| Age | Commit message (Collapse) | Author |
|---|
|
The current implementation uses UTF-aware functions
like strings.EqualFold and strings.ToLower.
This could, in some cases, cause http smuggling.
Change-Id: I0e76a993470a1e1b1b472f4b2859ea0a2b22ada0
Reviewed-on: https://go-review.googlesource.com/c/go/+/308009
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Roberto Clapis <roberto@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
|
|
go/build.ImportDir returns a *build.Package with various lists of
files. If a file is invalid for some reason, for example, because it
has a different package name than other files, it's added to
InvalidGoFiles in addition to GoFiles, TestGoFiles, or other lists.
Previously, files with parse errors or build constraint errors were
not included in these lists, which causes problems for tools that use
'go list' since InvalidGoFiles is not printed. With this change, files
with any kind of error are added to one of the GoFiles lists.
Fixes #39986
Change-Id: Iee007b5092293eb4420c8a39ce731805fe32135f
Reviewed-on: https://go-review.googlesource.com/c/go/+/241577
Trust: Jay Conrod <jayconrod@google.com>
Run-TryBot: Jay Conrod <jayconrod@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Bryan C. Mills <bcmills@google.com>
|
|
For #45827
For #39986
Updates #45999
Change-Id: I0c919b6a2e56e7003b90425487eafe0f0eadc609
Reviewed-on: https://go-review.googlesource.com/c/go/+/317299
Trust: Bryan C. Mills <bcmills@google.com>
Run-TryBot: Bryan C. Mills <bcmills@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Jay Conrod <jayconrod@google.com>
|
|
Fiat Cryptography (https://github.com/mit-plv/fiat-crypto) is a project
that produces prime order field implementations (the code that does
arithmetic modulo a prime number) based on a formally verified model.
The formal verification covers some of the most subtle and hard to test
parts of an elliptic curve implementation, like carry chains. It would
probably have prevented #20040 and #43786.
This CL imports a 64-bit implementation of the P-521 base field,
replacing the horribly slow and catastrophically variable time big.Int
CurveParams implementation.
The code in p521_fiat64.go is generated reproducibly by fiat-crypto,
building and running the Dockerfile according to the README.
The code in fiat/p521.go is a thin and idiomatic wrapper around the
fiat-crypto code. It includes an Invert method generated with the help
of github.com/mmcloughlin/addchain.
The code in elliptic/p521.go is a line-by-line port of the CurveParams
implementation. Lsh(x, N) was replaced with repeated Add(x, x) calls.
Mul(x, x) was replaced with Square(x). Mod calls were removed, as all
operations are modulo P. Likewise, Add calls to bring values back to
positive were removed. The ScalarMult ladder implementation is now
constant time, copied from p224ScalarMult. Only other notable changes
are adding a p512Point type to keep (x, y, z) together, and making
addJacobian and doubleJacobian methods on that type, with the usual
receiver semantics to save 4 allocations per step.
This amounts to a proof of concept, and is far from a mature elliptic
curve implementation. Here's a non-exhaustive list of things that need
improvement, most of which are pre-existing issues with crypto/elliptic.
Some of these can be fixed without API change, so can't.
- Marshal and Unmarshal still use the slow, variable time big.Int
arithmetic. The Curve interface does not expose field operations, so
we'll have to make our own abstraction.
- Point addition uses an incomplete Jacobian formula, which has variable
time behaviors for points at infinity and equal points. There are
better, complete formulae these days, but I wanted to keep this CL
reviewable against the existing code.
- The scalar multiplication ladder is still heavily variable time. This
is easy to fix and I'll do it in a follow-up CL, but I wanted to keep
this one easier to review.
- Fundamentally, values have to go in and out of big.Int representation
when they pass through the Curve interface, which is both slow and
slightly variable-time.
- There is no scalar field implementation, so crypto/ecdsa ends up using
big.Int for signing.
- Extending this to P-384 would involve either duplicating all P-521
code, or coming up with some lower-level interfaces for the base
field. Even better, generics, which would maybe let us save heap
allocations due to virtual calls.
- The readability and idiomaticity of the autogenerated code can
improve, although we have a clear abstraction and well-enforced
contract, which makes it unlikely we'll have to resort to manually
modifying the code. See mit-plv/fiat-crypto#949.
- We could also have a 32-bit implementation, since it's almost free to
have fiat-crypto generate one.
Anyway, it's definitely better than CurveParams, and definitely faster.
name old time/op new time/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P521-8 4.18ms ± 3% 0.86ms ± 2% -79.50% (p=0.000 n=10+9)
ScalarMult/P521-8 4.17ms ± 2% 0.85ms ± 6% -79.68% (p=0.000 n=10+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P521-8 4.23ms ± 1% 0.94ms ± 0% -77.70% (p=0.000 n=9+8)
Verify/P521-8 8.31ms ± 2% 1.75ms ± 4% -78.99% (p=0.000 n=9+10)
GenerateKey/P521-8 4.15ms ± 2% 0.85ms ± 2% -79.49% (p=0.000 n=10+9)
name old alloc/op new alloc/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P521-8 3.06MB ± 3% 0.00MB ± 0% -99.97% (p=0.000 n=10+10)
ScalarMult/P521-8 3.05MB ± 1% 0.00MB ± 0% -99.97% (p=0.000 n=9+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P521-8 3.03MB ± 0% 0.01MB ± 0% -99.74% (p=0.000 n=10+8)
Verify/P521-8 6.06MB ± 1% 0.00MB ± 0% -99.93% (p=0.000 n=9+9)
GenerateKey/P521-8 3.02MB ± 0% 0.00MB ± 0% -99.96% (p=0.000 n=9+10)
name old allocs/op new allocs/op delta
pkg:crypto/elliptic goos:darwin goarch:arm64
ScalarBaseMult/P521-8 19.8k ± 3% 0.0k ± 0% -99.95% (p=0.000 n=10+10)
ScalarMult/P521-8 19.7k ± 1% 0.0k ± 0% -99.95% (p=0.000 n=9+10)
pkg:crypto/ecdsa goos:darwin goarch:arm64
Sign/P521-8 19.6k ± 0% 0.1k ± 0% -99.63% (p=0.000 n=10+10)
Verify/P521-8 39.2k ± 1% 0.1k ± 0% -99.84% (p=0.000 n=9+10)
GenerateKey/P521-8 19.5k ± 0% 0.0k ± 0% -99.91% (p=0.000 n=9+10)
Updates #40171
Change-Id: Ic898b09a2388382bf51ec007d9a79d72d44efe10
Reviewed-on: https://go-review.googlesource.com/c/go/+/315271
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
Trust: Katie Hockman <katie@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
|
|
CL 276272 accidentally skipped everything in TestStdlib while trying to
skip nested submodules of std and cmd.
For now, narrow the skip to just the problematic submodule rather than
trying to generalize. We can re-evaluate if it becomes a pattern to
vendor submodules in this way.
Fixes #46027
Change-Id: Ib355ff80dfbf17c3cf37d128a2f48d4216305267
Reviewed-on: https://go-review.googlesource.com/c/go/+/317869
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
The fix for #45985 is a little subtle. Start by committing the (bad)
test case.
For #45985
Change-Id: Ia6625818e9b1c5e869b2c2f724f817c13c9944d1
Reviewed-on: https://go-review.googlesource.com/c/go/+/317471
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Our workaround to get and set types.Info._Inferred makes it harder to
experiment with the new APIs in x/tools.
Instead, just make a copy of the types.Info struct, so that the Inferred
field is accessible when the typeparams build tag is set.
This is a trivially safe change: the only change when not building with
-tags=typeparams is that types.Info._Inferred is removed, and accessing
inferred type information goes through an additional layer of
indirection.
For #46003
Change-Id: I38f2bbb2c80aed28be31d0fe762ccead970476ca
Reviewed-on: https://go-review.googlesource.com/c/go/+/317549
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
When parsing type parameters, an empty type instantiation was parsed as
an IndexExpr with nil Index. This should be considered a breaking change
to parsing: ast.Walk previously assumed that Index was non-nil.
Back out the nil check in ast.Walk, and for now pack an empty argument
list as a non-nil ListExpr with nil Elems.
Alternatives considered:
- Parsing the entire index expression as a BadExpr: this led to
inferior errors while type checking.
- Parsing the Index as a BadExpr: this seems reasonable, but encodes
strictly less information into the AST.
We may want to opt for one of these alternatives in the future, but for
now let's just fix the breaking change.
Change-Id: I93f2b89641692ac014b8ee98bfa031ed3477afb8
Reviewed-on: https://go-review.googlesource.com/c/go/+/315851
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This change replaces the crypto/ed25519/internal/edwards25519 package
with code from filippo.io/edwards25519, a significantly faster, safer,
well tested (over 1600 lines of new tests, 99% test coverage), and
better documented (600 lines of new comments) implementation.
Some highlights:
* an unsaturated 51-bit limb field implementation optimized for 64-bit
architectures and math/bits.Mul64 intrinsics
* more efficient variable time scalar multiplication using multi-width
non-adjacent form with a larger lookup table for fixed-base
* a safe math/big.Int-like API for the Scalar, Point, and field.Element
types with fully abstracted reduction invariants
* a test suite including a testing/quick fuzzer that explores edge case
values that would be impossible to hit randomly, and systematic tests
for arguments and receiver aliasing
* point decoding rules that strictly match the original logic of
crypto/ed25519/internal/edwards25519, to avoid consensus issues
* AssemblyPolicy-compliant assembly cores for arm64 and amd64, the
former under 20 lines, and the latter generated by a program based on
github.com/mmcloughlin/avo that can be reviewed line-by-line against
the generic implementation
Intel(R) Core(TM) i5-7400 CPU @ 3.00GHz
name old time/op new time/op delta
KeyGeneration-4 59.5µs ± 1% 26.1µs ± 1% -56.20% (p=0.000 n=10+10)
NewKeyFromSeed-4 59.3µs ± 1% 25.8µs ± 1% -56.48% (p=0.000 n=9+10)
Signing-4 60.4µs ± 1% 31.4µs ± 1% -48.05% (p=0.000 n=10+10)
Verification-4 169µs ± 1% 73µs ± 2% -56.55% (p=0.000 n=10+10)
Apple M1
name old time/op new time/op delta
KeyGeneration-8 35.1µs ± 0% 20.2µs ± 2% -42.46% (p=0.000 n=8+10)
NewKeyFromSeed-8 35.1µs ± 0% 20.0µs ± 1% -42.93% (p=0.000 n=8+9)
Signing-8 36.2µs ± 0% 25.6µs ± 1% -29.25% (p=0.000 n=8+9)
Verification-8 96.1µs ± 0% 57.6µs ± 1% -40.14% (p=0.000 n=10+10)
The code in this CL is a copy of the filippo.io/edwards25519 module at
version v1.0.0-beta.3.0.20210405211453-c6be47d67779 with only the
following functions removed as irrelevant to crypto/ed25519:
- (*Point).BytesMontgomery()
- (*Point).MultByCofactor()
- (*Scalar).Invert()
- (*Point).MultiScalarMult()
- (*Point).VarTimeMultiScalarMult()
This codebase took a long journey outside the standard library before
making its way back here. Its oldest parts started as a faster field
implementation rewrite by George Tankersley almost four years ago,
eventually submitted as CL 71950 but never merged. That code was then
merged into github.com/gtank/ristretto255, which also started as an
internal/edwards25519 fork. There it was worked on by me, George, and
Henry de Valence as a backend for our Go ristretto255 implementation.
Finally, I extracted the edwards25519 code into a reusable package as
filippo.io/edwards25519.
Now, we're ready for the standard library to become the source of truth
for this code again, while filippo.io/edwards25519 will become a
re-packaged and extended version for external use, since we don't want
to expose unsafe curve operations in x/crypto or the standard library.
Submitted under the Google CLA on behalf of:
- Henry de Valence
https://github.com/gtank/ristretto255/issues/34
- George Tankersley
https://golang.org/cl/71950
https://github.com/gtank/ristretto255-private/issues/28
- Luke Champine
https://github.com/FiloSottile/edwards25519/pull/7
- Adrian Hamelink
https://github.com/FiloSottile/edwards25519/pull/12
Changes 32506b5 and 18c803c are trivial and don't require a CLA.
The full history of this code since diverging from internal/edwards25519
is available at https://github.com/FiloSottile/edwards25519, and
summarized below.
+ c6be47d - edwards25519: update TestScalarSetBytesWithClamping <Filippo Valsorda>
+ c882e8e - edwards25519: rewrite amd64 assembly with avo <Filippo Valsorda>
+ 8eb02eb - edwards25519: refactor feMulGeneric and feSquareGeneric <Filippo Valsorda>
+ 8afd860 - edwards25519: remove Go 1.12 compatibility hack <Filippo Valsorda>
+ 1765c13 - edwards25519: don't clobber BP in amd64 assembly <Filippo Valsorda>
+ b73a7c8 - edwards25519: fix ScalarMult when receiver is not the identity (FiloSottile/edwards25519#12) <Adrian Hamelink>
+ 32a46d7 - edwards25519: document why this can't implement X25519 <Filippo Valsorda>
+ c547797 - edwards25519: make SqrtRatio slightly more efficient <Filippo Valsorda>
+ 700f4f4 - edwards25519: panic if an uninitialized Point is used <Filippo Valsorda>
+ d791cf8 - edwards25519: use testing.AllocsPerRun for TestAllocations <Filippo Valsorda>
+ 8cc8037 - edwards25519: smooth a couple test coverage rough edges <Filippo Valsorda>
+ 9063a14 - edwards25519: test that operations cause zero heap allocations <Filippo Valsorda>
+ 6944ac7 - edwards25519: relax the limb schedule slightly <Filippo Valsorda>
+ 21ebdac - edwards25519: rewrite carryPropagate in arm64 assembly <Filippo Valsorda>
+ a260082 - edwards25519: merge carryPropagate[12] <Filippo Valsorda>
+ dbe1792 - edwards25519: add TestScalarSetBytesWithClamping <Filippo Valsorda>
+ c1fe95a - edwards25519: add MultByCofactor <Filippo Valsorda>
+ 132d95c - edwards25519: sprinkle on-curve checks around tests <Filippo Valsorda>
+ ffb3e31 - edwards25519: specify the behavior of Invert(0) and I.BytesMontgomery() <Filippo Valsorda>
+ 9e6a931 - edwards25519: add (*Scalar).MultiplyAdd <lukechampine>
+ 3b045f3 - edwards25519: outline (*Point).Bytes (FiloSottile/edwards25519#6) <Luke Champine>
+ ec6f8a6 - edwards25519: make (*Scalar).SetCanonicalBytes return the receiver <Filippo Valsorda>
+ 77d7b31 - edwards25519: add (*Point).BytesMontgomery <Filippo Valsorda>
+ 6e8d645 - edwards25519: implement (*Point).Bytes and (*Point).SetBytes <Filippo Valsorda>
+ 1c833da - edwards25519: clarify ScalarBaseMult docs <Filippo Valsorda>
+ 3a13cf1 - edwards25519: apply gc build tag <Filippo Valsorda>
+ 90c35a7 - edwards25519: hide FieldElement and (*Point).ExtendedCoords <Filippo Valsorda>
+ 498fb1e - edwards25519: replace FillBytes with Bytes, again <Filippo Valsorda>
+ 9c7303a - edwards25519: remove (*Point).Identity and (*Point).Generator <Filippo Valsorda>
+ 2e52ce2 - edwards25519: drop unused (*Scalar).Zero <Filippo Valsorda>
+ 7c14a36 - edwards25519: rename FromBytes to SetBytes <Filippo Valsorda>
+ e3d0e45 - edwards25519: ensure only test files import math/big <Filippo Valsorda>
+ daa2507 - edwards25519: minor doc and string touch-ups <Filippo Valsorda>
+ e8698cd - edwards25519: implement (*Scalar).FromBytesWithClamping <Filippo Valsorda>
+ f28d75a - edwards25519: change constructors <Filippo Valsorda>
+ 36d8598 - edwards25519: test the invariant that Scalars are always reduced <Filippo Valsorda>
+ feed48c - edwards25519: cleanup the FieldElement API <Filippo Valsorda>
+ f6ee187 - edwards25519: make Point opaque <Filippo Valsorda>
+ 176388b - edwards25519: cleanup Scalar API to match ristretto255 <Filippo Valsorda>
+ c5c2e9e - edwards25519: rename ProjP3 to Point and unexport other point types <Filippo Valsorda>
+ 8542076 - edwards25519: add Scalar aliasing test <Filippo Valsorda>
+ 1a86a9c - edwards25519: make Scalar opaque <Filippo Valsorda>
+ 07a7683 - edwards25519: hide some more exposed symbols <Filippo Valsorda>
+ d3569cb - all: flatten the package and make FieldElement opaque <Filippo Valsorda>
+ 6f5f582 - all: expose edwards25519, base, and scalar packages <Filippo Valsorda>
+ 7ab4a68 - all: ensure compatibility with older Go versions <Filippo Valsorda>
+ e9b8baa - internal/radix51: implement (*FieldElement).Mul32 <Filippo Valsorda>
+ eac4de5 - internal/radix51: restructure according to golang.org/wiki/TargetSpecific <Filippo Valsorda>
+ 32506b5 - internal/radix51: fix !amd64 build (lightReduce -> carryPropagate) (gtank/ristretto255#29) <Sunny Aggarwal>
+ d64d989 - internal/scalar: fix FromUniformBytes <Filippo Valsorda>
+ 044bb44 - internal/scalar: address review comments <Filippo Valsorda>
+ 7dba54f - all: apply suggestions from code review <Filippo Valsorda>
+ 94bd1d9 - ristretto255: expose scalar multiplication APIs <Filippo Valsorda>
+ 5bd5476 - internal/edwards25519: fix shadowing of B in TestAddSubNegOnBasePoint <Filippo Valsorda>
+ 66bf647 - internal/scalar: replace FromBytes/IsCanonical with FromUniformBytes/FromCanonicalBytes <Filippo Valsorda>
+ 024f3f7 - internal/edwards25519,internal/scalar: apply some Go style touches <Filippo Valsorda>
+ 5e0c5c6 - internal/scalar: add scalar inversion <Henry de Valence>
+ 74fd625 - internal/ed25519: rearrange VartimeDoubleBaseMul args <Henry de Valence>
+ 81ae7ea - internal/ed25519: add benchmarks for scalar mul <Henry de Valence>
+ 9f1f939 - internal/ed25519: add variable-time multiscalar mul <Henry de Valence>
+ 7a96974 - internal/ed25519: add vartime double-base scmul <Henry de Valence>
+ 2bc256c - internal/ed25519: add precomputed NAF table for basepoint <Henry de Valence>
+ a0f0b96 - internal/ed25519: lower quickcheck size for point ops <Henry de Valence>
+ 2f385a1 - internal/ed25519: implement MultiscalarMul <Henry de Valence>
+ 8ae211b - internal/ed25519: implement BasepointMul <Henry de Valence>
+ 7b4858d - internal/ed25519: extract common test variables <Henry de Valence>
+ 16e7c48 - internal/ed25519: add a basepoint multiple table. <Henry de Valence>
+ 988e521 - internal/ed25519: add constant-time variable-base scmul. <Henry de Valence>
+ b695f6b - internal/ed25519: move basepoint constant & correct it <Henry de Valence>
+ ddd014e - internal/scalar: fix high bit check <Henry de Valence>
+ c88ea89 - internal/scalar: make casts clearer <Henry de Valence>
+ b75f989 - internal/scalar: add invariant checks on Scalar digits <Henry de Valence>
+ 36216ca - internal/scalar: use one scMulAdd for Sub <Henry de Valence>
+ 8bf40f3 - internal/scalar: fix constant-time signed radix 16 implementation <Henry de Valence>
+ e6d9ef6 - Update internal/radix51/fe_test.go <Filippo Valsorda>
+ 3aa63de - Update internal/radix51/fe_test.go <Filippo Valsorda>
+ 3e66ff0 - Update internal/radix51/fe_test.go <Filippo Valsorda>
+ 94e6c15 - internal/ed25519: add TODO note and doc ref <Henry de Valence>
+ 3647548 - internal/ed25519: rename twoD to D2 <Henry de Valence>
+ 1cf853c - internal/ed25519: add lookup tables for scalar mul. <Henry de Valence>
+ 3af304a - internal/radix51: add a conditional swap <Henry de Valence>
+ 4673217 - ristretto255: use multi-model arithmetic <Henry de Valence>
+ cca757a - internal/ed25519: remove single-model code <Henry de Valence>
+ d26e77b - internal/ed25519: add addition for Edwards points <Henry de Valence>
+ e0fbb35 - internal/ed25519: use twoD <Henry de Valence>
+ fd9b37b - internal/ed25519: add tests for multi-model point types. <Henry de Valence>
+ dacabb0 - internal/ed25519: add multi-model point types. <Henry de Valence>
+ dddc72e - internal/scalar: add constant-time signed radix 16 <Henry de Valence>
+ 92cdb35 - internal/scalar: add non-adjacent form <Henry de Valence>
+ d147963 - internal/scalar: don't zero memory that is about to be copied over <George Tankersley>
+ 8da186c - internal/scalar: add scalar field implementation <George Tankersley>
+ f38e583 - internal/radix51: add a "weird" testing/quick generation strategy <Filippo Valsorda>
+ 6454f61 - Move comment inside function <Henry de Valence>
+ 1983365 - implement Add, Sub, Neg for ed25519 and ristretto255 points. <Henry de Valence>
+ 9f25562 - internal/group: rename to internal/edwards25519 <Filippo Valsorda>
+ 48e66d3 - internal/group: restore ScalarMult code <Filippo Valsorda>
+ 0078d66 - internal/radix51: rename lightReduce to carryPropagate and touch up docs <Filippo Valsorda>
+ 05f4107 - internal/radix51: add benchmarks <Filippo Valsorda>
+ fd36334 - internal/radix51: test that operations don't exceed bounds <Filippo Valsorda>
+ 703421d - internal/radix51: make Generate produce random light-reduced elements <Filippo Valsorda>
+ f8d8297 - internal/radix51: simplify lightReduce <Filippo Valsorda>
+ 413120f - internal/radix51: minor tests cleanup <Filippo Valsorda>
+ abc8c5a - internal/radix51: make reduction an invariant and unexport Reduce <Filippo Valsorda>
+ 4fd198d - internal/radix51: actually apply go:noescape <Filippo Valsorda>
+ 18c803c - all: fix typos <Dimitris Apostolou>
+ bbfe059 - internal/radix51: test field encoding roundtrip with fixed vectors <George Tankersley>
+ c428b18 - internal/radix51: rename AppendBytes to Bytes <Filippo Valsorda>
+ c59bc1a - internal/radix51: rewrite FromBytes and AppendBytes with encoding/binary <Filippo Valsorda>
+ 57c0cd5 - internal/radix51: add docs and some light readability refactors <Filippo Valsorda>
+ cb1b734 - internal/radix51: remove unused (and a bit broken) SetInt <Filippo Valsorda>
+ beb8abd - internal/radix51: refactor ToBig and FromBig <Filippo Valsorda>
+ 87c0a53 - internal/radix51: replace ToBytes with AppendBytes <Filippo Valsorda>
+ b7e1e45 - internal/radix51: fix aliasing bug in CondNeg (gtank/ristretto255#21) <George Tankersley>
+ ed3748d - internal/radix51: actually, uhm, check the result of TestAliasing <Filippo Valsorda>
+ ec0e293 - radix51: change API of FromBytes and ToBytes to use slices <George Tankersley>
+ 29f6815 - internal/radix51: test all combinations of argument and receiver aliasing <Filippo Valsorda>
+ cd53d90 - internal/radix51: add property-based tests that multiplication distributes over addition <Henry de Valence>
+ c3bc45f - radix51: use go1.12 intrinsics for 128-bit multiplications <George Tankersley>
+ 7e7043e - internal/radix51: define a mask64Bits constant <Filippo Valsorda>
+ 4fdd06d - internal/group: set Z to 1, not 0 in FromAffine <Filippo Valsorda>
+ ffa7be7 - internal/group: fix typo <Filippo Valsorda>
+ 1f452ac - internal/group: derive twoD from D <Filippo Valsorda>
+ 2424c78 - internal/radix51: add MinusOne <Filippo Valsorda>
+ 76978fc - internal/group: make conversion APIs caller-allocated <Filippo Valsorda>
+ d17d202 - internal/group: rewrite DoubleZ1 because stack is cheaper than mental state <Filippo Valsorda>
+ 72b97c1 - internal: make all APIs chainable <Filippo Valsorda>
+ 993d979 - internal/radix51: make all APIs not consider the receiver an input <Filippo Valsorda>
+ b2a1d7d - all: refactor field API to be methods based <Filippo Valsorda>
+ cdf9b90 - internal/radix51: add constant time field operations <Filippo Valsorda>
+ e490a48 - internal/radix51: remove FeEqual <Filippo Valsorda>
+ 2de114c - internal/radix51: remove FeCSwap <Filippo Valsorda>
+ 08b80c1 - make things more generally presentable <George Tankersley>
+ 2178536 - Cache the field representation of d <George Tankersley>
+ 4135059 - Remove 32-bit code and update license. <George Tankersley>
+ 5d95cb3 - Use Bits() for FeToBig. <George Tankersley>
+ 146e33c - Implement ScalarMult using Montgomery pattern and dedicated extended-coordinates doubling. This will be slow. <George Tankersley>
+ 12a673a - use faster FeFromBig & a horrible assortment of other random changes <George Tankersley>
+ 901f40c - group logic WIP <George Tankersley>
+ a9c89cd - add equality for field elements <George Tankersley>
+ 214873b - Add radix51 FieldElement implementation <George Tankersley>
+ 8fd5cae - Implement an elliptic.Curve for ed25519 <George Tankersley>
Change-Id: Ifbcdd13e8b6304f9906c0ef2b73f1fdc493a7dfa
Co-authored-by: George Tankersley <george.tankersley@gmail.com>
Co-authored-by: Henry de Valence <hdevalence@hdevalence.ca>
Reviewed-on: https://go-review.googlesource.com/c/go/+/276272
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>
Trust: Katie Hockman <katie@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
|
|
This is a port of CL 317329 to go/types.
Change-Id: I1ba65284c91044f0ceed536da4149ef25e1f9502
Reviewed-on: https://go-review.googlesource.com/c/go/+/317291
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Updates #44933.
Change-Id: I0c4c2a54f67b47771f4fa59f11c47fa7b0dde799
Reviewed-on: https://go-review.googlesource.com/c/go/+/317029
Trust: Matthew Dempsky <mdempsky@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
|
|
This is a port of CL 315729 to go/types, adjusted for the slightly
different test set-up in go/types.
Added a TODO to reconcile these differences.
Change-Id: I71cae712d8fc23b7311ce35e09168b258e07fa35
Reviewed-on: https://go-review.googlesource.com/c/go/+/315850
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a 1:1 port of CL 315689 to go/types.
Change-Id: If71186b3719be8433c9d21b22c51ffde2cadd55b
Reviewed-on: https://go-review.googlesource.com/c/go/+/315849
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a port of CL 315169 to go/types. It uses a slightly different
mechanism for evaluating the convertibility error message, to be
consistent with operand.assignableTo.
Change-Id: Iea2e2a9fbb4cf17d472b2b7392786118e079528a
Reviewed-on: https://go-review.googlesource.com/c/go/+/315809
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Sort the comment map entries before printing.
Makes it easier to use the output for debugging.
For #39753.
Change-Id: Ic8e7d27dd2df59173e2c3a04a6b71ae966703885
Reviewed-on: https://go-review.googlesource.com/c/go/+/315370
Trust: Robert Griesemer <gri@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
|
|
The original value was rounded too early, which lead to the
surprising behavior that float64(math.SmallestNonzeroFloat64 / 2)
wasn't 0. That is, the exact compile-time computation of
math.SmallestNonzeroFloat64 / 2 resulted in a value that was
rounded up when converting to float64. To address this, added 3
more digits to the mantissa, ending in a 0.
While at it, also slightly increased the precision of MaxFloat64
to end in a 0.
Computed exact values via https://play.golang.org/p/yt4KTpIx_wP.
Added a test to verify expected behavior.
In contrast to the other (irrational) constants, expanding these
extreme values to more digits is unlikely to be important as they
are not going to appear in numeric computations except for tests
verifying their correctness (as is the case here).
Re-enabled a disabled test in go/types and types2.
Updates #44057.
Fixes #44058.
Change-Id: I8f363155e02331354e929beabe993c8d8de75646
Reviewed-on: https://go-review.googlesource.com/c/go/+/315170
Trust: Robert Griesemer <gri@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
|
|
Add some test data files that were not included in go/types.
- Issue 43125 only pertained to types2 because go/ast differentiates
StarExpr, UnaryExpr, and BinaryExpr, so typexpr.go was already
catching the invalid type expressions.
- Issues 42987 and 43190 are handled differently by go/parser.
- main.go2 was not added when ported to go/types, because this work
happened on the dev.regabi branch, which didn't support generics.
Test files are modified to adjust errors messages and positions, and to
update the copyright year.
Change-Id: Ia737eaab9afb2b59600b661ccf3eec3cbbb2d66c
Reviewed-on: https://go-review.googlesource.com/c/go/+/315070
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This CL is a mix of CL 312149 and CL 314409, adding the
Checker.singleIndex method to provide better error messages when an
unexpected ListExpr is encountered.
Change-Id: I45d6de9b4dfc299dc2d356ca14d05c9191de818d
Reviewed-on: https://go-review.googlesource.com/c/go/+/314869
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Over this cycle some error code values have changed due to codes being
added/removed. This is probably OK to do once more before we export
error codes in a later Go version, but for now let's keep them stable.
Move things around to correct the changes, and update comments in
errorcodes.go to make it clearer that new codes should be added at the
end.
Change-Id: Id32827ef1a72cfd876ccc039da11d0a1be7470e9
Reviewed-on: https://go-review.googlesource.com/c/go/+/314830
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Having multiple subdirectories of go/types containing test data is
slightly problematic:
- If ever we were to include a .go file in one of these directories,
we'd inadvertently create a visible package.
- It's difficult to add other content in testdata/, since TestTestdata
scans the entire directory.
Move everything down a level, into testdata/{fixedbugs,examples,check},
and update tests accordingly.
Change-Id: Idd074c94b7b261d678934330539e41a48c2a9dc9
Reviewed-on: https://go-review.googlesource.com/c/go/+/314829
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a 1:1 port of CL 313650 to go/types.
Change-Id: Iec01ac2831f21162d9977a139549e081ee769f90
Reviewed-on: https://go-review.googlesource.com/c/go/+/314631
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a port of CL 312170 to go/types, adjusted to use go/ast and to
add error codes. go/parser already emits errors for non-identifiers on
the LHS of a short var decl, so a TODO is added to reconsider this
redundancy.
A new error code is added for repeated identifiers in short var decls.
This is a bit specific, but I considered it to be a unique kind of
error.
The x/tools tests for this port turned up a bug: the new logic failed to
call recordDef for blank identifiers. Patchset #2 contains the fix for
this bug, both in go/types and cmd/compile/internal/types2.
Change-Id: Ibdc40b8b4ad0e0696111d431682e1f1056fd5eeb
Reviewed-on: https://go-review.googlesource.com/c/go/+/314629
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a 1:1 port of CL 311651 to go/types.
Change-Id: I9d91b45cc5fa7ce686d6a91d4dde274d9f80e0d7
Reviewed-on: https://go-review.googlesource.com/c/go/+/314595
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a 1:1 port of CL 309830 to go/types.
Change-Id: Ibf709f8194dd5e93a87145e5f9db674ce93af529
Reviewed-on: https://go-review.googlesource.com/c/go/+/314594
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a port of CL 308973. The only change is to remove a TODO at
inference.go2:100 to improve the error position. The go/types error
position is fine.
Change-Id: Ibf61f3458adde91dec9c7531cbd892ca654a5497
Reviewed-on: https://go-review.googlesource.com/c/go/+/314593
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a port of CL 308372 to go/types. The only meaningful change was
to add TODOs to improve the positioning error messages.
Change-Id: I8314615d0851a59c2b5fd30eb897d581652eacc3
Reviewed-on: https://go-review.googlesource.com/c/go/+/314435
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is a port of CL 308371 to go/types. The only meaningful change from
that CL is to use explicit return values in Checker.indexExpr, which I
felt was more readable. I made the same change in types2 to keep them in
sync
Change-Id: I3380c03fe49d3bf4167cadad305abe942785af19
Reviewed-on: https://go-review.googlesource.com/c/go/+/314432
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
benchmarks
This CL adds a new flag to the testing package and the go test command
which randomizes the execution order for tests and benchmarks.
This can be useful for identifying unwanted dependencies
between test or benchmark functions.
The flag is off by default. If `-shuffle` is set to `on` then the system
clock will be used as the seed value. If `-shuffle` is set to an integer
N, then N will be used as the seed value. In both cases, the seed will
be reported for failed runs so that they can reproduced later on.
Fixes #28592
Change-Id: I62e7dfae5f63f97a0cbd7830ea844d9f7beac335
Reviewed-on: https://go-review.googlesource.com/c/go/+/310033
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Emmanuel Odeke <emmanuel@orijtech.com>
Trust: Bryan C. Mills <bcmills@google.com>
|
|
This is a port of CL 308370 to go/types. There are some differences in
the index checking code, but the methodology for moving the code was the
same: replace `goto Error` with `x.mode = invalid; return`.
Change-Id: I880f577a7720e6ad8a5b096207001fcf7620396d
Reviewed-on: https://go-review.googlesource.com/c/go/+/312095
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
• fix some typos
• remove superfluous conversions/parentheses
• remove superfluous nil checks
Change-Id: I428bf6a7be551b79270567047878c3076dd6f2ff
GitHub-Last-Rev: 3b1c7573cfdf89ac184fd6ae44bca4be78b0cd64
GitHub-Pull-Request: golang/go#45799
Reviewed-on: https://go-review.googlesource.com/c/go/+/314069
Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
|
|
While profiling parsing, I noticed that scanIdentifier was extremely
hot, and could be optimized: it is responsible for a significant
fraction of scanning and had a lot of unnecessary branching, bounds
checks, and function calls.
This CL implements some of those optimizations, while trying to strike a
balance between optimization and readability. It achieves this by
optimizing for the common case of ASCII identifiers, falling back on the
slower scan when encountering the first non-ASCII character.
Benchmark results:
name old time/op new time/op delta
Scan-12 16.9µs ± 4% 15.8µs ± 5% -6.92% (p=0.000 n=20+18)
ScanFiles/go/types/expr.go-12 793µs ± 4% 672µs ± 6% -15.23% (p=0.000 n=20+20)
ScanFiles/go/parser/parser.go-12 1.08ms ± 6% 0.90ms ± 4% -16.68% (p=0.000 n=20+20)
ScanFiles/net/http/server.go-12 1.44ms ± 4% 1.23ms ± 5% -14.58% (p=0.000 n=18+20)
ScanFiles/go/scanner/errors.go-12 40.7µs ± 2% 32.6µs ± 3% -20.01% (p=0.000 n=19+20)
Change-Id: If78380004248e3ea75cfc78eb7f38f528124dced
Reviewed-on: https://go-review.googlesource.com/c/go/+/308611
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
BenchmarkScanFile was scanning scanner.go, which makes comparison
difficult for a CL modifying that file. That file is also is not
necessarily representative syntax.
Add a few additional files as subtests to provide a larger variety of
metrics.
Change-Id: Ib78303c2546debd84a0b5478ae438ba891d9e6e9
Reviewed-on: https://go-review.googlesource.com/c/go/+/308610
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Change-Id: I73d1b2d18ab4051443d66c60df493d1163d0ba3f
Reviewed-on: https://go-review.googlesource.com/c/go/+/306150
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
As an alternative to CL 312149, add a catch-all error message in
exprInternal when encountering a ListExpr, rather than panicking.
We still might want something like CL 312149 to improve the error
message or recovery from bad indexing.
Change-Id: I865f7cc4eefa4a3b7bd8f3100df96d0144e1712f
Reviewed-on: https://go-review.googlesource.com/c/go/+/313909
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
CL 209578 disambiguated paths among imported packages, but as
demonstrated in #43119, formatted types may reference packages that are
not directly imported.
Fix this by recursively walking all imports to determine whether there
is any ambiguity in the import graph. This might result in
over-qualification of names, but it is straightforward and should
eliminate any ambiguity.
In general this should be fine, but might introduce risk of infinite
recursion in the case of an importer bug, or performance problems for
very large import graphs. Mitigate the former by tracking seen packages,
and the latter by only walking the import graph once an error has been
produced.
Fixes #43119
Change-Id: If874f050ad0e808db8e354c2ffc88bc6d64fd277
Reviewed-on: https://go-review.googlesource.com/c/go/+/313035
Trust: Robert Findley <rfindley@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
Updates #19367.
Updates #40481.
Change-Id: Id2b2d2e3e716f91f0dd9e5102689a1ba90a819e4
Reviewed-on: https://go-review.googlesource.com/c/go/+/312213
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Trust: Matthew Dempsky <mdempsky@google.com>
Trust: Robert Griesemer <gri@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
|
|
Follow up to CL 312591, which was stumping rfindley and I for a
while. Credit to him for figuring out a repro and explaining the
correct solution.
Change-Id: Ib8578bba05f60fc41d382c34c5266d815441e7a1
Reviewed-on: https://go-review.googlesource.com/c/go/+/312790
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
Trust: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
|
|
A couple minor spec compliance issues: constant, typed index operands
must still be representable as type "int", but should also be recorded
as their original type.
Fixes #45667.
Change-Id: Iefeb29f20a8e48350af83a62c9ae0e92198c5ef7
Reviewed-on: https://go-review.googlesource.com/c/go/+/312591
Trust: Matthew Dempsky <mdempsky@google.com>
Trust: Robert Griesemer <gri@golang.org>
Run-TryBot: Matthew Dempsky <mdempsky@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This test was unnecessarily commented out in CL 312190: re-enable it and
update its assertions.
Change-Id: Ic08563e25c9b05a8e35d67690f5d27a761133266
Reviewed-on: https://go-review.googlesource.com/c/go/+/312097
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
|
This is an exact port of CL 307949 to go/types.
Change-Id: I796f3030a86d76deb80e58bb547460b586480911
Reviewed-on: https://go-review.googlesource.com/c/go/+/312096
Trust: Robert Findley <rfindley@google.com>
Run-TryBot: Robert Findley <rfindley@google.com>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Robert Griesemer <gri@golang.org>
|
