, r6
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp, #40] @ 4-byte Reload
+ umull r5, r2, r3, r6
+ ldr r3, [sp] @ 4-byte Reload
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adds r3, r5, r3
+ str r3, [sp, #40] @ 4-byte Spill
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r4, r4, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r7, r7, r9
+ adcs r9, r11, r10
+ umull r5, r11, lr, r6
+ adcs r3, r5, r3
+ umull r5, r10, r12, r6
+ mov r6, #0
+ adcs r2, r5, r2
+ adc r5, r6, #0
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adds r12, r4, r6
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs lr, r7, r4
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r9, r9, r4
+ adcs r3, r3, r7
+ adcs r2, r2, r11
+ str r3, [sp, #20] @ 4-byte Spill
+ str r2, [sp, #28] @ 4-byte Spill
+ adc r2, r5, r10
+ ldr r5, [r0, #16]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r2, [r8, #12]
+ ldr r2, [r1]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldmib r1, {r0, r6}
+ umull r7, r4, r2, r5
+ ldr r3, [r1, #12]
+ adds r2, r7, r12
+ str r4, [sp, #24] @ 4-byte Spill
+ str r2, [sp, #32] @ 4-byte Spill
+ umull r7, r2, r0, r5
+ str r2, [sp, #16] @ 4-byte Spill
+ adcs r2, r7, lr
+ str r2, [sp, #4] @ 4-byte Spill
+ umull r4, r2, r6, r5
+ str r2, [sp, #12] @ 4-byte Spill
+ adcs r2, r4, r9
+ ldr r4, [sp, #28] @ 4-byte Reload
+ ldr r9, [sp, #4] @ 4-byte Reload
+ str r2, [sp] @ 4-byte Spill
+ umull r7, r2, r3, r5
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r7, r7, r2
+ ldr r2, [r1, #16]
+ ldr r1, [r1, #20]
+ umull r10, lr, r2, r5
+ umull r11, r12, r1, r5
+ adcs r10, r10, r4
+ ldr r4, [sp, #36] @ 4-byte Reload
+ adcs r5, r11, r4
+ mov r4, #0
+ adc r11, r4, #0
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adds r4, r9, r4
+ ldr r9, [sp] @ 4-byte Reload
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adcs r4, r9, r4
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adcs r4, r7, r4
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r10, r10, r4
+ adcs lr, r5, lr
+ ldr r5, [sp, #44] @ 4-byte Reload
+ adc r7, r11, r12
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [sp, #32] @ 4-byte Reload
+ ldr r5, [r5, #20]
+ str r7, [r8, #16]
+ umull r11, r7, r3, r5
+ str r7, [sp, #44] @ 4-byte Spill
+ umull r3, r7, r6, r5
+ umull r6, r12, r0, r5
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #40] @ 4-byte Reload
+ umull r4, r0, r7, r5
+ ldr r7, [sp, #4] @ 4-byte Reload
+ adds r9, r4, r7
+ ldr r4, [sp, #24] @ 4-byte Reload
+ str r9, [r8, #20]
+ adcs r6, r6, r4
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, r4
+ adcs r7, r11, r10
+ umull r4, r10, r2, r5
+ adcs r2, r4, lr
+ umull r4, lr, r1, r5
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r4, r1
+ mov r4, #0
+ adc r4, r4, #0
+ adds r5, r6, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r3, r3, r12
+ str r5, [r8, #24]
+ str r3, [r8, #28]
+ adcs r3, r7, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r3, [r8, #32]
+ adcs r2, r2, r0
+ adcs r1, r1, r10
+ str r2, [r8, #36]
+ str r1, [r8, #40]
+ adc r1, r4, lr
+ str r1, [r8, #44]
+ add sp, sp, #48
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end81:
+ .size mcl_fpDbl_mulPre6L, .Lfunc_end81-mcl_fpDbl_mulPre6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre6L
+ .align 2
+ .type mcl_fpDbl_sqrPre6L,%function
+mcl_fpDbl_sqrPre6L: @ @mcl_fpDbl_sqrPre6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #56
+ sub sp, sp, #56
+ ldm r1, {r2, r3}
+ ldr r7, [r1, #12]
+ mov lr, r0
+ ldr r0, [r1, #8]
+ ldr r9, [r1, #16]
+ ldr r12, [r1, #20]
+ umull r10, r6, r7, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ umull r4, r8, r0, r2
+ umull r5, r0, r2, r2
+ str r7, [sp, #44] @ 4-byte Spill
+ str r6, [sp, #36] @ 4-byte Spill
+ umull r6, r7, r3, r2
+ str r5, [sp, #24] @ 4-byte Spill
+ adds r11, r0, r6
+ ldr r5, [sp, #36] @ 4-byte Reload
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r7, r7, r4
+ umlal r0, r4, r3, r2
+ adcs r7, r8, r10
+ str r7, [sp, #40] @ 4-byte Spill
+ umull r7, r10, r9, r2
+ adcs r7, r5, r7
+ str r7, [sp, #32] @ 4-byte Spill
+ umull r7, r8, r12, r2
+ adcs r11, r10, r7
+ adc r2, r8, #0
+ adds r0, r6, r0
+ umull r6, r10, r3, r3
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r4, r6, r4
+ str r0, [lr]
+ umull r6, r0, r12, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ umull r5, r0, r9, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ umull r9, r12, r0, r3
+ ldr r0, [sp, #48] @ 4-byte Reload
+ umull r7, r8, r0, r3
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r3, r7, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r9, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r5, r5, r11
+ adcs r6, r6, r2
+ mov r2, #0
+ adc r2, r2, #0
+ adds r4, r4, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r11, r3, r10
+ adcs r8, r7, r8
+ ldr r7, [r1, #4]
+ adcs r10, r5, r12
+ ldr r5, [r1, #12]
+ str r0, [lr, #4]
+ ldr r0, [sp, #24] @ 4-byte Reload
+ str r7, [sp, #16] @ 4-byte Spill
+ adcs r0, r6, r0
+ ldr r6, [r1, #8]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r2, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1]
+ umull r3, r2, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ adds r0, r3, r4
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #16]
+ str r0, [sp, #52] @ 4-byte Spill
+ umull r3, r0, r7, r6
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r3, r11
+ ldr r3, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r4, r0, r6, r6
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r4, r8
+ umull r12, r4, r5, r6
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r12, r10
+ ldr r10, [sp, #24] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r9, r0, r2, r6
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r9, r9, r0
+ ldr r0, [r1, #20]
+ umull r11, r8, r0, r6
+ adcs r6, r11, r3
+ mov r3, #0
+ adc r11, r3, #0
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adds r3, r10, r3
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r3, r7, r3
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r3, r7, r3
+ str r3, [sp, #28] @ 4-byte Spill
+ adcs r3, r9, r4
+ ldr r4, [sp, #16] @ 4-byte Reload
+ ldr r9, [sp, #48] @ 4-byte Reload
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp] @ 4-byte Reload
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r3, r6, r3
+ str r3, [sp, #12] @ 4-byte Spill
+ umull r6, r3, r0, r5
+ adc r11, r11, r8
+ str r3, [sp, #44] @ 4-byte Spill
+ umull r3, r0, r2, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ umull r2, r0, r5, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r0, r10, r4, r5
+ umull r4, r8, r9, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ adds r4, r4, r5
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #28] @ 4-byte Reload
+ adcs r5, r12, r5
+ adcs r2, r2, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r3, r3, r7
+ mov r7, #0
+ adcs r6, r6, r11
+ adc r7, r7, #0
+ adds r9, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r11, r5, r10
+ adcs r0, r2, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ add r3, r1, #8
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r12, r6, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r0, [lr, #8]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r4, [lr, #12]
+ adc r0, r7, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r1, {r4, r6}
+ ldm r3, {r0, r2, r3}
+ ldr r1, [r1, #20]
+ umull r5, r7, r2, r1
+ str r5, [sp, #32] @ 4-byte Spill
+ str r7, [sp, #52] @ 4-byte Spill
+ umull r5, r7, r0, r1
+ str r5, [sp, #28] @ 4-byte Spill
+ str r7, [sp, #48] @ 4-byte Spill
+ umull r5, r7, r6, r1
+ str r5, [sp, #24] @ 4-byte Spill
+ str r7, [sp, #44] @ 4-byte Spill
+ umull r5, r7, r4, r1
+ str r5, [sp, #8] @ 4-byte Spill
+ str r7, [sp, #36] @ 4-byte Spill
+ umull r7, r5, r2, r3
+ str r5, [sp, #4] @ 4-byte Spill
+ umull r2, r5, r0, r3
+ umull r0, r10, r6, r3
+ umull r6, r8, r4, r3
+ adds r4, r6, r9
+ str r5, [sp] @ 4-byte Spill
+ adcs r11, r0, r11
+ ldr r0, [sp, #20] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ umull r4, r9, r3, r3
+ adcs r5, r2, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r6, r7, r0
+ umull r0, r2, r1, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ mov r7, #0
+ adcs r12, r4, r12
+ ldr r4, [sp] @ 4-byte Reload
+ adcs r3, r0, r3
+ adc r7, r7, #0
+ adds r8, r11, r8
+ adcs r5, r5, r10
+ adcs r6, r6, r4
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r4, r12, r4
+ adcs r3, r3, r9
+ adc r10, r7, r2
+ ldr r7, [sp, #8] @ 4-byte Reload
+ adds r12, r7, r8
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r9, r7, r5
+ ldr r5, [sp, #28] @ 4-byte Reload
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r6, r5, r6
+ ldr r5, [sp, #32] @ 4-byte Reload
+ adcs r4, r5, r4
+ adcs r0, r0, r3
+ umull r3, r8, r1, r1
+ adcs r1, r3, r10
+ mov r3, #0
+ adc r3, r3, #0
+ adds r5, r9, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r4, r4, r7
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ adcs r1, r1, r2
+ adc r2, r3, r8
+ ldr r3, [sp, #40] @ 4-byte Reload
+ str r3, [lr, #16]
+ add r3, lr, #36
+ str r12, [lr, #20]
+ str r5, [lr, #24]
+ str r6, [lr, #28]
+ str r4, [lr, #32]
+ stm r3, {r0, r1, r2}
+ add sp, sp, #56
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end82:
+ .size mcl_fpDbl_sqrPre6L, .Lfunc_end82-mcl_fpDbl_sqrPre6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont6L
+ .align 2
+ .type mcl_fp_mont6L,%function
+mcl_fp_mont6L: @ @mcl_fp_mont6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #116
+ sub sp, sp, #116
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, r2
+ str r2, [sp, #60] @ 4-byte Spill
+ ldm r0, {r2, r6, r7}
+ ldr r0, [r0, #12]
+ ldr r5, [r3, #8]
+ ldr r9, [r3]
+ ldr r11, [r1, #8]
+ ldr lr, [r1, #12]
+ ldr r12, [r3, #4]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #4]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1]
+ str r5, [sp, #92] @ 4-byte Spill
+ str r9, [sp, #84] @ 4-byte Spill
+ str r11, [sp, #100] @ 4-byte Spill
+ str lr, [sp, #64] @ 4-byte Spill
+ str r12, [sp, #112] @ 4-byte Spill
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [r3, #-4]
+ umull r4, r8, r0, r2
+ str r0, [sp, #88] @ 4-byte Spill
+ str r4, [sp, #44] @ 4-byte Spill
+ mul r0, r4, r7
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ ldr r1, [r1, #16]
+ umull r10, r4, r0, r5
+ str r4, [sp, #36] @ 4-byte Spill
+ umull r4, r5, r0, r9
+ str r10, [sp, #16] @ 4-byte Spill
+ mov r9, r5
+ str r5, [sp, #12] @ 4-byte Spill
+ str r4, [sp, #40] @ 4-byte Spill
+ umull r5, r4, r7, r2
+ str r7, [sp, #104] @ 4-byte Spill
+ ldr r7, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #96] @ 4-byte Spill
+ umlal r9, r10, r0, r12
+ str r5, [sp, #72] @ 4-byte Spill
+ str r4, [sp, #76] @ 4-byte Spill
+ umull r5, r4, r1, r2
+ str r4, [sp, #68] @ 4-byte Spill
+ umull r1, r4, lr, r2
+ str r5, [sp, #28] @ 4-byte Spill
+ umull lr, r5, r11, r2
+ str r4, [sp, #24] @ 4-byte Spill
+ umull r11, r4, r7, r2
+ adds r7, r8, r11
+ adcs r4, r4, lr
+ ldr r7, [r3, #12]
+ adcs r1, r5, r1
+ ldr r4, [sp, #24] @ 4-byte Reload
+ ldr r5, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r4, r1
+ ldr r4, [sp, #68] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r7, [sp, #72] @ 4-byte Spill
+ adcs r1, r4, r1
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ umull r11, r4, r0, r1
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r4, [sp, #8] @ 4-byte Spill
+ umull r3, r4, r0, r12
+ adds r3, r5, r3
+ str r1, [sp, #68] @ 4-byte Spill
+ umull r5, r12, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r4, r4, r1
+ umull r4, r3, r0, r7
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r7, [sp, #40] @ 4-byte Reload
+ adcs r1, r0, r4
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r5
+ adcs r4, r12, r11
+ mov r12, #0
+ adc r5, r0, #0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ umlal r8, lr, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adds r2, r7, r2
+ adcs r2, r9, r8
+ str r2, [sp, #44] @ 4-byte Spill
+ adcs r2, r10, lr
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r3, r1
+ mov r3, r0
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r1, r5, r1
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adc r11, r12, #0
+ umull lr, r10, r6, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ umull r7, r4, r6, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ umull r5, r12, r6, r1
+ umull r1, r8, r6, r0
+ umull r9, r0, r6, r2
+ adds r1, r0, r1
+ adcs r1, r8, r5
+ ldr r8, [sp, #64] @ 4-byte Reload
+ umlal r0, r5, r6, r3
+ ldr r3, [sp, #44] @ 4-byte Reload
+ umull r1, r2, r6, r8
+ adcs r1, r12, r1
+ adcs r2, r2, r7
+ adcs r12, r4, lr
+ adc r4, r10, #0
+ adds r7, r3, r9
+ ldr r3, [sp, #40] @ 4-byte Reload
+ ldr r10, [sp, #68] @ 4-byte Reload
+ adcs r9, r3, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r11, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ mul r0, r7, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ umull lr, r3, r0, r5
+ umull r6, r12, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ umull r11, r2, r0, r1
+ mov r1, r6
+ mov r4, r2
+ adds r2, r2, lr
+ umlal r4, r1, r0, r5
+ ldr r5, [sp, #76] @ 4-byte Reload
+ adcs r3, r3, r6
+ umull r2, lr, r0, r5
+ ldr r5, [sp, #72] @ 4-byte Reload
+ umull r3, r6, r0, r5
+ adcs r12, r12, r3
+ umull r5, r3, r0, r10
+ adcs r0, r6, r5
+ adcs r2, r3, r2
+ adc r3, lr, #0
+ adds r7, r11, r7
+ adcs r7, r4, r9
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ umull r4, r5, r2, r8
+ ldr r8, [sp, #88] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r3, r1, r2, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ mov r3, r2
+ str r1, [sp, #16] @ 4-byte Spill
+ umull r6, r9, r2, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ umull r1, lr, r2, r0
+ umull r11, r0, r3, r8
+ umull r2, r12, r3, r7
+ adds r2, r0, r2
+ str r11, [sp, #12] @ 4-byte Spill
+ adcs r2, r12, r1
+ umlal r0, r1, r3, r7
+ ldr r3, [sp, #20] @ 4-byte Reload
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r2, lr, r4
+ adcs r4, r5, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adcs r6, r9, r6
+ adc r5, r5, #0
+ adds r8, r3, r7
+ ldr r3, [sp, #44] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ mul r0, r8, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ umull r2, r3, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r3, [sp, #16] @ 4-byte Spill
+ umull r3, r5, r0, r1
+ mov r1, r2
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp, #76] @ 4-byte Reload
+ mov r4, r5
+ umlal r4, r1, r0, r7
+ umull r9, r6, r0, r3
+ ldr r3, [sp, #72] @ 4-byte Reload
+ str r6, [sp, #12] @ 4-byte Spill
+ umull r6, lr, r0, r10
+ umull r12, r10, r0, r3
+ umull r11, r3, r0, r7
+ adds r0, r5, r11
+ adcs r0, r3, r2
+ ldr r3, [sp, #52] @ 4-byte Reload
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r11, r0, r12
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r10, r10, r6
+ adcs lr, lr, r9
+ adc r9, r0, #0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adds r6, r0, r8
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r8, [sp, #88] @ 4-byte Reload
+ umull r7, r2, r3, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r7, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #20] @ 4-byte Spill
+ umull r7, r2, r3, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #8] @ 4-byte Spill
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [sp, #108] @ 4-byte Reload
+ umull r5, r2, r3, r0
+ str r2, [sp] @ 4-byte Spill
+ umull r2, r0, r3, r8
+ umull r6, r12, r3, r7
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r4, r4, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r11, r11, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r10, r10, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, lr, r1
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adc lr, r1, #0
+ adds r6, r0, r6
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r2, r12, r5
+ umlal r0, r5, r3, r7
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r9, r2, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ umull r6, r2, r3, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adc r8, r1, #0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adds r4, r4, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ adcs r0, r11, r5
+ ldr r5, [sp, #112] @ 4-byte Reload
+ ldr r11, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r10, r9
+ ldr r10, [sp, #80] @ 4-byte Reload
+ ldr r9, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, lr, r8
+ ldr r8, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ mul r0, r4, r10
+ umull r2, r12, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ umull r3, r7, r0, r1
+ mov r1, r2
+ str r3, [sp, #24] @ 4-byte Spill
+ umull lr, r3, r0, r5
+ mov r6, r7
+ adds r7, r7, lr
+ umlal r6, r1, r0, r5
+ adcs r2, r3, r2
+ umull r7, lr, r0, r11
+ umull r2, r3, r0, r9
+ adcs r12, r12, r2
+ umull r5, r2, r0, r8
+ adcs r0, r3, r5
+ adcs r2, r2, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adc r3, lr, #0
+ adds r7, r7, r4
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r7, r6, r7
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r4, [r0, #16]
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r12, lr, r4, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ umull r5, r6, r4, r3
+ umull r2, r8, r4, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r7, r1, r4, r0
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adds r5, r1, r5
+ umull r0, r5, r4, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r6, r6, r0
+ umlal r1, r0, r4, r3
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adcs r2, r5, r2
+ umull r5, r6, r4, r7
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs r7, r8, r5
+ adcs r6, r6, r12
+ adc r5, lr, #0
+ adds r8, r3, r4
+ ldr r3, [sp, #48] @ 4-byte Reload
+ adcs r1, r3, r1
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ mul r0, r8, r10
+ umull r5, r12, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ umull lr, r3, r0, r6
+ umull r10, r2, r0, r1
+ mov r1, r5
+ mov r4, r2
+ adds r2, r2, lr
+ adcs r3, r3, r5
+ umlal r4, r1, r0, r6
+ umull r2, lr, r0, r11
+ ldr r11, [sp, #88] @ 4-byte Reload
+ umull r3, r5, r0, r9
+ adcs r12, r12, r3
+ umull r6, r3, r0, r7
+ adcs r0, r5, r6
+ adcs r2, r3, r2
+ adc r3, lr, #0
+ adds r7, r10, r8
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r7, r4, r7
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r4, [r0, #20]
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r9, r1, r4, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ umull r2, r12, r4, r3
+ str r1, [sp, #60] @ 4-byte Spill
+ umull r7, r8, r4, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ umull r5, r6, r4, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ umull r1, lr, r4, r0
+ umull r10, r0, r4, r11
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r2, r0, r2
+ adcs r2, r12, r1
+ umlal r0, r1, r4, r3
+ ldr r3, [sp, #52] @ 4-byte Reload
+ ldr r12, [sp, #112] @ 4-byte Reload
+ adcs r2, lr, r5
+ adcs r5, r6, r7
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r7, r8, r9
+ ldr r9, [sp, #68] @ 4-byte Reload
+ adc r6, r6, #0
+ adds r8, r3, r10
+ ldr r3, [sp, #48] @ 4-byte Reload
+ ldr r10, [sp, #84] @ 4-byte Reload
+ adcs lr, r3, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #88] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ mul r0, r8, r1
+ umull r3, r4, r0, r10
+ umull r1, r2, r0, r12
+ adds r1, r4, r1
+ str r3, [sp, #80] @ 4-byte Spill
+ umull r6, r1, r0, r11
+ adcs r2, r2, r6
+ umlal r4, r6, r0, r12
+ umull r2, r3, r0, r5
+ adcs r1, r1, r2
+ str r1, [sp, #60] @ 4-byte Spill
+ umull r2, r1, r0, r9
+ adcs r2, r3, r2
+ str r2, [sp, #52] @ 4-byte Spill
+ umull r3, r2, r0, r7
+ adcs r1, r1, r3
+ ldr r3, [sp, #60] @ 4-byte Reload
+ adc r0, r2, #0
+ ldr r2, [sp, #80] @ 4-byte Reload
+ adds r2, r2, r8
+ ldr r2, [sp, #108] @ 4-byte Reload
+ adcs r12, r4, lr
+ adcs lr, r6, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ adcs r8, r3, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adcs r6, r3, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ adcs r3, r1, r2
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r2, r0, r1
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r0, r0, #0
+ subs r4, r12, r10
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ sbcs r0, lr, r0
+ sbcs r1, r8, r11
+ mov r11, r6
+ sbcs r5, r6, r5
+ sbcs r6, r3, r9
+ mov r9, r2
+ sbcs r10, r2, r7
+ ldr r2, [sp, #108] @ 4-byte Reload
+ sbc r7, r2, #0
+ ldr r2, [sp, #56] @ 4-byte Reload
+ ands r7, r7, #1
+ movne r4, r12
+ movne r0, lr
+ movne r1, r8
+ cmp r7, #0
+ movne r5, r11
+ movne r6, r3
+ movne r10, r9
+ str r4, [r2]
+ str r0, [r2, #4]
+ str r1, [r2, #8]
+ str r5, [r2, #12]
+ str r6, [r2, #16]
+ str r10, [r2, #20]
+ add sp, sp, #116
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end83:
+ .size mcl_fp_mont6L, .Lfunc_end83-mcl_fp_mont6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF6L
+ .align 2
+ .type mcl_fp_montNF6L,%function
+mcl_fp_montNF6L: @ @mcl_fp_montNF6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #88
+ sub sp, sp, #88
+ str r2, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r2, {r4, r12}
+ ldr r5, [r1, #4]
+ ldr r0, [r2, #12]
+ ldr r9, [r2, #8]
+ ldr r2, [r1]
+ ldr r7, [r1, #8]
+ ldr lr, [r3, #8]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ str r5, [sp, #44] @ 4-byte Spill
+ umull r6, r8, r5, r4
+ mov r10, r5
+ umull r11, r5, r2, r4
+ str r2, [sp, #52] @ 4-byte Spill
+ str r7, [sp, #48] @ 4-byte Spill
+ str lr, [sp, #40] @ 4-byte Spill
+ adds r6, r5, r6
+ umull r2, r6, r7, r4
+ adcs r7, r8, r2
+ umlal r5, r2, r10, r4
+ umull r7, r8, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r6, r7
+ ldr r6, [r1, #16]
+ str r0, [sp, #64] @ 4-byte Spill
+ umull r7, r0, r6, r4
+ str r6, [sp, #72] @ 4-byte Spill
+ ldr r6, [r3]
+ adcs r7, r8, r7
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ str r6, [sp, #80] @ 4-byte Spill
+ umull r1, r8, r7, r4
+ str r7, [sp, #76] @ 4-byte Spill
+ adcs r0, r0, r1
+ ldr r1, [r3, #-4]
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r0, r8, #0
+ ldr r8, [r3, #4]
+ str r0, [sp, #16] @ 4-byte Spill
+ mul r0, r11, r1
+ str r1, [sp, #56] @ 4-byte Spill
+ umull r1, r7, r0, r6
+ str r8, [sp, #68] @ 4-byte Spill
+ adds r1, r1, r11
+ str r7, [sp, #12] @ 4-byte Spill
+ umull r1, r4, r0, r8
+ adcs r8, r1, r5
+ ldr r1, [r3, #12]
+ umull r5, r11, r0, lr
+ str r4, [sp, #8] @ 4-byte Spill
+ adcs r6, r5, r2
+ str r1, [sp, #84] @ 4-byte Spill
+ umull r5, r7, r0, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs lr, r5, r1
+ ldr r1, [r3, #16]
+ str r1, [sp, #64] @ 4-byte Spill
+ umull r5, r4, r0, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r5, r5, r1
+ ldr r1, [r3, #20]
+ umull r3, r2, r0, r1
+ ldr r0, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r3, r0
+ adc r3, r1, #0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adds r1, r8, r1
+ ldr r8, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r1, r6, r1
+ adcs r11, lr, r11
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr lr, [sp, #76] @ 4-byte Reload
+ adcs r1, r5, r7
+ ldr r5, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r1, [sp, #12] @ 4-byte Spill
+ str r0, [sp, #8] @ 4-byte Spill
+ adc r0, r3, r2
+ umull r3, r6, r12, r10
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ umull r7, r1, r12, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adds r3, r1, r3
+ umull r2, r3, r12, r0
+ adcs r6, r6, r2
+ umlal r1, r2, r12, r10
+ ldr r10, [sp, #68] @ 4-byte Reload
+ umull r6, r0, r12, r8
+ adcs r4, r3, r6
+ umull r6, r3, r12, r5
+ adcs r5, r0, r6
+ umull r6, r0, r12, lr
+ ldr r12, [sp, #60] @ 4-byte Reload
+ adcs r3, r3, r6
+ ldr r6, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r7, r7, r6
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r11
+ adcs r6, r4, r6
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r11, r5, r4
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r3, r3, r5
+ adc r0, r0, #0
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mul r4, r7, r0
+ umull r0, r5, r4, r3
+ adds r0, r0, r7
+ str r5, [sp, #12] @ 4-byte Spill
+ umull r0, r3, r4, r10
+ ldr r5, [sp, #12] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ adcs r3, r0, r1
+ ldr r0, [sp, #40] @ 4-byte Reload
+ umull r1, r7, r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r7, [sp, #4] @ 4-byte Spill
+ adcs r1, r1, r2
+ umull r2, r7, r4, r0
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r2, r2, r6
+ umull r6, r0, r4, r7
+ adcs r6, r6, r11
+ umull r7, r11, r4, r12
+ ldr r4, [sp, #20] @ 4-byte Reload
+ ldr r12, [sp, #48] @ 4-byte Reload
+ adcs r4, r7, r4
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adc r7, r7, #0
+ adds r3, r3, r5
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp, #72] @ 4-byte Reload
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp] @ 4-byte Reload
+ adcs r1, r6, r1
+ adcs r0, r4, r0
+ str r1, [sp, #8] @ 4-byte Spill
+ str r0, [sp, #4] @ 4-byte Spill
+ adc r0, r7, r11
+ ldr r11, [sp, #52] @ 4-byte Reload
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ umull r6, r1, r9, r11
+ umull r5, r4, r9, r0
+ adds r5, r1, r5
+ umull r2, r5, r9, r12
+ adcs r4, r4, r2
+ umlal r1, r2, r9, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ umull r4, r7, r9, r8
+ adcs r8, r5, r4
+ umull r5, r4, r9, r3
+ adcs r5, r7, r5
+ umull r7, r3, r9, lr
+ ldr lr, [sp, #60] @ 4-byte Reload
+ adcs r4, r4, r7
+ adc r3, r3, #0
+ adds r7, r6, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r1, r1, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r6, r8, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ ldr r8, [sp, #56] @ 4-byte Reload
+ adcs r9, r5, r0
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r0, r4, r0
+ mul r4, r7, r8
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r0, r3, #0
+ ldr r3, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ umull r0, r5, r4, r3
+ adds r0, r0, r7
+ str r5, [sp, #12] @ 4-byte Spill
+ umull r0, r3, r4, r10
+ ldr r10, [sp, #40] @ 4-byte Reload
+ ldr r5, [sp, #12] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ adcs r0, r0, r1
+ umull r1, r3, r4, r10
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r2
+ umull r2, r7, r4, r3
+ ldr r3, [sp, #64] @ 4-byte Reload
+ str r7, [sp] @ 4-byte Spill
+ adcs r2, r2, r6
+ umull r6, r7, r4, r3
+ adcs r6, r6, r9
+ umull r3, r9, r4, lr
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, r4
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r0, r0, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ adcs r0, r3, r7
+ str r0, [sp, #4] @ 4-byte Spill
+ adc r0, r4, r9
+ ldr r4, [sp, #44] @ 4-byte Reload
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ umull r3, lr, r0, r12
+ ldr r12, [sp, #36] @ 4-byte Reload
+ umull r9, r2, r0, r11
+ umull r6, r7, r0, r4
+ mov r1, r2
+ adds r2, r2, r6
+ mov r5, r3
+ adcs r2, r7, r3
+ umlal r1, r5, r0, r4
+ umull r2, r3, r0, r12
+ adcs r11, lr, r2
+ ldr lr, [sp, #72] @ 4-byte Reload
+ ldr r2, [sp, #76] @ 4-byte Reload
+ umull r4, r6, r0, lr
+ adcs r3, r3, r4
+ umull r4, r7, r0, r2
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r4, r6, r4
+ adc r6, r7, #0
+ adds r0, r9, r0
+ ldr r9, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ adcs r7, r5, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #4] @ 4-byte Reload
+ adcs r2, r11, r2
+ adcs r11, r3, r5
+ ldr r3, [sp] @ 4-byte Reload
+ adcs r3, r4, r3
+ mul r4, r0, r8
+ ldr r8, [sp, #80] @ 4-byte Reload
+ str r3, [sp, #24] @ 4-byte Spill
+ adc r3, r6, #0
+ str r3, [sp, #20] @ 4-byte Spill
+ umull r5, r3, r4, r8
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [sp, #68] @ 4-byte Reload
+ adds r0, r5, r0
+ umull r0, r5, r4, r3
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ umull r1, r3, r4, r10
+ ldr r10, [sp, #60] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ adcs r1, r1, r7
+ umull r7, r3, r4, r5
+ adcs r2, r7, r2
+ umull r7, r5, r4, r9
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r7, r7, r11
+ umull r6, r11, r4, r10
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs r4, r6, r4
+ ldr r6, [sp, #20] @ 4-byte Reload
+ adc r6, r6, #0
+ adds r0, r0, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r0, r4, r5
+ str r0, [sp, #8] @ 4-byte Spill
+ adc r0, r6, r11
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r5, [r0, #16]
+ umull r11, r2, r5, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ umull r4, r0, r5, r7
+ adds r4, r2, r4
+ umull r3, r4, r5, r1
+ adcs r0, r0, r3
+ umlal r2, r3, r5, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ umull r0, r6, r5, r12
+ adcs r12, r4, r0
+ umull r4, r1, r5, lr
+ adcs r4, r6, r4
+ umull r6, r0, r5, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r6
+ adc r0, r0, #0
+ adds r6, r11, r7
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r7
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r3, r3, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r5, r12, r7
+ ldr r7, [sp, #8] @ 4-byte Reload
+ adcs r7, r4, r7
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [sp, #4] @ 4-byte Reload
+ adcs r1, r1, r7
+ adc r0, r0, #0
+ str r1, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mul r4, r6, r0
+ umull r0, r1, r4, r8
+ ldr r8, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adds r0, r0, r6
+ ldr r7, [sp, #16] @ 4-byte Reload
+ umull r0, r11, r4, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ umull r2, lr, r4, r8
+ adcs r2, r2, r3
+ umull r3, r12, r4, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r3, r3, r5
+ umull r5, r6, r4, r9
+ adcs r5, r5, r1
+ umull r1, r9, r4, r10
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r0, r0, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r2, r11
+ adcs r11, r3, lr
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r10, r5, r12
+ adcs r0, r1, r6
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r4, r9
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r5, [r0, #20]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ umull r6, r1, r5, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r4, r6
+ umull lr, r3, r5, r0
+ umull r12, r0, r5, r7
+ mov r2, r3
+ adds r3, r3, r12
+ umlal r2, r4, r5, r7
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ umull r0, r3, r5, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r12, r1, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ umull r1, r6, r5, r0
+ adcs r1, r3, r1
+ umull r3, r0, r5, r7
+ ldr r5, [sp, #24] @ 4-byte Reload
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r3, r6, r3
+ adc r0, r0, #0
+ adds r6, lr, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ ldr lr, [sp, #68] @ 4-byte Reload
+ adcs r2, r2, r7
+ adcs r7, r4, r11
+ adcs r9, r12, r10
+ adcs r1, r1, r5
+ ldr r5, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r1, r3, r1
+ adc r0, r0, #0
+ str r1, [sp, #76] @ 4-byte Spill
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mul r4, r6, r0
+ umull r0, r1, r4, r5
+ umull r3, r11, r4, lr
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adds r0, r0, r6
+ umull r6, r0, r4, r8
+ adcs r12, r3, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ adcs r10, r6, r7
+ umull r3, r0, r4, r1
+ adcs r9, r3, r9
+ ldr r3, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ umull r7, r0, r4, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r7, r7, r0
+ umull r6, r0, r4, r2
+ ldr r4, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r6, r6, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r12, r12, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r11, r10, r11
+ adcs r9, r9, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r7, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r6, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r4, r0
+ subs r5, r12, r5
+ sbcs r4, r11, lr
+ mov lr, r0
+ sbcs r6, r9, r8
+ sbcs r1, r10, r1
+ sbcs r8, r7, r3
+ sbc r3, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ asr r0, r3, #31
+ cmp r0, #0
+ movlt r5, r12
+ movlt r4, r11
+ movlt r6, r9
+ cmp r0, #0
+ movlt r1, r10
+ movlt r8, r7
+ movlt r3, lr
+ str r5, [r2]
+ str r4, [r2, #4]
+ str r6, [r2, #8]
+ str r1, [r2, #12]
+ str r8, [r2, #16]
+ str r3, [r2, #20]
+ add sp, sp, #88
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end84:
+ .size mcl_fp_montNF6L, .Lfunc_end84-mcl_fp_montNF6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed6L
+ .align 2
+ .type mcl_fp_montRed6L,%function
+mcl_fp_montRed6L: @ @mcl_fp_montRed6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #100
+ sub sp, sp, #100
+ ldr r6, [r1, #4]
+ ldr r10, [r2, #-4]
+ ldr r9, [r1]
+ ldr r3, [r2, #8]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r2]
+ ldr r8, [r2, #4]
+ str r6, [sp, #68] @ 4-byte Spill
+ ldr r6, [r1, #8]
+ mul r4, r9, r10
+ str r3, [sp, #80] @ 4-byte Spill
+ str r0, [sp, #76] @ 4-byte Spill
+ str r10, [sp, #92] @ 4-byte Spill
+ umull r12, r7, r4, r3
+ str r7, [sp, #52] @ 4-byte Spill
+ umull r7, r3, r4, r0
+ mov lr, r12
+ str r7, [sp, #56] @ 4-byte Spill
+ mov r0, r3
+ str r6, [sp, #64] @ 4-byte Spill
+ ldr r6, [r1, #12]
+ umlal r0, lr, r4, r8
+ str r6, [sp, #60] @ 4-byte Spill
+ ldr r6, [r2, #20]
+ umull r5, r7, r4, r6
+ str r6, [sp, #84] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ ldr r2, [r2, #12]
+ str r5, [sp, #44] @ 4-byte Spill
+ str r7, [sp, #48] @ 4-byte Spill
+ umull r5, r7, r4, r6
+ str r6, [sp, #96] @ 4-byte Spill
+ str r2, [sp, #88] @ 4-byte Spill
+ str r7, [sp, #40] @ 4-byte Spill
+ umull r6, r7, r4, r2
+ umull r11, r2, r4, r8
+ adds r3, r3, r11
+ adcs r2, r2, r12
+ ldr r3, [sp, #40] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r12, r2, r6
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r11, r7, r5
+ adcs r2, r3, r2
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adc r2, r2, #0
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [sp, #56] @ 4-byte Reload
+ adds r6, r9, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ add r9, r1, #16
+ adcs r0, r2, r0
+ mul r6, r0, r10
+ ldr r10, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ umull r3, r0, r6, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r9, {r2, r4, r7, r9}
+ ldr r5, [sp, #76] @ 4-byte Reload
+ umull r0, r1, r6, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ ldr lr, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ mov r12, r3
+ adcs r2, r2, r11
+ str r0, [sp, #64] @ 4-byte Spill
+ mov r0, r1
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [sp, #52] @ 4-byte Reload
+ umlal r0, r12, r6, r8
+ adcs r2, r4, r2
+ ldr r4, [sp, #96] @ 4-byte Reload
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r2, r7, r2
+ str r2, [sp, #48] @ 4-byte Spill
+ adcs r2, r9, #0
+ umull r9, r11, r6, lr
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #28] @ 4-byte Spill
+ mov r2, #0
+ adc r2, r2, #0
+ str r2, [sp, #24] @ 4-byte Spill
+ umull r7, r2, r6, r8
+ adds r1, r1, r7
+ adcs r2, r2, r3
+ ldr r3, [sp, #88] @ 4-byte Reload
+ umull r1, r7, r6, r4
+ umull r2, r4, r6, r3
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r2, r6, r2
+ adcs r1, r4, r1
+ ldr r4, [sp, #20] @ 4-byte Reload
+ str r2, [sp, #56] @ 4-byte Spill
+ str r1, [sp, #4] @ 4-byte Spill
+ adcs r1, r7, r9
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r1, [sp] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adc r7, r11, #0
+ adds r6, r4, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ mul r6, r1, r0
+ umull r9, r0, r6, r10
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r0, r1, r6, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ mov r4, r9
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r12, r0
+ adcs r5, r2, r5
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ mov r0, r1
+ str r5, [sp, #68] @ 4-byte Spill
+ ldr r5, [sp, #52] @ 4-byte Reload
+ umlal r0, r4, r6, r8
+ adcs r2, r2, r5
+ ldr r5, [sp] @ 4-byte Reload
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r2, r5, r2
+ umull r5, r10, r6, lr
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r2, r7, r2
+ umull r7, r12, r6, r8
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adc r2, r2, #0
+ adds r1, r1, r7
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r2, [sp, #36] @ 4-byte Spill
+ umull r7, r2, r6, r3
+ ldr r3, [sp, #8] @ 4-byte Reload
+ umull r11, lr, r6, r1
+ adcs r6, r12, r9
+ adcs r3, r3, r7
+ adcs r12, r2, r11
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r2, lr, r5
+ ldr r5, [sp, #80] @ 4-byte Reload
+ ldr lr, [sp, #76] @ 4-byte Reload
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adc r9, r10, #0
+ adds r6, r3, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ ldr r3, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r6, r0, r3
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r11, r0, r6, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r0, r7, r6, lr
+ mov r10, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ mov r2, r7
+ umlal r2, r10, r6, r8
+ adcs r0, r4, r0
+ ldr r4, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ ldr r12, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ umull r4, r0, r6, r12
+ str r4, [sp, #12] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ umull r4, r0, r6, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r9, r0, r6, r8
+ adds r7, r7, r9
+ adcs r0, r0, r11
+ ldr r0, [sp, #24] @ 4-byte Reload
+ umull r7, r9, r6, r1
+ ldr r6, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r9, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r7, r4, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r4, [sp, #32] @ 4-byte Reload
+ adc r11, r0, #0
+ adds r4, r6, r4
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r4, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r4
+ mul r4, r2, r3
+ str r2, [sp, #36] @ 4-byte Spill
+ umull r9, r2, r4, r5
+ ldr r5, [sp, #68] @ 4-byte Reload
+ str r2, [sp, #28] @ 4-byte Spill
+ umull r3, r2, r4, lr
+ mov r6, r2
+ str r3, [sp, #32] @ 4-byte Spill
+ mov r3, r9
+ umlal r6, r3, r4, r8
+ adcs r5, r10, r5
+ str r5, [sp, #68] @ 4-byte Spill
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r5, r0, r5
+ ldr r0, [sp, #16] @ 4-byte Reload
+ str r5, [sp, #64] @ 4-byte Spill
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ umull r7, r0, r4, r12
+ mov r12, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r11, r0, r4, r8
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [sp, #96] @ 4-byte Reload
+ umull r1, r5, r4, r12
+ adds r2, r2, r11
+ adcs r0, r0, r9
+ ldr r2, [sp, #20] @ 4-byte Reload
+ ldr r0, [sp, #28] @ 4-byte Reload
+ umull lr, r10, r4, r7
+ ldr r4, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ adcs r1, r5, lr
+ ldr r5, [sp, #24] @ 4-byte Reload
+ adcs r2, r10, r2
+ adc lr, r5, #0
+ ldr r5, [sp, #32] @ 4-byte Reload
+ adds r4, r5, r4
+ ldr r5, [sp, #76] @ 4-byte Reload
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r9, r6, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ ldr r6, [sp, #80] @ 4-byte Reload
+ adcs r3, r3, r4
+ str r3, [sp, #68] @ 4-byte Spill
+ ldr r3, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ mul r0, r9, r1
+ umull r2, r4, r0, r5
+ umull r1, r3, r0, r8
+ adds r1, r4, r1
+ str r2, [sp, #92] @ 4-byte Spill
+ umull r1, r2, r0, r6
+ adcs r3, r3, r1
+ umlal r4, r1, r0, r8
+ umull r3, lr, r0, r12
+ adcs r10, r2, r3
+ umull r3, r2, r0, r7
+ adcs r11, lr, r3
+ ldr lr, [sp, #84] @ 4-byte Reload
+ umull r7, r3, r0, lr
+ adcs r2, r2, r7
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adc r0, r3, #0
+ ldr r3, [sp, #92] @ 4-byte Reload
+ adds r3, r3, r9
+ ldr r3, [sp, #68] @ 4-byte Reload
+ adcs r3, r4, r3
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r12, r1, r7
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r10, r10, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r9, r11, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r7, r2, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r11, r0, #0
+ subs r0, r3, r5
+ sbcs r5, r12, r8
+ mov r8, r7
+ sbcs r2, r10, r6
+ ldr r6, [sp, #96] @ 4-byte Reload
+ sbcs r4, r9, r4
+ sbcs r6, r7, r6
+ sbcs r7, r1, lr
+ mov lr, r1
+ sbc r1, r11, #0
+ ands r1, r1, #1
+ movne r0, r3
+ ldr r3, [sp, #72] @ 4-byte Reload
+ movne r5, r12
+ movne r2, r10
+ cmp r1, #0
+ movne r4, r9
+ movne r6, r8
+ movne r7, lr
+ str r0, [r3]
+ str r5, [r3, #4]
+ str r2, [r3, #8]
+ str r4, [r3, #12]
+ str r6, [r3, #16]
+ str r7, [r3, #20]
+ add sp, sp, #100
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end85:
+ .size mcl_fp_montRed6L, .Lfunc_end85-mcl_fp_montRed6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre6L
+ .align 2
+ .type mcl_fp_addPre6L,%function
+mcl_fp_addPre6L: @ @mcl_fp_addPre6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldm r1, {r9, r12, lr}
+ ldr r10, [r1, #12]
+ ldr r5, [r1, #16]
+ ldr r8, [r1, #20]
+ ldm r2, {r6, r7}
+ add r4, r2, #8
+ ldm r4, {r1, r3, r4}
+ ldr r2, [r2, #20]
+ adds r6, r6, r9
+ adcs r7, r7, r12
+ add r12, r0, #8
+ adcs r1, r1, lr
+ stm r0, {r6, r7}
+ adcs r3, r3, r10
+ adcs r5, r4, r5
+ adcs r2, r2, r8
+ stm r12, {r1, r3, r5}
+ str r2, [r0, #20]
+ mov r0, #0
+ adc r0, r0, #0
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end86:
+ .size mcl_fp_addPre6L, .Lfunc_end86-mcl_fp_addPre6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre6L
+ .align 2
+ .type mcl_fp_subPre6L,%function
+mcl_fp_subPre6L: @ @mcl_fp_subPre6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ ldm r2, {r9, r12, lr}
+ ldr r10, [r2, #12]
+ ldr r5, [r2, #16]
+ ldr r8, [r2, #20]
+ ldm r1, {r6, r7}
+ add r4, r1, #8
+ ldm r4, {r2, r3, r4}
+ ldr r1, [r1, #20]
+ subs r6, r6, r9
+ sbcs r7, r7, r12
+ add r12, r0, #8
+ sbcs r2, r2, lr
+ stm r0, {r6, r7}
+ sbcs r3, r3, r10
+ sbcs r5, r4, r5
+ sbcs r1, r1, r8
+ stm r12, {r2, r3, r5}
+ str r1, [r0, #20]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end87:
+ .size mcl_fp_subPre6L, .Lfunc_end87-mcl_fp_subPre6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_6L
+ .align 2
+ .type mcl_fp_shr1_6L,%function
+mcl_fp_shr1_6L: @ @mcl_fp_shr1_6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, lr}
+ push {r4, r5, r6, lr}
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr lr, [r1, #12]
+ ldr r2, [r1, #8]
+ ldr r4, [r1, #16]
+ ldr r1, [r1, #20]
+ lsrs r5, r3, #1
+ lsr r3, r3, #1
+ rrx r12, r12
+ lsrs r5, lr, #1
+ orr r6, r3, r2, lsl #31
+ lsr r5, lr, #1
+ rrx r2, r2
+ lsrs r3, r1, #1
+ lsr r1, r1, #1
+ str r12, [r0]
+ str r6, [r0, #4]
+ orr r5, r5, r4, lsl #31
+ rrx r3, r4
+ str r2, [r0, #8]
+ str r5, [r0, #12]
+ str r3, [r0, #16]
+ str r1, [r0, #20]
+ pop {r4, r5, r6, lr}
+ mov pc, lr
+.Lfunc_end88:
+ .size mcl_fp_shr1_6L, .Lfunc_end88-mcl_fp_shr1_6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add6L
+ .align 2
+ .type mcl_fp_add6L,%function
+mcl_fp_add6L: @ @mcl_fp_add6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldm r1, {r9, r12, lr}
+ ldr r7, [r2]
+ ldr r10, [r1, #12]
+ ldr r11, [r1, #16]
+ ldr r8, [r1, #20]
+ ldmib r2, {r1, r4, r5, r6}
+ ldr r2, [r2, #20]
+ adds r7, r7, r9
+ adcs r12, r1, r12
+ add r1, r0, #8
+ adcs r4, r4, lr
+ stm r0, {r7, r12}
+ adcs r5, r5, r10
+ adcs r6, r6, r11
+ stm r1, {r4, r5, r6}
+ adcs r2, r2, r8
+ mov r1, #0
+ str r2, [r0, #20]
+ adc r9, r1, #0
+ ldm r3, {r1, lr}
+ ldr r10, [r3, #8]
+ ldr r11, [r3, #12]
+ ldr r8, [r3, #16]
+ ldr r3, [r3, #20]
+ subs r7, r7, r1
+ sbcs r1, r12, lr
+ sbcs r10, r4, r10
+ sbcs r12, r5, r11
+ sbcs lr, r6, r8
+ sbcs r4, r2, r3
+ sbc r2, r9, #0
+ tst r2, #1
+ streq r7, [r0]
+ stmibeq r0, {r1, r10, r12, lr}
+ streq r4, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end89:
+ .size mcl_fp_add6L, .Lfunc_end89-mcl_fp_add6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF6L
+ .align 2
+ .type mcl_fp_addNF6L,%function
+mcl_fp_addNF6L: @ @mcl_fp_addNF6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ add r11, r1, #8
+ ldm r1, {r12, lr}
+ ldm r11, {r9, r10, r11}
+ ldr r7, [r2]
+ ldr r8, [r1, #20]
+ ldmib r2, {r1, r4, r5, r6}
+ ldr r2, [r2, #20]
+ adds r7, r7, r12
+ adcs r1, r1, lr
+ adcs r4, r4, r9
+ adcs r9, r5, r10
+ adcs lr, r6, r11
+ add r11, r3, #8
+ adc r12, r2, r8
+ ldm r3, {r2, r6}
+ ldm r11, {r5, r8, r10, r11}
+ subs r2, r7, r2
+ sbcs r6, r1, r6
+ sbcs r5, r4, r5
+ sbcs r3, r9, r8
+ sbcs r8, lr, r10
+ sbc r10, r12, r11
+ asr r11, r10, #31
+ cmp r11, #0
+ movlt r2, r7
+ movlt r6, r1
+ movlt r5, r4
+ cmp r11, #0
+ movlt r3, r9
+ movlt r8, lr
+ movlt r10, r12
+ str r2, [r0]
+ str r6, [r0, #4]
+ str r5, [r0, #8]
+ str r3, [r0, #12]
+ str r8, [r0, #16]
+ str r10, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end90:
+ .size mcl_fp_addNF6L, .Lfunc_end90-mcl_fp_addNF6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub6L
+ .align 2
+ .type mcl_fp_sub6L,%function
+mcl_fp_sub6L: @ @mcl_fp_sub6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldr r9, [r2]
+ ldmib r2, {r8, r12, lr}
+ ldr r10, [r2, #16]
+ ldr r11, [r2, #20]
+ ldm r1, {r2, r4, r5, r6, r7}
+ ldr r1, [r1, #20]
+ subs r9, r2, r9
+ sbcs r2, r4, r8
+ str r9, [r0]
+ sbcs r12, r5, r12
+ sbcs lr, r6, lr
+ sbcs r4, r7, r10
+ stmib r0, {r2, r12, lr}
+ sbcs r5, r1, r11
+ mov r1, #0
+ str r4, [r0, #16]
+ sbc r1, r1, #0
+ str r5, [r0, #20]
+ tst r1, #1
+ popeq {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ moveq pc, lr
+ ldm r3, {r1, r6, r7, r8, r10}
+ ldr r3, [r3, #20]
+ adds r1, r1, r9
+ adcs r2, r6, r2
+ adcs r7, r7, r12
+ adcs r6, r8, lr
+ stm r0, {r1, r2, r7}
+ adcs r4, r10, r4
+ str r6, [r0, #12]
+ adc r3, r3, r5
+ str r4, [r0, #16]
+ str r3, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end91:
+ .size mcl_fp_sub6L, .Lfunc_end91-mcl_fp_sub6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF6L
+ .align 2
+ .type mcl_fp_subNF6L,%function
+mcl_fp_subNF6L: @ @mcl_fp_subNF6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ add r11, r2, #8
+ ldm r2, {r12, lr}
+ ldm r11, {r9, r10, r11}
+ ldr r7, [r1]
+ ldr r8, [r2, #20]
+ ldmib r1, {r2, r4, r5, r6}
+ ldr r1, [r1, #20]
+ subs r7, r7, r12
+ sbcs r2, r2, lr
+ sbcs r9, r4, r9
+ sbcs lr, r5, r10
+ ldr r5, [r3, #4]
+ sbcs r12, r6, r11
+ ldr r6, [r3]
+ add r11, r3, #8
+ sbc r1, r1, r8
+ ldm r11, {r4, r8, r10, r11}
+ adds r6, r7, r6
+ adcs r5, r2, r5
+ adcs r4, r9, r4
+ adcs r3, lr, r8
+ adcs r8, r12, r10
+ adc r10, r1, r11
+ asr r11, r1, #31
+ cmp r11, #0
+ movge r6, r7
+ movge r5, r2
+ movge r4, r9
+ cmp r11, #0
+ movge r3, lr
+ movge r8, r12
+ movge r10, r1
+ str r6, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ str r3, [r0, #12]
+ str r8, [r0, #16]
+ str r10, [r0, #20]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end92:
+ .size mcl_fp_subNF6L, .Lfunc_end92-mcl_fp_subNF6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add6L
+ .align 2
+ .type mcl_fpDbl_add6L,%function
+mcl_fpDbl_add6L: @ @mcl_fpDbl_add6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #32
+ sub sp, sp, #32
+ ldm r1, {r12, lr}
+ ldr r8, [r1, #8]
+ ldr r10, [r1, #12]
+ ldmib r2, {r6, r7}
+ ldr r5, [r2, #16]
+ ldr r11, [r2]
+ ldr r4, [r2, #12]
+ str r5, [sp] @ 4-byte Spill
+ ldr r5, [r2, #20]
+ adds r9, r11, r12
+ add r11, r1, #32
+ adcs r6, r6, lr
+ add lr, r1, #16
+ adcs r7, r7, r8
+ str r5, [sp, #4] @ 4-byte Spill
+ ldr r5, [r2, #24]
+ str r5, [sp, #16] @ 4-byte Spill
+ ldr r5, [r2, #28]
+ str r5, [sp, #28] @ 4-byte Spill
+ ldr r5, [r2, #32]
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [r2, #36]
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [r2, #40]
+ ldr r2, [r2, #44]
+ str r5, [sp, #20] @ 4-byte Spill
+ str r2, [sp, #24] @ 4-byte Spill
+ adcs r5, r4, r10
+ ldm r11, {r4, r8, r11}
+ ldr r10, [r1, #44]
+ ldm lr, {r1, r2, r12, lr}
+ str r9, [r0]
+ stmib r0, {r6, r7}
+ ldr r6, [sp] @ 4-byte Reload
+ str r5, [r0, #12]
+ ldr r5, [sp, #4] @ 4-byte Reload
+ ldr r7, [sp, #8] @ 4-byte Reload
+ adcs r1, r6, r1
+ adcs r2, r5, r2
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r5, [r3]
+ str r2, [r0, #20]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r1, r1, r12
+ adcs r2, r2, lr
+ adcs r12, r7, r4
+ ldr r7, [sp, #12] @ 4-byte Reload
+ mov r4, #0
+ adcs r9, r7, r8
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r8, r7, r11
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs lr, r7, r10
+ adc r7, r4, #0
+ ldmib r3, {r4, r6, r10, r11}
+ subs r5, r1, r5
+ ldr r3, [r3, #20]
+ sbcs r4, r2, r4
+ sbcs r6, r12, r6
+ sbcs r10, r9, r10
+ sbcs r11, r8, r11
+ sbcs r3, lr, r3
+ sbc r7, r7, #0
+ ands r7, r7, #1
+ movne r5, r1
+ movne r4, r2
+ movne r6, r12
+ cmp r7, #0
+ add r1, r0, #32
+ movne r10, r9
+ movne r11, r8
+ movne r3, lr
+ str r5, [r0, #24]
+ str r4, [r0, #28]
+ stm r1, {r6, r10, r11}
+ str r3, [r0, #44]
+ add sp, sp, #32
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end93:
+ .size mcl_fpDbl_add6L, .Lfunc_end93-mcl_fpDbl_add6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub6L
+ .align 2
+ .type mcl_fpDbl_sub6L,%function
+mcl_fpDbl_sub6L: @ @mcl_fpDbl_sub6L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldr r6, [r2, #8]
+ ldr r7, [r2, #32]
+ add r10, r1, #12
+ str r6, [sp] @ 4-byte Spill
+ ldr r6, [r2, #12]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [r2, #20]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r6, [sp, #12] @ 4-byte Spill
+ ldr r6, [r2, #24]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r1, #44]
+ str r6, [sp, #16] @ 4-byte Spill
+ ldr r6, [r2, #28]
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r2, #4]
+ ldr r2, [r2]
+ str r6, [sp, #20] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldm r1, {r11, r12, lr}
+ ldr r6, [sp] @ 4-byte Reload
+ subs r2, r11, r2
+ ldr r11, [r1, #40]
+ sbcs r7, r12, r7
+ ldr r12, [r1, #36]
+ ldr r1, [r1, #32]
+ sbcs lr, lr, r6
+ ldr r6, [sp, #4] @ 4-byte Reload
+ stm r0, {r2, r7, lr}
+ mov lr, #0
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbcs r4, r4, r6
+ str r4, [r0, #12]
+ sbcs r2, r5, r2
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r2, [r0, #16]
+ ldr r2, [sp, #12] @ 4-byte Reload
+ sbcs r2, r8, r2
+ str r2, [r0, #20]
+ ldr r2, [sp, #16] @ 4-byte Reload
+ sbcs r7, r9, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ sbcs r6, r10, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ sbcs r10, r12, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r9, r11, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r8, r5, r2
+ sbc r12, lr, #0
+ ldm r3, {r2, r4, r5, lr}
+ ldr r11, [r3, #16]
+ ldr r3, [r3, #20]
+ adds r2, r7, r2
+ adcs r4, r6, r4
+ adcs r5, r1, r5
+ adcs lr, r10, lr
+ adcs r11, r9, r11
+ adc r3, r8, r3
+ ands r12, r12, #1
+ moveq r2, r7
+ moveq r4, r6
+ moveq r5, r1
+ cmp r12, #0
+ moveq lr, r10
+ moveq r11, r9
+ moveq r3, r8
+ str r2, [r0, #24]
+ str r4, [r0, #28]
+ str r5, [r0, #32]
+ str lr, [r0, #36]
+ str r11, [r0, #40]
+ str r3, [r0, #44]
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end94:
+ .size mcl_fpDbl_sub6L, .Lfunc_end94-mcl_fpDbl_sub6L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre7L
+ .align 2
+ .type mcl_fp_mulUnitPre7L,%function
+mcl_fp_mulUnitPre7L: @ @mcl_fp_mulUnitPre7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r11, [r1, #12]
+ ldr r10, [r1, #16]
+ ldr r9, [r1, #20]
+ ldr r8, [r1, #24]
+ umull r7, r1, lr, r2
+ umull lr, r4, r12, r2
+ mov r5, r4
+ mov r6, r7
+ str lr, [r0]
+ umlal r5, r6, r3, r2
+ stmib r0, {r5, r6}
+ umull r6, r5, r3, r2
+ adds r3, r4, r6
+ umull r3, r6, r11, r2
+ adcs r7, r5, r7
+ adcs r1, r1, r3
+ str r1, [r0, #12]
+ umull r1, r3, r10, r2
+ adcs r1, r6, r1
+ str r1, [r0, #16]
+ umull r1, r7, r9, r2
+ adcs r1, r3, r1
+ str r1, [r0, #20]
+ umull r1, r3, r8, r2
+ adcs r1, r7, r1
+ str r1, [r0, #24]
+ adc r1, r3, #0
+ str r1, [r0, #28]
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end95:
+ .size mcl_fp_mulUnitPre7L, .Lfunc_end95-mcl_fp_mulUnitPre7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre7L
+ .align 2
+ .type mcl_fpDbl_mulPre7L,%function
+mcl_fpDbl_mulPre7L: @ @mcl_fpDbl_mulPre7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ mov r3, r2
+ ldr r7, [r1]
+ ldr lr, [r1, #4]
+ mov r9, r0
+ ldr r0, [r1, #8]
+ ldr r2, [r1, #12]
+ ldr r10, [r1, #16]
+ ldr r8, [r1, #20]
+ str r3, [sp, #64] @ 4-byte Spill
+ ldr r3, [r3]
+ str r9, [sp, #60] @ 4-byte Spill
+ str r7, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #56] @ 4-byte Spill
+ str r2, [sp, #44] @ 4-byte Spill
+ umull r5, r4, r7, r3
+ umull r6, r12, lr, r3
+ adds r6, r4, r6
+ str r5, [sp, #48] @ 4-byte Spill
+ umull r5, r6, r0, r3
+ adcs r7, r12, r5
+ umlal r4, r5, lr, r3
+ umull r7, r11, r2, r3
+ adcs r0, r6, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ umull r6, r0, r10, r3
+ adcs r2, r11, r6
+ umull r11, r7, r8, r3
+ ldr r6, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r2, [sp, #40] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ umull r11, r12, r0, r3
+ adcs r2, r7, r11
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r2, [r9]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ ldr r3, [r2, #4]
+ umull r11, r7, r6, r3
+ str r7, [sp, #32] @ 4-byte Spill
+ adc r7, r12, #0
+ str r7, [sp, #16] @ 4-byte Spill
+ adds r7, r11, r4
+ str r7, [sp, #48] @ 4-byte Spill
+ umull r4, r7, lr, r3
+ str r7, [sp, #28] @ 4-byte Spill
+ adcs r7, r4, r5
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [sp, #44] @ 4-byte Reload
+ umull r4, r5, r7, r3
+ ldr r7, [sp, #56] @ 4-byte Reload
+ str r5, [sp, #24] @ 4-byte Spill
+ umull r5, r6, r7, r3
+ ldr r7, [sp, #52] @ 4-byte Reload
+ str r6, [sp, #44] @ 4-byte Spill
+ ldr r6, [sp, #20] @ 4-byte Reload
+ adcs r11, r5, r7
+ ldr r7, [sp, #40] @ 4-byte Reload
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs lr, r4, r7
+ umull r9, r7, r10, r3
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r7, r9, r7
+ umull r4, r9, r8, r3
+ adcs r4, r4, r6
+ umull r6, r12, r0, r3
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r3, r6, r0
+ mov r0, #0
+ adc r6, r0, #0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adds r8, r5, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r5, r11, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ ldr lr, [r1, #12]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r7, r7, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r7, [sp, #24] @ 4-byte Spill
+ adcs r7, r4, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r4, [r1, #4]
+ adcs r3, r3, r9
+ ldr r9, [r1, #8]
+ str r7, [sp, #36] @ 4-byte Spill
+ str r3, [sp, #40] @ 4-byte Spill
+ adc r3, r6, r12
+ ldr r6, [r2, #8]
+ str r3, [sp, #44] @ 4-byte Spill
+ ldr r3, [sp, #48] @ 4-byte Reload
+ str r4, [sp, #52] @ 4-byte Spill
+ str r3, [r0, #4]
+ ldr r3, [r1]
+ umull r12, r7, r3, r6
+ str r3, [sp, #56] @ 4-byte Spill
+ str r7, [sp, #32] @ 4-byte Spill
+ adds r3, r12, r8
+ umull r7, r0, r4, r6
+ ldr r12, [r1, #24]
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r2, r7, r5
+ umull r7, r0, r9, r6
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r10, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ umull r5, r0, lr, r6
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ umull r11, r3, r0, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r1, #20]
+ adcs r11, r11, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ umull r8, r4, r3, r6
+ adcs r8, r8, r0
+ umull r7, r0, r12, r6
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r6, r7, r6
+ mov r7, #0
+ adc r7, r7, #0
+ adds r2, r2, r10
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r2, r5, r2
+ ldr r5, [sp, #4] @ 4-byte Reload
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r10, r5, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r11, r11, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r2, r8, r2
+ ldr r8, [sp, #56] @ 4-byte Reload
+ str r2, [sp, #28] @ 4-byte Spill
+ adcs r2, r6, r4
+ adc r0, r7, r0
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r2, [sp, #36] @ 4-byte Spill
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ str r0, [r7, #8]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r6, [r0, #12]
+ umull r2, r4, lr, r6
+ str r4, [sp, #48] @ 4-byte Spill
+ umull lr, r4, r9, r6
+ str r4, [sp, #44] @ 4-byte Spill
+ ldr r4, [sp, #52] @ 4-byte Reload
+ umull r9, r5, r4, r6
+ str r5, [sp, #32] @ 4-byte Spill
+ umull r4, r5, r8, r6
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [sp] @ 4-byte Reload
+ adds r4, r4, r5
+ umull r5, r8, r3, r6
+ str r4, [sp, #56] @ 4-byte Spill
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adcs r9, r9, r4
+ adcs lr, lr, r10
+ adcs r11, r2, r11
+ ldr r2, [sp, #24] @ 4-byte Reload
+ umull r4, r10, r2, r6
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r4, r4, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r3, r5, r2
+ umull r5, r2, r12, r6
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adcs r12, r5, r6
+ ldr r6, [sp, #52] @ 4-byte Reload
+ mov r5, #0
+ adc r5, r5, #0
+ adds r9, r9, r6
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs lr, lr, r6
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r6, r11, r6
+ ldr r11, [r1, #8]
+ str r6, [sp, #20] @ 4-byte Spill
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r4, r4, r6
+ adcs r3, r3, r10
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r1, #12]
+ adcs r12, r12, r8
+ str r3, [sp, #40] @ 4-byte Spill
+ adc r2, r5, r2
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r2, [r7, #12]
+ ldr r7, [r0, #16]
+ ldr r0, [r1]
+ ldr r2, [r1, #4]
+ umull r8, r3, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ str r2, [sp, #52] @ 4-byte Spill
+ adds r0, r8, r9
+ str r3, [sp, #36] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ umull r6, r0, r2, r7
+ ldr r2, [r1, #24]
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r6, lr
+ ldr lr, [r1, #16]
+ str r0, [sp, #16] @ 4-byte Spill
+ umull r6, r0, r11, r7
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r6, r0
+ mov r6, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ umull r3, r0, r4, r7
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [r1, #20]
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r10, r0, lr, r7
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ umull r9, r5, r3, r7
+ adcs r10, r10, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r9, r9, r12
+ umull r8, r12, r2, r7
+ adcs r7, r8, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r8, r6, #0
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adds r0, r6, r0
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r10, r10, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r7, r5
+ ldr r7, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r8, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ str r7, [r0, #16]
+ ldr r7, [sp, #64] @ 4-byte Reload
+ ldr r7, [r7, #20]
+ umull r8, r6, r4, r7
+ str r6, [sp, #48] @ 4-byte Spill
+ umull r4, r6, r11, r7
+ str r6, [sp, #40] @ 4-byte Spill
+ ldr r6, [sp, #52] @ 4-byte Reload
+ umull r11, r5, r6, r7
+ ldr r6, [sp, #56] @ 4-byte Reload
+ str r5, [sp, #28] @ 4-byte Spill
+ umull r5, r9, r6, r7
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adds r6, r5, r6
+ str r6, [sp, #44] @ 4-byte Spill
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r11, r11, r6
+ ldr r6, [sp, #12] @ 4-byte Reload
+ adcs r12, r4, r6
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adcs r10, r8, r10
+ umull r5, r8, lr, r7
+ umull r4, lr, r3, r7
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r5, r5, r6
+ adcs r3, r4, r3
+ umull r4, r6, r2, r7
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r2, r4, r2
+ mov r4, #0
+ adc r4, r4, #0
+ adds r7, r11, r9
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r7, r12, r7
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [sp, #40] @ 4-byte Reload
+ adcs r9, r10, r7
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r11, r5, r7
+ adcs r3, r3, r8
+ adcs r2, r2, lr
+ str r3, [sp, #40] @ 4-byte Spill
+ str r2, [sp, #52] @ 4-byte Spill
+ adc r2, r4, r6
+ ldr r6, [r1]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r4, [r0, #24]
+ ldmib r1, {r0, r3, r5}
+ umull r12, r2, r5, r4
+ str r2, [sp, #64] @ 4-byte Spill
+ umull r5, r2, r3, r4
+ umull r3, r10, r0, r4
+ umull r0, r8, r6, r4
+ ldr r6, [r1, #16]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adds r0, r0, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs lr, r3, r0
+ adcs r9, r5, r9
+ adcs r11, r12, r11
+ umull r0, r12, r6, r4
+ ldr r6, [r1, #20]
+ ldr r1, [r1, #24]
+ adcs r0, r0, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ umull r3, r5, r6, r4
+ umull r6, r7, r1, r4
+ ldr r1, [sp, #56] @ 4-byte Reload
+ mov r4, #0
+ adcs r3, r3, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r1, r6, r1
+ adc r4, r4, #0
+ adds r6, lr, r8
+ adcs lr, r9, r10
+ adcs r8, r11, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ adcs r3, r3, r12
+ adcs r1, r1, r5
+ ldr r5, [sp, #48] @ 4-byte Reload
+ adc r7, r4, r7
+ add r12, r2, #24
+ stm r12, {r5, r6, lr}
+ str r8, [r2, #36]
+ str r0, [r2, #40]
+ str r3, [r2, #44]
+ str r1, [r2, #48]
+ str r7, [r2, #52]
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end96:
+ .size mcl_fpDbl_mulPre7L, .Lfunc_end96-mcl_fpDbl_mulPre7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre7L
+ .align 2
+ .type mcl_fpDbl_sqrPre7L,%function
+mcl_fpDbl_sqrPre7L: @ @mcl_fpDbl_sqrPre7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ ldr r9, [r1, #20]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r1, {r2, r3}
+ ldr r0, [r1, #8]
+ ldr r11, [r1, #12]
+ umull r6, r7, r2, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ umull r5, r4, r0, r2
+ umull r12, r0, r3, r2
+ umull r8, r10, r11, r2
+ adds lr, r7, r12
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #52] @ 4-byte Spill
+ adcs r6, r0, r5
+ umlal r7, r5, r3, r2
+ adcs r0, r4, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ umull r4, r6, r0, r2
+ adcs r4, r10, r4
+ mov r10, r9
+ str r4, [sp, #40] @ 4-byte Spill
+ umull r4, r8, r10, r2
+ adcs r6, r6, r4
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [r1, #24]
+ umull lr, r9, r6, r2
+ adcs r4, r8, lr
+ str r4, [sp, #20] @ 4-byte Spill
+ adc r4, r9, #0
+ adds r2, r12, r7
+ ldr r12, [sp, #56] @ 4-byte Reload
+ str r2, [sp, #36] @ 4-byte Spill
+ umull r2, r7, r3, r3
+ adcs r2, r2, r5
+ str r7, [sp, #16] @ 4-byte Spill
+ umull r5, r8, r11, r3
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r2, [r12]
+ umull lr, r2, r6, r3
+ str r2, [sp, #32] @ 4-byte Spill
+ umull r6, r2, r10, r3
+ str r2, [sp, #24] @ 4-byte Spill
+ umull r2, r10, r0, r3
+ ldr r0, [sp, #48] @ 4-byte Reload
+ umull r7, r9, r0, r3
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r3, r7, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r5, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ mov r5, #0
+ adcs r2, r2, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r6, r6, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs lr, lr, r4
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r11, r4, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ ldr r4, [r1, #4]
+ adcs r3, r3, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r4, [sp, #44] @ 4-byte Spill
+ adcs r7, r7, r9
+ adcs r9, r2, r8
+ ldr r2, [r1, #12]
+ str r0, [r12, #4]
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r12, r6, r10
+ adcs r10, lr, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr lr, [r1, #8]
+ adc r0, r5, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1]
+ umull r8, r5, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ adds r0, r8, r11
+ str r5, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #52] @ 4-byte Spill
+ umull r5, r0, r4, lr
+ ldr r4, [r1, #16]
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r5, r3
+ str r0, [sp, #20] @ 4-byte Spill
+ umull r3, r0, lr, lr
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r3, r7
+ ldr r3, [r1, #20]
+ ldr r7, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ umull r0, r5, r2, lr
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r0, r0, r9
+ ldr r9, [sp, #20] @ 4-byte Reload
+ str r5, [sp, #36] @ 4-byte Spill
+ str r0, [sp, #4] @ 4-byte Spill
+ umull r11, r0, r4, lr
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r8, r0, r3, lr
+ adcs r11, r11, r12
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ adcs r8, r8, r10
+ umull r10, r12, r0, lr
+ adcs lr, r10, r7
+ mov r7, #0
+ adc r10, r7, #0
+ ldr r7, [sp, #32] @ 4-byte Reload
+ adds r6, r9, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r6, [sp, #20] @ 4-byte Spill
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ str r6, [sp, #16] @ 4-byte Spill
+ ldr r6, [sp, #4] @ 4-byte Reload
+ adcs r6, r6, r7
+ adcs r11, r11, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r5, r8, r5
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [sp] @ 4-byte Reload
+ adcs r7, lr, r5
+ str r7, [sp, #4] @ 4-byte Spill
+ adc r7, r10, r12
+ ldr r10, [sp, #48] @ 4-byte Reload
+ str r7, [sp] @ 4-byte Spill
+ umull r9, r7, r0, r2
+ umull r5, r0, r3, r2
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r3, r0, r4, r2
+ str r0, [sp, #28] @ 4-byte Spill
+ umull r4, r0, r2, r2
+ str r0, [sp, #24] @ 4-byte Spill
+ umull r8, lr, r10, r2
+ umull r0, r12, r7, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ mov r7, #0
+ adds r8, r8, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ adcs r6, r2, r6
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r4, r4, r11
+ adcs r3, r3, r2
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r5, r5, r2
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r2, r9, r2
+ adc r9, r7, #0
+ adds r0, r0, lr
+ adcs r7, r6, r12
+ ldr r6, [sp, #36] @ 4-byte Reload
+ adcs r4, r4, r6
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adcs r11, r3, r6
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r12, r5, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ ldr r5, [r1, #12]
+ adcs r10, r2, r3
+ ldr r2, [sp, #40] @ 4-byte Reload
+ ldr r3, [sp, #56] @ 4-byte Reload
+ adc r2, r9, r2
+ ldr r9, [r1, #4]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r9, [sp, #16] @ 4-byte Spill
+ str r2, [r3, #8]
+ str r8, [r3, #12]
+ ldr r2, [r1]
+ ldr r3, [r1, #16]
+ ldr r8, [r1, #8]
+ umull lr, r6, r2, r3
+ str r2, [sp, #48] @ 4-byte Spill
+ str r8, [sp, #4] @ 4-byte Spill
+ adds r0, lr, r0
+ ldr lr, [r1, #24]
+ str r6, [sp, #36] @ 4-byte Spill
+ str r0, [sp, #52] @ 4-byte Spill
+ umull r0, r2, r9, r3
+ adcs r0, r0, r7
+ str r2, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ umull r7, r0, r8, r3
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r7, r4
+ ldr r9, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r7, r0, r5, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r7, r11
+ mov r7, #0
+ str r0, [sp] @ 4-byte Spill
+ umull r11, r0, r3, r3
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ adcs r11, r11, r12
+ umull r12, r2, r0, r3
+ adcs r4, r12, r10
+ umull r10, r8, lr, r3
+ ldr r3, [sp, #44] @ 4-byte Reload
+ str r2, [sp, #40] @ 4-byte Spill
+ adcs r3, r10, r3
+ adc r10, r7, #0
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adds r6, r9, r7
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r6, [sp, #36] @ 4-byte Spill
+ ldr r6, [sp, #8] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r6, [sp, #20] @ 4-byte Spill
+ ldr r6, [sp] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ str r6, [sp, #8] @ 4-byte Spill
+ adcs r11, r11, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r4, r4, r7
+ adcs r2, r3, r2
+ ldr r3, [sp, #4] @ 4-byte Reload
+ str r2, [sp, #24] @ 4-byte Spill
+ umull r6, r2, r5, r0
+ adc r10, r10, r8
+ str r2, [sp, #44] @ 4-byte Spill
+ umull r5, r2, r3, r0
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #16] @ 4-byte Reload
+ umull r8, r3, r2, r0
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r3, [sp, #28] @ 4-byte Spill
+ umull r3, r9, r2, r0
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adds r2, r3, r2
+ ldr r3, [sp, #24] @ 4-byte Reload
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r7, r8, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r5, r5, r2
+ adcs r6, r6, r11
+ adcs r2, r12, r4
+ umull r4, r8, r0, r0
+ adcs r4, r4, r3
+ umull r3, r11, lr, r0
+ adcs r0, r3, r10
+ mov r3, #0
+ adc r3, r3, #0
+ adds r7, r7, r9
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r9, r5, r7
+ ldr r5, [sp, #32] @ 4-byte Reload
+ adcs r6, r6, r5
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r10, r2, r6
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r12, r4, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ adc r0, r3, r11
+ ldr r3, [r1, #24]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r0, [r2, #16]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r0, [r2, #20]
+ ldm r1, {r0, r4}
+ ldr r5, [r1, #12]
+ ldr r2, [r1, #8]
+ umull lr, r6, r5, r3
+ umull r5, r11, r2, r3
+ umull r2, r8, r4, r3
+ str r6, [sp, #52] @ 4-byte Spill
+ umull r4, r6, r0, r3
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adds r0, r4, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r9, r2, r9
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r4, r5, r0
+ ldr r0, [r1, #16]
+ ldr r1, [r1, #20]
+ adcs r10, lr, r10
+ umull r7, lr, r0, r3
+ adcs r0, r7, r12
+ umull r7, r12, r1, r3
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r7, r1
+ umull r7, r5, r3, r3
+ ldr r3, [sp, #48] @ 4-byte Reload
+ adcs r3, r7, r3
+ mov r7, #0
+ adc r7, r7, #0
+ adds r6, r9, r6
+ adcs r4, r4, r8
+ adcs r8, r10, r11
+ adcs r0, r0, r2
+ adcs r1, r1, lr
+ adcs r2, r3, r12
+ adc r3, r7, r5
+ ldr r7, [sp, #56] @ 4-byte Reload
+ ldr r5, [sp, #40] @ 4-byte Reload
+ add r12, r7, #40
+ str r5, [r7, #24]
+ str r6, [r7, #28]
+ str r4, [r7, #32]
+ str r8, [r7, #36]
+ stm r12, {r0, r1, r2, r3}
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end97:
+ .size mcl_fpDbl_sqrPre7L, .Lfunc_end97-mcl_fpDbl_sqrPre7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont7L
+ .align 2
+ .type mcl_fp_mont7L,%function
+mcl_fp_mont7L: @ @mcl_fp_mont7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #124
+ sub sp, sp, #124
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, r2
+ str r2, [sp, #60] @ 4-byte Spill
+ ldm r0, {r2, lr}
+ ldr r7, [r0, #8]
+ ldr r0, [r0, #12]
+ ldr r5, [r3, #-4]
+ ldr r6, [r3, #8]
+ ldr r9, [r3, #4]
+ ldr r11, [r1, #8]
+ ldr r12, [r1, #12]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #4]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1]
+ str r5, [sp, #80] @ 4-byte Spill
+ str r6, [sp, #116] @ 4-byte Spill
+ str r9, [sp, #108] @ 4-byte Spill
+ str r11, [sp, #104] @ 4-byte Spill
+ str r12, [sp, #72] @ 4-byte Spill
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r3]
+ umull r4, r8, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ mul r0, r4, r5
+ str r4, [sp, #44] @ 4-byte Spill
+ umull r10, r4, r0, r6
+ str r4, [sp, #32] @ 4-byte Spill
+ str r10, [sp, #8] @ 4-byte Spill
+ umull r4, r5, r0, r7
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ mov r4, r5
+ str r5, [sp, #4] @ 4-byte Spill
+ umlal r4, r10, r0, r9
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r1, #24]
+ umull r6, r5, r4, r2
+ str r4, [sp, #88] @ 4-byte Spill
+ ldr r4, [r1, #20]
+ ldr r1, [r1, #16]
+ str r6, [sp, #96] @ 4-byte Spill
+ str r5, [sp, #120] @ 4-byte Spill
+ umull r6, r5, r4, r2
+ str r4, [sp, #64] @ 4-byte Spill
+ umull r9, r4, r1, r2
+ str r1, [sp, #100] @ 4-byte Spill
+ str r6, [sp, #76] @ 4-byte Spill
+ str r5, [sp, #92] @ 4-byte Spill
+ str r4, [sp, #20] @ 4-byte Spill
+ umull r6, r5, r12, r2
+ umull r12, r4, r11, r2
+ umull r11, r1, r7, r2
+ adds r7, r8, r11
+ adcs r7, r1, r12
+ adcs r1, r4, r6
+ ldr r4, [sp, #20] @ 4-byte Reload
+ ldr r6, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ adcs r1, r5, r9
+ ldr r5, [r3, #12]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r5, [sp, #76] @ 4-byte Spill
+ adcs r1, r4, r1
+ ldr r4, [sp, #92] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #120] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ umull r9, r4, r0, r1
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r3, #20]
+ umull r3, r7, r0, r6
+ ldr r6, [sp, #4] @ 4-byte Reload
+ str r1, [sp, #120] @ 4-byte Spill
+ adds r3, r6, r3
+ str r4, [sp, #92] @ 4-byte Spill
+ umull r3, r6, r0, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r7, r7, r5
+ ldr r5, [sp, #32] @ 4-byte Reload
+ adcs r11, r5, r3
+ umull r7, r5, r0, r1
+ adcs r1, r6, r7
+ umull r7, r3, r0, r4
+ ldr r4, [sp] @ 4-byte Reload
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adcs r0, r5, r7
+ ldr r5, [sp, #68] @ 4-byte Reload
+ adcs r3, r3, r9
+ adc r7, r4, #0
+ mov r4, #0
+ umlal r8, r12, r5, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adds r2, r6, r2
+ mov r6, r5
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, r8
+ str r2, [sp, #44] @ 4-byte Spill
+ adcs r2, r10, r12
+ ldr r10, [sp, #84] @ 4-byte Reload
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r2, r11, r2
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r3, r0
+ umull r2, r3, lr, r5
+ ldr r5, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r0, r4, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r12, r9, lr, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ umull r8, r4, lr, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r1, r7, lr, r0
+ umull r11, r0, lr, r10
+ adds r2, r0, r2
+ adcs r2, r3, r1
+ umlal r0, r1, lr, r6
+ ldr r6, [sp, #40] @ 4-byte Reload
+ umull r2, r3, lr, r5
+ adcs r2, r7, r2
+ adcs r10, r3, r8
+ ldr r8, [sp, #64] @ 4-byte Reload
+ umull r7, r3, lr, r8
+ adcs r4, r4, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r3, r3, r12
+ adc r5, r9, #0
+ adds r7, r7, r11
+ adcs r0, r6, r0
+ ldr r6, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ mul r0, r7, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ umull lr, r12, r0, r6
+ umull r3, r4, r0, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ mov r2, r3
+ umull r9, r5, r0, r1
+ mov r1, r5
+ adds r5, r5, lr
+ umlal r1, r2, r0, r6
+ ldr r6, [sp, #120] @ 4-byte Reload
+ adcs r3, r12, r3
+ umull r5, lr, r0, r6
+ ldr r6, [sp, #76] @ 4-byte Reload
+ umull r3, r12, r0, r6
+ ldr r6, [sp, #92] @ 4-byte Reload
+ adcs r3, r4, r3
+ adcs r12, r12, r5
+ umull r4, r5, r0, r6
+ adcs lr, lr, r4
+ umull r6, r4, r0, r10
+ adcs r0, r5, r6
+ adc r4, r4, #0
+ adds r5, r9, r7
+ ldr r9, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r3, r1
+ ldr r3, [sp, #68] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r12, r1
+ ldr r12, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, lr, r1
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ umull r2, r1, r12, r0
+ umull r10, r0, r12, r8
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #8] @ 4-byte Spill
+ str r1, [sp, #12] @ 4-byte Spill
+ umull r2, lr, r12, r3
+ umull r7, r8, r12, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ umull r5, r6, r12, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r1, r4, r12, r0
+ umull r11, r0, r12, r9
+ adds r2, r0, r2
+ str r11, [sp] @ 4-byte Spill
+ adcs r2, lr, r1
+ umlal r0, r1, r12, r3
+ adcs lr, r4, r5
+ ldmib sp, {r4, r5}
+ ldr r3, [sp, #44] @ 4-byte Reload
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r7, r6, r7
+ adcs r6, r8, r10
+ adcs r4, r4, r5
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r9, r3, r2
+ ldr r3, [sp, #40] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ mul r0, r9, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ umull r3, r2, r0, r1
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [sp, #112] @ 4-byte Reload
+ umull r7, r1, r0, r2
+ mov r2, r3
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #96] @ 4-byte Reload
+ mov r5, r1
+ umlal r5, r2, r0, r6
+ umull r10, r4, r0, r7
+ ldr r7, [sp, #92] @ 4-byte Reload
+ str r4, [sp, #8] @ 4-byte Spill
+ umull r12, r8, r0, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ umull lr, r4, r0, r7
+ umull r11, r7, r0, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ adds r1, r1, r11
+ ldr r11, [sp, #76] @ 4-byte Reload
+ adcs r1, r7, r3
+ umull r1, r3, r0, r11
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ adcs r1, r3, lr
+ adcs r3, r4, r12
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adcs r7, r8, r10
+ ldr r10, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #64] @ 4-byte Reload
+ adc r6, r6, #0
+ adds r4, r4, r9
+ ldr r9, [sp, #72] @ 4-byte Reload
+ ldr r4, [sp, #48] @ 4-byte Reload
+ adcs r5, r5, r4
+ str r5, [sp, #48] @ 4-byte Spill
+ ldr r5, [sp, #44] @ 4-byte Reload
+ adcs r2, r2, r5
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ umull r4, r5, r10, r7
+ adcs r0, r6, r0
+ str r4, [sp, #16] @ 4-byte Spill
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ umull r1, r6, r10, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ umull r2, r3, r10, r0
+ adds r2, r5, r2
+ adcs r2, r3, r1
+ umull r2, r3, r10, r9
+ adcs r7, r6, r2
+ ldr r6, [sp, #100] @ 4-byte Reload
+ umull r2, r12, r10, r6
+ adcs r6, r3, r2
+ umull r3, lr, r10, r8
+ mov r2, r10
+ ldr r10, [sp, #88] @ 4-byte Reload
+ adcs r4, r12, r3
+ umlal r5, r1, r2, r0
+ umull r3, r12, r2, r10
+ mov r10, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r3, lr, r3
+ adc r12, r12, #0
+ adds lr, r0, r2
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ mul r0, lr, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ umull r5, r12, r0, r7
+ umull r3, r6, r0, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ umull r2, r4, r0, r1
+ str r2, [sp, #20] @ 4-byte Spill
+ mov r1, r4
+ mov r2, r3
+ adds r4, r4, r5
+ umlal r1, r2, r0, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ adcs r3, r12, r3
+ umull r3, r12, r0, r11
+ adcs r11, r6, r3
+ ldr r3, [sp, #92] @ 4-byte Reload
+ umull r4, r5, r0, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r12, r12, r4
+ umull r4, r6, r0, r3
+ adcs r4, r5, r4
+ umull r5, r3, r0, r7
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r0, r6, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ adc r3, r3, #0
+ adds r6, r5, lr
+ adcs r1, r1, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r11, r1
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r0, [r0, #16]
+ umull lr, r6, r0, r8
+ umull r5, r3, r0, r10
+ umull r8, r2, r0, r1
+ umull r12, r4, r0, r9
+ adds r5, r2, r5
+ umull r1, r5, r0, r7
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adcs r3, r3, r1
+ umlal r2, r1, r0, r10
+ adcs r9, r5, r12
+ umull r5, r3, r0, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ adcs r12, r4, r5
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs lr, r3, lr
+ umull r5, r3, r0, r4
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r5, r6, r5
+ adc r3, r3, #0
+ adds r4, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r11, r12
+ ldr r11, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mul r1, r4, r11
+ adcs r0, r0, lr
+ umull lr, r12, r1, r7
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ umull r2, r6, r1, r0
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mov r3, r2
+ umull r8, r5, r1, r0
+ mov r0, r5
+ adds r5, r5, lr
+ umlal r0, r3, r1, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ adcs r2, r12, r2
+ umull r5, lr, r1, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ umull r2, r12, r1, r7
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r9, r6, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ adcs r12, r12, r5
+ umull r5, r6, r1, r7
+ adcs lr, lr, r5
+ umull r7, r5, r1, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r1, r6, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ adc r5, r5, #0
+ adds r4, r8, r4
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r12, r0
+ mov r12, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r0, [r0, #20]
+ umull lr, r8, r0, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ umull r6, r3, r0, r12
+ umull r4, r5, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ umull r10, r2, r0, r1
+ adds r6, r2, r6
+ umull r1, r6, r0, r7
+ ldr r7, [sp, #88] @ 4-byte Reload
+ adcs r3, r3, r1
+ umlal r2, r1, r0, r12
+ ldr r3, [sp, #100] @ 4-byte Reload
+ adcs r9, r6, r4
+ umull r4, r6, r0, r3
+ adcs r4, r5, r4
+ adcs r3, r6, lr
+ umull r5, r6, r0, r7
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r7, [sp, #108] @ 4-byte Reload
+ adcs r5, r8, r5
+ adc r6, r6, #0
+ adds lr, r0, r10
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r0, r2
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ mul r1, lr, r11
+ ldr r11, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r6
+ umull r6, r12, r1, r7
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ umull r3, r4, r1, r0
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mov r2, r3
+ umull r8, r5, r1, r0
+ mov r0, r5
+ adds r5, r5, r6
+ umlal r0, r2, r1, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ adcs r3, r12, r3
+ umull r5, r6, r1, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ umull r3, r12, r1, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r9, r4, r3
+ ldr r3, [sp, #92] @ 4-byte Reload
+ adcs r12, r12, r5
+ umull r4, r5, r1, r3
+ adcs r4, r6, r4
+ umull r6, r3, r1, r7
+ adcs r1, r5, r6
+ adc r3, r3, #0
+ adds r6, r8, lr
+ adcs r0, r0, r10
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ ldr r12, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r0, [r0, #24]
+ umull r3, r2, r0, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r2, [sp, #60] @ 4-byte Spill
+ str r3, [sp, #20] @ 4-byte Spill
+ umull r3, lr, r0, r12
+ umull r9, r2, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #88] @ 4-byte Spill
+ umull r7, r8, r0, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ umull r5, r6, r0, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ umull r2, r4, r0, r1
+ umull r10, r1, r0, r11
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r3, r1, r3
+ str r10, [sp, #104] @ 4-byte Spill
+ ldr r10, [sp, #96] @ 4-byte Reload
+ adcs r3, lr, r2
+ umlal r1, r2, r0, r12
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs lr, r4, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ ldr r3, [sp, #88] @ 4-byte Reload
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r6, r6, r7
+ adcs r7, r8, r9
+ ldr r8, [sp, #108] @ 4-byte Reload
+ adcs r5, r3, r5
+ ldr r3, [sp, #104] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r9, r0, r3
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ ldr lr, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r1, r9, r0
+ ldr r0, [sp, #112] @ 4-byte Reload
+ umull r2, r3, r1, r8
+ umull r4, r5, r1, r0
+ adds r2, r5, r2
+ umull r0, r2, r1, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ adcs r3, r3, r0
+ umull r3, r12, r1, lr
+ adcs r6, r2, r3
+ umull r3, r2, r1, r7
+ adcs r12, r12, r3
+ umull r7, r3, r1, r11
+ adcs r2, r2, r7
+ str r2, [sp, #80] @ 4-byte Spill
+ umull r7, r2, r1, r10
+ adcs r3, r3, r7
+ mov r7, r8
+ umlal r5, r0, r1, r7
+ adc r1, r2, #0
+ adds r2, r4, r9
+ ldr r2, [sp, #104] @ 4-byte Reload
+ adcs r8, r5, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ ldr r5, [sp, #116] @ 4-byte Reload
+ adcs r9, r0, r2
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #80] @ 4-byte Reload
+ adcs r4, r6, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r4, [sp, #88] @ 4-byte Spill
+ adcs r6, r12, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r6, [sp, #100] @ 4-byte Spill
+ adcs r12, r2, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r2, r3, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r2, [sp, #104] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ subs r1, r8, r1
+ sbcs r3, r9, r7
+ ldr r7, [sp, #120] @ 4-byte Reload
+ sbcs r5, r4, r5
+ sbcs r6, r6, lr
+ sbcs r4, r12, r7
+ sbcs r11, r2, r11
+ ldr r2, [sp, #84] @ 4-byte Reload
+ sbcs lr, r0, r10
+ sbc r7, r2, #0
+ ldr r2, [sp, #56] @ 4-byte Reload
+ ands r7, r7, #1
+ movne r1, r8
+ movne r3, r9
+ str r1, [r2]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r3, [r2, #4]
+ movne r5, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ cmp r7, #0
+ movne r4, r12
+ str r5, [r2, #8]
+ movne r6, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r6, [r2, #12]
+ str r4, [r2, #16]
+ movne r11, r1
+ cmp r7, #0
+ movne lr, r0
+ str r11, [r2, #20]
+ str lr, [r2, #24]
+ add sp, sp, #124
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end98:
+ .size mcl_fp_mont7L, .Lfunc_end98-mcl_fp_mont7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF7L
+ .align 2
+ .type mcl_fp_montNF7L,%function
+mcl_fp_montNF7L: @ @mcl_fp_montNF7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #104
+ sub sp, sp, #104
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, r2
+ str r2, [sp, #40] @ 4-byte Spill
+ ldm r0, {r4, r12}
+ ldr r6, [r1, #4]
+ ldr r2, [r0, #8]
+ ldr r7, [r1]
+ ldr r0, [r0, #12]
+ ldr r5, [r1, #8]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ umull r9, r8, r6, r4
+ umull lr, r10, r7, r4
+ str r6, [sp, #52] @ 4-byte Spill
+ mov r11, r6
+ str r7, [sp, #96] @ 4-byte Spill
+ str r5, [sp, #80] @ 4-byte Spill
+ str r2, [sp] @ 4-byte Spill
+ adds r6, r10, r9
+ umull r6, r9, r5, r4
+ ldr r5, [r1, #20]
+ adcs r7, r8, r6
+ umlal r10, r6, r11, r4
+ umull r7, r8, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r9, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ str r5, [sp, #44] @ 4-byte Spill
+ umull r7, r9, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ adcs r0, r8, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ umull r7, r0, r5, r4
+ adcs r5, r9, r7
+ ldr r7, [r3, #4]
+ str r5, [sp, #76] @ 4-byte Spill
+ ldr r5, [r1, #24]
+ str r7, [sp, #72] @ 4-byte Spill
+ umull r1, r9, r5, r4
+ str r5, [sp, #68] @ 4-byte Spill
+ ldr r5, [r3]
+ adcs r0, r0, r1
+ ldr r1, [r3, #-4]
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r9, #0
+ ldr r9, [r3, #8]
+ str r0, [sp, #24] @ 4-byte Spill
+ str r5, [sp, #56] @ 4-byte Spill
+ mul r0, lr, r1
+ str r1, [sp, #60] @ 4-byte Spill
+ umull r1, r2, r0, r5
+ str r9, [sp, #100] @ 4-byte Spill
+ adds r1, r1, lr
+ str r2, [sp, #20] @ 4-byte Spill
+ umull r1, lr, r0, r7
+ adcs r11, r1, r10
+ umull r5, r1, r0, r9
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [r3, #12]
+ adcs r9, r5, r6
+ str r1, [sp, #92] @ 4-byte Spill
+ umull r5, r10, r0, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r7, r5, r1
+ ldr r1, [r3, #16]
+ str r1, [sp, #88] @ 4-byte Spill
+ umull r5, r8, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r4, r5, r1
+ ldr r1, [r3, #20]
+ str r1, [sp, #84] @ 4-byte Spill
+ umull r5, r6, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r5, r5, r1
+ ldr r1, [r3, #24]
+ umull r3, r2, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r0, r3, r0
+ adc r3, r1, #0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adds r11, r11, r1
+ adcs r1, r9, lr
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r1, r7, r1
+ ldr r7, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ adcs r1, r4, r10
+ str r1, [sp, #20] @ 4-byte Spill
+ adcs r1, r5, r8
+ ldr r5, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ adc r0, r3, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ umull r9, r0, r12, r1
+ umull r3, r4, r12, r2
+ adds r3, r0, r3
+ umull r1, r3, r12, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r4, r4, r1
+ umlal r0, r1, r12, r2
+ umull r4, r6, r12, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r10, r3, r4
+ umull r4, r3, r12, r5
+ adcs r8, r6, r4
+ umull r6, r4, r12, r7
+ ldr r7, [sp, #68] @ 4-byte Reload
+ adcs r5, r3, r6
+ umull r6, r3, r12, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r4, r4, r6
+ adc r2, r3, #0
+ adds r3, r9, r11
+ adcs r0, r0, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r6, r10, r7
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r11, r8, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ ldr r8, [sp, #72] @ 4-byte Reload
+ adcs r7, r5, r7
+ ldr r5, [sp, #8] @ 4-byte Reload
+ str r7, [sp, #16] @ 4-byte Spill
+ adcs r7, r4, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adc r2, r2, #0
+ str r7, [sp, #20] @ 4-byte Spill
+ str r2, [sp, #28] @ 4-byte Spill
+ mul r2, r3, r5
+ ldr r5, [sp, #56] @ 4-byte Reload
+ umull r4, r7, r2, r5
+ adds r3, r4, r3
+ str r7, [sp, #24] @ 4-byte Spill
+ umull r3, r7, r2, r8
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs lr, r3, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r7, [sp, #12] @ 4-byte Spill
+ umull r3, r7, r2, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r12, r3, r1
+ str r7, [sp, #8] @ 4-byte Spill
+ umull r3, r10, r2, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r3, r3, r6
+ umull r6, r9, r2, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r5, r6, r11
+ ldr r11, [sp, #76] @ 4-byte Reload
+ umull r6, r1, r2, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r6, r6, r0
+ umull r7, r0, r2, r11
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r2, r7, r2
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adc r7, r7, #0
+ adds r4, lr, r4
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [sp, #12] @ 4-byte Reload
+ adcs r4, r12, r4
+ ldr r12, [sp, #52] @ 4-byte Reload
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ str r3, [sp, #20] @ 4-byte Spill
+ adcs r3, r5, r10
+ ldr r5, [sp, #48] @ 4-byte Reload
+ str r3, [sp, #16] @ 4-byte Spill
+ adcs r3, r6, r9
+ ldr r9, [sp, #68] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [sp, #80] @ 4-byte Reload
+ adc r0, r7, r0
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp] @ 4-byte Reload
+ umull r2, r6, r0, r12
+ umull r11, lr, r0, r1
+ adds r2, lr, r2
+ umull r1, r2, r0, r3
+ adcs r6, r6, r1
+ umlal lr, r1, r0, r12
+ umull r6, r3, r0, r5
+ adcs r5, r2, r6
+ umull r6, r2, r0, r4
+ adcs r10, r3, r6
+ umull r6, r3, r0, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r4, r2, r6
+ umull r6, r2, r0, r9
+ ldr r9, [sp, #56] @ 4-byte Reload
+ adcs r3, r3, r6
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adc r2, r2, #0
+ adds r7, r11, r7
+ adcs r0, lr, r6
+ ldr r6, [sp, #20] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r6, r5, r6
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r11, r10, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r10, r4, r5
+ ldr r5, [sp, #4] @ 4-byte Reload
+ ldr r4, [sp, #92] @ 4-byte Reload
+ adcs r3, r3, r5
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [sp, #60] @ 4-byte Reload
+ adc r2, r2, #0
+ str r2, [sp, #24] @ 4-byte Spill
+ mul r2, r7, r3
+ umull r3, r5, r2, r9
+ adds r3, r3, r7
+ str r5, [sp, #20] @ 4-byte Spill
+ umull r3, r7, r2, r8
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adcs r8, r3, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ umull r3, lr, r2, r7
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adcs r1, r3, r1
+ umull r3, r12, r2, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r3, r3, r6
+ umull r6, r5, r2, r4
+ adcs r6, r6, r11
+ umull r4, r11, r2, r7
+ adcs r4, r4, r10
+ umull r7, r10, r2, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r2, r7, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r7, r0, #0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adds r0, r8, r0
+ ldr r8, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ adcs r0, r3, lr
+ ldr r3, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r6, r12
+ ldr r6, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ adcs r0, r4, r5
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r0, r2, r11
+ str r0, [sp, #8] @ 4-byte Spill
+ adc r0, r7, r10
+ ldr r7, [sp, #80] @ 4-byte Reload
+ ldr r10, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #4] @ 4-byte Spill
+ umull r4, r0, r6, r1
+ umull r11, r2, r6, r3
+ adds r4, r2, r4
+ umull r3, r4, r6, r7
+ adcs r0, r0, r3
+ umlal r2, r3, r6, r1
+ umull r0, r7, r6, r8
+ adcs r5, r4, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ umull r4, r1, r6, r0
+ mov r0, r6
+ adcs r4, r7, r4
+ umull r7, r12, r6, r10
+ ldr r6, [sp, #68] @ 4-byte Reload
+ adcs lr, r1, r7
+ umull r7, r1, r0, r6
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r7, r12, r7
+ adc r12, r1, #0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adds r0, r11, r0
+ adcs r2, r2, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r6, r5, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r1, lr, r1
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r1, r7, r1
+ str r1, [sp, #24] @ 4-byte Spill
+ adc r1, r12, #0
+ ldr r12, [sp, #76] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ mul r4, r0, r1
+ umull r7, r1, r4, r9
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adds r0, r7, r0
+ umull r0, r7, r4, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs lr, r0, r2
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #84] @ 4-byte Reload
+ umull r2, r0, r4, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r2, r2, r3
+ umull r3, r0, r4, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r3, r3, r6
+ umull r6, r5, r4, r1
+ adcs r6, r6, r11
+ umull r1, r11, r4, r7
+ umull r7, r9, r4, r12
+ ldr r12, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r4, r7, r0
+ ldr r7, [sp, #32] @ 4-byte Reload
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r7, r7, #0
+ adds r0, lr, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ adcs r0, r1, r5
+ str r0, [sp, #16] @ 4-byte Spill
+ adcs r0, r4, r11
+ str r0, [sp, #12] @ 4-byte Spill
+ adc r0, r7, r9
+ ldr r9, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r4, [r9, #16]
+ umull r11, r3, r4, r2
+ ldr r2, [sp, #80] @ 4-byte Reload
+ umull r0, r1, r4, r12
+ adds r0, r3, r0
+ umull r5, r0, r4, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r5
+ umlal r3, r5, r4, r12
+ umull r1, r7, r4, r8
+ adcs r8, r0, r1
+ umull r1, r0, r4, r2
+ adcs lr, r7, r1
+ umull r7, r1, r4, r10
+ adcs r2, r0, r7
+ umull r7, r0, r4, r6
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r4, r11, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r3, r3, r7
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r5, r5, r7
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r7, r8, r7
+ adcs r11, lr, r6
+ ldr r6, [sp, #12] @ 4-byte Reload
+ adcs r10, r2, r6
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ mul r0, r4, r1
+ umull r1, r6, r0, r2
+ ldr r2, [sp, #72] @ 4-byte Reload
+ adds r1, r1, r4
+ str r6, [sp, #24] @ 4-byte Spill
+ ldr r4, [sp, #84] @ 4-byte Reload
+ umull r1, r6, r0, r2
+ adcs lr, r1, r3
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r6, [sp, #20] @ 4-byte Spill
+ umull r3, r2, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r3, r3, r5
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ umull r5, r8, r0, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r5, r5, r7
+ umull r7, r12, r0, r1
+ adcs r6, r7, r11
+ ldr r11, [sp, #76] @ 4-byte Reload
+ umull r7, r1, r0, r4
+ adcs r7, r7, r10
+ umull r4, r10, r0, r11
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #28] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r2, lr, r2
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r2, r3, r2
+ ldr r3, [sp, #52] @ 4-byte Reload
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r11, r5, r2
+ adcs r2, r6, r8
+ ldr r6, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #76] @ 4-byte Reload
+ str r2, [sp, #24] @ 4-byte Spill
+ adcs r2, r7, r12
+ ldr r7, [r9, #20]
+ adcs r0, r0, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r2, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r4, r10
+ str r0, [sp, #12] @ 4-byte Spill
+ umull r4, r0, r7, r3
+ umull r10, r2, r7, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adds r4, r2, r4
+ umull r5, r4, r7, r1
+ adcs r0, r0, r5
+ umlal r2, r5, r7, r3
+ ldr r3, [sp, #68] @ 4-byte Reload
+ umull r0, r1, r7, r6
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adcs lr, r4, r0
+ umull r4, r0, r7, r6
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r12, r1, r4
+ umull r4, r1, r7, r6
+ adcs r9, r0, r4
+ umull r4, r0, r7, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r4
+ adc r0, r0, #0
+ adds r4, r10, r3
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r2, r2, r3
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r5, r5, r11
+ adcs r7, lr, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r11, r12, r3
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r9, r9, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp, #56] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ mul r0, r4, r1
+ umull r1, r6, r0, r3
+ ldr r3, [sp, #72] @ 4-byte Reload
+ adds r1, r1, r4
+ str r6, [sp, #24] @ 4-byte Spill
+ ldr r4, [sp, #84] @ 4-byte Reload
+ umull r1, r6, r0, r3
+ ldr r3, [sp, #100] @ 4-byte Reload
+ adcs r12, r1, r2
+ str r6, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ umull r2, r10, r0, r3
+ ldr r3, [sp, #92] @ 4-byte Reload
+ adcs r2, r2, r5
+ umull r5, lr, r0, r3
+ ldr r3, [sp, #88] @ 4-byte Reload
+ adcs r5, r5, r7
+ umull r7, r6, r0, r3
+ adcs r7, r7, r11
+ umull r3, r11, r0, r4
+ adcs r3, r3, r9
+ umull r4, r9, r0, r8
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #28] @ 4-byte Reload
+ adc r4, r4, #0
+ adds r8, r12, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #16] @ 4-byte Spill
+ adcs r1, r5, r10
+ ldr r5, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ adcs r1, r7, lr
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ adcs r1, r3, r6
+ adcs r0, r0, r11
+ str r1, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r9, r4, r9
+ ldr r4, [r0, #24]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ umull r6, lr, r4, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ umull r12, r1, r4, r5
+ umull r11, r2, r4, r0
+ mov r0, r6
+ mov r3, r2
+ adds r2, r2, r12
+ adcs r1, r1, r6
+ ldr r6, [sp, #48] @ 4-byte Reload
+ umlal r3, r0, r4, r5
+ umull r1, r2, r4, r6
+ adcs r5, lr, r1
+ umull r6, r1, r4, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs lr, r2, r6
+ umull r6, r2, r4, r7
+ ldr r7, [sp, #68] @ 4-byte Reload
+ adcs r12, r1, r6
+ umull r6, r1, r4, r7
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r2, r2, r6
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adc r1, r1, #0
+ adds r4, r11, r8
+ ldr r11, [sp, #88] @ 4-byte Reload
+ adcs r3, r3, r6
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs r6, r0, r6
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r5, r5, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r10, lr, r0
+ adcs r7, r12, r7
+ adcs r12, r2, r9
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adc lr, r1, #0
+ mul r1, r4, r2
+ umull r2, r8, r1, r7
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adds r2, r2, r4
+ umull r2, r9, r1, r7
+ ldr r7, [sp, #72] @ 4-byte Reload
+ umull r4, r0, r1, r7
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r3, r4, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ adcs r0, r2, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ umull r2, r0, r1, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ adcs r0, r2, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ umull r5, r0, r1, r11
+ adcs r2, r5, r10
+ ldr r10, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r5, [sp, #76] @ 4-byte Reload
+ umull r6, r0, r1, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r6, r6, r0
+ umull r4, r0, r1, r5
+ adcs r1, r4, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adc r4, lr, #0
+ adds r8, r3, r8
+ ldr r3, [sp, #60] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ adcs lr, r3, r9
+ ldr r3, [sp, #68] @ 4-byte Reload
+ adcs r12, r2, r3
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r3, r6, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r3, [sp, #96] @ 4-byte Spill
+ adcs r2, r1, r2
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adc r9, r4, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ subs r4, r8, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ sbcs r6, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ sbcs r1, lr, r1
+ sbcs r7, r12, r7
+ sbcs r11, r3, r11
+ ldr r3, [sp, #36] @ 4-byte Reload
+ sbcs r10, r2, r10
+ sbc r5, r9, r5
+ asr r0, r5, #31
+ cmp r0, #0
+ movlt r4, r8
+ movlt r1, lr
+ str r4, [r3]
+ ldr r4, [sp, #80] @ 4-byte Reload
+ movlt r6, r4
+ cmp r0, #0
+ str r6, [r3, #4]
+ str r1, [r3, #8]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ movlt r7, r12
+ movlt r10, r2
+ str r7, [r3, #12]
+ movlt r11, r1
+ cmp r0, #0
+ movlt r5, r9
+ str r11, [r3, #16]
+ str r10, [r3, #20]
+ str r5, [r3, #24]
+ add sp, sp, #104
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end99:
+ .size mcl_fp_montNF7L, .Lfunc_end99-mcl_fp_montNF7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed7L
+ .align 2
+ .type mcl_fp_montRed7L,%function
+mcl_fp_montRed7L: @ @mcl_fp_montRed7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #120
+ sub sp, sp, #120
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #4]
+ ldr r10, [r2, #-4]
+ ldr r4, [r1]
+ ldr r3, [r2]
+ ldr r7, [r2, #8]
+ ldr r5, [r2, #4]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r1, #8]
+ str r4, [sp, #60] @ 4-byte Spill
+ str r7, [sp, #108] @ 4-byte Spill
+ str r3, [sp, #116] @ 4-byte Spill
+ str r5, [sp, #24] @ 4-byte Spill
+ str r10, [sp, #92] @ 4-byte Spill
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ str r0, [sp, #76] @ 4-byte Spill
+ mul r0, r4, r10
+ umull r4, r12, r0, r3
+ umull lr, r6, r0, r7
+ str r4, [sp, #52] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ str r6, [sp, #72] @ 4-byte Spill
+ mov r9, lr
+ mov r3, r12
+ umlal r3, r9, r0, r5
+ umull r7, r6, r0, r4
+ str r4, [sp, #104] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ str r7, [sp, #68] @ 4-byte Spill
+ str r6, [sp, #64] @ 4-byte Spill
+ umull r7, r6, r0, r4
+ str r4, [sp, #112] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ ldr r2, [r2, #12]
+ str r7, [sp, #44] @ 4-byte Spill
+ str r6, [sp, #48] @ 4-byte Spill
+ str r4, [sp, #96] @ 4-byte Spill
+ umull r8, r7, r0, r4
+ str r2, [sp, #100] @ 4-byte Spill
+ umull r4, r6, r0, r2
+ umull r11, r2, r0, r5
+ adds r0, r12, r11
+ ldr r11, [r1, #36]
+ adcs r0, r2, lr
+ ldr r2, [sp, #48] @ 4-byte Reload
+ ldr lr, [r1, #28]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r5, r6, r8
+ ldr r8, [sp, #108] @ 4-byte Reload
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adds r0, r0, r2
+ ldr r2, [r1, #24]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [r1, #20]
+ mul r4, r0, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ ldr r10, [r1, #40]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ umull r12, r1, r4, r8
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r9
+ ldr r9, [sp, #96] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #80] @ 4-byte Spill
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ umull r7, r1, r4, r6
+ str r7, [sp, #28] @ 4-byte Spill
+ mov r7, r12
+ adcs r0, r3, r0
+ ldr r3, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ mov r0, r1
+ umlal r0, r7, r4, r5
+ adcs r2, r2, r3
+ str r2, [sp, #68] @ 4-byte Spill
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r2, lr, r2
+ ldr lr, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [sp, #60] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #60] @ 4-byte Spill
+ adcs r2, r11, #0
+ mov r11, r5
+ str r2, [sp, #56] @ 4-byte Spill
+ adcs r2, r10, #0
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r2, r2, #0
+ str r2, [sp, #40] @ 4-byte Spill
+ mov r2, #0
+ adc r2, r2, #0
+ str r2, [sp, #36] @ 4-byte Spill
+ umull r3, r2, r4, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ adds r1, r1, r3
+ adcs r2, r2, r12
+ umull r1, r3, r4, r9
+ umull r2, r12, r4, lr
+ adcs r2, r5, r2
+ adcs r10, r12, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r2, [sp] @ 4-byte Spill
+ ldr r12, [sp, #92] @ 4-byte Reload
+ umull r5, r2, r4, r1
+ adcs r1, r3, r5
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ umull r5, r3, r4, r1
+ adcs r2, r2, r5
+ ldr r5, [sp] @ 4-byte Reload
+ str r2, [sp, #8] @ 4-byte Spill
+ adc r2, r3, #0
+ ldr r3, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [sp, #84] @ 4-byte Reload
+ adds r4, r3, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r4, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r3, r0, r4, r8
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ umull r0, r2, r4, r6
+ ldr r6, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ adcs r6, r7, r6
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ mov r0, r2
+ str r6, [sp, #76] @ 4-byte Spill
+ ldr r6, [sp, #64] @ 4-byte Reload
+ umlal r0, r5, r4, r11
+ adcs r6, r7, r6
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r6, [sp, #72] @ 4-byte Spill
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r6, r7, r6
+ umull r7, r8, r4, r1
+ str r6, [sp, #68] @ 4-byte Spill
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #64] @ 4-byte Spill
+ ldr r6, [sp, #52] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #60] @ 4-byte Spill
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #52] @ 4-byte Spill
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #48] @ 4-byte Spill
+ ldr r6, [sp, #36] @ 4-byte Reload
+ adc r6, r6, #0
+ str r6, [sp, #44] @ 4-byte Spill
+ umull r6, r10, r4, r11
+ adds r1, r2, r6
+ adcs r2, r10, r3
+ umull r1, r6, r4, lr
+ ldr lr, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r10, r2, r1
+ umull r2, r3, r4, r9
+ adcs r9, r6, r2
+ ldr r2, [sp, #112] @ 4-byte Reload
+ umull r6, r1, r4, r2
+ adcs r3, r3, r6
+ adcs r1, r1, r7
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adc r8, r8, #0
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adds r7, r3, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ mul r7, r0, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ umull r3, r0, r7, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ umull r4, r1, r7, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r4, [sp, #36] @ 4-byte Spill
+ mov r4, r3
+ adcs r0, r5, r0
+ ldr r5, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #104] @ 4-byte Reload
+ adcs r5, r9, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ mov r0, r1
+ str r5, [sp, #80] @ 4-byte Spill
+ ldr r5, [sp, #72] @ 4-byte Reload
+ umlal r0, r4, r7, r11
+ adcs r5, r6, r5
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r5, [sp, #76] @ 4-byte Spill
+ ldr r5, [sp, #68] @ 4-byte Reload
+ adcs r5, r6, r5
+ str r5, [sp, #72] @ 4-byte Spill
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r6, r8, r5
+ ldr r8, [sp, #100] @ 4-byte Reload
+ str r6, [sp, #68] @ 4-byte Spill
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #64] @ 4-byte Spill
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #60] @ 4-byte Spill
+ ldr r6, [sp, #52] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r6, r6, #0
+ str r6, [sp, #52] @ 4-byte Spill
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adc r6, r6, #0
+ str r6, [sp, #48] @ 4-byte Spill
+ umull r9, r6, r7, r10
+ str r6, [sp, #44] @ 4-byte Spill
+ umull r6, r5, r7, r11
+ adds r1, r1, r6
+ umull r6, r12, r7, r2
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r2, r5, r3
+ umull r2, r3, r7, r8
+ adcs r1, r1, r2
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ umull r5, r2, r7, r1
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r3, r3, r5
+ ldr r5, [sp, #116] @ 4-byte Reload
+ adcs r2, r2, r6
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #16] @ 4-byte Spill
+ adcs r2, r12, r9
+ ldr r9, [sp, #92] @ 4-byte Reload
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adc r2, r2, #0
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adds r6, r7, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r6, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ umull r7, r0, r6, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ umull r0, r2, r6, r5
+ mov r12, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r2
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ umlal r4, r12, r6, r11
+ adcs r0, r3, r0
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ ldr r3, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ umull r3, r0, r6, r10
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ umull lr, r0, r6, r3
+ str r0, [sp, #20] @ 4-byte Spill
+ umull r10, r0, r6, r11
+ adds r2, r2, r10
+ adcs r0, r0, r7
+ umull r2, r10, r6, r1
+ umull r0, r1, r6, r8
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs r8, r6, r0
+ adcs r0, r1, r2
+ ldr r1, [sp, #20] @ 4-byte Reload
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r10, r10, lr
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc lr, r0, #0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adds r7, r2, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ mul r4, r0, r9
+ ldr r0, [sp, #108] @ 4-byte Reload
+ umull r7, r2, r4, r0
+ str r2, [sp, #40] @ 4-byte Spill
+ umull r2, r0, r4, r5
+ ldr r5, [sp, #84] @ 4-byte Reload
+ str r2, [sp, #44] @ 4-byte Spill
+ mov r6, r0
+ mov r2, r7
+ umlal r6, r2, r4, r11
+ adcs r5, r12, r5
+ ldr r12, [sp, #100] @ 4-byte Reload
+ str r5, [sp, #84] @ 4-byte Spill
+ ldr r5, [sp, #80] @ 4-byte Reload
+ adcs r5, r8, r5
+ ldr r8, [sp, #104] @ 4-byte Reload
+ str r5, [sp, #80] @ 4-byte Spill
+ ldr r5, [sp, #76] @ 4-byte Reload
+ adcs r5, r1, r5
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r5, [sp, #76] @ 4-byte Spill
+ ldr r5, [sp, #72] @ 4-byte Reload
+ adcs r5, r10, r5
+ str r5, [sp, #72] @ 4-byte Spill
+ ldr r5, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, lr, r1
+ ldr lr, [sp, #96] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, #0
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, #0
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #52] @ 4-byte Spill
+ umull r5, r1, r4, r8
+ str r5, [sp, #32] @ 4-byte Spill
+ str r1, [sp, #36] @ 4-byte Spill
+ umull r5, r1, r4, r3
+ str r5, [sp, #20] @ 4-byte Spill
+ umull r9, r5, r4, r11
+ str r1, [sp, #28] @ 4-byte Spill
+ adds r0, r0, r9
+ umull r3, r9, r4, lr
+ umull r0, r1, r4, r12
+ adcs r4, r5, r7
+ ldr r4, [sp, #40] @ 4-byte Reload
+ adcs r10, r4, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r4, [sp, #28] @ 4-byte Reload
+ adcs r1, r1, r3
+ adcs r3, r9, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r9, [sp, #112] @ 4-byte Reload
+ adcs r7, r4, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r4, [sp, #48] @ 4-byte Reload
+ adc r5, r0, #0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adds r4, r0, r4
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r4, r6, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r6, [sp, #108] @ 4-byte Reload
+ adcs r2, r2, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r2, [sp, #84] @ 4-byte Spill
+ adcs r0, r10, r0
+ mov r10, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ mul r0, r4, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ umull r2, r7, r0, r11
+ umull r4, r3, r0, r1
+ adds r2, r3, r2
+ str r4, [sp, #92] @ 4-byte Spill
+ umull r1, r2, r0, r6
+ adcs r4, r7, r1
+ umlal r3, r1, r0, r11
+ umull r4, r5, r0, r12
+ adcs r2, r2, r4
+ str r2, [sp, #52] @ 4-byte Spill
+ umull r4, r2, r0, lr
+ adcs r7, r5, r4
+ str r7, [sp, #48] @ 4-byte Spill
+ umull r7, r4, r0, r9
+ adcs r5, r2, r7
+ umull r7, r2, r0, r8
+ adcs r7, r4, r7
+ adc r0, r2, #0
+ ldr r2, [sp, #92] @ 4-byte Reload
+ adds r2, r2, r10
+ ldr r2, [sp, #84] @ 4-byte Reload
+ adcs r12, r3, r2
+ ldr r2, [sp, #80] @ 4-byte Reload
+ adcs lr, r1, r2
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r10, r2, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ ldr r2, [sp, #48] @ 4-byte Reload
+ adcs r4, r2, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r8, r5, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r8, [sp, #84] @ 4-byte Spill
+ adcs r2, r7, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r7, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #92] @ 4-byte Spill
+ adcs r1, r0, r1
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r3, r0, #0
+ ldr r0, [sp, #116] @ 4-byte Reload
+ subs r0, r12, r0
+ sbcs r5, lr, r11
+ mov r11, r4
+ sbcs r6, r10, r6
+ sbcs r7, r4, r7
+ ldr r4, [sp, #96] @ 4-byte Reload
+ sbcs r4, r8, r4
+ sbcs r8, r2, r9
+ ldr r2, [sp, #104] @ 4-byte Reload
+ sbcs r9, r1, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ sbc r3, r3, #0
+ ands r3, r3, #1
+ movne r0, r12
+ movne r5, lr
+ movne r6, r10
+ cmp r3, #0
+ str r0, [r2]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ movne r7, r11
+ str r5, [r2, #4]
+ str r6, [r2, #8]
+ str r7, [r2, #12]
+ movne r4, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r4, [r2, #16]
+ movne r8, r0
+ cmp r3, #0
+ movne r9, r1
+ str r8, [r2, #20]
+ str r9, [r2, #24]
+ add sp, sp, #120
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end100:
+ .size mcl_fp_montRed7L, .Lfunc_end100-mcl_fp_montRed7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre7L
+ .align 2
+ .type mcl_fp_addPre7L,%function
+mcl_fp_addPre7L: @ @mcl_fp_addPre7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #8
+ sub sp, sp, #8
+ ldr r3, [r1, #4]
+ ldr r9, [r1]
+ ldr r7, [r2]
+ ldr lr, [r1, #8]
+ ldr r10, [r1, #12]
+ ldr r11, [r1, #16]
+ ldr r8, [r1, #24]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r1, #20]
+ adds r7, r7, r9
+ str r3, [sp] @ 4-byte Spill
+ ldmib r2, {r1, r3, r4, r5, r12}
+ ldr r6, [sp, #4] @ 4-byte Reload
+ ldr r2, [r2, #24]
+ str r7, [r0]
+ adcs r1, r1, r6
+ ldr r6, [sp] @ 4-byte Reload
+ adcs r3, r3, lr
+ adcs r4, r4, r10
+ adcs r5, r5, r11
+ adcs r6, r12, r6
+ adcs r2, r2, r8
+ stmib r0, {r1, r3, r4, r5, r6}
+ str r2, [r0, #24]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #8
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end101:
+ .size mcl_fp_addPre7L, .Lfunc_end101-mcl_fp_addPre7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre7L
+ .align 2
+ .type mcl_fp_subPre7L,%function
+mcl_fp_subPre7L: @ @mcl_fp_subPre7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #8
+ sub sp, sp, #8
+ ldr r3, [r2, #4]
+ ldr r9, [r2]
+ ldr r7, [r1]
+ ldr lr, [r2, #8]
+ ldr r10, [r2, #12]
+ ldr r11, [r2, #16]
+ ldr r8, [r2, #24]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ subs r7, r7, r9
+ str r3, [sp] @ 4-byte Spill
+ ldmib r1, {r2, r3, r4, r5, r12}
+ ldr r6, [sp, #4] @ 4-byte Reload
+ ldr r1, [r1, #24]
+ str r7, [r0]
+ sbcs r2, r2, r6
+ ldr r6, [sp] @ 4-byte Reload
+ sbcs r3, r3, lr
+ sbcs r4, r4, r10
+ sbcs r5, r5, r11
+ sbcs r6, r12, r6
+ sbcs r1, r1, r8
+ stmib r0, {r2, r3, r4, r5, r6}
+ str r1, [r0, #24]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #8
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end102:
+ .size mcl_fp_subPre7L, .Lfunc_end102-mcl_fp_subPre7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_7L
+ .align 2
+ .type mcl_fp_shr1_7L,%function
+mcl_fp_shr1_7L: @ @mcl_fp_shr1_7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr lr, [r1, #12]
+ ldr r2, [r1, #8]
+ ldr r5, [r1, #20]
+ ldr r4, [r1, #16]
+ ldr r1, [r1, #24]
+ lsrs r6, r3, #1
+ lsr r3, r3, #1
+ rrx r12, r12
+ lsrs r6, lr, #1
+ orr r7, r3, r2, lsl #31
+ lsr r6, lr, #1
+ rrx r2, r2
+ lsrs r3, r5, #1
+ lsr r5, r5, #1
+ str r12, [r0]
+ str r7, [r0, #4]
+ orr r5, r5, r1, lsl #31
+ orr r6, r6, r4, lsl #31
+ rrx r3, r4
+ lsr r1, r1, #1
+ str r2, [r0, #8]
+ str r6, [r0, #12]
+ str r3, [r0, #16]
+ str r5, [r0, #20]
+ str r1, [r0, #24]
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end103:
+ .size mcl_fp_shr1_7L, .Lfunc_end103-mcl_fp_shr1_7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add7L
+ .align 2
+ .type mcl_fp_add7L,%function
+mcl_fp_add7L: @ @mcl_fp_add7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #12
+ sub sp, sp, #12
+ ldr r7, [r1, #8]
+ ldr r10, [r1]
+ ldr r9, [r1, #4]
+ ldr r11, [r1, #16]
+ ldr r8, [r1, #24]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r1, #12]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ ldm r2, {r1, r4, r5, r6, r12, lr}
+ ldr r2, [r2, #24]
+ adds r10, r1, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r4, r4, r9
+ str r10, [r0]
+ adcs r5, r5, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r6, r6, r1
+ mov r1, #0
+ adcs r9, r12, r11
+ adcs r7, lr, r7
+ stmib r0, {r4, r5, r6, r9}
+ adcs r2, r2, r8
+ str r7, [r0, #20]
+ adc r1, r1, #0
+ str r2, [r0, #24]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [r3]
+ str r1, [sp] @ 4-byte Spill
+ ldmib r3, {r12, lr}
+ ldr r1, [r3, #20]
+ ldr r8, [r3, #12]
+ ldr r11, [r3, #16]
+ ldr r3, [r3, #24]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp] @ 4-byte Reload
+ subs r10, r10, r1
+ sbcs r1, r4, r12
+ ldr r4, [sp, #4] @ 4-byte Reload
+ sbcs r5, r5, lr
+ sbcs r12, r6, r8
+ str r5, [sp] @ 4-byte Spill
+ sbcs lr, r9, r11
+ sbcs r4, r7, r4
+ sbcs r5, r2, r3
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbc r2, r2, #0
+ tst r2, #1
+ bne .LBB104_2
+@ BB#1: @ %nocarry
+ str r10, [r0]
+ str r1, [r0, #4]
+ ldr r1, [sp] @ 4-byte Reload
+ add r2, r0, #8
+ stm r2, {r1, r12, lr}
+ str r4, [r0, #20]
+ str r5, [r0, #24]
+.LBB104_2: @ %carry
+ add sp, sp, #12
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end104:
+ .size mcl_fp_add7L, .Lfunc_end104-mcl_fp_add7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF7L
+ .align 2
+ .type mcl_fp_addNF7L,%function
+mcl_fp_addNF7L: @ @mcl_fp_addNF7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldm r1, {r6, r7}
+ ldr r11, [r1, #16]
+ ldr r9, [r1, #20]
+ ldr r8, [r1, #24]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r1, #8]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r1, #12]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldm r2, {r1, r4, r5, r10, r12, lr}
+ ldr r2, [r2, #24]
+ adds r7, r1, r6
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r7, [sp, #4] @ 4-byte Spill
+ adcs r6, r4, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r6, [sp, #16] @ 4-byte Spill
+ adcs r5, r5, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r4, r10, r1
+ ldr r10, [r3, #8]
+ adcs r12, r12, r11
+ ldr r11, [r3, #16]
+ adcs lr, lr, r9
+ ldr r9, [r3, #20]
+ adc r1, r2, r8
+ ldr r2, [r3]
+ ldr r8, [r3, #12]
+ str r1, [sp, #12] @ 4-byte Spill
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r3, #4]
+ ldr r3, [r3, #24]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [sp] @ 4-byte Reload
+ subs r2, r7, r2
+ ldr r7, [sp, #8] @ 4-byte Reload
+ sbcs r7, r6, r7
+ sbcs r6, r5, r10
+ mov r10, r12
+ sbcs r8, r4, r8
+ sbcs r11, r12, r11
+ sbcs r12, lr, r9
+ ldr r9, [sp, #4] @ 4-byte Reload
+ sbc r3, r1, r3
+ asr r1, r3, #31
+ cmp r1, #0
+ movlt r2, r9
+ movlt r6, r5
+ str r2, [r0]
+ ldr r2, [sp, #16] @ 4-byte Reload
+ movlt r7, r2
+ cmp r1, #0
+ movlt r8, r4
+ movlt r11, r10
+ movlt r12, lr
+ cmp r1, #0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r7, [r0, #4]
+ str r6, [r0, #8]
+ str r8, [r0, #12]
+ str r11, [r0, #16]
+ str r12, [r0, #20]
+ movlt r3, r1
+ str r3, [r0, #24]
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end105:
+ .size mcl_fp_addNF7L, .Lfunc_end105-mcl_fp_addNF7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub7L
+ .align 2
+ .type mcl_fp_sub7L,%function
+mcl_fp_sub7L: @ @mcl_fp_sub7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #12
+ sub sp, sp, #12
+ ldr r7, [r2, #8]
+ ldr r11, [r2]
+ ldr r9, [r2, #4]
+ ldr r8, [r2, #20]
+ ldr r10, [r2, #24]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r2, #12]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ str r7, [sp] @ 4-byte Spill
+ ldm r1, {r2, r4, r5, r6, r7, lr}
+ ldr r1, [r1, #24]
+ subs r12, r2, r11
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbcs r9, r4, r9
+ ldr r4, [sp, #4] @ 4-byte Reload
+ str r12, [r0]
+ str r9, [r0, #4]
+ sbcs r2, r5, r2
+ sbcs r11, r6, r4
+ ldr r4, [sp] @ 4-byte Reload
+ str r2, [r0, #8]
+ str r11, [r0, #12]
+ sbcs r4, r7, r4
+ sbcs r5, lr, r8
+ sbcs r6, r1, r10
+ add r1, r0, #16
+ stm r1, {r4, r5, r6}
+ mov r1, #0
+ sbc r1, r1, #0
+ tst r1, #1
+ beq .LBB106_2
+@ BB#1: @ %carry
+ ldr r1, [r3]
+ ldr r7, [r3, #4]
+ ldr lr, [r3, #12]
+ ldr r8, [r3, #16]
+ ldr r10, [r3, #20]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [r3, #8]
+ ldr r3, [r3, #24]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adds r1, r1, r12
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r7, r7, r9
+ adcs r2, r1, r2
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r12, lr, r11
+ adcs r4, r8, r4
+ adcs r5, r10, r5
+ adc r3, r3, r6
+ stm r0, {r1, r7}
+ str r2, [r0, #8]
+ str r12, [r0, #12]
+ str r4, [r0, #16]
+ str r5, [r0, #20]
+ str r3, [r0, #24]
+.LBB106_2: @ %nocarry
+ add sp, sp, #12
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end106:
+ .size mcl_fp_sub7L, .Lfunc_end106-mcl_fp_sub7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF7L
+ .align 2
+ .type mcl_fp_subNF7L,%function
+mcl_fp_subNF7L: @ @mcl_fp_subNF7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r2, {r5, lr}
+ ldr r7, [r2, #8]
+ ldr r11, [r2, #16]
+ ldr r10, [r2, #24]
+ add r9, r1, #12
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r2, #12]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldm r1, {r2, r4, r12}
+ ldm r9, {r6, r8, r9}
+ ldr r7, [r1, #24]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ subs r5, r2, r5
+ sbcs lr, r4, lr
+ sbcs r4, r12, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str lr, [sp] @ 4-byte Spill
+ sbcs r12, r6, r1
+ ldr r6, [r3, #4]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ sbcs r2, r8, r11
+ ldr r8, [r3, #12]
+ ldr r11, [r3, #16]
+ str r2, [sp, #12] @ 4-byte Spill
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [r3, #20]
+ sbcs r1, r9, r1
+ sbc r9, r7, r10
+ ldr r7, [r3]
+ ldr r10, [r3, #8]
+ ldr r3, [r3, #24]
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [sp, #4] @ 4-byte Reload
+ adds r7, r5, r7
+ adcs r6, lr, r6
+ adcs lr, r4, r10
+ mov r10, r1
+ adcs r8, r12, r8
+ adcs r11, r2, r11
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r2, r1, r2
+ asr r1, r9, #31
+ adc r3, r9, r3
+ cmp r1, #0
+ movge r7, r5
+ ldr r5, [sp] @ 4-byte Reload
+ movge lr, r4
+ str r7, [r0]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ movge r6, r5
+ cmp r1, #0
+ movge r8, r12
+ movge r11, r7
+ movge r2, r10
+ cmp r1, #0
+ str r6, [r0, #4]
+ str lr, [r0, #8]
+ movge r3, r9
+ str r8, [r0, #12]
+ str r11, [r0, #16]
+ str r2, [r0, #20]
+ str r3, [r0, #24]
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end107:
+ .size mcl_fp_subNF7L, .Lfunc_end107-mcl_fp_subNF7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add7L
+ .align 2
+ .type mcl_fpDbl_add7L,%function
+mcl_fpDbl_add7L: @ @mcl_fpDbl_add7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #48
+ sub sp, sp, #48
+ ldm r1, {r12, lr}
+ ldr r8, [r1, #8]
+ ldr r10, [r1, #12]
+ ldmib r2, {r6, r7}
+ ldr r4, [r2, #16]
+ ldr r11, [r2]
+ ldr r5, [r2, #12]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ adds r9, r11, r12
+ ldr r11, [r1, #44]
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [r2, #32]
+ str r4, [sp, #16] @ 4-byte Spill
+ ldr r4, [r2, #36]
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [r2, #40]
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r2, #44]
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r2, #48]
+ ldr r2, [r2, #52]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #36]
+ str r4, [sp, #36] @ 4-byte Spill
+ adcs r4, r6, lr
+ add lr, r1, #16
+ adcs r7, r7, r8
+ ldr r8, [r1, #52]
+ adcs r6, r5, r10
+ ldr r5, [r1, #32]
+ ldr r10, [r1, #48]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ str r9, [r0]
+ stmib r0, {r4, r7}
+ str r6, [r0, #12]
+ ldr r4, [sp, #8] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r4, r1
+ ldr r4, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r2, r4, r2
+ str r2, [r0, #20]
+ adcs r1, r1, r12
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [sp, #20] @ 4-byte Spill
+ adcs r2, r1, r5
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r2, [sp, #16] @ 4-byte Spill
+ adcs r5, r1, r7
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r7, [sp, #4] @ 4-byte Reload
+ adcs r12, r1, r7
+ ldr r1, [sp, #32] @ 4-byte Reload
+ mov r7, #0
+ str r12, [sp, #40] @ 4-byte Spill
+ adcs lr, r1, r11
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r4, r1, r10
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r9, r1, r8
+ adc r1, r7, #0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm r3, {r1, r7, r11}
+ ldr r10, [r3, #12]
+ ldr r8, [r3, #16]
+ ldr r6, [r3, #20]
+ ldr r3, [r3, #24]
+ str r3, [sp, #36] @ 4-byte Spill
+ ldr r3, [sp, #20] @ 4-byte Reload
+ subs r1, r3, r1
+ sbcs r7, r2, r7
+ sbcs r2, r5, r11
+ mov r11, lr
+ sbcs r10, r12, r10
+ sbcs r12, lr, r8
+ sbcs lr, r4, r6
+ ldr r6, [sp, #36] @ 4-byte Reload
+ sbcs r8, r9, r6
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbc r6, r6, #0
+ ands r6, r6, #1
+ movne r1, r3
+ movne r2, r5
+ str r1, [r0, #28]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ movne r7, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ cmp r6, #0
+ movne r12, r11
+ movne lr, r4
+ str r7, [r0, #32]
+ str r2, [r0, #36]
+ movne r10, r1
+ cmp r6, #0
+ movne r8, r9
+ str r10, [r0, #40]
+ str r12, [r0, #44]
+ str lr, [r0, #48]
+ str r8, [r0, #52]
+ add sp, sp, #48
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end108:
+ .size mcl_fpDbl_add7L, .Lfunc_end108-mcl_fpDbl_add7L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub7L
+ .align 2
+ .type mcl_fpDbl_sub7L,%function
+mcl_fpDbl_sub7L: @ @mcl_fpDbl_sub7L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ ldr r7, [r2, #32]
+ add r8, r1, #16
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldm r2, {r4, r7}
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #8]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #12]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ ldr r2, [r2, #20]
+ str r7, [sp, #36] @ 4-byte Spill
+ str r2, [sp, #24] @ 4-byte Spill
+ ldmib r1, {r2, r12, lr}
+ ldm r8, {r5, r6, r8}
+ ldr r7, [r1, #28]
+ ldr r11, [r1]
+ ldr r9, [r1, #32]
+ ldr r10, [r1, #44]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r1, #36]
+ subs r4, r11, r4
+ str r4, [r0]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r1, #40]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r1, #48]
+ ldr r1, [r1, #52]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [sp, #20] @ 4-byte Reload
+ sbcs r2, r2, r7
+ ldr r7, [sp, #16] @ 4-byte Reload
+ sbcs r12, r12, r7
+ ldr r7, [sp, #12] @ 4-byte Reload
+ stmib r0, {r2, r12}
+ ldr r2, [sp, #32] @ 4-byte Reload
+ sbcs lr, lr, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str lr, [r0, #12]
+ sbcs r2, r5, r2
+ str r2, [r0, #16]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ sbcs r2, r6, r2
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r2, r8, r2
+ mov r8, #0
+ str r2, [r0, #24]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs lr, r7, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ ldr r7, [sp, #4] @ 4-byte Reload
+ sbcs r4, r9, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ ldr r9, [r3, #20]
+ str r4, [sp, #44] @ 4-byte Spill
+ sbcs r7, r7, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ sbcs r12, r6, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ ldr r6, [sp] @ 4-byte Reload
+ str r12, [sp, #52] @ 4-byte Spill
+ sbcs r11, r10, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ ldr r10, [r3, #12]
+ sbcs r6, r6, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ sbcs r5, r1, r2
+ ldr r2, [r3, #8]
+ sbc r1, r8, #0
+ ldr r8, [r3, #4]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [r3]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ ldr r3, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adds r1, lr, r1
+ adcs r4, r4, r8
+ adcs r2, r7, r2
+ adcs r10, r12, r10
+ adcs r12, r11, r3
+ ldr r3, [sp, #56] @ 4-byte Reload
+ adcs r8, r6, r9
+ adc r9, r5, r3
+ ldr r3, [sp, #64] @ 4-byte Reload
+ ands r3, r3, #1
+ moveq r1, lr
+ moveq r2, r7
+ str r1, [r0, #28]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ moveq r4, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ cmp r3, #0
+ moveq r12, r11
+ moveq r8, r6
+ str r4, [r0, #32]
+ str r2, [r0, #36]
+ moveq r10, r1
+ cmp r3, #0
+ moveq r9, r5
+ str r10, [r0, #40]
+ str r12, [r0, #44]
+ str r8, [r0, #48]
+ str r9, [r0, #52]
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end109:
+ .size mcl_fpDbl_sub7L, .Lfunc_end109-mcl_fpDbl_sub7L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv256x32,%function
+.LmulPv256x32: @ @mulPv256x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r1, [r1, #28]
+ umull r3, r7, r1, r2
+ adcs r1, r6, r3
+ str r1, [r0, #28]
+ adc r1, r7, #0
+ str r1, [r0, #32]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end110:
+ .size .LmulPv256x32, .Lfunc_end110-.LmulPv256x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre8L
+ .align 2
+ .type mcl_fp_mulUnitPre8L,%function
+mcl_fp_mulUnitPre8L: @ @mcl_fp_mulUnitPre8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r11, lr}
+ push {r4, r5, r6, r7, r11, lr}
+ .pad #40
+ sub sp, sp, #40
+ mov r4, r0
+ mov r0, sp
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #32]
+ add lr, sp, #16
+ ldr r12, [sp, #28]
+ ldm lr, {r1, r3, lr}
+ ldm sp, {r2, r5, r6, r7}
+ str r0, [r4, #32]
+ add r0, r4, #16
+ stm r4, {r2, r5, r6, r7}
+ stm r0, {r1, r3, lr}
+ str r12, [r4, #28]
+ add sp, sp, #40
+ pop {r4, r5, r6, r7, r11, lr}
+ mov pc, lr
+.Lfunc_end111:
+ .size mcl_fp_mulUnitPre8L, .Lfunc_end111-mcl_fp_mulUnitPre8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre8L
+ .align 2
+ .type mcl_fpDbl_mulPre8L,%function
+mcl_fpDbl_mulPre8L: @ @mcl_fpDbl_mulPre8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #124
+ sub sp, sp, #124
+ mov r6, r2
+ mov r5, r1
+ mov r4, r0
+ bl mcl_fpDbl_mulPre4L(PLT)
+ add r0, r4, #32
+ add r1, r5, #16
+ add r2, r6, #16
+ bl mcl_fpDbl_mulPre4L(PLT)
+ ldm r6, {r12, lr}
+ ldr r7, [r6, #16]
+ ldr r9, [r6, #8]
+ ldr r3, [r6, #12]
+ add r6, r6, #20
+ mov r8, #0
+ ldm r6, {r0, r1, r6}
+ adds r2, r12, r7
+ adcs r0, lr, r0
+ str r2, [sp, #56] @ 4-byte Spill
+ adcs r1, r9, r1
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r9, [r5]
+ str r1, [sp, #44] @ 4-byte Spill
+ adcs r1, r3, r6
+ str r1, [sp, #48] @ 4-byte Spill
+ adc r6, r8, #0
+ ldmib r5, {r8, r10, r12}
+ ldr r7, [r5, #16]
+ ldr r3, [r5, #20]
+ ldr lr, [r5, #24]
+ ldr r11, [r5, #28]
+ str r2, [sp, #60]
+ str r0, [sp, #64]
+ mov r0, #0
+ add r2, sp, #60
+ adds r5, r9, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ adcs r8, r8, r3
+ str r5, [sp, #76]
+ adcs r10, r10, lr
+ str r8, [sp, #80]
+ adcs r9, r12, r11
+ str r10, [sp, #84]
+ str r7, [sp, #68]
+ str r1, [sp, #72]
+ adc r11, r0, #0
+ add r0, sp, #92
+ add r1, sp, #76
+ str r9, [sp, #88]
+ bl mcl_fpDbl_mulPre4L(PLT)
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [sp, #52] @ 4-byte Reload
+ cmp r6, #0
+ ldr r3, [sp, #48] @ 4-byte Reload
+ and r12, r6, r11
+ ldr lr, [sp, #120]
+ moveq r5, r6
+ moveq r9, r6
+ moveq r10, r6
+ moveq r8, r6
+ ldr r6, [sp, #116]
+ adds r0, r5, r0
+ adcs r1, r8, r1
+ adcs r2, r10, r7
+ mov r7, #0
+ adcs r3, r9, r3
+ adc r7, r7, #0
+ cmp r11, #0
+ moveq r0, r5
+ ldr r5, [sp, #108]
+ moveq r2, r10
+ moveq r3, r9
+ moveq r7, r11
+ moveq r1, r8
+ adds r8, r0, r5
+ ldr r5, [sp, #112]
+ adcs r10, r1, r5
+ adcs r9, r2, r6
+ ldr r6, [r4]
+ ldmib r4, {r5, r11}
+ ldr r2, [sp, #92]
+ adcs lr, r3, lr
+ add r3, sp, #96
+ adc r12, r7, r12
+ ldr r7, [r4, #12]
+ ldm r3, {r0, r1, r3}
+ subs r2, r2, r6
+ str r2, [sp, #52] @ 4-byte Spill
+ sbcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ sbcs r0, r1, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ sbcs r0, r3, r7
+ ldr r7, [r4, #20]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r4, #16]
+ str r0, [sp, #56] @ 4-byte Spill
+ sbcs r0, r8, r0
+ ldr r8, [r4, #28]
+ str r0, [sp, #28] @ 4-byte Spill
+ sbcs r0, r10, r7
+ ldr r10, [r4, #24]
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, r9, r10
+ str r0, [sp, #20] @ 4-byte Spill
+ sbcs r0, lr, r8
+ add lr, r4, #32
+ str r0, [sp, #16] @ 4-byte Spill
+ sbc r0, r12, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r5, r9, lr}
+ ldr r6, [sp, #52] @ 4-byte Reload
+ ldr r12, [r4, #44]
+ ldr r2, [r4, #48]
+ ldr r0, [r4, #52]
+ ldr r1, [r4, #56]
+ ldr r3, [r4, #60]
+ subs r6, r6, r5
+ str r1, [sp, #36] @ 4-byte Spill
+ str r3, [sp, #32] @ 4-byte Spill
+ str r6, [sp] @ 4-byte Spill
+ ldr r6, [sp, #48] @ 4-byte Reload
+ sbcs r11, r6, r9
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbcs r6, r6, lr
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [sp, #40] @ 4-byte Reload
+ sbcs r6, r6, r12
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [sp, #28] @ 4-byte Reload
+ sbcs r6, r6, r2
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [sp, #24] @ 4-byte Reload
+ sbcs r6, r6, r0
+ str r6, [sp, #40] @ 4-byte Spill
+ mov r6, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ sbcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adds r3, r0, r1
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r7, r7, r11
+ str r3, [r4, #16]
+ str r7, [r4, #20]
+ adcs r3, r10, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ str r3, [r4, #24]
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r1, r8, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str r1, [r4, #28]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [r4, #32]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [r4, #36]
+ adcs r0, lr, r0
+ str r0, [r4, #40]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r12, r0
+ add r12, r4, #48
+ str r0, [r4, #44]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r1, r6, #0
+ adcs r2, r2, #0
+ adc r3, r3, #0
+ stm r12, {r0, r1, r2, r3}
+ add sp, sp, #124
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end112:
+ .size mcl_fpDbl_mulPre8L, .Lfunc_end112-mcl_fpDbl_mulPre8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre8L
+ .align 2
+ .type mcl_fpDbl_sqrPre8L,%function
+mcl_fpDbl_sqrPre8L: @ @mcl_fpDbl_sqrPre8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #124
+ sub sp, sp, #124
+ mov r5, r1
+ mov r4, r0
+ mov r2, r5
+ bl mcl_fpDbl_mulPre4L(PLT)
+ add r1, r5, #16
+ add r0, r4, #32
+ mov r2, r1
+ bl mcl_fpDbl_mulPre4L(PLT)
+ ldm r5, {r0, r8, lr}
+ ldr r3, [r5, #16]
+ ldr r2, [r5, #20]
+ ldr r6, [r5, #24]
+ ldr r12, [r5, #12]
+ ldr r1, [r5, #28]
+ adds r9, r0, r3
+ add r0, sp, #64
+ adcs r5, r8, r2
+ str r9, [sp, #76]
+ str r9, [sp, #60]
+ add r2, sp, #60
+ adcs r6, lr, r6
+ str r5, [sp, #80]
+ adcs r7, r12, r1
+ str r6, [sp, #84]
+ add r1, sp, #76
+ str r7, [sp, #88]
+ stm r0, {r5, r6, r7}
+ mov r0, #0
+ adc r8, r0, #0
+ add r0, sp, #92
+ bl mcl_fpDbl_mulPre4L(PLT)
+ adds r12, r9, r9
+ adcs lr, r5, r5
+ adcs r9, r6, r6
+ add r6, sp, #112
+ ldm r6, {r0, r5, r6}
+ ldr r1, [sp, #108]
+ adc r10, r7, r7
+ adds r2, r1, r12
+ adcs r3, r0, lr
+ adcs r12, r5, r9
+ adcs lr, r6, r10
+ adc r7, r8, r7, lsr #31
+ cmp r8, #0
+ moveq lr, r6
+ add r6, sp, #92
+ moveq r7, r8
+ moveq r12, r5
+ moveq r3, r0
+ moveq r2, r1
+ ldm r4, {r8, r9, r10, r11}
+ ldm r6, {r0, r1, r5, r6}
+ subs r0, r0, r8
+ ldr r8, [r4, #20]
+ str r0, [sp, #52] @ 4-byte Spill
+ sbcs r0, r1, r9
+ ldr r9, [r4, #24]
+ str r0, [sp, #48] @ 4-byte Spill
+ sbcs r0, r5, r10
+ ldr r10, [r4, #28]
+ str r0, [sp, #44] @ 4-byte Spill
+ sbcs r0, r6, r11
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r4, #16]
+ str r0, [sp, #56] @ 4-byte Spill
+ sbcs r0, r2, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ sbcs r0, r3, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, r12, r9
+ str r0, [sp, #20] @ 4-byte Spill
+ sbcs r0, lr, r10
+ add lr, r4, #32
+ str r0, [sp, #16] @ 4-byte Spill
+ sbc r0, r7, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r5, r7, lr}
+ ldr r6, [sp, #52] @ 4-byte Reload
+ ldr r12, [r4, #44]
+ ldr r2, [r4, #48]
+ ldr r0, [r4, #52]
+ ldr r1, [r4, #56]
+ ldr r3, [r4, #60]
+ subs r6, r6, r5
+ str r1, [sp, #36] @ 4-byte Spill
+ str r3, [sp, #32] @ 4-byte Spill
+ str r6, [sp] @ 4-byte Spill
+ ldr r6, [sp, #48] @ 4-byte Reload
+ sbcs r11, r6, r7
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbcs r6, r6, lr
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [sp, #40] @ 4-byte Reload
+ sbcs r6, r6, r12
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [sp, #28] @ 4-byte Reload
+ sbcs r6, r6, r2
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [sp, #24] @ 4-byte Reload
+ sbcs r6, r6, r0
+ str r6, [sp, #40] @ 4-byte Spill
+ mov r6, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ sbcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adds r3, r1, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r1, r11, r8
+ str r3, [r4, #16]
+ str r1, [r4, #20]
+ adcs r3, r0, r9
+ ldr r0, [sp, #8] @ 4-byte Reload
+ str r3, [r4, #24]
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r1, r0, r10
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str r1, [r4, #28]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [r4, #32]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [r4, #36]
+ adcs r0, r0, lr
+ str r0, [r4, #40]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ add r12, r4, #48
+ str r0, [r4, #44]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ adcs r1, r6, #0
+ adcs r2, r2, #0
+ adc r3, r3, #0
+ stm r12, {r0, r1, r2, r3}
+ add sp, sp, #124
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end113:
+ .size mcl_fpDbl_sqrPre8L, .Lfunc_end113-mcl_fpDbl_sqrPre8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont8L
+ .align 2
+ .type mcl_fp_mont8L,%function
+mcl_fp_mont8L: @ @mcl_fp_mont8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #724
+ sub sp, sp, #724
+ mov r7, r2
+ ldr r5, [r3, #-4]
+ str r0, [sp, #60] @ 4-byte Spill
+ add r0, sp, #680
+ str r3, [sp, #64] @ 4-byte Spill
+ str r1, [sp, #68] @ 4-byte Spill
+ mov r4, r3
+ mov r11, r1
+ ldr r2, [r7]
+ str r7, [sp, #76] @ 4-byte Spill
+ str r5, [sp, #72] @ 4-byte Spill
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #684]
+ ldr r9, [sp, #680]
+ mov r1, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #688]
+ mul r2, r9, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #712]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #640
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #672]
+ add r10, sp, #644
+ ldr r4, [sp, #656]
+ ldr r6, [sp, #640]
+ mov r1, r11
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r5, r8, r10}
+ ldr r2, [r7, #4]
+ add r0, sp, #600
+ bl .LmulPv256x32(PLT)
+ adds r0, r6, r9
+ ldr r2, [sp, #12] @ 4-byte Reload
+ mov r1, #0
+ add r12, sp, #604
+ ldr r9, [sp, #628]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #632]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r10, r10, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #600]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r11, r2, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r7, r2, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r1, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r3, r6, r12}
+ ldr lr, [sp, #48] @ 4-byte Reload
+ ldr r5, [sp, #44] @ 4-byte Reload
+ adds r4, lr, r4
+ adcs r0, r5, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r10, r1
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r11, r6
+ ldr r6, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ mov r1, r6
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #560
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #592]
+ ldr r5, [sp, #76] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r7, [sp, #576]
+ ldr r10, [sp, #560]
+ ldr r11, [sp, #564]
+ ldr r8, [sp, #568]
+ ldr r9, [sp, #572]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ ldr r2, [r5, #8]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #520
+ bl .LmulPv256x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #520
+ ldr r4, [sp, #544]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #552]
+ adcs r11, r0, r9
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r9, [sp, #548]
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adds r7, r7, r0
+ adcs r0, r10, r1
+ mov r1, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r11, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #480
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #512]
+ ldr r2, [r5, #12]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #500]
+ ldr r6, [sp, #496]
+ ldr r10, [sp, #480]
+ ldr r11, [sp, #484]
+ ldr r8, [sp, #488]
+ ldr r9, [sp, #492]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #440
+ bl .LmulPv256x32(PLT)
+ adds r0, r7, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #440
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #472]
+ adcs r11, r0, r9
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r9, [sp, #468]
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #464]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r5, r0
+ adcs r0, r10, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r11, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r6, r4
+ ldr r6, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ mul r2, r7, r6
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #400
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #432]
+ ldr r5, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #416]
+ ldr r10, [sp, #400]
+ ldr r11, [sp, #404]
+ ldr r8, [sp, #408]
+ ldr r9, [sp, #412]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #428]
+ mov r1, r5
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #424]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #420]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #360
+ bl .LmulPv256x32(PLT)
+ adds r0, r7, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #360
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r7, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #392]
+ adcs r11, r0, r9
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r9, [sp, #388]
+ adcs r0, r0, r4
+ ldr r4, [sp, #384]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r7, r0
+ adcs r0, r10, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r11, r2
+ mul r2, r7, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #320
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #352]
+ ldr r6, [sp, #340]
+ ldr r4, [sp, #336]
+ ldr r10, [sp, #320]
+ ldr r11, [sp, #324]
+ ldr r8, [sp, #328]
+ ldr r9, [sp, #332]
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #348]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #344]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #280
+ bl .LmulPv256x32(PLT)
+ adds r0, r7, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #280
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #312]
+ adcs r11, r0, r9
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r9, [sp, #308]
+ adcs r0, r0, r4
+ ldr r4, [sp, #304]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r5, r0
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r11, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r6, r4
+ ldr r6, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ mul r2, r7, r6
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #240
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #272]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #256]
+ ldr r10, [sp, #240]
+ ldr r11, [sp, #244]
+ ldr r8, [sp, #248]
+ ldr r9, [sp, #252]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #268]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #264]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #260]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #200
+ bl .LmulPv256x32(PLT)
+ adds r0, r7, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #200
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r7, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r8, [sp, #232]
+ adcs r11, r0, r9
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r9, [sp, #228]
+ adcs r0, r0, r4
+ ldr r4, [sp, #224]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r7, r0
+ adcs r0, r10, r1
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ adcs r0, r11, r2
+ mul r2, r7, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #160
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #192]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r6, [sp, #184]
+ ldr r4, [sp, #180]
+ ldr r5, [sp, #176]
+ ldr r10, [sp, #160]
+ ldr r11, [sp, #164]
+ ldr r8, [sp, #168]
+ ldr r9, [sp, #172]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #120
+ bl .LmulPv256x32(PLT)
+ adds r0, r7, r10
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ ldr r12, [sp, #124]
+ ldr r3, [sp, #128]
+ add lr, sp, #136
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r8, r1, r8
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r9, r1, r9
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r11, r1, r4
+ ldr r1, [sp, #36] @ 4-byte Reload
+ ldr r4, [sp, #132]
+ adcs r1, r1, r6
+ ldr r6, [sp, #152]
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r10, r1, r2
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #120]
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adc r1, r1, #0
+ adds r5, r0, r2
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r8, r8, r12
+ str r1, [sp, #52] @ 4-byte Spill
+ adcs r3, r9, r3
+ mul r7, r5, r0
+ ldm lr, {r0, r1, r2, lr}
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r3, [sp, #76] @ 4-byte Reload
+ adcs r3, r3, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r9, r11, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r3, [sp, #44] @ 4-byte Spill
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ adcs r0, r10, r2
+ mov r2, r7
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r6
+ mov r0, #0
+ adc r11, r0, #0
+ add r0, sp, #80
+ bl .LmulPv256x32(PLT)
+ add r3, sp, #80
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r5, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs lr, r8, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str lr, [sp, #40] @ 4-byte Spill
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r7, r0, r3
+ ldr r0, [sp, #96]
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r9, r9, r0
+ ldr r0, [sp, #100]
+ adcs r12, r1, r0
+ ldr r0, [sp, #104]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r12, [sp, #68] @ 4-byte Spill
+ adcs r8, r1, r0
+ ldr r0, [sp, #108]
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r8, [sp, #72] @ 4-byte Spill
+ adcs r6, r1, r0
+ ldr r0, [sp, #112]
+ adcs r5, r10, r0
+ adc r0, r11, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldm r4, {r1, r2, r3, r11}
+ ldr r0, [r4, #16]
+ ldr r10, [r4, #24]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r4, #20]
+ subs r1, lr, r1
+ ldr lr, [sp, #56] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r4, #28]
+ sbcs r2, lr, r2
+ ldr r4, [sp, #48] @ 4-byte Reload
+ sbcs r3, r7, r3
+ sbcs r7, r9, r11
+ mov r11, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbcs r0, r12, r0
+ sbcs r12, r8, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ sbcs r8, r6, r10
+ mov r10, r5
+ sbcs r4, r5, r4
+ ldr r5, [sp, #76] @ 4-byte Reload
+ sbc r6, r5, #0
+ ldr r5, [sp, #40] @ 4-byte Reload
+ ands r6, r6, #1
+ movne r2, lr
+ movne r1, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ str r1, [r5]
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r2, [r5, #4]
+ movne r3, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ cmp r6, #0
+ movne r7, r9
+ str r3, [r5, #8]
+ str r7, [r5, #12]
+ movne r0, r1
+ str r0, [r5, #16]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ movne r12, r0
+ cmp r6, #0
+ movne r8, r11
+ movne r4, r10
+ str r12, [r5, #20]
+ str r8, [r5, #24]
+ str r4, [r5, #28]
+ add sp, sp, #724
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end114:
+ .size mcl_fp_mont8L, .Lfunc_end114-mcl_fp_mont8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF8L
+ .align 2
+ .type mcl_fp_montNF8L,%function
+mcl_fp_montNF8L: @ @mcl_fp_montNF8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #716
+ sub sp, sp, #716
+ mov r7, r2
+ ldr r5, [r3, #-4]
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #672
+ str r3, [sp, #60] @ 4-byte Spill
+ str r1, [sp, #68] @ 4-byte Spill
+ mov r4, r3
+ mov r10, r1
+ ldr r2, [r7]
+ str r7, [sp, #56] @ 4-byte Spill
+ str r5, [sp, #64] @ 4-byte Spill
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #676]
+ ldr r11, [sp, #672]
+ mov r1, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #680]
+ mul r2, r11, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #684]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #688]
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #632
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #664]
+ ldr r2, [r7, #4]
+ ldr r4, [sp, #648]
+ ldr r6, [sp, #632]
+ ldr r8, [sp, #636]
+ ldr r5, [sp, #640]
+ ldr r9, [sp, #644]
+ mov r1, r10
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #656]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #652]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #592
+ bl .LmulPv256x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add r6, sp, #596
+ ldr r12, [sp, #616]
+ ldr r3, [sp, #612]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #620]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r9, r9, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r11, r4, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r4, [sp, #592]
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r10, r1, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r7, r1, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adc r0, r1, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #624]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r6, {r0, r1, r2, r6}
+ ldr lr, [sp, #40] @ 4-byte Reload
+ ldr r5, [sp, #36] @ 4-byte Reload
+ adds r4, lr, r4
+ adcs r0, r5, r0
+ ldr r5, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r9, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r11, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ mul r2, r4, r5
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r10, r3
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r7, r12
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ mov r1, r7
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #552
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #584]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r9, [sp, #568]
+ ldr r10, [sp, #552]
+ ldr r11, [sp, #556]
+ ldr r8, [sp, #560]
+ ldr r6, [sp, #564]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #576]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #572]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #512
+ bl .LmulPv256x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #516
+ ldr r4, [sp, #536]
+ ldr r3, [sp, #512]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #540]
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adds r9, r6, r3
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r1
+ mov r1, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r9, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #472
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #504]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #492]
+ ldr r7, [sp, #488]
+ ldr r10, [sp, #472]
+ ldr r11, [sp, #476]
+ ldr r8, [sp, #480]
+ ldr r6, [sp, #484]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #496]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #432
+ bl .LmulPv256x32(PLT)
+ adds r0, r9, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r3, [sp, #432]
+ add lr, sp, #436
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r5, r0, r11
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #460]
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #456]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r9, r5, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #464]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r7, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r6, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #392
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #424]
+ ldr r5, [sp, #56] @ 4-byte Reload
+ ldr r7, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #408]
+ ldr r10, [sp, #392]
+ ldr r11, [sp, #396]
+ ldr r8, [sp, #400]
+ ldr r6, [sp, #404]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #420]
+ ldr r2, [r5, #16]
+ mov r1, r7
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #352
+ bl .LmulPv256x32(PLT)
+ adds r0, r9, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r3, [sp, #352]
+ add lr, sp, #356
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r9, r0, r11
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #380]
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #376]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r9, r9, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r6, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #312
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #344]
+ ldr r2, [r5, #20]
+ ldr r4, [sp, #328]
+ ldr r10, [sp, #312]
+ ldr r11, [sp, #316]
+ ldr r8, [sp, #320]
+ ldr r6, [sp, #324]
+ mov r1, r7
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #340]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #336]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #332]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #272
+ bl .LmulPv256x32(PLT)
+ adds r0, r9, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r3, [sp, #272]
+ add lr, sp, #276
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r5, r0, r11
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #300]
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r0, r4
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r4, [sp, #296]
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r9, r5, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #304]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r1
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r7, r2
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mul r2, r9, r7
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r6, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #232
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #264]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #248]
+ ldr r10, [sp, #232]
+ ldr r11, [sp, #236]
+ ldr r8, [sp, #240]
+ ldr r6, [sp, #244]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #260]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #256]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #252]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #192
+ bl .LmulPv256x32(PLT)
+ adds r0, r9, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r3, [sp, #192]
+ add lr, sp, #196
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r9, r0, r11
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r10, r0, r8
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #220]
+ adcs r11, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #216]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r9, r9, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r1
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r9, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r6, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #152
+ bl .LmulPv256x32(PLT)
+ ldr r0, [sp, #184]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r5, [sp, #176]
+ ldr r4, [sp, #172]
+ ldr r7, [sp, #168]
+ ldr r10, [sp, #152]
+ ldr r11, [sp, #156]
+ ldr r8, [sp, #160]
+ ldr r6, [sp, #164]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #180]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #112
+ bl .LmulPv256x32(PLT)
+ adds r0, r9, r10
+ ldr r1, [sp, #44] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #128
+ ldr r12, [sp, #116]
+ ldr r3, [sp, #120]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r1, r1, r8
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r11, r1, r7
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r10, r1, r4
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r4, [sp, #124]
+ adcs r1, r1, r5
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #112]
+ str r1, [sp, #40] @ 4-byte Spill
+ adds r5, r0, r2
+ ldr r0, [sp, #64] @ 4-byte Reload
+ mul r9, r5, r0
+ ldm lr, {r0, r1, r2, r6, lr}
+ ldr r8, [sp, #68] @ 4-byte Reload
+ adcs r7, r8, r12
+ ldr r8, [sp, #60] @ 4-byte Reload
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs r3, r7, r3
+ adcs r11, r11, r4
+ str r3, [sp, #56] @ 4-byte Spill
+ adcs r4, r10, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ mov r2, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r10, r0, r6
+ add r0, sp, #72
+ adc r7, lr, #0
+ bl .LmulPv256x32(PLT)
+ add r3, sp, #72
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r5, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r5, r0, r1
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #88]
+ adcs r3, r4, r0
+ ldr r0, [sp, #92]
+ str r3, [sp, #40] @ 4-byte Spill
+ adcs r6, r1, r0
+ ldr r0, [sp, #96]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r6, [sp, #64] @ 4-byte Spill
+ adcs r12, r1, r0
+ ldr r0, [sp, #100]
+ ldr r1, [sp, #104]
+ str r12, [sp, #68] @ 4-byte Spill
+ adcs r11, r10, r0
+ adc r4, r7, r1
+ ldm r8, {r1, r2, r9, r10}
+ ldr r0, [r8, #20]
+ ldr r7, [r8, #16]
+ ldr lr, [r8, #28]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r8, #24]
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, r5
+ subs r5, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r8, r1, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ sbcs r9, r2, r9
+ sbcs r10, r3, r10
+ ldr r3, [sp, #36] @ 4-byte Reload
+ sbcs r7, r6, r7
+ sbcs r6, r12, r3
+ ldr r3, [sp, #44] @ 4-byte Reload
+ sbcs r12, r11, r3
+ sbc lr, r4, lr
+ cmp lr, #0
+ movlt r5, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ movlt r8, r1
+ movlt r9, r2
+ cmp lr, #0
+ movlt r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ movlt r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ movlt r6, r0
+ cmp lr, #0
+ movlt lr, r4
+ ldr r4, [sp, #52] @ 4-byte Reload
+ movlt r12, r11
+ add r0, r4, #20
+ stm r4, {r5, r8, r9, r10}
+ str r7, [r4, #16]
+ stm r0, {r6, r12, lr}
+ add sp, sp, #716
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end115:
+ .size mcl_fp_montNF8L, .Lfunc_end115-mcl_fp_montNF8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed8L
+ .align 2
+ .type mcl_fp_montRed8L,%function
+mcl_fp_montRed8L: @ @mcl_fp_montRed8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #420
+ sub sp, sp, #420
+ mov r5, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r4, [r1]
+ ldr r9, [r1, #40]
+ ldr r10, [r1, #44]
+ ldr r0, [r5]
+ ldr r11, [r5, #-4]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r5, #4]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r5, #8]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #16]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r5, #12]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r1, #20]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r5, #16]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #24]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r5, #20]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #28]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r5, #24]
+ str r2, [sp, #44] @ 4-byte Spill
+ mul r2, r4, r11
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r5, #28]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ mov r1, r5
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #376
+ bl .LmulPv256x32(PLT)
+ add lr, sp, #396
+ ldr r8, [sp, #408]
+ add r6, sp, #384
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #376]
+ ldr r1, [sp, #380]
+ ldm r6, {r0, r2, r6}
+ adds r4, r4, r7
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r4, r4, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r4, r11
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ adcs r9, r9, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r0, r10, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #336
+ bl .LmulPv256x32(PLT)
+ add lr, sp, #356
+ ldr r8, [sp, #368]
+ add r6, sp, #340
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #336]
+ ldm r6, {r0, r1, r2, r6}
+ adds r4, r4, r7
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r4, r4, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r0, r2
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mul r2, r4, r11
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r9, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #296
+ bl .LmulPv256x32(PLT)
+ add r8, sp, #320
+ add lr, sp, #300
+ ldm r8, {r6, r7, r8}
+ ldr r1, [sp, #296]
+ ldm lr, {r0, r2, r3, r12, lr}
+ adds r1, r4, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r4, r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r10, r10, r2
+ mul r2, r4, r11
+ adcs r9, r0, r3
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #256
+ bl .LmulPv256x32(PLT)
+ add lr, sp, #276
+ ldr r8, [sp, #288]
+ add r6, sp, #260
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #256]
+ ldm r6, {r0, r1, r2, r6}
+ adds r4, r4, r7
+ adcs r4, r10, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r9, r9, r1
+ mov r1, r5
+ adcs r10, r0, r2
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mul r2, r4, r11
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #216
+ bl .LmulPv256x32(PLT)
+ add r8, sp, #240
+ add lr, sp, #220
+ ldm r8, {r6, r7, r8}
+ ldr r1, [sp, #216]
+ ldm lr, {r0, r2, r3, r12, lr}
+ adds r1, r4, r1
+ adcs r4, r9, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r1, r5
+ adcs r10, r10, r2
+ mul r2, r4, r11
+ adcs r9, r0, r3
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #176
+ bl .LmulPv256x32(PLT)
+ add lr, sp, #196
+ ldr r8, [sp, #208]
+ add r6, sp, #180
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #176]
+ ldm r6, {r0, r1, r2, r6}
+ adds r4, r4, r7
+ adcs r4, r10, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r7, r9, r1
+ mov r1, r5
+ adcs r9, r0, r2
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mul r2, r4, r11
+ adcs r6, r0, r6
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r0, r3
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #136
+ bl .LmulPv256x32(PLT)
+ add r12, sp, #136
+ ldm r12, {r0, r1, r3, r12}
+ adds r0, r4, r0
+ adcs r4, r7, r1
+ ldr r7, [sp, #152]
+ ldr r0, [sp, #168]
+ adcs r1, r9, r3
+ ldr r3, [sp, #160]
+ mul r2, r4, r11
+ adcs r9, r6, r12
+ ldr r6, [sp, #156]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #164]
+ adcs r10, r10, r7
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs r6, r7, r6
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r8, r7, r3
+ ldr r3, [sp, #48] @ 4-byte Reload
+ adcs r11, r3, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #96
+ bl .LmulPv256x32(PLT)
+ add r3, sp, #96
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r5, r0, r1
+ ldr r0, [sp, #112]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r9, r9, r2
+ adcs r10, r10, r3
+ adcs r3, r6, r0
+ ldr r0, [sp, #116]
+ str r3, [sp, #36] @ 4-byte Spill
+ adcs lr, r8, r0
+ ldr r0, [sp, #120]
+ str lr, [sp, #40] @ 4-byte Spill
+ adcs r7, r11, r0
+ ldr r0, [sp, #124]
+ str r7, [sp, #44] @ 4-byte Spill
+ adcs r4, r1, r0
+ ldr r0, [sp, #128]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r4, [sp, #48] @ 4-byte Spill
+ adcs r12, r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r8, r0, #0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ subs r1, r5, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ sbcs r2, r9, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ sbcs r6, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r3, r0
+ ldr r3, [sp, #68] @ 4-byte Reload
+ sbcs r11, lr, r3
+ ldr r3, [sp, #72] @ 4-byte Reload
+ sbcs r3, r7, r3
+ ldr r7, [sp, #76] @ 4-byte Reload
+ sbcs lr, r4, r7
+ ldr r7, [sp, #60] @ 4-byte Reload
+ sbcs r4, r12, r7
+ sbc r7, r8, #0
+ ands r7, r7, #1
+ movne r1, r5
+ ldr r5, [sp, #92] @ 4-byte Reload
+ movne r2, r9
+ movne r6, r10
+ cmp r7, #0
+ str r1, [r5]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r2, [r5, #4]
+ str r6, [r5, #8]
+ movne r0, r1
+ str r0, [r5, #12]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ movne r11, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r11, [r5, #16]
+ movne r3, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ cmp r7, #0
+ movne r4, r12
+ str r3, [r5, #20]
+ movne lr, r0
+ str lr, [r5, #24]
+ str r4, [r5, #28]
+ add sp, sp, #420
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end116:
+ .size mcl_fp_montRed8L, .Lfunc_end116-mcl_fp_montRed8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre8L
+ .align 2
+ .type mcl_fp_addPre8L,%function
+mcl_fp_addPre8L: @ @mcl_fp_addPre8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldr r3, [r1, #4]
+ ldr r9, [r1]
+ ldr r10, [r1, #12]
+ ldr r11, [r1, #16]
+ ldr r8, [r1, #28]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r1, #8]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r1, #20]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [r1, #24]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldm r2, {r1, r3, r4, r5, r12, lr}
+ ldr r7, [sp, #12] @ 4-byte Reload
+ ldr r6, [r2, #24]
+ ldr r2, [r2, #28]
+ adds r1, r1, r9
+ adcs r3, r3, r7
+ ldr r7, [sp, #8] @ 4-byte Reload
+ adcs r4, r4, r7
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r5, r5, r10
+ adcs r12, r12, r11
+ adcs lr, lr, r7
+ ldr r7, [sp, #4] @ 4-byte Reload
+ stm r0, {r1, r3, r4, r5, r12, lr}
+ adcs r6, r6, r7
+ adcs r2, r2, r8
+ str r6, [r0, #24]
+ str r2, [r0, #28]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end117:
+ .size mcl_fp_addPre8L, .Lfunc_end117-mcl_fp_addPre8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre8L
+ .align 2
+ .type mcl_fp_subPre8L,%function
+mcl_fp_subPre8L: @ @mcl_fp_subPre8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldr r3, [r2, #4]
+ ldr r9, [r2]
+ ldr r10, [r2, #12]
+ ldr r11, [r2, #16]
+ ldr r8, [r2, #28]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #8]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldm r1, {r2, r3, r4, r5, r12, lr}
+ ldr r7, [sp, #12] @ 4-byte Reload
+ ldr r6, [r1, #24]
+ ldr r1, [r1, #28]
+ subs r2, r2, r9
+ sbcs r3, r3, r7
+ ldr r7, [sp, #8] @ 4-byte Reload
+ sbcs r4, r4, r7
+ ldr r7, [sp] @ 4-byte Reload
+ sbcs r5, r5, r10
+ sbcs r12, r12, r11
+ sbcs lr, lr, r7
+ ldr r7, [sp, #4] @ 4-byte Reload
+ stm r0, {r2, r3, r4, r5, r12, lr}
+ sbcs r6, r6, r7
+ sbcs r1, r1, r8
+ str r6, [r0, #24]
+ str r1, [r0, #28]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end118:
+ .size mcl_fp_subPre8L, .Lfunc_end118-mcl_fp_subPre8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_8L
+ .align 2
+ .type mcl_fp_shr1_8L,%function
+mcl_fp_shr1_8L: @ @mcl_fp_shr1_8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ ldr r3, [r1, #4]
+ ldr r12, [r1]
+ ldr lr, [r1, #12]
+ add r6, r1, #16
+ ldr r2, [r1, #8]
+ ldm r6, {r4, r5, r6}
+ ldr r1, [r1, #28]
+ lsrs r7, r3, #1
+ lsr r3, r3, #1
+ rrx r12, r12
+ lsrs r7, lr, #1
+ orr r8, r3, r2, lsl #31
+ lsr r7, lr, #1
+ rrx r2, r2
+ lsrs r3, r5, #1
+ lsr r5, r5, #1
+ str r12, [r0]
+ str r8, [r0, #4]
+ orr r7, r7, r4, lsl #31
+ rrx r3, r4
+ lsrs r4, r1, #1
+ str r2, [r0, #8]
+ orr r5, r5, r6, lsl #31
+ lsr r1, r1, #1
+ add r2, r0, #16
+ rrx r6, r6
+ str r7, [r0, #12]
+ stm r2, {r3, r5, r6}
+ str r1, [r0, #28]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end119:
+ .size mcl_fp_shr1_8L, .Lfunc_end119-mcl_fp_shr1_8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add8L
+ .align 2
+ .type mcl_fp_add8L,%function
+mcl_fp_add8L: @ @mcl_fp_add8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ ldr r7, [r1, #12]
+ ldr lr, [r1]
+ ldr r11, [r1, #4]
+ ldr r10, [r1, #8]
+ add r8, r2, #20
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r1, #24]
+ ldr r1, [r1, #28]
+ str r7, [sp, #12] @ 4-byte Spill
+ str r1, [sp, #4] @ 4-byte Spill
+ ldm r2, {r1, r4, r5, r12}
+ ldr r9, [r2, #16]
+ ldm r8, {r6, r7, r8}
+ ldr r2, [sp] @ 4-byte Reload
+ adds lr, r1, lr
+ adcs r1, r4, r11
+ str lr, [r0]
+ adcs r4, r5, r10
+ ldr r5, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ str r4, [sp, #20] @ 4-byte Spill
+ adcs r10, r12, r5
+ adcs r5, r9, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r5, [sp, #16] @ 4-byte Spill
+ adcs r12, r6, r2
+ ldr r6, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ stmib r0, {r1, r4, r10}
+ mov r1, #0
+ str r5, [r0, #16]
+ str r12, [r0, #20]
+ adcs r7, r7, r6
+ mov r6, r12
+ adcs r11, r8, r2
+ str r7, [r0, #24]
+ mov r8, lr
+ adc r1, r1, #0
+ str r11, [r0, #28]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldm r3, {r1, r2, r9, r12, lr}
+ ldr r4, [r3, #20]
+ ldr r5, [r3, #24]
+ ldr r3, [r3, #28]
+ subs r1, r8, r1
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs r8, r1, r2
+ ldr r1, [sp, #20] @ 4-byte Reload
+ sbcs r2, r1, r9
+ ldr r1, [sp, #16] @ 4-byte Reload
+ sbcs r12, r10, r12
+ sbcs lr, r1, lr
+ ldr r1, [sp, #12] @ 4-byte Reload
+ sbcs r4, r6, r4
+ sbcs r5, r7, r5
+ sbcs r6, r11, r3
+ sbc r3, r1, #0
+ tst r3, #1
+ bne .LBB120_2
+@ BB#1: @ %nocarry
+ ldr r1, [sp, #8] @ 4-byte Reload
+ stm r0, {r1, r8}
+ add r1, r0, #8
+ add r0, r0, #20
+ stm r1, {r2, r12, lr}
+ stm r0, {r4, r5, r6}
+.LBB120_2: @ %carry
+ add sp, sp, #28
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end120:
+ .size mcl_fp_add8L, .Lfunc_end120-mcl_fp_add8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF8L
+ .align 2
+ .type mcl_fp_addNF8L,%function
+mcl_fp_addNF8L: @ @mcl_fp_addNF8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #32
+ sub sp, sp, #32
+ ldm r1, {r6, r8}
+ ldr r7, [r1, #8]
+ ldr r9, [r1, #28]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r1, #12]
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r1, #20]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r1, #24]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldm r2, {r1, r4, r5, r12, lr}
+ ldr r10, [r2, #20]
+ ldr r11, [r2, #24]
+ ldr r2, [r2, #28]
+ adds r7, r1, r6
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r6, r4, r8
+ ldr r4, [sp, #20] @ 4-byte Reload
+ str r7, [sp, #4] @ 4-byte Spill
+ str r6, [sp, #8] @ 4-byte Spill
+ adcs r8, r5, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adcs r1, r12, r1
+ adcs r12, lr, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ adcs lr, r10, r5
+ adcs r5, r11, r4
+ ldr r4, [r3, #4]
+ ldr r11, [r3, #16]
+ str lr, [sp, #24] @ 4-byte Spill
+ adc r10, r2, r9
+ ldr r2, [r3]
+ ldr r9, [r3, #12]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r3, #8]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ ldr r3, [r3, #28]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [sp, #16] @ 4-byte Reload
+ subs r2, r7, r2
+ sbcs r7, r6, r4
+ ldr r4, [sp, #20] @ 4-byte Reload
+ sbcs r6, r8, r4
+ sbcs r9, r1, r9
+ ldr r1, [sp] @ 4-byte Reload
+ sbcs r4, r12, r11
+ mov r11, r12
+ sbcs r12, lr, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ sbcs lr, r5, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ sbc r3, r10, r3
+ cmp r3, #0
+ movlt r6, r8
+ movlt r2, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ movlt r7, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ cmp r3, #0
+ movlt r4, r11
+ movlt r9, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ stm r0, {r2, r7}
+ str r6, [r0, #8]
+ str r9, [r0, #12]
+ movlt r12, r1
+ cmp r3, #0
+ add r1, r0, #16
+ movlt lr, r5
+ movlt r3, r10
+ stm r1, {r4, r12, lr}
+ str r3, [r0, #28]
+ add sp, sp, #32
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end121:
+ .size mcl_fp_addNF8L, .Lfunc_end121-mcl_fp_addNF8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub8L
+ .align 2
+ .type mcl_fp_sub8L,%function
+mcl_fp_sub8L: @ @mcl_fp_sub8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r2, {r12, lr}
+ ldr r4, [r2, #8]
+ ldr r9, [r2, #20]
+ ldr r10, [r2, #24]
+ add r8, r1, #12
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [r2, #12]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ ldr r2, [r2, #28]
+ str r4, [sp] @ 4-byte Spill
+ str r2, [sp, #4] @ 4-byte Spill
+ ldm r1, {r4, r5, r11}
+ ldm r8, {r2, r7, r8}
+ ldr r6, [r1, #24]
+ ldr r1, [r1, #28]
+ subs r12, r4, r12
+ ldr r4, [sp, #12] @ 4-byte Reload
+ sbcs lr, r5, lr
+ sbcs r11, r11, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ sbcs r2, r2, r4
+ ldr r4, [sp] @ 4-byte Reload
+ sbcs r4, r7, r4
+ ldr r7, [sp, #4] @ 4-byte Reload
+ stm r0, {r12, lr}
+ str r11, [r0, #8]
+ sbcs r5, r8, r9
+ sbcs r6, r6, r10
+ sbcs r7, r1, r7
+ add r1, r0, #12
+ stm r1, {r2, r4, r5, r6, r7}
+ mov r1, #0
+ sbc r1, r1, #0
+ tst r1, #1
+ beq .LBB122_2
+@ BB#1: @ %carry
+ ldr r1, [r3]
+ add r10, r3, #12
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [r3, #4]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [r3, #8]
+ str r1, [sp] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r1, [r3, #24]
+ ldr r3, [r3, #28]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adds r1, r1, r12
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r12, r1, lr
+ ldr r1, [sp] @ 4-byte Reload
+ adcs lr, r1, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r2, r8, r2
+ adcs r4, r9, r4
+ adcs r5, r10, r5
+ adcs r6, r1, r6
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adc r3, r3, r7
+ stm r0, {r1, r12, lr}
+ add r1, r0, #12
+ stm r1, {r2, r4, r5, r6}
+ str r3, [r0, #28]
+.LBB122_2: @ %nocarry
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end122:
+ .size mcl_fp_sub8L, .Lfunc_end122-mcl_fp_sub8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF8L
+ .align 2
+ .type mcl_fp_subNF8L,%function
+mcl_fp_subNF8L: @ @mcl_fp_subNF8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #36
+ sub sp, sp, #36
+ ldm r2, {r6, r8}
+ ldr r7, [r2, #8]
+ ldr r11, [r2, #12]
+ ldr r9, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #32] @ 4-byte Spill
+ ldm r1, {r2, r4, r5, r12, lr}
+ ldr r10, [r1, #20]
+ ldr r7, [r1, #24]
+ ldr r1, [r1, #28]
+ subs r6, r2, r6
+ ldr r2, [sp, #20] @ 4-byte Reload
+ sbcs r8, r4, r8
+ ldr r4, [sp, #24] @ 4-byte Reload
+ str r6, [sp, #16] @ 4-byte Spill
+ sbcs r5, r5, r2
+ sbcs r2, r12, r11
+ ldr r11, [r3, #12]
+ sbcs r12, lr, r4
+ ldr r4, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #20] @ 4-byte Spill
+ str r12, [sp, #24] @ 4-byte Spill
+ sbcs lr, r10, r4
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r10, [r3, #16]
+ str lr, [sp, #28] @ 4-byte Spill
+ sbcs r4, r7, r4
+ ldr r7, [r3]
+ sbc r1, r1, r9
+ ldr r9, [r3, #8]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r3, #4]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r3, #20]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r3, #24]
+ ldr r3, [r3, #28]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [sp, #4] @ 4-byte Reload
+ str r7, [sp, #32] @ 4-byte Spill
+ adds r7, r6, r3
+ ldr r3, [sp] @ 4-byte Reload
+ adcs r6, r8, r3
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r9, r5, r9
+ adcs r11, r2, r11
+ adcs r2, r12, r10
+ ldr r10, [sp, #16] @ 4-byte Reload
+ adcs r12, lr, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs lr, r4, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adc r3, r1, r3
+ cmp r1, #0
+ movge r9, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ movge r7, r10
+ movge r6, r8
+ cmp r1, #0
+ str r7, [r0]
+ movge r11, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ movge r2, r5
+ ldr r5, [sp, #28] @ 4-byte Reload
+ stmib r0, {r6, r9, r11}
+ movge r12, r5
+ cmp r1, #0
+ movge r3, r1
+ movge lr, r4
+ add r1, r0, #16
+ stm r1, {r2, r12, lr}
+ str r3, [r0, #28]
+ add sp, sp, #36
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end123:
+ .size mcl_fp_subNF8L, .Lfunc_end123-mcl_fp_subNF8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add8L
+ .align 2
+ .type mcl_fpDbl_add8L,%function
+mcl_fpDbl_add8L: @ @mcl_fpDbl_add8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ ldm r1, {r7, r9}
+ ldr r6, [r1, #8]
+ ldr r8, [r1, #12]
+ ldm r2, {r4, r12, lr}
+ ldr r5, [r2, #12]
+ adds r4, r4, r7
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r2, #32]
+ adcs r7, r12, r9
+ adcs r6, lr, r6
+ add lr, r1, #16
+ adcs r9, r5, r8
+ ldr r5, [r2, #28]
+ add r8, r2, #16
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r2, #36]
+ str r5, [sp, #28] @ 4-byte Spill
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [r2, #40]
+ str r4, [sp, #44] @ 4-byte Spill
+ ldr r4, [r2, #44]
+ str r4, [sp, #48] @ 4-byte Spill
+ ldr r4, [r2, #48]
+ str r4, [sp, #52] @ 4-byte Spill
+ ldr r4, [r2, #52]
+ str r4, [sp, #56] @ 4-byte Spill
+ ldr r4, [r2, #56]
+ str r4, [sp, #60] @ 4-byte Spill
+ ldr r4, [r2, #60]
+ str r4, [sp, #64] @ 4-byte Spill
+ ldm r8, {r4, r5, r8}
+ ldr r2, [r1, #36]
+ ldr r10, [r1, #32]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #44]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r11, [r0]
+ str r7, [r0, #4]
+ str r6, [r0, #8]
+ str r9, [r0, #12]
+ ldr r6, [sp, #8] @ 4-byte Reload
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adcs r2, r5, r2
+ str r1, [r0, #16]
+ str r2, [r0, #20]
+ adcs r1, r8, r12
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, lr
+ adcs r1, r1, r10
+ str r2, [r0, #28]
+ ldr r2, [sp] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r7, r1, r2
+ ldr r1, [sp, #44] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r2, r1, r2
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r2, [sp, #44] @ 4-byte Spill
+ adcs r12, r1, r6
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r12, [sp, #48] @ 4-byte Spill
+ adcs lr, r1, r6
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str lr, [sp, #52] @ 4-byte Spill
+ adcs r5, r1, r4
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r4, [sp, #20] @ 4-byte Reload
+ str r5, [sp, #56] @ 4-byte Spill
+ adcs r8, r1, r4
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adcs r10, r1, r4
+ mov r1, #0
+ adc r1, r1, #0
+ str r10, [sp, #60] @ 4-byte Spill
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [r3]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldmib r3, {r4, r11}
+ ldr r6, [r3, #12]
+ ldr r1, [r3, #24]
+ ldr r9, [r3, #16]
+ str r6, [sp, #40] @ 4-byte Spill
+ ldr r6, [r3, #20]
+ ldr r3, [r3, #28]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r3, [sp, #32] @ 4-byte Spill
+ ldr r3, [sp, #36] @ 4-byte Reload
+ subs r1, r3, r1
+ sbcs r4, r7, r4
+ sbcs r11, r2, r11
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r2, r12, r2
+ sbcs r12, lr, r9
+ mov r9, r8
+ sbcs lr, r5, r6
+ ldr r5, [sp, #28] @ 4-byte Reload
+ sbcs r6, r8, r5
+ ldr r5, [sp, #32] @ 4-byte Reload
+ sbcs r8, r10, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ sbc r10, r5, #0
+ ands r10, r10, #1
+ movne r1, r3
+ movne r4, r7
+ str r1, [r0, #32]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r4, [r0, #36]
+ movne r11, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ cmp r10, #0
+ str r11, [r0, #40]
+ movne r2, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r2, [r0, #44]
+ movne r12, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r12, [r0, #48]
+ movne lr, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ cmp r10, #0
+ movne r6, r9
+ str lr, [r0, #52]
+ str r6, [r0, #56]
+ movne r8, r1
+ str r8, [r0, #60]
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end124:
+ .size mcl_fpDbl_add8L, .Lfunc_end124-mcl_fpDbl_add8L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub8L
+ .align 2
+ .type mcl_fpDbl_sub8L,%function
+mcl_fpDbl_sub8L: @ @mcl_fpDbl_sub8L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #64
+ sub sp, sp, #64
+ ldr r7, [r2, #32]
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldm r2, {r4, r5, r8}
+ ldr r6, [r2, #20]
+ ldr r7, [r2, #12]
+ ldr r9, [r2, #16]
+ ldr r11, [r2, #24]
+ ldr r10, [r2, #28]
+ str r6, [sp, #28] @ 4-byte Spill
+ ldm r1, {r2, r12, lr}
+ ldr r6, [r1, #12]
+ subs r4, r2, r4
+ ldr r2, [r1, #32]
+ sbcs r5, r12, r5
+ ldr r12, [r1, #36]
+ sbcs lr, lr, r8
+ add r8, r1, #16
+ sbcs r6, r6, r7
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #44]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r8, {r1, r2, r7, r8}
+ stm r0, {r4, r5, lr}
+ str r6, [r0, #12]
+ mov r4, #0
+ ldr r6, [sp, #28] @ 4-byte Reload
+ ldr r5, [sp, #20] @ 4-byte Reload
+ sbcs r1, r1, r9
+ sbcs r2, r2, r6
+ str r1, [r0, #16]
+ sbcs r1, r7, r11
+ str r2, [r0, #20]
+ ldr r2, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r1, [r0, #24]
+ sbcs r1, r8, r10
+ str r1, [r0, #28]
+ ldr r1, [sp] @ 4-byte Reload
+ sbcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ sbcs r6, r12, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r6, [sp, #36] @ 4-byte Spill
+ sbcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ sbcs r9, r7, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ ldr r7, [sp, #12] @ 4-byte Reload
+ sbcs r12, r7, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ ldr r7, [sp, #16] @ 4-byte Reload
+ str r12, [sp, #48] @ 4-byte Spill
+ sbcs lr, r7, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str lr, [sp, #52] @ 4-byte Spill
+ sbcs r8, r5, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ ldr r5, [sp, #24] @ 4-byte Reload
+ sbcs r11, r5, r2
+ sbc r2, r4, #0
+ str r2, [sp, #60] @ 4-byte Spill
+ ldm r3, {r4, r5}
+ ldr r2, [r3, #8]
+ ldr r10, [r3, #20]
+ ldr r7, [r3, #24]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r3, #12]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r3, #16]
+ ldr r3, [r3, #28]
+ str r3, [sp, #56] @ 4-byte Spill
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adds r4, r3, r4
+ adcs r5, r6, r5
+ ldr r6, [sp, #44] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r9, r1
+ adcs r2, r12, r2
+ adcs r12, lr, r10
+ adcs lr, r8, r7
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adc r10, r11, r7
+ ldr r7, [sp, #60] @ 4-byte Reload
+ ands r7, r7, #1
+ moveq r4, r3
+ ldr r3, [sp, #36] @ 4-byte Reload
+ str r4, [r0, #32]
+ moveq r5, r3
+ ldr r3, [sp, #40] @ 4-byte Reload
+ str r5, [r0, #36]
+ moveq r6, r3
+ cmp r7, #0
+ moveq r1, r9
+ str r6, [r0, #40]
+ str r1, [r0, #44]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r2, [r0, #48]
+ moveq r12, r1
+ cmp r7, #0
+ moveq lr, r8
+ moveq r10, r11
+ str r12, [r0, #52]
+ str lr, [r0, #56]
+ str r10, [r0, #60]
+ add sp, sp, #64
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end125:
+ .size mcl_fpDbl_sub8L, .Lfunc_end125-mcl_fpDbl_sub8L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv288x32,%function
+.LmulPv288x32: @ @mulPv288x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r1, [r1, #32]
+ umull r3, r7, r1, r2
+ adcs r1, r5, r3
+ adc r2, r7, #0
+ str r1, [r0, #32]
+ str r2, [r0, #36]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end126:
+ .size .LmulPv288x32, .Lfunc_end126-.LmulPv288x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre9L
+ .align 2
+ .type mcl_fp_mulUnitPre9L,%function
+mcl_fp_mulUnitPre9L: @ @mcl_fp_mulUnitPre9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ .pad #40
+ sub sp, sp, #40
+ mov r4, r0
+ mov r0, sp
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #20
+ ldr r12, [sp, #36]
+ ldm lr, {r0, r3, r8, lr}
+ ldr r1, [sp, #16]
+ ldm sp, {r5, r6, r7}
+ ldr r2, [sp, #12]
+ stm r4, {r5, r6, r7}
+ str r2, [r4, #12]
+ str r1, [r4, #16]
+ add r1, r4, #20
+ stm r1, {r0, r3, r8, lr}
+ str r12, [r4, #36]
+ add sp, sp, #40
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end127:
+ .size mcl_fp_mulUnitPre9L, .Lfunc_end127-mcl_fp_mulUnitPre9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre9L
+ .align 2
+ .type mcl_fpDbl_mulPre9L,%function
+mcl_fpDbl_mulPre9L: @ @mcl_fpDbl_mulPre9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #412
+ sub sp, sp, #412
+ mov r10, r2
+ mov r8, r0
+ add r0, sp, #368
+ str r1, [sp, #44] @ 4-byte Spill
+ mov r4, r1
+ ldr r2, [r10]
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #404]
+ ldr r1, [sp, #376]
+ ldr r2, [r10, #4]
+ ldr r9, [sp, #372]
+ ldr r11, [sp, #380]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #400]
+ str r1, [sp, #16] @ 4-byte Spill
+ mov r1, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #396]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #392]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #388]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [r8]
+ add r0, sp, #328
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #352
+ ldr r4, [sp, #364]
+ add r7, sp, #332
+ ldm lr, {r3, r12, lr}
+ ldr r6, [sp, #328]
+ ldm r7, {r0, r1, r2, r5, r7}
+ adds r6, r6, r9
+ str r6, [r8, #4]
+ ldr r6, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #12] @ 4-byte Spill
+ adcs r0, r1, r11
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r10, #8]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r4, #0
+ ldr r4, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #288
+ mov r1, r4
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #312
+ add lr, sp, #288
+ ldm r9, {r5, r6, r7, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #12] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r8, #8]
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ mov r1, r4
+ adcs r0, r2, r0
+ ldr r2, [r10, #12]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r9, #0
+ mov r9, r4
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #248
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #272
+ ldr r4, [sp, #284]
+ add r6, sp, #252
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #248]
+ ldr r5, [sp, #268]
+ ldm r6, {r0, r1, r2, r6}
+ adds r7, r7, r11
+ str r7, [r8, #12]
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r11, r0, r7
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r10, #16]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r4, #0
+ mov r4, r9
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #208
+ mov r1, r4
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #232
+ add lr, sp, #208
+ ldm r9, {r5, r6, r7, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r0, r11
+ str r0, [r8, #16]
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ mov r1, r4
+ adcs r0, r2, r0
+ ldr r2, [r10, #20]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r9, #0
+ mov r9, r4
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #168
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #192
+ ldr r4, [sp, #204]
+ add r6, sp, #172
+ ldm lr, {r3, r12, lr}
+ ldr r7, [sp, #168]
+ ldr r5, [sp, #188]
+ ldm r6, {r0, r1, r2, r6}
+ adds r7, r7, r11
+ str r7, [r8, #20]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r11, r0, r7
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r10, #24]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ adc r0, r4, #0
+ mov r4, r9
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #128
+ mov r1, r4
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #152
+ add lr, sp, #128
+ ldm r9, {r5, r6, r7, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r0, r11
+ str r0, [r8, #24]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mov r1, r4
+ adcs r0, r2, r0
+ ldr r2, [r10, #28]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #88
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #124]
+ add lr, sp, #112
+ add r7, sp, #92
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r5, r12, lr}
+ ldr r2, [sp, #88]
+ ldr r6, [sp, #108]
+ ldm r7, {r0, r1, r3, r7}
+ ldr r4, [sp, #40] @ 4-byte Reload
+ adds r2, r2, r11
+ adcs r9, r0, r4
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r2, [r8, #28]
+ ldr r2, [r10, #32]
+ adcs r10, r1, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r11, r3, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r7, r7, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r6, r6, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r5, r5, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r4, r0, #0
+ add r0, sp, #48
+ bl .LmulPv288x32(PLT)
+ add r3, sp, #48
+ ldm r3, {r0, r1, r2, r3}
+ ldr r12, [sp, #84]
+ ldr lr, [sp, #80]
+ adds r0, r0, r9
+ ldr r9, [sp, #76]
+ adcs r1, r1, r10
+ adcs r2, r2, r11
+ ldr r11, [sp, #72]
+ adcs r10, r3, r7
+ ldr r7, [sp, #64]
+ ldr r3, [sp, #68]
+ str r0, [r8, #32]
+ str r1, [r8, #36]
+ str r2, [r8, #40]
+ str r10, [r8, #44]
+ adcs r0, r7, r6
+ str r0, [r8, #48]
+ adcs r0, r3, r5
+ str r0, [r8, #52]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [r8, #56]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [r8, #60]
+ adcs r0, lr, r4
+ adc r1, r12, #0
+ str r0, [r8, #64]
+ str r1, [r8, #68]
+ add sp, sp, #412
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end128:
+ .size mcl_fpDbl_mulPre9L, .Lfunc_end128-mcl_fpDbl_mulPre9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre9L
+ .align 2
+ .type mcl_fpDbl_sqrPre9L,%function
+mcl_fpDbl_sqrPre9L: @ @mcl_fpDbl_sqrPre9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #412
+ sub sp, sp, #412
+ mov r5, r1
+ mov r4, r0
+ add r0, sp, #368
+ ldr r2, [r5]
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #404]
+ add r11, sp, #368
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #400]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #396]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #392]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #388]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r0, r10, r11}
+ ldr r1, [sp, #380]
+ ldr r2, [r5, #4]
+ str r1, [sp, #20] @ 4-byte Spill
+ str r0, [r4]
+ add r0, sp, #328
+ mov r1, r5
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #348
+ add r7, sp, #328
+ ldr r9, [sp, #364]
+ ldr r8, [sp, #360]
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r0, r0, r10
+ str r0, [r4, #4]
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r2, [r5, #8]
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #288
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #312
+ add lr, sp, #288
+ ldm r9, {r6, r7, r8, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r0, r10
+ str r0, [r4, #8]
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r2, [r5, #12]
+ adcs r0, r3, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #248
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #268
+ add r7, sp, #248
+ ldr r9, [sp, #284]
+ ldr r8, [sp, #280]
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r0, r0, r10
+ str r0, [r4, #12]
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r2, [r5, #16]
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #208
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #232
+ add lr, sp, #208
+ ldm r9, {r6, r7, r8, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r0, r10
+ str r0, [r4, #16]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r2, [r5, #20]
+ adcs r0, r3, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #168
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #188
+ add r7, sp, #168
+ ldr r9, [sp, #204]
+ ldr r8, [sp, #200]
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r0, r0, r10
+ str r0, [r4, #20]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r2, [r5, #24]
+ adcs r0, r3, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #128
+ bl .LmulPv288x32(PLT)
+ add r9, sp, #152
+ add lr, sp, #128
+ ldm r9, {r6, r7, r8, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r0, r10
+ str r0, [r4, #24]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r10, r1, r11
+ mov r1, r5
+ adcs r11, r2, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r2, [r5, #28]
+ adcs r0, r3, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #88
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #124]
+ ldr r2, [sp, #88]
+ ldr r1, [sp, #92]
+ add r12, sp, #96
+ ldr lr, [sp, #116]
+ ldr r6, [sp, #112]
+ ldr r7, [sp, #108]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #120]
+ adds r2, r2, r10
+ adcs r10, r1, r11
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r12, {r0, r3, r12}
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r2, [r4, #28]
+ ldr r2, [r5, #32]
+ adcs r11, r0, r1
+ ldr r0, [sp, #40] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r8, r3, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r9, r12, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #48
+ bl .LmulPv288x32(PLT)
+ add r3, sp, #48
+ add lr, sp, #72
+ ldm r3, {r0, r1, r2, r3}
+ ldr r12, [sp, #84]
+ adds r0, r0, r10
+ adcs r1, r1, r11
+ adcs r2, r2, r8
+ ldm lr, {r5, r8, lr}
+ ldr r6, [sp, #68]
+ ldr r7, [sp, #64]
+ adcs r3, r3, r9
+ add r9, r4, #32
+ stm r9, {r0, r1, r2}
+ str r3, [r4, #44]
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [r4, #48]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [r4, #52]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [r4, #56]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [r4, #60]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ adc r1, r12, #0
+ str r0, [r4, #64]
+ str r1, [r4, #68]
+ add sp, sp, #412
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end129:
+ .size mcl_fpDbl_sqrPre9L, .Lfunc_end129-mcl_fpDbl_sqrPre9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont9L
+ .align 2
+ .type mcl_fp_mont9L,%function
+mcl_fp_mont9L: @ @mcl_fp_mont9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #804
+ sub sp, sp, #804
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r6, [r3, #-4]
+ ldr r2, [r2]
+ str r0, [sp, #60] @ 4-byte Spill
+ add r0, sp, #760
+ str r3, [sp, #76] @ 4-byte Spill
+ str r1, [sp, #68] @ 4-byte Spill
+ mov r4, r3
+ mov r7, r1
+ str r6, [sp, #72] @ 4-byte Spill
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #764]
+ ldr r5, [sp, #760]
+ mov r1, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #768]
+ mul r2, r5, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #772]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #776]
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #720
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #756]
+ add r11, sp, #724
+ ldr r4, [sp, #736]
+ ldr r9, [sp, #720]
+ mov r1, r7
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #744]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #740]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r8, r10, r11}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ add r0, sp, #680
+ ldr r2, [r6, #4]
+ bl .LmulPv288x32(PLT)
+ adds r0, r9, r5
+ ldr r2, [sp, #4] @ 4-byte Reload
+ mov r1, #0
+ add lr, sp, #680
+ ldr r9, [sp, #716]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r5, r8, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #712]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #708]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #704]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r2, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r8, r1, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #640
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #676]
+ add r10, sp, #640
+ ldr r11, [sp, #660]
+ ldr r7, [sp, #656]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r2, [r6, #8]
+ ldr r6, [sp, #68] @ 4-byte Reload
+ add r0, sp, #600
+ mov r1, r6
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #600
+ ldr r4, [sp, #624]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #636]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #632]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #628]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #560
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #596]
+ add r10, sp, #560
+ ldr r11, [sp, #580]
+ ldr r7, [sp, #576]
+ mov r1, r6
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #520
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #520
+ ldr r4, [sp, #544]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #556]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #552]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #548]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r6, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #480
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #516]
+ add r10, sp, #480
+ ldr r11, [sp, #500]
+ ldr r7, [sp, #496]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #512]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ add r0, sp, #440
+ ldr r2, [r6, #16]
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #440
+ ldr r4, [sp, #464]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #476]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #472]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #468]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #400
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #436]
+ add r10, sp, #400
+ ldr r11, [sp, #420]
+ ldr r7, [sp, #416]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #432]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #428]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #424]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r2, [r6, #20]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ add r0, sp, #360
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #360
+ ldr r4, [sp, #384]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #396]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #392]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #388]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r6, lr
+ ldr r6, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ mul r2, r5, r6
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #320
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #356]
+ add r10, sp, #320
+ ldr r11, [sp, #340]
+ ldr r7, [sp, #336]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #348]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #344]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #280
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #280
+ ldr r4, [sp, #304]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #316]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #312]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #308]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r5, r6
+ ldr r6, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ mov r1, r6
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #240
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #276]
+ add r10, sp, #240
+ ldr r11, [sp, #260]
+ ldr r7, [sp, #256]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #272]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #268]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #264]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #200
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #200
+ ldr r4, [sp, #224]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #236]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #232]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #228]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r8, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ adcs r0, r8, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #160
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #196]
+ add r10, sp, #160
+ ldr r11, [sp, #184]
+ ldr r6, [sp, #180]
+ ldr r7, [sp, #176]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #192]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #120
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r4
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #120]
+ ldr lr, [sp, #124]
+ ldr r5, [sp, #128]
+ ldr r12, [sp, #132]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r9, r0, r9
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r0, r10
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #136
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r11, r0, r11
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r4, r4, r2
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r9, r9, lr
+ adcs r10, r10, r5
+ mul r8, r4, r0
+ ldm r7, {r0, r1, r2, r3, r6, r7}
+ ldr r5, [sp, #68] @ 4-byte Reload
+ adcs r5, r5, r12
+ str r5, [sp, #36] @ 4-byte Spill
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r5, r5, r0
+ adcs r0, r11, r1
+ ldr r11, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r1, r11
+ adcs r0, r0, r2
+ mov r2, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #72] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #80
+ bl .LmulPv288x32(PLT)
+ add r3, sp, #80
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ adcs r0, r9, r1
+ ldr r1, [sp, #96]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r10, r2
+ str r7, [sp, #40] @ 4-byte Spill
+ adcs r8, r0, r3
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r5, r1
+ ldr r1, [sp, #100]
+ adcs r4, r0, r1
+ ldr r1, [sp, #104]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r4, [sp, #44] @ 4-byte Spill
+ adcs r6, r0, r1
+ ldr r1, [sp, #108]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r6, [sp, #48] @ 4-byte Spill
+ adcs r12, r0, r1
+ ldr r1, [sp, #112]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ str r12, [sp, #56] @ 4-byte Spill
+ adcs lr, r0, r1
+ ldr r1, [sp, #116]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str lr, [sp, #68] @ 4-byte Spill
+ adcs r5, r0, r1
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r5, [sp, #72] @ 4-byte Spill
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ mov r0, r11
+ ldmib r0, {r2, r3, r11}
+ ldr r1, [r0, #16]
+ ldr r9, [r0]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [r0, #20]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r0, #24]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [r0, #28]
+ str r1, [sp, #36] @ 4-byte Spill
+ mov r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ subs r9, r0, r9
+ sbcs r2, r7, r2
+ sbcs r3, r8, r3
+ sbcs r7, r10, r11
+ ldr r11, [r1, #32]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs r1, r4, r1
+ ldr r4, [sp, #28] @ 4-byte Reload
+ sbcs r4, r6, r4
+ ldr r6, [sp, #32] @ 4-byte Reload
+ sbcs r12, r12, r6
+ ldr r6, [sp, #36] @ 4-byte Reload
+ sbcs lr, lr, r6
+ sbcs r11, r5, r11
+ ldr r5, [sp, #64] @ 4-byte Reload
+ sbc r6, r5, #0
+ ldr r5, [sp, #60] @ 4-byte Reload
+ ands r6, r6, #1
+ movne r9, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ movne r3, r8
+ str r9, [r5]
+ movne r2, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ cmp r6, #0
+ movne r7, r10
+ str r2, [r5, #4]
+ str r3, [r5, #8]
+ str r7, [r5, #12]
+ movne r1, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ str r1, [r5, #16]
+ movne r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ cmp r6, #0
+ str r4, [r5, #20]
+ movne r12, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r12, [r5, #24]
+ movne lr, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str lr, [r5, #28]
+ movne r11, r0
+ str r11, [r5, #32]
+ add sp, sp, #804
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end130:
+ .size mcl_fp_mont9L, .Lfunc_end130-mcl_fp_mont9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF9L
+ .align 2
+ .type mcl_fp_montNF9L,%function
+mcl_fp_montNF9L: @ @mcl_fp_montNF9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #804
+ sub sp, sp, #804
+ add r12, sp, #60
+ str r2, [sp, #72] @ 4-byte Spill
+ mov r4, r3
+ mov r7, r1
+ stm r12, {r0, r1, r3}
+ add r0, sp, #760
+ ldr r6, [r3, #-4]
+ ldr r2, [r2]
+ str r6, [sp, #76] @ 4-byte Spill
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #764]
+ ldr r5, [sp, #760]
+ mov r1, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #768]
+ mul r2, r5, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #772]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #776]
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #720
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #756]
+ add r10, sp, #724
+ ldr r6, [sp, #736]
+ ldr r11, [sp, #720]
+ mov r1, r7
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #744]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #740]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r4, [sp, #72] @ 4-byte Reload
+ add r0, sp, #680
+ ldr r2, [r4, #4]
+ bl .LmulPv288x32(PLT)
+ adds r0, r11, r5
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #680
+ ldr r11, [sp, #704]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #716]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #712]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #708]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r5, r1, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r0, r1, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adds r6, r6, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r5, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #640
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #676]
+ add r10, sp, #644
+ ldr r7, [sp, #656]
+ ldr r11, [sp, #640]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r5, [sp, #64] @ 4-byte Reload
+ ldr r2, [r4, #8]
+ add r0, sp, #600
+ mov r1, r5
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #600
+ ldr r11, [sp, #624]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #636]
+ adcs r0, r0, r9
+ ldr r9, [sp, #632]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #628]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #560
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #596]
+ add r10, sp, #564
+ ldr r7, [sp, #576]
+ ldr r11, [sp, #560]
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #520
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #520
+ ldr r11, [sp, #544]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r6, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #556]
+ adcs r0, r0, r9
+ ldr r9, [sp, #552]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #548]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r5, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r6, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r5, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #480
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #516]
+ add r10, sp, #484
+ ldr r7, [sp, #496]
+ ldr r11, [sp, #480]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #512]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r5, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #64] @ 4-byte Reload
+ add r0, sp, #440
+ ldr r2, [r5, #16]
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #440
+ ldr r11, [sp, #464]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #476]
+ adcs r0, r0, r9
+ ldr r9, [sp, #472]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #468]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r6, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #400
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #436]
+ add r10, sp, #404
+ ldr r7, [sp, #416]
+ ldr r11, [sp, #400]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #432]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #428]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #424]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #420]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r2, [r5, #20]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ add r0, sp, #360
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #360
+ ldr r11, [sp, #384]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #396]
+ adcs r0, r0, r9
+ ldr r9, [sp, #392]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #388]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r6, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #320
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #356]
+ add r10, sp, #324
+ ldr r7, [sp, #336]
+ ldr r11, [sp, #320]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #348]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #344]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #340]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r5, [sp, #64] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #280
+ mov r1, r5
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #280
+ ldr r11, [sp, #304]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #316]
+ adcs r0, r0, r9
+ ldr r9, [sp, #312]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #308]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #240
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #276]
+ add r10, sp, #244
+ ldr r7, [sp, #256]
+ ldr r11, [sp, #240]
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #272]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #268]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #264]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #260]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #200
+ bl .LmulPv288x32(PLT)
+ adds r0, r6, r11
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #200
+ ldr r11, [sp, #224]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r5, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r8, [sp, #236]
+ adcs r0, r0, r9
+ ldr r9, [sp, #232]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #228]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r5, r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r6, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ adcs r0, r7, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #160
+ bl .LmulPv288x32(PLT)
+ ldr r0, [sp, #196]
+ add r10, sp, #164
+ ldr r4, [sp, #184]
+ ldr r6, [sp, #180]
+ ldr r7, [sp, #176]
+ ldr r11, [sp, #160]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #192]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #120
+ bl .LmulPv288x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #120
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #136
+ adcs r1, r1, r9
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r10, r1, r10
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r11, r1, r7
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adc r1, r1, r2
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm lr, {r2, r12, lr}
+ ldr r4, [sp, #132]
+ adds r5, r0, r2
+ ldr r0, [sp, #76] @ 4-byte Reload
+ mul r9, r5, r0
+ ldm r8, {r0, r1, r2, r3, r6, r8}
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs r7, r7, r12
+ str r7, [sp, #32] @ 4-byte Spill
+ adcs r7, r10, lr
+ ldr r10, [sp, #68] @ 4-byte Reload
+ adcs r11, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ str r7, [sp, #36] @ 4-byte Spill
+ adcs r0, r4, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ mov r2, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r4, r0, r3
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #76] @ 4-byte Spill
+ adc r0, r8, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #80
+ bl .LmulPv288x32(PLT)
+ add r3, sp, #80
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r5, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r9, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #96]
+ str r9, [sp, #32] @ 4-byte Spill
+ adcs r2, r0, r2
+ adcs r0, r11, r3
+ str r2, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r1, [sp, #100]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r7, [sp, #48] @ 4-byte Spill
+ adcs r6, r0, r1
+ ldr r1, [sp, #104]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs lr, r0, r1
+ ldr r1, [sp, #108]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str lr, [sp, #56] @ 4-byte Spill
+ adcs r4, r4, r1
+ ldr r1, [sp, #112]
+ str r4, [sp, #64] @ 4-byte Spill
+ adcs r5, r0, r1
+ ldr r1, [sp, #116]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r5, [sp, #76] @ 4-byte Spill
+ adc r12, r0, r1
+ mov r0, r10
+ ldr r1, [r0, #16]
+ ldr r8, [r0]
+ ldr r11, [r0, #4]
+ ldr r10, [r0, #8]
+ ldr r3, [r0, #12]
+ str r12, [sp, #72] @ 4-byte Spill
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [r0, #20]
+ subs r8, r9, r8
+ ldr r9, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r0, #24]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [r0, #28]
+ ldr r0, [r0, #32]
+ str r1, [sp, #40] @ 4-byte Spill
+ sbcs r1, r2, r11
+ sbcs r2, r9, r10
+ mov r10, r6
+ sbcs r3, r7, r3
+ ldr r7, [sp, #24] @ 4-byte Reload
+ sbcs r7, r6, r7
+ ldr r6, [sp, #28] @ 4-byte Reload
+ sbcs r11, lr, r6
+ ldr r6, [sp, #36] @ 4-byte Reload
+ sbcs lr, r4, r6
+ ldr r4, [sp, #40] @ 4-byte Reload
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #32] @ 4-byte Reload
+ sbc r0, r12, r0
+ asr r12, r0, #31
+ cmp r12, #0
+ movlt r8, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ movlt r1, r6
+ movlt r2, r9
+ cmp r12, #0
+ movlt r7, r10
+ str r8, [r5]
+ str r1, [r5, #4]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r2, [r5, #8]
+ movlt r3, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r3, [r5, #12]
+ str r7, [r5, #16]
+ movlt r11, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ cmp r12, #0
+ str r11, [r5, #20]
+ movlt lr, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str lr, [r5, #24]
+ movlt r4, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r4, [r5, #28]
+ movlt r0, r1
+ str r0, [r5, #32]
+ add sp, sp, #804
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end131:
+ .size mcl_fp_montNF9L, .Lfunc_end131-mcl_fp_montNF9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed9L
+ .align 2
+ .type mcl_fp_montRed9L,%function
+mcl_fp_montRed9L: @ @mcl_fp_montRed9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #476
+ sub sp, sp, #476
+ mov r5, r2
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r4, [r1]
+ ldr r11, [r1, #32]
+ ldr r10, [r1, #36]
+ ldr r0, [r5]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r5, #4]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r5, #8]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #16]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r5, #12]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r1, #20]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r5, #16]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #24]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r5, #20]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #28]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r5, #24]
+ str r2, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r5, #-4]
+ str r0, [sp, #108] @ 4-byte Spill
+ mul r2, r4, r0
+ ldr r0, [r5, #28]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r5, #32]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ mov r1, r5
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #432
+ bl .LmulPv288x32(PLT)
+ ldr r1, [sp, #432]
+ add lr, sp, #436
+ ldr r9, [sp, #468]
+ ldr r8, [sp, #464]
+ ldm lr, {r0, r2, r3, r6, r7, r12, lr}
+ adds r1, r4, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r4, r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ mul r2, r4, r7
+ adcs r0, r0, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r11, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r9, r10, r9
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #392
+ bl .LmulPv288x32(PLT)
+ add r11, sp, #408
+ add r6, sp, #392
+ ldr r12, [sp, #428]
+ ldr lr, [sp, #424]
+ ldr r8, [sp, #420]
+ ldm r11, {r2, r10, r11}
+ ldm r6, {r0, r1, r3, r6}
+ adds r0, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r4, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r11, r0, r11
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r0, r9, lr
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #352
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #372
+ add r7, sp, #352
+ ldr r10, [sp, #388]
+ ldr r9, [sp, #384]
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r0, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ mul r2, r4, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r11, r6
+ mov r11, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #312
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #332
+ ldr r7, [sp, #348]
+ add r9, sp, #320
+ ldm lr, {r6, r8, r12, lr}
+ ldr r1, [sp, #312]
+ ldr r3, [sp, #316]
+ ldm r9, {r0, r2, r9}
+ adds r1, r4, r1
+ mov r4, r11
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r10, r1, r3
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #272
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #272
+ ldr r11, [sp, #308]
+ ldr r9, [sp, #304]
+ ldm lr, {r0, r1, r2, r3, r6, r7, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ mul r2, r8, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ mov r6, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #232
+ bl .LmulPv288x32(PLT)
+ add r11, sp, #256
+ add lr, sp, #232
+ ldm r11, {r7, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r8, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ mul r2, r4, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #192
+ bl .LmulPv288x32(PLT)
+ add lr, sp, #212
+ add r7, sp, #192
+ ldr r9, [sp, #228]
+ ldr r8, [sp, #224]
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r0, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r4, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r10, r0, r2
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r11, r0, r3
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r6, r0, r6
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ mul r2, r4, r8
+ adcs r9, r0, r9
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #152
+ bl .LmulPv288x32(PLT)
+ add r12, sp, #152
+ ldm r12, {r0, r1, r3, r12}
+ ldr lr, [sp, #188]
+ adds r0, r4, r0
+ adcs r4, r10, r1
+ ldr r1, [sp, #168]
+ adcs r11, r11, r3
+ mul r2, r4, r8
+ ldr r3, [sp, #180]
+ adcs r0, r7, r12
+ ldr r7, [sp, #176]
+ ldr r12, [sp, #184]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #172]
+ adcs r10, r6, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r8, r1, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mov r1, r5
+ adcs r7, r0, r7
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r9, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ add r0, sp, #112
+ bl .LmulPv288x32(PLT)
+ add r3, sp, #112
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r6, r11, r1
+ ldr r1, [sp, #128]
+ adcs r9, r0, r2
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r11, r10, r3
+ adcs lr, r8, r1
+ ldr r1, [sp, #132]
+ str r11, [sp, #28] @ 4-byte Spill
+ str lr, [sp, #32] @ 4-byte Spill
+ adcs r7, r7, r1
+ ldr r1, [sp, #136]
+ str r7, [sp, #44] @ 4-byte Spill
+ adcs r8, r0, r1
+ ldr r1, [sp, #140]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ str r8, [sp, #48] @ 4-byte Spill
+ adcs r4, r0, r1
+ ldr r1, [sp, #144]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r4, [sp, #52] @ 4-byte Spill
+ adcs r5, r0, r1
+ ldr r1, [sp, #148]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r5, [sp, #108] @ 4-byte Spill
+ adcs r12, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adc r10, r0, #0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ subs r2, r6, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ sbcs r3, r9, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ sbcs r1, r11, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ sbcs r11, lr, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #84] @ 4-byte Reload
+ sbcs lr, r8, r7
+ ldr r7, [sp, #88] @ 4-byte Reload
+ sbcs r8, r4, r7
+ ldr r4, [sp, #68] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #72] @ 4-byte Reload
+ sbcs r5, r12, r5
+ sbc r7, r10, #0
+ ands r7, r7, #1
+ movne r2, r6
+ ldr r6, [sp, #104] @ 4-byte Reload
+ movne r3, r9
+ str r2, [r6]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r3, [r6, #4]
+ movne r1, r2
+ cmp r7, #0
+ str r1, [r6, #8]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ movne r11, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r11, [r6, #12]
+ movne r0, r1
+ str r0, [r6, #16]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ movne lr, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ cmp r7, #0
+ movne r5, r12
+ str lr, [r6, #20]
+ movne r8, r0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ str r8, [r6, #24]
+ movne r4, r0
+ str r4, [r6, #28]
+ str r5, [r6, #32]
+ add sp, sp, #476
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end132:
+ .size mcl_fp_montRed9L, .Lfunc_end132-mcl_fp_montRed9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre9L
+ .align 2
+ .type mcl_fp_addPre9L,%function
+mcl_fp_addPre9L: @ @mcl_fp_addPre9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r1, {r3, r12, lr}
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7}
+ ldr r4, [r2, #16]
+ ldr r8, [r2]
+ ldr r11, [r2, #28]
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ adds r10, r8, r3
+ adcs r5, r5, r12
+ ldr r12, [r1, #32]
+ ldr r8, [sp, #12] @ 4-byte Reload
+ str r10, [r0]
+ adcs lr, r6, lr
+ ldr r6, [r1, #20]
+ adcs r7, r7, r9
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ ldr r2, [r2, #32]
+ ldr r3, [sp, #4] @ 4-byte Reload
+ str r4, [sp] @ 4-byte Spill
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #28]
+ ldr r4, [r1, #24]
+ ldr r1, [r1, #16]
+ adcs r1, r8, r1
+ adcs r6, r3, r6
+ ldr r3, [sp] @ 4-byte Reload
+ stmib r0, {r5, lr}
+ str r7, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r6, [r0, #20]
+ adcs r4, r3, r4
+ adcs r2, r11, r2
+ str r4, [r0, #24]
+ adcs r1, r1, r12
+ str r2, [r0, #28]
+ str r1, [r0, #32]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end133:
+ .size mcl_fp_addPre9L, .Lfunc_end133-mcl_fp_addPre9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre9L
+ .align 2
+ .type mcl_fp_subPre9L,%function
+mcl_fp_subPre9L: @ @mcl_fp_subPre9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldr r3, [r2, #8]
+ add lr, r1, #16
+ ldr r11, [r2, #4]
+ ldr r10, [r2, #12]
+ ldr r4, [r2]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [r2, #16]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldmib r1, {r5, r6, r7}
+ ldm lr, {r3, r12, lr}
+ ldr r9, [r1]
+ ldr r8, [r1, #28]
+ subs r4, r9, r4
+ ldr r9, [r2, #32]
+ ldr r2, [sp] @ 4-byte Reload
+ sbcs r11, r5, r11
+ ldr r5, [sp, #16] @ 4-byte Reload
+ sbcs r6, r6, r2
+ sbcs r7, r7, r10
+ ldr r10, [r1, #32]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ sbcs r3, r3, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ sbcs r2, r12, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ stm r0, {r4, r11}
+ str r6, [r0, #8]
+ str r7, [r0, #12]
+ str r3, [r0, #16]
+ str r2, [r0, #20]
+ sbcs r1, lr, r1
+ sbcs r5, r8, r5
+ str r1, [r0, #24]
+ sbcs r1, r10, r9
+ str r5, [r0, #28]
+ str r1, [r0, #32]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end134:
+ .size mcl_fp_subPre9L, .Lfunc_end134-mcl_fp_subPre9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_9L
+ .align 2
+ .type mcl_fp_shr1_9L,%function
+mcl_fp_shr1_9L: @ @mcl_fp_shr1_9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, lr}
+ push {r4, r5, r6, r7, r8, lr}
+ add r12, r1, #16
+ ldr r2, [r1, #8]
+ ldr lr, [r1, #12]
+ ldm r12, {r4, r5, r6, r8, r12}
+ ldm r1, {r1, r3}
+ lsrs r7, r3, #1
+ rrx r1, r1
+ str r1, [r0]
+ lsr r1, r3, #1
+ orr r1, r1, r2, lsl #31
+ str r1, [r0, #4]
+ lsrs r1, lr, #1
+ rrx r1, r2
+ str r1, [r0, #8]
+ lsr r1, lr, #1
+ orr r1, r1, r4, lsl #31
+ str r1, [r0, #12]
+ lsrs r1, r5, #1
+ rrx r1, r4
+ str r1, [r0, #16]
+ lsr r1, r5, #1
+ orr r1, r1, r6, lsl #31
+ str r1, [r0, #20]
+ lsrs r1, r8, #1
+ rrx r1, r6
+ str r1, [r0, #24]
+ lsr r1, r8, #1
+ orr r1, r1, r12, lsl #31
+ str r1, [r0, #28]
+ lsr r1, r12, #1
+ str r1, [r0, #32]
+ pop {r4, r5, r6, r7, r8, lr}
+ mov pc, lr
+.Lfunc_end135:
+ .size mcl_fp_shr1_9L, .Lfunc_end135-mcl_fp_shr1_9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add9L
+ .align 2
+ .type mcl_fp_add9L,%function
+mcl_fp_add9L: @ @mcl_fp_add9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r1, {r12, lr}
+ ldr r5, [r2]
+ ldr r9, [r1, #8]
+ ldr r8, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ adds r12, r5, r12
+ ldr r5, [r1, #24]
+ adcs lr, r4, lr
+ ldr r4, [r1, #20]
+ str r12, [sp, #8] @ 4-byte Spill
+ adcs r10, r6, r9
+ ldr r6, [r1, #16]
+ adcs r9, r7, r8
+ ldr r7, [r2, #16]
+ str r10, [sp, #4] @ 4-byte Spill
+ adcs r6, r7, r6
+ ldr r7, [r2, #20]
+ adcs r7, r7, r4
+ ldr r4, [r2, #24]
+ adcs r11, r4, r5
+ ldr r5, [r1, #28]
+ ldr r4, [r2, #28]
+ ldr r1, [r1, #32]
+ ldr r2, [r2, #32]
+ adcs r8, r4, r5
+ adcs r4, r2, r1
+ mov r2, lr
+ add r1, r0, #16
+ str r4, [r0, #32]
+ str r12, [r0]
+ stmib r0, {r2, r10}
+ str r9, [r0, #12]
+ stm r1, {r6, r7, r11}
+ mov r1, #0
+ str r8, [r0, #28]
+ adc r1, r1, #0
+ str r1, [sp, #12] @ 4-byte Spill
+ ldm r3, {r1, r5, lr}
+ ldr r10, [sp, #8] @ 4-byte Reload
+ ldr r12, [r3, #12]
+ subs r1, r10, r1
+ str r1, [sp, #8] @ 4-byte Spill
+ sbcs r1, r2, r5
+ ldr r5, [r3, #20]
+ str r1, [sp] @ 4-byte Spill
+ ldr r1, [sp, #4] @ 4-byte Reload
+ sbcs r2, r1, lr
+ ldr r1, [r3, #16]
+ sbcs r12, r9, r12
+ sbcs r1, r6, r1
+ ldr r6, [r3, #24]
+ sbcs r5, r7, r5
+ ldr r7, [r3, #28]
+ ldr r3, [r3, #32]
+ sbcs r6, r11, r6
+ sbcs r7, r8, r7
+ sbcs r3, r4, r3
+ ldr r4, [sp, #12] @ 4-byte Reload
+ sbc r4, r4, #0
+ tst r4, #1
+ bne .LBB136_2
+@ BB#1: @ %nocarry
+ str r3, [r0, #32]
+ ldr r3, [sp, #8] @ 4-byte Reload
+ str r3, [r0]
+ ldr r3, [sp] @ 4-byte Reload
+ str r3, [r0, #4]
+ str r2, [r0, #8]
+ str r12, [r0, #12]
+ add r0, r0, #16
+ stm r0, {r1, r5, r6, r7}
+.LBB136_2: @ %carry
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end136:
+ .size mcl_fp_add9L, .Lfunc_end136-mcl_fp_add9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF9L
+ .align 2
+ .type mcl_fp_addNF9L,%function
+mcl_fp_addNF9L: @ @mcl_fp_addNF9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #52
+ sub sp, sp, #52
+ ldr r9, [r1]
+ ldmib r1, {r8, lr}
+ ldr r5, [r2]
+ ldr r12, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ ldr r10, [r3, #4]
+ adds r5, r5, r9
+ adcs r9, r4, r8
+ ldr r4, [r1, #16]
+ ldr r8, [r1, #20]
+ str r5, [sp, #16] @ 4-byte Spill
+ ldr r5, [r1, #24]
+ adcs r11, r6, lr
+ ldr lr, [sp, #16] @ 4-byte Reload
+ str r9, [sp, #28] @ 4-byte Spill
+ adcs r12, r7, r12
+ ldr r7, [r2, #16]
+ str r12, [sp, #32] @ 4-byte Spill
+ adcs r6, r7, r4
+ ldr r7, [r2, #20]
+ str r6, [sp, #36] @ 4-byte Spill
+ adcs r4, r7, r8
+ ldr r7, [r2, #24]
+ ldr r8, [r3]
+ str r4, [sp, #40] @ 4-byte Spill
+ adcs r7, r7, r5
+ ldr r5, [r2, #28]
+ ldr r2, [r2, #32]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #28]
+ ldr r1, [r1, #32]
+ adcs r7, r5, r7
+ ldr r5, [r3, #8]
+ adc r1, r2, r1
+ ldr r2, [r3, #16]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r3, #12]
+ subs r8, lr, r8
+ str r1, [sp, #24] @ 4-byte Spill
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ ldr r3, [r3, #32]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [sp, #4] @ 4-byte Reload
+ str r2, [sp, #20] @ 4-byte Spill
+ sbcs r2, r9, r10
+ sbcs r5, r11, r5
+ sbcs r7, r12, r7
+ sbcs r12, r6, r3
+ ldr r3, [sp, #8] @ 4-byte Reload
+ sbcs r6, r4, r3
+ ldr r4, [sp, #48] @ 4-byte Reload
+ ldr r3, [sp, #12] @ 4-byte Reload
+ sbcs r9, r4, r3
+ ldr r3, [sp, #44] @ 4-byte Reload
+ ldr r4, [sp, #20] @ 4-byte Reload
+ sbcs r10, r3, r4
+ ldr r3, [sp] @ 4-byte Reload
+ ldr r4, [sp, #28] @ 4-byte Reload
+ sbc r3, r1, r3
+ asr r1, r3, #31
+ cmp r1, #0
+ movlt r8, lr
+ movlt r2, r4
+ movlt r5, r11
+ cmp r1, #0
+ str r8, [r0]
+ str r2, [r0, #4]
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r5, [r0, #8]
+ movlt r7, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r7, [r0, #12]
+ movlt r12, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r12, [r0, #16]
+ movlt r6, r2
+ cmp r1, #0
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r6, [r0, #20]
+ movlt r9, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r9, [r0, #24]
+ movlt r10, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r10, [r0, #28]
+ movlt r3, r1
+ str r3, [r0, #32]
+ add sp, sp, #52
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end137:
+ .size mcl_fp_addNF9L, .Lfunc_end137-mcl_fp_addNF9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub9L
+ .align 2
+ .type mcl_fp_sub9L,%function
+mcl_fp_sub9L: @ @mcl_fp_sub9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #24
+ sub sp, sp, #24
+ ldm r2, {r12, lr}
+ ldr r5, [r1]
+ ldr r8, [r2, #8]
+ ldr r9, [r2, #12]
+ ldmib r1, {r4, r6, r7}
+ subs r12, r5, r12
+ ldr r5, [r2, #24]
+ sbcs lr, r4, lr
+ ldr r4, [r2, #20]
+ sbcs r8, r6, r8
+ ldr r6, [r2, #16]
+ sbcs r9, r7, r9
+ ldr r7, [r1, #16]
+ sbcs r10, r7, r6
+ ldr r7, [r1, #20]
+ ldr r6, [r1, #28]
+ sbcs r7, r7, r4
+ ldr r4, [r1, #24]
+ ldr r1, [r1, #32]
+ sbcs r4, r4, r5
+ ldr r5, [r2, #28]
+ ldr r2, [r2, #32]
+ sbcs r5, r6, r5
+ sbcs r1, r1, r2
+ add r2, r0, #8
+ str r1, [r0, #32]
+ stm r0, {r12, lr}
+ stm r2, {r8, r9, r10}
+ mov r2, #0
+ str r7, [r0, #20]
+ str r4, [r0, #24]
+ str r5, [r0, #28]
+ sbc r2, r2, #0
+ tst r2, #1
+ beq .LBB138_2
+@ BB#1: @ %carry
+ ldr r2, [r3, #32]
+ ldr r6, [r3, #4]
+ ldr r11, [r3, #12]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r3, #8]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r3, #16]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ ldr r3, [r3]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [sp] @ 4-byte Reload
+ adds r3, r3, r12
+ adcs r6, r6, lr
+ adcs r8, r2, r8
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r12, r11, r9
+ adcs lr, r2, r10
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r7, r2, r7
+ ldr r2, [sp, #12] @ 4-byte Reload
+ adcs r4, r2, r4
+ ldr r2, [sp, #16] @ 4-byte Reload
+ stm r0, {r3, r6, r8, r12, lr}
+ str r7, [r0, #20]
+ str r4, [r0, #24]
+ adcs r5, r2, r5
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r5, [r0, #28]
+ adc r1, r2, r1
+ str r1, [r0, #32]
+.LBB138_2: @ %nocarry
+ add sp, sp, #24
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end138:
+ .size mcl_fp_sub9L, .Lfunc_end138-mcl_fp_sub9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF9L
+ .align 2
+ .type mcl_fp_subNF9L,%function
+mcl_fp_subNF9L: @ @mcl_fp_subNF9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #52
+ sub sp, sp, #52
+ ldr r7, [r2, #32]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldm r2, {r6, r8}
+ ldr r7, [r2, #8]
+ ldr r5, [r2, #16]
+ ldr r4, [r1, #16]
+ ldr r11, [r1, #20]
+ ldr r10, [r1, #24]
+ ldr r9, [r1, #28]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #12]
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r2, #28]
+ str r7, [sp, #24] @ 4-byte Spill
+ str r2, [sp, #28] @ 4-byte Spill
+ ldm r1, {r1, r2, r12, lr}
+ subs r6, r1, r6
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r7, r2, r8
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r6, [sp, #12] @ 4-byte Spill
+ str r7, [sp, #16] @ 4-byte Spill
+ sbcs r8, r12, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r8, [sp, #20] @ 4-byte Spill
+ sbcs r12, lr, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r5, r4, r5
+ str r12, [sp, #32] @ 4-byte Spill
+ str r5, [sp, #36] @ 4-byte Spill
+ sbcs lr, r11, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ ldr r11, [r3, #16]
+ str lr, [sp, #40] @ 4-byte Spill
+ sbcs r4, r10, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r10, [r3, #20]
+ str r4, [sp, #24] @ 4-byte Spill
+ sbcs r9, r9, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbc r1, r2, r1
+ ldr r2, [r3, #24]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [r3, #4]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [r3, #8]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [r3, #12]
+ str r1, [sp] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ ldr r3, [r3]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adds r3, r6, r3
+ adcs r6, r7, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r7, r8, r1
+ ldr r1, [sp] @ 4-byte Reload
+ adcs r1, r12, r1
+ adcs r12, r5, r11
+ adcs r5, lr, r10
+ ldr r10, [sp, #12] @ 4-byte Reload
+ adcs lr, r4, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ ldr r4, [sp, #48] @ 4-byte Reload
+ adcs r8, r9, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adc r11, r4, r2
+ asr r2, r4, #31
+ cmp r2, #0
+ movge r3, r10
+ str r3, [r0]
+ ldr r3, [sp, #16] @ 4-byte Reload
+ movge r6, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r6, [r0, #4]
+ movge r7, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ cmp r2, #0
+ str r7, [r0, #8]
+ movge r1, r3
+ str r1, [r0, #12]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ movge r12, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r12, [r0, #16]
+ movge r5, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ cmp r2, #0
+ movge r8, r9
+ movge r11, r4
+ str r5, [r0, #20]
+ movge lr, r1
+ str lr, [r0, #24]
+ str r8, [r0, #28]
+ str r11, [r0, #32]
+ add sp, sp, #52
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end139:
+ .size mcl_fp_subNF9L, .Lfunc_end139-mcl_fp_subNF9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add9L
+ .align 2
+ .type mcl_fpDbl_add9L,%function
+mcl_fpDbl_add9L: @ @mcl_fpDbl_add9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #88
+ sub sp, sp, #88
+ ldm r1, {r7, r9}
+ ldr r8, [r1, #8]
+ ldr lr, [r1, #12]
+ ldm r2, {r4, r5, r6, r12}
+ add r11, r2, #16
+ adds r4, r4, r7
+ ldr r7, [r2, #28]
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r2, #64]
+ str r7, [sp, #24] @ 4-byte Spill
+ str r4, [sp, #76] @ 4-byte Spill
+ ldr r4, [r2, #68]
+ str r4, [sp, #80] @ 4-byte Spill
+ adcs r4, r5, r9
+ str r4, [sp, #32] @ 4-byte Spill
+ adcs r4, r6, r8
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r2, #32]
+ adcs r9, r12, lr
+ add lr, r1, #16
+ str r4, [sp, #48] @ 4-byte Spill
+ ldr r4, [r2, #36]
+ str r4, [sp, #52] @ 4-byte Spill
+ ldr r4, [r2, #40]
+ str r4, [sp, #56] @ 4-byte Spill
+ ldr r4, [r2, #44]
+ str r4, [sp, #60] @ 4-byte Spill
+ ldr r4, [r2, #48]
+ str r4, [sp, #64] @ 4-byte Spill
+ ldr r4, [r2, #52]
+ str r4, [sp, #68] @ 4-byte Spill
+ ldr r4, [r2, #56]
+ str r4, [sp, #72] @ 4-byte Spill
+ ldr r4, [r2, #60]
+ str r4, [sp, #84] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r2, [r1, #64]
+ ldr r8, [r1, #32]
+ ldr r4, [r1, #36]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #44]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r10, [sp, #36] @ 4-byte Reload
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r10, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r1, r5, r1
+ adcs r2, r6, r2
+ str r7, [r0, #8]
+ str r9, [r0, #12]
+ str r1, [r0, #16]
+ str r2, [r0, #20]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r1, r11, r12
+ str r1, [r0, #24]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [r0, #28]
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [r0, #32]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r4, r2, r4
+ ldr r2, [sp] @ 4-byte Reload
+ adcs r5, r1, r2
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r5, [sp, #56] @ 4-byte Spill
+ adcs lr, r1, r2
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str lr, [sp, #60] @ 4-byte Spill
+ adcs r12, r1, r2
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r12, [sp, #64] @ 4-byte Spill
+ adcs r7, r1, r2
+ ldr r1, [sp, #72] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r7, [sp, #68] @ 4-byte Spill
+ adcs r8, r1, r2
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r8, [sp, #72] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r6, r1, r2
+ ldr r1, [sp, #80] @ 4-byte Reload
+ ldr r2, [sp, #44] @ 4-byte Reload
+ adcs r9, r1, r2
+ mov r2, #0
+ adc r1, r2, #0
+ str r9, [sp, #76] @ 4-byte Spill
+ str r1, [sp, #80] @ 4-byte Spill
+ ldmib r3, {r2, r11}
+ ldr r1, [r3, #12]
+ ldr r10, [r3]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ subs r10, r4, r10
+ sbcs r2, r5, r2
+ sbcs r11, lr, r11
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ ldr r5, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ ldr r3, [r3, #32]
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r1, r12, r1
+ sbcs r12, r7, r5
+ ldr r7, [sp, #44] @ 4-byte Reload
+ ldr r5, [sp, #84] @ 4-byte Reload
+ sbcs lr, r8, r7
+ ldr r7, [sp, #48] @ 4-byte Reload
+ mov r8, r6
+ sbcs r7, r5, r7
+ ldr r5, [sp, #52] @ 4-byte Reload
+ sbcs r5, r6, r5
+ sbcs r6, r9, r3
+ ldr r3, [sp, #80] @ 4-byte Reload
+ sbc r9, r3, #0
+ ldr r3, [sp, #56] @ 4-byte Reload
+ ands r9, r9, #1
+ movne r10, r4
+ str r10, [r0, #36]
+ movne r2, r3
+ str r2, [r0, #40]
+ ldr r2, [sp, #60] @ 4-byte Reload
+ movne r11, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ cmp r9, #0
+ str r11, [r0, #44]
+ movne r1, r2
+ str r1, [r0, #48]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ movne r12, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r12, [r0, #52]
+ movne lr, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ cmp r9, #0
+ movne r5, r8
+ str lr, [r0, #56]
+ movne r7, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r7, [r0, #60]
+ str r5, [r0, #64]
+ movne r6, r1
+ str r6, [r0, #68]
+ add sp, sp, #88
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end140:
+ .size mcl_fpDbl_add9L, .Lfunc_end140-mcl_fpDbl_add9L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub9L
+ .align 2
+ .type mcl_fpDbl_sub9L,%function
+mcl_fpDbl_sub9L: @ @mcl_fpDbl_sub9L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #80
+ sub sp, sp, #80
+ ldr r7, [r2, #64]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldm r2, {r5, r6, r7, r8}
+ ldr r4, [r2, #16]
+ ldr r10, [r2, #24]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ ldr r2, [r2, #28]
+ str r4, [sp, #24] @ 4-byte Spill
+ str r2, [sp, #32] @ 4-byte Spill
+ ldm r1, {r2, r12, lr}
+ ldr r4, [r1, #12]
+ ldr r11, [r1, #60]
+ subs r9, r2, r5
+ ldr r2, [r1, #64]
+ sbcs r5, r12, r6
+ sbcs r6, lr, r7
+ add lr, r1, #16
+ ldr r7, [r1, #36]
+ sbcs r4, r4, r8
+ ldr r8, [r1, #32]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #44]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ str r9, [r0]
+ stmib r0, {r5, r6}
+ str r4, [r0, #12]
+ ldr r5, [sp, #20] @ 4-byte Reload
+ ldr r4, [sp, #24] @ 4-byte Reload
+ sbcs r1, r1, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ sbcs r2, r2, r4
+ str r1, [r0, #16]
+ str r2, [r0, #20]
+ ldr r2, [sp, #32] @ 4-byte Reload
+ sbcs r1, r12, r10
+ str r1, [r0, #24]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r2, lr, r2
+ str r2, [r0, #28]
+ ldr r2, [sp, #44] @ 4-byte Reload
+ sbcs r1, r8, r1
+ str r1, [r0, #32]
+ sbcs r1, r7, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ sbcs r4, r7, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ ldr r7, [sp, #4] @ 4-byte Reload
+ sbcs r9, r7, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ ldr r7, [sp, #8] @ 4-byte Reload
+ sbcs r12, r7, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r12, [sp, #56] @ 4-byte Spill
+ sbcs lr, r7, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ ldr r7, [sp, #36] @ 4-byte Reload
+ str lr, [sp, #60] @ 4-byte Spill
+ sbcs r10, r5, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ ldr r5, [sp, #28] @ 4-byte Reload
+ str r10, [sp, #64] @ 4-byte Spill
+ sbcs r6, r11, r2
+ ldr r2, [sp, #72] @ 4-byte Reload
+ str r6, [sp, #68] @ 4-byte Spill
+ sbcs r8, r7, r2
+ ldr r2, [sp, #76] @ 4-byte Reload
+ str r8, [sp, #44] @ 4-byte Spill
+ sbcs r11, r5, r2
+ mov r2, #0
+ sbc r2, r2, #0
+ str r11, [sp, #76] @ 4-byte Spill
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r2, [r3, #32]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldmib r3, {r5, r7}
+ ldr r2, [r3, #12]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [r3, #16]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ ldr r3, [r3]
+ adds r3, r1, r3
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r5, r4, r5
+ adcs r1, r9, r7
+ ldr r7, [sp, #32] @ 4-byte Reload
+ adcs r2, r12, r2
+ adcs r12, lr, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs lr, r10, r7
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adcs r10, r6, r7
+ ldr r6, [sp, #40] @ 4-byte Reload
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r6, r8, r6
+ adc r11, r11, r7
+ ldr r7, [sp, #72] @ 4-byte Reload
+ ands r8, r7, #1
+ ldr r7, [sp, #48] @ 4-byte Reload
+ moveq r5, r4
+ moveq r1, r9
+ moveq r3, r7
+ cmp r8, #0
+ str r3, [r0, #36]
+ str r5, [r0, #40]
+ str r1, [r0, #44]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r2, [r0, #48]
+ moveq r12, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r12, [r0, #52]
+ moveq lr, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ cmp r8, #0
+ str lr, [r0, #56]
+ moveq r10, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r10, [r0, #60]
+ moveq r6, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r6, [r0, #64]
+ moveq r11, r1
+ str r11, [r0, #68]
+ add sp, sp, #80
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end141:
+ .size mcl_fpDbl_sub9L, .Lfunc_end141-mcl_fpDbl_sub9L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv320x32,%function
+.LmulPv320x32: @ @mulPv320x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r1, [r1, #36]
+ umull r3, r7, r1, r2
+ adcs r1, r6, r3
+ str r1, [r0, #36]
+ adc r1, r7, #0
+ str r1, [r0, #40]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end142:
+ .size .LmulPv320x32, .Lfunc_end142-.LmulPv320x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre10L
+ .align 2
+ .type mcl_fp_mulUnitPre10L,%function
+mcl_fp_mulUnitPre10L: @ @mcl_fp_mulUnitPre10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ .pad #48
+ sub sp, sp, #48
+ mov r4, r0
+ mov r0, sp
+ bl .LmulPv320x32(PLT)
+ ldr r12, [sp, #40]
+ ldr lr, [sp, #36]
+ ldr r8, [sp, #32]
+ ldr r9, [sp, #28]
+ ldr r0, [sp, #24]
+ ldr r1, [sp, #20]
+ ldm sp, {r6, r7}
+ add r5, sp, #8
+ ldm r5, {r2, r3, r5}
+ stm r4, {r6, r7}
+ add r6, r4, #8
+ stm r6, {r2, r3, r5}
+ str r1, [r4, #20]
+ str r0, [r4, #24]
+ str r9, [r4, #28]
+ str r8, [r4, #32]
+ str lr, [r4, #36]
+ str r12, [r4, #40]
+ add sp, sp, #48
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end143:
+ .size mcl_fp_mulUnitPre10L, .Lfunc_end143-mcl_fp_mulUnitPre10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre10L
+ .align 2
+ .type mcl_fpDbl_mulPre10L,%function
+mcl_fpDbl_mulPre10L: @ @mcl_fpDbl_mulPre10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #156
+ sub sp, sp, #156
+ mov r6, r2
+ mov r5, r1
+ mov r4, r0
+ bl mcl_fpDbl_mulPre5L(PLT)
+ add r0, r4, #40
+ add r1, r5, #20
+ add r2, r6, #20
+ bl mcl_fpDbl_mulPre5L(PLT)
+ add r11, r6, #24
+ ldr r7, [r6, #12]
+ ldr r8, [r6, #16]
+ ldr r1, [r6, #20]
+ ldm r11, {r0, r2, r10, r11}
+ ldm r6, {r6, r9, r12}
+ adds lr, r6, r1
+ adcs r3, r9, r0
+ mov r0, #0
+ str lr, [sp, #72] @ 4-byte Spill
+ adcs r2, r12, r2
+ str r3, [sp, #68] @ 4-byte Spill
+ adcs r12, r7, r10
+ str r2, [sp, #64] @ 4-byte Spill
+ adcs r10, r8, r11
+ str r12, [sp, #60] @ 4-byte Spill
+ adc r6, r0, #0
+ ldr r0, [r5, #32]
+ str r10, [sp, #56] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r5, #36]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldmib r5, {r8, r9, r11}
+ ldr r0, [r5, #16]
+ ldr r7, [r5, #20]
+ ldr r1, [r5, #28]
+ str lr, [sp, #76]
+ str r3, [sp, #80]
+ str r2, [sp, #84]
+ str r12, [sp, #88]
+ str r10, [sp, #92]
+ add r2, sp, #76
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r5, #24]
+ ldr r5, [r5]
+ adds r5, r5, r7
+ adcs r7, r8, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ str r5, [sp, #96]
+ adcs r9, r9, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r7, [sp, #100]
+ str r9, [sp, #104]
+ adcs r11, r11, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r11, [sp, #108]
+ adcs r8, r1, r0
+ mov r0, #0
+ add r1, sp, #96
+ adc r10, r0, #0
+ add r0, sp, #116
+ str r8, [sp, #112]
+ bl mcl_fpDbl_mulPre5L(PLT)
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #68] @ 4-byte Reload
+ cmp r6, #0
+ ldr r2, [sp, #64] @ 4-byte Reload
+ ldr r3, [sp, #60] @ 4-byte Reload
+ moveq r5, r6
+ moveq r8, r6
+ moveq r11, r6
+ moveq r9, r6
+ moveq r7, r6
+ str r5, [sp, #52] @ 4-byte Spill
+ adds r0, r5, r0
+ ldr r5, [sp, #56] @ 4-byte Reload
+ adcs r1, r7, r1
+ adcs r2, r9, r2
+ adcs r3, r11, r3
+ adcs r12, r8, r5
+ mov r5, #0
+ adc lr, r5, #0
+ cmp r10, #0
+ ldr r5, [sp, #52] @ 4-byte Reload
+ moveq r1, r7
+ ldr r7, [sp, #136]
+ moveq r3, r11
+ moveq r2, r9
+ moveq r12, r8
+ moveq lr, r10
+ cmp r10, #0
+ moveq r0, r5
+ and r5, r6, r10
+ ldr r6, [sp, #152]
+ adds r8, r0, r7
+ ldr r7, [sp, #140]
+ adcs r10, r1, r7
+ ldr r7, [sp, #144]
+ adcs r11, r2, r7
+ ldr r7, [sp, #148]
+ adcs r0, r3, r7
+ adcs r12, r12, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ adc r9, lr, r5
+ ldm r4, {r5, r6, r7, lr}
+ ldr r1, [sp, #116]
+ ldr r2, [sp, #120]
+ ldr r0, [sp, #124]
+ ldr r3, [sp, #128]
+ subs r1, r1, r5
+ sbcs r2, r2, r6
+ ldr r6, [sp, #132]
+ sbcs r0, r0, r7
+ ldr r7, [r4, #16]
+ sbcs lr, r3, lr
+ ldr r3, [r4, #20]
+ sbcs r5, r6, r7
+ ldr r6, [r4, #32]
+ ldr r7, [r4, #52]
+ str r3, [sp, #72] @ 4-byte Spill
+ sbcs r3, r8, r3
+ ldr r8, [r4, #56]
+ str r3, [sp, #44] @ 4-byte Spill
+ ldr r3, [r4, #24]
+ str r6, [sp, #28] @ 4-byte Spill
+ str r3, [sp, #68] @ 4-byte Spill
+ sbcs r3, r10, r3
+ ldr r10, [r4, #44]
+ str r3, [sp, #56] @ 4-byte Spill
+ ldr r3, [r4, #28]
+ str r3, [sp, #64] @ 4-byte Spill
+ sbcs r3, r11, r3
+ str r3, [sp, #52] @ 4-byte Spill
+ ldr r3, [sp, #60] @ 4-byte Reload
+ sbcs r3, r3, r6
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r3, [r4, #36]
+ str r3, [sp, #60] @ 4-byte Spill
+ sbcs r3, r12, r3
+ ldr r12, [r4, #64]
+ str r3, [sp, #40] @ 4-byte Spill
+ sbc r3, r9, #0
+ ldr r9, [r4, #40]
+ str r3, [sp, #36] @ 4-byte Spill
+ ldr r3, [r4, #76]
+ subs r1, r1, r9
+ sbcs r2, r2, r10
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r4, #48]
+ ldr r11, [sp, #32] @ 4-byte Reload
+ sbcs r0, r0, r2
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r4, #72]
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, lr, r7
+ ldr lr, [r4, #68]
+ str r0, [sp, #16] @ 4-byte Spill
+ sbcs r0, r5, r8
+ ldr r5, [r4, #60]
+ ldr r6, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbcs r0, r0, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ sbcs r0, r0, r12
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ sbcs r0, r0, lr
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ sbcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ sbcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adds r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [r4, #20]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r11
+ adcs r0, r0, r6
+ str r1, [r4, #24]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r6, [sp, #16] @ 4-byte Reload
+ str r0, [r4, #28]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r1, [r4, #32]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r0, [r4, #36]
+ adcs r1, r9, r1
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r1, [r4, #40]
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r10, r0
+ adcs r1, r1, r6
+ str r0, [r4, #44]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r6, [sp, #52] @ 4-byte Reload
+ str r1, [r4, #48]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ adcs r1, r8, r1
+ adcs r5, r5, r6
+ adcs r7, r12, #0
+ add r12, r4, #52
+ adcs r6, lr, #0
+ stm r12, {r0, r1, r5, r7}
+ adcs r2, r2, #0
+ str r6, [r4, #68]
+ adc r3, r3, #0
+ str r2, [r4, #72]
+ str r3, [r4, #76]
+ add sp, sp, #156
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end144:
+ .size mcl_fpDbl_mulPre10L, .Lfunc_end144-mcl_fpDbl_mulPre10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre10L
+ .align 2
+ .type mcl_fpDbl_sqrPre10L,%function
+mcl_fpDbl_sqrPre10L: @ @mcl_fpDbl_sqrPre10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #156
+ sub sp, sp, #156
+ mov r5, r1
+ mov r4, r0
+ mov r2, r5
+ bl mcl_fpDbl_mulPre5L(PLT)
+ add r1, r5, #20
+ add r0, r4, #40
+ mov r2, r1
+ bl mcl_fpDbl_mulPre5L(PLT)
+ ldr lr, [r5, #32]
+ ldr r12, [r5, #36]
+ ldmib r5, {r2, r3, r6, r8}
+ ldr r0, [r5, #20]
+ ldr r7, [r5, #24]
+ ldr r1, [r5, #28]
+ ldr r5, [r5]
+ adds r5, r5, r0
+ adcs r0, r2, r7
+ str r5, [sp, #96]
+ str r5, [sp, #76]
+ adcs r1, r3, r1
+ add r3, sp, #80
+ str r0, [sp, #100]
+ adcs r2, r6, lr
+ str r1, [sp, #104]
+ adcs r6, r8, r12
+ str r2, [sp, #108]
+ str r6, [sp, #112]
+ stm r3, {r0, r1, r2, r6}
+ lsr r3, r2, #31
+ orr r3, r3, r6, lsl #1
+ str r3, [sp, #72] @ 4-byte Spill
+ lsr r3, r1, #31
+ lsl r1, r1, #1
+ orr r1, r1, r0, lsr #31
+ orr r2, r3, r2, lsl #1
+ str r1, [sp, #64] @ 4-byte Spill
+ lsr r1, r5, #31
+ str r2, [sp, #68] @ 4-byte Spill
+ add r2, sp, #76
+ orr r11, r1, r0, lsl #1
+ mov r0, #0
+ add r1, sp, #96
+ adc r7, r0, #0
+ add r0, sp, #116
+ bl mcl_fpDbl_mulPre5L(PLT)
+ ldr r10, [sp, #136]
+ ldr r9, [sp, #140]
+ ldr r8, [sp, #144]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r2, [sp, #148]
+ ldr r1, [sp, #152]
+ adds r3, r10, r5, lsl #1
+ adcs r5, r9, r11
+ adcs r12, r8, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs lr, r2, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r1, r0
+ adc r6, r7, r6, lsr #31
+ cmp r7, #0
+ moveq lr, r2
+ moveq r12, r8
+ moveq r11, r1
+ moveq r6, r7
+ moveq r5, r9
+ cmp r7, #0
+ add r7, sp, #116
+ moveq r3, r10
+ ldm r4, {r9, r10}
+ ldr r0, [r4, #8]
+ ldr r8, [r4, #12]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldm r7, {r1, r2, r7}
+ ldr r0, [sp, #128]
+ subs r1, r1, r9
+ ldr r9, [r4, #40]
+ sbcs r2, r2, r10
+ ldr r10, [r4, #44]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [sp, #72] @ 4-byte Reload
+ sbcs r7, r7, r2
+ ldr r2, [r4, #48]
+ str r7, [sp, #44] @ 4-byte Spill
+ sbcs r8, r0, r8
+ ldr r0, [r4, #16]
+ ldr r7, [sp, #132]
+ str r2, [sp, #16] @ 4-byte Spill
+ sbcs r0, r7, r0
+ ldr r7, [r4, #52]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r4, #20]
+ sbcs r3, r3, r0
+ str r3, [sp, #36] @ 4-byte Spill
+ ldr r3, [r4, #24]
+ str r3, [sp, #72] @ 4-byte Spill
+ sbcs r3, r5, r3
+ ldr r5, [r4, #60]
+ str r3, [sp, #56] @ 4-byte Spill
+ ldr r3, [r4, #28]
+ str r3, [sp, #68] @ 4-byte Spill
+ sbcs r3, r12, r3
+ ldr r12, [r4, #64]
+ str r3, [sp, #52] @ 4-byte Spill
+ ldr r3, [r4, #32]
+ str r3, [sp, #64] @ 4-byte Spill
+ sbcs r3, lr, r3
+ ldr lr, [r4, #68]
+ str r3, [sp, #48] @ 4-byte Spill
+ ldr r3, [r4, #36]
+ str r3, [sp, #60] @ 4-byte Spill
+ sbcs r3, r11, r3
+ str r3, [sp, #32] @ 4-byte Spill
+ sbc r3, r6, #0
+ subs r1, r1, r9
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [r4, #76]
+ sbcs r1, r1, r10
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ ldr r11, [sp, #20] @ 4-byte Reload
+ sbcs r1, r1, r2
+ ldr r2, [r4, #72]
+ str r1, [sp, #44] @ 4-byte Spill
+ sbcs r1, r8, r7
+ ldr r8, [r4, #56]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbcs r1, r1, r8
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r1, r1, r5
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ sbcs r1, r1, r12
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ sbcs r1, r1, lr
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r1, r1, r2
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ sbcs r1, r1, r3
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ sbc r1, r1, #0
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adds r0, r0, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r0, [r4, #20]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r11
+ adcs r0, r0, r6
+ str r1, [r4, #24]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r0, [r4, #28]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #40] @ 4-byte Reload
+ str r1, [r4, #32]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r0, [r4, #36]
+ adcs r1, r9, r1
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r1, [r4, #40]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r10, r0
+ adcs r1, r1, r6
+ str r0, [r4, #44]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r6, [sp, #52] @ 4-byte Reload
+ str r1, [r4, #48]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ adcs r1, r8, r1
+ adcs r5, r5, r6
+ adcs r7, r12, #0
+ add r12, r4, #52
+ adcs r6, lr, #0
+ stm r12, {r0, r1, r5, r7}
+ adcs r2, r2, #0
+ str r6, [r4, #68]
+ adc r3, r3, #0
+ str r2, [r4, #72]
+ str r3, [r4, #76]
+ add sp, sp, #156
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end145:
+ .size mcl_fpDbl_sqrPre10L, .Lfunc_end145-mcl_fpDbl_sqrPre10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont10L
+ .align 2
+ .type mcl_fp_mont10L,%function
+mcl_fp_mont10L: @ @mcl_fp_mont10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ .pad #1024
+ sub sp, sp, #1024
+ mov r7, r2
+ ldr r5, [r3, #-4]
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, sp, #1000
+ str r3, [sp, #84] @ 4-byte Spill
+ str r1, [sp, #76] @ 4-byte Spill
+ mov r4, r3
+ mov r6, r1
+ ldr r2, [r7]
+ str r7, [sp, #72] @ 4-byte Spill
+ str r5, [sp, #80] @ 4-byte Spill
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #1004]
+ ldr r10, [sp, #1000]
+ mov r1, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1008]
+ mul r2, r10, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1012]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1024]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1020]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1016]
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #952
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #992]
+ ldr r2, [r7, #4]
+ ldr r9, [sp, #968]
+ ldr r8, [sp, #952]
+ ldr r11, [sp, #956]
+ ldr r5, [sp, #960]
+ ldr r4, [sp, #964]
+ mov r1, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #984]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #980]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #976]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #972]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #904
+ bl .LmulPv320x32(PLT)
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adds r0, r8, r10
+ ldr r2, [sp, #4] @ 4-byte Reload
+ add lr, sp, #908
+ ldr r10, [sp, #944]
+ mov r0, #0
+ adcs r1, r11, r1
+ add r11, sp, #932
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r5, r1
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldm r11, {r5, r6, r11}
+ ldr r4, [sp, #904]
+ adcs r8, r2, r1
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adds r4, r7, r4
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #856
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #896]
+ add r11, sp, #856
+ ldr r6, [sp, #880]
+ ldr r7, [sp, #876]
+ ldr r5, [sp, #872]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #888]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #884]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #808
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #808
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #848]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #832
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r11}
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #760
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #800]
+ add r11, sp, #760
+ ldr r6, [sp, #784]
+ ldr r4, [sp, #780]
+ ldr r5, [sp, #776]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #712
+ bl .LmulPv320x32(PLT)
+ adds r0, r7, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #716
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #752]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #740
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r5, r6, r11}
+ ldr r4, [sp, #712]
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r4, r7, r4
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #664
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #704]
+ add r11, sp, #664
+ ldr r6, [sp, #688]
+ ldr r7, [sp, #684]
+ ldr r5, [sp, #680]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #616
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #616
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #656]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #640
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r11}
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #568
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #608]
+ add r11, sp, #568
+ ldr r6, [sp, #592]
+ ldr r4, [sp, #588]
+ ldr r5, [sp, #584]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #520
+ bl .LmulPv320x32(PLT)
+ adds r0, r7, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #524
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #560]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #548
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r5, r6, r11}
+ ldr r4, [sp, #520]
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r4, r7, r4
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #472
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #512]
+ add r11, sp, #472
+ ldr r6, [sp, #496]
+ ldr r7, [sp, #492]
+ ldr r5, [sp, #488]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #424
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #424
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #464]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #448
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r11}
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #376
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #416]
+ add r11, sp, #376
+ ldr r6, [sp, #400]
+ ldr r4, [sp, #396]
+ ldr r5, [sp, #392]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #408]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #404]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #328
+ bl .LmulPv320x32(PLT)
+ adds r0, r7, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #332
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #368]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #356
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r5, r6, r11}
+ ldr r4, [sp, #328]
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r4, r7, r4
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #280
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #320]
+ add r11, sp, #280
+ ldr r6, [sp, #304]
+ ldr r7, [sp, #300]
+ ldr r5, [sp, #296]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #316]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #312]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #308]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #232
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #232
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #272]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #256
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r11}
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #184
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #224]
+ add r11, sp, #184
+ ldr r6, [sp, #208]
+ ldr r4, [sp, #204]
+ ldr r5, [sp, #200]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #136
+ bl .LmulPv320x32(PLT)
+ adds r0, r7, r8
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #136
+ add r7, sp, #152
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ add r9, sp, #164
+ adcs r10, r1, r10
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r11, r1, r11
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm lr, {r2, r6, r12, lr}
+ ldr r8, [sp, #176]
+ adds r4, r0, r2
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldm r9, {r3, r5, r9}
+ adcs r6, r10, r6
+ mul r2, r4, r0
+ ldm r7, {r0, r1, r7}
+ str r6, [sp, #40] @ 4-byte Spill
+ adcs r6, r11, r12
+ ldr r11, [sp, #84] @ 4-byte Reload
+ str r6, [sp, #36] @ 4-byte Spill
+ ldr r6, [sp, #76] @ 4-byte Reload
+ adcs r10, r6, lr
+ ldr r6, [sp, #72] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r6, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mov r1, r11
+ adcs r0, r0, r7
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r7, r0, r8
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #88
+ bl .LmulPv320x32(PLT)
+ add r3, sp, #88
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r4, r0, r2
+ ldr r2, [sp, #104]
+ adcs r0, r10, r3
+ str r4, [sp, #40] @ 4-byte Spill
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #108]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r5, r6, r2
+ ldr r2, [sp, #112]
+ str r5, [sp, #48] @ 4-byte Spill
+ adcs r12, r0, r2
+ ldr r2, [sp, #116]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r12, [sp, #52] @ 4-byte Spill
+ adcs lr, r0, r2
+ ldr r2, [sp, #120]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str lr, [sp, #60] @ 4-byte Spill
+ adcs r0, r0, r2
+ ldr r2, [sp, #124]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #128]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r9, r7, r2
+ adc r0, r0, #0
+ str r9, [sp, #64] @ 4-byte Spill
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, r11
+ ldr r2, [r0, #16]
+ ldr r10, [r0]
+ ldr r3, [r0, #4]
+ ldr r1, [r0, #8]
+ ldr r6, [r0, #12]
+ ldr r7, [r0, #24]
+ ldr r11, [r0, #32]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r0, #20]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r0, #28]
+ ldr r0, [r0, #36]
+ str r2, [sp, #36] @ 4-byte Spill
+ mov r2, r8
+ ldr r8, [sp, #56] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ subs r10, r2, r10
+ sbcs r3, r4, r3
+ ldr r4, [sp, #80] @ 4-byte Reload
+ sbcs r1, r8, r1
+ sbcs r6, r4, r6
+ sbcs r4, r5, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ sbcs r5, r12, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ sbcs r12, lr, r7
+ ldr r7, [sp, #36] @ 4-byte Reload
+ sbcs lr, r0, r7
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r7, [sp, #44] @ 4-byte Reload
+ sbcs r11, r0, r11
+ ldr r0, [sp, #84] @ 4-byte Reload
+ sbcs r0, r9, r0
+ ldr r9, [sp, #68] @ 4-byte Reload
+ sbc r7, r7, #0
+ ands r7, r7, #1
+ movne r10, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ movne r1, r8
+ str r10, [r9]
+ movne r3, r2
+ cmp r7, #0
+ str r3, [r9, #4]
+ str r1, [r9, #8]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ movne r6, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r6, [r9, #12]
+ movne r4, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r4, [r9, #16]
+ movne r5, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ cmp r7, #0
+ str r5, [r9, #20]
+ movne r12, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r12, [r9, #24]
+ movne lr, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str lr, [r9, #28]
+ movne r11, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ cmp r7, #0
+ str r11, [r9, #32]
+ movne r0, r1
+ str r0, [r9, #36]
+ add sp, sp, #28
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end146:
+ .size mcl_fp_mont10L, .Lfunc_end146-mcl_fp_mont10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF10L
+ .align 2
+ .type mcl_fp_montNF10L,%function
+mcl_fp_montNF10L: @ @mcl_fp_montNF10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ .pad #1024
+ sub sp, sp, #1024
+ mov r7, r2
+ ldr r5, [r3, #-4]
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, sp, #1000
+ str r3, [sp, #84] @ 4-byte Spill
+ str r1, [sp, #76] @ 4-byte Spill
+ mov r4, r3
+ mov r6, r1
+ ldr r2, [r7]
+ str r7, [sp, #72] @ 4-byte Spill
+ str r5, [sp, #80] @ 4-byte Spill
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #1004]
+ ldr r10, [sp, #1000]
+ mov r1, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1008]
+ mul r2, r10, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1012]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1024]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1020]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1016]
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #952
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #992]
+ ldr r2, [r7, #4]
+ ldr r9, [sp, #968]
+ ldr r8, [sp, #952]
+ ldr r11, [sp, #956]
+ ldr r5, [sp, #960]
+ ldr r4, [sp, #964]
+ mov r1, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #984]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #980]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #976]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #972]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #904
+ bl .LmulPv320x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #908
+ ldr r10, [sp, #940]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #936]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #932]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #904]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #944]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r8, r1, r0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #52] @ 4-byte Reload
+ adds r4, r6, r4
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #856
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #896]
+ add r11, sp, #856
+ ldr r6, [sp, #880]
+ ldr r7, [sp, #876]
+ ldr r5, [sp, #872]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #888]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #884]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #808
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #808
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #848]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #844]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #832
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r4, r5, r11}
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r6, r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #760
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #800]
+ add r11, sp, #760
+ ldr r5, [sp, #784]
+ ldr r7, [sp, #780]
+ ldr r4, [sp, #776]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #712
+ bl .LmulPv320x32(PLT)
+ adds r0, r6, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #716
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #752]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #748]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #744]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #712]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #740]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r4, r6, r4
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #664
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #704]
+ add r11, sp, #664
+ ldr r6, [sp, #688]
+ ldr r7, [sp, #684]
+ ldr r5, [sp, #680]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #616
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #616
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #656]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #652]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #640
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r4, r5, r11}
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r6, r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #568
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #608]
+ add r11, sp, #568
+ ldr r5, [sp, #592]
+ ldr r7, [sp, #588]
+ ldr r4, [sp, #584]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #520
+ bl .LmulPv320x32(PLT)
+ adds r0, r6, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #524
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #560]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #556]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #552]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #520]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #548]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r4, r6, r4
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #472
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #512]
+ add r11, sp, #472
+ ldr r6, [sp, #496]
+ ldr r7, [sp, #492]
+ ldr r5, [sp, #488]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #424
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #424
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #464]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #460]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #448
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r4, r5, r11}
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r6, r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #376
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #416]
+ add r11, sp, #376
+ ldr r5, [sp, #400]
+ ldr r7, [sp, #396]
+ ldr r4, [sp, #392]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #408]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #404]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #328
+ bl .LmulPv320x32(PLT)
+ adds r0, r6, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #332
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #368]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #364]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #360]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #328]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #356]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r4, r6, r4
+ ldr r6, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #280
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #320]
+ add r11, sp, #280
+ ldr r6, [sp, #304]
+ ldr r7, [sp, #300]
+ ldr r5, [sp, #296]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #316]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #312]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #308]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #232
+ bl .LmulPv320x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #232
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #272]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #268]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #256
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r7, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r4, r5, r11}
+ adc r8, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adds r6, r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ adcs r0, r7, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r8, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #184
+ bl .LmulPv320x32(PLT)
+ ldr r0, [sp, #224]
+ add r11, sp, #184
+ ldr r5, [sp, #208]
+ ldr r7, [sp, #204]
+ ldr r4, [sp, #200]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #136
+ bl .LmulPv320x32(PLT)
+ adds r0, r6, r8
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ ldr lr, [sp, #140]
+ ldr r6, [sp, #144]
+ add r8, sp, #152
+ ldr r12, [sp, #148]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ adcs r9, r1, r10
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r10, r1, r11
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #136]
+ str r1, [sp, #48] @ 4-byte Spill
+ adds r4, r0, r2
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r9, r9, lr
+ adcs r11, r10, r6
+ mul r1, r4, r0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm r8, {r0, r1, r2, r3, r5, r7, r8}
+ ldr r6, [sp, #76] @ 4-byte Reload
+ adcs r10, r6, r12
+ ldr r6, [sp, #72] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r7
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #88
+ adc r8, r8, #0
+ bl .LmulPv320x32(PLT)
+ add r3, sp, #88
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ adcs r7, r9, r1
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r9, r11, r2
+ ldr r2, [sp, #104]
+ str r7, [sp, #48] @ 4-byte Spill
+ adcs lr, r10, r3
+ str lr, [sp, #52] @ 4-byte Spill
+ adcs r6, r0, r2
+ ldr r2, [sp, #108]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r6, [sp, #56] @ 4-byte Spill
+ adcs r0, r0, r2
+ ldr r2, [sp, #112]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r4, r0, r2
+ ldr r2, [sp, #116]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r4, [sp, #60] @ 4-byte Spill
+ adcs r12, r0, r2
+ ldr r2, [sp, #120]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r12, [sp, #64] @ 4-byte Spill
+ adcs r0, r0, r2
+ ldr r2, [sp, #124]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r2
+ ldr r2, [sp, #128]
+ mov r0, r5
+ str r11, [sp, #72] @ 4-byte Spill
+ adc r1, r8, r2
+ str r1, [sp, #44] @ 4-byte Spill
+ ldmib r0, {r2, r8}
+ ldr r5, [r0, #16]
+ ldr r10, [r0]
+ ldr r3, [r0, #12]
+ str r5, [sp, #28] @ 4-byte Spill
+ ldr r5, [r0, #20]
+ subs r10, r7, r10
+ str r5, [sp, #32] @ 4-byte Spill
+ ldr r5, [r0, #24]
+ str r5, [sp, #36] @ 4-byte Spill
+ ldr r5, [r0, #28]
+ str r5, [sp, #40] @ 4-byte Spill
+ mov r5, r0
+ sbcs r0, r9, r2
+ sbcs r2, lr, r8
+ ldr r8, [r5, #32]
+ sbcs r7, r6, r3
+ ldr r3, [r5, #36]
+ ldr r6, [sp, #80] @ 4-byte Reload
+ ldr r5, [sp, #76] @ 4-byte Reload
+ str r3, [sp, #84] @ 4-byte Spill
+ ldr r3, [sp, #28] @ 4-byte Reload
+ sbcs r6, r6, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ sbcs lr, r4, r3
+ ldr r3, [sp, #36] @ 4-byte Reload
+ sbcs r4, r12, r3
+ ldr r3, [sp, #40] @ 4-byte Reload
+ sbcs r12, r5, r3
+ ldr r3, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #48] @ 4-byte Reload
+ sbcs r11, r11, r8
+ ldr r8, [sp, #68] @ 4-byte Reload
+ sbc r3, r1, r3
+ asr r1, r3, #31
+ cmp r1, #0
+ movlt r10, r5
+ movlt r0, r9
+ str r10, [r8]
+ str r0, [r8, #4]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ movlt r2, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ cmp r1, #0
+ str r2, [r8, #8]
+ movlt r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r7, [r8, #12]
+ movlt r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ str r6, [r8, #16]
+ movlt lr, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ cmp r1, #0
+ str lr, [r8, #20]
+ movlt r4, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r4, [r8, #24]
+ movlt r12, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r12, [r8, #28]
+ movlt r11, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ cmp r1, #0
+ str r11, [r8, #32]
+ movlt r3, r0
+ str r3, [r8, #36]
+ add sp, sp, #28
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end147:
+ .size mcl_fp_montNF10L, .Lfunc_end147-mcl_fp_montNF10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed10L
+ .align 2
+ .type mcl_fp_montRed10L,%function
+mcl_fp_montRed10L: @ @mcl_fp_montRed10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #612
+ sub sp, sp, #612
+ mov r5, r2
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r9, [r1]
+ ldr r11, [r1, #16]
+ ldr r0, [r5]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [r5, #4]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [r5, #8]
+ str r2, [sp, #52] @ 4-byte Spill
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [r5, #12]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r5, #16]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r5, #20]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r5, #24]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [r5, #-4]
+ str r0, [sp, #124] @ 4-byte Spill
+ mul r2, r9, r0
+ ldr r0, [r5, #28]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r5, #32]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r5, #36]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r1, #72]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r1, #76]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ mov r1, r5
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #560
+ bl .LmulPv320x32(PLT)
+ add lr, sp, #584
+ ldr r10, [sp, #600]
+ ldr r8, [sp, #596]
+ add r7, sp, #564
+ ldm lr, {r6, r12, lr}
+ ldr r4, [sp, #560]
+ ldm r7, {r0, r1, r2, r3, r7}
+ adds r4, r9, r4
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r4, r4, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r9, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ adcs r0, r11, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #124] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #512
+ bl .LmulPv320x32(PLT)
+ add r6, sp, #512
+ ldr r12, [sp, #552]
+ ldr lr, [sp, #548]
+ ldr r2, [sp, #544]
+ ldr r10, [sp, #540]
+ ldr r11, [sp, #536]
+ ldr r7, [sp, #532]
+ ldr r8, [sp, #528]
+ ldm r6, {r1, r3, r6}
+ ldr r0, [sp, #524]
+ adds r1, r4, r1
+ ldr r4, [sp, #124] @ 4-byte Reload
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r9, r9, r3
+ adcs r1, r1, r6
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r9, r4
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #464
+ bl .LmulPv320x32(PLT)
+ ldr r1, [sp, #464]
+ ldr r0, [sp, #504]
+ add r12, sp, #468
+ ldr r10, [sp, #500]
+ ldr r8, [sp, #496]
+ ldr lr, [sp, #492]
+ ldr r6, [sp, #488]
+ ldr r7, [sp, #484]
+ adds r1, r9, r1
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r12, {r0, r2, r3, r12}
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #416
+ bl .LmulPv320x32(PLT)
+ add r7, sp, #416
+ ldr r12, [sp, #456]
+ ldr lr, [sp, #452]
+ ldr r2, [sp, #448]
+ ldr r3, [sp, #444]
+ add r10, sp, #428
+ ldm r7, {r1, r6, r7}
+ ldm r10, {r0, r8, r9, r10}
+ adds r1, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r11, r1, r6
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #368
+ bl .LmulPv320x32(PLT)
+ add r10, sp, #400
+ add r12, sp, #372
+ ldm r10, {r8, r9, r10}
+ ldr r1, [sp, #368]
+ ldr lr, [sp, #396]
+ ldr r6, [sp, #392]
+ ldr r7, [sp, #388]
+ ldm r12, {r0, r2, r3, r12}
+ adds r1, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #320
+ bl .LmulPv320x32(PLT)
+ add r7, sp, #320
+ ldr r12, [sp, #360]
+ ldr lr, [sp, #356]
+ ldr r2, [sp, #352]
+ ldr r3, [sp, #348]
+ add r10, sp, #332
+ ldm r7, {r1, r6, r7}
+ ldm r10, {r0, r8, r9, r10}
+ adds r1, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r11, r1, r6
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #272
+ bl .LmulPv320x32(PLT)
+ add r10, sp, #304
+ add r12, sp, #276
+ ldm r10, {r8, r9, r10}
+ ldr r1, [sp, #272]
+ ldr lr, [sp, #300]
+ ldr r6, [sp, #296]
+ ldr r7, [sp, #292]
+ ldm r12, {r0, r2, r3, r12}
+ adds r1, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #224
+ bl .LmulPv320x32(PLT)
+ add r10, sp, #240
+ add r6, sp, #224
+ ldr r12, [sp, #264]
+ ldr lr, [sp, #260]
+ ldr r8, [sp, #256]
+ ldr r9, [sp, #252]
+ ldm r10, {r0, r7, r10}
+ ldm r6, {r1, r2, r3, r6}
+ adds r1, r11, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r4, r1, r2
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r11, r1, r3
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ mul r2, r4, r7
+ adcs r0, r0, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r9, r0, r9
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ add r0, sp, #176
+ bl .LmulPv320x32(PLT)
+ add r12, sp, #176
+ ldm r12, {r0, r1, r3, r12}
+ ldr lr, [sp, #216]
+ adds r0, r4, r0
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r10, r11, r1
+ ldr r1, [sp, #192]
+ adcs r0, r6, r3
+ mul r2, r10, r7
+ ldr r7, [sp, #200]
+ ldr r6, [sp, #204]
+ ldr r3, [sp, #208]
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r12
+ ldr r12, [sp, #212]
+ str r0, [sp, #44] @ 4-byte Spill
+ adcs r8, r4, r1
+ ldr r0, [sp, #196]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ mov r1, r5
+ adcs r9, r9, r7
+ adcs r6, r0, r6
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #128
+ bl .LmulPv320x32(PLT)
+ add r3, sp, #128
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r10, r0
+ ldr r0, [sp, #124] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r1, r0, r2
+ ldr r0, [sp, #144]
+ adcs r2, r8, r3
+ ldr r3, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ str r2, [sp, #44] @ 4-byte Spill
+ adcs r7, r11, r0
+ ldr r0, [sp, #148]
+ str r7, [sp, #48] @ 4-byte Spill
+ adcs r12, r9, r0
+ ldr r0, [sp, #152]
+ str r12, [sp, #52] @ 4-byte Spill
+ adcs r4, r6, r0
+ ldr r0, [sp, #156]
+ str r4, [sp, #56] @ 4-byte Spill
+ adcs r5, r3, r0
+ ldr r0, [sp, #160]
+ ldr r3, [sp, #68] @ 4-byte Reload
+ str r5, [sp, #60] @ 4-byte Spill
+ adcs r6, r3, r0
+ ldr r0, [sp, #164]
+ ldr r3, [sp, #64] @ 4-byte Reload
+ str r6, [sp, #68] @ 4-byte Spill
+ adcs r8, r3, r0
+ ldr r0, [sp, #168]
+ ldr r3, [sp, #76] @ 4-byte Reload
+ str r8, [sp, #124] @ 4-byte Spill
+ adcs lr, r3, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adc r11, r0, #0
+ ldr r0, [sp, #116] @ 4-byte Reload
+ subs r3, r10, r0
+ ldr r0, [sp, #112] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ sbcs r1, r2, r1
+ ldr r2, [sp, #92] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #96] @ 4-byte Reload
+ sbcs r12, r12, r7
+ ldr r7, [sp, #100] @ 4-byte Reload
+ sbcs r7, r4, r7
+ ldr r4, [sp, #104] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #80] @ 4-byte Reload
+ sbcs r5, r6, r5
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r9, r8, r6
+ ldr r6, [sp, #88] @ 4-byte Reload
+ sbcs r8, lr, r6
+ sbc r6, r11, #0
+ ands r11, r6, #1
+ ldr r6, [sp, #120] @ 4-byte Reload
+ movne r3, r10
+ str r3, [r6]
+ ldr r3, [sp, #36] @ 4-byte Reload
+ movne r0, r3
+ str r0, [r6, #4]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ cmp r11, #0
+ str r1, [r6, #8]
+ movne r2, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r2, [r6, #12]
+ movne r12, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r12, [r6, #16]
+ movne r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r11, #0
+ str r7, [r6, #20]
+ movne r4, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r4, [r6, #24]
+ movne r5, r0
+ ldr r0, [sp, #124] @ 4-byte Reload
+ str r5, [r6, #28]
+ movne r9, r0
+ cmp r11, #0
+ movne r8, lr
+ str r9, [r6, #32]
+ str r8, [r6, #36]
+ add sp, sp, #612
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end148:
+ .size mcl_fp_montRed10L, .Lfunc_end148-mcl_fp_montRed10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre10L
+ .align 2
+ .type mcl_fp_addPre10L,%function
+mcl_fp_addPre10L: @ @mcl_fp_addPre10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ ldm r1, {r3, r8, lr}
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7, r10}
+ ldr r4, [r2, #20]
+ ldr r11, [r2]
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ adds r12, r11, r3
+ ldr r11, [r2, #32]
+ adcs r5, r5, r8
+ ldr r8, [r1, #36]
+ adcs r6, r6, lr
+ add lr, r1, #16
+ adcs r7, r7, r9
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ ldr r2, [r2, #36]
+ str r4, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #8] @ 4-byte Spill
+ ldm lr, {r1, r2, r3, r4, lr}
+ str r12, [r0]
+ stmib r0, {r5, r6}
+ str r7, [r0, #12]
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r10, r1
+ str r1, [r0, #16]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r2, r7, r2
+ str r2, [r0, #20]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r1, r1, r3
+ str r1, [r0, #24]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [r0, #28]
+ adcs r1, r11, lr
+ adcs r2, r2, r8
+ str r1, [r0, #32]
+ str r2, [r0, #36]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end149:
+ .size mcl_fp_addPre10L, .Lfunc_end149-mcl_fp_addPre10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre10L
+ .align 2
+ .type mcl_fp_subPre10L,%function
+mcl_fp_subPre10L: @ @mcl_fp_subPre10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #24
+ sub sp, sp, #24
+ ldr r3, [r2, #4]
+ ldr r7, [r2]
+ ldr r11, [r1]
+ ldr r6, [r1, #4]
+ ldr r9, [r2, #8]
+ ldr r5, [r1, #8]
+ ldr lr, [r2, #12]
+ ldr r4, [r1, #12]
+ ldr r12, [r1, #16]
+ ldr r8, [r1, #20]
+ ldr r10, [r1, #24]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [r2, #16]
+ subs r7, r11, r7
+ ldr r11, [r2, #32]
+ str r7, [r0]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ ldr r2, [r2, #36]
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [r1, #28]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp] @ 4-byte Reload
+ sbcs r6, r6, r3
+ sbcs r5, r5, r9
+ str r6, [r0, #4]
+ str r5, [r0, #8]
+ ldr r5, [sp, #8] @ 4-byte Reload
+ sbcs r4, r4, lr
+ ldr lr, [r1, #32]
+ ldr r1, [r1, #36]
+ str r4, [r0, #12]
+ ldr r4, [sp, #12] @ 4-byte Reload
+ sbcs r3, r12, r5
+ str r3, [r0, #16]
+ ldr r3, [sp, #16] @ 4-byte Reload
+ sbcs r7, r8, r4
+ str r7, [r0, #20]
+ ldr r7, [sp, #4] @ 4-byte Reload
+ sbcs r3, r10, r3
+ str r3, [r0, #24]
+ ldr r3, [sp, #20] @ 4-byte Reload
+ sbcs r3, r7, r3
+ str r3, [r0, #28]
+ sbcs r3, lr, r11
+ sbcs r1, r1, r2
+ str r3, [r0, #32]
+ str r1, [r0, #36]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #24
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end150:
+ .size mcl_fp_subPre10L, .Lfunc_end150-mcl_fp_subPre10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_10L
+ .align 2
+ .type mcl_fp_shr1_10L,%function
+mcl_fp_shr1_10L: @ @mcl_fp_shr1_10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr lr, [r1, #32]
+ ldr r12, [r1, #36]
+ ldr r8, [r1, #28]
+ ldm r1, {r1, r2, r3, r4, r5, r6, r9}
+ lsrs r7, r2, #1
+ rrx r1, r1
+ str r1, [r0]
+ lsr r1, r2, #1
+ lsr r2, r12, #1
+ orr r1, r1, r3, lsl #31
+ str r1, [r0, #4]
+ lsrs r1, r4, #1
+ rrx r1, r3
+ str r1, [r0, #8]
+ lsr r1, r4, #1
+ orr r1, r1, r5, lsl #31
+ str r1, [r0, #12]
+ lsrs r1, r6, #1
+ rrx r1, r5
+ str r1, [r0, #16]
+ lsr r1, r6, #1
+ orr r1, r1, r9, lsl #31
+ str r1, [r0, #20]
+ lsrs r1, r8, #1
+ rrx r1, r9
+ str r1, [r0, #24]
+ lsr r1, r8, #1
+ orr r1, r1, lr, lsl #31
+ str r1, [r0, #28]
+ lsrs r1, r12, #1
+ rrx r1, lr
+ str r1, [r0, #32]
+ str r2, [r0, #36]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end151:
+ .size mcl_fp_shr1_10L, .Lfunc_end151-mcl_fp_shr1_10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add10L
+ .align 2
+ .type mcl_fp_add10L,%function
+mcl_fp_add10L: @ @mcl_fp_add10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldm r1, {r12, lr}
+ ldr r5, [r2]
+ ldr r10, [r1, #8]
+ ldr r8, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ adds r9, r5, r12
+ ldr r5, [r1, #24]
+ adcs lr, r4, lr
+ ldr r4, [r1, #20]
+ adcs r6, r6, r10
+ ldr r10, [r1, #36]
+ str lr, [sp] @ 4-byte Spill
+ str r6, [sp, #12] @ 4-byte Spill
+ adcs r12, r7, r8
+ ldr r6, [r1, #16]
+ ldr r7, [r2, #16]
+ adcs r6, r7, r6
+ ldr r7, [r2, #20]
+ str r6, [sp, #4] @ 4-byte Spill
+ adcs r8, r7, r4
+ ldr r4, [r2, #24]
+ adcs r6, r4, r5
+ ldr r4, [r1, #28]
+ ldr r5, [r2, #28]
+ str r6, [sp, #8] @ 4-byte Spill
+ adcs r7, r5, r4
+ ldr r5, [r1, #32]
+ ldr r1, [r2, #32]
+ ldr r2, [r2, #36]
+ stm r0, {r9, lr}
+ mov lr, r12
+ ldr r4, [sp, #4] @ 4-byte Reload
+ adcs r11, r1, r5
+ add r1, r0, #24
+ adcs r10, r2, r10
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r2, [r0, #8]
+ str lr, [r0, #12]
+ str r4, [r0, #16]
+ str r8, [r0, #20]
+ stm r1, {r6, r7, r11}
+ mov r1, #0
+ str r10, [r0, #36]
+ adc r1, r1, #0
+ str r1, [sp, #16] @ 4-byte Spill
+ ldm r3, {r1, r6, r12}
+ ldr r5, [r3, #12]
+ subs r9, r9, r1
+ ldr r1, [sp] @ 4-byte Reload
+ sbcs r6, r1, r6
+ sbcs r1, r2, r12
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ sbcs r12, lr, r5
+ sbcs lr, r4, r1
+ ldr r1, [r3, #20]
+ ldr r4, [sp, #16] @ 4-byte Reload
+ sbcs r8, r8, r1
+ ldr r1, [r3, #24]
+ sbcs r5, r2, r1
+ ldr r2, [r3, #28]
+ sbcs r1, r7, r2
+ ldr r2, [r3, #32]
+ ldr r7, [r3, #36]
+ sbcs r3, r11, r2
+ sbcs r2, r10, r7
+ sbc r4, r4, #0
+ tst r4, #1
+ bne .LBB152_2
+@ BB#1: @ %nocarry
+ ldr r4, [sp, #12] @ 4-byte Reload
+ str r9, [r0]
+ str r6, [r0, #4]
+ str r4, [r0, #8]
+ str r12, [r0, #12]
+ str lr, [r0, #16]
+ str r8, [r0, #20]
+ str r5, [r0, #24]
+ str r1, [r0, #28]
+ str r3, [r0, #32]
+ str r2, [r0, #36]
+.LBB152_2: @ %carry
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end152:
+ .size mcl_fp_add10L, .Lfunc_end152-mcl_fp_add10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF10L
+ .align 2
+ .type mcl_fp_addNF10L,%function
+mcl_fp_addNF10L: @ @mcl_fp_addNF10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #56
+ sub sp, sp, #56
+ ldr r9, [r1]
+ ldmib r1, {r8, lr}
+ ldr r5, [r2]
+ ldr r12, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ ldr r10, [r1, #24]
+ adds r9, r5, r9
+ ldr r5, [r1, #16]
+ adcs r11, r4, r8
+ ldr r8, [r1, #20]
+ str r9, [sp, #16] @ 4-byte Spill
+ adcs r6, r6, lr
+ str r11, [sp, #20] @ 4-byte Spill
+ str r6, [sp, #32] @ 4-byte Spill
+ adcs r6, r7, r12
+ ldr r7, [r2, #16]
+ str r6, [sp, #24] @ 4-byte Spill
+ adcs r4, r7, r5
+ ldr r7, [r2, #20]
+ ldr r5, [r2, #28]
+ str r4, [sp, #28] @ 4-byte Spill
+ adcs r7, r7, r8
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ adcs r7, r7, r10
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r1, #28]
+ adcs r7, r5, r7
+ ldr r5, [r1, #32]
+ ldr r1, [r1, #36]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ ldr r2, [r2, #36]
+ adcs lr, r7, r5
+ adc r1, r2, r1
+ str lr, [sp, #36] @ 4-byte Spill
+ str r1, [sp, #40] @ 4-byte Spill
+ ldmib r3, {r1, r2, r12}
+ ldr r7, [r3, #20]
+ ldr r8, [r3]
+ ldr r10, [sp, #32] @ 4-byte Reload
+ ldr r5, [r3, #16]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r3, #24]
+ subs r8, r9, r8
+ sbcs r1, r11, r1
+ ldr r11, [r3, #32]
+ sbcs r2, r10, r2
+ sbcs r12, r6, r12
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r3, #28]
+ ldr r3, [r3, #36]
+ sbcs r6, r4, r5
+ ldr r4, [sp, #4] @ 4-byte Reload
+ ldr r5, [sp, #8] @ 4-byte Reload
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [sp, #52] @ 4-byte Reload
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [sp, #12] @ 4-byte Reload
+ sbcs r3, r3, r4
+ ldr r4, [sp, #48] @ 4-byte Reload
+ sbcs r4, r4, r5
+ ldr r5, [sp, #44] @ 4-byte Reload
+ sbcs r9, r5, r7
+ ldr r7, [sp, #40] @ 4-byte Reload
+ ldr r5, [sp] @ 4-byte Reload
+ sbcs r11, lr, r11
+ sbc lr, r7, r5
+ ldr r5, [sp, #16] @ 4-byte Reload
+ asr r7, lr, #31
+ cmp r7, #0
+ movlt r2, r10
+ movlt r8, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ str r8, [r0]
+ movlt r1, r5
+ cmp r7, #0
+ str r1, [r0, #4]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r2, [r0, #8]
+ movlt r12, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r12, [r0, #12]
+ movlt r6, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r6, [r0, #16]
+ movlt r3, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ cmp r7, #0
+ str r3, [r0, #20]
+ movlt r4, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r4, [r0, #24]
+ movlt r9, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r9, [r0, #28]
+ movlt r11, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ cmp r7, #0
+ str r11, [r0, #32]
+ movlt lr, r1
+ str lr, [r0, #36]
+ add sp, sp, #56
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end153:
+ .size mcl_fp_addNF10L, .Lfunc_end153-mcl_fp_addNF10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub10L
+ .align 2
+ .type mcl_fp_sub10L,%function
+mcl_fp_sub10L: @ @mcl_fp_sub10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #36
+ sub sp, sp, #36
+ ldm r2, {r12, lr}
+ ldr r8, [r2, #8]
+ ldr r10, [r2, #12]
+ ldm r1, {r4, r5, r6, r7}
+ subs r4, r4, r12
+ ldr r12, [r1, #36]
+ sbcs r9, r5, lr
+ ldr r5, [r2, #20]
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ sbcs lr, r6, r8
+ ldr r6, [r2, #16]
+ sbcs r8, r7, r10
+ ldr r7, [r1, #16]
+ sbcs r10, r7, r6
+ ldr r6, [r1, #20]
+ sbcs r7, r6, r5
+ ldr r5, [r1, #24]
+ ldr r6, [r1, #32]
+ str r7, [sp, #28] @ 4-byte Spill
+ sbcs r11, r5, r4
+ ldr r4, [r2, #28]
+ ldr r5, [r1, #28]
+ sbcs r5, r5, r4
+ ldr r4, [r2, #32]
+ ldr r2, [r2, #36]
+ sbcs r1, r6, r4
+ mov r6, #0
+ sbcs r2, r12, r2
+ ldr r12, [sp, #32] @ 4-byte Reload
+ sbc r6, r6, #0
+ tst r6, #1
+ str r12, [r0]
+ stmib r0, {r9, lr}
+ str r8, [r0, #12]
+ str r10, [r0, #16]
+ str r7, [r0, #20]
+ mov r7, r11
+ str r7, [r0, #24]
+ str r5, [r0, #28]
+ str r1, [r0, #32]
+ str r2, [r0, #36]
+ beq .LBB154_2
+@ BB#1: @ %carry
+ ldr r4, [r3, #32]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r3, #36]
+ str r4, [sp, #24] @ 4-byte Spill
+ ldmib r3, {r4, r11}
+ ldr r6, [r3, #12]
+ str r6, [sp] @ 4-byte Spill
+ ldr r6, [r3, #16]
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [r3, #20]
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [r3, #24]
+ str r6, [sp, #12] @ 4-byte Spill
+ ldr r6, [r3, #28]
+ ldr r3, [r3]
+ adds r3, r3, r12
+ str r6, [sp, #16] @ 4-byte Spill
+ adcs r4, r4, r9
+ stm r0, {r3, r4}
+ adcs r3, r11, lr
+ str r3, [r0, #8]
+ ldr r3, [sp] @ 4-byte Reload
+ ldr r6, [sp, #8] @ 4-byte Reload
+ adcs r3, r3, r8
+ str r3, [r0, #12]
+ ldr r3, [sp, #4] @ 4-byte Reload
+ adcs r3, r3, r10
+ str r3, [r0, #16]
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r3, r6, r3
+ str r3, [r0, #20]
+ ldr r3, [sp, #12] @ 4-byte Reload
+ adcs r3, r3, r7
+ str r3, [r0, #24]
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r3, r3, r5
+ str r3, [r0, #28]
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r1, r3, r1
+ ldr r3, [sp, #24] @ 4-byte Reload
+ str r1, [r0, #32]
+ adc r2, r3, r2
+ str r2, [r0, #36]
+.LBB154_2: @ %nocarry
+ add sp, sp, #36
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end154:
+ .size mcl_fp_sub10L, .Lfunc_end154-mcl_fp_sub10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF10L
+ .align 2
+ .type mcl_fp_subNF10L,%function
+mcl_fp_subNF10L: @ @mcl_fp_subNF10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #64
+ sub sp, sp, #64
+ mov r12, r0
+ ldr r0, [r2, #32]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r2, #36]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldm r2, {r4, r5}
+ ldr r0, [r2, #8]
+ ldr r7, [r2, #16]
+ ldr r8, [r2, #20]
+ ldr lr, [r1, #12]
+ ldr r6, [r1, #16]
+ ldr r11, [r1, #20]
+ ldr r9, [r1, #24]
+ ldr r10, [r1, #28]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r2, #12]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r2, #24]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r2, #28]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #8]
+ ldm r1, {r1, r2}
+ subs r1, r1, r4
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r2, r2, r5
+ str r2, [sp, #16] @ 4-byte Spill
+ sbcs r4, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r4, [sp, #20] @ 4-byte Spill
+ sbcs r5, lr, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ sbcs r7, r6, r7
+ ldr r6, [sp, #44] @ 4-byte Reload
+ str r5, [sp, #28] @ 4-byte Spill
+ sbcs lr, r11, r8
+ str r7, [sp, #32] @ 4-byte Spill
+ str lr, [sp, #36] @ 4-byte Spill
+ sbcs r8, r9, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r8, [sp, #48] @ 4-byte Spill
+ sbcs r9, r10, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ str r9, [sp, #56] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ sbc r1, r6, r1
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldmib r3, {r1, r6}
+ ldr r11, [r3, #24]
+ ldr r10, [sp, #24] @ 4-byte Reload
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [r3, #12]
+ str r6, [sp] @ 4-byte Spill
+ ldr r6, [r3, #16]
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [r3, #20]
+ str r6, [sp, #12] @ 4-byte Spill
+ ldr r6, [r3, #28]
+ ldr r3, [r3]
+ adds r3, r10, r3
+ adcs r1, r2, r1
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r2, r4, r2
+ ldr r4, [sp] @ 4-byte Reload
+ adcs r4, r5, r4
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r5, r7, r5
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r7, lr, r7
+ adcs r11, r8, r11
+ adcs r8, r9, r6
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adcs r9, r0, r6
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r6, [sp, #44] @ 4-byte Reload
+ asr lr, r0, #31
+ adc r6, r0, r6
+ cmp lr, #0
+ movge r3, r10
+ str r3, [r12]
+ ldr r3, [sp, #16] @ 4-byte Reload
+ movge r1, r3
+ str r1, [r12, #4]
+ ldr r1, [sp, #20] @ 4-byte Reload
+ movge r2, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ cmp lr, #0
+ str r2, [r12, #8]
+ movge r4, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r4, [r12, #12]
+ movge r5, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r5, [r12, #16]
+ movge r7, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ cmp lr, #0
+ str r7, [r12, #20]
+ movge r11, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r11, [r12, #24]
+ movge r8, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r8, [r12, #28]
+ movge r9, r1
+ cmp lr, #0
+ movge r6, r0
+ str r9, [r12, #32]
+ str r6, [r12, #36]
+ add sp, sp, #64
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end155:
+ .size mcl_fp_subNF10L, .Lfunc_end155-mcl_fp_subNF10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add10L
+ .align 2
+ .type mcl_fpDbl_add10L,%function
+mcl_fpDbl_add10L: @ @mcl_fpDbl_add10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #104
+ sub sp, sp, #104
+ ldm r1, {r7, r9}
+ ldr r8, [r1, #8]
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r6, r10}
+ add lr, r1, #16
+ adds r7, r4, r7
+ ldr r4, [r2, #16]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #64]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #92] @ 4-byte Spill
+ adcs r7, r5, r9
+ str r7, [sp, #28] @ 4-byte Spill
+ adcs r7, r6, r8
+ ldr r8, [r2, #20]
+ str r7, [sp, #24] @ 4-byte Spill
+ adcs r7, r10, r12
+ add r10, r1, #32
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r1, #64]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r7, [sp] @ 4-byte Spill
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldm r10, {r7, r9, r10}
+ ldr r2, [r1, #48]
+ ldr r5, [r1, #44]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #36] @ 4-byte Reload
+ ldr r6, [sp, #28] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r11, [r0]
+ str r6, [r0, #4]
+ ldr r6, [sp, #24] @ 4-byte Reload
+ ldr r4, [sp, #32] @ 4-byte Reload
+ adcs r2, r8, r2
+ str r6, [r0, #8]
+ str r4, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r1, r1, r12
+ str r1, [r0, #24]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [r0, #28]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [r0, #32]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r2, r2, r9
+ str r2, [r0, #36]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs lr, r1, r10
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r4, r1, r5
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r4, [sp, #68] @ 4-byte Spill
+ adcs r12, r1, r2
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r12, [sp, #72] @ 4-byte Spill
+ adcs r5, r1, r2
+ ldr r1, [sp, #80] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r5, [sp, #76] @ 4-byte Spill
+ adcs r7, r1, r2
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r7, [sp, #80] @ 4-byte Spill
+ adcs r9, r1, r2
+ ldr r1, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r9, [sp, #84] @ 4-byte Spill
+ adcs r10, r1, r2
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r10, [sp, #64] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #92] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ str r1, [sp, #88] @ 4-byte Spill
+ ldmib r3, {r1, r2, r8}
+ ldr r6, [r3, #16]
+ ldr r11, [r3]
+ str r6, [sp, #48] @ 4-byte Spill
+ ldr r6, [r3, #20]
+ subs r11, lr, r11
+ sbcs r1, r4, r1
+ sbcs r2, r12, r2
+ sbcs r12, r5, r8
+ ldr r8, [r3, #32]
+ ldr r5, [r3, #36]
+ str r6, [sp, #52] @ 4-byte Spill
+ ldr r6, [r3, #24]
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [r3, #28]
+ ldr r3, [sp, #48] @ 4-byte Reload
+ str r6, [sp, #60] @ 4-byte Spill
+ sbcs r6, r7, r3
+ ldr r3, [sp, #52] @ 4-byte Reload
+ ldr r4, [sp, #60] @ 4-byte Reload
+ sbcs r7, r9, r3
+ ldr r3, [sp, #56] @ 4-byte Reload
+ sbcs r9, r10, r3
+ ldr r3, [sp, #100] @ 4-byte Reload
+ sbcs r10, r3, r4
+ ldr r3, [sp, #96] @ 4-byte Reload
+ ldr r4, [sp, #68] @ 4-byte Reload
+ sbcs r8, r3, r8
+ ldr r3, [sp, #92] @ 4-byte Reload
+ sbcs r5, r3, r5
+ ldr r3, [sp, #88] @ 4-byte Reload
+ sbc r3, r3, #0
+ ands r3, r3, #1
+ movne r11, lr
+ movne r1, r4
+ str r11, [r0, #40]
+ str r1, [r0, #44]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ movne r2, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ cmp r3, #0
+ str r2, [r0, #48]
+ movne r12, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r12, [r0, #52]
+ movne r6, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r6, [r0, #56]
+ movne r7, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ cmp r3, #0
+ str r7, [r0, #60]
+ movne r9, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r9, [r0, #64]
+ movne r10, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r10, [r0, #68]
+ movne r8, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ cmp r3, #0
+ str r8, [r0, #72]
+ movne r5, r1
+ str r5, [r0, #76]
+ add sp, sp, #104
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end156:
+ .size mcl_fpDbl_add10L, .Lfunc_end156-mcl_fpDbl_add10L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub10L
+ .align 2
+ .type mcl_fpDbl_sub10L,%function
+mcl_fpDbl_sub10L: @ @mcl_fpDbl_sub10L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #96
+ sub sp, sp, #96
+ ldr r7, [r2, #64]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #52] @ 4-byte Spill
+ ldm r2, {r6, r7, r8, r9}
+ ldm r1, {r12, lr}
+ ldr r4, [r1, #8]
+ ldr r10, [r2, #20]
+ ldr r5, [r1, #12]
+ subs r11, r12, r6
+ ldr r6, [r2, #28]
+ sbcs r7, lr, r7
+ add lr, r1, #16
+ sbcs r8, r4, r8
+ ldr r4, [r2, #16]
+ sbcs r5, r5, r9
+ ldr r9, [r1, #32]
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [r2, #24]
+ ldr r2, [r1, #64]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r6, [sp, #24] @ 4-byte Spill
+ ldr r6, [r1, #44]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #36]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #40]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ str r11, [r0]
+ stmib r0, {r7, r8}
+ str r5, [r0, #12]
+ ldr r7, [sp] @ 4-byte Reload
+ ldr r8, [r3, #20]
+ sbcs r1, r1, r4
+ str r1, [r0, #16]
+ sbcs r2, r2, r10
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r1, r12, r1
+ str r1, [r0, #24]
+ sbcs r2, lr, r2
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r2, [r0, #28]
+ ldr r2, [sp, #56] @ 4-byte Reload
+ sbcs r1, r9, r1
+ sbcs r2, r7, r2
+ str r1, [r0, #32]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r2, [r0, #36]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ sbcs r12, r2, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r12, [sp, #48] @ 4-byte Spill
+ sbcs r4, r6, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ sbcs r11, r2, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r11, [sp, #52] @ 4-byte Spill
+ sbcs r6, r2, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r6, [sp, #64] @ 4-byte Spill
+ sbcs r7, r2, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r7, [sp, #68] @ 4-byte Spill
+ sbcs r9, r2, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r9, [sp, #76] @ 4-byte Spill
+ sbcs r1, r2, r1
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ sbcs r1, r2, r1
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ sbcs r10, r2, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r10, [sp, #80] @ 4-byte Spill
+ sbcs lr, r2, r1
+ mov r1, #0
+ ldr r2, [r3, #4]
+ sbc r1, r1, #0
+ str lr, [sp, #84] @ 4-byte Spill
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [r3, #8]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [r3, #12]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ ldr r5, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ ldr r3, [r3]
+ str r1, [sp, #44] @ 4-byte Spill
+ adds r1, r12, r3
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r2, r4, r2
+ adcs r3, r11, r3
+ adcs r12, r6, r5
+ ldr r6, [sp, #36] @ 4-byte Reload
+ ldr r5, [sp, #92] @ 4-byte Reload
+ adcs r6, r7, r6
+ ldr r7, [sp, #40] @ 4-byte Reload
+ adcs r8, r9, r8
+ adcs r9, r5, r7
+ ldr r5, [sp, #44] @ 4-byte Reload
+ ldr r7, [sp, #88] @ 4-byte Reload
+ adcs r7, r7, r5
+ ldr r5, [sp, #56] @ 4-byte Reload
+ adcs r11, r10, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adc r10, lr, r5
+ ldr r5, [sp, #72] @ 4-byte Reload
+ ands lr, r5, #1
+ ldr r5, [sp, #48] @ 4-byte Reload
+ moveq r2, r4
+ moveq r1, r5
+ str r1, [r0, #40]
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r2, [r0, #44]
+ moveq r3, r1
+ ldr r1, [sp, #64] @ 4-byte Reload
+ cmp lr, #0
+ str r3, [r0, #48]
+ moveq r12, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r12, [r0, #52]
+ moveq r6, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r6, [r0, #56]
+ moveq r8, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ cmp lr, #0
+ str r8, [r0, #60]
+ moveq r9, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r9, [r0, #64]
+ moveq r7, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r7, [r0, #68]
+ moveq r11, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ cmp lr, #0
+ str r11, [r0, #72]
+ moveq r10, r1
+ str r10, [r0, #76]
+ add sp, sp, #96
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end157:
+ .size mcl_fpDbl_sub10L, .Lfunc_end157-mcl_fpDbl_sub10L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv352x32,%function
+.LmulPv352x32: @ @mulPv352x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r3, [r1, #36]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #36]
+ ldr r1, [r1, #40]
+ umull r3, r7, r1, r2
+ adcs r1, r5, r3
+ str r1, [r0, #40]
+ adc r1, r7, #0
+ str r1, [r0, #44]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end158:
+ .size .LmulPv352x32, .Lfunc_end158-.LmulPv352x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre11L
+ .align 2
+ .type mcl_fp_mulUnitPre11L,%function
+mcl_fp_mulUnitPre11L: @ @mcl_fp_mulUnitPre11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, lr}
+ .pad #48
+ sub sp, sp, #48
+ mov r4, r0
+ mov r0, sp
+ bl .LmulPv352x32(PLT)
+ ldr r12, [sp, #44]
+ ldr lr, [sp, #40]
+ ldr r8, [sp, #36]
+ ldr r9, [sp, #32]
+ ldr r10, [sp, #28]
+ ldr r1, [sp, #24]
+ ldr r5, [sp, #20]
+ ldr r6, [sp, #16]
+ ldr r7, [sp]
+ ldmib sp, {r2, r3}
+ ldr r0, [sp, #12]
+ str r7, [r4]
+ stmib r4, {r2, r3}
+ str r0, [r4, #12]
+ str r6, [r4, #16]
+ str r5, [r4, #20]
+ str r1, [r4, #24]
+ str r10, [r4, #28]
+ str r9, [r4, #32]
+ str r8, [r4, #36]
+ str lr, [r4, #40]
+ str r12, [r4, #44]
+ add sp, sp, #48
+ pop {r4, r5, r6, r7, r8, r9, r10, lr}
+ mov pc, lr
+.Lfunc_end159:
+ .size mcl_fp_mulUnitPre11L, .Lfunc_end159-mcl_fp_mulUnitPre11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre11L
+ .align 2
+ .type mcl_fpDbl_mulPre11L,%function
+mcl_fpDbl_mulPre11L: @ @mcl_fpDbl_mulPre11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #604
+ sub sp, sp, #604
+ mov r3, r2
+ mov r4, r0
+ add r0, sp, #552
+ str r1, [sp, #68] @ 4-byte Spill
+ mov r5, r1
+ ldr r2, [r3]
+ str r3, [sp, #64] @ 4-byte Spill
+ str r4, [sp, #60] @ 4-byte Spill
+ mov r6, r3
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #596]
+ ldr r1, [sp, #560]
+ ldr r2, [r6, #4]
+ ldr r11, [sp, #556]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #564]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r1, [sp, #20] @ 4-byte Spill
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #576]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #572]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #568]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #552]
+ str r0, [r4]
+ add r0, sp, #504
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #548]
+ add r10, sp, #532
+ add r12, sp, #508
+ mov r6, r4
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r5, r8, r9, r10}
+ ldr r1, [sp, #504]
+ ldr lr, [sp, #528]
+ ldr r7, [sp, #524]
+ ldm r12, {r0, r2, r3, r12}
+ adds r1, r1, r11
+ str r1, [r4, #4]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r2, [r5, #8]
+ adcs r0, r8, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #456
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #500]
+ add r10, sp, #484
+ add r12, sp, #460
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #496]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr lr, [sp, #480]
+ ldr r7, [sp, #476]
+ ldr r1, [sp, #456]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r11, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r11
+ str r1, [r6, #8]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #12]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #408
+ bl .LmulPv352x32(PLT)
+ add r10, sp, #444
+ add lr, sp, #432
+ add r12, sp, #412
+ ldm r10, {r8, r9, r10}
+ ldm lr, {r6, r11, lr}
+ ldr r7, [sp, #428]
+ ldr r1, [sp, #408]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r4
+ ldr r4, [sp, #60] @ 4-byte Reload
+ str r1, [r4, #12]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ ldr r5, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r3, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #360
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #404]
+ add r10, sp, #392
+ add r12, sp, #364
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr lr, [sp, #388]
+ ldr r6, [sp, #384]
+ ldr r7, [sp, #380]
+ ldr r1, [sp, #360]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r11, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r11
+ str r1, [r4, #16]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #20]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #312
+ bl .LmulPv352x32(PLT)
+ add r11, sp, #344
+ add r12, sp, #316
+ ldm r11, {r8, r9, r10, r11}
+ ldr lr, [sp, #340]
+ ldr r6, [sp, #336]
+ ldr r7, [sp, #332]
+ ldr r1, [sp, #312]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r5, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ str r1, [r5, #20]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #24]
+ ldr r4, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ mov r1, r4
+ adcs r0, r3, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #264
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #308]
+ add r10, sp, #296
+ add r12, sp, #268
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr lr, [sp, #292]
+ ldr r6, [sp, #288]
+ ldr r7, [sp, #284]
+ ldr r1, [sp, #264]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r11, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r11
+ str r1, [r5, #24]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #28]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #216
+ bl .LmulPv352x32(PLT)
+ add r10, sp, #252
+ add lr, sp, #240
+ add r12, sp, #220
+ ldm r10, {r8, r9, r10}
+ ldm lr, {r6, r11, lr}
+ ldr r7, [sp, #236]
+ ldr r1, [sp, #216]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r4, [sp, #16] @ 4-byte Reload
+ adds r1, r1, r4
+ ldr r4, [sp, #60] @ 4-byte Reload
+ str r1, [r4, #28]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ ldr r5, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mov r1, r5
+ adcs r0, r3, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #168
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #212]
+ add r10, sp, #200
+ add r12, sp, #172
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr lr, [sp, #196]
+ ldr r6, [sp, #192]
+ ldr r7, [sp, #188]
+ ldr r1, [sp, #168]
+ ldm r12, {r0, r2, r3, r12}
+ ldr r11, [sp, #12] @ 4-byte Reload
+ adds r1, r1, r11
+ ldr r11, [sp, #64] @ 4-byte Reload
+ str r1, [r4, #32]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r11, #36]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #120
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #164]
+ add lr, sp, #152
+ add r10, sp, #140
+ add r8, sp, #128
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm lr, {r9, r12, lr}
+ ldm r10, {r0, r6, r10}
+ ldr r2, [sp, #120]
+ ldr r3, [sp, #124]
+ ldm r8, {r1, r7, r8}
+ ldr r5, [sp, #12] @ 4-byte Reload
+ adds r2, r2, r5
+ ldr r5, [sp, #56] @ 4-byte Reload
+ str r2, [r4, #36]
+ ldr r2, [r11, #40]
+ adcs r11, r3, r5
+ ldr r3, [sp, #52] @ 4-byte Reload
+ adcs r5, r1, r3
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r7, r7, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r8, r8, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r10, r10, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #72
+ bl .LmulPv352x32(PLT)
+ add r3, sp, #72
+ ldm r3, {r0, r1, r2, r3}
+ ldr r9, [sp, #116]
+ ldr r6, [sp, #112]
+ adds r12, r0, r11
+ add r11, sp, #88
+ adcs lr, r1, r5
+ adcs r2, r2, r7
+ adcs r3, r3, r8
+ ldr r8, [sp, #108]
+ ldm r11, {r0, r1, r5, r7, r11}
+ str r12, [r4, #40]
+ str lr, [r4, #44]
+ str r2, [r4, #48]
+ ldr r2, [sp, #40] @ 4-byte Reload
+ add r12, r4, #72
+ str r3, [r4, #52]
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [r4, #56]
+ adcs r1, r1, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r0, r5, r10
+ str r1, [r4, #60]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r0, [r4, #64]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [r4, #68]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r11, r0
+ adcs r1, r8, r1
+ adcs r2, r6, r2
+ adc r3, r9, #0
+ stm r12, {r0, r1, r2, r3}
+ add sp, sp, #604
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end160:
+ .size mcl_fpDbl_mulPre11L, .Lfunc_end160-mcl_fpDbl_mulPre11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre11L
+ .align 2
+ .type mcl_fpDbl_sqrPre11L,%function
+mcl_fpDbl_sqrPre11L: @ @mcl_fpDbl_sqrPre11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #596
+ sub sp, sp, #596
+ mov r5, r1
+ mov r4, r0
+ add r0, sp, #544
+ ldr r2, [r5]
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #588]
+ ldr r1, [sp, #548]
+ ldr r2, [r5, #4]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #552]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #556]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #576]
+ str r1, [sp, #24] @ 4-byte Spill
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #572]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #568]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #564]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #560]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ str r0, [r4]
+ add r0, sp, #496
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #540]
+ add r10, sp, #520
+ add lr, sp, #496
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #4]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #8]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #448
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #492]
+ add r10, sp, #476
+ add lr, sp, #448
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #472]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #8]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #12]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #400
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #444]
+ add r10, sp, #428
+ add lr, sp, #400
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #424]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #12]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #352
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #396]
+ add r10, sp, #380
+ add lr, sp, #352
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #376]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #16]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #20]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #304
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #348]
+ add r10, sp, #332
+ add lr, sp, #304
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #328]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #20]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #24]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #256
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #300]
+ add r10, sp, #284
+ add lr, sp, #256
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #280]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #24]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #28]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #208
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #252]
+ add r10, sp, #236
+ add lr, sp, #208
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #232]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #20] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #28]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #160
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #204]
+ add r10, sp, #188
+ add lr, sp, #160
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r7, [sp, #184]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #16] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #32]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #36]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #112
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #156]
+ add lr, sp, #140
+ add r12, sp, #124
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r8, r11, lr}
+ ldr r9, [sp, #136]
+ ldr r2, [sp, #112]
+ ldr r7, [sp, #116]
+ ldr r6, [sp, #120]
+ ldm r12, {r0, r3, r12}
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adds r2, r2, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r2, [r4, #36]
+ ldr r2, [r5, #40]
+ adcs r7, r7, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r6, r6, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r11, r11, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #64
+ bl .LmulPv352x32(PLT)
+ add r3, sp, #64
+ ldm r3, {r0, r1, r2, r3}
+ ldr r9, [sp, #108]
+ ldr r8, [sp, #104]
+ adds r12, r0, r7
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs lr, r1, r6
+ adcs r2, r2, r10
+ add r10, sp, #80
+ adcs r3, r3, r0
+ ldm r10, {r0, r1, r5, r6, r7, r10}
+ str r12, [r4, #40]
+ str lr, [r4, #44]
+ str r2, [r4, #48]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ add r12, r4, #72
+ str r3, [r4, #52]
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [r4, #56]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r1, [r4, #60]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r0, [r4, #64]
+ adcs r0, r6, r11
+ str r0, [r4, #68]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ adcs r1, r10, r1
+ adcs r2, r8, r2
+ adc r3, r9, #0
+ stm r12, {r0, r1, r2, r3}
+ add sp, sp, #596
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end161:
+ .size mcl_fpDbl_sqrPre11L, .Lfunc_end161-mcl_fpDbl_sqrPre11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont11L
+ .align 2
+ .type mcl_fp_mont11L,%function
+mcl_fp_mont11L: @ @mcl_fp_mont11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #132
+ sub sp, sp, #132
+ .pad #1024
+ sub sp, sp, #1024
+ mov r7, r2
+ ldr r5, [r3, #-4]
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #1104
+ str r3, [sp, #92] @ 4-byte Spill
+ str r1, [sp, #84] @ 4-byte Spill
+ mov r4, r3
+ mov r6, r1
+ ldr r2, [r7]
+ str r7, [sp, #80] @ 4-byte Spill
+ str r5, [sp, #88] @ 4-byte Spill
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #1108]
+ ldr r8, [sp, #1104]
+ mov r1, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1112]
+ mul r2, r8, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1116]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1144]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1140]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1136]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1132]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1128]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1124]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1120]
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #1056
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #1100]
+ ldr r2, [r7, #4]
+ ldr r11, [sp, #1072]
+ ldr r5, [sp, #1056]
+ ldr r4, [sp, #1060]
+ ldr r10, [sp, #1064]
+ ldr r9, [sp, #1068]
+ mov r1, r6
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1096]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1092]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1088]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1084]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1080]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1076]
+ str r0, [sp, #4] @ 4-byte Spill
+ add r0, sp, #1008
+ bl .LmulPv352x32(PLT)
+ adds r0, r5, r8
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ add lr, sp, #1008
+ ldr r7, [sp, #1044]
+ ldr r6, [sp, #1040]
+ ldr r5, [sp, #1036]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r8, r4, r0
+ mov r0, #0
+ ldr r4, [sp, #1032]
+ adcs r1, r10, r1
+ ldr r10, [sp, #1052]
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r11, r1
+ ldr r11, [sp, #1048]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r2, r1
+ str r1, [sp, #28] @ 4-byte Spill
+ adc r9, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r8, r8, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r9, r10
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #960
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #1004]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #984]
+ ldr r6, [sp, #980]
+ ldr r9, [sp, #976]
+ ldr r10, [sp, #960]
+ ldr r11, [sp, #964]
+ ldr r7, [sp, #968]
+ ldr r4, [sp, #972]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1000]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #996]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #992]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #912
+ bl .LmulPv352x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #916
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #940
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r5, r6, r7, r8, r11}
+ ldr r4, [sp, #912]
+ adc r10, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r9, [sp, #76] @ 4-byte Reload
+ adds r9, r9, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r10, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #864
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #908]
+ add r11, sp, #864
+ ldr r7, [sp, #888]
+ ldr r5, [sp, #884]
+ ldr r8, [sp, #880]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #904]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #900]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #896]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r6, [sp, #876]
+ ldr r2, [r0, #12]
+ add r0, sp, #816
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #816
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #840
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adds r8, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #768
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #812]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #792]
+ ldr r6, [sp, #788]
+ ldr r9, [sp, #784]
+ ldr r10, [sp, #768]
+ ldr r11, [sp, #772]
+ ldr r7, [sp, #776]
+ ldr r4, [sp, #780]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #720
+ bl .LmulPv352x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #724
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #748
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r5, r6, r7, r8, r11}
+ ldr r4, [sp, #720]
+ adc r10, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r9, [sp, #76] @ 4-byte Reload
+ adds r9, r9, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r10, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #672
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #716]
+ add r11, sp, #672
+ ldr r7, [sp, #696]
+ ldr r5, [sp, #692]
+ ldr r8, [sp, #688]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #712]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r6, [sp, #684]
+ ldr r2, [r0, #20]
+ add r0, sp, #624
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #624
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #648
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adds r8, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #576
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #620]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #600]
+ ldr r6, [sp, #596]
+ ldr r9, [sp, #592]
+ ldr r10, [sp, #576]
+ ldr r11, [sp, #580]
+ ldr r7, [sp, #584]
+ ldr r4, [sp, #588]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #616]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #612]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #528
+ bl .LmulPv352x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #532
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #556
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r5, r6, r7, r8, r11}
+ ldr r4, [sp, #528]
+ adc r10, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r9, [sp, #76] @ 4-byte Reload
+ adds r9, r9, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r10, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #480
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #524]
+ add r11, sp, #480
+ ldr r7, [sp, #504]
+ ldr r5, [sp, #500]
+ ldr r8, [sp, #496]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #520]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #516]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #512]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r6, [sp, #492]
+ ldr r2, [r0, #28]
+ add r0, sp, #432
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #432
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #456
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adds r8, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #384
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #428]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #408]
+ ldr r6, [sp, #404]
+ ldr r9, [sp, #400]
+ ldr r10, [sp, #384]
+ ldr r11, [sp, #388]
+ ldr r7, [sp, #392]
+ ldr r4, [sp, #396]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #424]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #420]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #336
+ bl .LmulPv352x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #340
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #364
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldm r11, {r5, r6, r7, r8, r11}
+ ldr r4, [sp, #336]
+ adc r10, r0, #0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r9, [sp, #76] @ 4-byte Reload
+ adds r9, r9, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adcs r0, r10, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r9, r0
+ add r0, sp, #288
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #332]
+ add r11, sp, #288
+ ldr r7, [sp, #312]
+ ldr r5, [sp, #308]
+ ldr r8, [sp, #304]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #328]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #324]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #320]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #316]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r6, [sp, #300]
+ ldr r2, [r0, #36]
+ add r0, sp, #240
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #240
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #264
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adds r8, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #192
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #236]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r5, [sp, #216]
+ ldr r6, [sp, #212]
+ ldr r9, [sp, #208]
+ ldr r10, [sp, #192]
+ ldr r11, [sp, #196]
+ ldr r7, [sp, #200]
+ ldr r4, [sp, #204]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #232]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #228]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #144
+ bl .LmulPv352x32(PLT)
+ adds r0, r8, r10
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #144
+ add r12, sp, #160
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r10, r1, r7
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r11, r1, r4
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r9
+ add r9, sp, #180
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #48] @ 4-byte Spill
+ ldm lr, {r2, r6, lr}
+ ldr r5, [sp, #156]
+ adds r4, r0, r2
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r6, r10, r6
+ mul r1, r4, r0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm r9, {r7, r8, r9}
+ ldm r12, {r0, r1, r2, r3, r12}
+ str r6, [sp, #40] @ 4-byte Spill
+ adcs r6, r11, lr
+ ldr r10, [sp, #92] @ 4-byte Reload
+ str r6, [sp, #36] @ 4-byte Spill
+ ldr r6, [sp, #84] @ 4-byte Reload
+ adcs r11, r6, r5
+ ldr r6, [sp, #80] @ 4-byte Reload
+ adcs r6, r6, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r5, r0, r3
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r8, r0, r9
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #96
+ bl .LmulPv352x32(PLT)
+ add r7, sp, #96
+ ldm r7, {r0, r1, r3, r7}
+ adds r0, r4, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs lr, r0, r1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str lr, [sp, #44] @ 4-byte Spill
+ adcs r1, r0, r3
+ ldr r3, [sp, #112]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r9, r11, r7
+ str r1, [sp, #48] @ 4-byte Spill
+ adcs r6, r6, r3
+ ldr r3, [sp, #116]
+ str r6, [sp, #52] @ 4-byte Spill
+ adcs r0, r0, r3
+ ldr r3, [sp, #120]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r12, r0, r3
+ ldr r3, [sp, #124]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r12, [sp, #56] @ 4-byte Spill
+ adcs r5, r5, r3
+ ldr r3, [sp, #128]
+ str r5, [sp, #60] @ 4-byte Spill
+ adcs r0, r0, r3
+ ldr r3, [sp, #132]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [sp, #136]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [sp, #140]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r8, r8, r3
+ adc r0, r0, #0
+ str r8, [sp, #68] @ 4-byte Spill
+ str r0, [sp, #64] @ 4-byte Spill
+ ldmib r10, {r3, r7}
+ ldr r4, [r10, #16]
+ ldr r11, [r10]
+ ldr r2, [r10, #12]
+ mov r0, r10
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r10, #20]
+ subs r11, lr, r11
+ ldr lr, [sp, #84] @ 4-byte Reload
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r10, #24]
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r10, #28]
+ sbcs r10, r1, r3
+ mov r3, r9
+ ldr r9, [r0, #32]
+ sbcs r1, r3, r7
+ ldr r7, [r0, #36]
+ ldr r0, [r0, #40]
+ sbcs r2, r6, r2
+ ldr r6, [sp, #36] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [sp, #28] @ 4-byte Reload
+ sbcs lr, lr, r4
+ ldr r4, [sp, #32] @ 4-byte Reload
+ sbcs r4, r12, r4
+ ldr r12, [sp, #88] @ 4-byte Reload
+ sbcs r5, r5, r6
+ ldr r6, [sp, #40] @ 4-byte Reload
+ sbcs r12, r12, r6
+ ldr r6, [sp, #80] @ 4-byte Reload
+ sbcs r9, r6, r9
+ ldr r6, [sp, #76] @ 4-byte Reload
+ sbcs r7, r6, r7
+ ldr r6, [sp, #64] @ 4-byte Reload
+ sbcs r0, r8, r0
+ ldr r8, [sp, #72] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbc r6, r6, #0
+ ands r6, r6, #1
+ movne r11, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ movne r1, r3
+ str r11, [r8]
+ movne r10, r0
+ cmp r6, #0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r10, [r8, #4]
+ str r1, [r8, #8]
+ ldr r1, [sp, #52] @ 4-byte Reload
+ movne r2, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r2, [r8, #12]
+ movne lr, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str lr, [r8, #16]
+ movne r4, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ cmp r6, #0
+ str r4, [r8, #20]
+ movne r5, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r5, [r8, #24]
+ movne r12, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r12, [r8, #28]
+ movne r9, r1
+ ldr r1, [sp, #76] @ 4-byte Reload
+ cmp r6, #0
+ str r9, [r8, #32]
+ movne r7, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r7, [r8, #36]
+ movne r0, r1
+ str r0, [r8, #40]
+ add sp, sp, #132
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end162:
+ .size mcl_fp_mont11L, .Lfunc_end162-mcl_fp_mont11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF11L
+ .align 2
+ .type mcl_fp_montNF11L,%function
+mcl_fp_montNF11L: @ @mcl_fp_montNF11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #124
+ sub sp, sp, #124
+ .pad #1024
+ sub sp, sp, #1024
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ add r6, sp, #1024
+ str r0, [sp, #68] @ 4-byte Spill
+ str r3, [sp, #84] @ 4-byte Spill
+ str r1, [sp, #76] @ 4-byte Spill
+ mov r4, r3
+ add r0, r6, #72
+ str r5, [sp, #80] @ 4-byte Spill
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #1100]
+ ldr r10, [sp, #1096]
+ add r9, sp, #1024
+ mov r1, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1104]
+ mul r2, r10, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1108]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1140]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1136]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1132]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1128]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1124]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1120]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1116]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1112]
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, r9, #24
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #1092]
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #1072]
+ ldr r7, [sp, #1068]
+ ldr r8, [sp, #1064]
+ ldr r11, [sp, #1048]
+ ldr r4, [sp, #1052]
+ ldr r6, [sp, #1056]
+ ldr r9, [sp, #1060]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1088]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1084]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1080]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1076]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, sp, #1000
+ bl .LmulPv352x32(PLT)
+ adds r0, r11, r10
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add r11, sp, #1024
+ add lr, sp, #1000
+ ldr r10, [sp, #1044]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r8, r11}
+ adc r9, r1, r0
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #952
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #996]
+ add r11, sp, #952
+ ldr r6, [sp, #976]
+ ldr r4, [sp, #972]
+ ldr r8, [sp, #968]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #992]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #984]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #980]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #964]
+ ldr r2, [r0, #8]
+ add r0, sp, #904
+ bl .LmulPv352x32(PLT)
+ adds r0, r7, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #908
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #948]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #932
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r5, r6, r9, r11}
+ ldr r4, [sp, #904]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r8, [sp, #64] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adds r4, r8, r4
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #856
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #900]
+ add r11, sp, #856
+ ldr r7, [sp, #880]
+ ldr r5, [sp, #876]
+ ldr r8, [sp, #872]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #896]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #888]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #884]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r6, [sp, #868]
+ ldr r2, [r0, #12]
+ add r0, sp, #808
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #808
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #852]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #832
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r8, r11}
+ adc r9, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #760
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #804]
+ add r11, sp, #760
+ ldr r6, [sp, #784]
+ ldr r4, [sp, #780]
+ ldr r8, [sp, #776]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #772]
+ ldr r2, [r0, #16]
+ add r0, sp, #712
+ bl .LmulPv352x32(PLT)
+ adds r0, r7, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #716
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #756]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #740
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r5, r6, r9, r11}
+ ldr r4, [sp, #712]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r8, [sp, #64] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adds r4, r8, r4
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #664
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #708]
+ add r11, sp, #664
+ ldr r7, [sp, #688]
+ ldr r5, [sp, #684]
+ ldr r8, [sp, #680]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r6, [sp, #676]
+ ldr r2, [r0, #20]
+ add r0, sp, #616
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #616
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #660]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #640
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r8, r11}
+ adc r9, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #568
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #612]
+ add r11, sp, #568
+ ldr r6, [sp, #592]
+ ldr r4, [sp, #588]
+ ldr r8, [sp, #584]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #580]
+ ldr r2, [r0, #24]
+ add r0, sp, #520
+ bl .LmulPv352x32(PLT)
+ adds r0, r7, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #524
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #564]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #548
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r5, r6, r9, r11}
+ ldr r4, [sp, #520]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r8, [sp, #64] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adds r4, r8, r4
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #472
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #516]
+ add r11, sp, #472
+ ldr r7, [sp, #496]
+ ldr r5, [sp, #492]
+ ldr r8, [sp, #488]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #512]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r6, [sp, #484]
+ ldr r2, [r0, #28]
+ add r0, sp, #424
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #424
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #468]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #448
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r8, r11}
+ adc r9, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #376
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #420]
+ add r11, sp, #376
+ ldr r6, [sp, #400]
+ ldr r4, [sp, #396]
+ ldr r8, [sp, #392]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #408]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #404]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #388]
+ ldr r2, [r0, #32]
+ add r0, sp, #328
+ bl .LmulPv352x32(PLT)
+ adds r0, r7, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #332
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #372]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #356
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r5, r6, r9, r11}
+ ldr r4, [sp, #328]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r8, [sp, #64] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adds r4, r8, r4
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r4, r0
+ add r0, sp, #280
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #324]
+ add r11, sp, #280
+ ldr r7, [sp, #304]
+ ldr r5, [sp, #300]
+ ldr r8, [sp, #296]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #320]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #316]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #312]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #308]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r6, [sp, #292]
+ ldr r2, [r0, #36]
+ add r0, sp, #232
+ bl .LmulPv352x32(PLT)
+ adds r0, r4, r9
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #232
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #276]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #256
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldm r11, {r4, r5, r6, r8, r11}
+ adc r9, r0, r1
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #32] @ 4-byte Spill
+ adcs r0, r9, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #184
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #228]
+ add r11, sp, #184
+ ldr r6, [sp, #208]
+ ldr r4, [sp, #204]
+ ldr r8, [sp, #200]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #196]
+ ldr r2, [r0, #40]
+ add r0, sp, #136
+ bl .LmulPv352x32(PLT)
+ adds r0, r7, r9
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ ldr lr, [sp, #140]
+ add r9, sp, #172
+ add r12, sp, #152
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ adcs r11, r1, r11
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r10, r1, r5
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #148]
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #144]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #136]
+ str r1, [sp, #44] @ 4-byte Spill
+ adds r5, r0, r2
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r11, r11, lr
+ adcs r6, r10, r6
+ mul r1, r5, r0
+ str r1, [sp, #40] @ 4-byte Spill
+ ldm r9, {r7, r8, r9}
+ ldm r12, {r0, r1, r2, r3, r12}
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [sp, #76] @ 4-byte Reload
+ adcs r10, r6, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #88
+ adc r9, r9, #0
+ bl .LmulPv352x32(PLT)
+ add r7, sp, #88
+ ldm r7, {r0, r1, r3, r7}
+ adds r0, r5, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r8, r11, r1
+ str r8, [sp, #28] @ 4-byte Spill
+ adcs r6, r0, r3
+ ldr r3, [sp, #104]
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r2, r10, r7
+ str r6, [sp, #44] @ 4-byte Spill
+ str r2, [sp, #48] @ 4-byte Spill
+ adcs r7, r0, r3
+ ldr r3, [sp, #108]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r0, r0, r3
+ ldr r3, [sp, #112]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r5, r0, r3
+ ldr r3, [sp, #116]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r5, [sp, #56] @ 4-byte Spill
+ adcs lr, r0, r3
+ ldr r3, [sp, #120]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str lr, [sp, #60] @ 4-byte Spill
+ adcs r0, r0, r3
+ ldr r3, [sp, #124]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [sp, #128]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r10, r0, r3
+ ldr r3, [sp, #132]
+ str r10, [sp, #64] @ 4-byte Spill
+ adc r12, r9, r3
+ mov r3, r4
+ str r12, [sp, #40] @ 4-byte Spill
+ ldmib r3, {r0, r1, r9}
+ ldr r4, [r3, #16]
+ ldr r11, [r3]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r3, #20]
+ subs r11, r8, r11
+ ldr r8, [r3, #36]
+ sbcs r0, r6, r0
+ sbcs r1, r2, r1
+ sbcs r2, r7, r9
+ ldr r9, [r3, #32]
+ ldr r7, [sp, #80] @ 4-byte Reload
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [r3, #24]
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r3, #28]
+ ldr r3, [r3, #40]
+ str r4, [sp, #36] @ 4-byte Spill
+ str r3, [sp, #84] @ 4-byte Spill
+ ldr r3, [sp, #72] @ 4-byte Reload
+ ldr r4, [sp, #20] @ 4-byte Reload
+ ldr r6, [sp, #36] @ 4-byte Reload
+ sbcs r3, r3, r4
+ ldr r4, [sp, #24] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #32] @ 4-byte Reload
+ sbcs r5, lr, r5
+ sbcs lr, r7, r6
+ ldr r7, [sp, #76] @ 4-byte Reload
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r9, r7, r9
+ ldr r7, [sp, #28] @ 4-byte Reload
+ sbcs r10, r10, r8
+ ldr r8, [sp, #68] @ 4-byte Reload
+ sbc r12, r12, r6
+ asr r6, r12, #31
+ cmp r6, #0
+ movlt r11, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r11, [r8]
+ movlt r0, r7
+ str r0, [r8, #4]
+ ldr r0, [sp, #48] @ 4-byte Reload
+ movlt r1, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ cmp r6, #0
+ str r1, [r8, #8]
+ movlt r2, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r2, [r8, #12]
+ movlt r3, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r3, [r8, #16]
+ movlt r4, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r6, #0
+ str r4, [r8, #20]
+ movlt r5, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r5, [r8, #24]
+ movlt lr, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str lr, [r8, #28]
+ movlt r9, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ cmp r6, #0
+ movlt r10, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ movlt r12, r0
+ add r0, r8, #32
+ stm r0, {r9, r10, r12}
+ add sp, sp, #124
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end163:
+ .size mcl_fp_montNF11L, .Lfunc_end163-mcl_fp_montNF11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed11L
+ .align 2
+ .type mcl_fp_montRed11L,%function
+mcl_fp_montRed11L: @ @mcl_fp_montRed11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #676
+ sub sp, sp, #676
+ mov r10, r2
+ str r0, [sp, #136] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r5, [r1]
+ ldr r0, [r10]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [r10, #4]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #128] @ 4-byte Spill
+ ldr r0, [r10, #8]
+ str r2, [sp, #56] @ 4-byte Spill
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [r10, #12]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [r10, #16]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [r10, #20]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [r10, #24]
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [r10, #-4]
+ str r0, [sp, #140] @ 4-byte Spill
+ mul r2, r5, r0
+ ldr r0, [r10, #28]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r10, #32]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r10, #36]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r10, #40]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r1, #72]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r1, #76]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r1, #80]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r1, #84]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ mov r1, r10
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #624
+ bl .LmulPv352x32(PLT)
+ add r11, sp, #656
+ add lr, sp, #624
+ ldm r11, {r4, r8, r9, r11}
+ ldr r7, [sp, #652]
+ ldr r6, [sp, #648]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r5, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mov r1, r10
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #140] @ 4-byte Reload
+ mul r2, r5, r0
+ add r0, sp, #576
+ bl .LmulPv352x32(PLT)
+ ldr r4, [sp, #576]
+ add r9, sp, #584
+ ldr r12, [sp, #620]
+ ldr lr, [sp, #616]
+ ldr r2, [sp, #612]
+ ldr r3, [sp, #608]
+ ldr r11, [sp, #604]
+ ldr r7, [sp, #600]
+ ldr r6, [sp, #580]
+ ldm r9, {r0, r1, r8, r9}
+ adds r4, r5, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r5, r4, r6
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #140] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ mov r9, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r5, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #528
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #572]
+ add r11, sp, #560
+ add lr, sp, #528
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r8, r11}
+ ldr r6, [sp, #556]
+ ldr r7, [sp, #552]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r9, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ mov r5, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r4
+ mov r1, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #480
+ bl .LmulPv352x32(PLT)
+ ldr r4, [sp, #480]
+ add r9, sp, #488
+ ldr r12, [sp, #524]
+ ldr lr, [sp, #520]
+ ldr r2, [sp, #516]
+ ldr r3, [sp, #512]
+ ldr r11, [sp, #508]
+ ldr r7, [sp, #504]
+ ldr r6, [sp, #484]
+ ldm r9, {r0, r1, r8, r9}
+ adds r4, r5, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r5, r4, r6
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #140] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r5, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #432
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #476]
+ add r11, sp, #460
+ add lr, sp, #432
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #456]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r4
+ mov r4, r1
+ mov r1, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #384
+ bl .LmulPv352x32(PLT)
+ ldr r6, [sp, #384]
+ add r9, sp, #392
+ ldr r12, [sp, #428]
+ ldr lr, [sp, #424]
+ ldr r2, [sp, #420]
+ ldr r3, [sp, #416]
+ ldr r11, [sp, #412]
+ ldr r5, [sp, #408]
+ ldr r7, [sp, #388]
+ ldm r9, {r0, r1, r8, r9}
+ adds r4, r4, r6
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r6, r4, r7
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #140] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ mov r5, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r6, r4
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #336
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #380]
+ add r11, sp, #364
+ add lr, sp, #336
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #360]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r4
+ mov r4, r1
+ mov r1, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #288
+ bl .LmulPv352x32(PLT)
+ ldr r6, [sp, #288]
+ add r9, sp, #296
+ ldr r12, [sp, #332]
+ ldr lr, [sp, #328]
+ ldr r2, [sp, #324]
+ ldr r3, [sp, #320]
+ ldr r11, [sp, #316]
+ ldr r5, [sp, #312]
+ ldr r7, [sp, #292]
+ ldm r9, {r0, r1, r8, r9}
+ adds r4, r4, r6
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r6, r4, r7
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #140] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ mov r5, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r6, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #240
+ bl .LmulPv352x32(PLT)
+ ldr r0, [sp, #284]
+ add r11, sp, #264
+ add lr, sp, #240
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r6, r7, r8, r9, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r5, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r5, r4
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r11, r0, r11
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ add r0, sp, #192
+ bl .LmulPv352x32(PLT)
+ add r6, sp, #192
+ add r7, sp, #208
+ ldm r6, {r0, r1, r3, r6}
+ ldr r12, [sp, #236]
+ ldr lr, [sp, #232]
+ adds r0, r5, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r8, r0, r1
+ ldr r0, [sp, #16] @ 4-byte Reload
+ mul r2, r8, r4
+ adcs r0, r0, r3
+ ldr r3, [sp, #228]
+ str r0, [sp, #140] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #224]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldm r7, {r0, r1, r4, r7}
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r9, r5, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r5, r0, r6
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r11, r11, r3
+ adcs r0, r0, lr
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r6, r0, #0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ add r0, sp, #144
+ bl .LmulPv352x32(PLT)
+ add r3, sp, #144
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r8, r0
+ ldr r0, [sp, #140] @ 4-byte Reload
+ adcs r12, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r1, [sp, #160]
+ str r12, [sp, #44] @ 4-byte Spill
+ adcs r2, r0, r2
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r3, r9, r3
+ str r2, [sp, #52] @ 4-byte Spill
+ str r3, [sp, #56] @ 4-byte Spill
+ adcs r7, r0, r1
+ ldr r1, [sp, #164]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r7, [sp, #60] @ 4-byte Spill
+ adcs r8, r4, r1
+ ldr r1, [sp, #168]
+ str r8, [sp, #64] @ 4-byte Spill
+ adcs r4, r0, r1
+ ldr r1, [sp, #172]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r4, [sp, #68] @ 4-byte Spill
+ adcs r5, r5, r1
+ ldr r1, [sp, #176]
+ str r5, [sp, #72] @ 4-byte Spill
+ adcs r11, r11, r1
+ ldr r1, [sp, #180]
+ str r11, [sp, #76] @ 4-byte Spill
+ adcs r9, r0, r1
+ ldr r1, [sp, #184]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r9, [sp, #84] @ 4-byte Spill
+ adcs lr, r0, r1
+ ldr r1, [sp, #188]
+ str lr, [sp, #88] @ 4-byte Spill
+ adcs r0, r6, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r0, [sp, #140] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r6, [sp, #140] @ 4-byte Reload
+ adc r10, r0, #0
+ ldr r0, [sp, #132] @ 4-byte Reload
+ subs r0, r12, r0
+ sbcs r1, r2, r1
+ ldr r2, [sp, #124] @ 4-byte Reload
+ sbcs r2, r3, r2
+ ldr r3, [sp, #108] @ 4-byte Reload
+ sbcs r3, r7, r3
+ ldr r7, [sp, #112] @ 4-byte Reload
+ sbcs r12, r8, r7
+ ldr r7, [sp, #116] @ 4-byte Reload
+ sbcs r8, r4, r7
+ ldr r4, [sp, #120] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #92] @ 4-byte Reload
+ sbcs r5, r11, r5
+ sbcs r11, r9, r7
+ ldr r7, [sp, #100] @ 4-byte Reload
+ sbcs r9, lr, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ sbcs lr, r6, r7
+ ldr r7, [sp, #44] @ 4-byte Reload
+ sbc r6, r10, #0
+ ldr r10, [sp, #136] @ 4-byte Reload
+ ands r6, r6, #1
+ movne r0, r7
+ str r0, [r10]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r1, [r10, #4]
+ movne r2, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r6, #0
+ str r2, [r10, #8]
+ movne r3, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r3, [r10, #12]
+ movne r12, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r12, [r10, #16]
+ movne r8, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ cmp r6, #0
+ str r8, [r10, #20]
+ movne r4, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r4, [r10, #24]
+ movne r5, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r5, [r10, #28]
+ movne r11, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ cmp r6, #0
+ str r11, [r10, #32]
+ movne r9, r0
+ ldr r0, [sp, #140] @ 4-byte Reload
+ str r9, [r10, #36]
+ movne lr, r0
+ str lr, [r10, #40]
+ add sp, sp, #676
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end164:
+ .size mcl_fp_montRed11L, .Lfunc_end164-mcl_fp_montRed11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre11L
+ .align 2
+ .type mcl_fp_addPre11L,%function
+mcl_fp_addPre11L: @ @mcl_fp_addPre11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldm r1, {r3, r12}
+ ldr r8, [r1, #8]
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7, r10}
+ ldr r4, [r2, #20]
+ ldr r11, [r2]
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ adds lr, r11, r3
+ ldr r3, [r2, #36]
+ ldr r11, [r2, #32]
+ adcs r5, r5, r12
+ add r12, r1, #16
+ adcs r6, r6, r8
+ adcs r7, r7, r9
+ add r9, r1, #32
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ ldr r2, [r2, #40]
+ str r3, [sp, #8] @ 4-byte Spill
+ str r4, [sp, #16] @ 4-byte Spill
+ str r2, [sp, #12] @ 4-byte Spill
+ ldm r9, {r4, r8, r9}
+ ldm r12, {r1, r2, r3, r12}
+ str lr, [r0]
+ stmib r0, {r5, r6}
+ str r7, [r0, #12]
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r10, r1
+ str r1, [r0, #16]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r2, r7, r2
+ str r2, [r0, #20]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r1, r1, r12
+ str r1, [r0, #28]
+ adcs r1, r11, r4
+ add r0, r0, #32
+ adcs r2, r2, r8
+ adcs r3, r3, r9
+ stm r0, {r1, r2, r3}
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end165:
+ .size mcl_fp_addPre11L, .Lfunc_end165-mcl_fp_addPre11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre11L
+ .align 2
+ .type mcl_fp_subPre11L,%function
+mcl_fp_subPre11L: @ @mcl_fp_subPre11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #20
+ sub sp, sp, #20
+ ldmib r2, {r8, r12, lr}
+ ldr r3, [r2, #16]
+ ldr r7, [r2]
+ ldr r6, [r1]
+ ldr r5, [r1, #4]
+ ldr r4, [r1, #8]
+ ldr r11, [r2, #32]
+ ldr r10, [r2, #40]
+ ldr r9, [r1, #36]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ subs r6, r6, r7
+ ldr r7, [r2, #36]
+ sbcs r5, r5, r8
+ ldr r8, [r1, #40]
+ sbcs r4, r4, r12
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r1, #12]
+ sbcs r12, r3, lr
+ add lr, r1, #16
+ ldm lr, {r1, r2, r3, lr}
+ str r6, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ ldr r4, [sp, #4] @ 4-byte Reload
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r12, [r0, #12]
+ sbcs r1, r1, r4
+ str r1, [r0, #16]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ sbcs r2, r2, r6
+ str r2, [r0, #20]
+ ldr r2, [sp] @ 4-byte Reload
+ sbcs r1, r3, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ sbcs r1, lr, r1
+ str r1, [r0, #28]
+ sbcs r1, r7, r11
+ add r0, r0, #32
+ sbcs r2, r9, r2
+ sbcs r3, r8, r10
+ stm r0, {r1, r2, r3}
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #20
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end166:
+ .size mcl_fp_subPre11L, .Lfunc_end166-mcl_fp_subPre11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_11L
+ .align 2
+ .type mcl_fp_shr1_11L,%function
+mcl_fp_shr1_11L: @ @mcl_fp_shr1_11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ ldmib r1, {r2, r3, r12, lr}
+ add r8, r1, #20
+ add r11, r1, #32
+ ldm r8, {r4, r5, r8}
+ ldr r7, [r1]
+ ldm r11, {r9, r10, r11}
+ lsrs r1, r12, #1
+ lsr r6, r2, #1
+ rrx r1, r3
+ lsrs r2, r2, #1
+ orr r6, r6, r3, lsl #31
+ lsr r3, r11, #1
+ rrx r2, r7
+ stm r0, {r2, r6}
+ str r1, [r0, #8]
+ lsr r1, r12, #1
+ lsr r2, r10, #1
+ orr r1, r1, lr, lsl #31
+ orr r2, r2, r11, lsl #31
+ str r1, [r0, #12]
+ lsrs r1, r4, #1
+ rrx r1, lr
+ str r1, [r0, #16]
+ lsr r1, r4, #1
+ orr r1, r1, r5, lsl #31
+ str r1, [r0, #20]
+ lsrs r1, r8, #1
+ rrx r1, r5
+ str r1, [r0, #24]
+ lsr r1, r8, #1
+ orr r1, r1, r9, lsl #31
+ str r1, [r0, #28]
+ lsrs r1, r10, #1
+ add r0, r0, #32
+ rrx r1, r9
+ stm r0, {r1, r2, r3}
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end167:
+ .size mcl_fp_shr1_11L, .Lfunc_end167-mcl_fp_shr1_11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add11L
+ .align 2
+ .type mcl_fp_add11L,%function
+mcl_fp_add11L: @ @mcl_fp_add11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #32
+ sub sp, sp, #32
+ ldm r1, {r12, lr}
+ ldr r5, [r2]
+ ldr r8, [r1, #8]
+ ldr r9, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ adds r5, r5, r12
+ ldr r12, [r1, #32]
+ adcs r4, r4, lr
+ str r5, [sp, #28] @ 4-byte Spill
+ ldr r5, [r1, #24]
+ ldr lr, [r1, #40]
+ adcs r6, r6, r8
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [r1, #20]
+ adcs r7, r7, r9
+ str r6, [sp, #12] @ 4-byte Spill
+ ldr r6, [r1, #16]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ adcs r9, r7, r6
+ ldr r7, [r2, #20]
+ str r9, [sp] @ 4-byte Spill
+ adcs r7, r7, r4
+ ldr r4, [r2, #24]
+ str r7, [sp, #4] @ 4-byte Spill
+ adcs r8, r4, r5
+ ldr r4, [r1, #28]
+ ldr r5, [r2, #28]
+ adcs r6, r5, r4
+ ldr r5, [r2, #32]
+ ldr r4, [r1, #36]
+ ldr r1, [r2, #36]
+ ldr r2, [r2, #40]
+ adcs r10, r5, r12
+ ldr r12, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ adcs r11, r2, lr
+ ldr r2, [sp, #28] @ 4-byte Reload
+ ldr lr, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ str r2, [r0]
+ str r12, [r0, #4]
+ str lr, [r0, #8]
+ str r4, [r0, #12]
+ str r9, [r0, #16]
+ str r7, [r0, #20]
+ str r8, [r0, #24]
+ str r6, [r0, #28]
+ str r10, [r0, #32]
+ str r1, [r0, #36]
+ mov r1, #0
+ str r11, [r0, #40]
+ mov r9, r6
+ adc r1, r1, #0
+ str r1, [sp, #16] @ 4-byte Spill
+ ldm r3, {r1, r7}
+ ldr r5, [r3, #8]
+ ldr r6, [r3, #12]
+ subs r1, r2, r1
+ ldr r2, [sp] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ sbcs r1, r12, r7
+ str r1, [sp, #24] @ 4-byte Spill
+ sbcs r1, lr, r5
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ sbcs r5, r4, r6
+ sbcs r7, r2, r1
+ ldr r1, [r3, #20]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ sbcs r4, r2, r1
+ ldr r1, [r3, #24]
+ sbcs r12, r8, r1
+ ldr r1, [r3, #28]
+ add r3, r3, #32
+ sbcs lr, r9, r1
+ ldm r3, {r1, r2, r3}
+ ldr r6, [sp, #20] @ 4-byte Reload
+ sbcs r1, r10, r1
+ sbcs r2, r6, r2
+ ldr r6, [sp, #16] @ 4-byte Reload
+ sbcs r3, r11, r3
+ sbc r6, r6, #0
+ tst r6, #1
+ bne .LBB168_2
+@ BB#1: @ %nocarry
+ ldr r6, [sp, #28] @ 4-byte Reload
+ str r6, [r0]
+ ldr r6, [sp, #24] @ 4-byte Reload
+ str r6, [r0, #4]
+ ldr r6, [sp, #12] @ 4-byte Reload
+ str r6, [r0, #8]
+ str r5, [r0, #12]
+ str r7, [r0, #16]
+ str r4, [r0, #20]
+ str r12, [r0, #24]
+ str lr, [r0, #28]
+ add r0, r0, #32
+ stm r0, {r1, r2, r3}
+.LBB168_2: @ %carry
+ add sp, sp, #32
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end168:
+ .size mcl_fp_add11L, .Lfunc_end168-mcl_fp_add11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF11L
+ .align 2
+ .type mcl_fp_addNF11L,%function
+mcl_fp_addNF11L: @ @mcl_fp_addNF11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #56
+ sub sp, sp, #56
+ ldm r1, {r5, r8, lr}
+ ldr r6, [r2]
+ ldr r12, [r1, #12]
+ ldmib r2, {r4, r7, r9}
+ ldr r11, [r1, #24]
+ adds r10, r6, r5
+ adcs r4, r4, r8
+ ldr r8, [r1, #20]
+ adcs r7, r7, lr
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ ldr lr, [r1, #36]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ adcs r6, r9, r12
+ ldr r12, [r2, #36]
+ str r6, [sp, #16] @ 4-byte Spill
+ adcs r7, r4, r7
+ ldr r4, [r2, #28]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ adcs r7, r7, r8
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ adcs r8, r7, r11
+ ldr r7, [r1, #28]
+ ldr r11, [r1, #40]
+ str r8, [sp, #20] @ 4-byte Spill
+ adcs r7, r4, r7
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ ldr r1, [r2, #32]
+ ldr r2, [r2, #40]
+ adcs r4, r1, r7
+ adcs r1, r12, lr
+ str r4, [sp, #24] @ 4-byte Spill
+ str r1, [sp, #48] @ 4-byte Spill
+ adc r9, r2, r11
+ ldmib r3, {r1, r2, lr}
+ ldr r5, [r3, #20]
+ ldr r11, [r3]
+ ldr r7, [r3, #16]
+ ldr r12, [r3, #24]
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [r3, #28]
+ subs r11, r10, r11
+ str r5, [sp, #28] @ 4-byte Spill
+ ldr r5, [sp, #32] @ 4-byte Reload
+ sbcs r1, r5, r1
+ ldr r5, [sp, #40] @ 4-byte Reload
+ sbcs r2, r5, r2
+ ldr r5, [r3, #32]
+ sbcs lr, r6, lr
+ ldr r6, [sp, #36] @ 4-byte Reload
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [r3, #36]
+ ldr r3, [r3, #40]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [sp, #44] @ 4-byte Reload
+ str r5, [sp] @ 4-byte Spill
+ ldr r5, [sp, #12] @ 4-byte Reload
+ sbcs r7, r3, r7
+ ldr r3, [sp, #52] @ 4-byte Reload
+ sbcs r3, r3, r5
+ ldr r5, [sp, #28] @ 4-byte Reload
+ sbcs r12, r8, r12
+ sbcs r8, r6, r5
+ ldr r5, [sp, #8] @ 4-byte Reload
+ sbcs r4, r4, r5
+ ldr r5, [sp] @ 4-byte Reload
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [sp, #48] @ 4-byte Reload
+ sbcs r4, r4, r5
+ ldr r5, [sp, #32] @ 4-byte Reload
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [sp, #4] @ 4-byte Reload
+ sbc r6, r9, r4
+ asr r4, r6, #31
+ cmp r4, #0
+ movlt r11, r10
+ movlt r1, r5
+ str r11, [r0]
+ str r1, [r0, #4]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ movlt r2, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ cmp r4, #0
+ str r2, [r0, #8]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ movlt lr, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str lr, [r0, #12]
+ movlt r7, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r7, [r0, #16]
+ movlt r3, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ cmp r4, #0
+ str r3, [r0, #20]
+ ldr r3, [sp, #12] @ 4-byte Reload
+ movlt r12, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r12, [r0, #24]
+ movlt r8, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r8, [r0, #28]
+ movlt r3, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ cmp r4, #0
+ movlt r6, r9
+ str r3, [r0, #32]
+ movlt r2, r1
+ str r2, [r0, #36]
+ str r6, [r0, #40]
+ add sp, sp, #56
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end169:
+ .size mcl_fp_addNF11L, .Lfunc_end169-mcl_fp_addNF11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub11L
+ .align 2
+ .type mcl_fp_sub11L,%function
+mcl_fp_sub11L: @ @mcl_fp_sub11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #48
+ sub sp, sp, #48
+ mov r10, r3
+ ldr r12, [r2]
+ ldr r9, [r2, #4]
+ ldr r8, [r2, #8]
+ ldr r3, [r2, #12]
+ ldm r1, {r4, r5, r6, r7}
+ subs r4, r4, r12
+ sbcs r5, r5, r9
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ sbcs r6, r6, r8
+ str r5, [sp, #44] @ 4-byte Spill
+ ldr r5, [r2, #20]
+ add r8, r1, #32
+ sbcs r12, r7, r3
+ str r6, [sp, #40] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ ldr r7, [r1, #16]
+ ldr r3, [sp, #36] @ 4-byte Reload
+ str r12, [sp, #24] @ 4-byte Spill
+ sbcs r11, r7, r6
+ ldr r6, [r1, #20]
+ ldr r7, [r2, #40]
+ sbcs r9, r6, r5
+ ldr r5, [r1, #24]
+ sbcs r6, r5, r4
+ ldr r4, [r2, #28]
+ ldr r5, [r1, #28]
+ str r6, [sp, #28] @ 4-byte Spill
+ sbcs lr, r5, r4
+ ldr r4, [r2, #36]
+ ldr r5, [r2, #32]
+ str lr, [sp, #20] @ 4-byte Spill
+ str r4, [sp, #32] @ 4-byte Spill
+ ldm r8, {r2, r4, r8}
+ str r3, [r0]
+ sbcs r1, r2, r5
+ ldr r2, [sp, #32] @ 4-byte Reload
+ sbcs r2, r4, r2
+ mov r4, r3
+ ldr r3, [sp, #44] @ 4-byte Reload
+ sbcs r8, r8, r7
+ mov r7, #0
+ sbc r7, r7, #0
+ tst r7, #1
+ str r3, [r0, #4]
+ ldr r3, [sp, #40] @ 4-byte Reload
+ str r3, [r0, #8]
+ add r3, r0, #32
+ str r12, [r0, #12]
+ str r11, [r0, #16]
+ str r9, [r0, #20]
+ str r6, [r0, #24]
+ str lr, [r0, #28]
+ stm r3, {r1, r2, r8}
+ beq .LBB170_2
+@ BB#1: @ %carry
+ ldr r3, [r10, #32]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r10, #36]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r10, #40]
+ str r3, [sp, #32] @ 4-byte Spill
+ ldmib r10, {r5, lr}
+ ldr r3, [r10, #20]
+ ldr r6, [sp, #44] @ 4-byte Reload
+ ldr r7, [r10, #12]
+ ldr r12, [r10, #16]
+ str r3, [sp] @ 4-byte Spill
+ ldr r3, [r10, #24]
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r10, #28]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r10]
+ adds r3, r3, r4
+ ldr r4, [sp, #40] @ 4-byte Reload
+ adcs r5, r5, r6
+ stm r0, {r3, r5}
+ ldr r3, [sp, #24] @ 4-byte Reload
+ adcs r4, lr, r4
+ str r4, [r0, #8]
+ adcs r3, r7, r3
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r3, [r0, #12]
+ adcs r3, r12, r11
+ str r3, [r0, #16]
+ ldr r3, [sp] @ 4-byte Reload
+ adcs r3, r3, r9
+ str r3, [r0, #20]
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r3, r7, r3
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r3, [r0, #24]
+ ldr r3, [sp, #20] @ 4-byte Reload
+ adcs r3, r7, r3
+ str r3, [r0, #28]
+ ldr r3, [sp, #12] @ 4-byte Reload
+ add r0, r0, #32
+ adcs r1, r3, r1
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r2, r3, r2
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adc r3, r3, r8
+ stm r0, {r1, r2, r3}
+.LBB170_2: @ %nocarry
+ add sp, sp, #48
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end170:
+ .size mcl_fp_sub11L, .Lfunc_end170-mcl_fp_sub11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF11L
+ .align 2
+ .type mcl_fp_subNF11L,%function
+mcl_fp_subNF11L: @ @mcl_fp_subNF11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ mov r12, r0
+ ldr r0, [r2, #32]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r2, #36]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r2, #40]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldm r2, {r8, r10}
+ ldr r0, [r2, #8]
+ ldr r5, [r2, #16]
+ ldr r11, [r2, #20]
+ ldr lr, [r1, #16]
+ ldr r6, [r1, #20]
+ ldr r9, [r1, #24]
+ ldr r7, [r1, #28]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r2, #12]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r2, #24]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r2, #28]
+ ldr r2, [r1, #8]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ ldm r1, {r1, r4}
+ subs r1, r1, r8
+ sbcs r8, r4, r10
+ ldr r4, [sp, #32] @ 4-byte Reload
+ str r8, [sp, #16] @ 4-byte Spill
+ sbcs r2, r2, r4
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r4, r0, r2
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r5, lr, r5
+ ldr lr, [r3, #12]
+ str r4, [sp, #20] @ 4-byte Spill
+ sbcs r11, r6, r11
+ mov r6, r1
+ str r5, [sp, #28] @ 4-byte Spill
+ str r11, [sp, #32] @ 4-byte Spill
+ sbcs r0, r9, r0
+ ldr r9, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbcs r0, r2, r0
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ sbcs r10, r2, r0
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r10, [sp, #48] @ 4-byte Spill
+ sbc r0, r7, r2
+ ldr r2, [r3, #36]
+ ldr r7, [r3, #4]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r3, #40]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r3, #16]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r3, #8]
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [r3, #20]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [r3, #24]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r3, #28]
+ ldr r3, [r3]
+ adds r1, r6, r3
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp] @ 4-byte Reload
+ ldr r3, [sp, #8] @ 4-byte Reload
+ adcs r7, r8, r7
+ adcs r2, r9, r2
+ adcs lr, r4, lr
+ adcs r4, r5, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r5, r11, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r8, r0, r3
+ ldr r3, [sp, #64] @ 4-byte Reload
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r11, r3, r0
+ ldr r3, [sp, #60] @ 4-byte Reload
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r3, r3, r0
+ str r3, [sp, #40] @ 4-byte Spill
+ ldr r3, [sp, #44] @ 4-byte Reload
+ adcs r0, r10, r3
+ ldr r3, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r10, r0, r3
+ asr r3, r0, #31
+ ldr r0, [sp, #16] @ 4-byte Reload
+ cmp r3, #0
+ movge r1, r6
+ movge r2, r9
+ str r1, [r12]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ movge r7, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ cmp r3, #0
+ str r7, [r12, #4]
+ str r2, [r12, #8]
+ ldr r2, [sp, #48] @ 4-byte Reload
+ movge lr, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str lr, [r12, #12]
+ movge r4, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ str r4, [r12, #16]
+ movge r5, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ cmp r3, #0
+ str r5, [r12, #20]
+ movge r8, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r8, [r12, #24]
+ movge r11, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ movge r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ cmp r3, #0
+ str r11, [r12, #28]
+ movge r1, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ movge r10, r2
+ add r2, r12, #32
+ stm r2, {r0, r1, r10}
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end171:
+ .size mcl_fp_subNF11L, .Lfunc_end171-mcl_fp_subNF11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add11L
+ .align 2
+ .type mcl_fpDbl_add11L,%function
+mcl_fpDbl_add11L: @ @mcl_fpDbl_add11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #120
+ sub sp, sp, #120
+ ldm r1, {r7, r12, lr}
+ ldr r8, [r1, #12]
+ ldm r2, {r4, r5, r6, r9}
+ ldr r10, [r2, #20]
+ adds r4, r4, r7
+ adcs r7, r5, r12
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [r2, #64]
+ str r7, [sp, #28] @ 4-byte Spill
+ adcs r7, r6, lr
+ add lr, r1, #16
+ str r7, [sp, #24] @ 4-byte Spill
+ adcs r7, r9, r8
+ add r8, r1, #32
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r4, [sp, #108] @ 4-byte Spill
+ ldr r4, [r2, #68]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r4, [sp, #104] @ 4-byte Spill
+ ldr r4, [r2, #72]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r4, [sp, #96] @ 4-byte Spill
+ ldr r4, [r2, #76]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r4, [sp, #116] @ 4-byte Spill
+ ldr r4, [r2, #80]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r4, [sp, #100] @ 4-byte Spill
+ ldr r4, [r2, #84]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r4, [sp, #112] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r1, #64]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r7, [sp, #16] @ 4-byte Spill
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldm r8, {r5, r6, r8}
+ ldr r2, [r1, #44]
+ ldr r11, [r1, #52]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r9, [sp, #40] @ 4-byte Reload
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r1, r4, r1
+ str r9, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #24] @ 4-byte Reload
+ ldr r4, [sp, #32] @ 4-byte Reload
+ adcs r2, r10, r2
+ add r10, r3, #32
+ str r7, [r0, #8]
+ str r4, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r1, r12
+ str r1, [r0, #24]
+ adcs r2, r2, lr
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r2, [r0, #28]
+ ldr r2, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [r0, #32]
+ adcs r2, r2, r6
+ ldr r1, [sp, #76] @ 4-byte Reload
+ str r2, [r0, #36]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r8
+ adcs r6, r2, r7
+ str r1, [r0, #40]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r6, [sp, #72] @ 4-byte Spill
+ adcs r4, r1, r2
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r4, [sp, #76] @ 4-byte Spill
+ adcs r2, r1, r11
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r2, [sp, #80] @ 4-byte Spill
+ adcs r5, r1, r7
+ ldr r1, [sp, #36] @ 4-byte Reload
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r5, [sp, #92] @ 4-byte Spill
+ adcs r8, r1, r7
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r8, [sp, #84] @ 4-byte Spill
+ adcs r1, r1, r7
+ ldr r7, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r12, r1, r7
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #56] @ 4-byte Reload
+ str r12, [sp, #96] @ 4-byte Spill
+ adcs r1, r1, r7
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #116] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #112] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ str r1, [sp, #88] @ 4-byte Spill
+ ldmib r3, {r1, r9, lr}
+ ldr r7, [r3, #16]
+ ldr r11, [r3]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r3, #20]
+ subs r11, r6, r11
+ sbcs r1, r4, r1
+ sbcs r4, r2, r9
+ sbcs r2, r5, lr
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r3, #24]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r3, #28]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldm r10, {r5, r9, r10}
+ ldr r3, [sp, #56] @ 4-byte Reload
+ ldr r6, [sp, #60] @ 4-byte Reload
+ sbcs r7, r8, r3
+ ldr r3, [sp, #108] @ 4-byte Reload
+ sbcs r8, r3, r6
+ ldr r3, [sp, #104] @ 4-byte Reload
+ ldr r6, [sp, #64] @ 4-byte Reload
+ sbcs r3, r3, r6
+ ldr r6, [sp, #68] @ 4-byte Reload
+ sbcs r12, r12, r6
+ ldr r6, [sp, #116] @ 4-byte Reload
+ sbcs lr, r6, r5
+ ldr r5, [sp, #100] @ 4-byte Reload
+ ldr r6, [sp, #112] @ 4-byte Reload
+ sbcs r9, r5, r9
+ ldr r5, [sp, #72] @ 4-byte Reload
+ sbcs r10, r6, r10
+ ldr r6, [sp, #88] @ 4-byte Reload
+ sbc r6, r6, #0
+ ands r6, r6, #1
+ movne r11, r5
+ ldr r5, [sp, #76] @ 4-byte Reload
+ str r11, [r0, #44]
+ movne r1, r5
+ str r1, [r0, #48]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ movne r4, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ cmp r6, #0
+ str r4, [r0, #52]
+ movne r2, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r2, [r0, #56]
+ movne r7, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r7, [r0, #60]
+ movne r8, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ cmp r6, #0
+ str r8, [r0, #64]
+ movne r3, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r3, [r0, #68]
+ movne r12, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r12, [r0, #72]
+ movne lr, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ cmp r6, #0
+ str lr, [r0, #76]
+ movne r9, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r9, [r0, #80]
+ movne r10, r1
+ str r10, [r0, #84]
+ add sp, sp, #120
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end172:
+ .size mcl_fpDbl_add11L, .Lfunc_end172-mcl_fpDbl_add11L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub11L
+ .align 2
+ .type mcl_fpDbl_sub11L,%function
+mcl_fpDbl_sub11L: @ @mcl_fpDbl_sub11L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #120
+ sub sp, sp, #120
+ ldr r7, [r2, #64]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #104] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2]
+ ldmib r2, {r4, r8, r10}
+ ldm r1, {r5, r6, r12, lr}
+ ldr r9, [r2, #20]
+ subs r5, r5, r7
+ ldr r7, [r2, #24]
+ sbcs r4, r6, r4
+ str r5, [sp, #16] @ 4-byte Spill
+ ldr r5, [r2, #32]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ sbcs r8, r12, r8
+ str r7, [sp, #32] @ 4-byte Spill
+ sbcs r7, lr, r10
+ add r10, r1, #32
+ add lr, r1, #16
+ str r5, [sp, #40] @ 4-byte Spill
+ str r7, [sp] @ 4-byte Spill
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r2, #16]
+ ldr r2, [r1, #64]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldm r10, {r5, r6, r10}
+ ldr r2, [r1, #44]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r1, #48]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #16] @ 4-byte Reload
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r11, [r0]
+ stmib r0, {r7, r8}
+ sbcs r1, r1, r4
+ mov r8, #0
+ ldr r4, [sp] @ 4-byte Reload
+ sbcs r2, r2, r9
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r4, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r1, r12, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r2, lr, r2
+ str r2, [r0, #28]
+ ldr r2, [sp, #68] @ 4-byte Reload
+ sbcs r1, r5, r1
+ str r1, [r0, #32]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ sbcs r2, r6, r2
+ str r2, [r0, #36]
+ ldr r2, [sp, #12] @ 4-byte Reload
+ sbcs r1, r10, r1
+ str r1, [r0, #40]
+ ldr r1, [sp, #76] @ 4-byte Reload
+ sbcs r4, r2, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ sbcs r2, r2, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r2, [sp, #68] @ 4-byte Spill
+ sbcs r9, r7, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ ldr r7, [sp, #24] @ 4-byte Reload
+ sbcs r12, r7, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r12, [sp, #80] @ 4-byte Spill
+ sbcs lr, r7, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str lr, [sp, #84] @ 4-byte Spill
+ sbcs r5, r7, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #48] @ 4-byte Reload
+ str r5, [sp, #96] @ 4-byte Spill
+ sbcs r6, r7, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ ldr r7, [sp, #52] @ 4-byte Reload
+ str r6, [sp, #100] @ 4-byte Spill
+ sbcs r11, r7, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r7, [sp, #56] @ 4-byte Reload
+ str r11, [sp, #104] @ 4-byte Spill
+ sbcs r1, r7, r1
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [sp, #108] @ 4-byte Reload
+ sbcs r10, r7, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r10, [sp, #108] @ 4-byte Spill
+ sbcs r1, r7, r1
+ ldr r7, [r3, #4]
+ str r1, [sp, #116] @ 4-byte Spill
+ sbc r1, r8, #0
+ ldr r8, [r3, #28]
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [r3, #40]
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [r3, #8]
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [r3, #12]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ ldr r3, [r3]
+ str r1, [sp, #64] @ 4-byte Spill
+ adds r1, r4, r3
+ ldr r3, [sp, #48] @ 4-byte Reload
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r7, r2, r7
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r2, r9, r2
+ adcs r3, r12, r3
+ adcs r12, lr, r4
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r4, r5, r4
+ ldr r5, [sp, #64] @ 4-byte Reload
+ adcs lr, r6, r5
+ ldr r6, [sp, #112] @ 4-byte Reload
+ ldr r5, [sp, #72] @ 4-byte Reload
+ adcs r8, r11, r8
+ adcs r11, r6, r5
+ ldr r6, [sp, #76] @ 4-byte Reload
+ ldr r5, [sp, #116] @ 4-byte Reload
+ adcs r10, r10, r6
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adc r6, r5, r6
+ str r6, [sp, #88] @ 4-byte Spill
+ ldr r6, [sp, #92] @ 4-byte Reload
+ ands r5, r6, #1
+ ldr r6, [sp, #40] @ 4-byte Reload
+ moveq r2, r9
+ moveq r1, r6
+ str r1, [r0, #44]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ moveq r7, r1
+ ldr r1, [sp, #80] @ 4-byte Reload
+ cmp r5, #0
+ str r7, [r0, #48]
+ str r2, [r0, #52]
+ ldr r2, [sp, #88] @ 4-byte Reload
+ moveq r3, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r3, [r0, #56]
+ moveq r12, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r12, [r0, #60]
+ moveq r4, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ cmp r5, #0
+ str r4, [r0, #64]
+ moveq lr, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str lr, [r0, #68]
+ moveq r8, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r8, [r0, #72]
+ moveq r11, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ cmp r5, #0
+ str r11, [r0, #76]
+ moveq r10, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r10, [r0, #80]
+ moveq r2, r1
+ str r2, [r0, #84]
+ add sp, sp, #120
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end173:
+ .size mcl_fpDbl_sub11L, .Lfunc_end173-mcl_fpDbl_sub11L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv384x32,%function
+.LmulPv384x32: @ @mulPv384x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r3, [r1, #36]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #36]
+ ldr r3, [r1, #40]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #40]
+ ldr r1, [r1, #44]
+ umull r3, r7, r1, r2
+ adcs r1, r6, r3
+ str r1, [r0, #44]
+ adc r1, r7, #0
+ str r1, [r0, #48]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end174:
+ .size .LmulPv384x32, .Lfunc_end174-.LmulPv384x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre12L
+ .align 2
+ .type mcl_fp_mulUnitPre12L,%function
+mcl_fp_mulUnitPre12L: @ @mcl_fp_mulUnitPre12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ mov r4, r0
+ mov r0, sp
+ bl .LmulPv384x32(PLT)
+ ldr r12, [sp, #48]
+ ldr lr, [sp, #44]
+ ldr r8, [sp, #40]
+ ldr r9, [sp, #36]
+ ldr r10, [sp, #32]
+ ldr r11, [sp, #28]
+ ldr r5, [sp, #24]
+ ldr r6, [sp, #20]
+ ldm sp, {r2, r3}
+ add r7, sp, #8
+ ldm r7, {r0, r1, r7}
+ stm r4, {r2, r3}
+ add r2, r4, #8
+ stm r2, {r0, r1, r7}
+ str r6, [r4, #20]
+ str r5, [r4, #24]
+ str r11, [r4, #28]
+ str r10, [r4, #32]
+ str r9, [r4, #36]
+ str r8, [r4, #40]
+ str lr, [r4, #44]
+ str r12, [r4, #48]
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end175:
+ .size mcl_fp_mulUnitPre12L, .Lfunc_end175-mcl_fp_mulUnitPre12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre12L
+ .align 2
+ .type mcl_fpDbl_mulPre12L,%function
+mcl_fpDbl_mulPre12L: @ @mcl_fpDbl_mulPre12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #196
+ sub sp, sp, #196
+ mov r6, r2
+ mov r5, r1
+ mov r4, r0
+ bl mcl_fpDbl_mulPre6L(PLT)
+ add r0, r4, #48
+ add r1, r5, #24
+ add r2, r6, #24
+ bl mcl_fpDbl_mulPre6L(PLT)
+ add lr, r6, #24
+ ldr r8, [r6, #40]
+ ldr r9, [r6, #44]
+ ldr r2, [r6, #16]
+ ldr r3, [r6, #20]
+ ldm lr, {r0, r1, r12, lr}
+ ldm r6, {r6, r7, r10, r11}
+ adds r0, r6, r0
+ adcs r1, r7, r1
+ str r0, [sp, #80] @ 4-byte Spill
+ adcs r12, r10, r12
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r10, [r5, #36]
+ adcs r0, r11, lr
+ add lr, r5, #8
+ str r12, [sp, #68] @ 4-byte Spill
+ str r0, [sp, #92] @ 4-byte Spill
+ adcs r0, r2, r8
+ str r0, [sp, #88] @ 4-byte Spill
+ adcs r0, r3, r9
+ ldr r9, [r5, #32]
+ str r0, [sp, #84] @ 4-byte Spill
+ mov r0, #0
+ adc r6, r0, #0
+ ldr r0, [r5, #40]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r5, #44]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldm lr, {r3, r11, lr}
+ ldr r8, [r5, #20]
+ ldr r0, [r5, #24]
+ ldr r2, [r5, #28]
+ ldm r5, {r5, r7}
+ adds r0, r5, r0
+ ldr r5, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ str r0, [sp, #124]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r7, r7, r2
+ add r2, sp, #100
+ adcs r9, r3, r9
+ str r7, [sp, #128]
+ adcs r11, r11, r10
+ str r9, [sp, #132]
+ str r5, [sp, #100]
+ str r1, [sp, #104]
+ str r12, [sp, #108]
+ add r1, sp, #124
+ str r11, [sp, #136]
+ adcs r10, lr, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r10, [sp, #140]
+ adcs r8, r8, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r8, [sp, #144]
+ str r0, [sp, #112]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #116]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #120]
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ add r0, sp, #148
+ bl mcl_fpDbl_mulPre6L(PLT)
+ cmp r6, #0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r3, [sp, #92] @ 4-byte Reload
+ moveq r8, r6
+ moveq r10, r6
+ moveq r11, r6
+ moveq r9, r6
+ moveq r7, r6
+ cmp r6, #0
+ moveq r0, r6
+ adds r2, r0, r5
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r1, r7, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r12, r9, r0
+ adcs r3, r11, r3
+ adcs lr, r10, r5
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r0, r8, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ mov r0, #0
+ adc r5, r0, #0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ cmp r0, #0
+ and r6, r6, r0
+ moveq r1, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ moveq r12, r9
+ ldr r9, [sp, #92] @ 4-byte Reload
+ moveq lr, r10
+ moveq r3, r11
+ moveq r2, r7
+ ldr r7, [sp, #172]
+ cmp r0, #0
+ moveq r9, r8
+ moveq r5, r0
+ adds r8, r2, r7
+ ldr r7, [sp, #176]
+ adcs r10, r1, r7
+ ldr r7, [sp, #180]
+ adcs r0, r12, r7
+ ldr r7, [sp, #184]
+ str r0, [sp, #96] @ 4-byte Spill
+ adcs r0, r3, r7
+ ldr r7, [sp, #188]
+ str r0, [sp, #92] @ 4-byte Spill
+ adcs r0, lr, r7
+ ldr r7, [sp, #192]
+ str r0, [sp, #84] @ 4-byte Spill
+ adcs r0, r9, r7
+ ldr r7, [r4]
+ str r0, [sp, #80] @ 4-byte Spill
+ adc r0, r5, r6
+ str r0, [sp, #76] @ 4-byte Spill
+ ldmib r4, {r6, r9, lr}
+ ldr r0, [sp, #148]
+ ldr r5, [sp, #152]
+ ldr r1, [sp, #156]
+ ldr r2, [sp, #160]
+ ldr r11, [r4, #24]
+ subs r3, r0, r7
+ ldr r0, [r4, #16]
+ sbcs r12, r5, r6
+ ldr r5, [r4, #68]
+ sbcs r6, r1, r9
+ ldr r1, [sp, #164]
+ ldr r9, [r4, #32]
+ sbcs r2, r2, lr
+ ldr lr, [r4, #72]
+ str r5, [sp, #56] @ 4-byte Spill
+ sbcs r7, r1, r0
+ ldr r0, [r4, #20]
+ ldr r1, [sp, #168]
+ sbcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ sbcs r0, r8, r11
+ ldr r8, [r4, #28]
+ str r0, [sp, #60] @ 4-byte Spill
+ sbcs r0, r10, r8
+ ldr r10, [r4, #52]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ sbcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r4, #36]
+ str r0, [sp, #96] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r4, #40]
+ str r0, [sp, #88] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r4, #44]
+ str r0, [sp, #92] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [r4, #92]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ sbc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r4, #48]
+ str r0, [sp, #80] @ 4-byte Spill
+ subs r0, r3, r0
+ ldr r3, [r4, #80]
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, r12, r10
+ ldr r12, [r4, #76]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r4, #56]
+ str r0, [sp, #76] @ 4-byte Spill
+ sbcs r0, r6, r0
+ ldr r6, [r4, #64]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r4, #60]
+ str r6, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #72] @ 4-byte Spill
+ sbcs r0, r2, r0
+ ldr r2, [r4, #84]
+ sbcs r7, r7, r6
+ ldr r6, [sp, #64] @ 4-byte Reload
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r4, #88]
+ str r2, [sp, #68] @ 4-byte Spill
+ sbcs r6, r6, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ sbcs r5, r5, lr
+ str r5, [sp] @ 4-byte Spill
+ ldr r5, [sp, #52] @ 4-byte Reload
+ sbcs r5, r5, r12
+ str r5, [sp, #4] @ 4-byte Spill
+ ldr r5, [sp, #48] @ 4-byte Reload
+ sbcs r5, r5, r3
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [sp, #40] @ 4-byte Reload
+ sbcs r2, r5, r2
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r2, r2, r0
+ str r2, [sp, #52] @ 4-byte Spill
+ mov r2, r0
+ ldr r0, [sp, #32] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adds r11, r11, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ str r11, [r4, #24]
+ adcs r8, r8, r0
+ ldr r0, [sp, #16] @ 4-byte Reload
+ str r8, [r4, #28]
+ adcs r9, r9, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r9, [r4, #32]
+ adcs r5, r0, r1
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r1, [sp] @ 4-byte Reload
+ str r5, [r4, #36]
+ ldr r5, [sp, #8] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r7, [r4, #40]
+ adcs r6, r0, r6
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r6, [r4, #44]
+ adcs r0, r0, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r0, [r4, #48]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r1, r10, r1
+ adcs r0, r0, r5
+ str r1, [r4, #52]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ ldr r5, [sp, #48] @ 4-byte Reload
+ str r0, [r4, #56]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #52] @ 4-byte Reload
+ str r1, [r4, #60]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [r4, #64]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [r4, #68]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [r4, #72]
+ adcs r0, r12, #0
+ str r0, [r4, #76]
+ adcs r0, r3, #0
+ str r0, [r4, #80]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [r4, #84]
+ adcs r0, r2, #0
+ adc r1, r1, #0
+ str r0, [r4, #88]
+ str r1, [r4, #92]
+ add sp, sp, #196
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end176:
+ .size mcl_fpDbl_mulPre12L, .Lfunc_end176-mcl_fpDbl_mulPre12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre12L
+ .align 2
+ .type mcl_fpDbl_sqrPre12L,%function
+mcl_fpDbl_sqrPre12L: @ @mcl_fpDbl_sqrPre12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #204
+ sub sp, sp, #204
+ mov r5, r1
+ mov r4, r0
+ mov r2, r5
+ bl mcl_fpDbl_mulPre6L(PLT)
+ add r1, r5, #24
+ add r0, r4, #48
+ mov r2, r1
+ bl mcl_fpDbl_mulPre6L(PLT)
+ ldr r10, [r5, #32]
+ ldr r9, [r5, #36]
+ ldr lr, [r5, #40]
+ ldr r12, [r5, #44]
+ ldr r3, [r5, #8]
+ ldr r2, [r5, #12]
+ ldr r1, [r5, #16]
+ ldr r11, [r5, #20]
+ ldr r6, [r5, #24]
+ ldr r0, [r5, #28]
+ ldm r5, {r5, r7}
+ adds r8, r5, r6
+ adcs r6, r7, r0
+ mov r0, #0
+ str r8, [sp, #132]
+ str r8, [sp, #108]
+ adcs r10, r3, r10
+ str r6, [sp, #136]
+ str r6, [sp, #112]
+ adcs r5, r2, r9
+ add r2, sp, #108
+ str r10, [sp, #140]
+ str r10, [sp, #116]
+ adcs r9, r1, lr
+ add r1, sp, #132
+ str r5, [sp, #144]
+ str r5, [sp, #120]
+ adcs r7, r11, r12
+ str r9, [sp, #148]
+ str r9, [sp, #124]
+ adc r11, r0, #0
+ add r0, sp, #156
+ str r7, [sp, #152]
+ str r7, [sp, #128]
+ bl mcl_fpDbl_mulPre6L(PLT)
+ adds r0, r9, r9
+ ldr lr, [sp, #192]
+ ldr r12, [sp, #196]
+ ldr r9, [sp, #200]
+ orr r0, r0, r5, lsr #31
+ str r0, [sp, #104] @ 4-byte Spill
+ adc r0, r7, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ adds r0, r10, r10
+ ldr r10, [sp, #180]
+ adc r1, r5, r5
+ orr r0, r0, r6, lsr #31
+ str r1, [sp, #92] @ 4-byte Spill
+ adds r1, r8, r8
+ ldr r8, [sp, #184]
+ adc r5, r6, r6
+ ldr r6, [sp, #188]
+ adds r1, r10, r1
+ str r1, [sp, #96] @ 4-byte Spill
+ adcs r3, r8, r5
+ ldr r5, [sp, #100] @ 4-byte Reload
+ adcs r2, r6, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r1, lr, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r12, r0
+ adcs r5, r9, r5
+ adc r7, r11, r7, lsr #31
+ cmp r11, #0
+ moveq r3, r8
+ moveq r2, r6
+ moveq r5, r9
+ moveq r0, r12
+ moveq r1, lr
+ cmp r11, #0
+ ldr r6, [sp, #96] @ 4-byte Reload
+ mov r8, r3
+ add r3, sp, #156
+ str r0, [sp, #104] @ 4-byte Spill
+ str r1, [sp, #100] @ 4-byte Spill
+ str r2, [sp, #88] @ 4-byte Spill
+ mov r9, r5
+ ldm r4, {r12, lr}
+ moveq r7, r11
+ ldr r11, [r4, #8]
+ ldr r5, [r4, #12]
+ moveq r6, r10
+ ldm r3, {r0, r1, r2, r3}
+ ldr r10, [r4, #64]
+ subs r12, r0, r12
+ ldr r0, [r4, #16]
+ sbcs lr, r1, lr
+ ldr r1, [sp, #172]
+ sbcs r2, r2, r11
+ ldr r11, [r4, #48]
+ sbcs r3, r3, r5
+ ldr r5, [r4, #68]
+ sbcs r0, r1, r0
+ ldr r1, [sp, #176]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r4, #20]
+ str r5, [sp, #60] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r4, #24]
+ str r0, [sp, #96] @ 4-byte Spill
+ sbcs r0, r6, r0
+ ldr r6, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r4, #28]
+ str r0, [sp, #72] @ 4-byte Spill
+ sbcs r0, r8, r0
+ ldr r8, [r4, #56]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r4, #32]
+ str r0, [sp, #92] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r4, #36]
+ str r0, [sp, #88] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [r4, #40]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ sbcs r0, r0, r1
+ ldr r1, [r4, #92]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r4, #44]
+ str r1, [sp, #84] @ 4-byte Spill
+ str r0, [sp, #104] @ 4-byte Spill
+ sbcs r0, r9, r0
+ ldr r9, [r4, #60]
+ str r0, [sp, #40] @ 4-byte Spill
+ sbc r0, r7, #0
+ ldr r7, [r4, #52]
+ str r0, [sp, #36] @ 4-byte Spill
+ subs r0, r12, r11
+ ldr r12, [r4, #76]
+ str r0, [sp, #32] @ 4-byte Spill
+ sbcs r0, lr, r7
+ ldr lr, [r4, #72]
+ str r0, [sp, #28] @ 4-byte Spill
+ sbcs r0, r2, r8
+ ldr r2, [r4, #84]
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, r3, r9
+ ldr r3, [r4, #80]
+ sbcs r6, r6, r10
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r4, #88]
+ str r6, [sp, #4] @ 4-byte Spill
+ ldr r6, [sp, #68] @ 4-byte Reload
+ str r2, [sp, #80] @ 4-byte Spill
+ sbcs r5, r6, r5
+ str r5, [sp, #8] @ 4-byte Spill
+ ldr r5, [sp, #64] @ 4-byte Reload
+ sbcs r5, r5, lr
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [sp, #56] @ 4-byte Reload
+ sbcs r5, r5, r12
+ str r5, [sp, #16] @ 4-byte Spill
+ ldr r5, [sp, #52] @ 4-byte Reload
+ sbcs r5, r5, r3
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [sp, #48] @ 4-byte Reload
+ sbcs r2, r5, r2
+ ldr r5, [sp, #28] @ 4-byte Reload
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [sp, #44] @ 4-byte Reload
+ sbcs r2, r2, r0
+ str r2, [sp, #64] @ 4-byte Spill
+ mov r2, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adds r0, r0, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r0, [r4, #24]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r6, r1, r5
+ ldr r1, [sp, #24] @ 4-byte Reload
+ ldr r5, [sp, #20] @ 4-byte Reload
+ str r6, [r4, #28]
+ adcs r0, r0, r1
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [r4, #32]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r6, r1, r5
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r5, [sp, #8] @ 4-byte Reload
+ str r6, [r4, #36]
+ adcs r0, r0, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r0, [r4, #40]
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r5, r1, r5
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r5, [r4, #44]
+ str r0, [r4, #48]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r1, r7, r1
+ str r1, [r4, #52]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [r4, #56]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r1, r9, r1
+ str r1, [r4, #60]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [r4, #64]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [r4, #68]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [r4, #72]
+ adcs r0, r12, #0
+ str r0, [r4, #76]
+ adcs r0, r3, #0
+ str r0, [r4, #80]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [r4, #84]
+ adcs r0, r2, #0
+ adc r1, r1, #0
+ str r0, [r4, #88]
+ str r1, [r4, #92]
+ add sp, sp, #204
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end177:
+ .size mcl_fpDbl_sqrPre12L, .Lfunc_end177-mcl_fpDbl_sqrPre12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont12L
+ .align 2
+ .type mcl_fp_mont12L,%function
+mcl_fp_mont12L: @ @mcl_fp_mont12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #428
+ sub sp, sp, #428
+ .pad #1024
+ sub sp, sp, #1024
+ str r2, [sp, #92] @ 4-byte Spill
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, sp, #1392
+ str r3, [sp, #100] @ 4-byte Spill
+ str r1, [sp, #96] @ 4-byte Spill
+ mov r4, r3
+ str r5, [sp, #88] @ 4-byte Spill
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1396]
+ ldr r6, [sp, #1392]
+ add r11, sp, #1024
+ mov r1, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1400]
+ mul r2, r6, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1404]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1440]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1436]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1432]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1428]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1424]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1420]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1416]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1412]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1408]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, r11, #312
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1384]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r5, [sp, #1360]
+ ldr r8, [sp, #1356]
+ ldr r7, [sp, #1352]
+ ldr r10, [sp, #1336]
+ ldr r9, [sp, #1340]
+ ldr r4, [sp, #1344]
+ ldr r11, [sp, #1348]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1380]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1376]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1372]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1368]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1364]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, sp, #1280
+ bl .LmulPv384x32(PLT)
+ adds r0, r10, r6
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ ldr r3, [sp, #1296]
+ ldr r12, [sp, #1300]
+ ldr lr, [sp, #1304]
+ ldr r6, [sp, #1312]
+ ldr r10, [sp, #1328]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #1324]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1280]
+ adcs r1, r11, r1
+ ldr r11, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r7, r1
+ ldr r7, [sp, #1316]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r8, r1
+ ldr r8, [sp, #1320]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r5, r1
+ ldr r5, [sp, #1308]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #1292]
+ adc r0, r0, #0
+ adds r11, r11, r4
+ ldr r4, [sp, #56] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #1288]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1284]
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r7, #200
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1272]
+ add r9, sp, #1232
+ ldr r5, [sp, #1248]
+ ldr r8, [sp, #1244]
+ ldr r10, [sp, #1224]
+ ldr r11, [sp, #1228]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1268]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1256]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1252]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #1168
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #1168
+ ldr r10, [sp, #1212]
+ ldr r4, [sp, #1192]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #1216]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1200]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1208]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1204]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1196]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ add r5, sp, #1024
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, r5, #88
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1160]
+ add r10, sp, #1120
+ ldr r6, [sp, #1136]
+ ldr r9, [sp, #1132]
+ ldr r11, [sp, #1112]
+ ldr r7, [sp, #1116]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1156]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1152]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1144]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1140]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #1056
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1068]
+ ldr r3, [sp, #1072]
+ ldr r12, [sp, #1076]
+ ldr lr, [sp, #1080]
+ ldr r8, [sp, #1096]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1092]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r11, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1056]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1084]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1104]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1100]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1088]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1064]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r11, r11, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1060]
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1000
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1048]
+ add r9, sp, #1008
+ ldr r5, [sp, #1024]
+ ldr r8, [sp, #1020]
+ ldr r10, [sp, #1000]
+ ldr r11, [sp, #1004]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #944
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #944
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #968
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #888
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #936]
+ add r10, sp, #896
+ ldr r6, [sp, #912]
+ ldr r9, [sp, #908]
+ ldr r11, [sp, #888]
+ ldr r7, [sp, #892]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #916]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #832
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #836
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #860
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #832]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #84] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #776
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #824]
+ add r9, sp, #784
+ ldr r5, [sp, #800]
+ ldr r8, [sp, #796]
+ ldr r10, [sp, #776]
+ ldr r11, [sp, #780]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #720
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #720
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #744
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #664
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #712]
+ add r10, sp, #672
+ ldr r6, [sp, #688]
+ ldr r9, [sp, #684]
+ ldr r11, [sp, #664]
+ ldr r7, [sp, #668]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #608
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #612
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #636
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #608]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #84] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #552
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #600]
+ add r9, sp, #560
+ ldr r5, [sp, #576]
+ ldr r8, [sp, #572]
+ ldr r10, [sp, #552]
+ ldr r11, [sp, #556]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #496
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #496
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #520
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #440
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #488]
+ add r10, sp, #448
+ ldr r6, [sp, #464]
+ ldr r9, [sp, #460]
+ ldr r11, [sp, #440]
+ ldr r7, [sp, #444]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #484]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #384
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #388
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #412
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #384]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #84] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ mul r2, r11, r6
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #328
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #376]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r5, [sp, #348]
+ ldr r9, [sp, #344]
+ ldr r10, [sp, #328]
+ ldr r11, [sp, #332]
+ ldr r8, [sp, #336]
+ ldr r7, [sp, #340]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #364]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #360]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #356]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #272
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r2, [sp, #4] @ 4-byte Reload
+ add r12, sp, #288
+ ldr lr, [sp, #276]
+ ldr r4, [sp, #284]
+ ldr r10, [sp, #312]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r1, r0, r11
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #316]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #320]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #280]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #272]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ adds r0, r1, r2
+ mul r11, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r6, [sp, #308]
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r7, [sp, #80] @ 4-byte Reload
+ adcs r7, r7, lr
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r7, r7, r5
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r7, r7, r4
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ mov r2, r11
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #216
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #264]
+ add r10, sp, #220
+ ldr r6, [sp, #244]
+ ldr r7, [sp, #240]
+ ldr r8, [sp, #236]
+ ldr r9, [sp, #232]
+ ldr r11, [sp, #216]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #260]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #256]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #252]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #248]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #160
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #160
+ add r12, sp, #176
+ adds r0, r0, r11
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r11, r0, r5
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #196
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldm lr, {r2, r7, lr}
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r6, [sp, #172]
+ adds r4, r4, r2
+ mul r1, r4, r0
+ adcs r7, r11, r7
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm r10, {r5, r8, r9, r10}
+ ldm r12, {r0, r1, r2, r3, r12}
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r11, r7, lr
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r7, r7, r6
+ ldr r6, [sp, #100] @ 4-byte Reload
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r7, r0, r5
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r10, r0, r10
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #104
+ bl .LmulPv384x32(PLT)
+ add r5, sp, #104
+ mov r3, r6
+ ldm r5, {r0, r1, r2, r5}
+ adds r0, r4, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs lr, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r4, r11, r2
+ str lr, [sp, #44] @ 4-byte Spill
+ str r4, [sp, #48] @ 4-byte Spill
+ adcs r2, r0, r5
+ ldr r0, [sp, #120]
+ str r2, [sp, #52] @ 4-byte Spill
+ adcs r5, r1, r0
+ ldr r0, [sp, #124]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r5, [sp, #56] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #128]
+ adcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #132]
+ adcs r12, r1, r0
+ ldr r0, [sp, #136]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r12, [sp, #60] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #140]
+ adcs r0, r7, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r0, r8, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #148]
+ adcs r0, r1, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adcs r0, r10, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldmib r3, {r0, r1, r7, r10}
+ ldr r11, [r3]
+ ldr r6, [r3, #24]
+ ldr r9, [r3, #20]
+ ldr r8, [r3, #36]
+ subs r11, lr, r11
+ str r6, [sp, #36] @ 4-byte Spill
+ ldr r6, [r3, #28]
+ ldr lr, [r3, #44]
+ sbcs r0, r4, r0
+ ldr r4, [sp, #72] @ 4-byte Reload
+ sbcs r1, r2, r1
+ sbcs r2, r5, r7
+ ldr r7, [r3, #32]
+ ldr r5, [r3, #40]
+ ldr r3, [sp, #80] @ 4-byte Reload
+ str r6, [sp, #40] @ 4-byte Spill
+ sbcs r10, r3, r10
+ ldr r3, [sp, #84] @ 4-byte Reload
+ sbcs r6, r3, r9
+ ldr r3, [sp, #36] @ 4-byte Reload
+ ldr r9, [sp, #40] @ 4-byte Reload
+ sbcs r3, r12, r3
+ ldr r12, [sp, #88] @ 4-byte Reload
+ sbcs r12, r12, r9
+ sbcs r7, r4, r7
+ ldr r4, [sp, #76] @ 4-byte Reload
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [sp, #48] @ 4-byte Reload
+ sbcs r9, r4, r8
+ ldr r4, [sp, #96] @ 4-byte Reload
+ sbcs r8, r4, r5
+ ldr r4, [sp, #92] @ 4-byte Reload
+ ldr r5, [sp, #44] @ 4-byte Reload
+ sbcs lr, r4, lr
+ ldr r4, [sp, #64] @ 4-byte Reload
+ sbc r4, r4, #0
+ ands r4, r4, #1
+ movne r11, r5
+ ldr r5, [sp, #68] @ 4-byte Reload
+ movne r0, r7
+ str r11, [r5]
+ str r0, [r5, #4]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ cmp r4, #0
+ str r1, [r5, #8]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ movne r2, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r2, [r5, #12]
+ movne r10, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r10, [r5, #16]
+ movne r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r4, #0
+ str r6, [r5, #20]
+ movne r3, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r3, [r5, #24]
+ movne r12, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r12, [r5, #28]
+ movne r1, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ cmp r4, #0
+ str r1, [r5, #32]
+ movne r9, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r9, [r5, #36]
+ movne r8, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r8, [r5, #40]
+ movne lr, r0
+ str lr, [r5, #44]
+ add sp, sp, #428
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end178:
+ .size mcl_fp_mont12L, .Lfunc_end178-mcl_fp_mont12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF12L
+ .align 2
+ .type mcl_fp_montNF12L,%function
+mcl_fp_montNF12L: @ @mcl_fp_montNF12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #428
+ sub sp, sp, #428
+ .pad #1024
+ sub sp, sp, #1024
+ add r12, sp, #92
+ mov r4, r3
+ mov r7, r1
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, sp, #1392
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r5, [sp, #88] @ 4-byte Spill
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1396]
+ ldr r8, [sp, #1392]
+ add r10, sp, #1024
+ mov r1, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1400]
+ mul r2, r8, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1404]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1440]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1436]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1432]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1428]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1424]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1420]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1416]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1412]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1408]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, r10, #312
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1384]
+ add r11, sp, #1344
+ ldr r9, [sp, #1356]
+ ldr r4, [sp, #1336]
+ ldr r6, [sp, #1340]
+ mov r1, r7
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1380]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1376]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1372]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1368]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1364]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1360]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r10, r11}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, sp, #1280
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r8
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #1280
+ ldr r7, [sp, #1316]
+ ldr r4, [sp, #1304]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r8, r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r6, [sp, #1312]
+ adcs r0, r5, r0
+ ldr r5, [sp, #1308]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #1324]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #1328]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #1320]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adc r0, r1, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r8, r8, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ add r5, sp, #1024
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, r5, #200
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1272]
+ add r10, sp, #1232
+ ldr r6, [sp, #1248]
+ ldr r9, [sp, #1244]
+ ldr r11, [sp, #1224]
+ ldr r7, [sp, #1228]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1268]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1256]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1252]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #1168
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1180]
+ ldr r3, [sp, #1184]
+ ldr r12, [sp, #1188]
+ ldr lr, [sp, #1192]
+ ldr r8, [sp, #1208]
+ ldr r11, [sp, #1216]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1204]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1168]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1196]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1212]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1200]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r10, r10, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #1176]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1172]
+ adcs r0, r4, r0
+ mov r4, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, r7, #88
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1160]
+ add r9, sp, #1120
+ ldr r5, [sp, #1136]
+ ldr r8, [sp, #1132]
+ ldr r10, [sp, #1112]
+ ldr r11, [sp, #1116]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1156]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1152]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1144]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1140]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #1056
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #1056
+ ldr r10, [sp, #1100]
+ ldr r4, [sp, #1080]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #1104]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1088]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1096]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1092]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1084]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #1000
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #1048]
+ add r10, sp, #1008
+ ldr r6, [sp, #1024]
+ ldr r9, [sp, #1020]
+ ldr r11, [sp, #1000]
+ ldr r7, [sp, #1004]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #944
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #972
+ add lr, sp, #948
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r5, r6, r7, r8, r9, r11}
+ ldr r4, [sp, #944]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r10, [sp, #84] @ 4-byte Reload
+ adds r10, r10, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, sp, #888
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #936]
+ add r9, sp, #896
+ ldr r5, [sp, #912]
+ ldr r8, [sp, #908]
+ ldr r10, [sp, #888]
+ ldr r11, [sp, #892]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #916]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #832
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #832
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #856
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #776
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #824]
+ add r10, sp, #784
+ ldr r6, [sp, #800]
+ ldr r9, [sp, #796]
+ ldr r11, [sp, #776]
+ ldr r7, [sp, #780]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #720
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #748
+ add lr, sp, #724
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r5, r6, r7, r8, r9, r11}
+ ldr r4, [sp, #720]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r10, [sp, #84] @ 4-byte Reload
+ adds r10, r10, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, sp, #664
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #712]
+ add r9, sp, #672
+ ldr r5, [sp, #688]
+ ldr r8, [sp, #684]
+ ldr r10, [sp, #664]
+ ldr r11, [sp, #668]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #608
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #608
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #632
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #552
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #600]
+ add r10, sp, #560
+ ldr r6, [sp, #576]
+ ldr r9, [sp, #572]
+ ldr r11, [sp, #552]
+ ldr r7, [sp, #556]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r10}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #496
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #524
+ add lr, sp, #500
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r5, r6, r7, r8, r9, r11}
+ ldr r4, [sp, #496]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r10, [sp, #84] @ 4-byte Reload
+ adds r10, r10, r4
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r10
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, sp, #440
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #488]
+ add r9, sp, #448
+ ldr r5, [sp, #464]
+ ldr r8, [sp, #460]
+ ldr r10, [sp, #440]
+ ldr r11, [sp, #444]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #484]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r9}
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #384
+ bl .LmulPv384x32(PLT)
+ adds r0, r4, r10
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #384
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #408
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mul r2, r7, r4
+ adcs r0, r0, r5
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r11, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #328
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #376]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r6, [sp, #348]
+ ldr r10, [sp, #344]
+ ldr r11, [sp, #328]
+ ldr r7, [sp, #332]
+ ldr r9, [sp, #336]
+ ldr r5, [sp, #340]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #364]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #360]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #356]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #272
+ bl .LmulPv384x32(PLT)
+ adds r0, r8, r11
+ ldr r1, [sp, #80] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ ldr lr, [sp, #276]
+ add r12, sp, #288
+ ldr r8, [sp, #316]
+ ldr r11, [sp, #312]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r7
+ adcs r7, r1, r9
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r9, [sp, #320]
+ adcs r1, r1, r5
+ ldr r5, [sp, #280]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r10
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #284]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #272]
+ str r1, [sp, #36] @ 4-byte Spill
+ adds r0, r0, r2
+ adcs r7, r7, lr
+ mul r10, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r4, [sp, #308]
+ ldm r12, {r0, r1, r2, r3, r12}
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r7, r7, r5
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r7, r7, r6
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ mov r2, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ adc r0, r9, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #216
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #264]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r5, [sp, #244]
+ ldr r6, [sp, #240]
+ ldr r8, [sp, #236]
+ ldr r9, [sp, #232]
+ ldr r10, [sp, #216]
+ ldr r7, [sp, #220]
+ ldr r4, [sp, #224]
+ ldr r11, [sp, #228]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #260]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #256]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #252]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #248]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #160
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add r12, sp, #176
+ ldr lr, [sp, #164]
+ adds r0, r0, r10
+ add r10, sp, #200
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #172]
+ adcs r1, r1, r4
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #168]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #160]
+ str r1, [sp, #48] @ 4-byte Spill
+ adds r4, r0, r2
+ ldr r0, [sp, #88] @ 4-byte Reload
+ mul r1, r4, r0
+ str r1, [sp, #44] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldr r11, [sp, #196]
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r5, [sp, #96] @ 4-byte Reload
+ adcs r5, r5, lr
+ str r5, [sp, #36] @ 4-byte Spill
+ ldr r5, [sp, #92] @ 4-byte Reload
+ adcs r6, r5, r6
+ ldr r5, [sp, #100] @ 4-byte Reload
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [sp, #84] @ 4-byte Reload
+ adcs r7, r6, r7
+ ldr r6, [sp, #80] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r11, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r9, r0, r9
+ adc r0, r10, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ add r0, sp, #104
+ bl .LmulPv384x32(PLT)
+ add r6, sp, #104
+ ldm r6, {r0, r1, r2, r6}
+ adds r0, r4, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs lr, r0, r1
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r10, r0, r2
+ ldr r0, [sp, #120]
+ mov r2, r5
+ adcs r3, r7, r6
+ str r10, [sp, #52] @ 4-byte Spill
+ str r3, [sp, #56] @ 4-byte Spill
+ adcs r6, r1, r0
+ ldr r0, [sp, #124]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ str r6, [sp, #60] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #128]
+ adcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #132]
+ adcs r12, r1, r0
+ ldr r0, [sp, #136]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r12, [sp, #64] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #140]
+ adcs r0, r11, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r0, r8, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #148]
+ adcs r0, r9, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adc r0, r1, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldmib r2, {r0, r1, r7, r9}
+ ldr r4, [r2, #24]
+ ldr r8, [r2]
+ ldr r5, [r2, #20]
+ str r4, [sp, #44] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ subs r8, lr, r8
+ sbcs r0, r10, r0
+ sbcs r1, r3, r1
+ sbcs r7, r6, r7
+ str r4, [sp, #48] @ 4-byte Spill
+ mov r4, r2
+ ldr r2, [r4, #44]
+ ldr r10, [r4, #32]
+ ldr r6, [r4, #36]
+ ldr r11, [r4, #40]
+ ldr r4, [sp, #48] @ 4-byte Reload
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [sp, #76] @ 4-byte Reload
+ sbcs r9, r2, r9
+ ldr r2, [sp, #80] @ 4-byte Reload
+ sbcs r5, r2, r5
+ ldr r2, [sp, #44] @ 4-byte Reload
+ sbcs r3, r12, r2
+ ldr r2, [sp, #84] @ 4-byte Reload
+ sbcs r12, r2, r4
+ ldr r2, [sp, #88] @ 4-byte Reload
+ ldr r4, [sp, #40] @ 4-byte Reload
+ sbcs r10, r2, r10
+ ldr r2, [sp, #72] @ 4-byte Reload
+ sbcs r2, r2, r6
+ ldr r6, [sp, #52] @ 4-byte Reload
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [sp, #96] @ 4-byte Reload
+ sbcs r2, r2, r11
+ ldr r11, [sp, #68] @ 4-byte Reload
+ str r2, [sp, #100] @ 4-byte Spill
+ ldr r2, [sp, #92] @ 4-byte Reload
+ sbc r2, r2, r4
+ asr r4, r2, #31
+ cmp r4, #0
+ movlt r8, lr
+ movlt r0, r6
+ str r8, [r11]
+ str r0, [r11, #4]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ movlt r1, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r4, #0
+ str r1, [r11, #8]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ movlt r7, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r7, [r11, #12]
+ movlt r9, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r9, [r11, #16]
+ movlt r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ cmp r4, #0
+ str r5, [r11, #20]
+ movlt r3, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r3, [r11, #24]
+ ldr r3, [sp, #48] @ 4-byte Reload
+ movlt r12, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r12, [r11, #28]
+ movlt r10, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ cmp r4, #0
+ str r10, [r11, #32]
+ movlt r3, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r3, [r11, #36]
+ movlt r1, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r1, [r11, #40]
+ movlt r2, r0
+ str r2, [r11, #44]
+ add sp, sp, #428
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end179:
+ .size mcl_fp_montNF12L, .Lfunc_end179-mcl_fp_montNF12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed12L
+ .align 2
+ .type mcl_fp_montRed12L,%function
+mcl_fp_montRed12L: @ @mcl_fp_montRed12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #836
+ sub sp, sp, #836
+ mov r3, r2
+ str r0, [sp, #148] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r10, [r1]
+ ldr r0, [r3]
+ str r3, [sp, #152] @ 4-byte Spill
+ mov r5, r3
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #144] @ 4-byte Spill
+ ldr r0, [r3, #4]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #140] @ 4-byte Spill
+ ldr r0, [r3, #8]
+ str r2, [sp, #56] @ 4-byte Spill
+ str r0, [sp, #136] @ 4-byte Spill
+ ldr r0, [r3, #12]
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [r3, #16]
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [r3, #20]
+ str r0, [sp, #128] @ 4-byte Spill
+ ldr r0, [r3, #24]
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [r3, #-4]
+ str r0, [sp, #156] @ 4-byte Spill
+ mul r2, r10, r0
+ ldr r0, [r3, #28]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [r3, #36]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [r3, #40]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [r3, #44]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r1, #72]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r1, #76]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r1, #80]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r1, #84]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #88]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r1, #92]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ mov r1, r3
+ str r0, [sp, #8] @ 4-byte Spill
+ add r0, sp, #776
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #824]
+ add r11, sp, #808
+ add lr, sp, #776
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #804]
+ ldr r4, [sp, #800]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #156] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, sp, #720
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #768]
+ add lr, sp, #756
+ add r9, sp, #732
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #720]
+ ldr r6, [sp, #752]
+ ldr r11, [sp, #748]
+ ldr r2, [sp, #744]
+ ldr r1, [sp, #724]
+ ldr r7, [sp, #728]
+ ldm r9, {r0, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r10, r4, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ mov r4, r5
+ adcs r1, r1, r7
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #156] @ 4-byte Reload
+ mul r2, r10, r0
+ add r0, sp, #664
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #712]
+ add r11, sp, #696
+ add lr, sp, #664
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #692]
+ ldr r5, [sp, #688]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #156] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ mul r2, r10, r5
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #608
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #656]
+ add lr, sp, #644
+ add r9, sp, #620
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #608]
+ ldr r6, [sp, #640]
+ ldr r11, [sp, #636]
+ ldr r2, [sp, #632]
+ ldr r1, [sp, #612]
+ ldr r7, [sp, #616]
+ ldm r9, {r0, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r10, r4, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r4, [sp, #152] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ mov r0, r5
+ mul r2, r10, r0
+ add r0, sp, #552
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #600]
+ add r11, sp, #584
+ add lr, sp, #552
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #580]
+ ldr r5, [sp, #576]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #156] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ mul r2, r10, r5
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #496
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #544]
+ add lr, sp, #532
+ add r9, sp, #508
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #496]
+ ldr r6, [sp, #528]
+ ldr r11, [sp, #524]
+ ldr r2, [sp, #520]
+ ldr r1, [sp, #500]
+ ldr r7, [sp, #504]
+ ldm r9, {r0, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r10, r4, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r4, [sp, #152] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #440
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #488]
+ add r11, sp, #472
+ add lr, sp, #440
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r11}
+ ldr r7, [sp, #468]
+ ldr r5, [sp, #464]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #156] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ mul r2, r10, r5
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #384
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #432]
+ add lr, sp, #420
+ add r9, sp, #396
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #384]
+ ldr r6, [sp, #416]
+ ldr r11, [sp, #412]
+ ldr r2, [sp, #408]
+ ldr r1, [sp, #388]
+ ldr r7, [sp, #392]
+ ldm r9, {r0, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r10, r4, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ mov r4, r5
+ adcs r1, r1, r7
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #152] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #328
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #376]
+ add r11, sp, #352
+ add lr, sp, #328
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r5, r7, r8, r9, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r5
+ mov r5, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #272
+ bl .LmulPv384x32(PLT)
+ ldr r0, [sp, #320]
+ add lr, sp, #300
+ add r6, sp, #272
+ add r12, sp, #284
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r4, r8, r9, r11, lr}
+ ldr r7, [sp, #296]
+ ldm r6, {r2, r3, r6}
+ ldm r12, {r0, r1, r12}
+ adds r2, r10, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r10, r2, r3
+ ldr r2, [sp, #60] @ 4-byte Reload
+ adcs r6, r2, r6
+ ldr r2, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #156] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r10, r4
+ adcs r0, r0, r8
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ mov r11, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ add r0, sp, #216
+ bl .LmulPv384x32(PLT)
+ add r7, sp, #216
+ add lr, sp, #252
+ ldm r7, {r0, r1, r3, r7}
+ ldr r8, [sp, #264]
+ adds r0, r10, r0
+ adcs r10, r6, r1
+ mul r0, r10, r4
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #156] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #232
+ str r0, [sp, #52] @ 4-byte Spill
+ ldm lr, {r6, r12, lr}
+ ldm r7, {r0, r1, r2, r3, r7}
+ ldr r4, [sp, #96] @ 4-byte Reload
+ adcs r9, r4, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r11
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r4, r0, r3
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r5, r0, r7
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r6, r0, r6
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ add r0, sp, #160
+ bl .LmulPv384x32(PLT)
+ add r3, sp, #160
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r10, r0
+ ldr r0, [sp, #156] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ adcs r12, r0, r2
+ ldr r2, [sp, #176]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r3, r9, r3
+ str r12, [sp, #52] @ 4-byte Spill
+ str r3, [sp, #56] @ 4-byte Spill
+ adcs r7, r0, r2
+ ldr r2, [sp, #180]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r7, [sp, #60] @ 4-byte Spill
+ adcs r8, r0, r2
+ ldr r2, [sp, #184]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r8, [sp, #64] @ 4-byte Spill
+ adcs r4, r4, r2
+ ldr r2, [sp, #188]
+ str r4, [sp, #68] @ 4-byte Spill
+ adcs r5, r5, r2
+ ldr r2, [sp, #192]
+ str r5, [sp, #72] @ 4-byte Spill
+ adcs r6, r6, r2
+ ldr r2, [sp, #196]
+ str r6, [sp, #76] @ 4-byte Spill
+ adcs r9, r0, r2
+ ldr r2, [sp, #200]
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r9, [sp, #84] @ 4-byte Spill
+ adcs r10, r0, r2
+ ldr r2, [sp, #204]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r10, [sp, #96] @ 4-byte Spill
+ adcs lr, r0, r2
+ ldr r2, [sp, #208]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str lr, [sp, #156] @ 4-byte Spill
+ adcs r11, r0, r2
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #136] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #144] @ 4-byte Reload
+ subs r0, r1, r0
+ ldr r1, [sp, #140] @ 4-byte Reload
+ sbcs r1, r12, r1
+ sbcs r2, r3, r2
+ ldr r3, [sp, #120] @ 4-byte Reload
+ sbcs r3, r7, r3
+ ldr r7, [sp, #124] @ 4-byte Reload
+ sbcs r12, r8, r7
+ ldr r7, [sp, #128] @ 4-byte Reload
+ sbcs r7, r4, r7
+ ldr r4, [sp, #132] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #100] @ 4-byte Reload
+ sbcs r8, r6, r5
+ ldr r6, [sp, #104] @ 4-byte Reload
+ sbcs r5, r9, r6
+ ldr r6, [sp, #108] @ 4-byte Reload
+ str r5, [sp, #144] @ 4-byte Spill
+ ldr r5, [sp, #92] @ 4-byte Reload
+ sbcs r9, r10, r6
+ ldr r6, [sp, #112] @ 4-byte Reload
+ sbcs r6, lr, r6
+ mov lr, r11
+ ldr r11, [sp, #148] @ 4-byte Reload
+ str r6, [sp, #152] @ 4-byte Spill
+ ldr r6, [sp, #116] @ 4-byte Reload
+ sbcs r10, lr, r6
+ sbc r6, r5, #0
+ ldr r5, [sp, #48] @ 4-byte Reload
+ ands r6, r6, #1
+ movne r0, r5
+ str r0, [r11]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r1, [r11, #4]
+ ldr r1, [sp, #156] @ 4-byte Reload
+ movne r2, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r6, #0
+ str r2, [r11, #8]
+ ldr r2, [sp, #144] @ 4-byte Reload
+ movne r3, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r3, [r11, #12]
+ movne r12, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r12, [r11, #16]
+ movne r7, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ cmp r6, #0
+ str r7, [r11, #20]
+ movne r4, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r4, [r11, #24]
+ movne r8, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r8, [r11, #28]
+ movne r2, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ cmp r6, #0
+ movne r10, lr
+ str r2, [r11, #32]
+ movne r9, r0
+ ldr r0, [sp, #152] @ 4-byte Reload
+ movne r0, r1
+ str r9, [r11, #36]
+ str r0, [r11, #40]
+ str r10, [r11, #44]
+ add sp, sp, #836
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end180:
+ .size mcl_fp_montRed12L, .Lfunc_end180-mcl_fp_montRed12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre12L
+ .align 2
+ .type mcl_fp_addPre12L,%function
+mcl_fp_addPre12L: @ @mcl_fp_addPre12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ ldm r1, {r3, r12, lr}
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7}
+ ldr r4, [r2, #16]
+ ldr r11, [r2]
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ adds r8, r11, r3
+ ldr r3, [r2, #36]
+ ldr r11, [r2, #32]
+ adcs r5, r5, r12
+ add r12, r1, #16
+ adcs r6, r6, lr
+ add lr, r1, #32
+ adcs r7, r7, r9
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #40]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ ldr r2, [r2, #44]
+ str r3, [sp, #20] @ 4-byte Spill
+ str r4, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm lr, {r4, r10, lr}
+ ldr r9, [r1, #44]
+ ldm r12, {r1, r2, r3, r12}
+ str r8, [r0]
+ stmib r0, {r5, r6}
+ str r7, [r0, #12]
+ ldr r5, [sp] @ 4-byte Reload
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r1, r5, r1
+ ldr r5, [sp, #4] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r2, r5, r2
+ str r2, [r0, #20]
+ ldr r2, [sp, #12] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r1, [r0, #24]
+ adcs r2, r2, r12
+ str r2, [r0, #28]
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r1, r11, r4
+ add r0, r0, #32
+ adcs r2, r2, r10
+ adcs r3, r3, lr
+ adcs r7, r7, r9
+ stm r0, {r1, r2, r3, r7}
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #28
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end181:
+ .size mcl_fp_addPre12L, .Lfunc_end181-mcl_fp_addPre12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre12L
+ .align 2
+ .type mcl_fp_subPre12L,%function
+mcl_fp_subPre12L: @ @mcl_fp_subPre12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #28
+ sub sp, sp, #28
+ ldmib r2, {r8, r12, lr}
+ ldr r3, [r2, #16]
+ ldr r7, [r2]
+ ldr r6, [r1]
+ ldr r5, [r1, #4]
+ ldr r4, [r1, #8]
+ ldr r11, [r2, #44]
+ ldr r9, [r1, #32]
+ ldr r10, [r1, #36]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ subs r6, r6, r7
+ ldr r7, [r2, #32]
+ sbcs r5, r5, r8
+ ldr r8, [r1, #40]
+ sbcs r4, r4, r12
+ add r12, r1, #16
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [r1, #12]
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r1, #44]
+ sbcs lr, r3, lr
+ ldm r12, {r1, r2, r3, r12}
+ str r6, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ ldr r4, [sp, #12] @ 4-byte Reload
+ ldr r6, [sp, #16] @ 4-byte Reload
+ str lr, [r0, #12]
+ sbcs r1, r1, r4
+ str r1, [r0, #16]
+ sbcs r2, r2, r6
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ sbcs r1, r3, r1
+ ldr r3, [sp, #8] @ 4-byte Reload
+ str r1, [r0, #24]
+ sbcs r2, r12, r2
+ ldr r1, [sp] @ 4-byte Reload
+ str r2, [r0, #28]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ add r0, r0, #32
+ sbcs r1, r9, r1
+ sbcs r2, r10, r2
+ sbcs r3, r8, r3
+ sbcs r7, r7, r11
+ stm r0, {r1, r2, r3, r7}
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #28
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end182:
+ .size mcl_fp_subPre12L, .Lfunc_end182-mcl_fp_subPre12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_12L
+ .align 2
+ .type mcl_fp_shr1_12L,%function
+mcl_fp_shr1_12L: @ @mcl_fp_shr1_12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #4
+ sub sp, sp, #4
+ add r6, r1, #20
+ ldr r3, [r1, #8]
+ ldr r2, [r1, #12]
+ ldr lr, [r1, #16]
+ add r11, r1, #32
+ ldm r6, {r4, r5, r6}
+ ldm r1, {r8, r12}
+ lsr r7, r12, #1
+ orr r9, r7, r3, lsl #31
+ ldm r11, {r7, r10, r11}
+ ldr r1, [r1, #44]
+ str r1, [sp] @ 4-byte Spill
+ lsr r1, r2, #1
+ lsrs r2, r2, #1
+ rrx r2, r3
+ lsrs r3, r12, #1
+ orr r1, r1, lr, lsl #31
+ rrx r3, r8
+ stm r0, {r3, r9}
+ str r2, [r0, #8]
+ str r1, [r0, #12]
+ lsrs r1, r4, #1
+ lsr r2, r10, #1
+ rrx r1, lr
+ orr r2, r2, r11, lsl #31
+ str r1, [r0, #16]
+ lsr r1, r4, #1
+ orr r1, r1, r5, lsl #31
+ str r1, [r0, #20]
+ lsrs r1, r6, #1
+ rrx r1, r5
+ str r1, [r0, #24]
+ lsr r1, r6, #1
+ orr r1, r1, r7, lsl #31
+ str r1, [r0, #28]
+ lsrs r1, r10, #1
+ add r0, r0, #32
+ rrx r1, r7
+ ldr r7, [sp] @ 4-byte Reload
+ lsrs r3, r7, #1
+ lsr r7, r7, #1
+ rrx r3, r11
+ stm r0, {r1, r2, r3, r7}
+ add sp, sp, #4
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end183:
+ .size mcl_fp_shr1_12L, .Lfunc_end183-mcl_fp_shr1_12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add12L
+ .align 2
+ .type mcl_fp_add12L,%function
+mcl_fp_add12L: @ @mcl_fp_add12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldm r1, {r12, lr}
+ ldr r5, [r2]
+ ldr r8, [r1, #8]
+ ldr r9, [r1, #12]
+ ldmib r2, {r4, r6, r7}
+ ldr r11, [r1, #40]
+ adds r5, r5, r12
+ ldr r12, [r2, #40]
+ adcs r4, r4, lr
+ str r5, [sp, #40] @ 4-byte Spill
+ ldr r5, [r1, #24]
+ ldr lr, [r1, #32]
+ adcs r6, r6, r8
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r1, #20]
+ ldr r8, [r1, #36]
+ adcs r7, r7, r9
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [r1, #16]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ adcs r10, r7, r6
+ ldr r6, [r2, #20]
+ adcs r7, r6, r4
+ ldr r4, [r2, #24]
+ str r7, [sp, #12] @ 4-byte Spill
+ adcs r7, r4, r5
+ ldr r4, [r1, #28]
+ ldr r5, [r2, #28]
+ str r7, [sp, #4] @ 4-byte Spill
+ adcs r6, r5, r4
+ ldr r5, [r2, #32]
+ ldr r4, [r1, #44]
+ ldr r1, [r2, #36]
+ ldr r2, [r2, #44]
+ str r6, [sp, #8] @ 4-byte Spill
+ adcs r9, r5, lr
+ ldr lr, [sp, #32] @ 4-byte Reload
+ adcs r5, r1, r8
+ ldr r1, [sp, #40] @ 4-byte Reload
+ ldr r8, [sp, #12] @ 4-byte Reload
+ adcs r11, r12, r11
+ ldr r12, [sp, #36] @ 4-byte Reload
+ str r5, [sp, #28] @ 4-byte Spill
+ adcs r2, r2, r4
+ ldr r4, [sp, #16] @ 4-byte Reload
+ str r2, [sp, #24] @ 4-byte Spill
+ str r1, [r0]
+ str r12, [r0, #4]
+ str lr, [r0, #8]
+ str r4, [r0, #12]
+ str r10, [r0, #16]
+ str r8, [r0, #20]
+ str r7, [r0, #24]
+ str r6, [r0, #28]
+ str r9, [r0, #32]
+ str r5, [r0, #36]
+ str r11, [r0, #40]
+ str r2, [r0, #44]
+ mov r2, #0
+ adc r2, r2, #0
+ str r2, [sp, #20] @ 4-byte Spill
+ ldm r3, {r2, r6, r7}
+ ldr r5, [r3, #12]
+ subs r1, r1, r2
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ sbcs r1, r12, r6
+ str r1, [sp] @ 4-byte Spill
+ sbcs r1, lr, r7
+ str r1, [sp, #36] @ 4-byte Spill
+ sbcs r1, r4, r5
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ sbcs r1, r10, r1
+ add r10, r3, #36
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ sbcs r6, r8, r1
+ ldr r1, [r3, #24]
+ sbcs lr, r2, r1
+ ldr r2, [r3, #28]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ sbcs r12, r1, r2
+ ldr r2, [r3, #32]
+ ldm r10, {r1, r4, r10}
+ sbcs r7, r9, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r2, r2, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs r3, r11, r4
+ sbcs r5, r1, r10
+ ldr r1, [sp, #20] @ 4-byte Reload
+ sbc r1, r1, #0
+ tst r1, #1
+ bne .LBB184_2
+@ BB#1: @ %nocarry
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r1, [r0]
+ ldr r1, [sp] @ 4-byte Reload
+ str r1, [r0, #4]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r1, [r0, #8]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r1, [r0, #12]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r1, [r0, #16]
+ str r6, [r0, #20]
+ str lr, [r0, #24]
+ str r12, [r0, #28]
+ str r7, [r0, #32]
+ add r0, r0, #36
+ stm r0, {r2, r3, r5}
+.LBB184_2: @ %carry
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end184:
+ .size mcl_fp_add12L, .Lfunc_end184-mcl_fp_add12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF12L
+ .align 2
+ .type mcl_fp_addNF12L,%function
+mcl_fp_addNF12L: @ @mcl_fp_addNF12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ ldm r1, {r5, r8, lr}
+ ldr r6, [r2]
+ ldr r10, [r1, #12]
+ ldmib r2, {r4, r7, r9}
+ ldr r12, [r1, #20]
+ adds r6, r6, r5
+ ldr r5, [r1, #24]
+ adcs r8, r4, r8
+ ldr r4, [r2, #16]
+ str r6, [sp, #16] @ 4-byte Spill
+ adcs r7, r7, lr
+ add lr, r2, #32
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ adcs r6, r9, r10
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [r1, #44]
+ adcs r7, r4, r7
+ ldr r4, [r1, #40]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ adcs r7, r7, r12
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ adcs r7, r7, r5
+ ldr r5, [r2, #28]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r1, #28]
+ adcs r7, r5, r7
+ ldr r5, [r1, #36]
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ ldm lr, {r1, r12, lr}
+ ldr r2, [r2, #44]
+ adcs r1, r1, r7
+ str r1, [sp, #20] @ 4-byte Spill
+ adcs r1, r12, r5
+ str r1, [sp, #28] @ 4-byte Spill
+ adcs r1, lr, r4
+ str r1, [sp, #36] @ 4-byte Spill
+ adc r1, r2, r6
+ str r1, [sp, #44] @ 4-byte Spill
+ ldmib r3, {r1, r2, r6, r11}
+ ldr r7, [r3, #20]
+ ldr r4, [r3, #32]
+ ldr r9, [r3]
+ ldr r5, [sp, #16] @ 4-byte Reload
+ ldr lr, [r3, #24]
+ ldr r10, [r3, #28]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [sp, #24] @ 4-byte Reload
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r3, #36]
+ subs r9, r5, r9
+ sbcs r1, r8, r1
+ sbcs r2, r7, r2
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r3, #40]
+ sbcs r12, r7, r6
+ ldr r7, [r3, #44]
+ ldr r3, [sp, #40] @ 4-byte Reload
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [sp, #48] @ 4-byte Reload
+ ldr r6, [sp, #12] @ 4-byte Reload
+ sbcs r3, r3, r11
+ sbcs r11, r4, r6
+ ldr r4, [sp, #56] @ 4-byte Reload
+ ldr r6, [sp, #8] @ 4-byte Reload
+ sbcs lr, r4, lr
+ ldr r4, [sp, #52] @ 4-byte Reload
+ sbcs r10, r4, r10
+ ldr r4, [sp, #20] @ 4-byte Reload
+ sbcs r4, r4, r6
+ ldr r6, [sp] @ 4-byte Reload
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [sp, #28] @ 4-byte Reload
+ sbcs r4, r4, r6
+ ldr r6, [sp, #36] @ 4-byte Reload
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [sp, #4] @ 4-byte Reload
+ sbcs r6, r6, r4
+ str r6, [sp, #12] @ 4-byte Spill
+ ldr r6, [sp, #44] @ 4-byte Reload
+ sbc r6, r6, r7
+ asr r7, r6, #31
+ cmp r7, #0
+ movlt r9, r5
+ movlt r1, r8
+ str r9, [r0]
+ str r1, [r0, #4]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ movlt r2, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ cmp r7, #0
+ str r2, [r0, #8]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ movlt r12, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r12, [r0, #12]
+ movlt r3, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r3, [r0, #16]
+ ldr r3, [sp, #12] @ 4-byte Reload
+ movlt r11, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ cmp r7, #0
+ str r11, [r0, #20]
+ movlt lr, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str lr, [r0, #24]
+ movlt r10, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r10, [r0, #28]
+ movlt r2, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ cmp r7, #0
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #32]
+ movlt r7, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r7, [r0, #36]
+ movlt r3, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r3, [r0, #40]
+ movlt r6, r1
+ str r6, [r0, #44]
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end185:
+ .size mcl_fp_addNF12L, .Lfunc_end185-mcl_fp_addNF12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub12L
+ .align 2
+ .type mcl_fp_sub12L,%function
+mcl_fp_sub12L: @ @mcl_fp_sub12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #64
+ sub sp, sp, #64
+ ldr r9, [r2]
+ ldmib r2, {r8, r12, lr}
+ ldm r1, {r4, r5, r6, r7}
+ add r10, r1, #32
+ subs r4, r4, r9
+ sbcs r5, r5, r8
+ str r4, [sp, #48] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ sbcs r6, r6, r12
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [r2, #20]
+ sbcs r7, r7, lr
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ sbcs r11, r7, r6
+ ldr r6, [r1, #20]
+ str r11, [sp, #28] @ 4-byte Spill
+ sbcs lr, r6, r5
+ ldr r5, [r1, #24]
+ str lr, [sp, #40] @ 4-byte Spill
+ sbcs r7, r5, r4
+ ldr r4, [r2, #28]
+ ldr r5, [r1, #28]
+ str r7, [sp, #44] @ 4-byte Spill
+ add r7, r2, #32
+ sbcs r12, r5, r4
+ str r12, [sp, #36] @ 4-byte Spill
+ ldm r7, {r4, r5, r6, r7}
+ ldm r10, {r2, r8, r9, r10}
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r4, r2, r4
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r1, [r0]
+ sbcs r8, r8, r5
+ str r4, [sp, #32] @ 4-byte Spill
+ sbcs r6, r9, r6
+ sbcs r7, r10, r7
+ ldr r10, [sp, #52] @ 4-byte Reload
+ str r10, [r0, #4]
+ str r2, [r0, #8]
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r2, [r0, #12]
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r11, [r0, #16]
+ str lr, [r0, #20]
+ str r2, [r0, #24]
+ str r12, [r0, #28]
+ str r4, [r0, #32]
+ mov r4, #0
+ str r8, [r0, #36]
+ str r6, [r0, #40]
+ str r7, [r0, #44]
+ sbc r4, r4, #0
+ tst r4, #1
+ beq .LBB186_2
+@ BB#1: @ %carry
+ ldr r5, [r3, #32]
+ ldr r4, [r3, #20]
+ ldr r12, [r3, #28]
+ ldr r9, [r3, #4]
+ ldr lr, [r3, #12]
+ ldr r11, [r3, #16]
+ str r5, [sp, #12] @ 4-byte Spill
+ ldr r5, [r3, #36]
+ str r4, [sp] @ 4-byte Spill
+ ldr r4, [r3, #24]
+ str r12, [sp, #8] @ 4-byte Spill
+ str r5, [sp, #16] @ 4-byte Spill
+ ldr r5, [r3, #40]
+ str r4, [sp, #4] @ 4-byte Spill
+ str r5, [sp, #20] @ 4-byte Spill
+ ldr r5, [r3, #44]
+ str r5, [sp, #24] @ 4-byte Spill
+ ldr r5, [r3, #8]
+ ldr r3, [r3]
+ adds r3, r3, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r4, r9, r10
+ adcs r5, r5, r1
+ ldr r1, [sp, #60] @ 4-byte Reload
+ stm r0, {r3, r4, r5}
+ ldr r3, [sp] @ 4-byte Reload
+ adcs r1, lr, r1
+ str r1, [r0, #12]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r1, r11, r1
+ str r1, [r0, #16]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r3, r1
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r1, [r0, #20]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #28]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ add r0, r0, #32
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ adcs r2, r2, r8
+ adcs r3, r3, r6
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adc r7, r6, r7
+ stm r0, {r1, r2, r3, r7}
+.LBB186_2: @ %nocarry
+ add sp, sp, #64
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end186:
+ .size mcl_fp_sub12L, .Lfunc_end186-mcl_fp_sub12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF12L
+ .align 2
+ .type mcl_fp_subNF12L,%function
+mcl_fp_subNF12L: @ @mcl_fp_subNF12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #56
+ sub sp, sp, #56
+ mov r12, r0
+ ldr r0, [r2, #32]
+ add r11, r2, #8
+ ldr r6, [r2]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r2, #36]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r2, #40]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r2, #44]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r2, #4]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r8, r10, r11}
+ ldr r0, [r2, #20]
+ ldr lr, [r1, #16]
+ ldr r7, [r1, #20]
+ ldr r5, [r1, #24]
+ ldr r4, [r1, #28]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r2, #24]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r2, #28]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ ldm r1, {r1, r2, r9}
+ subs r1, r1, r6
+ ldr r6, [sp, #36] @ 4-byte Reload
+ sbcs r2, r2, r6
+ sbcs r6, r9, r8
+ mov r9, r2
+ sbcs r10, r0, r10
+ str r6, [sp, #4] @ 4-byte Spill
+ sbcs r0, lr, r11
+ add r11, r3, #8
+ ldr lr, [r3, #4]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbcs r0, r5, r0
+ ldr r5, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ sbcs r0, r4, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ sbcs r0, r7, r0
+ ldr r7, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ sbc r0, r5, r7
+ ldr r7, [r3, #36]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r3, #40]
+ str r0, [sp] @ 4-byte Spill
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r3, #44]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldm r11, {r7, r8, r11}
+ ldr r4, [r3, #28]
+ ldr r5, [r3, #20]
+ ldr r0, [r3, #24]
+ ldr r3, [r3]
+ str r4, [sp, #8] @ 4-byte Spill
+ mov r4, r1
+ adds r1, r4, r3
+ ldr r3, [sp, #36] @ 4-byte Reload
+ adcs r2, r9, lr
+ adcs lr, r6, r7
+ adcs r6, r10, r8
+ adcs r7, r3, r11
+ ldr r3, [sp, #40] @ 4-byte Reload
+ adcs r8, r3, r5
+ ldr r3, [sp, #44] @ 4-byte Reload
+ adcs r5, r3, r0
+ ldr r3, [sp, #48] @ 4-byte Reload
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r11, r3, r0
+ ldr r3, [sp, #52] @ 4-byte Reload
+ ldr r0, [sp] @ 4-byte Reload
+ adcs r3, r3, r0
+ ldr r0, [sp, #12] @ 4-byte Reload
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [sp, #32] @ 4-byte Reload
+ adcs r3, r3, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r3, r0, r3
+ str r3, [sp, #20] @ 4-byte Spill
+ asr r3, r0, #31
+ ldr r0, [sp, #4] @ 4-byte Reload
+ cmp r3, #0
+ movge r1, r4
+ movge r2, r9
+ str r1, [r12]
+ str r2, [r12, #4]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #32] @ 4-byte Reload
+ movge lr, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ cmp r3, #0
+ movge r6, r10
+ str lr, [r12, #8]
+ str r6, [r12, #12]
+ movge r7, r0
+ ldr r0, [sp, #40] @ 4-byte Reload
+ str r7, [r12, #16]
+ ldr r7, [sp, #24] @ 4-byte Reload
+ movge r8, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ cmp r3, #0
+ str r8, [r12, #20]
+ movge r5, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ str r5, [r12, #24]
+ movge r11, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r11, [r12, #28]
+ movge r1, r0
+ cmp r3, #0
+ ldr r3, [sp, #28] @ 4-byte Reload
+ ldr r0, [sp, #12] @ 4-byte Reload
+ movge r0, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [r12, #32]
+ add r1, r12, #36
+ movge r2, r3
+ ldr r3, [sp, #20] @ 4-byte Reload
+ movge r3, r7
+ stm r1, {r0, r2, r3}
+ add sp, sp, #56
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end187:
+ .size mcl_fp_subNF12L, .Lfunc_end187-mcl_fp_subNF12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add12L
+ .align 2
+ .type mcl_fpDbl_add12L,%function
+mcl_fpDbl_add12L: @ @mcl_fpDbl_add12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #136
+ sub sp, sp, #136
+ ldm r1, {r7, r8, r12, lr}
+ ldm r2, {r4, r5, r6, r9}
+ ldr r10, [r2, #20]
+ adds r4, r4, r7
+ str r4, [sp, #80] @ 4-byte Spill
+ ldr r4, [r2, #64]
+ str r4, [sp, #108] @ 4-byte Spill
+ ldr r4, [r2, #68]
+ str r4, [sp, #112] @ 4-byte Spill
+ ldr r4, [r2, #72]
+ str r4, [sp, #116] @ 4-byte Spill
+ ldr r4, [r2, #76]
+ str r4, [sp, #120] @ 4-byte Spill
+ ldr r4, [r2, #80]
+ str r4, [sp, #124] @ 4-byte Spill
+ ldr r4, [r2, #84]
+ str r4, [sp, #128] @ 4-byte Spill
+ ldr r4, [r2, #88]
+ str r4, [sp, #132] @ 4-byte Spill
+ ldr r4, [r2, #92]
+ str r4, [sp, #76] @ 4-byte Spill
+ adcs r4, r5, r8
+ adcs r7, r6, r12
+ ldr r6, [r2, #16]
+ str r4, [sp, #28] @ 4-byte Spill
+ str r7, [sp, #24] @ 4-byte Spill
+ adcs r7, r9, lr
+ add r9, r1, #32
+ add lr, r1, #16
+ str r7, [sp, #32] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #104] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r1, #64]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r7, [sp, #16] @ 4-byte Spill
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #68] @ 4-byte Spill
+ ldm r9, {r4, r5, r8, r9}
+ ldr r2, [r1, #48]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #80] @ 4-byte Reload
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r1, r6, r1
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #24] @ 4-byte Reload
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs r2, r10, r2
+ ldr r10, [r3]
+ str r7, [r0, #8]
+ str r6, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r1, r12
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [r0, #28]
+ ldr r2, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [r0, #32]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r2, r2, r5
+ ldr r5, [r3, #12]
+ str r2, [r0, #36]
+ ldr r2, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [r0, #40]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r2, r2, r9
+ str r2, [r0, #44]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r12, r1, r7
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r12, [sp, #80] @ 4-byte Spill
+ adcs r8, r1, r2
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r8, [sp, #88] @ 4-byte Spill
+ adcs lr, r1, r2
+ ldr r1, [sp, #104] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str lr, [sp, #92] @ 4-byte Spill
+ adcs r4, r1, r2
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r4, [sp, #104] @ 4-byte Spill
+ adcs r9, r1, r2
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r9, [sp, #96] @ 4-byte Spill
+ adcs r11, r1, r2
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r11, [sp, #108] @ 4-byte Spill
+ adcs r6, r1, r2
+ ldr r1, [sp, #120] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r6, [sp, #112] @ 4-byte Spill
+ adcs r7, r1, r2
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r7, [sp, #116] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #124] @ 4-byte Spill
+ ldr r1, [sp, #128] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ str r1, [sp, #120] @ 4-byte Spill
+ ldr r1, [sp, #132] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ str r1, [sp, #128] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [r3, #8]
+ str r1, [sp, #132] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ subs r10, r12, r10
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [r3, #4]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ sbcs r1, r8, r1
+ ldr r8, [r3, #40]
+ sbcs r2, lr, r2
+ ldr lr, [r3, #32]
+ sbcs r12, r4, r5
+ ldr r4, [r3, #36]
+ ldr r3, [r3, #44]
+ ldr r5, [sp, #72] @ 4-byte Reload
+ str r3, [sp, #64] @ 4-byte Spill
+ ldr r3, [sp, #68] @ 4-byte Reload
+ sbcs r3, r9, r3
+ sbcs r9, r11, r5
+ ldr r5, [sp, #76] @ 4-byte Reload
+ sbcs r5, r6, r5
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r6, r7, r6
+ ldr r7, [sp, #124] @ 4-byte Reload
+ sbcs r11, r7, lr
+ ldr r7, [sp, #120] @ 4-byte Reload
+ sbcs lr, r7, r4
+ ldr r7, [sp, #128] @ 4-byte Reload
+ ldr r4, [sp, #64] @ 4-byte Reload
+ sbcs r8, r7, r8
+ ldr r7, [sp, #132] @ 4-byte Reload
+ sbcs r4, r7, r4
+ ldr r7, [sp, #100] @ 4-byte Reload
+ str r4, [sp, #84] @ 4-byte Spill
+ ldr r4, [sp, #80] @ 4-byte Reload
+ sbc r7, r7, #0
+ ands r7, r7, #1
+ movne r10, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ str r10, [r0, #48]
+ movne r1, r4
+ str r1, [r0, #52]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ movne r2, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ cmp r7, #0
+ str r2, [r0, #56]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ movne r12, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r12, [r0, #60]
+ movne r3, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r3, [r0, #64]
+ movne r9, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ cmp r7, #0
+ str r9, [r0, #68]
+ movne r5, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r5, [r0, #72]
+ movne r6, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r6, [r0, #76]
+ movne r11, r1
+ ldr r1, [sp, #120] @ 4-byte Reload
+ cmp r7, #0
+ str r11, [r0, #80]
+ movne lr, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str lr, [r0, #84]
+ movne r8, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r8, [r0, #88]
+ movne r2, r1
+ str r2, [r0, #92]
+ add sp, sp, #136
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end188:
+ .size mcl_fpDbl_add12L, .Lfunc_end188-mcl_fpDbl_add12L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub12L
+ .align 2
+ .type mcl_fpDbl_sub12L,%function
+mcl_fpDbl_sub12L: @ @mcl_fpDbl_sub12L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #136
+ sub sp, sp, #136
+ ldr r7, [r2, #64]
+ str r7, [sp, #128] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #104] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #132] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [r2, #88]
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [r2, #92]
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2]
+ ldmib r2, {r6, r9}
+ ldr r5, [r1]
+ ldr r8, [r2, #12]
+ ldmib r1, {r4, lr}
+ ldr r12, [r1, #12]
+ ldr r10, [r2, #20]
+ subs r5, r5, r7
+ sbcs r4, r4, r6
+ str r5, [sp, #32] @ 4-byte Spill
+ ldr r5, [r2, #36]
+ ldr r6, [r2, #16]
+ sbcs r7, lr, r9
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [r2, #32]
+ add r9, r1, #32
+ add lr, r1, #16
+ str r7, [sp, #12] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r5, [sp, #44] @ 4-byte Spill
+ str r4, [sp, #40] @ 4-byte Spill
+ str r7, [sp, #36] @ 4-byte Spill
+ sbcs r7, r12, r8
+ str r7, [sp, #8] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r2, [r1, #64]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r7, [sp, #28] @ 4-byte Spill
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #68] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #76] @ 4-byte Spill
+ ldm r9, {r4, r5, r8, r9}
+ ldr r2, [r1, #48]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #52]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #24] @ 4-byte Reload
+ sbcs r1, r1, r6
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ ldr r6, [sp, #8] @ 4-byte Reload
+ sbcs r2, r2, r10
+ str r7, [r0, #8]
+ str r6, [r0, #12]
+ str r1, [r0, #16]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ sbcs r1, r12, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r2, lr, r2
+ str r2, [r0, #28]
+ ldr r2, [sp, #44] @ 4-byte Reload
+ sbcs r1, r4, r1
+ str r1, [r0, #32]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ sbcs r2, r5, r2
+ str r2, [r0, #36]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ sbcs r1, r8, r1
+ str r1, [r0, #40]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ sbcs r2, r9, r2
+ str r2, [r0, #44]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ sbcs r9, r7, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #16] @ 4-byte Reload
+ str r9, [sp, #40] @ 4-byte Spill
+ sbcs lr, r2, r1
+ ldr r2, [sp, #96] @ 4-byte Reload
+ mov r1, #0
+ str lr, [sp, #44] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str r2, [sp, #92] @ 4-byte Spill
+ ldr r2, [sp, #100] @ 4-byte Reload
+ sbcs r4, r7, r2
+ ldr r2, [sp, #128] @ 4-byte Reload
+ ldr r7, [sp, #48] @ 4-byte Reload
+ str r4, [sp, #88] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #52] @ 4-byte Reload
+ str r2, [sp, #128] @ 4-byte Spill
+ ldr r2, [sp, #104] @ 4-byte Reload
+ sbcs r5, r7, r2
+ ldr r2, [sp, #132] @ 4-byte Reload
+ ldr r7, [sp, #56] @ 4-byte Reload
+ str r5, [sp, #96] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r2, [sp, #132] @ 4-byte Spill
+ ldr r2, [sp, #108] @ 4-byte Reload
+ sbcs r8, r7, r2
+ ldr r2, [sp, #112] @ 4-byte Reload
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r8, [sp, #104] @ 4-byte Spill
+ sbcs r10, r7, r2
+ ldr r2, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r10, [sp, #108] @ 4-byte Spill
+ sbcs r6, r7, r2
+ ldr r2, [sp, #124] @ 4-byte Reload
+ ldr r7, [sp, #72] @ 4-byte Reload
+ str r6, [sp, #112] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r2, [sp, #124] @ 4-byte Spill
+ ldr r2, [sp, #120] @ 4-byte Reload
+ sbcs r2, r7, r2
+ sbc r1, r1, #0
+ str r2, [sp, #120] @ 4-byte Spill
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [r3, #40]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp, #116] @ 4-byte Spill
+ ldmib r3, {r1, r2, r12}
+ ldr r7, [r3, #16]
+ ldr r11, [r3, #20]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r3, #24]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r3, #28]
+ ldr r3, [r3]
+ adds r3, r9, r3
+ ldr r9, [sp, #92] @ 4-byte Reload
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r1, lr, r1
+ ldr lr, [sp, #128] @ 4-byte Reload
+ adcs r2, r9, r2
+ adcs r12, r4, r12
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs lr, lr, r4
+ adcs r4, r5, r11
+ ldr r5, [sp, #132] @ 4-byte Reload
+ ldr r11, [sp, #116] @ 4-byte Reload
+ adcs r5, r5, r7
+ ldr r7, [sp, #68] @ 4-byte Reload
+ adcs r8, r8, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r10, r10, r7
+ ldr r7, [sp, #80] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r6, [sp, #80] @ 4-byte Spill
+ ldr r6, [sp, #124] @ 4-byte Reload
+ adcs r6, r6, r7
+ ldr r7, [sp, #40] @ 4-byte Reload
+ str r6, [sp, #84] @ 4-byte Spill
+ ldr r6, [sp, #120] @ 4-byte Reload
+ adc r6, r6, r11
+ str r6, [sp, #116] @ 4-byte Spill
+ ldr r6, [sp, #100] @ 4-byte Reload
+ ands r6, r6, #1
+ moveq r3, r7
+ moveq r2, r9
+ str r3, [r0, #48]
+ ldr r3, [sp, #44] @ 4-byte Reload
+ moveq r1, r3
+ cmp r6, #0
+ str r1, [r0, #52]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r2, [r0, #56]
+ ldr r2, [sp, #80] @ 4-byte Reload
+ moveq r12, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r12, [r0, #60]
+ moveq lr, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str lr, [r0, #64]
+ moveq r4, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ cmp r6, #0
+ str r4, [r0, #68]
+ moveq r5, r1
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r5, [r0, #72]
+ moveq r8, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r8, [r0, #76]
+ moveq r10, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ cmp r6, #0
+ str r10, [r0, #80]
+ moveq r2, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r2, [r0, #84]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #120] @ 4-byte Reload
+ str r2, [r0, #88]
+ ldr r2, [sp, #116] @ 4-byte Reload
+ moveq r2, r1
+ str r2, [r0, #92]
+ add sp, sp, #136
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end189:
+ .size mcl_fpDbl_sub12L, .Lfunc_end189-mcl_fpDbl_sub12L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv416x32,%function
+.LmulPv416x32: @ @mulPv416x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r3, [r1, #36]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #36]
+ ldr r3, [r1, #40]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #40]
+ ldr r3, [r1, #44]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #44]
+ ldr r1, [r1, #48]
+ umull r3, r7, r1, r2
+ adcs r1, r5, r3
+ str r1, [r0, #48]
+ adc r1, r7, #0
+ str r1, [r0, #52]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end190:
+ .size .LmulPv416x32, .Lfunc_end190-.LmulPv416x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre13L
+ .align 2
+ .type mcl_fp_mulUnitPre13L,%function
+mcl_fp_mulUnitPre13L: @ @mcl_fp_mulUnitPre13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ mov r4, r0
+ add r0, sp, #8
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #60]
+ add r12, sp, #12
+ ldr lr, [sp, #56]
+ ldr r8, [sp, #52]
+ ldr r9, [sp, #48]
+ ldr r10, [sp, #44]
+ ldr r11, [sp, #40]
+ ldr r5, [sp, #36]
+ ldr r6, [sp, #32]
+ ldr r7, [sp, #28]
+ ldr r3, [sp, #8]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r12}
+ str r3, [r4]
+ stmib r4, {r0, r1, r2, r12}
+ str r7, [r4, #20]
+ str r6, [r4, #24]
+ str r5, [r4, #28]
+ str r11, [r4, #32]
+ str r10, [r4, #36]
+ str r9, [r4, #40]
+ str r8, [r4, #44]
+ str lr, [r4, #48]
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r0, [r4, #52]
+ add sp, sp, #68
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end191:
+ .size mcl_fp_mulUnitPre13L, .Lfunc_end191-mcl_fp_mulUnitPre13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre13L
+ .align 2
+ .type mcl_fpDbl_mulPre13L,%function
+mcl_fpDbl_mulPre13L: @ @mcl_fpDbl_mulPre13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #820
+ sub sp, sp, #820
+ mov r7, r2
+ mov r4, r0
+ add r0, sp, #760
+ str r1, [sp, #84] @ 4-byte Spill
+ mov r5, r1
+ ldr r2, [r7]
+ str r7, [sp, #80] @ 4-byte Spill
+ str r4, [sp, #76] @ 4-byte Spill
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #812]
+ ldr r1, [sp, #764]
+ ldr r2, [r7, #4]
+ mov r6, r5
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #768]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #772]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r1, [sp, #20] @ 4-byte Spill
+ mov r1, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #776]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #760]
+ str r0, [r4]
+ add r0, sp, #704
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #756]
+ add r10, sp, #728
+ add lr, sp, #704
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #744]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r5, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #24] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #4]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r7, #8]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r6
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #648
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #700]
+ add lr, sp, #676
+ add r9, sp, #656
+ ldr r11, [sp, #692]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm lr, {r5, r7, r12, lr}
+ ldr r8, [sp, #648]
+ ldr r10, [sp, #652]
+ ldm r9, {r0, r1, r2, r3, r9}
+ ldr r6, [sp, #24] @ 4-byte Reload
+ adds r6, r8, r6
+ str r6, [r4, #8]
+ mov r6, r4
+ ldr r4, [sp, #40] @ 4-byte Reload
+ adcs r4, r10, r4
+ str r4, [sp, #24] @ 4-byte Spill
+ ldr r4, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r2, [r5, #12]
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #592
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #644]
+ add lr, sp, #612
+ add r7, sp, #600
+ ldr r8, [sp, #628]
+ ldr r11, [sp, #624]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #640]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #636]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #632]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r0, [sp, #592]
+ ldr r9, [sp, #596]
+ ldm r7, {r1, r2, r7}
+ ldr r10, [sp, #24] @ 4-byte Reload
+ adds r0, r0, r10
+ str r0, [r6, #12]
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r6, r9, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #536
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #588]
+ ldr r8, [sp, #536]
+ add r4, sp, #540
+ ldr r11, [sp, #580]
+ ldr r9, [sp, #576]
+ ldr lr, [sp, #572]
+ ldr r5, [sp, #568]
+ ldr r10, [sp, #564]
+ ldr r12, [sp, #560]
+ ldr r3, [sp, #556]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ adds r6, r8, r6
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r4, {r0, r1, r2, r4}
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r6, [r7, #16]
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r2, [r4, #20]
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #480
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #532]
+ add r10, sp, #480
+ add r12, sp, #492
+ ldr r6, [sp, #516]
+ ldr r11, [sp, #512]
+ ldr lr, [sp, #508]
+ ldr r9, [sp, #504]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #528]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #524]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #520]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r0, r1, r10}
+ ldm r12, {r2, r3, r12}
+ ldr r8, [sp, #24] @ 4-byte Reload
+ adds r0, r0, r8
+ str r0, [r7, #20]
+ ldr r0, [sp, #44] @ 4-byte Reload
+ mov r7, r5
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #24]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #424
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #476]
+ add r5, sp, #428
+ ldr r11, [sp, #464]
+ ldr r9, [sp, #460]
+ ldr lr, [sp, #456]
+ ldr r10, [sp, #452]
+ ldr r12, [sp, #448]
+ ldr r3, [sp, #444]
+ ldr r8, [sp, #424]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r5, {r0, r1, r2, r5}
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adds r6, r8, r4
+ ldr r4, [sp, #76] @ 4-byte Reload
+ str r6, [r4, #24]
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r2, [r5, #28]
+ adcs r0, r3, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r7
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #368
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #420]
+ add r12, sp, #388
+ add r10, sp, #368
+ ldr lr, [sp, #408]
+ ldr r6, [sp, #404]
+ ldr r11, [sp, #400]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r12, {r3, r9, r12}
+ ldr r7, [sp, #384]
+ ldm r10, {r0, r1, r10}
+ ldr r8, [sp, #24] @ 4-byte Reload
+ ldr r2, [sp, #380]
+ adds r0, r0, r8
+ str r0, [r4, #28]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r4, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #312
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #364]
+ add r11, sp, #344
+ add lr, sp, #316
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #360]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #356]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r7, r9, r11}
+ ldr r10, [sp, #340]
+ ldr r8, [sp, #312]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r5, [sp, #24] @ 4-byte Reload
+ adds r6, r8, r5
+ ldr r5, [sp, #76] @ 4-byte Reload
+ str r6, [r5, #32]
+ ldr r6, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r6, #36]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #256
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #308]
+ add lr, sp, #288
+ add r12, sp, #268
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #304]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #300]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r7, r8, lr}
+ ldr r11, [sp, #284]
+ ldr r1, [sp, #256]
+ ldr r0, [sp, #260]
+ ldr r10, [sp, #264]
+ ldm r12, {r2, r3, r9, r12}
+ ldr r4, [sp, #24] @ 4-byte Reload
+ adds r1, r1, r4
+ str r1, [r5, #36]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r4, r0, r1
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r6, #40]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #200
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #252]
+ add r11, sp, #228
+ add lr, sp, #204
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #248]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #244]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r7, r8, r10, r11}
+ ldr r9, [sp, #200]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r6, r9, r4
+ ldr r4, [sp, #76] @ 4-byte Reload
+ str r6, [r4, #40]
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r6, #44]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #144
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #196]
+ add r11, sp, #164
+ add r12, sp, #152
+ ldr lr, [sp, #184]
+ ldr r7, [sp, #180]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #192]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r8, r10, r11}
+ ldr r2, [sp, #144]
+ ldr r1, [sp, #148]
+ ldm r12, {r0, r3, r12}
+ ldr r9, [sp, #24] @ 4-byte Reload
+ adds r2, r2, r9
+ str r2, [r4, #44]
+ ldr r2, [r6, #48]
+ ldr r6, [sp, #20] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r9, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #88
+ bl .LmulPv416x32(PLT)
+ add r3, sp, #88
+ add r11, sp, #104
+ ldm r3, {r0, r1, r2, r3}
+ adds r12, r0, r6
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs lr, r1, r9
+ adcs r5, r2, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r6, r3, r0
+ ldr r0, [sp, #140]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldm r11, {r0, r1, r2, r3, r7, r8, r9, r10, r11}
+ str r12, [r4, #48]
+ str lr, [r4, #52]
+ str r5, [r4, #56]
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r6, [r4, #60]
+ ldr r6, [sp, #28] @ 4-byte Reload
+ add r12, r4, #80
+ adcs r0, r0, r5
+ adcs r1, r1, r6
+ str r0, [r4, #64]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r6, [sp, #84] @ 4-byte Reload
+ str r1, [r4, #68]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #72] @ 4-byte Reload
+ adcs r1, r3, r1
+ str r0, [r4, #72]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r3, [sp, #68] @ 4-byte Reload
+ str r1, [r4, #76]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r1, r8, r1
+ adcs r2, r9, r2
+ adcs r3, r10, r3
+ adcs r7, r11, r7
+ adc r6, r6, #0
+ stm r12, {r0, r1, r2, r3, r7}
+ str r6, [r4, #100]
+ add sp, sp, #820
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end192:
+ .size mcl_fpDbl_mulPre13L, .Lfunc_end192-mcl_fpDbl_mulPre13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre13L
+ .align 2
+ .type mcl_fpDbl_sqrPre13L,%function
+mcl_fpDbl_sqrPre13L: @ @mcl_fpDbl_sqrPre13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #820
+ sub sp, sp, #820
+ mov r5, r1
+ mov r4, r0
+ add r0, sp, #760
+ ldr r2, [r5]
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #812]
+ ldr r1, [sp, #764]
+ ldr r2, [r5, #4]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #768]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #772]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r1, [sp, #32] @ 4-byte Spill
+ mov r1, r5
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #776]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #760]
+ str r0, [r4]
+ add r0, sp, #704
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #756]
+ add r10, sp, #728
+ add lr, sp, #704
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #36] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #4]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #8]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #648
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #700]
+ add lr, sp, #680
+ add r11, sp, #656
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm lr, {r6, r12, lr}
+ ldr r8, [sp, #648]
+ ldr r10, [sp, #652]
+ ldm r11, {r0, r1, r2, r3, r9, r11}
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adds r7, r8, r7
+ str r7, [r4, #8]
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r7, r10, r7
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #12]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #592
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #644]
+ add r9, sp, #620
+ add lr, sp, #600
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #640]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #636]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r9, {r6, r7, r8, r9}
+ ldr r0, [sp, #592]
+ ldr r11, [sp, #596]
+ ldm lr, {r1, r2, r3, r12, lr}
+ ldr r10, [sp, #36] @ 4-byte Reload
+ adds r0, r0, r10
+ str r0, [r4, #12]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #536
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #588]
+ add r12, sp, #540
+ ldr r11, [sp, #576]
+ ldr lr, [sp, #572]
+ ldr r6, [sp, #568]
+ ldr r8, [sp, #536]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #584]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #580]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r3, r9, r10, r12}
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adds r7, r8, r7
+ str r7, [r4, #16]
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #20]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #480
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #532]
+ add r10, sp, #512
+ add lr, sp, #484
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #528]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #524]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r10, {r6, r8, r10}
+ ldr r9, [sp, #480]
+ ldr r11, [sp, #508]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r9, r7
+ str r7, [r4, #20]
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #24]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #424
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #476]
+ add r8, sp, #456
+ add r12, sp, #432
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldr lr, [sp, #452]
+ ldr r10, [sp, #448]
+ ldr r0, [sp, #424]
+ ldr r11, [sp, #428]
+ ldm r12, {r1, r2, r3, r12}
+ ldr r9, [sp, #36] @ 4-byte Reload
+ adds r0, r0, r9
+ str r0, [r4, #24]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #28]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #368
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #420]
+ add r11, sp, #400
+ add lr, sp, #372
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r11, {r6, r8, r11}
+ ldr r10, [sp, #368]
+ ldm lr, {r0, r1, r2, r3, r9, r12, lr}
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adds r7, r10, r7
+ str r7, [r4, #28]
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #312
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #364]
+ add r10, sp, #344
+ add lr, sp, #316
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #360]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #356]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r10, {r6, r8, r10}
+ ldr r9, [sp, #312]
+ ldr r11, [sp, #340]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r9, r7
+ str r7, [r4, #32]
+ ldr r7, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #36]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #256
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #308]
+ add r8, sp, #288
+ add r12, sp, #264
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #304]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #300]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldr lr, [sp, #284]
+ ldr r10, [sp, #280]
+ ldr r0, [sp, #256]
+ ldr r11, [sp, #260]
+ ldm r12, {r1, r2, r3, r12}
+ ldr r9, [sp, #36] @ 4-byte Reload
+ adds r0, r0, r9
+ str r0, [r4, #36]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #40]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #200
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #252]
+ add r10, sp, #228
+ add r12, sp, #200
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #248]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #244]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r10}
+ ldr lr, [sp, #224]
+ ldr r9, [sp, #220]
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #40]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #44]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #144
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #196]
+ add r12, sp, #148
+ ldr r7, [sp, #180]
+ ldr r11, [sp, #176]
+ ldr r8, [sp, #172]
+ ldr lr, [sp, #168]
+ ldr r10, [sp, #164]
+ ldr r2, [sp, #144]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #192]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #184]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r12, {r0, r1, r3, r12}
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adds r2, r2, r6
+ ldr r6, [sp, #84] @ 4-byte Reload
+ str r2, [r4, #44]
+ ldr r2, [r5, #48]
+ adcs r6, r0, r6
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r9, r1, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #88
+ bl .LmulPv416x32(PLT)
+ add r3, sp, #88
+ add r11, sp, #104
+ ldm r3, {r0, r1, r2, r3}
+ adds r12, r0, r6
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs lr, r1, r9
+ adcs r5, r2, r0
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r6, r3, r0
+ ldr r0, [sp, #140]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldm r11, {r0, r1, r2, r3, r7, r8, r9, r10, r11}
+ str r12, [r4, #48]
+ str lr, [r4, #52]
+ str r5, [r4, #56]
+ ldr r5, [sp, #32] @ 4-byte Reload
+ str r6, [r4, #60]
+ ldr r6, [sp, #36] @ 4-byte Reload
+ add r12, r4, #80
+ adcs r0, r0, r5
+ adcs r1, r1, r6
+ str r0, [r4, #64]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r6, [sp, #56] @ 4-byte Reload
+ str r1, [r4, #68]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [sp, #80] @ 4-byte Reload
+ adcs r1, r3, r1
+ str r0, [r4, #72]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r3, [sp, #76] @ 4-byte Reload
+ str r1, [r4, #76]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r1, r8, r1
+ adcs r2, r9, r2
+ adcs r3, r10, r3
+ adcs r7, r11, r7
+ adc r6, r6, #0
+ stm r12, {r0, r1, r2, r3, r7}
+ str r6, [r4, #100]
+ add sp, sp, #820
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end193:
+ .size mcl_fpDbl_sqrPre13L, .Lfunc_end193-mcl_fpDbl_sqrPre13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont13L
+ .align 2
+ .type mcl_fp_mont13L,%function
+mcl_fp_mont13L: @ @mcl_fp_mont13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #548
+ sub sp, sp, #548
+ .pad #1024
+ sub sp, sp, #1024
+ add r12, sp, #100
+ add r6, sp, #1024
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, r6, #488
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r5, [sp, #96] @ 4-byte Spill
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1516]
+ ldr r7, [sp, #1512]
+ mov r1, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1520]
+ mul r2, r7, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1524]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1564]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #1560]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1556]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1552]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1548]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1544]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1540]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1536]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1532]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1528]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #1456
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1508]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r5, [sp, #1480]
+ ldr r10, [sp, #1476]
+ ldr r11, [sp, #1472]
+ ldr r6, [sp, #1456]
+ ldr r9, [sp, #1460]
+ ldr r8, [sp, #1464]
+ ldr r4, [sp, #1468]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1504]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1500]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1496]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1492]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1488]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1484]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, lr, #376
+ bl .LmulPv416x32(PLT)
+ adds r0, r6, r7
+ ldr r1, [sp, #36] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ ldr r3, [sp, #1416]
+ ldr r12, [sp, #1420]
+ ldr lr, [sp, #1424]
+ ldr r6, [sp, #1432]
+ ldr r7, [sp, #1436]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #1444]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #1440]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1428]
+ adcs r1, r11, r1
+ str r0, [sp, #60] @ 4-byte Spill
+ mov r0, #0
+ ldr r11, [sp, #72] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r10, r1
+ ldr r10, [sp, #1448]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r5, r1
+ ldr r5, [sp, #1400]
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #1412]
+ adc r0, r0, #0
+ adds r11, r11, r5
+ ldr r5, [sp, #64] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #1408]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1404]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1344
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1396]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1368]
+ ldr r9, [sp, #1364]
+ ldr r10, [sp, #1360]
+ ldr r11, [sp, #1344]
+ ldr r6, [sp, #1348]
+ ldr r7, [sp, #1352]
+ ldr r4, [sp, #1356]
+ add lr, sp, #1024
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1392]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1388]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1384]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1380]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1376]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1372]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, lr, #264
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #1288]
+ ldr r2, [sp, #1300]
+ ldr r3, [sp, #1304]
+ ldr r12, [sp, #1308]
+ ldr lr, [sp, #1312]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1320]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1324]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1316]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1336]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1332]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1328]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1296]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1340]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1292]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1232
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1284]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1256]
+ ldr r9, [sp, #1252]
+ ldr r10, [sp, #1248]
+ ldr r11, [sp, #1232]
+ ldr r6, [sp, #1236]
+ ldr r7, [sp, #1240]
+ ldr r4, [sp, #1244]
+ add lr, sp, #1024
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1280]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1276]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1272]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1268]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, lr, #152
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #1176]
+ ldr r2, [sp, #1188]
+ ldr r3, [sp, #1192]
+ ldr r12, [sp, #1196]
+ ldr lr, [sp, #1200]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1208]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1212]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1204]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1224]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1220]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1216]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1184]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1228]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1180]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1120
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1172]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1144]
+ ldr r9, [sp, #1140]
+ ldr r10, [sp, #1136]
+ ldr r11, [sp, #1120]
+ ldr r6, [sp, #1124]
+ ldr r7, [sp, #1128]
+ ldr r4, [sp, #1132]
+ add lr, sp, #1024
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1168]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1164]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1160]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1156]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1152]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, lr, #40
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r5, [sp, #1064]
+ ldr r2, [sp, #1076]
+ ldr r3, [sp, #1080]
+ ldr r12, [sp, #1084]
+ ldr lr, [sp, #1088]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1096]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1100]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1092]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1112]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1108]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1104]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1072]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1116]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1068]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1008
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1060]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1032]
+ ldr r9, [sp, #1028]
+ ldr r10, [sp, #1024]
+ ldr r11, [sp, #1008]
+ ldr r6, [sp, #1012]
+ ldr r7, [sp, #1016]
+ ldr r4, [sp, #1020]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #952
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #956
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #980
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1004]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #952]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #896
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #948]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #920]
+ ldr r9, [sp, #916]
+ ldr r10, [sp, #912]
+ ldr r11, [sp, #896]
+ ldr r6, [sp, #900]
+ ldr r7, [sp, #904]
+ ldr r4, [sp, #908]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #944]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #936]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #840
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #844
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #868
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #840]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #784
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #836]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #808]
+ ldr r9, [sp, #804]
+ ldr r10, [sp, #800]
+ ldr r11, [sp, #784]
+ ldr r6, [sp, #788]
+ ldr r7, [sp, #792]
+ ldr r4, [sp, #796]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #832]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #828]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #824]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #728
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #732
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #756
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #728]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #672
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #724]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #696]
+ ldr r9, [sp, #692]
+ ldr r10, [sp, #688]
+ ldr r11, [sp, #672]
+ ldr r6, [sp, #676]
+ ldr r7, [sp, #680]
+ ldr r4, [sp, #684]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #720]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #716]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #712]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #616
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #620
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #644
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #616]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #560
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #612]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #584]
+ ldr r9, [sp, #580]
+ ldr r10, [sp, #576]
+ ldr r11, [sp, #560]
+ ldr r6, [sp, #564]
+ ldr r7, [sp, #568]
+ ldr r4, [sp, #572]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #504
+ bl .LmulPv416x32(PLT)
+ adds r0, r5, r11
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #508
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #532
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #552]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r4, r6, r8, r9, r10}
+ ldr r5, [sp, #504]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #88] @ 4-byte Reload
+ adds r5, r11, r5
+ adcs r0, r7, r0
+ str r5, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ mul r2, r5, r8
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #448
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #500]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r5, [sp, #472]
+ ldr r9, [sp, #468]
+ ldr r10, [sp, #464]
+ ldr r11, [sp, #448]
+ ldr r6, [sp, #452]
+ ldr r7, [sp, #456]
+ ldr r4, [sp, #460]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #496]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #492]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #488]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #484]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #392
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #4] @ 4-byte Reload
+ add lr, sp, #408
+ adds r0, r0, r11
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ add r6, sp, #392
+ adcs r11, r1, r7
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #432
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #36] @ 4-byte Spill
+ ldm r6, {r2, r5, r6}
+ ldr r4, [sp, #404]
+ adds r0, r0, r2
+ mul r1, r0, r8
+ adcs r5, r11, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ str r1, [sp, #28] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ str r5, [sp, #88] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r5, r5, r6
+ str r5, [sp, #84] @ 4-byte Spill
+ ldr r5, [sp, #80] @ 4-byte Reload
+ adcs r4, r5, r4
+ str r4, [sp, #80] @ 4-byte Spill
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #336
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #388]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r6, [sp, #364]
+ ldr r8, [sp, #360]
+ ldr r9, [sp, #356]
+ ldr r10, [sp, #352]
+ ldr r7, [sp, #336]
+ ldr r4, [sp, #340]
+ ldr r11, [sp, #344]
+ ldr r5, [sp, #348]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #380]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #376]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #280
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #296
+ adds r0, r0, r7
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #292]
+ adcs r11, r1, r11
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #288]
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #320
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #284]
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #280]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #28] @ 4-byte Spill
+ adds r1, r0, r2
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r6, r11, r6
+ str r1, [sp, #92] @ 4-byte Spill
+ mul r2, r1, r0
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ str r6, [sp, #40] @ 4-byte Spill
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adcs r5, r6, r5
+ str r5, [sp, #36] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r4, r5, r4
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #224
+ bl .LmulPv416x32(PLT)
+ ldr r1, [sp, #276]
+ add r11, sp, #224
+ ldr r4, [sp, #252]
+ ldr r8, [sp, #248]
+ ldr r9, [sp, #244]
+ ldr r10, [sp, #240]
+ add r0, sp, #168
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #272]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #268]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #264]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #260]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #256]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldm r11, {r6, r7, r11}
+ ldr r1, [sp, #104] @ 4-byte Reload
+ ldr r5, [sp, #236]
+ ldr r2, [r1, #48]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #36] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #184
+ adds r0, r0, r6
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #168
+ adcs r1, r1, r11
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #208
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #48] @ 4-byte Spill
+ ldm r7, {r2, r6, r7}
+ ldr r5, [sp, #180]
+ adds r4, r0, r2
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r1, r4, r0
+ ldr r0, [sp, #220]
+ str r1, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #104] @ 4-byte Reload
+ adcs r11, r11, r6
+ ldr r6, [sp, #100] @ 4-byte Reload
+ adcs r6, r6, r7
+ str r6, [sp, #36] @ 4-byte Spill
+ ldr r6, [sp, #92] @ 4-byte Reload
+ adcs r5, r6, r5
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r9, r0, r9
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r6, r0, r1
+ mov r0, #0
+ mov r1, r10
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #112
+ bl .LmulPv416x32(PLT)
+ add r3, sp, #112
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r7, r11, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r7, [sp, #48] @ 4-byte Spill
+ adcs lr, r0, r2
+ ldr r0, [sp, #128]
+ adcs r12, r5, r3
+ str lr, [sp, #52] @ 4-byte Spill
+ str r12, [sp, #56] @ 4-byte Spill
+ adcs r4, r1, r0
+ ldr r0, [sp, #132]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r4, [sp, #60] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #136]
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #140]
+ adcs r0, r1, r0
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #148]
+ adcs r0, r1, r0
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adcs r0, r8, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ adcs r0, r9, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #160]
+ adcs r0, r1, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #164]
+ adcs r0, r6, r0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ mov r0, r10
+ ldmib r0, {r1, r2, r3, r5}
+ ldr r6, [r0]
+ ldr r10, [r0, #20]
+ ldr r11, [r0, #28]
+ str r5, [sp, #40] @ 4-byte Spill
+ ldr r5, [r0, #24]
+ subs r6, r7, r6
+ sbcs r9, lr, r1
+ str r5, [sp, #44] @ 4-byte Spill
+ mov r5, r0
+ sbcs r0, r12, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ ldr r1, [r5, #48]
+ sbcs r3, r4, r3
+ ldr lr, [r5, #32]
+ ldr r12, [r5, #36]
+ ldr r8, [r5, #40]
+ ldr r4, [r5, #44]
+ ldr r5, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ sbcs r1, r1, r2
+ ldr r2, [sp, #76] @ 4-byte Reload
+ sbcs r7, r2, r10
+ ldr r2, [sp, #80] @ 4-byte Reload
+ sbcs r2, r2, r5
+ ldr r5, [sp, #84] @ 4-byte Reload
+ sbcs r10, r5, r11
+ ldr r5, [sp, #88] @ 4-byte Reload
+ sbcs r11, r5, lr
+ ldr r5, [sp, #92] @ 4-byte Reload
+ sbcs r12, r5, r12
+ ldr r5, [sp, #96] @ 4-byte Reload
+ sbcs lr, r5, r8
+ ldr r5, [sp, #100] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #104] @ 4-byte Reload
+ str r4, [sp, #44] @ 4-byte Spill
+ ldr r4, [sp, #108] @ 4-byte Reload
+ sbcs r5, r5, r4
+ str r5, [sp, #108] @ 4-byte Spill
+ ldr r5, [sp, #64] @ 4-byte Reload
+ sbc r5, r5, #0
+ ands r8, r5, #1
+ ldr r5, [sp, #48] @ 4-byte Reload
+ movne r6, r5
+ ldr r5, [sp, #68] @ 4-byte Reload
+ str r6, [r5]
+ ldr r6, [sp, #52] @ 4-byte Reload
+ movne r9, r6
+ ldr r6, [sp, #56] @ 4-byte Reload
+ str r9, [r5, #4]
+ movne r0, r6
+ cmp r8, #0
+ str r0, [r5, #8]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ movne r3, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r3, [r5, #12]
+ movne r1, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r1, [r5, #16]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ movne r7, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ cmp r8, #0
+ str r7, [r5, #20]
+ movne r2, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r2, [r5, #24]
+ movne r10, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r10, [r5, #28]
+ movne r11, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ cmp r8, #0
+ str r11, [r5, #32]
+ movne r12, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r12, [r5, #36]
+ movne lr, r0
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str lr, [r5, #40]
+ movne r1, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ cmp r8, #0
+ str r1, [r5, #44]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ movne r1, r0
+ str r1, [r5, #48]
+ add sp, sp, #548
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end194:
+ .size mcl_fp_mont13L, .Lfunc_end194-mcl_fp_mont13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF13L
+ .align 2
+ .type mcl_fp_montNF13L,%function
+mcl_fp_montNF13L: @ @mcl_fp_montNF13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #548
+ sub sp, sp, #548
+ .pad #1024
+ sub sp, sp, #1024
+ add r12, sp, #100
+ add r6, sp, #1024
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, r6, #488
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r5, [sp, #96] @ 4-byte Spill
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1516]
+ ldr r8, [sp, #1512]
+ mov r1, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1520]
+ mul r2, r8, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1524]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1564]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #1560]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1556]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1552]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1548]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1544]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1540]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1536]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1532]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1528]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #1456
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1508]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r10, [sp, #1480]
+ ldr r11, [sp, #1476]
+ ldr r6, [sp, #1472]
+ ldr r7, [sp, #1456]
+ ldr r9, [sp, #1460]
+ ldr r4, [sp, #1464]
+ ldr r5, [sp, #1468]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1504]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1500]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1496]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1492]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1488]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1484]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, lr, #376
+ bl .LmulPv416x32(PLT)
+ adds r0, r7, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1412]
+ ldr r3, [sp, #1416]
+ ldr r12, [sp, #1420]
+ ldr lr, [sp, #1424]
+ ldr r7, [sp, #1436]
+ ldr r8, [sp, #1440]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #1444]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1400]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #1428]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #1432]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #76] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #1448]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adc r0, r1, r0
+ adds r11, r11, r4
+ ldr r4, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #1408]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1404]
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1344
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1396]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1368]
+ ldr r9, [sp, #1364]
+ ldr r10, [sp, #1360]
+ ldr r11, [sp, #1344]
+ ldr r6, [sp, #1348]
+ ldr r7, [sp, #1352]
+ ldr r5, [sp, #1356]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1392]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1388]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1384]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1380]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1376]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1372]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, lr, #264
+ bl .LmulPv416x32(PLT)
+ adds r0, r4, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #1312
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1340]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldr r0, [sp, #1288]
+ ldr r7, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #1292]
+ ldr r2, [sp, #1296]
+ ldr r3, [sp, #1300]
+ ldr r12, [sp, #1304]
+ ldr lr, [sp, #1308]
+ adds r7, r7, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #1232
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1284]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r9, [sp, #1256]
+ ldr r10, [sp, #1252]
+ ldr r11, [sp, #1248]
+ ldr r7, [sp, #1232]
+ ldr r5, [sp, #1236]
+ ldr r4, [sp, #1240]
+ ldr r6, [sp, #1244]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1280]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1276]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1272]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1268]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, lr, #152
+ bl .LmulPv416x32(PLT)
+ adds r0, r8, r7
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1188]
+ ldr r3, [sp, #1192]
+ ldr r12, [sp, #1196]
+ ldr lr, [sp, #1200]
+ ldr r7, [sp, #1212]
+ ldr r8, [sp, #1216]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1204]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1176]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1208]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1224]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1220]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ ldr r1, [sp, #1184]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1228]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1180]
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1120
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1172]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #1144]
+ ldr r9, [sp, #1140]
+ ldr r10, [sp, #1136]
+ ldr r11, [sp, #1120]
+ ldr r6, [sp, #1124]
+ ldr r7, [sp, #1128]
+ ldr r5, [sp, #1132]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1168]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1164]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1160]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1156]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1152]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, lr, #40
+ bl .LmulPv416x32(PLT)
+ adds r0, r4, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #1088
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1116]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldr r0, [sp, #1064]
+ ldr r7, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #1068]
+ ldr r2, [sp, #1072]
+ ldr r3, [sp, #1076]
+ ldr r12, [sp, #1080]
+ ldr lr, [sp, #1084]
+ adds r7, r7, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #1008
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #1060]
+ add r11, sp, #1016
+ ldr r9, [sp, #1032]
+ ldr r10, [sp, #1028]
+ ldr r7, [sp, #1008]
+ ldr r5, [sp, #1012]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r6, r11}
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #952
+ bl .LmulPv416x32(PLT)
+ adds r0, r8, r7
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #956
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #980
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1004]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #952]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #896
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #948]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #920]
+ ldr r9, [sp, #916]
+ ldr r10, [sp, #912]
+ ldr r11, [sp, #896]
+ ldr r6, [sp, #900]
+ ldr r7, [sp, #904]
+ ldr r5, [sp, #908]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #944]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #936]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, sp, #840
+ bl .LmulPv416x32(PLT)
+ adds r0, r4, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #864
+ add lr, sp, #840
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #784
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #836]
+ add r11, sp, #792
+ ldr r9, [sp, #808]
+ ldr r10, [sp, #804]
+ ldr r7, [sp, #784]
+ ldr r5, [sp, #788]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #832]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #828]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #824]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r6, r11}
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #728
+ bl .LmulPv416x32(PLT)
+ adds r0, r8, r7
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #732
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #756
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #728]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #672
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #724]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r8, [sp, #696]
+ ldr r9, [sp, #692]
+ ldr r10, [sp, #688]
+ ldr r11, [sp, #672]
+ ldr r6, [sp, #676]
+ ldr r7, [sp, #680]
+ ldr r5, [sp, #684]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #720]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #716]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #712]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #708]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #616
+ bl .LmulPv416x32(PLT)
+ adds r0, r4, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r11, sp, #640
+ add lr, sp, #616
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r11, {r4, r5, r6, r8, r9, r10, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adds r7, r7, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ mov r8, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r2, r7, r0
+ add r0, sp, #560
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #612]
+ add r11, sp, #568
+ ldr r9, [sp, #584]
+ ldr r10, [sp, #580]
+ ldr r7, [sp, #560]
+ ldr r5, [sp, #564]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #592]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #588]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r6, r11}
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #504
+ bl .LmulPv416x32(PLT)
+ adds r0, r8, r7
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #508
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #532
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r8, r9, r10}
+ ldr r4, [sp, #504]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ adds r11, r11, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r0, r4, r0
+ mov r4, r11
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ mul r2, r11, r8
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #448
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #500]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r9, [sp, #468]
+ ldr r10, [sp, #464]
+ ldr r11, [sp, #448]
+ ldr r6, [sp, #452]
+ ldr r7, [sp, #456]
+ ldr r5, [sp, #460]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #496]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #492]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #488]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #484]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #392
+ bl .LmulPv416x32(PLT)
+ adds r0, r4, r11
+ ldr r1, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #408
+ ldr r4, [sp, #400]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #396]
+ adcs r1, r1, r7
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #404]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #432
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #392]
+ str r1, [sp, #40] @ 4-byte Spill
+ adds r0, r0, r2
+ mul r1, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ str r1, [sp, #32] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #88] @ 4-byte Reload
+ adcs r6, r11, r6
+ str r6, [sp, #88] @ 4-byte Spill
+ ldr r6, [sp, #84] @ 4-byte Reload
+ adcs r4, r6, r4
+ str r4, [sp, #84] @ 4-byte Spill
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r4, r4, r5
+ str r4, [sp, #80] @ 4-byte Spill
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #336
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #388]
+ add r9, sp, #344
+ ldr r6, [sp, #364]
+ ldr r7, [sp, #360]
+ ldr r8, [sp, #356]
+ ldr r10, [sp, #336]
+ ldr r11, [sp, #340]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #380]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #376]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r4, r5, r9}
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #280
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #84] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #296
+ adds r0, r0, r10
+ add r10, sp, #320
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r1, r1, r4
+ ldr r4, [sp, #288]
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #292]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #284]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #280]
+ str r1, [sp, #32] @ 4-byte Spill
+ adds r1, r0, r2
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r1, [sp, #92] @ 4-byte Spill
+ mul r2, r1, r0
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #88] @ 4-byte Reload
+ adcs r6, r11, r6
+ str r6, [sp, #44] @ 4-byte Spill
+ ldr r6, [sp, #84] @ 4-byte Reload
+ adcs r4, r6, r4
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [sp, #80] @ 4-byte Reload
+ adcs r4, r4, r5
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ adc r0, r10, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ add r0, sp, #224
+ bl .LmulPv416x32(PLT)
+ ldr r1, [sp, #276]
+ add r9, sp, #232
+ ldr r6, [sp, #252]
+ ldr r7, [sp, #248]
+ ldr r8, [sp, #244]
+ ldr r10, [sp, #224]
+ ldr r11, [sp, #228]
+ add r0, sp, #168
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #272]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #268]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #264]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #260]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #256]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldm r9, {r4, r5, r9}
+ ldr r1, [sp, #104] @ 4-byte Reload
+ ldr r2, [r1, #48]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #184
+ adds r0, r0, r10
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r1, r1, r4
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r7
+ add r7, sp, #168
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adc r1, r1, r2
+ str r1, [sp, #52] @ 4-byte Spill
+ ldm r7, {r2, r6, r7}
+ ldr r5, [sp, #180]
+ ldr r4, [sp, #216]
+ ldr r9, [sp, #212]
+ ldr r8, [sp, #208]
+ adds r10, r0, r2
+ ldr r0, [sp, #96] @ 4-byte Reload
+ mul r1, r10, r0
+ ldr r0, [sp, #220]
+ str r1, [sp, #48] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #104] @ 4-byte Reload
+ adcs r11, r11, r6
+ ldr r6, [sp, #100] @ 4-byte Reload
+ adcs r7, r6, r7
+ ldr r6, [sp, #92] @ 4-byte Reload
+ adcs r5, r6, r5
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ mov r1, r4
+ adc r6, r0, #0
+ add r0, sp, #112
+ bl .LmulPv416x32(PLT)
+ add r3, sp, #112
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r10, r0
+ adcs r12, r11, r1
+ ldr r0, [sp, #128]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r2, r7, r2
+ str r12, [sp, #52] @ 4-byte Spill
+ adcs lr, r5, r3
+ str r2, [sp, #56] @ 4-byte Spill
+ str lr, [sp, #60] @ 4-byte Spill
+ adcs r9, r1, r0
+ ldr r0, [sp, #132]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r9, [sp, #64] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #136]
+ adcs r0, r1, r0
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #140]
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r10, r1, r0
+ ldr r0, [sp, #148]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r10, [sp, #68] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adcs r0, r8, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ adcs r0, r1, r0
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #160]
+ adcs r0, r1, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #164]
+ adc r0, r6, r0
+ mov r6, r4
+ str r0, [sp, #104] @ 4-byte Spill
+ ldmib r6, {r0, r1, r7}
+ ldr r5, [r6, #24]
+ ldr r4, [r6, #28]
+ ldr r3, [r6, #16]
+ ldr r11, [r6, #20]
+ str r5, [sp, #48] @ 4-byte Spill
+ ldr r5, [r6]
+ str r4, [sp, #44] @ 4-byte Spill
+ subs r5, r12, r5
+ sbcs r8, r2, r0
+ sbcs r2, lr, r1
+ sbcs lr, r9, r7
+ add r7, r6, #32
+ ldm r7, {r0, r1, r7}
+ ldr r4, [r6, #44]
+ ldr r9, [r6, #48]
+ ldr r6, [sp, #76] @ 4-byte Reload
+ sbcs r3, r6, r3
+ ldr r6, [sp, #80] @ 4-byte Reload
+ str r4, [sp, #40] @ 4-byte Spill
+ ldr r4, [sp, #48] @ 4-byte Reload
+ sbcs r12, r6, r11
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r11, r6, r4
+ ldr r4, [sp, #44] @ 4-byte Reload
+ sbcs r10, r10, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ sbcs r4, r4, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ sbcs r6, r0, r1
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r7, r0, r7
+ ldr r0, [sp, #100] @ 4-byte Reload
+ sbcs r0, r0, r1
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ sbc r9, r0, r9
+ ldr r0, [sp, #52] @ 4-byte Reload
+ asr r1, r9, #31
+ cmp r1, #0
+ movlt r5, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r5, [r0]
+ ldr r5, [sp, #56] @ 4-byte Reload
+ movlt r8, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ str r8, [r0, #4]
+ movlt r2, r5
+ cmp r1, #0
+ str r2, [r0, #8]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ movlt lr, r2
+ ldr r2, [sp, #76] @ 4-byte Reload
+ str lr, [r0, #12]
+ movlt r3, r2
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str r3, [r0, #16]
+ ldr r3, [sp, #108] @ 4-byte Reload
+ movlt r12, r2
+ ldr r2, [sp, #84] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #20]
+ movlt r11, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ str r11, [r0, #24]
+ movlt r10, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ str r10, [r0, #28]
+ movlt r4, r2
+ ldr r2, [sp, #92] @ 4-byte Reload
+ cmp r1, #0
+ str r4, [r0, #32]
+ movlt r6, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ str r6, [r0, #36]
+ movlt r7, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ str r7, [r0, #40]
+ movlt r3, r2
+ cmp r1, #0
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r3, [r0, #44]
+ movlt r9, r1
+ str r9, [r0, #48]
+ add sp, sp, #548
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end195:
+ .size mcl_fp_montNF13L, .Lfunc_end195-mcl_fp_montNF13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed13L
+ .align 2
+ .type mcl_fp_montRed13L,%function
+mcl_fp_montRed13L: @ @mcl_fp_montRed13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #908
+ sub sp, sp, #908
+ mov r3, r2
+ str r0, [sp, #164] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r11, [r1]
+ ldr r0, [r3]
+ str r3, [sp, #168] @ 4-byte Spill
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #160] @ 4-byte Spill
+ ldr r0, [r3, #4]
+ str r2, [sp, #68] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #156] @ 4-byte Spill
+ ldr r0, [r3, #8]
+ str r2, [sp, #64] @ 4-byte Spill
+ str r0, [sp, #152] @ 4-byte Spill
+ ldr r0, [r3, #12]
+ str r0, [sp, #136] @ 4-byte Spill
+ ldr r0, [r3, #16]
+ str r0, [sp, #140] @ 4-byte Spill
+ ldr r0, [r3, #20]
+ str r0, [sp, #144] @ 4-byte Spill
+ ldr r0, [r3, #24]
+ str r0, [sp, #148] @ 4-byte Spill
+ ldr r0, [r3, #-4]
+ str r0, [sp, #172] @ 4-byte Spill
+ mul r2, r11, r0
+ ldr r0, [r3, #28]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [r3, #36]
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [r3, #40]
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [r3, #44]
+ str r0, [sp, #128] @ 4-byte Spill
+ ldr r0, [r3, #48]
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [r1, #96]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [r1, #100]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r1, #72]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r1, #76]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r1, #80]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [r1, #84]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r1, #88]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r1, #92]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ mov r1, r3
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #848
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #900]
+ add r10, sp, #872
+ add lr, sp, #848
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #172] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #792
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #844]
+ add lr, sp, #832
+ add r9, sp, #800
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #792]
+ ldr r5, [sp, #828]
+ ldr r6, [sp, #824]
+ ldr r7, [sp, #820]
+ ldr r10, [sp, #816]
+ ldr r8, [sp, #812]
+ ldr r1, [sp, #796]
+ ldm r9, {r0, r2, r9}
+ adds r4, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #172] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ add r0, sp, #736
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #788]
+ add r10, sp, #760
+ add lr, sp, #736
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #780]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #680
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #732]
+ add lr, sp, #720
+ add r10, sp, #688
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #680]
+ ldr r5, [sp, #716]
+ ldr r6, [sp, #712]
+ ldr r7, [sp, #708]
+ ldr r1, [sp, #684]
+ ldm r10, {r0, r2, r8, r9, r10}
+ adds r4, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #172] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #624
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #676]
+ add r10, sp, #648
+ add lr, sp, #624
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #568
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #620]
+ add lr, sp, #608
+ add r10, sp, #576
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #568]
+ ldr r5, [sp, #604]
+ ldr r6, [sp, #600]
+ ldr r7, [sp, #596]
+ ldr r1, [sp, #572]
+ ldm r10, {r0, r2, r8, r9, r10}
+ adds r4, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #172] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #512
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #564]
+ add r10, sp, #536
+ add lr, sp, #512
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #560]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #456
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #508]
+ add lr, sp, #496
+ add r10, sp, #464
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #456]
+ ldr r5, [sp, #492]
+ ldr r6, [sp, #488]
+ ldr r7, [sp, #484]
+ ldr r1, [sp, #460]
+ ldm r10, {r0, r2, r8, r9, r10}
+ adds r4, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r4, [sp, #172] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #400
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #452]
+ add r10, sp, #424
+ add lr, sp, #400
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #448]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #444]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r11, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #344
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #396]
+ add lr, sp, #384
+ add r10, sp, #352
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm lr, {r3, r12, lr}
+ ldr r4, [sp, #344]
+ ldr r5, [sp, #380]
+ ldr r6, [sp, #376]
+ ldr r7, [sp, #372]
+ ldr r1, [sp, #348]
+ ldm r10, {r0, r2, r8, r9, r10}
+ adds r4, r11, r4
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r11, r4, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #168] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #172] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mul r2, r11, r7
+ adcs r0, r0, r6
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r8
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #288
+ bl .LmulPv416x32(PLT)
+ ldr r0, [sp, #340]
+ add r10, sp, #312
+ add lr, sp, #288
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #336]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #332]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r11, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r4
+ mov r4, r7
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mul r2, r11, r4
+ adcs r0, r0, r5
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r9
+ mov r9, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ add r0, sp, #232
+ bl .LmulPv416x32(PLT)
+ add r7, sp, #232
+ add lr, sp, #272
+ ldm r7, {r0, r1, r3, r7}
+ ldr r8, [sp, #284]
+ adds r0, r11, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r11, r0, r1
+ mul r0, r11, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #172] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r7
+ add r7, sp, #256
+ str r0, [sp, #60] @ 4-byte Spill
+ ldm lr, {r5, r12, lr}
+ ldr r6, [sp, #268]
+ ldm r7, {r1, r2, r7}
+ ldr r0, [sp, #248]
+ ldr r3, [sp, #108] @ 4-byte Reload
+ ldr r4, [sp, #252]
+ adcs r10, r3, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ add r0, sp, #176
+ bl .LmulPv416x32(PLT)
+ add r3, sp, #176
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r11, r0
+ ldr r0, [sp, #172] @ 4-byte Reload
+ adcs r12, r0, r1
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r12, [sp, #52] @ 4-byte Spill
+ adcs r2, r0, r2
+ ldr r0, [sp, #192]
+ adcs r3, r10, r3
+ str r2, [sp, #64] @ 4-byte Spill
+ str r3, [sp, #68] @ 4-byte Spill
+ adcs r7, r4, r0
+ ldr r0, [sp, #196]
+ str r7, [sp, #72] @ 4-byte Spill
+ adcs r4, r1, r0
+ ldr r0, [sp, #200]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r4, [sp, #76] @ 4-byte Spill
+ adcs r5, r1, r0
+ ldr r0, [sp, #204]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r5, [sp, #80] @ 4-byte Spill
+ adcs r6, r1, r0
+ ldr r0, [sp, #208]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ str r6, [sp, #84] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #172] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ adcs r11, r1, r0
+ ldr r0, [sp, #216]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r11, [sp, #92] @ 4-byte Spill
+ adcs r10, r1, r0
+ ldr r0, [sp, #220]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r10, [sp, #100] @ 4-byte Spill
+ adcs r9, r1, r0
+ ldr r0, [sp, #224]
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r9, [sp, #108] @ 4-byte Spill
+ adcs r8, r8, r0
+ ldr r0, [sp, #228]
+ str r8, [sp, #168] @ 4-byte Spill
+ adcs lr, r1, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #156] @ 4-byte Reload
+ str lr, [sp, #104] @ 4-byte Spill
+ adc r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #160] @ 4-byte Reload
+ subs r0, r12, r0
+ sbcs r1, r2, r1
+ ldr r2, [sp, #152] @ 4-byte Reload
+ sbcs r2, r3, r2
+ ldr r3, [sp, #136] @ 4-byte Reload
+ sbcs r3, r7, r3
+ ldr r7, [sp, #140] @ 4-byte Reload
+ sbcs r12, r4, r7
+ ldr r4, [sp, #144] @ 4-byte Reload
+ ldr r7, [sp, #172] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #148] @ 4-byte Reload
+ sbcs r5, r6, r5
+ ldr r6, [sp, #112] @ 4-byte Reload
+ sbcs r6, r7, r6
+ ldr r7, [sp, #116] @ 4-byte Reload
+ sbcs r7, r11, r7
+ str r7, [sp, #160] @ 4-byte Spill
+ ldr r7, [sp, #120] @ 4-byte Reload
+ sbcs r11, r10, r7
+ ldr r7, [sp, #124] @ 4-byte Reload
+ sbcs r9, r9, r7
+ ldr r7, [sp, #128] @ 4-byte Reload
+ sbcs r10, r8, r7
+ ldr r7, [sp, #132] @ 4-byte Reload
+ sbcs r8, lr, r7
+ ldr r7, [sp, #96] @ 4-byte Reload
+ sbc r7, r7, #0
+ ands lr, r7, #1
+ ldr r7, [sp, #52] @ 4-byte Reload
+ movne r0, r7
+ ldr r7, [sp, #164] @ 4-byte Reload
+ str r0, [r7]
+ ldr r0, [sp, #64] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r1, [r7, #4]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ movne r2, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ cmp lr, #0
+ str r2, [r7, #8]
+ movne r3, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r3, [r7, #12]
+ movne r12, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r12, [r7, #16]
+ movne r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ cmp lr, #0
+ str r4, [r7, #20]
+ movne r5, r0
+ ldr r0, [sp, #172] @ 4-byte Reload
+ str r5, [r7, #24]
+ movne r6, r0
+ ldr r0, [sp, #160] @ 4-byte Reload
+ movne r0, r1
+ str r6, [r7, #28]
+ cmp lr, #0
+ str r0, [r7, #32]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ movne r11, r0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ str r11, [r7, #36]
+ movne r9, r0
+ ldr r0, [sp, #168] @ 4-byte Reload
+ str r9, [r7, #40]
+ movne r10, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ cmp lr, #0
+ str r10, [r7, #44]
+ movne r8, r0
+ str r8, [r7, #48]
+ add sp, sp, #908
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end196:
+ .size mcl_fp_montRed13L, .Lfunc_end196-mcl_fp_montRed13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre13L
+ .align 2
+ .type mcl_fp_addPre13L,%function
+mcl_fp_addPre13L: @ @mcl_fp_addPre13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #36
+ sub sp, sp, #36
+ ldm r1, {r3, r12, lr}
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7}
+ ldr r11, [r2]
+ ldr r4, [r2, #16]
+ ldr r10, [r2, #32]
+ adds r8, r11, r3
+ ldr r3, [r2, #48]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ ldr r11, [r1, #44]
+ adcs r5, r5, r12
+ add r12, r1, #16
+ adcs r6, r6, lr
+ ldr lr, [r1, #32]
+ str r3, [sp, #32] @ 4-byte Spill
+ ldr r3, [r2, #44]
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [r2, #40]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #36]
+ ldr r2, [r1, #36]
+ str r4, [sp, #24] @ 4-byte Spill
+ adcs r4, r7, r9
+ ldr r7, [r1, #40]
+ ldr r9, [r1, #48]
+ str r3, [sp, #4] @ 4-byte Spill
+ str r2, [sp] @ 4-byte Spill
+ ldm r12, {r1, r2, r3, r12}
+ str r8, [r0]
+ stmib r0, {r5, r6}
+ str r4, [r0, #12]
+ ldr r5, [sp, #8] @ 4-byte Reload
+ ldr r4, [sp, #12] @ 4-byte Reload
+ ldr r6, [sp, #32] @ 4-byte Reload
+ adcs r1, r5, r1
+ str r1, [r0, #16]
+ adcs r2, r4, r2
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp] @ 4-byte Reload
+ adcs r2, r2, r12
+ str r1, [r0, #24]
+ add r12, r0, #32
+ str r2, [r0, #28]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ adcs r1, r10, lr
+ adcs r2, r2, r3
+ ldr r3, [sp, #16] @ 4-byte Reload
+ adcs r3, r3, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ adcs r7, r7, r11
+ adcs r6, r6, r9
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #48]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #36
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end197:
+ .size mcl_fp_addPre13L, .Lfunc_end197-mcl_fp_addPre13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre13L
+ .align 2
+ .type mcl_fp_subPre13L,%function
+mcl_fp_subPre13L: @ @mcl_fp_subPre13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #36
+ sub sp, sp, #36
+ ldr r3, [r2, #16]
+ ldr r7, [r2]
+ ldr r6, [r1]
+ ldr r12, [r2, #4]
+ ldr r4, [r2, #8]
+ ldr r11, [r2, #12]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ subs r7, r6, r7
+ str r3, [sp, #20] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ str r3, [sp, #28] @ 4-byte Spill
+ ldmib r1, {r5, lr}
+ ldr r6, [r2, #48]
+ ldr r3, [r1, #12]
+ ldr r10, [r2, #32]
+ ldr r8, [r1, #44]
+ ldr r9, [r1, #48]
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [r2, #44]
+ sbcs r5, r5, r12
+ add r12, r1, #16
+ sbcs r4, lr, r4
+ sbcs lr, r3, r11
+ ldr r3, [r2, #36]
+ ldr r11, [r1, #36]
+ str r6, [sp, #16] @ 4-byte Spill
+ ldr r6, [r2, #40]
+ ldr r2, [r1, #40]
+ str r3, [sp, #4] @ 4-byte Spill
+ str r6, [sp, #8] @ 4-byte Spill
+ ldr r6, [r1, #32]
+ str r2, [sp] @ 4-byte Spill
+ ldm r12, {r1, r2, r3, r12}
+ str r7, [r0]
+ str r5, [r0, #4]
+ str r4, [r0, #8]
+ ldr r4, [sp, #12] @ 4-byte Reload
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str lr, [r0, #12]
+ sbcs r1, r1, r4
+ sbcs r2, r2, r7
+ str r1, [r0, #16]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r1, r3, r1
+ ldr r3, [sp, #8] @ 4-byte Reload
+ sbcs r2, r12, r2
+ str r1, [r0, #24]
+ add r12, r0, #32
+ str r2, [r0, #28]
+ ldr r2, [sp, #4] @ 4-byte Reload
+ sbcs r1, r6, r10
+ ldr r6, [sp, #32] @ 4-byte Reload
+ sbcs r2, r11, r2
+ sbcs r3, r7, r3
+ ldr r7, [sp, #16] @ 4-byte Reload
+ sbcs r7, r8, r7
+ sbcs r6, r9, r6
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #48]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #36
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end198:
+ .size mcl_fp_subPre13L, .Lfunc_end198-mcl_fp_subPre13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_13L
+ .align 2
+ .type mcl_fp_shr1_13L,%function
+mcl_fp_shr1_13L: @ @mcl_fp_shr1_13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #8
+ sub sp, sp, #8
+ add r9, r1, #8
+ ldm r9, {r2, r3, r4, r5, r8, r9}
+ ldm r1, {r10, lr}
+ ldr r12, [r1, #36]
+ lsr r7, lr, #1
+ lsr r6, r3, #1
+ lsrs r3, r3, #1
+ orr r11, r7, r2, lsl #31
+ ldr r7, [r1, #48]
+ rrx r2, r2
+ lsrs r3, lr, #1
+ rrx r3, r10
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r7, [r1, #44]
+ str r7, [sp] @ 4-byte Spill
+ ldr r7, [r1, #40]
+ ldr r1, [r1, #32]
+ stm r0, {r3, r11}
+ str r2, [r0, #8]
+ orr r2, r6, r4, lsl #31
+ str r2, [r0, #12]
+ lsrs r2, r5, #1
+ ldr r6, [sp] @ 4-byte Reload
+ rrx r2, r4
+ str r2, [r0, #16]
+ lsr r2, r5, #1
+ orr r2, r2, r8, lsl #31
+ str r2, [r0, #20]
+ lsrs r2, r9, #1
+ rrx r2, r8
+ str r2, [r0, #24]
+ lsr r2, r9, #1
+ orr r2, r2, r1, lsl #31
+ str r2, [r0, #28]
+ lsrs r2, r12, #1
+ lsr r2, r12, #1
+ rrx r1, r1
+ lsrs r3, r6, #1
+ add r12, r0, #32
+ orr r2, r2, r7, lsl #31
+ rrx r3, r7
+ lsr r7, r6, #1
+ ldr r6, [sp, #4] @ 4-byte Reload
+ orr r7, r7, r6, lsl #31
+ lsr r6, r6, #1
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #48]
+ add sp, sp, #8
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end199:
+ .size mcl_fp_shr1_13L, .Lfunc_end199-mcl_fp_shr1_13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add13L
+ .align 2
+ .type mcl_fp_add13L,%function
+mcl_fp_add13L: @ @mcl_fp_add13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldr r9, [r1]
+ ldmib r1, {r8, lr}
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r6, r7}
+ adds r11, r4, r9
+ ldr r9, [r1, #24]
+ adcs r4, r5, r8
+ ldr r5, [r1, #20]
+ adcs r6, r6, lr
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [r1, #16]
+ mov lr, r11
+ adcs r7, r7, r12
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [r2, #32]
+ str lr, [r0]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ adcs r8, r7, r4
+ ldr r4, [r2, #20]
+ adcs r7, r4, r5
+ ldr r5, [r2, #24]
+ ldr r4, [r1, #28]
+ str r7, [sp, #40] @ 4-byte Spill
+ adcs r7, r5, r9
+ ldr r5, [r2, #28]
+ str r7, [sp, #4] @ 4-byte Spill
+ ldr r11, [sp, #4] @ 4-byte Reload
+ adcs r7, r5, r4
+ ldr r5, [r1, #32]
+ ldr r4, [sp, #32] @ 4-byte Reload
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [sp, #20] @ 4-byte Reload
+ adcs r10, r6, r5
+ ldr r6, [r1, #36]
+ ldr r5, [r2, #36]
+ str r4, [r0, #4]
+ str r10, [sp, #24] @ 4-byte Spill
+ adcs r9, r5, r6
+ ldr r6, [r1, #40]
+ ldr r5, [r2, #40]
+ adcs r12, r5, r6
+ ldr r6, [r1, #44]
+ ldr r5, [r2, #44]
+ ldr r1, [r1, #48]
+ ldr r2, [r2, #48]
+ adcs r6, r5, r6
+ ldr r5, [sp, #28] @ 4-byte Reload
+ adcs r2, r2, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r6, [sp, #16] @ 4-byte Spill
+ str r2, [sp, #12] @ 4-byte Spill
+ str r5, [r0, #8]
+ str r7, [r0, #12]
+ str r8, [r0, #16]
+ str r1, [r0, #20]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r11, [r0, #24]
+ str r1, [r0, #28]
+ str r10, [r0, #32]
+ str r9, [r0, #36]
+ str r12, [r0, #40]
+ str r6, [r0, #44]
+ str r2, [r0, #48]
+ mov r2, #0
+ mov r10, r12
+ adc r1, r2, #0
+ str r1, [sp, #8] @ 4-byte Spill
+ ldm r3, {r2, r6}
+ ldr r1, [r3, #8]
+ ldr r12, [r3, #12]
+ subs r2, lr, r2
+ str r2, [sp] @ 4-byte Spill
+ sbcs r2, r4, r6
+ sbcs r1, r5, r1
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ sbcs r7, r7, r12
+ add r12, r3, #32
+ sbcs r8, r8, r1
+ ldr r1, [r3, #20]
+ sbcs r1, r2, r1
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ sbcs r1, r11, r1
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ sbcs r5, r2, r1
+ ldm r12, {r1, r2, r6, r11, r12}
+ ldr r3, [sp, #24] @ 4-byte Reload
+ sbcs r3, r3, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ sbcs r4, r9, r2
+ sbcs lr, r10, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ sbcs r2, r1, r11
+ ldr r1, [sp, #12] @ 4-byte Reload
+ sbcs r1, r1, r12
+ sbc r6, r6, #0
+ tst r6, #1
+ bne .LBB200_2
+@ BB#1: @ %nocarry
+ mov r6, r7
+ ldr r7, [sp] @ 4-byte Reload
+ add r12, r0, #32
+ str r7, [r0]
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r7, [r0, #4]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r7, [r0, #8]
+ ldr r7, [sp, #40] @ 4-byte Reload
+ str r6, [r0, #12]
+ str r8, [r0, #16]
+ str r7, [r0, #20]
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str r7, [r0, #24]
+ str r5, [r0, #28]
+ stm r12, {r3, r4, lr}
+ str r2, [r0, #44]
+ str r1, [r0, #48]
+.LBB200_2: @ %carry
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end200:
+ .size mcl_fp_add13L, .Lfunc_end200-mcl_fp_add13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF13L
+ .align 2
+ .type mcl_fp_addNF13L,%function
+mcl_fp_addNF13L: @ @mcl_fp_addNF13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #64
+ sub sp, sp, #64
+ ldm r1, {r7, r8, lr}
+ ldr r6, [r2]
+ ldr r12, [r1, #12]
+ ldmib r2, {r4, r5, r9}
+ adds r10, r6, r7
+ ldr r7, [r2, #16]
+ ldr r6, [r1, #24]
+ adcs r4, r4, r8
+ adcs lr, r5, lr
+ ldr r5, [r1, #16]
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r1, #20]
+ adcs r9, r9, r12
+ str lr, [sp, #8] @ 4-byte Spill
+ str r9, [sp, #12] @ 4-byte Spill
+ adcs r7, r7, r5
+ ldr r5, [r2, #20]
+ str r7, [sp, #32] @ 4-byte Spill
+ adcs r7, r5, r4
+ ldr r5, [r2, #24]
+ str r7, [sp, #36] @ 4-byte Spill
+ adcs r8, r5, r6
+ ldr r6, [r1, #28]
+ ldr r5, [r2, #28]
+ str r8, [sp, #16] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #32]
+ ldr r5, [r2, #32]
+ str r7, [sp, #40] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #36]
+ ldr r5, [r2, #36]
+ str r7, [sp, #44] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #40]
+ ldr r5, [r2, #40]
+ str r7, [sp, #56] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #44]
+ ldr r5, [r2, #44]
+ ldr r1, [r1, #48]
+ ldr r2, [r2, #48]
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r7, r5, r6
+ adc r1, r2, r1
+ str r7, [sp, #48] @ 4-byte Spill
+ str r1, [sp, #60] @ 4-byte Spill
+ ldmib r3, {r1, r12}
+ ldr r2, [r3, #24]
+ ldr r7, [r3]
+ ldr r6, [r3, #12]
+ ldr r5, [r3, #16]
+ ldr r4, [r3, #20]
+ ldr r11, [r3, #28]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldr r2, [sp, #28] @ 4-byte Reload
+ subs r7, r10, r7
+ sbcs r2, r2, r1
+ ldr r1, [r3, #40]
+ sbcs r12, lr, r12
+ sbcs lr, r9, r6
+ ldr r9, [r3, #32]
+ ldr r6, [r3, #36]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [sp, #32] @ 4-byte Reload
+ sbcs r5, r1, r5
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r3, r1, r4
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs r4, r8, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r8, r1, r11
+ ldr r1, [sp, #44] @ 4-byte Reload
+ sbcs r9, r1, r9
+ ldr r1, [sp, #56] @ 4-byte Reload
+ sbcs r11, r1, r6
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r6, [sp, #20] @ 4-byte Reload
+ sbcs r1, r1, r6
+ ldr r6, [sp] @ 4-byte Reload
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r1, r1, r6
+ ldr r6, [sp, #4] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ sbc r6, r1, r6
+ asr r1, r6, #31
+ cmp r1, #0
+ movlt r7, r10
+ str r7, [r0]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ movlt r2, r7
+ str r2, [r0, #4]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ movlt r12, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #8]
+ movlt lr, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str lr, [r0, #12]
+ movlt r5, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r5, [r0, #16]
+ movlt r3, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ cmp r1, #0
+ str r3, [r0, #20]
+ ldr r3, [sp, #20] @ 4-byte Reload
+ movlt r4, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r4, [r0, #24]
+ movlt r8, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r8, [r0, #28]
+ movlt r9, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ cmp r1, #0
+ str r9, [r0, #32]
+ movlt r11, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r11, [r0, #36]
+ movlt r3, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r3, [r0, #40]
+ ldr r3, [sp, #24] @ 4-byte Reload
+ movlt r3, r2
+ cmp r1, #0
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r3, [r0, #44]
+ movlt r6, r1
+ str r6, [r0, #48]
+ add sp, sp, #64
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end201:
+ .size mcl_fp_addNF13L, .Lfunc_end201-mcl_fp_addNF13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub13L
+ .align 2
+ .type mcl_fp_sub13L,%function
+mcl_fp_sub13L: @ @mcl_fp_sub13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #56
+ sub sp, sp, #56
+ ldr r9, [r2]
+ ldmib r2, {r8, lr}
+ ldr r12, [r2, #12]
+ ldm r1, {r4, r5, r6, r7}
+ subs r11, r4, r9
+ ldr r4, [r2, #24]
+ sbcs r5, r5, r8
+ str r11, [sp, #28] @ 4-byte Spill
+ str r11, [r0]
+ sbcs r6, r6, lr
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [r2, #20]
+ sbcs r7, r7, r12
+ str r6, [sp, #48] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ ldr r11, [sp, #44] @ 4-byte Reload
+ sbcs r10, r7, r6
+ ldr r7, [r1, #20]
+ str r10, [sp, #36] @ 4-byte Spill
+ sbcs r12, r7, r5
+ ldr r7, [r1, #24]
+ ldr r5, [r1, #28]
+ sbcs r8, r7, r4
+ ldr r7, [r2, #28]
+ ldr r4, [r1, #36]
+ str r8, [sp, #40] @ 4-byte Spill
+ sbcs r9, r5, r7
+ ldr r7, [r2, #32]
+ ldr r5, [r1, #32]
+ sbcs r5, r5, r7
+ ldr r7, [r2, #36]
+ sbcs r6, r4, r7
+ ldr r7, [r2, #40]
+ ldr r4, [r1, #40]
+ sbcs lr, r4, r7
+ ldr r7, [r2, #44]
+ ldr r4, [r1, #44]
+ ldr r2, [r2, #48]
+ ldr r1, [r1, #48]
+ sbcs r7, r4, r7
+ ldr r4, [sp, #52] @ 4-byte Reload
+ sbcs r2, r1, r2
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r7, [sp, #32] @ 4-byte Spill
+ str r2, [sp, #24] @ 4-byte Spill
+ str r4, [r0, #4]
+ str r1, [r0, #8]
+ str r11, [r0, #12]
+ str r10, [r0, #16]
+ str r12, [r0, #20]
+ str r8, [r0, #24]
+ str r9, [r0, #28]
+ str r5, [r0, #32]
+ str r6, [r0, #36]
+ str lr, [r0, #40]
+ str r7, [r0, #44]
+ str r2, [r0, #48]
+ mov r2, #0
+ sbc r2, r2, #0
+ tst r2, #1
+ beq .LBB202_2
+@ BB#1: @ %carry
+ ldr r2, [r3, #48]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ ldr r10, [r3, #4]
+ ldr r8, [r3, #8]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r3, #12]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r3, #16]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ str r2, [sp, #16] @ 4-byte Spill
+ ldr r2, [r3]
+ adds r2, r2, r7
+ ldr r7, [r3, #44]
+ adcs r4, r10, r4
+ ldr r10, [r3, #36]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r3, #40]
+ ldr r3, [r3, #32]
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r7, r8, r1
+ ldr r1, [sp] @ 4-byte Reload
+ stm r0, {r2, r4, r7}
+ ldr r2, [sp, #36] @ 4-byte Reload
+ ldr r7, [sp, #4] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [r0, #12]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r2, r7, r2
+ str r2, [r0, #16]
+ adcs r2, r1, r12
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add r12, r0, #32
+ str r2, [r0, #20]
+ ldr r2, [sp, #40] @ 4-byte Reload
+ adcs r2, r1, r2
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r2, [r0, #24]
+ adcs r2, r1, r9
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r2, [r0, #28]
+ adcs r2, r3, r5
+ ldr r5, [sp, #20] @ 4-byte Reload
+ adcs r3, r10, r6
+ ldr r6, [sp, #28] @ 4-byte Reload
+ adcs r7, r1, lr
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r6, r6, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ stm r12, {r2, r3, r7}
+ str r6, [r0, #44]
+ adc r1, r5, r1
+ str r1, [r0, #48]
+.LBB202_2: @ %nocarry
+ add sp, sp, #56
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end202:
+ .size mcl_fp_sub13L, .Lfunc_end202-mcl_fp_sub13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF13L
+ .align 2
+ .type mcl_fp_subNF13L,%function
+mcl_fp_subNF13L: @ @mcl_fp_subNF13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #72
+ sub sp, sp, #72
+ mov r12, r0
+ ldr r0, [r2, #32]
+ add r9, r1, #20
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r2, #36]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r2, #40]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r2, #44]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r2, #48]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r2, {r7, r11}
+ ldr r0, [r2, #8]
+ ldr r10, [r2, #12]
+ ldr r8, [r2, #16]
+ ldr lr, [r1, #16]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r2, #20]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r2, #24]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r2, #28]
+ ldr r2, [r1, #8]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r1, #12]
+ ldm r9, {r4, r5, r9}
+ ldm r1, {r1, r6}
+ subs r7, r1, r7
+ ldr r1, [sp, #52] @ 4-byte Reload
+ sbcs r6, r6, r11
+ str r7, [sp] @ 4-byte Spill
+ str r6, [sp, #4] @ 4-byte Spill
+ sbcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ sbcs r0, r0, r10
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ sbcs r0, lr, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ sbcs r0, r4, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbcs r0, r5, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r9, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ sbcs r11, r1, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r11, [sp, #20] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ sbc r0, r2, r1
+ ldr r1, [r3, #40]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r3, #36]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldm r3, {r2, lr}
+ ldr r1, [r3, #20]
+ ldr r5, [r3, #8]
+ ldr r10, [sp, #8] @ 4-byte Reload
+ ldr r4, [r3, #12]
+ ldr r8, [r3, #24]
+ ldr r9, [r3, #28]
+ adds r2, r7, r2
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ adcs r3, r6, lr
+ ldr r6, [sp, #12] @ 4-byte Reload
+ adcs lr, r10, r5
+ ldr r5, [sp, #48] @ 4-byte Reload
+ adcs r4, r5, r4
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r5, r5, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r7, r1, r8
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r8, r1, r9
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r9, r11, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r11, r1, r0
+ ldr r1, [sp, #68] @ 4-byte Reload
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r1, r0, r1
+ str r1, [sp, #32] @ 4-byte Spill
+ asr r1, r0, #31
+ ldr r0, [sp] @ 4-byte Reload
+ cmp r1, #0
+ movge lr, r10
+ movge r2, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r2, [r12]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ movge r3, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ cmp r1, #0
+ str r3, [r12, #4]
+ str lr, [r12, #8]
+ movge r4, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r4, [r12, #12]
+ movge r5, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r5, [r12, #16]
+ movge r6, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ cmp r1, #0
+ str r6, [r12, #20]
+ movge r7, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ str r7, [r12, #24]
+ movge r8, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ str r8, [r12, #28]
+ movge r9, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ cmp r1, #0
+ str r9, [r12, #32]
+ movge r11, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r11, [r12, #36]
+ movge r2, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ str r2, [r12, #40]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ movge r0, r2
+ cmp r1, #0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [r12, #44]
+ ldr r0, [sp, #32] @ 4-byte Reload
+ movge r0, r1
+ str r0, [r12, #48]
+ add sp, sp, #72
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end203:
+ .size mcl_fp_subNF13L, .Lfunc_end203-mcl_fp_subNF13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add13L
+ .align 2
+ .type mcl_fpDbl_add13L,%function
+mcl_fpDbl_add13L: @ @mcl_fpDbl_add13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #152
+ sub sp, sp, #152
+ ldm r1, {r7, r8, lr}
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r6, r9}
+ add r10, r1, #32
+ adds r4, r4, r7
+ str r4, [sp, #84] @ 4-byte Spill
+ ldr r4, [r2, #96]
+ str r4, [sp, #144] @ 4-byte Spill
+ ldr r4, [r2, #100]
+ str r4, [sp, #148] @ 4-byte Spill
+ adcs r4, r5, r8
+ ldr r8, [r2, #16]
+ adcs r7, r6, lr
+ str r4, [sp, #72] @ 4-byte Spill
+ add lr, r1, #16
+ str r7, [sp, #68] @ 4-byte Spill
+ ldr r7, [r2, #64]
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #128] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #132] @ 4-byte Spill
+ ldr r7, [r2, #88]
+ str r7, [sp, #136] @ 4-byte Spill
+ ldr r7, [r2, #92]
+ str r7, [sp, #140] @ 4-byte Spill
+ adcs r7, r9, r12
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #64] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ ldr r2, [r1, #96]
+ str r2, [sp, #104] @ 4-byte Spill
+ ldr r2, [r1, #100]
+ str r7, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #108] @ 4-byte Spill
+ ldr r2, [r1, #64]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r9, r10}
+ ldr r2, [r1, #52]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #84] @ 4-byte Reload
+ ldr r7, [sp, #72] @ 4-byte Reload
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #68] @ 4-byte Reload
+ adcs r1, r8, r1
+ str r7, [r0, #8]
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r7, [r0, #12]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r2, r7, r2
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r1, r1, r12
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [r0, #28]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [r0, #32]
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r2, r2, r5
+ str r2, [r0, #36]
+ ldr r2, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [r0, #40]
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r2, r2, r9
+ str r2, [r0, #44]
+ ldr r2, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r10
+ str r1, [r0, #48]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r6, r2, r7
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r6, [sp, #88] @ 4-byte Spill
+ adcs r5, r1, r2
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r5, [sp, #92] @ 4-byte Spill
+ adcs r4, r1, r2
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r4, [sp, #96] @ 4-byte Spill
+ adcs r7, r1, r2
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r7, [sp, #112] @ 4-byte Spill
+ adcs lr, r1, r2
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str lr, [sp, #100] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #124] @ 4-byte Spill
+ ldr r1, [sp, #120] @ 4-byte Reload
+ adcs r8, r1, r2
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r8, [sp, #116] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #128] @ 4-byte Spill
+ ldr r1, [sp, #132] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r1, [sp, #132] @ 4-byte Spill
+ ldr r1, [sp, #136] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #136] @ 4-byte Spill
+ ldr r1, [sp, #140] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #140] @ 4-byte Spill
+ ldr r1, [sp, #144] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #144] @ 4-byte Spill
+ ldr r1, [sp, #148] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #148] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ str r1, [sp, #108] @ 4-byte Spill
+ ldmib r3, {r2, r9, r12}
+ ldr r1, [r3, #20]
+ ldr r11, [r3]
+ ldr r10, [r3, #16]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ subs r11, r6, r11
+ sbcs r2, r5, r2
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ str r1, [sp, #120] @ 4-byte Spill
+ sbcs r1, r4, r9
+ add r9, r3, #32
+ sbcs r12, r7, r12
+ ldm r9, {r5, r7, r9}
+ ldr r4, [r3, #44]
+ ldr r3, [r3, #48]
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r10, lr, r10
+ str r3, [sp, #80] @ 4-byte Spill
+ ldr r3, [sp, #124] @ 4-byte Reload
+ str r4, [sp, #76] @ 4-byte Spill
+ sbcs lr, r3, r6
+ ldr r3, [sp, #104] @ 4-byte Reload
+ ldr r6, [sp, #120] @ 4-byte Reload
+ sbcs r4, r8, r3
+ ldr r3, [sp, #128] @ 4-byte Reload
+ sbcs r6, r3, r6
+ ldr r3, [sp, #132] @ 4-byte Reload
+ sbcs r5, r3, r5
+ ldr r3, [sp, #136] @ 4-byte Reload
+ sbcs r8, r3, r7
+ ldr r3, [sp, #140] @ 4-byte Reload
+ ldr r7, [sp, #76] @ 4-byte Reload
+ sbcs r9, r3, r9
+ ldr r3, [sp, #144] @ 4-byte Reload
+ sbcs r3, r3, r7
+ ldr r7, [sp, #80] @ 4-byte Reload
+ str r3, [sp, #120] @ 4-byte Spill
+ ldr r3, [sp, #148] @ 4-byte Reload
+ sbcs r3, r3, r7
+ ldr r7, [sp, #88] @ 4-byte Reload
+ str r3, [sp, #104] @ 4-byte Spill
+ ldr r3, [sp, #108] @ 4-byte Reload
+ sbc r3, r3, #0
+ ands r3, r3, #1
+ movne r11, r7
+ ldr r7, [sp, #92] @ 4-byte Reload
+ str r11, [r0, #52]
+ movne r2, r7
+ str r2, [r0, #56]
+ ldr r2, [sp, #96] @ 4-byte Reload
+ movne r1, r2
+ cmp r3, #0
+ ldr r2, [sp, #120] @ 4-byte Reload
+ str r1, [r0, #60]
+ ldr r1, [sp, #112] @ 4-byte Reload
+ movne r12, r1
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r12, [r0, #64]
+ movne r10, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r10, [r0, #68]
+ movne lr, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ cmp r3, #0
+ str lr, [r0, #72]
+ movne r4, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r4, [r0, #76]
+ movne r6, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r6, [r0, #80]
+ movne r5, r1
+ ldr r1, [sp, #136] @ 4-byte Reload
+ cmp r3, #0
+ str r5, [r0, #84]
+ movne r8, r1
+ ldr r1, [sp, #140] @ 4-byte Reload
+ str r8, [r0, #88]
+ movne r9, r1
+ ldr r1, [sp, #144] @ 4-byte Reload
+ str r9, [r0, #92]
+ movne r2, r1
+ ldr r1, [sp, #148] @ 4-byte Reload
+ cmp r3, #0
+ ldr r3, [sp, #104] @ 4-byte Reload
+ str r2, [r0, #96]
+ movne r3, r1
+ str r3, [r0, #100]
+ add sp, sp, #152
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end204:
+ .size mcl_fpDbl_add13L, .Lfunc_end204-mcl_fpDbl_add13L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub13L
+ .align 2
+ .type mcl_fpDbl_sub13L,%function
+mcl_fpDbl_sub13L: @ @mcl_fpDbl_sub13L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #152
+ sub sp, sp, #152
+ ldr r7, [r2, #96]
+ add r10, r1, #32
+ str r7, [sp, #144] @ 4-byte Spill
+ ldr r7, [r2, #100]
+ str r7, [sp, #148] @ 4-byte Spill
+ ldr r7, [r2, #64]
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #140] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #132] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #128] @ 4-byte Spill
+ ldr r7, [r2, #88]
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [r2, #92]
+ str r7, [sp, #136] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #104] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #92] @ 4-byte Spill
+ ldm r2, {r9, lr}
+ ldr r6, [r1]
+ ldr r5, [r1, #4]
+ ldr r12, [r2, #8]
+ ldr r4, [r1, #8]
+ ldr r8, [r2, #12]
+ ldr r7, [r1, #12]
+ subs r6, r6, r9
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [r2, #40]
+ str r6, [sp, #80] @ 4-byte Spill
+ sbcs r6, r5, lr
+ add lr, r1, #16
+ str r6, [sp, #28] @ 4-byte Spill
+ ldr r6, [r2, #36]
+ str r6, [sp, #48] @ 4-byte Spill
+ sbcs r6, r4, r12
+ sbcs r7, r7, r8
+ str r6, [sp, #20] @ 4-byte Spill
+ ldr r6, [r2, #32]
+ ldr r8, [r2, #16]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r6, [sp, #40] @ 4-byte Spill
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ ldr r2, [r1, #96]
+ str r2, [sp, #84] @ 4-byte Spill
+ ldr r2, [r1, #100]
+ str r7, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #88] @ 4-byte Spill
+ ldr r2, [r1, #64]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #68] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #76] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r9, r10}
+ ldr r2, [r1, #52]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #20] @ 4-byte Reload
+ sbcs r1, r1, r8
+ str r7, [r0, #8]
+ ldr r7, [sp, #16] @ 4-byte Reload
+ str r7, [r0, #12]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs r2, r2, r7
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r1, r12, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r2, lr, r2
+ str r2, [r0, #28]
+ ldr r2, [sp, #48] @ 4-byte Reload
+ sbcs r1, r4, r1
+ str r1, [r0, #32]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ sbcs r2, r5, r2
+ str r2, [r0, #36]
+ ldr r2, [sp, #92] @ 4-byte Reload
+ sbcs r1, r6, r1
+ str r1, [r0, #40]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ sbcs r2, r9, r2
+ str r2, [r0, #44]
+ ldr r2, [sp, #100] @ 4-byte Reload
+ sbcs r1, r10, r1
+ add r10, r3, #16
+ str r1, [r0, #48]
+ ldr r1, [sp, #104] @ 4-byte Reload
+ sbcs r9, r7, r2
+ ldr r2, [sp, #4] @ 4-byte Reload
+ ldr r7, [sp, #52] @ 4-byte Reload
+ sbcs r11, r2, r1
+ ldr r1, [sp, #120] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbcs r1, r2, r1
+ ldr r2, [sp, #124] @ 4-byte Reload
+ str r1, [sp, #120] @ 4-byte Spill
+ mov r1, #0
+ sbcs r6, r7, r2
+ ldr r2, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r6, [sp, #92] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #56] @ 4-byte Reload
+ str r2, [sp, #124] @ 4-byte Spill
+ ldr r2, [sp, #112] @ 4-byte Reload
+ sbcs r8, r7, r2
+ ldr r2, [sp, #140] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r8, [sp, #96] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r2, [sp, #140] @ 4-byte Spill
+ ldr r2, [sp, #132] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r2, [sp, #132] @ 4-byte Spill
+ ldr r2, [sp, #128] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #72] @ 4-byte Reload
+ str r2, [sp, #128] @ 4-byte Spill
+ ldr r2, [sp, #116] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r2, [sp, #116] @ 4-byte Spill
+ ldr r2, [sp, #136] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r2, [sp, #136] @ 4-byte Spill
+ ldr r2, [sp, #144] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #88] @ 4-byte Reload
+ str r2, [sp, #144] @ 4-byte Spill
+ ldr r2, [sp, #148] @ 4-byte Reload
+ sbcs r2, r7, r2
+ mov r7, r9
+ mov r9, r11
+ sbc r1, r1, #0
+ str r2, [sp, #148] @ 4-byte Spill
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [r3, #40]
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #112] @ 4-byte Spill
+ ldm r3, {r1, r2, r12, lr}
+ ldm r10, {r3, r4, r5, r10}
+ ldr r11, [sp, #120] @ 4-byte Reload
+ adds r1, r7, r1
+ adcs r2, r9, r2
+ adcs r12, r11, r12
+ ldr r11, [sp, #112] @ 4-byte Reload
+ adcs lr, r6, lr
+ ldr r6, [sp, #124] @ 4-byte Reload
+ adcs r3, r6, r3
+ ldr r6, [sp, #140] @ 4-byte Reload
+ adcs r4, r8, r4
+ adcs r8, r6, r5
+ ldr r5, [sp, #132] @ 4-byte Reload
+ ldr r6, [sp, #84] @ 4-byte Reload
+ adcs r10, r5, r10
+ ldr r5, [sp, #128] @ 4-byte Reload
+ adcs r5, r5, r6
+ ldr r6, [sp, #88] @ 4-byte Reload
+ str r5, [sp, #84] @ 4-byte Spill
+ ldr r5, [sp, #116] @ 4-byte Reload
+ adcs r5, r5, r6
+ ldr r6, [sp, #104] @ 4-byte Reload
+ str r5, [sp, #88] @ 4-byte Spill
+ ldr r5, [sp, #136] @ 4-byte Reload
+ adcs r5, r5, r6
+ ldr r6, [sp, #108] @ 4-byte Reload
+ str r5, [sp, #104] @ 4-byte Spill
+ ldr r5, [sp, #144] @ 4-byte Reload
+ adcs r5, r5, r6
+ str r5, [sp, #108] @ 4-byte Spill
+ ldr r5, [sp, #148] @ 4-byte Reload
+ adc r5, r5, r11
+ str r5, [sp, #112] @ 4-byte Spill
+ ldr r5, [sp, #100] @ 4-byte Reload
+ ands r5, r5, #1
+ moveq r1, r7
+ moveq r2, r9
+ str r1, [r0, #52]
+ ldr r1, [sp, #120] @ 4-byte Reload
+ str r2, [r0, #56]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ moveq r12, r1
+ ldr r1, [sp, #92] @ 4-byte Reload
+ cmp r5, #0
+ str r12, [r0, #60]
+ moveq lr, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str lr, [r0, #64]
+ moveq r3, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r3, [r0, #68]
+ ldr r3, [sp, #112] @ 4-byte Reload
+ moveq r4, r1
+ ldr r1, [sp, #140] @ 4-byte Reload
+ cmp r5, #0
+ str r4, [r0, #72]
+ moveq r8, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r8, [r0, #76]
+ moveq r10, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r10, [r0, #80]
+ moveq r2, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ cmp r5, #0
+ str r2, [r0, #84]
+ ldr r2, [sp, #88] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #136] @ 4-byte Reload
+ str r2, [r0, #88]
+ ldr r2, [sp, #104] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #144] @ 4-byte Reload
+ str r2, [r0, #92]
+ ldr r2, [sp, #108] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #148] @ 4-byte Reload
+ cmp r5, #0
+ str r2, [r0, #96]
+ moveq r3, r1
+ str r3, [r0, #100]
+ add sp, sp, #152
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end205:
+ .size mcl_fpDbl_sub13L, .Lfunc_end205-mcl_fpDbl_sub13L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv448x32,%function
+.LmulPv448x32: @ @mulPv448x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r3, [r1, #36]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #36]
+ ldr r3, [r1, #40]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #40]
+ ldr r3, [r1, #44]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #44]
+ ldr r3, [r1, #48]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #48]
+ ldr r1, [r1, #52]
+ umull r3, r7, r1, r2
+ adcs r1, r6, r3
+ str r1, [r0, #52]
+ adc r1, r7, #0
+ str r1, [r0, #56]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end206:
+ .size .LmulPv448x32, .Lfunc_end206-.LmulPv448x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre14L
+ .align 2
+ .type mcl_fp_mulUnitPre14L,%function
+mcl_fp_mulUnitPre14L: @ @mcl_fp_mulUnitPre14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #76
+ sub sp, sp, #76
+ mov r4, r0
+ add r0, sp, #8
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #64]
+ add lr, sp, #8
+ ldr r8, [sp, #56]
+ ldr r9, [sp, #52]
+ ldr r10, [sp, #48]
+ ldr r11, [sp, #44]
+ ldr r5, [sp, #40]
+ ldr r6, [sp, #36]
+ ldr r7, [sp, #32]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #60]
+ str r0, [sp] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ stm r4, {r0, r1, r2, r3, r12, lr}
+ str r7, [r4, #24]
+ str r6, [r4, #28]
+ str r5, [r4, #32]
+ str r11, [r4, #36]
+ str r10, [r4, #40]
+ str r9, [r4, #44]
+ str r8, [r4, #48]
+ ldr r0, [sp] @ 4-byte Reload
+ str r0, [r4, #52]
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r0, [r4, #56]
+ add sp, sp, #76
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end207:
+ .size mcl_fp_mulUnitPre14L, .Lfunc_end207-mcl_fp_mulUnitPre14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre14L
+ .align 2
+ .type mcl_fpDbl_mulPre14L,%function
+mcl_fpDbl_mulPre14L: @ @mcl_fpDbl_mulPre14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #228
+ sub sp, sp, #228
+ mov r6, r2
+ mov r5, r1
+ mov r4, r0
+ bl mcl_fpDbl_mulPre7L(PLT)
+ add r0, r4, #56
+ add r1, r5, #28
+ add r2, r6, #28
+ bl mcl_fpDbl_mulPre7L(PLT)
+ ldr r0, [r6, #32]
+ add r11, r6, #36
+ str r0, [sp, #104] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [r6, #52]
+ ldr r12, [r6]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldmib r6, {r1, r2, r3, r7}
+ ldr r0, [r6, #28]
+ ldr lr, [r6, #24]
+ ldr r6, [r6, #20]
+ adds r0, r12, r0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #104] @ 4-byte Spill
+ adcs r0, r2, r8
+ str r0, [sp, #100] @ 4-byte Spill
+ adcs r0, r3, r9
+ str r0, [sp, #96] @ 4-byte Spill
+ adcs r0, r7, r10
+ str r0, [sp, #92] @ 4-byte Spill
+ adcs r0, r6, r11
+ add r11, r5, #32
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, lr, r0
+ add lr, r5, #12
+ str r0, [sp, #84] @ 4-byte Spill
+ mov r0, #0
+ ldm r11, {r8, r10, r11}
+ ldr r7, [r5]
+ ldr r3, [r5, #4]
+ ldr r2, [r5, #8]
+ adc r6, r0, #0
+ ldr r0, [r5, #44]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r5, #48]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r5, #52]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r5, #28]
+ ldm lr, {r1, r9, r12, lr}
+ adds r0, r7, r0
+ str r0, [sp, #112] @ 4-byte Spill
+ str r0, [sp, #144]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r7, r3, r8
+ adcs r10, r2, r10
+ add r2, sp, #116
+ str r7, [sp, #148]
+ adcs r11, r1, r11
+ add r1, sp, #144
+ str r10, [sp, #152]
+ str r11, [sp, #156]
+ adcs r5, r9, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r5, [sp, #160]
+ adcs r9, r12, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r9, [sp, #164]
+ adcs r8, lr, r0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ str r8, [sp, #168]
+ str r0, [sp, #116]
+ ldr r0, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #120]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #124]
+ ldr r0, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #128]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #132]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #136]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #140]
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ add r0, sp, #172
+ bl mcl_fpDbl_mulPre7L(PLT)
+ ldr r0, [sp, #108] @ 4-byte Reload
+ cmp r6, #0
+ ldr r2, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #100] @ 4-byte Reload
+ moveq r8, r6
+ moveq r9, r6
+ moveq r5, r6
+ moveq r11, r6
+ moveq r10, r6
+ cmp r6, #0
+ moveq r2, r6
+ moveq r7, r6
+ str r2, [sp, #112] @ 4-byte Spill
+ str r7, [sp, #76] @ 4-byte Spill
+ adds r3, r2, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r2, [sp, #92] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #88] @ 4-byte Reload
+ adcs lr, r10, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r11, r1
+ adcs r2, r5, r2
+ adcs r12, r9, r7
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adcs r7, r8, r7
+ str r7, [sp, #104] @ 4-byte Spill
+ mov r7, #0
+ adc r7, r7, #0
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [sp, #80] @ 4-byte Reload
+ cmp r7, #0
+ moveq r2, r5
+ ldr r5, [sp, #76] @ 4-byte Reload
+ moveq r1, r11
+ moveq lr, r10
+ ldr r11, [sp, #104] @ 4-byte Reload
+ moveq r0, r5
+ ldr r5, [sp, #112] @ 4-byte Reload
+ moveq r3, r5
+ cmp r7, #0
+ ldr r5, [sp, #108] @ 4-byte Reload
+ moveq r5, r7
+ and r7, r6, r7
+ ldr r6, [sp, #200]
+ moveq r12, r9
+ moveq r11, r8
+ adds r10, r3, r6
+ ldr r3, [sp, #204]
+ adcs r8, r0, r3
+ ldr r0, [sp, #208]
+ add r3, sp, #172
+ adcs r9, lr, r0
+ ldr r0, [sp, #212]
+ ldr lr, [r4]
+ adcs r0, r1, r0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ adcs r0, r2, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ adcs r0, r12, r0
+ ldr r12, [r4, #4]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ adcs r0, r11, r0
+ ldr r11, [r4, #12]
+ str r0, [sp, #92] @ 4-byte Spill
+ adc r0, r5, r7
+ ldr r5, [r4, #8]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldm r3, {r0, r1, r2, r3}
+ subs lr, r0, lr
+ sbcs r12, r1, r12
+ ldr r1, [sp, #188]
+ sbcs r5, r2, r5
+ ldr r2, [r4, #36]
+ sbcs r0, r3, r11
+ ldr r3, [sp, #104] @ 4-byte Reload
+ ldr r11, [r4, #60]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [r4, #16]
+ str r2, [sp, #112] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #192]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r4, #20]
+ sbcs r0, r1, r0
+ ldr r1, [sp, #196]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r4, #24]
+ sbcs r6, r1, r0
+ ldr r0, [r4, #28]
+ sbcs r7, r10, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r4, #32]
+ ldr r10, [r4, #56]
+ sbcs r8, r8, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ sbcs r9, r9, r2
+ ldr r2, [r4, #40]
+ sbcs r0, r3, r2
+ str r2, [sp, #108] @ 4-byte Spill
+ ldr r2, [r4, #44]
+ ldr r3, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ sbcs r0, r3, r2
+ str r2, [sp, #104] @ 4-byte Spill
+ ldr r2, [r4, #48]
+ ldr r3, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ sbcs r0, r3, r2
+ str r2, [sp, #100] @ 4-byte Spill
+ ldr r2, [r4, #52]
+ ldr r3, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ sbcs r0, r3, r2
+ str r2, [sp, #96] @ 4-byte Spill
+ ldr r2, [sp, #88] @ 4-byte Reload
+ ldr r3, [r4, #68]
+ str r0, [sp, #56] @ 4-byte Spill
+ sbc r0, r2, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ subs r0, lr, r10
+ ldr lr, [r4, #76]
+ str r0, [sp, #48] @ 4-byte Spill
+ sbcs r0, r12, r11
+ ldr r12, [r4, #72]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r4, #64]
+ str r0, [sp, #36] @ 4-byte Spill
+ sbcs r0, r5, r0
+ ldr r5, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ sbcs r0, r5, r3
+ ldr r5, [r4, #80]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ sbcs r0, r0, r12
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ sbcs r0, r6, r5
+ ldr r6, [r4, #84]
+ str r0, [sp, #24] @ 4-byte Spill
+ sbcs r0, r7, r6
+ str r6, [sp, #92] @ 4-byte Spill
+ ldr r6, [r4, #88]
+ str r0, [sp, #20] @ 4-byte Spill
+ sbcs r0, r8, r6
+ str r6, [sp, #88] @ 4-byte Spill
+ ldr r6, [r4, #92]
+ str r0, [sp, #16] @ 4-byte Spill
+ sbcs r0, r9, r6
+ add r9, r4, #96
+ str r6, [sp, #84] @ 4-byte Spill
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r8, r9}
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r1, [sp, #48] @ 4-byte Reload
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r0, r0, r6
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ sbcs r0, r0, r7
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ sbcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adds r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [r4, #28]
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [r4, #32]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r0, [r4, #36]
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #72] @ 4-byte Reload
+ str r1, [r4, #40]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ str r0, [r4, #44]
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [r4, #48]
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r0, [r4, #52]
+ adcs r1, r10, r1
+ ldr r0, [sp, #16] @ 4-byte Reload
+ str r1, [r4, #56]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [r4, #60]
+ adcs r1, r1, r2
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r1, [r4, #64]
+ ldr r1, [sp, #8] @ 4-byte Reload
+ adcs r0, r3, r0
+ adcs r1, r12, r1
+ str r0, [r4, #68]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ add r12, r4, #92
+ str r1, [r4, #72]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ adcs r1, r5, r1
+ str r0, [r4, #76]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str r1, [r4, #80]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [r4, #84]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [r4, #88]
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, #0
+ adcs r1, r6, #0
+ adcs r2, r7, #0
+ adcs r3, r8, #0
+ adc r7, r9, #0
+ stm r12, {r0, r1, r2, r3, r7}
+ add sp, sp, #228
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end208:
+ .size mcl_fpDbl_mulPre14L, .Lfunc_end208-mcl_fpDbl_mulPre14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre14L
+ .align 2
+ .type mcl_fpDbl_sqrPre14L,%function
+mcl_fpDbl_sqrPre14L: @ @mcl_fpDbl_sqrPre14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #220
+ sub sp, sp, #220
+ mov r5, r1
+ mov r4, r0
+ mov r2, r5
+ bl mcl_fpDbl_mulPre7L(PLT)
+ add r1, r5, #28
+ add r0, r4, #56
+ mov r2, r1
+ bl mcl_fpDbl_mulPre7L(PLT)
+ ldr r0, [r5, #44]
+ ldr r11, [r5, #32]
+ ldr r10, [r5, #36]
+ ldr r8, [r5, #40]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r5, #48]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r5, #52]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldm r5, {r6, r7}
+ ldr r0, [r5, #28]
+ ldr r3, [r5, #8]
+ ldr r2, [r5, #12]
+ ldr r12, [r5, #16]
+ ldr lr, [r5, #24]
+ ldr r1, [r5, #20]
+ ldr r5, [sp, #96] @ 4-byte Reload
+ adds r9, r6, r0
+ adcs r0, r7, r11
+ ldr r7, [sp, #100] @ 4-byte Reload
+ str r9, [sp, #136]
+ str r9, [sp, #108]
+ adcs r3, r3, r10
+ str r0, [sp, #140]
+ str r0, [sp, #112]
+ adcs r2, r2, r8
+ str r3, [sp, #144]
+ str r3, [sp, #116]
+ adcs r6, r12, r5
+ str r2, [sp, #148]
+ str r2, [sp, #120]
+ adcs r1, r1, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ str r6, [sp, #152]
+ str r6, [sp, #124]
+ lsr r5, r1, #31
+ str r1, [sp, #156]
+ str r1, [sp, #128]
+ adcs r8, lr, r7
+ orr r5, r5, r8, lsl #1
+ str r8, [sp, #160]
+ str r8, [sp, #132]
+ str r5, [sp, #104] @ 4-byte Spill
+ lsr r5, r6, #31
+ orr r1, r5, r1, lsl #1
+ str r1, [sp, #100] @ 4-byte Spill
+ lsr r1, r2, #31
+ orr r1, r1, r6, lsl #1
+ str r1, [sp, #96] @ 4-byte Spill
+ lsr r1, r3, #31
+ orr r1, r1, r2, lsl #1
+ add r2, sp, #108
+ str r1, [sp, #92] @ 4-byte Spill
+ lsr r1, r0, #31
+ orr r1, r1, r3, lsl #1
+ str r1, [sp, #84] @ 4-byte Spill
+ lsr r1, r9, #31
+ orr r0, r1, r0, lsl #1
+ add r1, sp, #136
+ str r0, [sp, #76] @ 4-byte Spill
+ mov r0, #0
+ adc r6, r0, #0
+ add r0, sp, #164
+ bl mcl_fpDbl_mulPre7L(PLT)
+ add lr, sp, #204
+ add r7, sp, #192
+ ldm lr, {r5, r10, r11, lr}
+ ldm r7, {r0, r1, r7}
+ ldr r2, [sp, #100] @ 4-byte Reload
+ ldr r3, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ adds r0, r0, r9, lsl #1
+ mov r9, r1
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r12, r7, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r1, r5, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r10, r0
+ adcs r2, r11, r2
+ adcs r3, lr, r3
+ adc r8, r6, r8, lsr #31
+ cmp r6, #0
+ moveq r0, r10
+ moveq r1, r5
+ moveq r3, lr
+ moveq r2, r11
+ moveq r12, r7
+ cmp r6, #0
+ ldr lr, [r4]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ moveq r8, r6
+ str r2, [sp, #100] @ 4-byte Spill
+ mov r5, r3
+ ldr r3, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #96] @ 4-byte Spill
+ mov r7, r8
+ add r8, sp, #164
+ moveq r3, r9
+ ldmib r4, {r9, r10, r11}
+ moveq r2, r0
+ ldm r8, {r0, r1, r8}
+ ldr r6, [sp, #176]
+ subs lr, r0, lr
+ sbcs r0, r1, r9
+ ldr r1, [sp, #180]
+ str r0, [sp, #60] @ 4-byte Spill
+ sbcs r0, r8, r10
+ ldr r10, [r4, #56]
+ str r0, [sp, #76] @ 4-byte Spill
+ sbcs r0, r6, r11
+ ldr r11, [r4, #60]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [r4, #16]
+ sbcs r0, r1, r0
+ ldr r1, [sp, #184]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r4, #20]
+ sbcs r0, r1, r0
+ ldr r1, [sp, #188]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r4, #24]
+ sbcs r6, r1, r0
+ ldr r1, [r4, #28]
+ ldr r0, [r4, #32]
+ sbcs r9, r2, r1
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r2, [sp, #96] @ 4-byte Reload
+ sbcs r8, r3, r0
+ ldr r0, [r4, #36]
+ ldr r3, [r4, #68]
+ str r0, [sp, #88] @ 4-byte Spill
+ sbcs r0, r12, r0
+ ldr r12, [r4, #72]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r4, #40]
+ str r0, [sp, #84] @ 4-byte Spill
+ sbcs r0, r2, r0
+ ldr r2, [r4, #44]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ str r2, [sp, #96] @ 4-byte Spill
+ sbcs r0, r0, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r4, #48]
+ str r0, [sp, #104] @ 4-byte Spill
+ sbcs r0, r2, r0
+ ldr r2, [r4, #64]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r4, #52]
+ str r2, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #100] @ 4-byte Spill
+ sbcs r0, r5, r0
+ ldr r5, [r4, #80]
+ str r0, [sp, #44] @ 4-byte Spill
+ sbc r0, r7, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ subs r0, lr, r10
+ ldr lr, [r4, #76]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbcs r0, r0, r11
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ sbcs r0, r0, r2
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ sbcs r0, r0, r3
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ sbcs r0, r0, r12
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ sbcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ sbcs r0, r6, r5
+ ldr r6, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r4, #84]
+ str r0, [sp, #80] @ 4-byte Spill
+ sbcs r0, r9, r0
+ add r9, r4, #96
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [r4, #88]
+ str r0, [sp, #76] @ 4-byte Spill
+ sbcs r0, r8, r0
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r4, #92]
+ str r0, [sp, #72] @ 4-byte Spill
+ sbcs r0, r6, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldm r9, {r6, r7, r8, r9}
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r2, [sp, #60] @ 4-byte Reload
+ sbcs r0, r0, r6
+ str r0, [sp] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r0, r7
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ sbcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ sbc r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adds r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [r4, #28]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [r4, #32]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [r4, #36]
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [r4, #40]
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r0, [r4, #44]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [r4, #48]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r0, [r4, #52]
+ adcs r1, r10, r1
+ ldr r0, [sp, #8] @ 4-byte Reload
+ str r1, [r4, #56]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [r4, #60]
+ adcs r1, r1, r2
+ ldr r0, [sp] @ 4-byte Reload
+ str r1, [r4, #64]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ adcs r0, r3, r0
+ adcs r1, r12, r1
+ str r0, [r4, #68]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ add r12, r4, #92
+ str r1, [r4, #72]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ adcs r1, r5, r1
+ str r0, [r4, #76]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r1, [r4, #80]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [r4, #84]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [r4, #88]
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ adcs r1, r6, #0
+ adcs r2, r7, #0
+ adcs r3, r8, #0
+ adc r7, r9, #0
+ stm r12, {r0, r1, r2, r3, r7}
+ add sp, sp, #220
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end209:
+ .size mcl_fpDbl_sqrPre14L, .Lfunc_end209-mcl_fpDbl_sqrPre14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont14L
+ .align 2
+ .type mcl_fp_mont14L,%function
+mcl_fp_mont14L: @ @mcl_fp_mont14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #892
+ sub sp, sp, #892
+ .pad #1024
+ sub sp, sp, #1024
+ add r12, sp, #108
+ add r7, sp, #1024
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, r7, #824
+ ldr r6, [r3, #-4]
+ ldr r2, [r2]
+ str r6, [sp, #104] @ 4-byte Spill
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1852]
+ ldr r5, [sp, #1848]
+ add r8, sp, #1024
+ mov r1, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1856]
+ mul r2, r5, r6
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1860]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1904]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #1900]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #1896]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #1892]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1888]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1884]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1880]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1876]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1872]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1868]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1864]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, r8, #760
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1840]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r10, [sp, #1808]
+ ldr r11, [sp, #1804]
+ ldr r7, [sp, #1800]
+ ldr r9, [sp, #1784]
+ ldr r4, [sp, #1788]
+ ldr r6, [sp, #1792]
+ ldr r8, [sp, #1796]
+ add lr, sp, #1024
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1836]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1832]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1828]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1824]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1820]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1816]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1812]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, lr, #696
+ bl .LmulPv448x32(PLT)
+ adds r0, r9, r5
+ ldr r1, [sp, #48] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ ldr r3, [sp, #1736]
+ ldr r12, [sp, #1740]
+ ldr lr, [sp, #1744]
+ ldr r5, [sp, #1752]
+ ldr r9, [sp, #1760]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1748]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #1720]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #1756]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r1, r11, r1
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, #0
+ ldr r11, [sp, #80] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r10, r1
+ ldr r10, [sp, #1764]
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #1732]
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #1728]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1776]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1772]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1768]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #1724]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r6, sp, #1024
+ add r0, r6, #632
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1712]
+ add r11, sp, #1664
+ ldr r8, [sp, #1684]
+ ldr r9, [sp, #1680]
+ ldr r10, [sp, #1676]
+ ldr r4, [sp, #1656]
+ ldr r7, [sp, #1660]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1708]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1704]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1700]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1696]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1692]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1688]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, lr, #568
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1604]
+ ldr r3, [sp, #1608]
+ ldr r12, [sp, #1612]
+ ldr lr, [sp, #1616]
+ adds r0, r0, r4
+ ldr r4, [sp, #1620]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1624]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1592]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1636]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1632]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1628]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1600]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1648]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1644]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1640]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1596]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r6, sp, #1024
+ add r0, r6, #504
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1584]
+ add r11, sp, #1536
+ ldr r8, [sp, #1556]
+ ldr r9, [sp, #1552]
+ ldr r10, [sp, #1548]
+ ldr r4, [sp, #1528]
+ ldr r7, [sp, #1532]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1580]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1576]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1572]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1568]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1564]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1560]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, lr, #440
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1476]
+ ldr r3, [sp, #1480]
+ ldr r12, [sp, #1484]
+ ldr lr, [sp, #1488]
+ adds r0, r0, r4
+ ldr r4, [sp, #1492]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1496]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1464]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1508]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1504]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1500]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1472]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1520]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1516]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1512]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1468]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r6, sp, #1024
+ add r0, r6, #376
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1456]
+ add r11, sp, #1408
+ ldr r8, [sp, #1428]
+ ldr r9, [sp, #1424]
+ ldr r10, [sp, #1420]
+ ldr r4, [sp, #1400]
+ ldr r7, [sp, #1404]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1448]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1444]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1440]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1436]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1432]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, lr, #312
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1348]
+ ldr r3, [sp, #1352]
+ ldr r12, [sp, #1356]
+ ldr lr, [sp, #1360]
+ adds r0, r0, r4
+ ldr r4, [sp, #1364]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1368]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1336]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1380]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1376]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1372]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1344]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1392]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1388]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1384]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1340]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r6, sp, #1024
+ add r0, r6, #248
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1328]
+ add r11, sp, #1280
+ ldr r8, [sp, #1300]
+ ldr r9, [sp, #1296]
+ ldr r10, [sp, #1292]
+ ldr r4, [sp, #1272]
+ ldr r7, [sp, #1276]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1324]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1320]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1316]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1312]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1308]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1304]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, lr, #184
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1220]
+ ldr r3, [sp, #1224]
+ ldr r12, [sp, #1228]
+ ldr lr, [sp, #1232]
+ adds r0, r0, r4
+ ldr r4, [sp, #1236]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1240]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1208]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1252]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1248]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1244]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1216]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1256]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1212]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r6, sp, #1024
+ add r0, r6, #120
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1200]
+ add r11, sp, #1152
+ ldr r8, [sp, #1172]
+ ldr r9, [sp, #1168]
+ ldr r10, [sp, #1164]
+ ldr r4, [sp, #1144]
+ ldr r7, [sp, #1148]
+ add lr, sp, #1024
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1196]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1192]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1188]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1184]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1180]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1176]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, lr, #56
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ ldr r2, [sp, #1092]
+ ldr r3, [sp, #1096]
+ ldr r12, [sp, #1100]
+ ldr lr, [sp, #1104]
+ adds r0, r0, r4
+ ldr r4, [sp, #1108]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #1112]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1080]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1124]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1120]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1116]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1088]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1136]
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1132]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1128]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1084]
+ adcs r0, r7, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #1016
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1072]
+ add r11, sp, #1024
+ ldr r8, [sp, #1044]
+ ldr r9, [sp, #1040]
+ ldr r10, [sp, #1036]
+ ldr r4, [sp, #1016]
+ ldr r7, [sp, #1020]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1068]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1064]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1060]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #952
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #956
+ adds r0, r0, r4
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #980
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1008]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1004]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1000]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #952]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #888
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #944]
+ add r11, sp, #896
+ ldr r8, [sp, #916]
+ ldr r9, [sp, #912]
+ ldr r10, [sp, #908]
+ ldr r4, [sp, #888]
+ ldr r7, [sp, #892]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #936]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #824
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #828
+ adds r0, r0, r4
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #852
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #880]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #876]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #872]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #824]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #760
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #816]
+ add r11, sp, #768
+ ldr r8, [sp, #788]
+ ldr r9, [sp, #784]
+ ldr r10, [sp, #780]
+ ldr r4, [sp, #760]
+ ldr r7, [sp, #764]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r5, r6, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #696
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #700
+ adds r0, r0, r4
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #724
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #744]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #696]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ mul r2, r6, r5
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #632
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #688]
+ add r11, sp, #632
+ ldr r6, [sp, #656]
+ ldr r4, [sp, #652]
+ ldr r7, [sp, #648]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #684]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #680]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #676]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r8, r9, r10, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #568
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #20] @ 4-byte Reload
+ ldr r1, [sp, #4] @ 4-byte Reload
+ add lr, sp, #584
+ adds r0, r0, r8
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r2, r0, r9
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #608
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #568
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm r11, {r4, r6, r7, r11}
+ adds r0, r2, r4
+ mul r1, r0, r5
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #624]
+ str r1, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r5, [sp, #96] @ 4-byte Reload
+ adcs r6, r5, r6
+ ldr r5, [sp, #92] @ 4-byte Reload
+ str r6, [sp, #96] @ 4-byte Spill
+ adcs r6, r5, r7
+ ldr r5, [sp, #88] @ 4-byte Reload
+ str r6, [sp, #92] @ 4-byte Spill
+ adcs r6, r5, r11
+ ldr r5, [sp, #84] @ 4-byte Reload
+ str r6, [sp, #88] @ 4-byte Spill
+ adcs r0, r5, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #504
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #560]
+ add r10, sp, #504
+ ldr r11, [sp, #532]
+ ldr r4, [sp, #528]
+ ldr r6, [sp, #524]
+ ldr r7, [sp, #520]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #552]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #548]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #540]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #536]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r10, {r5, r8, r9, r10}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #440
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #456
+ adds r0, r0, r5
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r8
+ adcs r1, r1, r9
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #480
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r7
+ add r7, sp, #440
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #36] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #24] @ 4-byte Spill
+ ldm r7, {r4, r6, r7}
+ ldr r5, [sp, #452]
+ adds r1, r0, r4
+ ldr r0, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ mul r2, r1, r0
+ ldr r0, [sp, #496]
+ str r2, [sp, #20] @ 4-byte Spill
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #96] @ 4-byte Reload
+ adcs r6, r11, r6
+ str r6, [sp, #48] @ 4-byte Spill
+ ldr r6, [sp, #92] @ 4-byte Reload
+ adcs r6, r6, r7
+ str r6, [sp, #44] @ 4-byte Spill
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adcs r5, r6, r5
+ str r5, [sp, #40] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #376
+ bl .LmulPv448x32(PLT)
+ ldr r1, [sp, #432]
+ ldr r8, [sp, #404]
+ ldr r9, [sp, #400]
+ ldr r10, [sp, #396]
+ ldr r11, [sp, #392]
+ ldr r6, [sp, #376]
+ ldr r5, [sp, #380]
+ ldr r7, [sp, #384]
+ ldr r4, [sp, #388]
+ add r0, sp, #312
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #428]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #424]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #420]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #416]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #412]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #408]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [r1, #48]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #316
+ adds r0, r0, r6
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #340
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #364]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #312]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #48] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #248
+ bl .LmulPv448x32(PLT)
+ ldr r1, [sp, #304]
+ ldr r10, [sp, #272]
+ ldr r11, [sp, #268]
+ ldr r8, [sp, #264]
+ ldr r6, [sp, #248]
+ ldr r7, [sp, #252]
+ ldr r4, [sp, #256]
+ ldr r9, [sp, #260]
+ add r0, sp, #184
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #300]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #296]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #292]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #288]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #284]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #280]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #276]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [r1, #52]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #8] @ 4-byte Reload
+ add lr, sp, #200
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r3, r0, r7
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #184
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #224
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldm r8, {r4, r7, r8}
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r5, [sp, #196]
+ adds r4, r3, r4
+ mul r1, r4, r0
+ ldr r0, [sp, #240]
+ str r1, [sp, #48] @ 4-byte Spill
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #236]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r6, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #112] @ 4-byte Reload
+ adcs r11, r11, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ adcs r8, r7, r8
+ ldr r7, [sp, #52] @ 4-byte Reload
+ adcs r5, r7, r5
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r9, r0, r9
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r10
+ str r0, [sp, #68] @ 4-byte Spill
+ mov r0, #0
+ adc r7, r0, #0
+ add r0, sp, #120
+ bl .LmulPv448x32(PLT)
+ add r3, sp, #120
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ adcs r4, r11, r1
+ ldr r0, [sp, #136]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r6, r8, r2
+ str r4, [sp, #36] @ 4-byte Spill
+ adcs r12, r5, r3
+ str r6, [sp, #48] @ 4-byte Spill
+ str r12, [sp, #56] @ 4-byte Spill
+ adcs r8, r1, r0
+ ldr r0, [sp, #140]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r8, [sp, #64] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #148]
+ adcs r0, r1, r0
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ adcs r0, r1, r0
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #160]
+ adcs r0, r1, r0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #164]
+ adcs r0, r9, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #168]
+ adcs r0, r1, r0
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #172]
+ adcs r0, r1, r0
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #176]
+ adcs r0, r1, r0
+ str r0, [sp, #112] @ 4-byte Spill
+ adc r0, r7, #0
+ mov r7, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldmib r7, {r1, r2, r3, r10, r11, lr}
+ ldr r5, [r7]
+ ldr r0, [r7, #28]
+ ldr r9, [r7, #44]
+ subs r5, r4, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r7, #40]
+ sbcs r6, r6, r1
+ ldr r1, [r7, #32]
+ ldr r4, [sp, #68] @ 4-byte Reload
+ sbcs r2, r12, r2
+ sbcs r12, r8, r3
+ ldr r3, [r7, #48]
+ ldr r8, [r7, #36]
+ str r3, [sp, #52] @ 4-byte Spill
+ ldr r3, [r7, #52]
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r3, [sp, #116] @ 4-byte Spill
+ ldr r3, [sp, #80] @ 4-byte Reload
+ sbcs r10, r3, r10
+ ldr r3, [sp, #76] @ 4-byte Reload
+ sbcs r3, r3, r11
+ sbcs lr, r7, lr
+ ldr r7, [sp, #88] @ 4-byte Reload
+ sbcs r4, r7, r4
+ ldr r7, [sp, #92] @ 4-byte Reload
+ sbcs r7, r7, r1
+ ldr r1, [sp, #96] @ 4-byte Reload
+ sbcs r8, r1, r8
+ ldr r1, [sp, #100] @ 4-byte Reload
+ sbcs r11, r1, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #52] @ 4-byte Reload
+ sbcs r9, r0, r9
+ ldr r0, [sp, #108] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ sbcs r0, r0, r1
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbc r0, r0, #0
+ ands r1, r0, #1
+ ldr r0, [sp, #36] @ 4-byte Reload
+ movne r5, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r5, [r0]
+ ldr r5, [sp, #48] @ 4-byte Reload
+ movne r6, r5
+ ldr r5, [sp, #56] @ 4-byte Reload
+ str r6, [r0, #4]
+ movne r2, r5
+ cmp r1, #0
+ str r2, [r0, #8]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ movne r12, r2
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str r12, [r0, #12]
+ movne r10, r2
+ ldr r2, [sp, #76] @ 4-byte Reload
+ str r10, [r0, #16]
+ movne r3, r2
+ ldr r2, [sp, #84] @ 4-byte Reload
+ cmp r1, #0
+ str r3, [r0, #20]
+ movne lr, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ str lr, [r0, #24]
+ movne r4, r2
+ ldr r2, [sp, #92] @ 4-byte Reload
+ str r4, [r0, #28]
+ movne r7, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ cmp r1, #0
+ str r7, [r0, #32]
+ movne r8, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ str r8, [r0, #36]
+ movne r11, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ str r11, [r0, #40]
+ movne r9, r2
+ cmp r1, #0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #68] @ 4-byte Reload
+ str r9, [r0, #44]
+ movne r2, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r2, [r0, #48]
+ ldr r2, [sp, #116] @ 4-byte Reload
+ movne r2, r1
+ str r2, [r0, #52]
+ add sp, sp, #892
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end210:
+ .size mcl_fp_mont14L, .Lfunc_end210-mcl_fp_mont14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF14L
+ .align 2
+ .type mcl_fp_montNF14L,%function
+mcl_fp_montNF14L: @ @mcl_fp_montNF14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #892
+ sub sp, sp, #892
+ .pad #1024
+ sub sp, sp, #1024
+ add r12, sp, #108
+ add r6, sp, #1024
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #76] @ 4-byte Spill
+ add r0, r6, #824
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r5, [sp, #104] @ 4-byte Spill
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1852]
+ ldr r8, [sp, #1848]
+ add r10, sp, #1024
+ mov r1, r4
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1856]
+ mul r2, r8, r5
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1860]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1904]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #1900]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #1896]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #1892]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1888]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1884]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1880]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1876]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1872]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1868]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1864]
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, r10, #760
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1840]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r11, [sp, #1808]
+ ldr r6, [sp, #1804]
+ ldr r7, [sp, #1800]
+ ldr r5, [sp, #1784]
+ ldr r9, [sp, #1788]
+ ldr r10, [sp, #1792]
+ ldr r4, [sp, #1796]
+ add lr, sp, #1024
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1836]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1832]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1828]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1824]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1820]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1816]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1812]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, lr, #696
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r8
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1720]
+ ldr r2, [sp, #1732]
+ ldr r3, [sp, #1736]
+ ldr r12, [sp, #1740]
+ ldr lr, [sp, #1744]
+ ldr r8, [sp, #1760]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r9, r0
+ ldr r9, [sp, #1764]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #1768]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1748]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #1756]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #1752]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #80] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adc r0, r1, r0
+ adds r11, r11, r5
+ ldr r5, [sp, #72] @ 4-byte Reload
+ ldr r1, [sp, #1728]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1776]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1772]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1724]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r8, #632
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1712]
+ add r11, sp, #1664
+ ldr r9, [sp, #1680]
+ ldr r10, [sp, #1676]
+ ldr r6, [sp, #1656]
+ ldr r7, [sp, #1660]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1708]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1704]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1700]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1696]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1692]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1688]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1684]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, lr, #568
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1592]
+ ldr r2, [sp, #1604]
+ ldr r3, [sp, #1608]
+ ldr r12, [sp, #1612]
+ ldr lr, [sp, #1616]
+ ldr r6, [sp, #1624]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1628]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1620]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1632]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1640]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1636]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #1600]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1648]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1644]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1596]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r8, #504
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1584]
+ add r11, sp, #1536
+ ldr r9, [sp, #1552]
+ ldr r10, [sp, #1548]
+ ldr r6, [sp, #1528]
+ ldr r7, [sp, #1532]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1580]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1576]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1572]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1568]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1564]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1560]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1556]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, lr, #440
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1464]
+ ldr r2, [sp, #1476]
+ ldr r3, [sp, #1480]
+ ldr r12, [sp, #1484]
+ ldr lr, [sp, #1488]
+ ldr r6, [sp, #1496]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1500]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1492]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1504]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1512]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1508]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #1472]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1520]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1516]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1468]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r8, #376
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1456]
+ add r11, sp, #1408
+ ldr r9, [sp, #1424]
+ ldr r10, [sp, #1420]
+ ldr r6, [sp, #1400]
+ ldr r7, [sp, #1404]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1448]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1444]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1440]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1436]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1432]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1428]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, lr, #312
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1336]
+ ldr r2, [sp, #1348]
+ ldr r3, [sp, #1352]
+ ldr r12, [sp, #1356]
+ ldr lr, [sp, #1360]
+ ldr r6, [sp, #1368]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1372]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1364]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1376]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1384]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1380]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #1344]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1392]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1388]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1340]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r8, #248
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1328]
+ add r11, sp, #1280
+ ldr r9, [sp, #1296]
+ ldr r10, [sp, #1292]
+ ldr r6, [sp, #1272]
+ ldr r7, [sp, #1276]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1324]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1320]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1316]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1312]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1308]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1304]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1300]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, lr, #184
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1208]
+ ldr r2, [sp, #1220]
+ ldr r3, [sp, #1224]
+ ldr r12, [sp, #1228]
+ ldr lr, [sp, #1232]
+ ldr r6, [sp, #1240]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1244]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1236]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1248]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1256]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1252]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #1216]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1264]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1260]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1212]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ add r8, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, r8, #120
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1200]
+ add r11, sp, #1152
+ ldr r9, [sp, #1168]
+ ldr r10, [sp, #1164]
+ ldr r6, [sp, #1144]
+ ldr r7, [sp, #1148]
+ add lr, sp, #1024
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1196]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1192]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1188]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1184]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1180]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1176]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1172]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, lr, #56
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r5, [sp, #1080]
+ ldr r2, [sp, #1092]
+ ldr r3, [sp, #1096]
+ ldr r12, [sp, #1100]
+ ldr lr, [sp, #1104]
+ ldr r6, [sp, #1112]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #1116]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1108]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1120]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1128]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1124]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ ldr r1, [sp, #1088]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1136]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1132]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1084]
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #1016
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1072]
+ add r11, sp, #1024
+ ldr r9, [sp, #1040]
+ ldr r10, [sp, #1036]
+ ldr r6, [sp, #1016]
+ ldr r7, [sp, #1020]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1068]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1064]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1060]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, sp, #952
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #956
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #980
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1008]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1004]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #952]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #888
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #944]
+ add r11, sp, #896
+ ldr r9, [sp, #912]
+ ldr r10, [sp, #908]
+ ldr r6, [sp, #888]
+ ldr r7, [sp, #892]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #936]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #932]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #916]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #824
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #828
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #852
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #880]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #876]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #824]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #96] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #760
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #816]
+ add r11, sp, #768
+ ldr r9, [sp, #784]
+ ldr r10, [sp, #780]
+ ldr r6, [sp, #760]
+ ldr r7, [sp, #764]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #696
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #700
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #724
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #752]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #748]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #744]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r8, r9, r10}
+ ldr r5, [sp, #696]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adds r5, r11, r5
+ adcs r0, r7, r0
+ str r5, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #104] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ mul r2, r5, r9
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #632
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #688]
+ add r11, sp, #640
+ ldr r5, [sp, #656]
+ ldr r10, [sp, #652]
+ ldr r6, [sp, #632]
+ ldr r7, [sp, #636]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #684]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #680]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #676]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #568
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #96] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ add lr, sp, #584
+ adds r0, r0, r6
+ ldr r6, [sp, #580]
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #572]
+ adcs r1, r1, r4
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #608
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #576]
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #568]
+ str r1, [sp, #44] @ 4-byte Spill
+ adds r0, r0, r2
+ mul r1, r0, r9
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #624]
+ str r1, [sp, #36] @ 4-byte Spill
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #96] @ 4-byte Reload
+ adcs r7, r11, r7
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r5, r7, r5
+ str r5, [sp, #92] @ 4-byte Spill
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r5, r5, r6
+ str r5, [sp, #88] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #504
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #560]
+ add r10, sp, #508
+ ldr r7, [sp, #532]
+ ldr r8, [sp, #528]
+ ldr r9, [sp, #524]
+ ldr r11, [sp, #504]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #552]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #548]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #540]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #536]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r10}
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #440
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r1, [sp, #92] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #456
+ adds r0, r0, r11
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ adcs r1, r1, r5
+ ldr r5, [sp, #448]
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #452]
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #480
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r7
+ ldr r7, [sp, #444]
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adc r1, r1, r2
+ ldr r2, [sp, #440]
+ str r1, [sp, #36] @ 4-byte Spill
+ adds r1, r0, r2
+ ldr r0, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ mul r2, r1, r0
+ ldr r0, [sp, #496]
+ str r2, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #96] @ 4-byte Reload
+ adcs r7, r11, r7
+ str r7, [sp, #52] @ 4-byte Spill
+ ldr r7, [sp, #92] @ 4-byte Reload
+ adcs r5, r7, r5
+ str r5, [sp, #48] @ 4-byte Spill
+ ldr r5, [sp, #88] @ 4-byte Reload
+ adcs r5, r5, r6
+ str r5, [sp, #44] @ 4-byte Spill
+ ldr r5, [sp, #84] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #56] @ 4-byte Spill
+ add r0, sp, #376
+ bl .LmulPv448x32(PLT)
+ ldr r1, [sp, #432]
+ add r10, sp, #380
+ ldr r7, [sp, #404]
+ ldr r8, [sp, #400]
+ ldr r9, [sp, #396]
+ ldr r11, [sp, #376]
+ add r0, sp, #312
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #428]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #424]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #420]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #416]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #412]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #408]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r10}
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [r1, #48]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ add lr, sp, #316
+ adds r0, r0, r11
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #340
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adc r0, r0, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #364]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r6, r7, r8, r9, r10}
+ ldr r5, [sp, #312]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #100] @ 4-byte Reload
+ adds r11, r11, r5
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r0, r5, r0
+ mov r5, r11
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r2, r11, r0
+ add r0, sp, #248
+ bl .LmulPv448x32(PLT)
+ ldr r1, [sp, #304]
+ ldr r10, [sp, #272]
+ ldr r11, [sp, #268]
+ ldr r8, [sp, #264]
+ ldr r6, [sp, #248]
+ ldr r7, [sp, #252]
+ ldr r4, [sp, #256]
+ ldr r9, [sp, #260]
+ add r0, sp, #184
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #300]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #296]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #292]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #288]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #284]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #280]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #276]
+ str r1, [sp, #12] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [r1, #52]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ bl .LmulPv448x32(PLT)
+ adds r0, r5, r6
+ ldr r1, [sp, #52] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #200
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r7
+ adcs r1, r1, r4
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs r1, r1, r9
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ adcs r1, r1, r8
+ add r8, sp, #184
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #224
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #88] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adc r1, r1, r2
+ str r1, [sp, #60] @ 4-byte Spill
+ ldm r8, {r2, r7, r8}
+ ldr r6, [sp, #196]
+ adds r4, r0, r2
+ ldr r0, [sp, #104] @ 4-byte Reload
+ mul r1, r4, r0
+ ldr r0, [sp, #240]
+ str r1, [sp, #52] @ 4-byte Spill
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #236]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r5, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #112] @ 4-byte Reload
+ adcs r11, r11, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ adcs r8, r7, r8
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs r6, r7, r6
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r7, r0, r5
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r5, [sp, #116] @ 4-byte Reload
+ adcs r9, r0, r9
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ add r0, sp, #120
+ bl .LmulPv448x32(PLT)
+ add r3, sp, #120
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r4, r0
+ mov r4, r5
+ adcs r11, r11, r1
+ ldr r0, [sp, #136]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r2, r8, r2
+ str r11, [sp, #44] @ 4-byte Spill
+ adcs lr, r6, r3
+ str r2, [sp, #52] @ 4-byte Spill
+ str lr, [sp, #60] @ 4-byte Spill
+ adcs r8, r1, r0
+ ldr r0, [sp, #140]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r8, [sp, #64] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #144]
+ adcs r0, r1, r0
+ ldr r1, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #148]
+ adcs r0, r1, r0
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #152]
+ adcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ adcs r10, r1, r0
+ ldr r0, [sp, #160]
+ ldr r1, [sp, #104] @ 4-byte Reload
+ str r10, [sp, #68] @ 4-byte Spill
+ adcs r0, r7, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #164]
+ adcs r0, r9, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #168]
+ adcs r0, r1, r0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #172]
+ adcs r0, r1, r0
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #176]
+ adc r0, r1, r0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldmib r4, {r0, r1, r7, r9, r12}
+ ldr r6, [r4]
+ ldr r3, [r4, #24]
+ ldr r5, [r4, #28]
+ subs r6, r11, r6
+ str r3, [sp, #72] @ 4-byte Spill
+ add r11, r4, #32
+ sbcs r3, r2, r0
+ sbcs r2, lr, r1
+ ldm r11, {r0, r1, r11}
+ sbcs lr, r8, r7
+ ldr r7, [r4, #44]
+ ldr r8, [r4, #52]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r4, #48]
+ ldr r4, [sp, #80] @ 4-byte Reload
+ sbcs r9, r4, r9
+ ldr r4, [sp, #84] @ 4-byte Reload
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [sp, #72] @ 4-byte Reload
+ sbcs r12, r4, r12
+ ldr r4, [sp, #88] @ 4-byte Reload
+ sbcs r4, r4, r7
+ ldr r7, [sp, #92] @ 4-byte Reload
+ sbcs r5, r7, r5
+ sbcs r7, r10, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ sbcs r10, r0, r1
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r11, r0, r11
+ ldr r0, [sp, #104] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ sbcs r0, r0, r1
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ sbc r8, r0, r8
+ ldr r0, [sp, #44] @ 4-byte Reload
+ asr r1, r8, #31
+ cmp r1, #0
+ movlt r6, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ str r6, [r0]
+ ldr r6, [sp, #52] @ 4-byte Reload
+ movlt r3, r6
+ str r3, [r0, #4]
+ ldr r3, [sp, #60] @ 4-byte Reload
+ movlt r2, r3
+ cmp r1, #0
+ ldr r3, [sp, #72] @ 4-byte Reload
+ str r2, [r0, #8]
+ ldr r2, [sp, #64] @ 4-byte Reload
+ movlt lr, r2
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str lr, [r0, #12]
+ movlt r9, r2
+ ldr r2, [sp, #84] @ 4-byte Reload
+ str r9, [r0, #16]
+ movlt r12, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #20]
+ movlt r4, r2
+ ldr r2, [sp, #92] @ 4-byte Reload
+ str r4, [r0, #24]
+ movlt r5, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ str r5, [r0, #28]
+ movlt r7, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ cmp r1, #0
+ str r7, [r0, #32]
+ movlt r10, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ str r10, [r0, #36]
+ movlt r11, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ str r11, [r0, #40]
+ movlt r3, r2
+ cmp r1, #0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #116] @ 4-byte Reload
+ str r3, [r0, #44]
+ movlt r2, r1
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r2, [r0, #48]
+ movlt r8, r1
+ str r8, [r0, #52]
+ add sp, sp, #892
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end211:
+ .size mcl_fp_montNF14L, .Lfunc_end211-mcl_fp_montNF14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montRed14L
+ .align 2
+ .type mcl_fp_montRed14L,%function
+mcl_fp_montRed14L: @ @mcl_fp_montRed14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #68
+ sub sp, sp, #68
+ .pad #1024
+ sub sp, sp, #1024
+ mov r3, r2
+ str r0, [sp, #180] @ 4-byte Spill
+ ldr r2, [r1, #4]
+ ldr r6, [r1]
+ ldr r0, [r3]
+ str r3, [sp, #184] @ 4-byte Spill
+ str r2, [sp, #88] @ 4-byte Spill
+ ldr r2, [r1, #8]
+ str r0, [sp, #176] @ 4-byte Spill
+ ldr r0, [r3, #4]
+ str r2, [sp, #84] @ 4-byte Spill
+ ldr r2, [r1, #12]
+ str r0, [sp, #172] @ 4-byte Spill
+ ldr r0, [r3, #8]
+ str r2, [sp, #80] @ 4-byte Spill
+ str r0, [sp, #168] @ 4-byte Spill
+ ldr r0, [r3, #12]
+ str r0, [sp, #152] @ 4-byte Spill
+ ldr r0, [r3, #16]
+ str r0, [sp, #156] @ 4-byte Spill
+ ldr r0, [r3, #20]
+ str r0, [sp, #160] @ 4-byte Spill
+ ldr r0, [r3, #24]
+ str r0, [sp, #164] @ 4-byte Spill
+ ldr r0, [r3, #-4]
+ str r0, [sp, #188] @ 4-byte Spill
+ mul r2, r6, r0
+ ldr r0, [r3, #28]
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r0, [sp, #128] @ 4-byte Spill
+ ldr r0, [r3, #36]
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [r3, #40]
+ str r0, [sp, #136] @ 4-byte Spill
+ ldr r0, [r3, #44]
+ str r0, [sp, #140] @ 4-byte Spill
+ ldr r0, [r3, #48]
+ str r0, [sp, #144] @ 4-byte Spill
+ ldr r0, [r3, #52]
+ str r0, [sp, #148] @ 4-byte Spill
+ ldr r0, [r1, #96]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [r1, #100]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [r1, #104]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [r1, #108]
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [r1, #64]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r1, #68]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r1, #72]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r1, #80]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [r1, #84]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [r1, #88]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [r1, #92]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [r1, #76]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r1, #32]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #56]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #60]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r1, #28]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r1, #24]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r1, #20]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r1, #16]
+ mov r1, r3
+ str r0, [sp, #12] @ 4-byte Spill
+ add r0, sp, #1024
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1080]
+ ldr r8, [sp, #1024]
+ ldr r1, [sp, #1032]
+ ldr r2, [sp, #1036]
+ ldr r3, [sp, #1040]
+ ldr r12, [sp, #1044]
+ ldr lr, [sp, #1048]
+ ldr r4, [sp, #1052]
+ ldr r5, [sp, #1056]
+ ldr r7, [sp, #1060]
+ ldr r9, [sp, #1064]
+ ldr r10, [sp, #1068]
+ ldr r11, [sp, #1072]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1076]
+ adds r6, r6, r8
+ ldr r6, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ adcs r8, r6, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #12] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #184] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #188] @ 4-byte Reload
+ mul r2, r8, r0
+ add r0, sp, #960
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #1016]
+ add lr, sp, #996
+ add r10, sp, #964
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1012]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r4, r5, r12, lr}
+ ldr r6, [sp, #960]
+ ldr r7, [sp, #992]
+ ldr r11, [sp, #988]
+ ldr r3, [sp, #984]
+ ldm r10, {r0, r1, r2, r9, r10}
+ adds r6, r8, r6
+ ldr r6, [sp, #88] @ 4-byte Reload
+ adcs r8, r6, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r6, [sp, #188] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r8, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ mov r11, r8
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #184] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #16] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #20] @ 4-byte Spill
+ add r0, sp, #896
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #952]
+ add r10, sp, #924
+ add lr, sp, #900
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #948]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #944]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldr r4, [sp, #896]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r4, r11, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r4, r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r4, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #24] @ 4-byte Spill
+ add r0, sp, #832
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #888]
+ add lr, sp, #872
+ add r11, sp, #832
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #884]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm lr, {r5, r12, lr}
+ ldr r6, [sp, #868]
+ ldr r7, [sp, #864]
+ ldm r11, {r0, r1, r2, r3, r8, r9, r10, r11}
+ adds r0, r4, r0
+ ldr r4, [sp, #188] @ 4-byte Reload
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ mov r11, r1
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #184] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r4
+ mov r1, r5
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #28] @ 4-byte Spill
+ add r0, sp, #768
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #824]
+ add r10, sp, #796
+ add lr, sp, #784
+ add r9, sp, #768
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r10}
+ ldm lr, {r3, r12, lr}
+ ldm r9, {r0, r1, r2, r9}
+ adds r0, r11, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r10
+ mov r10, r1
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r4
+ mov r1, r5
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #704
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #760]
+ add lr, sp, #744
+ add r9, sp, #708
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #756]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm lr, {r5, r12, lr}
+ ldr r4, [sp, #704]
+ ldr r6, [sp, #740]
+ ldr r7, [sp, #736]
+ ldr r11, [sp, #732]
+ ldr r3, [sp, #728]
+ ldm r9, {r0, r1, r2, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r4, r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ mov r11, r4
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r5
+ ldr r5, [sp, #188] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ mul r2, r4, r5
+ ldr r4, [sp, #184] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r4
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #640
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #696]
+ add r10, sp, #664
+ add lr, sp, #640
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #688]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #684]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r11, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r1, r0, r1
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ mov r10, r1
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r1, r5
+ mov r1, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #576
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #632]
+ add lr, sp, #616
+ add r9, sp, #580
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #628]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm lr, {r5, r12, lr}
+ ldr r4, [sp, #576]
+ ldr r6, [sp, #612]
+ ldr r7, [sp, #608]
+ ldr r11, [sp, #604]
+ ldr r3, [sp, #600]
+ ldm r9, {r0, r1, r2, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r10, r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r4, [sp, #188] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #184] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r9
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #512
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #568]
+ add r11, sp, #536
+ add lr, sp, #512
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #564]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #560]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #556]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldm r11, {r5, r6, r7, r8, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r1, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r5
+ mov r5, r9
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ add r0, sp, #448
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #504]
+ add lr, sp, #484
+ add r9, sp, #452
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #500]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #496]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm lr, {r6, r12, lr}
+ ldr r4, [sp, #448]
+ ldr r7, [sp, #480]
+ ldr r11, [sp, #476]
+ ldr r3, [sp, #472]
+ ldm r9, {r0, r1, r2, r8, r9}
+ adds r4, r10, r4
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r10, r4, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r4, [sp, #188] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r5
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #384
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #440]
+ add r11, sp, #408
+ add lr, sp, #384
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #436]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #432]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm r11, {r5, r6, r7, r8, r9, r11}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r0, r10, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r10, r0, r1
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r1, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r2
+ mul r2, r10, r4
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #184] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r7
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #320
+ bl .LmulPv448x32(PLT)
+ ldr r0, [sp, #376]
+ add r9, sp, #348
+ ldr r11, [sp, #364]
+ ldr r8, [sp, #360]
+ add lr, sp, #328
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #372]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #368]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r9, {r4, r6, r9}
+ ldr r3, [sp, #320]
+ ldr r5, [sp, #324]
+ ldm lr, {r0, r1, r2, r12, lr}
+ adds r3, r10, r3
+ ldr r3, [sp, #88] @ 4-byte Reload
+ adcs r5, r3, r5
+ ldr r3, [sp, #84] @ 4-byte Reload
+ adcs r10, r3, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #188] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ mul r2, r5, r6
+ adcs r0, r0, r9
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r11
+ mov r11, r7
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r11
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #256
+ bl .LmulPv448x32(PLT)
+ add r7, sp, #256
+ add r12, sp, #272
+ ldm r7, {r0, r1, r3, r7}
+ ldr r9, [sp, #312]
+ ldr r8, [sp, #308]
+ ldr lr, [sp, #304]
+ adds r0, r5, r0
+ ldr r5, [sp, #300]
+ adcs r10, r10, r1
+ mul r0, r10, r6
+ ldr r6, [sp, #296]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #188] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #292]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r4, [sp, #120] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r11
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r4, r0, r2
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r8, r0, r9
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, #0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ add r0, sp, #192
+ bl .LmulPv448x32(PLT)
+ add r3, sp, #192
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r10, r0
+ ldr r0, [sp, #188] @ 4-byte Reload
+ adcs lr, r0, r1
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str lr, [sp, #72] @ 4-byte Spill
+ adcs r2, r0, r2
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r2, [sp, #76] @ 4-byte Spill
+ adcs r3, r0, r3
+ ldr r0, [sp, #208]
+ str r3, [sp, #80] @ 4-byte Spill
+ adcs r7, r1, r0
+ ldr r0, [sp, #212]
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r7, [sp, #84] @ 4-byte Spill
+ adcs r4, r4, r0
+ ldr r0, [sp, #216]
+ str r4, [sp, #88] @ 4-byte Spill
+ adcs r5, r1, r0
+ ldr r0, [sp, #220]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r5, [sp, #92] @ 4-byte Spill
+ adcs r6, r1, r0
+ ldr r0, [sp, #224]
+ ldr r1, [sp, #60] @ 4-byte Reload
+ str r6, [sp, #96] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #100] @ 4-byte Reload
+ str r0, [sp, #184] @ 4-byte Spill
+ ldr r0, [sp, #228]
+ adcs r11, r1, r0
+ ldr r0, [sp, #232]
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r11, [sp, #100] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #188] @ 4-byte Spill
+ ldr r0, [sp, #236]
+ adcs r10, r1, r0
+ ldr r0, [sp, #240]
+ ldr r1, [sp, #120] @ 4-byte Reload
+ str r10, [sp, #108] @ 4-byte Spill
+ adcs r9, r1, r0
+ ldr r0, [sp, #244]
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r9, [sp, #116] @ 4-byte Spill
+ adcs r8, r8, r0
+ ldr r0, [sp, #248]
+ str r8, [sp, #120] @ 4-byte Spill
+ adcs r12, r1, r0
+ ldr r0, [sp, #104] @ 4-byte Reload
+ ldr r1, [sp, #172] @ 4-byte Reload
+ str r12, [sp, #112] @ 4-byte Spill
+ adc r0, r0, #0
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #176] @ 4-byte Reload
+ subs r0, lr, r0
+ sbcs r1, r2, r1
+ ldr r2, [sp, #168] @ 4-byte Reload
+ sbcs r2, r3, r2
+ ldr r3, [sp, #152] @ 4-byte Reload
+ sbcs r3, r7, r3
+ ldr r7, [sp, #156] @ 4-byte Reload
+ sbcs lr, r4, r7
+ ldr r4, [sp, #160] @ 4-byte Reload
+ ldr r7, [sp, #184] @ 4-byte Reload
+ sbcs r4, r5, r4
+ ldr r5, [sp, #164] @ 4-byte Reload
+ sbcs r5, r6, r5
+ ldr r6, [sp, #124] @ 4-byte Reload
+ sbcs r6, r7, r6
+ ldr r7, [sp, #128] @ 4-byte Reload
+ sbcs r7, r11, r7
+ ldr r11, [sp, #188] @ 4-byte Reload
+ str r7, [sp, #172] @ 4-byte Spill
+ ldr r7, [sp, #132] @ 4-byte Reload
+ sbcs r11, r11, r7
+ ldr r7, [sp, #136] @ 4-byte Reload
+ sbcs r7, r10, r7
+ str r7, [sp, #176] @ 4-byte Spill
+ ldr r7, [sp, #140] @ 4-byte Reload
+ sbcs r9, r9, r7
+ ldr r7, [sp, #144] @ 4-byte Reload
+ sbcs r10, r8, r7
+ ldr r7, [sp, #148] @ 4-byte Reload
+ sbcs r8, r12, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ sbc r7, r7, #0
+ ands r12, r7, #1
+ ldr r7, [sp, #72] @ 4-byte Reload
+ movne r0, r7
+ ldr r7, [sp, #180] @ 4-byte Reload
+ str r0, [r7]
+ ldr r0, [sp, #76] @ 4-byte Reload
+ movne r1, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ str r1, [r7, #4]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ movne r2, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ cmp r12, #0
+ str r2, [r7, #8]
+ movne r3, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r3, [r7, #12]
+ movne lr, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ str lr, [r7, #16]
+ movne r4, r0
+ ldr r0, [sp, #96] @ 4-byte Reload
+ cmp r12, #0
+ str r4, [r7, #20]
+ movne r5, r0
+ ldr r0, [sp, #184] @ 4-byte Reload
+ str r5, [r7, #24]
+ movne r6, r0
+ ldr r0, [sp, #172] @ 4-byte Reload
+ movne r0, r1
+ str r6, [r7, #28]
+ cmp r12, #0
+ str r0, [r7, #32]
+ ldr r0, [sp, #188] @ 4-byte Reload
+ movne r11, r0
+ ldr r0, [sp, #108] @ 4-byte Reload
+ str r11, [r7, #36]
+ ldr r11, [sp, #176] @ 4-byte Reload
+ movne r11, r0
+ ldr r0, [sp, #116] @ 4-byte Reload
+ str r11, [r7, #40]
+ movne r9, r0
+ ldr r0, [sp, #120] @ 4-byte Reload
+ cmp r12, #0
+ str r9, [r7, #44]
+ movne r10, r0
+ ldr r0, [sp, #112] @ 4-byte Reload
+ str r10, [r7, #48]
+ movne r8, r0
+ str r8, [r7, #52]
+ add sp, sp, #68
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end212:
+ .size mcl_fp_montRed14L, .Lfunc_end212-mcl_fp_montRed14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addPre14L
+ .align 2
+ .type mcl_fp_addPre14L,%function
+mcl_fp_addPre14L: @ @mcl_fp_addPre14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldm r1, {r3, r12, lr}
+ ldr r9, [r1, #12]
+ ldmib r2, {r5, r6, r7}
+ ldr r11, [r2]
+ ldr r4, [r2, #16]
+ ldr r10, [r1, #44]
+ adds r8, r11, r3
+ ldr r3, [r2, #32]
+ str r4, [sp, #4] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ ldr r11, [r1, #48]
+ adcs r5, r5, r12
+ add r12, r1, #16
+ adcs r6, r6, lr
+ ldr lr, [r1, #40]
+ adcs r7, r7, r9
+ ldr r9, [r1, #52]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #36]
+ str r4, [sp, #8] @ 4-byte Spill
+ ldr r4, [r2, #24]
+ str r3, [sp, #24] @ 4-byte Spill
+ ldr r3, [r2, #40]
+ str r4, [sp, #12] @ 4-byte Spill
+ ldr r4, [r2, #28]
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [r2, #44]
+ str r4, [sp, #20] @ 4-byte Spill
+ ldr r4, [r1, #32]
+ str r3, [sp, #32] @ 4-byte Spill
+ ldr r3, [r2, #48]
+ ldr r2, [r2, #52]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #36]
+ str r3, [sp, #36] @ 4-byte Spill
+ str r2, [sp] @ 4-byte Spill
+ ldm r12, {r1, r2, r3, r12}
+ str r8, [r0]
+ stmib r0, {r5, r6}
+ str r7, [r0, #12]
+ ldr r5, [sp, #4] @ 4-byte Reload
+ ldr r7, [sp, #32] @ 4-byte Reload
+ ldr r6, [sp, #36] @ 4-byte Reload
+ adcs r1, r5, r1
+ ldr r5, [sp, #8] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r2, r5, r2
+ ldr r5, [sp, #40] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #20] @ 4-byte Reload
+ adcs r1, r1, r3
+ ldr r3, [sp] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r2, r2, r12
+ add r12, r0, #32
+ str r2, [r0, #28]
+ ldr r2, [sp, #24] @ 4-byte Reload
+ adcs r1, r1, r4
+ adcs r2, r2, r3
+ ldr r3, [sp, #28] @ 4-byte Reload
+ adcs r3, r3, lr
+ adcs r7, r7, r10
+ adcs r6, r6, r11
+ stm r12, {r1, r2, r3, r7}
+ adcs r5, r5, r9
+ str r6, [r0, #48]
+ str r5, [r0, #52]
+ mov r0, #0
+ adc r0, r0, #0
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end213:
+ .size mcl_fp_addPre14L, .Lfunc_end213-mcl_fp_addPre14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subPre14L
+ .align 2
+ .type mcl_fp_subPre14L,%function
+mcl_fp_subPre14L: @ @mcl_fp_subPre14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ ldmib r2, {r10, r11}
+ ldr r3, [r2, #16]
+ ldr r7, [r1]
+ ldr r6, [r2, #12]
+ str r3, [sp, #28] @ 4-byte Spill
+ ldr r3, [r2, #20]
+ str r3, [sp, #32] @ 4-byte Spill
+ ldr r3, [r2, #24]
+ str r3, [sp, #36] @ 4-byte Spill
+ ldr r3, [r2, #28]
+ str r3, [sp, #40] @ 4-byte Spill
+ ldr r3, [r2]
+ ldmib r1, {r4, r5, r12}
+ subs lr, r7, r3
+ ldr r3, [r2, #32]
+ sbcs r4, r4, r10
+ sbcs r5, r5, r11
+ add r11, r1, #32
+ sbcs r6, r12, r6
+ add r12, r1, #16
+ str r3, [sp, #4] @ 4-byte Spill
+ ldr r3, [r2, #36]
+ str r3, [sp, #8] @ 4-byte Spill
+ ldr r3, [r2, #40]
+ str r3, [sp, #12] @ 4-byte Spill
+ ldr r3, [r2, #44]
+ str r3, [sp, #16] @ 4-byte Spill
+ ldr r3, [r2, #48]
+ ldr r2, [r2, #52]
+ str r3, [sp, #20] @ 4-byte Spill
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r11, {r7, r10, r11}
+ ldr r2, [r1, #52]
+ ldr r8, [r1, #44]
+ ldr r9, [r1, #48]
+ str r2, [sp] @ 4-byte Spill
+ ldm r12, {r1, r2, r3, r12}
+ str lr, [r0]
+ stmib r0, {r4, r5}
+ str r6, [r0, #12]
+ ldr r5, [sp, #28] @ 4-byte Reload
+ ldr r6, [sp, #32] @ 4-byte Reload
+ ldr r4, [sp] @ 4-byte Reload
+ sbcs r1, r1, r5
+ ldr r5, [sp, #24] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ sbcs r2, r2, r6
+ ldr r6, [sp, #20] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r1, r3, r1
+ ldr r3, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #4] @ 4-byte Reload
+ sbcs r2, r12, r2
+ add r12, r0, #32
+ str r2, [r0, #28]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbcs r1, r7, r1
+ ldr r7, [sp, #16] @ 4-byte Reload
+ sbcs r2, r10, r2
+ sbcs r3, r11, r3
+ sbcs r7, r8, r7
+ sbcs r6, r9, r6
+ stm r12, {r1, r2, r3, r7}
+ sbcs r5, r4, r5
+ str r6, [r0, #48]
+ str r5, [r0, #52]
+ mov r0, #0
+ sbc r0, r0, #0
+ and r0, r0, #1
+ add sp, sp, #44
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end214:
+ .size mcl_fp_subPre14L, .Lfunc_end214-mcl_fp_subPre14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_shr1_14L
+ .align 2
+ .type mcl_fp_shr1_14L,%function
+mcl_fp_shr1_14L: @ @mcl_fp_shr1_14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #16
+ sub sp, sp, #16
+ add r9, r1, #8
+ add r12, r1, #32
+ ldm r9, {r2, r3, r4, r5, r6, r9}
+ ldm r1, {r7, lr}
+ str r7, [sp, #4] @ 4-byte Spill
+ lsr r7, lr, #1
+ orr r7, r7, r2, lsl #31
+ str r7, [sp] @ 4-byte Spill
+ ldm r12, {r7, r11, r12}
+ ldr r10, [r1, #48]
+ ldr r8, [r1, #44]
+ ldr r1, [r1, #52]
+ str r1, [sp, #12] @ 4-byte Spill
+ lsr r1, r3, #1
+ lsrs r3, r3, #1
+ str r10, [sp, #8] @ 4-byte Spill
+ rrx r2, r2
+ lsrs r3, lr, #1
+ orr r1, r1, r4, lsl #31
+ ldr r3, [sp, #4] @ 4-byte Reload
+ rrx r3, r3
+ str r3, [r0]
+ ldr r3, [sp] @ 4-byte Reload
+ str r3, [r0, #4]
+ str r2, [r0, #8]
+ str r1, [r0, #12]
+ lsrs r1, r5, #1
+ lsr r2, r11, #1
+ rrx r1, r4
+ ldr r4, [sp, #8] @ 4-byte Reload
+ orr r2, r2, r12, lsl #31
+ str r1, [r0, #16]
+ lsr r1, r5, #1
+ ldr r5, [sp, #12] @ 4-byte Reload
+ orr r1, r1, r6, lsl #31
+ str r1, [r0, #20]
+ lsrs r1, r9, #1
+ rrx r1, r6
+ str r1, [r0, #24]
+ lsr r1, r9, #1
+ orr r1, r1, r7, lsl #31
+ str r1, [r0, #28]
+ lsrs r1, r11, #1
+ rrx r1, r7
+ lsrs r3, r8, #1
+ lsr r7, r8, #1
+ rrx r3, r12
+ lsrs r6, r5, #1
+ orr r7, r7, r4, lsl #31
+ add r12, r0, #32
+ lsr r5, r5, #1
+ rrx r6, r4
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #48]
+ str r5, [r0, #52]
+ add sp, sp, #16
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end215:
+ .size mcl_fp_shr1_14L, .Lfunc_end215-mcl_fp_shr1_14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_add14L
+ .align 2
+ .type mcl_fp_add14L,%function
+mcl_fp_add14L: @ @mcl_fp_add14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #52
+ sub sp, sp, #52
+ ldr r9, [r1]
+ ldmib r1, {r8, lr}
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r6, r7}
+ adds r9, r4, r9
+ ldr r4, [r1, #24]
+ adcs r10, r5, r8
+ ldr r5, [r1, #20]
+ str r9, [r0]
+ adcs r6, r6, lr
+ mov lr, r10
+ adcs r7, r7, r12
+ str r6, [sp, #32] @ 4-byte Spill
+ ldr r6, [r1, #16]
+ str lr, [r0, #4]
+ str r7, [sp, #28] @ 4-byte Spill
+ ldr r7, [r2, #16]
+ adcs r7, r7, r6
+ ldr r6, [r2, #44]
+ str r7, [sp, #48] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ adcs r7, r7, r5
+ ldr r5, [r2, #28]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ ldr r10, [sp, #16] @ 4-byte Reload
+ adcs r7, r7, r4
+ ldr r4, [sp, #32] @ 4-byte Reload
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r1, #28]
+ str r4, [r0, #8]
+ adcs r7, r5, r7
+ ldr r5, [r2, #32]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r1, #32]
+ adcs r7, r5, r7
+ ldr r5, [r2, #36]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r1, #36]
+ adcs r11, r5, r7
+ ldr r7, [r1, #40]
+ ldr r5, [r2, #40]
+ str r11, [sp, #24] @ 4-byte Spill
+ adcs r8, r5, r7
+ ldr r7, [r1, #44]
+ ldr r5, [sp, #28] @ 4-byte Reload
+ str r8, [sp, #12] @ 4-byte Spill
+ adcs r12, r6, r7
+ ldr r7, [r1, #48]
+ ldr r6, [r2, #48]
+ ldr r1, [r1, #52]
+ ldr r2, [r2, #52]
+ str r5, [r0, #12]
+ str r12, [sp, #8] @ 4-byte Spill
+ adcs r6, r6, r7
+ adcs r2, r2, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r10, [r0, #20]
+ str r1, [r0, #24]
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r1, [r0, #28]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r1, [r0, #32]
+ str r11, [r0, #36]
+ str r8, [r0, #40]
+ str r12, [r0, #44]
+ str r6, [r0, #48]
+ str r2, [r0, #52]
+ mov r8, r2
+ mov r2, #0
+ mov r12, r6
+ add r11, r3, #32
+ adc r1, r2, #0
+ str r1, [sp, #20] @ 4-byte Spill
+ ldm r3, {r6, r7}
+ ldr r1, [r3, #8]
+ ldr r2, [r3, #12]
+ subs r6, r9, r6
+ sbcs r7, lr, r7
+ str r6, [sp, #4] @ 4-byte Spill
+ sbcs r1, r4, r1
+ str r7, [sp] @ 4-byte Spill
+ str r1, [sp, #32] @ 4-byte Spill
+ sbcs r1, r5, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [r3, #16]
+ sbcs r1, r2, r1
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ sbcs r10, r10, r1
+ ldr r1, [r3, #24]
+ sbcs r1, r2, r1
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ sbcs r5, r2, r1
+ ldm r11, {r1, r2, r6, r7, r11}
+ ldr r9, [r3, #52]
+ ldr r3, [sp, #40] @ 4-byte Reload
+ sbcs r3, r3, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ sbcs lr, r1, r2
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ sbcs r4, r1, r6
+ ldr r1, [sp, #8] @ 4-byte Reload
+ sbcs r7, r1, r7
+ sbcs r6, r12, r11
+ sbcs r1, r8, r9
+ sbc r2, r2, #0
+ tst r2, #1
+ bne .LBB216_2
+@ BB#1: @ %nocarry
+ ldr r2, [sp, #4] @ 4-byte Reload
+ str r2, [r0]
+ ldr r2, [sp] @ 4-byte Reload
+ str r2, [r0, #4]
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r2, [r0, #8]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r2, [r0, #12]
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r2, [r0, #16]
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r10, [r0, #20]
+ str r2, [r0, #24]
+ str r5, [r0, #28]
+ str r3, [r0, #32]
+ str lr, [r0, #36]
+ str r4, [r0, #40]
+ str r7, [r0, #44]
+ str r6, [r0, #48]
+ str r1, [r0, #52]
+.LBB216_2: @ %carry
+ add sp, sp, #52
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end216:
+ .size mcl_fp_add14L, .Lfunc_end216-mcl_fp_add14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_addNF14L
+ .align 2
+ .type mcl_fp_addNF14L,%function
+mcl_fp_addNF14L: @ @mcl_fp_addNF14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #80
+ sub sp, sp, #80
+ ldm r1, {r7, r8, lr}
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r6, r10}
+ adds r4, r4, r7
+ ldr r7, [r2, #16]
+ adcs r5, r5, r8
+ str r4, [sp, #36] @ 4-byte Spill
+ ldr r4, [r1, #24]
+ adcs lr, r6, lr
+ ldr r6, [r1, #16]
+ str r5, [sp, #40] @ 4-byte Spill
+ ldr r5, [r1, #20]
+ adcs r9, r10, r12
+ str lr, [sp, #12] @ 4-byte Spill
+ str r9, [sp, #16] @ 4-byte Spill
+ adcs r7, r7, r6
+ ldr r6, [r2, #20]
+ str r7, [sp, #44] @ 4-byte Spill
+ adcs r7, r6, r5
+ ldr r6, [r2, #24]
+ ldr r5, [r2, #28]
+ str r7, [sp, #48] @ 4-byte Spill
+ adcs r8, r6, r4
+ ldr r6, [r1, #28]
+ str r8, [sp, #20] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #32]
+ ldr r5, [r2, #32]
+ str r7, [sp, #52] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #36]
+ ldr r5, [r2, #36]
+ str r7, [sp, #56] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #40]
+ ldr r5, [r2, #40]
+ str r7, [sp, #68] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #44]
+ ldr r5, [r2, #44]
+ str r7, [sp, #64] @ 4-byte Spill
+ adcs r7, r5, r6
+ ldr r6, [r1, #48]
+ ldr r5, [r2, #48]
+ ldr r1, [r1, #52]
+ ldr r2, [r2, #52]
+ str r7, [sp, #60] @ 4-byte Spill
+ adcs r7, r5, r6
+ adc r1, r2, r1
+ str r7, [sp, #76] @ 4-byte Spill
+ str r1, [sp, #72] @ 4-byte Spill
+ ldmib r3, {r1, r4, r6}
+ ldr r2, [r3, #24]
+ ldr r7, [r3]
+ ldr r5, [r3, #16]
+ ldr r11, [r3, #20]
+ ldr r10, [r3, #40]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [sp, #36] @ 4-byte Reload
+ subs r7, r2, r7
+ ldr r2, [sp, #40] @ 4-byte Reload
+ sbcs r2, r2, r1
+ ldr r1, [r3, #36]
+ sbcs r12, lr, r4
+ sbcs lr, r9, r6
+ ldr r9, [r3, #32]
+ ldr r6, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #4] @ 4-byte Spill
+ ldr r1, [r3, #52]
+ str r1, [sp, #8] @ 4-byte Spill
+ ldr r1, [sp, #44] @ 4-byte Reload
+ sbcs r5, r1, r5
+ ldr r1, [sp, #48] @ 4-byte Reload
+ sbcs r3, r1, r11
+ ldr r1, [sp, #28] @ 4-byte Reload
+ sbcs r4, r8, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ sbcs r8, r1, r6
+ ldr r1, [sp, #56] @ 4-byte Reload
+ ldr r6, [sp, #24] @ 4-byte Reload
+ sbcs r11, r1, r9
+ ldr r1, [sp, #68] @ 4-byte Reload
+ sbcs r9, r1, r6
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r6, [sp] @ 4-byte Reload
+ sbcs r1, r1, r10
+ ldr r10, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ sbcs r1, r1, r6
+ ldr r6, [sp, #4] @ 4-byte Reload
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ sbcs r1, r1, r6
+ ldr r6, [sp, #8] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ sbc r6, r1, r6
+ asr r1, r6, #31
+ cmp r1, #0
+ movlt r7, r10
+ str r7, [r0]
+ ldr r7, [sp, #40] @ 4-byte Reload
+ movlt r2, r7
+ str r2, [r0, #4]
+ ldr r2, [sp, #12] @ 4-byte Reload
+ movlt r12, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #8]
+ movlt lr, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str lr, [r0, #12]
+ movlt r5, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r5, [r0, #16]
+ movlt r3, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ cmp r1, #0
+ str r3, [r0, #20]
+ ldr r3, [sp, #24] @ 4-byte Reload
+ movlt r4, r2
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r4, [r0, #24]
+ movlt r8, r2
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r8, [r0, #28]
+ movlt r11, r2
+ ldr r2, [sp, #68] @ 4-byte Reload
+ cmp r1, #0
+ str r11, [r0, #32]
+ movlt r9, r2
+ ldr r2, [sp, #64] @ 4-byte Reload
+ str r9, [r0, #36]
+ movlt r3, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r3, [r0, #40]
+ ldr r3, [sp, #28] @ 4-byte Reload
+ movlt r3, r2
+ cmp r1, #0
+ ldr r1, [sp, #76] @ 4-byte Reload
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r3, [r0, #44]
+ movlt r2, r1
+ ldr r1, [sp, #72] @ 4-byte Reload
+ str r2, [r0, #48]
+ movlt r6, r1
+ str r6, [r0, #52]
+ add sp, sp, #80
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end217:
+ .size mcl_fp_addNF14L, .Lfunc_end217-mcl_fp_addNF14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_sub14L
+ .align 2
+ .type mcl_fp_sub14L,%function
+mcl_fp_sub14L: @ @mcl_fp_sub14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #60
+ sub sp, sp, #60
+ ldr r9, [r2]
+ ldmib r2, {r8, lr}
+ ldr r5, [r1]
+ ldr r12, [r2, #12]
+ ldmib r1, {r4, r6, r7}
+ subs r5, r5, r9
+ sbcs r4, r4, r8
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [r2, #24]
+ sbcs r6, r6, lr
+ str r4, [sp, #48] @ 4-byte Spill
+ ldr r4, [r2, #20]
+ sbcs r7, r7, r12
+ str r6, [sp, #56] @ 4-byte Spill
+ ldr r6, [r2, #16]
+ str r7, [sp, #44] @ 4-byte Spill
+ ldr r7, [r1, #16]
+ sbcs r8, r7, r6
+ ldr r7, [r1, #20]
+ ldr r6, [r1, #28]
+ str r8, [sp, #40] @ 4-byte Spill
+ sbcs r10, r7, r4
+ ldr r7, [r1, #24]
+ ldr r4, [r1, #40]
+ str r10, [sp, #36] @ 4-byte Spill
+ sbcs r9, r7, r5
+ ldr r7, [r2, #28]
+ sbcs r11, r6, r7
+ ldr r7, [r2, #32]
+ ldr r6, [r1, #32]
+ str r11, [sp, #32] @ 4-byte Spill
+ sbcs r12, r6, r7
+ ldr r7, [r2, #36]
+ ldr r6, [r1, #36]
+ str r12, [sp, #28] @ 4-byte Spill
+ sbcs r6, r6, r7
+ ldr r7, [r2, #40]
+ sbcs r5, r4, r7
+ ldr r7, [r2, #44]
+ ldr r4, [r1, #44]
+ str r5, [sp, #24] @ 4-byte Spill
+ sbcs lr, r4, r7
+ ldr r4, [r2, #48]
+ ldr r7, [r1, #48]
+ ldr r2, [r2, #52]
+ ldr r1, [r1, #52]
+ sbcs r7, r7, r4
+ ldr r4, [sp, #44] @ 4-byte Reload
+ sbcs r2, r1, r2
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r1, [r0]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r1, [r0, #4]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r1, [r0, #8]
+ str r4, [r0, #12]
+ str r8, [r0, #16]
+ mov r1, lr
+ add r8, r0, #24
+ str r10, [r0, #20]
+ stm r8, {r9, r11, r12}
+ str r6, [r0, #36]
+ str r5, [r0, #40]
+ str r1, [r0, #44]
+ str r7, [r0, #48]
+ mov r8, r2
+ str r2, [r0, #52]
+ mov r2, #0
+ sbc r2, r2, #0
+ tst r2, #1
+ beq .LBB218_2
+@ BB#1: @ %carry
+ ldr r2, [r3, #52]
+ ldr r5, [r3, #48]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [sp, #52] @ 4-byte Reload
+ ldr lr, [r3, #4]
+ ldr r12, [r3, #8]
+ ldr r10, [r3, #12]
+ ldr r11, [r3, #40]
+ str r2, [sp, #20] @ 4-byte Spill
+ ldr r2, [r3, #16]
+ str r5, [sp, #52] @ 4-byte Spill
+ ldr r5, [sp, #48] @ 4-byte Reload
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r3, #20]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r3, #24]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldr r2, [r3, #28]
+ str r2, [sp, #12] @ 4-byte Spill
+ ldr r2, [r3]
+ adds r2, r2, r7
+ ldr r7, [sp, #56] @ 4-byte Reload
+ adcs lr, lr, r5
+ ldr r5, [r3, #44]
+ adcs r7, r12, r7
+ add r12, r0, #32
+ str r5, [sp, #48] @ 4-byte Spill
+ adcs r5, r10, r4
+ ldr r10, [r3, #36]
+ ldr r3, [r3, #32]
+ stm r0, {r2, lr}
+ str r7, [r0, #8]
+ ldr r2, [sp, #40] @ 4-byte Reload
+ ldr r7, [sp] @ 4-byte Reload
+ ldr r4, [sp, #36] @ 4-byte Reload
+ str r5, [r0, #12]
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r2, r7, r2
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r2, [r0, #16]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ adcs r4, r7, r4
+ ldr r7, [sp, #12] @ 4-byte Reload
+ adcs r2, r2, r9
+ str r4, [r0, #20]
+ str r2, [r0, #24]
+ ldr r2, [sp, #32] @ 4-byte Reload
+ adcs r2, r7, r2
+ ldr r7, [sp, #24] @ 4-byte Reload
+ str r2, [r0, #28]
+ ldr r2, [sp, #28] @ 4-byte Reload
+ adcs r2, r3, r2
+ adcs r3, r10, r6
+ ldr r6, [sp, #48] @ 4-byte Reload
+ adcs r7, r11, r7
+ adcs r6, r6, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r5, r5, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ stm r12, {r2, r3, r7}
+ str r6, [r0, #44]
+ str r5, [r0, #48]
+ adc r1, r1, r8
+ str r1, [r0, #52]
+.LBB218_2: @ %nocarry
+ add sp, sp, #60
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end218:
+ .size mcl_fp_sub14L, .Lfunc_end218-mcl_fp_sub14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_subNF14L
+ .align 2
+ .type mcl_fp_subNF14L,%function
+mcl_fp_subNF14L: @ @mcl_fp_subNF14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #80
+ sub sp, sp, #80
+ mov r12, r0
+ ldr r0, [r2, #32]
+ add r7, r1, #16
+ ldr r9, [r2]
+ ldr r11, [r2, #20]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [r2, #36]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [r2, #40]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r2, #44]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [r2, #48]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [r2, #52]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r1, #52]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r1, #48]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r1, #44]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r1, #40]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r1, #36]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r2, #4]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [r2, #8]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [r2, #12]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [r2, #16]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [r2, #24]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r2, #28]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldmib r1, {r2, r8, lr}
+ ldm r7, {r4, r5, r6, r7}
+ ldr r10, [r1]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r1, [r1, #32]
+ subs r10, r10, r9
+ sbcs r9, r2, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ str r10, [sp] @ 4-byte Spill
+ str r9, [sp, #4] @ 4-byte Spill
+ sbcs r0, r8, r0
+ add r8, r3, #20
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ sbcs r0, lr, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ sbcs r0, r4, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ sbcs r0, r5, r11
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ sbcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ sbcs r0, r7, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ sbcs r11, r1, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r11, [sp, #20] @ 4-byte Spill
+ sbcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ sbcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ sbc r0, r1, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [r3, #32]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [r3, #36]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [r3, #40]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [r3, #44]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [r3, #48]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [r3, #52]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r3, {r2, r4, r6}
+ ldr r5, [r3, #12]
+ ldr lr, [r3, #16]
+ ldm r8, {r0, r7, r8}
+ ldr r3, [sp, #56] @ 4-byte Reload
+ adds r1, r10, r2
+ ldr r10, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ adcs r4, r9, r4
+ adcs r6, r10, r6
+ adcs r2, r2, r5
+ ldr r5, [sp, #60] @ 4-byte Reload
+ adcs r3, r3, lr
+ adcs lr, r5, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r5, r0, r7
+ ldr r0, [sp, #44] @ 4-byte Reload
+ ldr r7, [sp, #16] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs r9, r11, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r11, r0, r7
+ ldr r0, [sp, #68] @ 4-byte Reload
+ ldr r7, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ ldr r7, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r7, r0, r7
+ str r7, [sp, #36] @ 4-byte Spill
+ asr r7, r0, #31
+ ldr r0, [sp] @ 4-byte Reload
+ cmp r7, #0
+ movge r6, r10
+ movge r1, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r1, [r12]
+ ldr r1, [sp, #24] @ 4-byte Reload
+ movge r4, r0
+ ldr r0, [sp, #52] @ 4-byte Reload
+ cmp r7, #0
+ str r4, [r12, #4]
+ str r6, [r12, #8]
+ movge r2, r0
+ ldr r0, [sp, #56] @ 4-byte Reload
+ str r2, [r12, #12]
+ movge r3, r0
+ ldr r0, [sp, #60] @ 4-byte Reload
+ str r3, [r12, #16]
+ movge lr, r0
+ ldr r0, [sp, #64] @ 4-byte Reload
+ cmp r7, #0
+ str lr, [r12, #20]
+ movge r5, r0
+ ldr r0, [sp, #44] @ 4-byte Reload
+ str r5, [r12, #24]
+ movge r8, r0
+ ldr r0, [sp, #20] @ 4-byte Reload
+ str r8, [r12, #28]
+ movge r9, r0
+ ldr r0, [sp, #48] @ 4-byte Reload
+ cmp r7, #0
+ str r9, [r12, #32]
+ movge r11, r0
+ ldr r0, [sp, #68] @ 4-byte Reload
+ str r11, [r12, #36]
+ movge r1, r0
+ ldr r0, [sp, #72] @ 4-byte Reload
+ str r1, [r12, #40]
+ ldr r1, [sp, #28] @ 4-byte Reload
+ movge r1, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ cmp r7, #0
+ str r1, [r12, #44]
+ ldr r1, [sp, #32] @ 4-byte Reload
+ movge r1, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ str r1, [r12, #48]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ movge r0, r1
+ str r0, [r12, #52]
+ add sp, sp, #80
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end219:
+ .size mcl_fp_subNF14L, .Lfunc_end219-mcl_fp_subNF14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_add14L
+ .align 2
+ .type mcl_fpDbl_add14L,%function
+mcl_fpDbl_add14L: @ @mcl_fpDbl_add14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #168
+ sub sp, sp, #168
+ ldr r7, [r1]
+ ldmib r1, {r6, lr}
+ ldr r12, [r1, #12]
+ ldm r2, {r4, r5, r8, r9}
+ add r10, r1, #32
+ adds r4, r4, r7
+ str r4, [sp, #92] @ 4-byte Spill
+ ldr r4, [r2, #96]
+ str r4, [sp, #152] @ 4-byte Spill
+ ldr r4, [r2, #100]
+ str r4, [sp, #156] @ 4-byte Spill
+ ldr r4, [r2, #104]
+ str r4, [sp, #160] @ 4-byte Spill
+ ldr r4, [r2, #108]
+ str r4, [sp, #164] @ 4-byte Spill
+ adcs r4, r5, r6
+ adcs r7, r8, lr
+ str r4, [sp, #68] @ 4-byte Spill
+ add lr, r1, #16
+ str r7, [sp, #64] @ 4-byte Spill
+ adcs r7, r9, r12
+ str r7, [sp, #76] @ 4-byte Spill
+ ldr r7, [r2, #64]
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #128] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #136] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #140] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #144] @ 4-byte Spill
+ ldr r7, [r2, #88]
+ str r7, [sp, #132] @ 4-byte Spill
+ ldr r7, [r2, #92]
+ str r7, [sp, #148] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #56] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r7, [sp, #60] @ 4-byte Spill
+ ldr r7, [r2, #40]
+ str r7, [sp, #72] @ 4-byte Spill
+ ldr r7, [r2, #44]
+ str r7, [sp, #80] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #84] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #88] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #96] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #100] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ ldr r2, [r2, #16]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #96]
+ str r7, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #104] @ 4-byte Spill
+ ldr r2, [r1, #100]
+ str r2, [sp, #108] @ 4-byte Spill
+ ldr r2, [r1, #104]
+ str r2, [sp, #112] @ 4-byte Spill
+ ldr r2, [r1, #108]
+ str r2, [sp, #116] @ 4-byte Spill
+ ldr r2, [r1, #64]
+ str r2, [sp, #28] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #32] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #36] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #40] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #48] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #24] @ 4-byte Spill
+ ldm r10, {r4, r5, r6, r10}
+ ldr r2, [r1, #56]
+ ldr r8, [r1, #48]
+ ldr r9, [r1, #52]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #92] @ 4-byte Reload
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r7, [r0, #8]
+ ldr r7, [sp] @ 4-byte Reload
+ adcs r1, r7, r1
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r7, [r0, #12]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r2, r7, r2
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r2, [r0, #20]
+ adcs r1, r1, r12
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [r0, #24]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r2, r2, lr
+ str r2, [r0, #28]
+ adcs r1, r1, r4
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r1, [r0, #32]
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r2, r2, r5
+ str r2, [r0, #36]
+ adcs r1, r1, r6
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str r1, [r0, #40]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r2, r2, r10
+ str r2, [r0, #44]
+ adcs r1, r1, r8
+ ldr r2, [sp, #88] @ 4-byte Reload
+ str r1, [r0, #48]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r2, r2, r9
+ adcs r6, r1, r7
+ str r2, [r0, #52]
+ ldr r1, [sp, #100] @ 4-byte Reload
+ ldr r2, [sp, #8] @ 4-byte Reload
+ str r6, [sp, #84] @ 4-byte Spill
+ adcs r5, r1, r2
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r5, [sp, #88] @ 4-byte Spill
+ adcs r4, r1, r2
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r4, [sp, #96] @ 4-byte Spill
+ adcs r7, r1, r2
+ ldr r1, [sp, #136] @ 4-byte Reload
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r7, [sp, #100] @ 4-byte Spill
+ adcs lr, r1, r2
+ ldr r1, [sp, #120] @ 4-byte Reload
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str lr, [sp, #92] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #136] @ 4-byte Spill
+ ldr r1, [sp, #140] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #140] @ 4-byte Spill
+ ldr r1, [sp, #144] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #144] @ 4-byte Spill
+ ldr r1, [sp, #132] @ 4-byte Reload
+ adcs r8, r1, r2
+ ldr r1, [sp, #148] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r8, [sp, #124] @ 4-byte Spill
+ adcs r1, r1, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #148] @ 4-byte Spill
+ ldr r1, [sp, #152] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #152] @ 4-byte Spill
+ ldr r1, [sp, #156] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #112] @ 4-byte Reload
+ str r1, [sp, #156] @ 4-byte Spill
+ ldr r1, [sp, #160] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #116] @ 4-byte Reload
+ str r1, [sp, #160] @ 4-byte Spill
+ ldr r1, [sp, #164] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #164] @ 4-byte Spill
+ mov r1, #0
+ adc r1, r1, #0
+ str r1, [sp, #120] @ 4-byte Spill
+ ldmib r3, {r2, r12}
+ ldr r1, [r3, #16]
+ ldr r11, [r3]
+ ldr r9, [r3, #12]
+ ldr r10, [r3, #36]
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [r3, #20]
+ subs r11, r6, r11
+ sbcs r2, r5, r2
+ sbcs r12, r4, r12
+ sbcs r4, r7, r9
+ ldr r7, [r3, #32]
+ str r1, [sp, #116] @ 4-byte Spill
+ ldr r1, [r3, #24]
+ ldr r6, [sp, #116] @ 4-byte Reload
+ str r1, [sp, #128] @ 4-byte Spill
+ ldr r1, [r3, #28]
+ ldr r5, [sp, #128] @ 4-byte Reload
+ str r1, [sp, #132] @ 4-byte Spill
+ ldr r1, [r3, #40]
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [r3, #52]
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ sbcs r3, lr, r1
+ ldr r1, [sp, #136] @ 4-byte Reload
+ sbcs lr, r1, r6
+ ldr r1, [sp, #140] @ 4-byte Reload
+ ldr r6, [sp, #132] @ 4-byte Reload
+ sbcs r5, r1, r5
+ ldr r1, [sp, #144] @ 4-byte Reload
+ sbcs r6, r1, r6
+ ldr r1, [sp, #148] @ 4-byte Reload
+ sbcs r8, r8, r7
+ ldr r7, [sp, #76] @ 4-byte Reload
+ sbcs r9, r1, r10
+ ldr r1, [sp, #152] @ 4-byte Reload
+ sbcs r10, r1, r7
+ ldr r1, [sp, #156] @ 4-byte Reload
+ ldr r7, [sp, #80] @ 4-byte Reload
+ sbcs r1, r1, r7
+ ldr r7, [sp, #104] @ 4-byte Reload
+ str r1, [sp, #128] @ 4-byte Spill
+ ldr r1, [sp, #160] @ 4-byte Reload
+ sbcs r1, r1, r7
+ ldr r7, [sp, #108] @ 4-byte Reload
+ str r1, [sp, #132] @ 4-byte Spill
+ ldr r1, [sp, #164] @ 4-byte Reload
+ sbcs r1, r1, r7
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r1, [sp, #116] @ 4-byte Spill
+ ldr r1, [sp, #120] @ 4-byte Reload
+ sbc r1, r1, #0
+ ands r1, r1, #1
+ movne r11, r7
+ ldr r7, [sp, #88] @ 4-byte Reload
+ str r11, [r0, #56]
+ movne r2, r7
+ ldr r7, [sp, #116] @ 4-byte Reload
+ str r2, [r0, #60]
+ ldr r2, [sp, #96] @ 4-byte Reload
+ movne r12, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #64]
+ movne r4, r2
+ ldr r2, [sp, #92] @ 4-byte Reload
+ str r4, [r0, #68]
+ movne r3, r2
+ ldr r2, [sp, #136] @ 4-byte Reload
+ str r3, [r0, #72]
+ ldr r3, [sp, #128] @ 4-byte Reload
+ movne lr, r2
+ ldr r2, [sp, #140] @ 4-byte Reload
+ cmp r1, #0
+ str lr, [r0, #76]
+ movne r5, r2
+ ldr r2, [sp, #144] @ 4-byte Reload
+ str r5, [r0, #80]
+ movne r6, r2
+ ldr r2, [sp, #124] @ 4-byte Reload
+ str r6, [r0, #84]
+ movne r8, r2
+ ldr r2, [sp, #148] @ 4-byte Reload
+ cmp r1, #0
+ str r8, [r0, #88]
+ movne r9, r2
+ ldr r2, [sp, #152] @ 4-byte Reload
+ str r9, [r0, #92]
+ movne r10, r2
+ ldr r2, [sp, #156] @ 4-byte Reload
+ str r10, [r0, #96]
+ movne r3, r2
+ cmp r1, #0
+ ldr r1, [sp, #160] @ 4-byte Reload
+ ldr r2, [sp, #132] @ 4-byte Reload
+ str r3, [r0, #100]
+ movne r2, r1
+ ldr r1, [sp, #164] @ 4-byte Reload
+ str r2, [r0, #104]
+ movne r7, r1
+ str r7, [r0, #108]
+ add sp, sp, #168
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end220:
+ .size mcl_fpDbl_add14L, .Lfunc_end220-mcl_fpDbl_add14L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sub14L
+ .align 2
+ .type mcl_fpDbl_sub14L,%function
+mcl_fpDbl_sub14L: @ @mcl_fpDbl_sub14L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #168
+ sub sp, sp, #168
+ ldr r7, [r2, #96]
+ add r9, r1, #32
+ str r7, [sp, #160] @ 4-byte Spill
+ ldr r7, [r2, #100]
+ str r7, [sp, #156] @ 4-byte Spill
+ ldr r7, [r2, #104]
+ str r7, [sp, #140] @ 4-byte Spill
+ ldr r7, [r2, #108]
+ str r7, [sp, #164] @ 4-byte Spill
+ ldr r7, [r2, #64]
+ str r7, [sp, #128] @ 4-byte Spill
+ ldr r7, [r2, #68]
+ str r7, [sp, #136] @ 4-byte Spill
+ ldr r7, [r2, #72]
+ str r7, [sp, #144] @ 4-byte Spill
+ ldr r7, [r2, #80]
+ str r7, [sp, #148] @ 4-byte Spill
+ ldr r7, [r2, #84]
+ str r7, [sp, #152] @ 4-byte Spill
+ ldr r7, [r2, #88]
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [r2, #92]
+ str r7, [sp, #132] @ 4-byte Spill
+ ldr r7, [r2, #76]
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [r2, #60]
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [r2, #56]
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [r2, #52]
+ str r7, [sp, #108] @ 4-byte Spill
+ ldr r7, [r2, #48]
+ str r7, [sp, #104] @ 4-byte Spill
+ ldm r2, {r5, r8, r12, lr}
+ ldr r6, [r1]
+ ldmib r1, {r4, r7, r10}
+ subs r5, r6, r5
+ sbcs r4, r4, r8
+ str r5, [sp, #32] @ 4-byte Spill
+ ldr r5, [r2, #44]
+ sbcs r7, r7, r12
+ str r4, [sp, #28] @ 4-byte Spill
+ ldr r4, [r2, #40]
+ str r7, [sp, #24] @ 4-byte Spill
+ ldr r7, [r2, #36]
+ str r5, [sp, #84] @ 4-byte Spill
+ str r4, [sp, #80] @ 4-byte Spill
+ str r7, [sp, #48] @ 4-byte Spill
+ sbcs r7, r10, lr
+ ldr r10, [r2, #16]
+ add lr, r1, #16
+ str r7, [sp, #20] @ 4-byte Spill
+ ldr r7, [r2, #32]
+ str r7, [sp, #40] @ 4-byte Spill
+ ldr r7, [r2, #28]
+ str r7, [sp, #36] @ 4-byte Spill
+ ldr r7, [r2, #24]
+ str r7, [sp, #16] @ 4-byte Spill
+ ldr r7, [r2, #20]
+ ldr r2, [r1, #96]
+ str r2, [sp, #88] @ 4-byte Spill
+ ldr r2, [r1, #100]
+ str r7, [sp, #12] @ 4-byte Spill
+ str r2, [sp, #92] @ 4-byte Spill
+ ldr r2, [r1, #104]
+ str r2, [sp, #96] @ 4-byte Spill
+ ldr r2, [r1, #108]
+ str r2, [sp, #100] @ 4-byte Spill
+ ldr r2, [r1, #64]
+ str r2, [sp, #52] @ 4-byte Spill
+ ldr r2, [r1, #68]
+ str r2, [sp, #56] @ 4-byte Spill
+ ldr r2, [r1, #72]
+ str r2, [sp, #60] @ 4-byte Spill
+ ldr r2, [r1, #80]
+ str r2, [sp, #64] @ 4-byte Spill
+ ldr r2, [r1, #84]
+ str r2, [sp, #68] @ 4-byte Spill
+ ldr r2, [r1, #88]
+ str r2, [sp, #72] @ 4-byte Spill
+ ldr r2, [r1, #92]
+ str r2, [sp, #76] @ 4-byte Spill
+ ldr r2, [r1, #76]
+ str r2, [sp, #44] @ 4-byte Spill
+ ldm r9, {r4, r5, r6, r8, r9}
+ ldr r2, [r1, #52]
+ str r2, [sp] @ 4-byte Spill
+ ldr r2, [r1, #56]
+ str r2, [sp, #4] @ 4-byte Spill
+ ldr r2, [r1, #60]
+ str r2, [sp, #8] @ 4-byte Spill
+ ldm lr, {r1, r2, r12, lr}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #28] @ 4-byte Reload
+ str r11, [r0]
+ str r7, [r0, #4]
+ ldr r7, [sp, #24] @ 4-byte Reload
+ sbcs r1, r1, r10
+ str r7, [r0, #8]
+ ldr r7, [sp, #20] @ 4-byte Reload
+ str r7, [r0, #12]
+ ldr r7, [sp, #12] @ 4-byte Reload
+ str r1, [r0, #16]
+ ldr r1, [sp, #16] @ 4-byte Reload
+ sbcs r2, r2, r7
+ ldr r7, [sp] @ 4-byte Reload
+ str r2, [r0, #20]
+ ldr r2, [sp, #36] @ 4-byte Reload
+ sbcs r1, r12, r1
+ str r1, [r0, #24]
+ ldr r1, [sp, #40] @ 4-byte Reload
+ sbcs r2, lr, r2
+ add lr, r3, #8
+ str r2, [r0, #28]
+ ldr r2, [sp, #48] @ 4-byte Reload
+ sbcs r1, r4, r1
+ str r1, [r0, #32]
+ ldr r1, [sp, #80] @ 4-byte Reload
+ sbcs r2, r5, r2
+ str r2, [r0, #36]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ sbcs r1, r6, r1
+ str r1, [r0, #40]
+ ldr r1, [sp, #104] @ 4-byte Reload
+ sbcs r2, r8, r2
+ str r2, [r0, #44]
+ ldr r2, [sp, #108] @ 4-byte Reload
+ sbcs r1, r9, r1
+ str r1, [r0, #48]
+ ldr r1, [sp, #112] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #4] @ 4-byte Reload
+ str r2, [r0, #52]
+ ldr r2, [sp, #8] @ 4-byte Reload
+ sbcs r10, r7, r1
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #60] @ 4-byte Reload
+ str r10, [sp, #80] @ 4-byte Spill
+ sbcs r11, r2, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r11, [sp, #84] @ 4-byte Spill
+ sbcs r1, r2, r1
+ ldr r2, [sp, #56] @ 4-byte Reload
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #136] @ 4-byte Reload
+ sbcs r1, r2, r1
+ ldr r2, [sp, #144] @ 4-byte Reload
+ str r1, [sp, #136] @ 4-byte Spill
+ mov r1, #0
+ sbcs r2, r7, r2
+ ldr r7, [sp, #44] @ 4-byte Reload
+ str r2, [sp, #128] @ 4-byte Spill
+ ldr r2, [sp, #120] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #64] @ 4-byte Reload
+ str r2, [sp, #144] @ 4-byte Spill
+ ldr r2, [sp, #148] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #68] @ 4-byte Reload
+ str r2, [sp, #148] @ 4-byte Spill
+ ldr r2, [sp, #152] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #72] @ 4-byte Reload
+ str r2, [sp, #152] @ 4-byte Spill
+ ldr r2, [sp, #124] @ 4-byte Reload
+ sbcs r9, r7, r2
+ ldr r2, [sp, #132] @ 4-byte Reload
+ ldr r7, [sp, #76] @ 4-byte Reload
+ str r9, [sp, #108] @ 4-byte Spill
+ sbcs r2, r7, r2
+ ldr r7, [sp, #88] @ 4-byte Reload
+ str r2, [sp, #132] @ 4-byte Spill
+ ldr r2, [sp, #160] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #92] @ 4-byte Reload
+ str r2, [sp, #160] @ 4-byte Spill
+ ldr r2, [sp, #156] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #96] @ 4-byte Reload
+ str r2, [sp, #156] @ 4-byte Spill
+ ldr r2, [sp, #140] @ 4-byte Reload
+ sbcs r2, r7, r2
+ ldr r7, [sp, #100] @ 4-byte Reload
+ str r2, [sp, #140] @ 4-byte Spill
+ ldr r2, [sp, #164] @ 4-byte Reload
+ sbcs r2, r7, r2
+ sbc r1, r1, #0
+ str r2, [sp, #164] @ 4-byte Spill
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [r3, #32]
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [r3, #36]
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [r3, #40]
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [r3, #44]
+ str r1, [sp, #116] @ 4-byte Spill
+ ldr r1, [r3, #48]
+ str r1, [sp, #120] @ 4-byte Spill
+ ldr r1, [r3, #52]
+ str r1, [sp, #124] @ 4-byte Spill
+ ldm r3, {r2, r5}
+ ldm lr, {r4, r6, lr}
+ ldr r7, [r3, #24]
+ ldr r8, [r3, #28]
+ ldr r12, [r3, #20]
+ ldr r3, [sp, #128] @ 4-byte Reload
+ adds r1, r10, r2
+ ldr r10, [sp, #104] @ 4-byte Reload
+ ldr r2, [sp, #136] @ 4-byte Reload
+ adcs r5, r11, r5
+ ldr r11, [sp, #124] @ 4-byte Reload
+ adcs r4, r10, r4
+ adcs r2, r2, r6
+ ldr r6, [sp, #144] @ 4-byte Reload
+ adcs r3, r3, lr
+ adcs r12, r6, r12
+ ldr r6, [sp, #148] @ 4-byte Reload
+ adcs lr, r6, r7
+ ldr r6, [sp, #152] @ 4-byte Reload
+ ldr r7, [sp, #132] @ 4-byte Reload
+ adcs r8, r6, r8
+ ldr r6, [sp, #92] @ 4-byte Reload
+ adcs r9, r9, r6
+ ldr r6, [sp, #96] @ 4-byte Reload
+ adcs r6, r7, r6
+ ldr r7, [sp, #160] @ 4-byte Reload
+ str r6, [sp, #96] @ 4-byte Spill
+ ldr r6, [sp, #112] @ 4-byte Reload
+ adcs r7, r7, r6
+ ldr r6, [sp, #116] @ 4-byte Reload
+ str r7, [sp, #112] @ 4-byte Spill
+ ldr r7, [sp, #156] @ 4-byte Reload
+ adcs r7, r7, r6
+ ldr r6, [sp, #120] @ 4-byte Reload
+ str r7, [sp, #116] @ 4-byte Spill
+ ldr r7, [sp, #140] @ 4-byte Reload
+ adcs r7, r7, r6
+ ldr r6, [sp, #80] @ 4-byte Reload
+ str r7, [sp, #120] @ 4-byte Spill
+ ldr r7, [sp, #164] @ 4-byte Reload
+ adc r7, r7, r11
+ str r7, [sp, #124] @ 4-byte Spill
+ ldr r7, [sp, #100] @ 4-byte Reload
+ ands r7, r7, #1
+ moveq r1, r6
+ moveq r4, r10
+ ldr r6, [sp, #124] @ 4-byte Reload
+ str r1, [r0, #56]
+ ldr r1, [sp, #84] @ 4-byte Reload
+ moveq r5, r1
+ ldr r1, [sp, #136] @ 4-byte Reload
+ cmp r7, #0
+ str r5, [r0, #60]
+ str r4, [r0, #64]
+ moveq r2, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r2, [r0, #68]
+ ldr r2, [sp, #96] @ 4-byte Reload
+ moveq r3, r1
+ ldr r1, [sp, #144] @ 4-byte Reload
+ str r3, [r0, #72]
+ ldr r3, [sp, #116] @ 4-byte Reload
+ moveq r12, r1
+ ldr r1, [sp, #148] @ 4-byte Reload
+ cmp r7, #0
+ str r12, [r0, #76]
+ moveq lr, r1
+ ldr r1, [sp, #152] @ 4-byte Reload
+ str lr, [r0, #80]
+ moveq r8, r1
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r8, [r0, #84]
+ moveq r9, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ cmp r7, #0
+ str r9, [r0, #88]
+ moveq r2, r1
+ ldr r1, [sp, #160] @ 4-byte Reload
+ str r2, [r0, #92]
+ ldr r2, [sp, #112] @ 4-byte Reload
+ moveq r2, r1
+ ldr r1, [sp, #156] @ 4-byte Reload
+ moveq r3, r1
+ ldr r1, [sp, #140] @ 4-byte Reload
+ cmp r7, #0
+ ldr r7, [sp, #120] @ 4-byte Reload
+ moveq r7, r1
+ ldr r1, [sp, #164] @ 4-byte Reload
+ moveq r6, r1
+ add r1, r0, #96
+ stm r1, {r2, r3, r7}
+ str r6, [r0, #108]
+ add sp, sp, #168
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end221:
+ .size mcl_fpDbl_sub14L, .Lfunc_end221-mcl_fpDbl_sub14L
+ .cantunwind
+ .fnend
+
+ .align 2
+ .type .LmulPv480x32,%function
+.LmulPv480x32: @ @mulPv480x32
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r11, lr}
+ ldr r12, [r1]
+ ldmib r1, {r3, lr}
+ ldr r9, [r1, #12]
+ umull r4, r8, lr, r2
+ umull lr, r6, r12, r2
+ mov r5, r4
+ mov r7, r6
+ str lr, [r0]
+ umull lr, r12, r9, r2
+ umlal r7, r5, r3, r2
+ str r5, [r0, #8]
+ str r7, [r0, #4]
+ umull r5, r7, r3, r2
+ adds r3, r6, r5
+ adcs r3, r7, r4
+ adcs r3, r8, lr
+ str r3, [r0, #12]
+ ldr r3, [r1, #16]
+ umull r7, r6, r3, r2
+ adcs r3, r12, r7
+ str r3, [r0, #16]
+ ldr r3, [r1, #20]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #20]
+ ldr r3, [r1, #24]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #24]
+ ldr r3, [r1, #28]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #28]
+ ldr r3, [r1, #32]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #32]
+ ldr r3, [r1, #36]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #36]
+ ldr r3, [r1, #40]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #40]
+ ldr r3, [r1, #44]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #44]
+ ldr r3, [r1, #48]
+ umull r7, r6, r3, r2
+ adcs r3, r5, r7
+ str r3, [r0, #48]
+ ldr r3, [r1, #52]
+ umull r7, r5, r3, r2
+ adcs r3, r6, r7
+ str r3, [r0, #52]
+ ldr r1, [r1, #56]
+ umull r3, r7, r1, r2
+ adcs r1, r5, r3
+ str r1, [r0, #56]
+ adc r1, r7, #0
+ str r1, [r0, #60]
+ pop {r4, r5, r6, r7, r8, r9, r11, lr}
+ mov pc, lr
+.Lfunc_end222:
+ .size .LmulPv480x32, .Lfunc_end222-.LmulPv480x32
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mulUnitPre15L
+ .align 2
+ .type mcl_fp_mulUnitPre15L,%function
+mcl_fp_mulUnitPre15L: @ @mcl_fp_mulUnitPre15L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #84
+ sub sp, sp, #84
+ mov r4, r0
+ add r0, sp, #16
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #76]
+ add r11, sp, #48
+ add lr, sp, #20
+ ldr r9, [sp, #64]
+ ldr r10, [sp, #60]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #72]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #68]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r11, {r6, r8, r11}
+ ldr r7, [sp, #44]
+ ldr r5, [sp, #40]
+ ldr r1, [sp, #16]
+ ldm lr, {r0, r2, r3, r12, lr}
+ str r1, [r4]
+ stmib r4, {r0, r2, r3, r12, lr}
+ add r0, r4, #32
+ str r5, [r4, #24]
+ str r7, [r4, #28]
+ stm r0, {r6, r8, r11}
+ str r10, [r4, #44]
+ str r9, [r4, #48]
+ ldr r0, [sp, #4] @ 4-byte Reload
+ str r0, [r4, #52]
+ ldr r0, [sp, #8] @ 4-byte Reload
+ str r0, [r4, #56]
+ ldr r0, [sp, #12] @ 4-byte Reload
+ str r0, [r4, #60]
+ add sp, sp, #84
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end223:
+ .size mcl_fp_mulUnitPre15L, .Lfunc_end223-mcl_fp_mulUnitPre15L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_mulPre15L
+ .align 2
+ .type mcl_fpDbl_mulPre15L,%function
+mcl_fpDbl_mulPre15L: @ @mcl_fpDbl_mulPre15L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ .pad #1024
+ sub sp, sp, #1024
+ mov r3, r2
+ mov r4, r0
+ add r0, sp, #1000
+ str r1, [sp, #96] @ 4-byte Spill
+ mov r8, r1
+ ldr r2, [r3]
+ str r3, [sp, #92] @ 4-byte Spill
+ str r4, [sp, #100] @ 4-byte Spill
+ mov r6, r3
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1060]
+ ldr r1, [sp, #1004]
+ ldr r2, [r6, #4]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #1008]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #1012]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r1, [sp, #28] @ 4-byte Spill
+ mov r1, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1024]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1020]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1016]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1000]
+ str r0, [r4]
+ add r0, sp, #936
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #996]
+ add r10, sp, #960
+ add lr, sp, #936
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #992]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #984]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #980]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r5, r6, r7, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #24] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #4]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r4, r1, r0
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ adcs r0, r2, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ ldr r2, [r6, #8]
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r8
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #872
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #932]
+ ldr r8, [sp, #872]
+ add r12, sp, #880
+ ldr lr, [sp, #912]
+ ldr r7, [sp, #908]
+ ldr r11, [sp, #904]
+ ldr r9, [sp, #900]
+ ldr r10, [sp, #876]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ adds r4, r8, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #916]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r5, [sp, #100] @ 4-byte Reload
+ str r4, [r5, #8]
+ ldr r4, [sp, #52] @ 4-byte Reload
+ adcs r4, r10, r4
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r6, #12]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #808
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #868]
+ add r9, sp, #836
+ add lr, sp, #816
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #864]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #860]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #856]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #852]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r9, {r6, r7, r8, r9}
+ ldr r0, [sp, #808]
+ ldr r11, [sp, #812]
+ ldm lr, {r1, r2, r3, r12, lr}
+ ldr r10, [sp, #32] @ 4-byte Reload
+ adds r0, r0, r10
+ str r0, [r5, #12]
+ ldr r0, [sp, #52] @ 4-byte Reload
+ ldr r5, [sp, #92] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r6, r0
+ mov r6, r4
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #744
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #804]
+ add lr, sp, #768
+ add r12, sp, #748
+ ldr r11, [sp, #780]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #784]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r9, r10, lr}
+ ldr r8, [sp, #744]
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adds r4, r8, r4
+ str r4, [r7, #16]
+ ldr r4, [sp, #52] @ 4-byte Reload
+ mov r7, r5
+ adcs r4, r0, r4
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #20]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #680
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #740]
+ ldr r9, [sp, #680]
+ add lr, sp, #684
+ ldr r10, [sp, #720]
+ ldr r8, [sp, #716]
+ ldr r11, [sp, #712]
+ ldr r6, [sp, #708]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #736]
+ adds r4, r9, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #732]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #728]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #724]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r5, [sp, #100] @ 4-byte Reload
+ str r4, [r5, #20]
+ ldr r4, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r7, #24]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #616
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #676]
+ add r8, sp, #648
+ add lr, sp, #624
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldr r10, [sp, #644]
+ ldr r0, [sp, #616]
+ ldr r11, [sp, #620]
+ ldm lr, {r1, r2, r3, r12, lr}
+ ldr r9, [sp, #32] @ 4-byte Reload
+ adds r0, r0, r9
+ str r0, [r5, #24]
+ ldr r0, [sp, #56] @ 4-byte Reload
+ ldr r5, [sp, #92] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #28]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r4
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #552
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #612]
+ add r11, sp, #584
+ add r12, sp, #556
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r6, r7, r11}
+ ldr lr, [sp, #580]
+ ldr r9, [sp, #576]
+ ldr r10, [sp, #552]
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r8, [sp, #100] @ 4-byte Reload
+ adds r4, r10, r4
+ str r4, [r8, #28]
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ ldr r5, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #488
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #548]
+ ldr r9, [sp, #488]
+ add lr, sp, #492
+ mov r6, r8
+ ldr r10, [sp, #524]
+ ldr r11, [sp, #520]
+ ldr r7, [sp, #516]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ adds r4, r9, r4
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #540]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #536]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #532]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #528]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ str r4, [r6, #32]
+ ldr r4, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #36]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #424
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #484]
+ add r8, sp, #456
+ add lr, sp, #432
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r8, {r5, r7, r8}
+ ldr r10, [sp, #452]
+ ldr r0, [sp, #424]
+ ldr r11, [sp, #428]
+ ldm lr, {r1, r2, r3, r12, lr}
+ ldr r9, [sp, #32] @ 4-byte Reload
+ adds r0, r0, r9
+ str r0, [r6, #36]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #40]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r7, r0
+ mov r7, r4
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #360
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #420]
+ add r12, sp, #364
+ ldr r11, [sp, #396]
+ ldr r6, [sp, #392]
+ ldr lr, [sp, #388]
+ ldr r9, [sp, #384]
+ ldr r10, [sp, #360]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #408]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #404]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #400]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r4, [sp, #32] @ 4-byte Reload
+ ldr r8, [sp, #100] @ 4-byte Reload
+ adds r4, r10, r4
+ str r4, [r8, #40]
+ ldr r4, [sp, #72] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r7, #44]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #32] @ 4-byte Spill
+ add r0, sp, #296
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #356]
+ ldr r9, [sp, #296]
+ add lr, sp, #300
+ mov r5, r8
+ ldr r10, [sp, #336]
+ ldr r7, [sp, #332]
+ ldr r11, [sp, #328]
+ ldr r6, [sp, #324]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ adds r4, r9, r4
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #348]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #344]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #340]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ str r4, [r5, #44]
+ ldr r4, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r4, #48]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #232
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #292]
+ add lr, sp, #240
+ ldr r8, [sp, #268]
+ ldr r7, [sp, #264]
+ ldr r10, [sp, #260]
+ ldr r3, [sp, #232]
+ ldr r11, [sp, #236]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #288]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #284]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #280]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #276]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #272]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm lr, {r0, r1, r2, r12, lr}
+ ldr r9, [sp, #28] @ 4-byte Reload
+ adds r3, r3, r9
+ add r9, sp, #168
+ str r3, [r5, #48]
+ ldr r3, [r4, #52]
+ ldr r4, [sp, #88] @ 4-byte Reload
+ adcs r4, r11, r4
+ str r4, [sp, #32] @ 4-byte Spill
+ ldr r4, [sp, #84] @ 4-byte Reload
+ adcs r11, r0, r4
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #4] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r2, r0
+ mov r2, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r6
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #36] @ 4-byte Spill
+ mov r0, r9
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #228]
+ add r12, sp, #172
+ ldr r6, [sp, #204]
+ ldr r4, [sp, #200]
+ ldr lr, [sp, #196]
+ ldr r8, [sp, #192]
+ ldr r9, [sp, #188]
+ ldr r2, [sp, #168]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #208]
+ str r0, [sp, #4] @ 4-byte Spill
+ ldm r12, {r0, r1, r3, r12}
+ ldr r7, [sp, #32] @ 4-byte Reload
+ adds r2, r2, r7
+ str r2, [r5, #52]
+ adcs r5, r0, r11
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r2, [sp, #92] @ 4-byte Reload
+ adcs r7, r1, r0
+ ldr r0, [sp, #84] @ 4-byte Reload
+ ldr r1, [sp, #4] @ 4-byte Reload
+ ldr r2, [r2, #56]
+ adcs r10, r3, r0
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r11, r12, r0
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #96] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ add r0, sp, #104
+ bl .LmulPv480x32(PLT)
+ add r3, sp, #104
+ add r12, sp, #120
+ ldm r3, {r0, r1, r2, r3}
+ adds r6, r0, r5
+ ldr r0, [sp, #164]
+ adcs lr, r1, r7
+ adcs r4, r2, r10
+ adcs r7, r3, r11
+ add r11, sp, #136
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #160]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldm r11, {r5, r8, r9, r10, r11}
+ ldm r12, {r1, r2, r3, r12}
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r6, [r0, #56]
+ ldr r6, [sp, #28] @ 4-byte Reload
+ str lr, [r0, #60]
+ str r4, [r0, #64]
+ str r7, [r0, #68]
+ ldr r7, [sp, #80] @ 4-byte Reload
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r6, [r0, #72]
+ ldr r6, [sp, #76] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r1, [r0, #76]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r2, r3, r2
+ ldr r3, [sp, #84] @ 4-byte Reload
+ str r2, [r0, #80]
+ ldr r2, [sp, #68] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [r0, #84]
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r12, r5, r2
+ ldr r2, [sp, #88] @ 4-byte Reload
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r1, r8, r1
+ str r12, [r0, #88]
+ add r12, r0, #92
+ adcs r2, r9, r2
+ adcs r3, r10, r3
+ adcs r7, r11, r7
+ adcs r6, r5, r6
+ ldr r5, [sp, #72] @ 4-byte Reload
+ adcs r5, r4, r5
+ ldr r4, [sp, #96] @ 4-byte Reload
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #108]
+ str r5, [r0, #112]
+ adc r4, r4, #0
+ str r4, [r0, #116]
+ add sp, sp, #44
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end224:
+ .size mcl_fpDbl_mulPre15L, .Lfunc_end224-mcl_fpDbl_mulPre15L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fpDbl_sqrPre15L
+ .align 2
+ .type mcl_fpDbl_sqrPre15L,%function
+mcl_fpDbl_sqrPre15L: @ @mcl_fpDbl_sqrPre15L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #44
+ sub sp, sp, #44
+ .pad #1024
+ sub sp, sp, #1024
+ mov r5, r1
+ mov r4, r0
+ add r0, sp, #1000
+ ldr r2, [r5]
+ str r4, [sp, #100] @ 4-byte Spill
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1060]
+ ldr r1, [sp, #1004]
+ ldr r2, [r5, #4]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #1056]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #1008]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #1052]
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #1012]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #1048]
+ str r1, [sp, #36] @ 4-byte Spill
+ mov r1, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #1044]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #1040]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #1036]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #1032]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #1024]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1020]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1016]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #1000]
+ str r0, [r4]
+ add r0, sp, #936
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #996]
+ add r10, sp, #960
+ add lr, sp, #936
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #992]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #988]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #984]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #980]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r6, r7, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #32] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #4]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r4, r1, r0
+ ldr r0, [sp, #36] @ 4-byte Reload
+ ldr r1, [sp, #20] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #8]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #872
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #932]
+ add r12, sp, #896
+ ldr lr, [sp, #912]
+ ldr r6, [sp, #908]
+ add r10, sp, #876
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #928]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #924]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #920]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #916]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldm r12, {r9, r11, r12}
+ ldr r8, [sp, #872]
+ ldm r10, {r0, r1, r2, r3, r10}
+ ldr r7, [sp, #100] @ 4-byte Reload
+ adds r4, r8, r4
+ str r4, [r7, #8]
+ ldr r4, [sp, #60] @ 4-byte Reload
+ adcs r4, r0, r4
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #12]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #808
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #868]
+ add r10, sp, #836
+ add lr, sp, #812
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #864]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #860]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #856]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #852]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r6, r8, r9, r10}
+ ldr r11, [sp, #808]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r11, r4
+ ldr r4, [sp, #100] @ 4-byte Reload
+ str r7, [r4, #12]
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #16]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #744
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #804]
+ add r8, sp, #776
+ add lr, sp, #764
+ add r12, sp, #744
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #800]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #796]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #792]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #788]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldm lr, {r9, r10, lr}
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r11, [sp, #40] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #16]
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #20]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #680
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #740]
+ add r8, sp, #712
+ add lr, sp, #684
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #736]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #732]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #728]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #724]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r8, {r4, r6, r8}
+ ldr r11, [sp, #708]
+ ldr r10, [sp, #680]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #40] @ 4-byte Reload
+ ldr r9, [sp, #100] @ 4-byte Reload
+ adds r7, r10, r7
+ str r7, [r9, #20]
+ ldr r7, [sp, #60] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #24]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #616
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #676]
+ add r10, sp, #644
+ add lr, sp, #620
+ mov r4, r9
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #672]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #668]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #664]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #660]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #656]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r10}
+ ldr r11, [sp, #616]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r11, r7
+ str r7, [r4, #24]
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #28]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #552
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #612]
+ add r8, sp, #584
+ add lr, sp, #572
+ add r12, sp, #552
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #608]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #604]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #600]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #596]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldm lr, {r9, r10, lr}
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r11, [sp, #40] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #28]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #32]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #488
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #548]
+ add r8, sp, #520
+ add lr, sp, #492
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #544]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #540]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #536]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #532]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r8, {r4, r6, r8}
+ ldr r11, [sp, #516]
+ ldr r10, [sp, #488]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #40] @ 4-byte Reload
+ ldr r9, [sp, #100] @ 4-byte Reload
+ adds r7, r10, r7
+ str r7, [r9, #32]
+ ldr r7, [sp, #72] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #36]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r4, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #424
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #484]
+ add r10, sp, #452
+ add lr, sp, #428
+ mov r4, r9
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #480]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #476]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #472]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #468]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #464]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r6, r8, r10}
+ ldr r11, [sp, #424]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ adds r7, r11, r7
+ str r7, [r4, #36]
+ ldr r7, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #40]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #360
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #420]
+ add r8, sp, #392
+ add lr, sp, #380
+ add r12, sp, #360
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #416]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #412]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #408]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #404]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r8, {r6, r7, r8}
+ ldm lr, {r9, r10, lr}
+ ldm r12, {r0, r1, r2, r3, r12}
+ ldr r11, [sp, #40] @ 4-byte Reload
+ adds r0, r0, r11
+ str r0, [r4, #40]
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #44]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r7, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #40] @ 4-byte Spill
+ add r0, sp, #296
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #356]
+ add r9, sp, #328
+ add lr, sp, #300
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #352]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #348]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #344]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #340]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r9, {r6, r8, r9}
+ ldr r11, [sp, #324]
+ ldr r10, [sp, #296]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #36] @ 4-byte Reload
+ adds r7, r10, r7
+ str r7, [r4, #44]
+ ldr r7, [sp, #84] @ 4-byte Reload
+ adcs r7, r0, r7
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r2, r0
+ ldr r2, [r5, #48]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #232
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #292]
+ add r11, sp, #256
+ add lr, sp, #236
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #288]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #284]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #280]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #276]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r11, {r6, r8, r9, r10, r11}
+ ldr r12, [sp, #232]
+ ldm lr, {r0, r1, r2, r3, lr}
+ adds r7, r12, r7
+ ldr r12, [r5, #52]
+ str r7, [r4, #48]
+ ldr r7, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r7, r1, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ adcs r0, r2, r0
+ mov r2, r12
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r3, r0
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #44] @ 4-byte Spill
+ add r0, sp, #168
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #228]
+ add lr, sp, #196
+ add r12, sp, #172
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #224]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #220]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #216]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #212]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #208]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm lr, {r8, r11, lr}
+ ldr r9, [sp, #192]
+ ldr r10, [sp, #188]
+ ldr r2, [sp, #168]
+ ldm r12, {r0, r1, r3, r12}
+ ldr r6, [sp, #40] @ 4-byte Reload
+ adds r2, r2, r6
+ add r6, sp, #104
+ str r2, [r4, #52]
+ adcs r4, r0, r7
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r2, [r5, #56]
+ adcs r0, r1, r0
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r7, r3, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r12, r0
+ str r0, [sp, #4] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r10, r0
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r9, r0
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r8, r0
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r11, r0
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, lr, r0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r1, r0
+ mov r1, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #76] @ 4-byte Spill
+ mov r0, r6
+ bl .LmulPv480x32(PLT)
+ add r3, sp, #104
+ add r11, sp, #136
+ add r12, sp, #120
+ ldm r3, {r0, r1, r2, r3}
+ adds r6, r0, r4
+ ldr r0, [sp, #8] @ 4-byte Reload
+ adcs lr, r1, r0
+ ldr r0, [sp, #4] @ 4-byte Reload
+ adcs r4, r2, r7
+ adcs r7, r3, r0
+ ldr r0, [sp, #164]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #160]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #156]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldm r11, {r5, r8, r9, r10, r11}
+ ldm r12, {r1, r2, r3, r12}
+ ldr r0, [sp, #100] @ 4-byte Reload
+ str r6, [r0, #56]
+ ldr r6, [sp, #36] @ 4-byte Reload
+ str lr, [r0, #60]
+ str r4, [r0, #64]
+ str r7, [r0, #68]
+ ldr r7, [sp, #84] @ 4-byte Reload
+ ldr r4, [sp, #56] @ 4-byte Reload
+ adcs r6, r1, r6
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r6, [r0, #72]
+ ldr r6, [sp, #80] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #64] @ 4-byte Reload
+ str r1, [r0, #76]
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r2, r3, r2
+ ldr r3, [sp, #88] @ 4-byte Reload
+ str r2, [r0, #80]
+ ldr r2, [sp, #72] @ 4-byte Reload
+ adcs r1, r12, r1
+ str r1, [r0, #84]
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r12, r5, r2
+ ldr r2, [sp, #92] @ 4-byte Reload
+ ldr r5, [sp, #52] @ 4-byte Reload
+ adcs r1, r8, r1
+ str r12, [r0, #88]
+ add r12, r0, #92
+ adcs r2, r9, r2
+ adcs r3, r10, r3
+ adcs r7, r11, r7
+ adcs r6, r5, r6
+ ldr r5, [sp, #76] @ 4-byte Reload
+ adcs r5, r4, r5
+ ldr r4, [sp, #60] @ 4-byte Reload
+ stm r12, {r1, r2, r3, r7}
+ str r6, [r0, #108]
+ str r5, [r0, #112]
+ adc r4, r4, #0
+ str r4, [r0, #116]
+ add sp, sp, #44
+ add sp, sp, #1024
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end225:
+ .size mcl_fpDbl_sqrPre15L, .Lfunc_end225-mcl_fpDbl_sqrPre15L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_mont15L
+ .align 2
+ .type mcl_fp_mont15L,%function
+mcl_fp_mont15L: @ @mcl_fp_mont15L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #12
+ sub sp, sp, #12
+ .pad #2048
+ sub sp, sp, #2048
+ add r12, sp, #124
+ add r7, sp, #1024
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #88] @ 4-byte Spill
+ add r0, r7, #968
+ ldr r6, [r3, #-4]
+ ldr r2, [r2]
+ str r6, [sp, #120] @ 4-byte Spill
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1996]
+ ldr r5, [sp, #1992]
+ add r7, sp, #1024
+ mov r1, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #2000]
+ mul r2, r5, r6
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #2004]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #2052]
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #2048]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #2044]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #2040]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #2036]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #2032]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #2028]
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #2024]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #2020]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #2016]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #2012]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #2008]
+ str r0, [sp, #48] @ 4-byte Spill
+ add r0, r7, #904
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1988]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r9, [sp, #1952]
+ ldr r6, [sp, #1948]
+ ldr r8, [sp, #1944]
+ ldr r4, [sp, #1928]
+ ldr r10, [sp, #1932]
+ ldr r11, [sp, #1936]
+ ldr r7, [sp, #1940]
+ add lr, sp, #1024
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #1984]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1980]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1976]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1972]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1968]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1964]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1960]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1956]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #4]
+ add r0, lr, #840
+ bl .LmulPv480x32(PLT)
+ adds r0, r4, r5
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r2, [sp, #20] @ 4-byte Reload
+ ldr r3, [sp, #1880]
+ ldr r12, [sp, #1884]
+ ldr lr, [sp, #1888]
+ ldr r4, [sp, #1892]
+ ldr r5, [sp, #1896]
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #1908]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #92] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #1900]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #1864]
+ adcs r1, r9, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ ldr r9, [sp, #1904]
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #108] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #52] @ 4-byte Reload
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r1, [sp, #52] @ 4-byte Spill
+ ldr r1, [sp, #116] @ 4-byte Reload
+ adcs r1, r2, r1
+ ldr r2, [sp, #1876]
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #1872]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1924]
+ str r6, [sp, #24] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1920]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1916]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1912]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1868]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #28] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #776
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1860]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1828]
+ ldr r11, [sp, #1824]
+ ldr r8, [sp, #1820]
+ ldr r4, [sp, #1816]
+ ldr r5, [sp, #1800]
+ ldr r7, [sp, #1804]
+ ldr r9, [sp, #1808]
+ ldr r10, [sp, #1812]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1856]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1852]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1848]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1844]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1840]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1836]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1832]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, lr, #712
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #24] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1748]
+ ldr r3, [sp, #1752]
+ ldr r12, [sp, #1756]
+ ldr lr, [sp, #1760]
+ adds r0, r0, r5
+ ldr r5, [sp, #1768]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1776]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1780]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1764]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1772]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1736]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1744]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1796]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1792]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1788]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1784]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1740]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #648
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1732]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1700]
+ ldr r11, [sp, #1696]
+ ldr r8, [sp, #1692]
+ ldr r4, [sp, #1688]
+ ldr r5, [sp, #1672]
+ ldr r7, [sp, #1676]
+ ldr r9, [sp, #1680]
+ ldr r10, [sp, #1684]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1728]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1724]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1720]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1716]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1712]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1708]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1704]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, lr, #584
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1620]
+ ldr r3, [sp, #1624]
+ ldr r12, [sp, #1628]
+ ldr lr, [sp, #1632]
+ adds r0, r0, r5
+ ldr r5, [sp, #1640]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1648]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1652]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1636]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1644]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1608]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1616]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1668]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1664]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1660]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1656]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1612]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #520
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1604]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1572]
+ ldr r11, [sp, #1568]
+ ldr r8, [sp, #1564]
+ ldr r4, [sp, #1560]
+ ldr r5, [sp, #1544]
+ ldr r7, [sp, #1548]
+ ldr r9, [sp, #1552]
+ ldr r10, [sp, #1556]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1600]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1596]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1592]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1588]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1584]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1580]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1576]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, lr, #456
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1492]
+ ldr r3, [sp, #1496]
+ ldr r12, [sp, #1500]
+ ldr lr, [sp, #1504]
+ adds r0, r0, r5
+ ldr r5, [sp, #1512]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1520]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1524]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1508]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1516]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1480]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1488]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1540]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1536]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1532]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1528]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1484]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #392
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1476]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1444]
+ ldr r11, [sp, #1440]
+ ldr r8, [sp, #1436]
+ ldr r4, [sp, #1432]
+ ldr r5, [sp, #1416]
+ ldr r7, [sp, #1420]
+ ldr r9, [sp, #1424]
+ ldr r10, [sp, #1428]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1472]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1468]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1464]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1460]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1456]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1448]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, lr, #328
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1364]
+ ldr r3, [sp, #1368]
+ ldr r12, [sp, #1372]
+ ldr lr, [sp, #1376]
+ adds r0, r0, r5
+ ldr r5, [sp, #1384]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1392]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1396]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1380]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1388]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1352]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1360]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1412]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1408]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1404]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1400]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1356]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #264
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1348]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1316]
+ ldr r11, [sp, #1312]
+ ldr r8, [sp, #1308]
+ ldr r4, [sp, #1304]
+ ldr r5, [sp, #1288]
+ ldr r7, [sp, #1292]
+ ldr r9, [sp, #1296]
+ ldr r10, [sp, #1300]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1344]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1340]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1336]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1332]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1328]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1324]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1320]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #24]
+ add r0, lr, #200
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1236]
+ ldr r3, [sp, #1240]
+ ldr r12, [sp, #1244]
+ ldr lr, [sp, #1248]
+ adds r0, r0, r5
+ ldr r5, [sp, #1256]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1264]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1268]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1252]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1260]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1224]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1232]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1284]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1280]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1276]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1272]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1228]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #136
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1220]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1188]
+ ldr r11, [sp, #1184]
+ ldr r8, [sp, #1180]
+ ldr r4, [sp, #1176]
+ ldr r5, [sp, #1160]
+ ldr r7, [sp, #1164]
+ ldr r9, [sp, #1168]
+ ldr r10, [sp, #1172]
+ add lr, sp, #1024
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1216]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1212]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1208]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1204]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1200]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1196]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1192]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #28]
+ add r0, lr, #72
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ ldr r2, [sp, #1108]
+ ldr r3, [sp, #1112]
+ ldr r12, [sp, #1116]
+ ldr lr, [sp, #1120]
+ adds r0, r0, r5
+ ldr r5, [sp, #1128]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1136]
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1140]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1124]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1132]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1096]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #1104]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ adds r6, r11, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1156]
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1152]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1148]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1144]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1100]
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #1024
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, r10, #8
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1092]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r6, [sp, #1060]
+ ldr r11, [sp, #1056]
+ ldr r8, [sp, #1052]
+ ldr r4, [sp, #1048]
+ ldr r5, [sp, #1032]
+ ldr r7, [sp, #1036]
+ ldr r9, [sp, #1040]
+ ldr r10, [sp, #1044]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1088]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1084]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1080]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1076]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1072]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1068]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1064]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r2, [r0, #32]
+ add r0, sp, #968
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ add lr, sp, #972
+ adds r0, r0, r5
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #996
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #1028]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1024]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1020]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1016]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #968]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #112] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #32] @ 4-byte Spill
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #904
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #964]
+ add r11, sp, #920
+ add r10, sp, #904
+ ldr r6, [sp, #932]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #960]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #956]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #952]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #948]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #944]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #940]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #936]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldm r10, {r5, r7, r9, r10}
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [r0, #36]
+ add r0, sp, #840
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ add lr, sp, #844
+ adds r0, r0, r5
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #880
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r11
+ add r11, sp, #868
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #900]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #896]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #892]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm r10, {r8, r9, r10}
+ ldm r11, {r4, r5, r11}
+ ldr r6, [sp, #840]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r7, [sp, #116] @ 4-byte Reload
+ adds r6, r7, r6
+ ldr r7, [sp, #112] @ 4-byte Reload
+ str r6, [sp, #32] @ 4-byte Spill
+ adcs r0, r7, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #120] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ mul r2, r6, r11
+ adcs r0, r0, r8
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #52] @ 4-byte Spill
+ add r0, sp, #776
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #836]
+ add r10, sp, #776
+ ldr r4, [sp, #800]
+ ldr r5, [sp, #796]
+ ldr r6, [sp, #792]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #832]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #828]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #824]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #820]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #816]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #812]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #808]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #804]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [r0, #40]
+ add r0, sp, #712
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #32] @ 4-byte Reload
+ ldr r1, [sp, #112] @ 4-byte Reload
+ ldr r2, [sp, #12] @ 4-byte Reload
+ add lr, sp, #728
+ adds r0, r0, r7
+ ldr r7, [sp, #724]
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r8
+ adcs r1, r1, r9
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [sp, #108] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #752
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #716]
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r5
+ ldr r5, [sp, #720]
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #712]
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #16] @ 4-byte Reload
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #60] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #56] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adc r1, r1, #0
+ adds r0, r0, r4
+ str r1, [sp, #52] @ 4-byte Spill
+ mul r1, r0, r11
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #772]
+ str r1, [sp, #44] @ 4-byte Spill
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #768]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #112] @ 4-byte Reload
+ adcs r6, r11, r6
+ str r6, [sp, #112] @ 4-byte Spill
+ ldr r6, [sp, #108] @ 4-byte Reload
+ adcs r5, r6, r5
+ str r5, [sp, #108] @ 4-byte Spill
+ ldr r5, [sp, #104] @ 4-byte Reload
+ adcs r5, r5, r7
+ str r5, [sp, #104] @ 4-byte Spill
+ ldr r5, [sp, #100] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ add r0, sp, #648
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #708]
+ add r10, sp, #648
+ ldr r11, [sp, #676]
+ ldr r4, [sp, #672]
+ ldr r6, [sp, #668]
+ ldr r5, [sp, #664]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #704]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #700]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #696]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #692]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #688]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #684]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #680]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldm r10, {r7, r8, r9, r10}
+ ldr r0, [sp, #128] @ 4-byte Reload
+ ldr r1, [sp, #124] @ 4-byte Reload
+ ldr r2, [r0, #44]
+ add r0, sp, #584
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #116] @ 4-byte Reload
+ ldr r1, [sp, #108] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ add lr, sp, #600
+ adds r0, r0, r7
+ add r7, sp, #584
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r8
+ adcs r1, r1, r9
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r1, r1, r10
+ add r10, sp, #624
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r5
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r6
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r4
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r11
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #68] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ ldr r1, [sp, #64] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adc r1, r1, #0
+ str r1, [sp, #32] @ 4-byte Spill
+ ldm r7, {r4, r5, r6, r7}
+ adds r1, r0, r4
+ ldr r0, [sp, #120] @ 4-byte Reload
+ str r1, [sp, #116] @ 4-byte Spill
+ mul r2, r1, r0
+ ldr r0, [sp, #644]
+ str r2, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #640]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldm r10, {r4, r8, r9, r10}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #112] @ 4-byte Reload
+ adcs r5, r11, r5
+ str r5, [sp, #64] @ 4-byte Spill
+ ldr r5, [sp, #108] @ 4-byte Reload
+ adcs r5, r5, r6
+ str r5, [sp, #60] @ 4-byte Spill
+ ldr r5, [sp, #104] @ 4-byte Reload
+ adcs r5, r5, r7
+ str r5, [sp, #56] @ 4-byte Spill
+ ldr r5, [sp, #100] @ 4-byte Reload
+ adcs r0, r5, r0
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #68] @ 4-byte Spill
+ add r0, sp, #520
+ bl .LmulPv480x32(PLT)
+ ldr r1, [sp, #580]
+ add r11, sp, #524
+ ldr r10, [sp, #548]
+ ldr r5, [sp, #544]
+ ldr r6, [sp, #540]
+ ldr r7, [sp, #520]
+ add r0, sp, #456
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #576]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #572]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #568]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #564]
+ str r1, [sp, #28] @ 4-byte Spill
+ ldr r1, [sp, #560]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #556]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #552]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldm r11, {r4, r8, r9, r11}
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [r1, #48]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #116] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ add lr, sp, #460
+ adds r0, r0, r7
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r10
+ add r10, sp, #484
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #516]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #512]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #508]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #504]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #456]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #116] @ 4-byte Reload
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #392
+ bl .LmulPv480x32(PLT)
+ ldr r1, [sp, #452]
+ ldr r6, [sp, #420]
+ ldr r7, [sp, #416]
+ ldr r9, [sp, #412]
+ ldr r4, [sp, #408]
+ ldr r10, [sp, #392]
+ ldr r11, [sp, #396]
+ ldr r8, [sp, #400]
+ ldr r5, [sp, #404]
+ add r0, sp, #328
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #448]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #444]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #440]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #436]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #432]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #428]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #424]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [r1, #52]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #16] @ 4-byte Reload
+ add lr, sp, #332
+ adds r0, r0, r10
+ add r10, sp, #356
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r6
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ str r0, [sp, #76] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #388]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #384]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #380]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #376]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldm r10, {r4, r5, r8, r9, r10}
+ ldr r6, [sp, #328]
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #68] @ 4-byte Reload
+ ldr r7, [sp, #64] @ 4-byte Reload
+ adds r6, r11, r6
+ adcs r0, r7, r0
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #76] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #120] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #264
+ bl .LmulPv480x32(PLT)
+ ldr r1, [sp, #324]
+ add r9, sp, #276
+ ldr r6, [sp, #292]
+ ldr r7, [sp, #288]
+ ldr r10, [sp, #264]
+ ldr r11, [sp, #268]
+ ldr r5, [sp, #272]
+ add r0, sp, #200
+ str r1, [sp, #48] @ 4-byte Spill
+ ldr r1, [sp, #320]
+ str r1, [sp, #44] @ 4-byte Spill
+ ldr r1, [sp, #316]
+ str r1, [sp, #40] @ 4-byte Spill
+ ldr r1, [sp, #312]
+ str r1, [sp, #36] @ 4-byte Spill
+ ldr r1, [sp, #308]
+ str r1, [sp, #32] @ 4-byte Spill
+ ldr r1, [sp, #304]
+ str r1, [sp, #24] @ 4-byte Spill
+ ldr r1, [sp, #300]
+ str r1, [sp, #20] @ 4-byte Spill
+ ldr r1, [sp, #296]
+ str r1, [sp, #16] @ 4-byte Spill
+ ldm r9, {r4, r8, r9}
+ ldr r1, [sp, #128] @ 4-byte Reload
+ ldr r2, [r1, #56]
+ ldr r1, [sp, #124] @ 4-byte Reload
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #64] @ 4-byte Reload
+ ldr r2, [sp, #16] @ 4-byte Reload
+ add lr, sp, #216
+ adds r0, r0, r10
+ ldr r10, [sp, #212]
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r11
+ adcs r1, r1, r5
+ ldr r5, [sp, #208]
+ str r1, [sp, #128] @ 4-byte Spill
+ ldr r1, [sp, #60] @ 4-byte Reload
+ adcs r1, r1, r4
+ ldr r4, [sp, #200]
+ str r1, [sp, #124] @ 4-byte Spill
+ ldr r1, [sp, #56] @ 4-byte Reload
+ adcs r1, r1, r8
+ str r1, [sp, #68] @ 4-byte Spill
+ ldr r1, [sp, #52] @ 4-byte Reload
+ adcs r1, r1, r9
+ add r9, sp, #240
+ str r1, [sp, #64] @ 4-byte Spill
+ ldr r1, [sp, #116] @ 4-byte Reload
+ adcs r1, r1, r7
+ str r1, [sp, #116] @ 4-byte Spill
+ ldr r1, [sp, #112] @ 4-byte Reload
+ adcs r1, r1, r6
+ ldr r6, [sp, #204]
+ str r1, [sp, #112] @ 4-byte Spill
+ ldr r1, [sp, #108] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #20] @ 4-byte Reload
+ str r1, [sp, #108] @ 4-byte Spill
+ ldr r1, [sp, #104] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #24] @ 4-byte Reload
+ str r1, [sp, #104] @ 4-byte Spill
+ ldr r1, [sp, #100] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #32] @ 4-byte Reload
+ str r1, [sp, #100] @ 4-byte Spill
+ ldr r1, [sp, #96] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #36] @ 4-byte Reload
+ str r1, [sp, #96] @ 4-byte Spill
+ ldr r1, [sp, #92] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #40] @ 4-byte Reload
+ str r1, [sp, #92] @ 4-byte Spill
+ ldr r1, [sp, #84] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #44] @ 4-byte Reload
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #80] @ 4-byte Reload
+ adcs r1, r1, r2
+ ldr r2, [sp, #48] @ 4-byte Reload
+ str r1, [sp, #80] @ 4-byte Spill
+ ldr r1, [sp, #76] @ 4-byte Reload
+ adcs r1, r1, r2
+ str r1, [sp, #76] @ 4-byte Spill
+ ldr r1, [sp, #72] @ 4-byte Reload
+ adc r1, r1, #0
+ adds r7, r0, r4
+ ldr r0, [sp, #120] @ 4-byte Reload
+ str r1, [sp, #72] @ 4-byte Spill
+ mul r1, r7, r0
+ ldr r0, [sp, #260]
+ str r1, [sp, #60] @ 4-byte Spill
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #256]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #252]
+ str r0, [sp, #120] @ 4-byte Spill
+ ldm r9, {r4, r8, r9}
+ ldm lr, {r0, r1, r2, r3, r12, lr}
+ ldr r11, [sp, #128] @ 4-byte Reload
+ adcs r11, r11, r6
+ ldr r6, [sp, #124] @ 4-byte Reload
+ adcs r5, r6, r5
+ ldr r6, [sp, #68] @ 4-byte Reload
+ adcs r10, r6, r10
+ ldr r6, [sp, #64] @ 4-byte Reload
+ adcs r0, r6, r0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #116] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #120] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ adcs r0, r0, r2
+ ldr r2, [sp, #60] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r8, r0, r8
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r6, r0, r9
+ ldr r0, [sp, #80] @ 4-byte Reload
+ ldr r9, [sp, #132] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #76] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #52] @ 4-byte Reload
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ mov r1, r9
+ str r0, [sp, #128] @ 4-byte Spill
+ mov r0, #0
+ adc r0, r0, #0
+ str r0, [sp, #84] @ 4-byte Spill
+ add r0, sp, #136
+ bl .LmulPv480x32(PLT)
+ add r3, sp, #136
+ ldm r3, {r0, r1, r2, r3}
+ adds r0, r7, r0
+ adcs r11, r11, r1
+ ldr r0, [sp, #152]
+ ldr r1, [sp, #48] @ 4-byte Reload
+ adcs lr, r5, r2
+ mov r5, r9
+ str r11, [sp, #44] @ 4-byte Spill
+ adcs r10, r10, r3
+ str lr, [sp, #52] @ 4-byte Spill
+ str r10, [sp, #60] @ 4-byte Spill
+ adcs r4, r1, r0
+ ldr r0, [sp, #156]
+ ldr r1, [sp, #56] @ 4-byte Reload
+ str r4, [sp, #76] @ 4-byte Spill
+ adcs r12, r1, r0
+ ldr r0, [sp, #160]
+ ldr r1, [sp, #64] @ 4-byte Reload
+ str r12, [sp, #56] @ 4-byte Spill
+ adcs r0, r1, r0
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #164]
+ adcs r0, r1, r0
+ ldr r1, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #168]
+ adcs r0, r1, r0
+ ldr r1, [sp, #112] @ 4-byte Reload
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #172]
+ adcs r0, r1, r0
+ ldr r1, [sp, #116] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #176]
+ adcs r0, r1, r0
+ ldr r1, [sp, #120] @ 4-byte Reload
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #180]
+ adcs r0, r8, r0
+ str r0, [sp, #112] @ 4-byte Spill
+ ldr r0, [sp, #184]
+ adcs r0, r6, r0
+ str r0, [sp, #116] @ 4-byte Spill
+ ldr r0, [sp, #188]
+ adcs r0, r1, r0
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #120] @ 4-byte Spill
+ ldr r0, [sp, #192]
+ adcs r0, r1, r0
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r0, [sp, #124] @ 4-byte Spill
+ ldr r0, [sp, #196]
+ adcs r0, r1, r0
+ str r0, [sp, #128] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #72] @ 4-byte Spill
+ ldmib r5, {r1, r2}
+ ldr r3, [r5, #16]
+ ldr r7, [r5]
+ ldr r0, [r5, #12]
+ ldr r6, [r5, #20]
+ ldr r9, [r5, #24]
+ ldr r8, [r5, #32]
+ str r3, [sp, #80] @ 4-byte Spill
+ ldr r3, [r5, #28]
+ subs r7, r11, r7
+ add r11, r5, #36
+ str r3, [sp, #84] @ 4-byte Spill
+ sbcs r3, lr, r1
+ sbcs lr, r10, r2
+ ldm r11, {r1, r10, r11}
+ sbcs r4, r4, r0
+ ldr r0, [r5, #48]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [r5, #52]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [r5, #56]
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ sbcs r2, r12, r0
+ ldr r0, [sp, #92] @ 4-byte Reload
+ sbcs r12, r0, r6
+ ldr r0, [sp, #96] @ 4-byte Reload
+ ldr r6, [sp, #84] @ 4-byte Reload
+ sbcs r5, r0, r9
+ ldr r0, [sp, #100] @ 4-byte Reload
+ sbcs r6, r0, r6
+ ldr r0, [sp, #104] @ 4-byte Reload
+ sbcs r8, r0, r8
+ ldr r0, [sp, #108] @ 4-byte Reload
+ sbcs r9, r0, r1
+ ldr r0, [sp, #112] @ 4-byte Reload
+ ldr r1, [sp, #64] @ 4-byte Reload
+ sbcs r10, r0, r10
+ ldr r0, [sp, #116] @ 4-byte Reload
+ sbcs r11, r0, r11
+ ldr r0, [sp, #120] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #68] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #124] @ 4-byte Reload
+ sbcs r0, r0, r1
+ ldr r1, [sp, #132] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #128] @ 4-byte Reload
+ sbcs r0, r0, r1
+ str r0, [sp, #132] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ sbc r0, r0, #0
+ ands r1, r0, #1
+ ldr r0, [sp, #44] @ 4-byte Reload
+ movne r7, r0
+ ldr r0, [sp, #88] @ 4-byte Reload
+ str r7, [r0]
+ ldr r7, [sp, #52] @ 4-byte Reload
+ movne r3, r7
+ str r3, [r0, #4]
+ ldr r3, [sp, #60] @ 4-byte Reload
+ movne lr, r3
+ ldr r3, [sp, #76] @ 4-byte Reload
+ cmp r1, #0
+ str lr, [r0, #8]
+ movne r4, r3
+ ldr r3, [sp, #56] @ 4-byte Reload
+ str r4, [r0, #12]
+ movne r2, r3
+ str r2, [r0, #16]
+ ldr r2, [sp, #92] @ 4-byte Reload
+ movne r12, r2
+ ldr r2, [sp, #96] @ 4-byte Reload
+ cmp r1, #0
+ str r12, [r0, #20]
+ movne r5, r2
+ ldr r2, [sp, #100] @ 4-byte Reload
+ str r5, [r0, #24]
+ movne r6, r2
+ ldr r2, [sp, #104] @ 4-byte Reload
+ str r6, [r0, #28]
+ movne r8, r2
+ ldr r2, [sp, #108] @ 4-byte Reload
+ cmp r1, #0
+ str r8, [r0, #32]
+ movne r9, r2
+ ldr r2, [sp, #112] @ 4-byte Reload
+ str r9, [r0, #36]
+ movne r10, r2
+ ldr r2, [sp, #116] @ 4-byte Reload
+ str r10, [r0, #40]
+ movne r11, r2
+ cmp r1, #0
+ ldr r1, [sp, #120] @ 4-byte Reload
+ ldr r2, [sp, #80] @ 4-byte Reload
+ str r11, [r0, #44]
+ movne r2, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r2, [r0, #48]
+ ldr r2, [sp, #84] @ 4-byte Reload
+ movne r2, r1
+ ldr r1, [sp, #128] @ 4-byte Reload
+ str r2, [r0, #52]
+ ldr r2, [sp, #132] @ 4-byte Reload
+ movne r2, r1
+ str r2, [r0, #56]
+ add sp, sp, #12
+ add sp, sp, #2048
+ pop {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ mov pc, lr
+.Lfunc_end226:
+ .size mcl_fp_mont15L, .Lfunc_end226-mcl_fp_mont15L
+ .cantunwind
+ .fnend
+
+ .globl mcl_fp_montNF15L
+ .align 2
+ .type mcl_fp_montNF15L,%function
+mcl_fp_montNF15L: @ @mcl_fp_montNF15L
+ .fnstart
+@ BB#0:
+ .save {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ push {r4, r5, r6, r7, r8, r9, r10, r11, lr}
+ .pad #4
+ sub sp, sp, #4
+ .pad #2048
+ sub sp, sp, #2048
+ add r12, sp, #116
+ mov r4, r3
+ stm r12, {r1, r2, r3}
+ str r0, [sp, #76] @ 4-byte Spill
+ add r0, sp, #1984
+ ldr r5, [r3, #-4]
+ ldr r2, [r2]
+ str r5, [sp, #112] @ 4-byte Spill
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1984]
+ ldr r1, [sp, #1988]
+ str r0, [sp, #60] @ 4-byte Spill
+ mul r2, r0, r5
+ ldr r0, [sp, #2044]
+ str r1, [sp, #88] @ 4-byte Spill
+ ldr r1, [sp, #1992]
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #2040]
+ str r1, [sp, #84] @ 4-byte Spill
+ ldr r1, [sp, #1996]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #2036]
+ str r1, [sp, #80] @ 4-byte Spill
+ mov r1, r4
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #2032]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #2028]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #2024]
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #2020]
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #2016]
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #2012]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #2008]
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #2004]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #2000]
+ str r0, [sp, #36] @ 4-byte Spill
+ add r0, sp, #1920
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1980]
+ add r7, sp, #1936
+ add r11, sp, #1920
+ ldr r6, [sp, #1948]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1976]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1972]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1968]
+ str r0, [sp, #28] @ 4-byte Spill
+ ldr r0, [sp, #1964]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1960]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1956]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1952]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r7, {r4, r5, r7}
+ ldm r11, {r9, r10, r11}
+ ldr r0, [sp, #120] @ 4-byte Reload
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r8, [sp, #1932]
+ ldr r2, [r0, #4]
+ add r0, sp, #1856
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #60] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1868]
+ ldr r3, [sp, #1872]
+ ldr r12, [sp, #1876]
+ ldr lr, [sp, #1880]
+ adds r0, r9, r0
+ ldr r9, [sp, #1896]
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r10, r0
+ ldr r10, [sp, #1900]
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r11, r0
+ ldr r11, [sp, #88] @ 4-byte Reload
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r8, r0
+ ldr r8, [sp, #1892]
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r4, r0
+ ldr r4, [sp, #1884]
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r5, r0
+ ldr r5, [sp, #1888]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r7, r0
+ ldr r7, [sp, #84] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r6, r0
+ ldr r6, [sp, #1856]
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #28] @ 4-byte Reload
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r1, r0
+ ldr r1, [sp, #48] @ 4-byte Reload
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adc r0, r1, r0
+ adds r6, r11, r6
+ ldr r1, [sp, #1864]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1916]
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1912]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1908]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldr r0, [sp, #1904]
+ str r0, [sp, #8] @ 4-byte Spill
+ ldr r0, [sp, #1860]
+ adcs r0, r7, r0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #8] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #36] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #24] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #32] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #12] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #40] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #20] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #1792
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1852]
+ add r11, sp, #1808
+ add r10, sp, #1792
+ ldr r6, [sp, #1820]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1848]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1844]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1840]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1836]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1832]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1828]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1824]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldm r10, {r5, r7, r9, r10}
+ ldr r0, [sp, #120] @ 4-byte Reload
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [r0, #8]
+ add r0, sp, #1728
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1740]
+ ldr r3, [sp, #1744]
+ ldr r12, [sp, #1748]
+ ldr lr, [sp, #1752]
+ adds r0, r0, r5
+ ldr r5, [sp, #1760]
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1768]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1772]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1756]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1764]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1728]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r6, r11, r6
+ ldr r1, [sp, #1736]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1788]
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1784]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1780]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1776]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1732]
+ adcs r0, r7, r0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #1664
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1724]
+ add r11, sp, #1680
+ add r10, sp, #1664
+ ldr r6, [sp, #1692]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1720]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1716]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1712]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1708]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1704]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1700]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1696]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldm r10, {r5, r7, r9, r10}
+ ldr r0, [sp, #120] @ 4-byte Reload
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [r0, #12]
+ add r0, sp, #1600
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1612]
+ ldr r3, [sp, #1616]
+ ldr r12, [sp, #1620]
+ ldr lr, [sp, #1624]
+ adds r0, r0, r5
+ ldr r5, [sp, #1632]
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1640]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1644]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1628]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1636]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1600]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r6, r11, r6
+ ldr r1, [sp, #1608]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1660]
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1656]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1652]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1648]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1604]
+ adcs r0, r7, r0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #1536
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1596]
+ add r11, sp, #1552
+ add r10, sp, #1536
+ ldr r6, [sp, #1564]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1592]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1588]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1584]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1580]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1576]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1572]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1568]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldm r10, {r5, r7, r9, r10}
+ ldr r0, [sp, #120] @ 4-byte Reload
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [r0, #16]
+ add r0, sp, #1472
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1484]
+ ldr r3, [sp, #1488]
+ ldr r12, [sp, #1492]
+ ldr lr, [sp, #1496]
+ adds r0, r0, r5
+ ldr r5, [sp, #1504]
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1512]
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ ldr r7, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r10
+ ldr r10, [sp, #1516]
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r4
+ ldr r4, [sp, #1500]
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r8
+ ldr r8, [sp, #1508]
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r11
+ ldr r11, [sp, #108] @ 4-byte Reload
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, r6
+ ldr r6, [sp, #1472]
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #16] @ 4-byte Reload
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #20] @ 4-byte Reload
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #24] @ 4-byte Reload
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #44] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adc r0, r0, r1
+ adds r6, r11, r6
+ ldr r1, [sp, #1480]
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #1532]
+ str r6, [sp, #28] @ 4-byte Spill
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1528]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1524]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1520]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1476]
+ adcs r0, r7, r0
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #100] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #32] @ 4-byte Reload
+ str r0, [sp, #104] @ 4-byte Spill
+ ldr r0, [sp, #96] @ 4-byte Reload
+ adcs r0, r0, r2
+ str r0, [sp, #100] @ 4-byte Spill
+ ldr r0, [sp, #92] @ 4-byte Reload
+ adcs r0, r0, r3
+ str r0, [sp, #96] @ 4-byte Spill
+ ldr r0, [sp, #88] @ 4-byte Reload
+ adcs r0, r0, r12
+ str r0, [sp, #92] @ 4-byte Spill
+ ldr r0, [sp, #84] @ 4-byte Reload
+ adcs r0, r0, lr
+ str r0, [sp, #88] @ 4-byte Spill
+ ldr r0, [sp, #80] @ 4-byte Reload
+ adcs r0, r0, r4
+ str r0, [sp, #84] @ 4-byte Spill
+ ldr r0, [sp, #72] @ 4-byte Reload
+ adcs r0, r0, r5
+ str r0, [sp, #80] @ 4-byte Spill
+ ldr r0, [sp, #68] @ 4-byte Reload
+ adcs r0, r0, r8
+ str r0, [sp, #72] @ 4-byte Spill
+ ldr r0, [sp, #64] @ 4-byte Reload
+ adcs r0, r0, r9
+ str r0, [sp, #68] @ 4-byte Spill
+ ldr r0, [sp, #60] @ 4-byte Reload
+ adcs r0, r0, r10
+ str r0, [sp, #64] @ 4-byte Spill
+ ldr r0, [sp, #56] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #36] @ 4-byte Reload
+ str r0, [sp, #60] @ 4-byte Spill
+ ldr r0, [sp, #52] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #40] @ 4-byte Reload
+ str r0, [sp, #56] @ 4-byte Spill
+ ldr r0, [sp, #48] @ 4-byte Reload
+ adcs r0, r0, r1
+ ldr r1, [sp, #124] @ 4-byte Reload
+ str r0, [sp, #52] @ 4-byte Spill
+ ldr r0, [sp, #44] @ 4-byte Reload
+ adc r0, r0, #0
+ str r0, [sp, #48] @ 4-byte Spill
+ ldr r0, [sp, #112] @ 4-byte Reload
+ mul r2, r6, r0
+ add r0, sp, #1408
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #1468]
+ add r11, sp, #1424
+ add r10, sp, #1408
+ ldr r6, [sp, #1436]
+ str r0, [sp, #44] @ 4-byte Spill
+ ldr r0, [sp, #1464]
+ str r0, [sp, #40] @ 4-byte Spill
+ ldr r0, [sp, #1460]
+ str r0, [sp, #36] @ 4-byte Spill
+ ldr r0, [sp, #1456]
+ str r0, [sp, #32] @ 4-byte Spill
+ ldr r0, [sp, #1452]
+ str r0, [sp, #24] @ 4-byte Spill
+ ldr r0, [sp, #1448]
+ str r0, [sp, #20] @ 4-byte Spill
+ ldr r0, [sp, #1444]
+ str r0, [sp, #16] @ 4-byte Spill
+ ldr r0, [sp, #1440]
+ str r0, [sp, #12] @ 4-byte Spill
+ ldm r11, {r4, r8, r11}
+ ldm r10, {r5, r7, r9, r10}
+ ldr r0, [sp, #120] @ 4-byte Reload
+ ldr r1, [sp, #116] @ 4-byte Reload
+ ldr r2, [r0, #20]
+ add r0, sp, #1344
+ bl .LmulPv480x32(PLT)
+ ldr r0, [sp, #28] @ 4-byte Reload
+ ldr r1, [sp, #12] @ 4-byte Reload
+ ldr r2, [sp, #1356]
+ ldr r3, [sp, #1360]
+ ldr r12, [sp, #1364]
+ ldr lr, [sp, #1368]
+ adds r0, r0, r5
+ ldr r5, [sp, #1376]
+ ldr r0, [sp, #108] @ 4-byte Reload
+ adcs r0, r0, r7
+ str r0, [sp, #108] @ 4-byte Spill
+ ldr r0, [sp, #104] @ 4-byte Reload
+ adcs r0, r0, r9
+ ldr r9, [sp, #1384]
+ str r0, [sp, #104]