[libreriscv.git] / openpower / sv / bitmanip.mdwn

[[!tag standards]]

# bitmanipulation

**DRAFT STATUS**

this extension amalgamates bitnanipulation primitives from many sources, including RISC-V bitmanip, Packed SIMD, AVX-512 and OpenPOWER VSX.  Vectorisation and SIMD are removed: these are straight scalar (element) operations making them suitable for embedded applications.
Vectorisation Context is provided by [[openpower/sv]].


ternaryv is experimental and is the only operation that may be considered a "Packed SIMD".  It is added as a variant of the already well-justified ternary operation (done in AVX512 as an immediate only) "because it looks fun". As it is based on the LUT4 concept it will allow accelerated emulation of FPGAs.  Other vendors of ISAs are buying FPGA companies to achieve a similar objective.

general-purpose Galois Field operations are added so as to avoid huge opcode proliferation across many areas of Computer Science.  however for convenience and also to avoid setup costs, some of the more common operations (clmul, crc32) are also added.  The expectation is that these operations would all be covered by the same pipeline.

note that there are brownfield spaces below that could incorporate some of the set-before-first and other operations.

# summary

minor opcode allocation

    |  28.30 |31| name      |
    | ------ |--| --------- |
    |   00   |Rc| ternaryi  |
    |  001   |Rc| ternary   |
    |  010   |Rc| bitmask   |
    |  011   |Rc| gf*       |
    |  101   |1 | ternaryv  |
    |  101   |0 | ternarycr |
    |  110   |Rc| 1/2-op    |
    |  111   |Rc| 3-op      |

1-op and variants

| dest | src1 | subop | op       |
| ---- | ---- | ----- | -------- |
| RT   | RA   | ..    | bmatflip | 

2-op and variants

| dest | src1 | src2 | subop | op       |
| ---- | ---- | ---- | ----- | -------- |
| RT   | RA   | RB   | or    | bmatflip | 
| RT   | RA   | RB   | xor   | bmatflip | 
| RT   | RA   | RB   | bdep  | dep/ext  | 
| RT   | RA   | RB   | bext  | dep/ext  | 
| RT   | RA   | RB   |       | grev  |
| RT   | RA   | RB   |       | clmul*  |
| RT   | RA   | RB   |       | gorc |  
| RT   | RA   | RB   | shuf  | shuffle | 
| RT   | RA   | RB   | unshuf| shuffle | 
| RT   | RA   | RB   | width | xperm  | 
| RT   | RA   | RB   | type | minmax | 
| RT   | RA   | RB   |  |  | 
| RT   | RA   | RB   |  |  | 
| RT   | RA   | RB   |  |  | 

3 ops 

* bitmask set/extract
* ternary bitops
* GF

| 0.5|6.10|11.15|16.20|21..25 | 26....30 |31| name |
| -- | -- | --- | --- | ----- | -------- |--| ------ |
| NN | RT | RA  | RB  | RC    | mode 001 |Rc| ternary |
| NN | RT | RA  | RB  | im0-4 | im5-7 00 |Rc| ternaryi |
| NN | RS | RA  | RB  | RC    | 00  011  |Rc| gfmul |
| NN | RS | RA  | RB  | RC    | 01  011  |Rc| gfadd |
| NN | RT | RA  | RB  | deg   | 10  011  |Rc| gfinv |
| NN | RS | RA  | RB  | deg   | 11  011  |Rc| gfmuli |
| NN | RS | RA  | RB  | deg   | 11  111  |Rc| gfaddi |

| 0.5|6.10|11.15| 16.23 |24.27 | 28.30 |31| name |
| -- | -- | --- | ----- | ---- | ----- |--| ------ |
| NN | RT | RA  | imm   | mask | 101   |1 | ternaryv |

| 0.5|6.8 | 9.11|12.14|15|16.23|24.27 | 28.30|31| name |
| -- | -- | --- | --- |- |-----|----- | -----|--| -------|
| NN | BA | BB  | BC  |0 |imm  | mask | 101  |0 | ternarycr |

ops

| 0.5|6.10|11.15|16.20| 21.22 | 23 | 24....30 |31| name |
| -- | -- | --- | --- | ----- | -- | -------- |--| ---- |
| NN | RA | RB  |     |       | 0  | 0000 110 |Rc| rsvd   |
| NN | RA | RB  | RC  | itype | 1  | 0000 110 |Rc| xperm |
| NN | RA | RB  | RC  | itype | 0  | 0100 110 |Rc| minmax |
| NN | RA | RB  |     |       | 1  | 0100 110 |Rc| rsvd |
| NN | RA | RB  | sh  | itype | SH | 1000 110 |Rc| bmopsi |
| NN | RA | RB  |     |       |    | 1100 110 |Rc| rsvd |
| NN | RA | RB  |     |       |    | 1100 110 |Rc| rsvd |
| NN | RA | RB  |     |       |    | 1100 110 |Rc| rsvd |
| NN | RA | RB  |     |       |    | 1100 110 |Rc| rsvd |
| NN | RA | RB  |     |       | 0  | 0001 110 |Rc| rsvd |
| NN | RA | RB  |     |       | 0  | 0101 110 |Rc| rsvd |
| NN | RA | RB  | RC  | 00    | 0  | 0010 110 |Rc| gorc |
| NN | RA | RB  | sh  | 00    | SH | 1010 110 |Rc| gorci |
| NN | RA | RB  | RC  | 00    | 0  | 0110 110 |Rc| gorcw |
| NN | RA | RB  | sh  | 00    | 0  | 1110 110 |Rc| gorcwi |
| NN | RA | RB  | RC  | 00    | 1  | 1110 110 |Rc| bmator  |
| NN | RA | RB  | RC  | 01    | 0  | 0010 110 |Rc| grev |
| NN | RA | RB  | RC  | 01    | 1  | 0010 110 |Rc| clmul |
| NN | RA | RB  | sh  | 01    | SH | 1010 110 |Rc| grevi |
| NN | RA | RB  | RC  | 01    | 0  | 0110 110 |Rc| grevw |
| NN | RA | RB  | sh  | 01    | 0  | 1110 110 |Rc| grevwi |
| NN | RA | RB  | RC  | 01    | 1  | 1110 110 |Rc| bmatxor   |
| NN | RA | RB  | RC  | 10    | 0  | 0010 110 |Rc| shfl |
| NN | RA | RB  | sh  | 10    | SH | 1010 110 |Rc| shfli |
| NN | RA | RB  | RC  | 10    | 0  | 0110 110 |Rc| shflw |
| NN | RA | RB  | RC  | 10    | 0  | 1110 110 |Rc| bdep   |
| NN | RA | RB  | RC  | 10    | 1  | 1110 110 |Rc| bext  |
| NN | RA | RB  | RC  | 11    | 0  | 1110 110 |Rc| clmulr  |
| NN | RA | RB  | RC  | 11    | 1  | 1110 110 |Rc| clmulh  |
| NN | RA | RB  |     |       |    | NN11 110 |Rc| rsvd  |

# count leading/trailing zeros with mask

in v3.1 p105

```
count = 0
do i = 0 to 63 if((RB)i=1) then do
if((RS)i=1) then break end end count ← count + 1
RA ← EXTZ64(count)
```

# bit to byte permute

similar to matrix permute in RV bitmanip, which has XOR and OR variants

    do j = 0 to 7
      do k = 0 to 7
         b = VSR[VRB+32].dword[i].byte[k].bit[j]
         VSR[VRT+32].dword[i].byte[j].bit[k] = b

#  bit deposit

vpdepd VRT,VRA,VRB, identical to RV bitmamip bdep, found already in v3.1 p106

    do while(m < 64)
       if VSR[VRB+32].dword[i].bit[63-m]=1 then do
          result = VSR[VRA+32].dword[i].bit[63-k]
          VSR[VRT+32].dword[i].bit[63-m] = result
          k = k + 1
       m = m + 1

```

uint_xlen_t bdep(uint_xlen_t RA, uint_xlen_t RB)
{
    uint_xlen_t r = 0;
    for (int i = 0, j = 0; i < XLEN; i++)
        if ((RB >> i) & 1) {
            if ((RA >> j) & 1)
                r |= uint_xlen_t(1) << i;
            j++;
        }
    return r;
}

```

# bit extract

other way round: identical to RV bext, found in v3.1 p196

```
uint_xlen_t bext(uint_xlen_t RA, uint_xlen_t RB)
{
    uint_xlen_t r = 0;
    for (int i = 0, j = 0; i < XLEN; i++)
        if ((RB >> i) & 1) {
            if ((RA >> i) & 1)
                r |= uint_xlen_t(1) << j;
            j++;
        }
    return r;
}
```

# centrifuge

found in v3.1 p106

```
ptr0 ← 0 ptr1 ← 0 do i = 0 to 63 if((RB)i=0) then do
resultptr0 ← (RS)i end ptr0 ← ptr0 + 1
if((RB)63-i==1) then do
result63-ptr1 ← (RS)63-i end end ptr1 ← ptr1 + 1
RA ← result
```

# int min/max

signed and unsigned min/max for integer.  this is sort-of partly synthesiseable in [[sv/svp64]] with pred-result as long as the dest reg is one of the sources, but not both signed and unsigned.  when the dest is also one of the srces and the mv fails due to the CR bittest failing this will only overwrite the dest where the src is greater (or less).

signed/unsigned min/max gives more flexibility.

```
uint_xlen_t min(uint_xlen_t rs1, uint_xlen_t rs2)
{ return (int_xlen_t)rs1 < (int_xlen_t)rs2 ? rs1 : rs2;
}
uint_xlen_t max(uint_xlen_t rs1, uint_xlen_t rs2)
{ return (int_xlen_t)rs1 > (int_xlen_t)rs2 ? rs1 : rs2;
}
uint_xlen_t minu(uint_xlen_t rs1, uint_xlen_t rs2)
{ return rs1 < rs2 ? rs1 : rs2;
}
uint_xlen_t maxu(uint_xlen_t rs1, uint_xlen_t rs2)
{ return rs1 > rs2 ? rs1 : rs2;
}
```


# ternary bitops

Similar to FPGA LUTs: for every bit perform a lookup into a table using an 8bit immediate, or in another register

| 0.5|6.10|11.15|16.20| 21..25| 26..30   |31|
| -- | -- | --- | --- | ----- | -------- |--|
| NN | RT | RA  | RB  | im0-4 | im5-7 00 |Rc|

    for i in range(64):
        idx = RT[i] << 2 | RA[i] << 1 | RB[i]
        RT[i] = (imm & (1<<idx)) != 0

bits 21..22 may be used to specify a mode, such as treating the whole integer zero/nonzero and putting 1/0 in the result, rather than bitwise test.

a 4 operand variant which becomes more along the lines of an FPGA:

| 0.5|6.10|11.15|16.20|21.25| 26...30  |31|
| -- | -- | --- | --- | --- | -------- |--|
| NN | RT | RA  | RB  | RC  | mode 001 |Rc|

    for i in range(64):
        idx = RT[i] << 2 | RA[i] << 1 | RB[i]
        RT[i] = (RC & (1<<idx)) != 0

mode (2 bit) may be used to do inversion of ordering, similar to carryless mul,
3 modes.

also, another possible variant involving swizzle and vec4:

| 0.5|6.10|11.15| 16.23 |24.27 | 28.30 |31|
| -- | -- | --- | ----- | ---- | ----- |--|
| NN | RT | RA  | imm   | mask | 101   |1 |

    for i in range(8):
        idx = RA.x[i] << 2 | RA.y[i] << 1 | RA.z[i]   
        res = (imm & (1<<idx)) != 0
        for j in range(3):
             if mask[j]: RT[i+j*8] = res

another mode selection would be CRs not Ints. 

| 0.5|6.8 | 9.11|12.14|15|16.23|24.27 | 28.30|31|
| -- | -- | --- | --- |- |-----|----- | -----|--|
| NN | BA | BB  | BC  |0 |imm  | mask | 101  |0 |

    for i in range(4):
        if not mask[i] continue
        idx = crregs[BA][i] << 2 |
              crregs[BB][i] << 1 |
              crregs[BC][i]
        crregs[BA][i] = (imm & (1<<idx)) != 0

# bitmask set

based on RV bitmanip singlebit set, instruction format similar to shift
[[isa/fixedshift]].  bmext is actually covered already (shift-with-mask rldicl but only immediate version).
however bitmask-invert is not, and set/clr are not covered, although they can use the same Shift ALU.

bmext (RB) version is not the same as rldicl because bmext is a right shift by RC, where rldicl is a left rotate.  for the immediate version this does not matter, so a bmexti is not required.
bmrev however there is no direct equivalent and consequently a bmrevi is required.

| 0.5|6.10|11.15|16.20|21.25| 26..30  |31| name  |
| -- | -- | --- | --- | --- | ------- |--| ----- |
| NN | RT | RA  | RB  | RC  | mode 010 |Rc| bm*   |
| NN | RT | RA  | RB  | RC  | 0 1  111 |Rc| bmrev |


```
uint_xlen_t bmset(RA, RB, sh)
{
    int shamt = RB & (XLEN - 1);
    mask = (2<<sh)-1;
    return RA | (mask << shamt);
}

uint_xlen_t bmclr(RA, RB, sh)
{
    int shamt = RB & (XLEN - 1);
    mask = (2<<sh)-1;
    return RA & ~(mask << shamt);
}

uint_xlen_t bminv(RA, RB, sh)
{
    int shamt = RB & (XLEN - 1);
    mask = (2<<sh)-1;
    return RA ^ (mask << shamt);
}

uint_xlen_t bmext(RA, RB, sh)
{
    int shamt = RB & (XLEN - 1);
    mask = (2<<sh)-1;
    return mask & (RA >> shamt);
}
```

bitmask extract with reverse.  can be done by bitinverting all of RA and getting bits of RA from the opposite end.

```
msb = rb[5:0];
rev[0:msb] = ra[msb:0];
rt = ZE(rev[msb:0]);

uint_xlen_t bmextrev(RA, RB, sh)
{
    int shamt = (RB & (XLEN - 1));
    shamt = (XLEN-1)-shamt;  # shift other end
    bra = bitreverse(RA)     # swap LSB-MSB
    mask = (2<<sh)-1;
    return mask & (bra >> shamt);
}
```

| 0.5|6.10|11.15|16.20|21.26| 27..30  |31| name   |
| -- | -- | --- | --- | --- | ------- |--| ------ |
| NN | RT | RA  | RB  | sh  | 0   111 |Rc| bmrevi |



# grev

based on RV bitmanip

```
uint64_t grev64(uint64_t RA, uint64_t RB)
{
    uint64_t x = RA;
    int shamt = RB & 63;
    if (shamt & 1) x = ((x &  0x5555555555555555LL) <<  1) |
                        ((x & 0xAAAAAAAAAAAAAAAALL) >>  1);
    if (shamt & 2) x = ((x &  0x3333333333333333LL) <<  2) |
                        ((x & 0xCCCCCCCCCCCCCCCCLL) >>  2);
    if (shamt & 4) x = ((x &  0x0F0F0F0F0F0F0F0FLL) <<  4) |
                        ((x & 0xF0F0F0F0F0F0F0F0LL) >>  4);
    if (shamt & 8) x = ((x &  0x00FF00FF00FF00FFLL) <<  8) |
                        ((x & 0xFF00FF00FF00FF00LL) >>  8);
    if (shamt & 16) x = ((x & 0x0000FFFF0000FFFFLL) << 16) |
                        ((x & 0xFFFF0000FFFF0000LL) >> 16);
    if (shamt & 32) x = ((x & 0x00000000FFFFFFFFLL) << 32) |
                        ((x & 0xFFFFFFFF00000000LL) >> 32);
    return x;
}

```

# shuffle / unshuffle

based on RV bitmanip

```
uint32_t shfl32(uint32_t RA, uint32_t RB)
{
    uint32_t x = RA;
    int shamt = RB & 15;
    if (shamt & 8) x  = shuffle32_stage(x, 0x00ff0000, 0x0000ff00, 8);
    if (shamt & 4) x  = shuffle32_stage(x, 0x0f000f00, 0x00f000f0, 4);
    if (shamt & 2) x  = shuffle32_stage(x, 0x30303030, 0x0c0c0c0c, 2);
    if (shamt & 1) x  = shuffle32_stage(x, 0x44444444, 0x22222222, 1);
    return x;
}
uint32_t unshfl32(uint32_t RA, uint32_t RB)
{
    uint32_t x = RA;
    int shamt = RB & 15;
    if (shamt & 1) x  = shuffle32_stage(x, 0x44444444, 0x22222222, 1);
    if (shamt & 2) x  = shuffle32_stage(x, 0x30303030, 0x0c0c0c0c, 2);
    if (shamt & 4) x  = shuffle32_stage(x, 0x0f000f00, 0x00f000f0, 4);
    if (shamt & 8) x  = shuffle32_stage(x, 0x00ff0000, 0x0000ff00, 8);
    return x;
}

uint64_t shuffle64_stage(uint64_t src, uint64_t maskL, uint64_t maskR, int N)
{
    uint64_t x = src & ~(maskL | maskR);
    x |= ((src << N) & maskL) | ((src >> N) & maskR);
    return x;
}
uint64_t shfl64(uint64_t RA, uint64_t RB)
{
    uint64_t x = RA;
    int shamt = RB & 31;
    if (shamt & 16) x = shuffle64_stage(x, 0x0000ffff00000000LL,
                                           0x00000000ffff0000LL, 16);
    if (shamt & 8) x = shuffle64_stage(x, 0x00ff000000ff0000LL,
                                           0x0000ff000000ff00LL, 8);
    if (shamt & 4) x = shuffle64_stage(x, 0x0f000f000f000f00LL,
                                           0x00f000f000f000f0LL, 4);
    if (shamt & 2) x = shuffle64_stage(x, 0x3030303030303030LL,
                                           0x0c0c0c0c0c0c0c0cLL, 2);
    if (shamt & 1) x = shuffle64_stage(x, 0x4444444444444444LL,
                                           0x2222222222222222LL, 1);
    return x;
}
uint64_t unshfl64(uint64_t RA, uint64_t RB)
{
    uint64_t x = RA;
    int shamt = RB & 31;
    if (shamt &  1) x = shuffle64_stage(x, 0x4444444444444444LL,
                                           0x2222222222222222LL, 1);
    if (shamt &  2) x = shuffle64_stage(x, 0x3030303030303030LL,
                                           0x0c0c0c0c0c0c0c0cLL, 2);
    if (shamt &  4) x = shuffle64_stage(x, 0x0f000f000f000f00LL,
                                           0x00f000f000f000f0LL, 4);
    if (shamt &  8) x = shuffle64_stage(x, 0x00ff000000ff0000LL,
                                           0x0000ff000000ff00LL, 8);
    if (shamt & 16) x = shuffle64_stage(x, 0x0000ffff00000000LL,
                                           0x00000000ffff0000LL, 16);
    return x;
}
```

# xperm

based on RV bitmanip

```
uint_xlen_t xperm(uint_xlen_t RA, uint_xlen_t RB, int sz_log2)
{
    uint_xlen_t r = 0;
    uint_xlen_t sz = 1LL << sz_log2;
    uint_xlen_t mask = (1LL << sz) - 1;
    for (int i = 0; i < XLEN; i += sz) {
        uint_xlen_t pos = ((RB >> i) & mask) << sz_log2;
        if (pos < XLEN)
            r |= ((RA >> pos) & mask) << i;
    }
    return r;
}
uint_xlen_t xperm_n (uint_xlen_t RA, uint_xlen_t RB)
{  return xperm(RA, RB, 2); }
uint_xlen_t xperm_b (uint_xlen_t RA, uint_xlen_t RB)
{  return xperm(RA, RB, 3); }
uint_xlen_t xperm_h (uint_xlen_t RA, uint_xlen_t RB)
{  return xperm(RA, RB, 4); }
uint_xlen_t xperm_w (uint_xlen_t RA, uint_xlen_t RB)
{  return xperm(RA, RB, 5); }
```

# gorc

based on RV bitmanip

```
uint32_t gorc32(uint32_t RA, uint32_t RB)
{
    uint32_t x = RA;
    int shamt = RB & 31;
    if (shamt & 1) x |= ((x & 0x55555555) << 1)   |  ((x &  0xAAAAAAAA) >> 1);
    if (shamt & 2) x |= ((x & 0x33333333) << 2)   |  ((x &  0xCCCCCCCC) >> 2);
    if (shamt & 4) x |= ((x & 0x0F0F0F0F) << 4)   |  ((x &  0xF0F0F0F0) >> 4);
    if (shamt & 8) x |= ((x & 0x00FF00FF) << 8)   |  ((x &  0xFF00FF00) >> 8);
    if (shamt & 16) x |= ((x & 0x0000FFFF) << 16) |  ((x &  0xFFFF0000) >> 16);
    return x;
}
uint64_t gorc64(uint64_t RA, uint64_t RB)
{
    uint64_t x = RA;
    int shamt = RB & 63;
    if (shamt & 1) x |= ((x & 0x5555555555555555LL)   <<   1) |
                         ((x & 0xAAAAAAAAAAAAAAAALL)  >>  1);
    if (shamt & 2) x |= ((x & 0x3333333333333333LL)   <<   2) |
                         ((x & 0xCCCCCCCCCCCCCCCCLL)  >>  2);
    if (shamt & 4) x |= ((x & 0x0F0F0F0F0F0F0F0FLL)   <<   4) |
                         ((x & 0xF0F0F0F0F0F0F0F0LL)  >>  4);
    if (shamt & 8) x |= ((x & 0x00FF00FF00FF00FFLL)   <<   8) |
                         ((x & 0xFF00FF00FF00FF00LL)  >>  8);
    if (shamt & 16) x |= ((x & 0x0000FFFF0000FFFFLL)  << 16) |
                         ((x & 0xFFFF0000FFFF0000LL)  >> 16);
    if (shamt & 32) x |= ((x & 0x00000000FFFFFFFFLL)  << 32) |
                         ((x & 0xFFFFFFFF00000000LL)  >> 32);
    return x;
}

```

# cmix

based on RV bitmanip, covered by ternary bitops

```
uint_xlen_t cmix(uint_xlen_t RA, uint_xlen_t RB, uint_xlen_t RC) {
    return (RA & RB) | (RC & ~RB);
}
```

# carryless mul

based on RV bitmanip
see https://en.wikipedia.org/wiki/CLMUL_instruction_set

```
uint_xlen_t clmul(uint_xlen_t RA, uint_xlen_t RB)
{
    uint_xlen_t x = 0;
    for (int i = 0; i < XLEN; i++)
        if ((RB >> i) & 1)
            x ^= RA << i;
    return x;
}
uint_xlen_t clmulh(uint_xlen_t RA, uint_xlen_t RB)
{
    uint_xlen_t x = 0;
    for (int i = 1; i < XLEN; i++)
        if ((RB >> i) & 1)
            x ^= RA >> (XLEN-i);
    return x;
}
uint_xlen_t clmulr(uint_xlen_t RA, uint_xlen_t RB)
{
    uint_xlen_t x = 0;
    for (int i = 0; i < XLEN; i++)
        if ((RB >> i) & 1)
            x ^= RA >> (XLEN-i-1);
    return x;
}
```
# Galois Field

see <https://courses.csail.mit.edu/6.857/2016/files/ffield.py>

## Multiply

this requires 3 parameters and a "degree"

    RT = GFMUL(RA, RB, gfdegree, modulo=RC)

realistically with the degree also needing to be an immediate it should be brought down to an overwrite version:

    RS = GFMUL(RS, RA, gfdegree, modulo=RB)
    RS = GFMUL(RS, RA, gfdegree=RC, modulo=RB)

| 0.5|6.10|11.15|16.20|21.25| 26..30  |31|
| -- | -- | --- | --- | --- | ------- |--|
| NN | RS | RA  | RB  | deg | 00  011 |Rc|
| NN | RS | RA  | RB  | RC  | 11  011 |Rc|

where the SimpleV variant may override RS-as-src differently from RS-as-dest



```
from functools import reduce

# constants used in the multGF2 function
mask1 = mask2 = polyred = None

def setGF2(degree, irPoly):
    """Define parameters of binary finite field GF(2^m)/g(x)
       - degree: extension degree of binary field
       - irPoly: coefficients of irreducible polynomial g(x)
    """
    def i2P(sInt):
        """Convert an integer into a polynomial"""
        return [(sInt >> i) & 1
                for i in reversed(range(sInt.bit_length()))]    
    
    global mask1, mask2, polyred
    mask1 = mask2 = 1 << degree
    mask2 -= 1
    polyred = reduce(lambda x, y: (x << 1) + y, i2P(irPoly)[1:])
        
def multGF2(p1, p2):
    """Multiply two polynomials in GF(2^m)/g(x)"""
    p = 0
    while p2:
        if p2 & 1:
            p ^= p1
        p1 <<= 1
        if p1 & mask1:
            p1 ^= polyred
        p2 >>= 1
    return p & mask2

if __name__ == "__main__":
  
    # Define binary field GF(2^3)/x^3 + x + 1
    setGF2(3, 0b1011)

    # Evaluate the product (x^2 + x + 1)(x^2 + 1)
    print("{:02x}".format(multGF2(0b111, 0b101)))
    
    # Define binary field GF(2^8)/x^8 + x^4 + x^3 + x + 1
    # (used in the Advanced Encryption Standard-AES)
    setGF2(8, 0b100011011)
    
    # Evaluate the product (x^7)(x^7 + x + 1)
    print("{:02x}".format(multGF2(0b10000000, 0b10000011)))
```
## GF add

    RS = GFADDI(RS, RA|0, gfdegree, modulo=RB)
    RS = GFADD(RS, RA|0, gfdegree=RC, modulo=RB)

| 0.5|6.10|11.15|16.20|21.25| 26..30  |31| name  |
| -- | -- | --- | --- | --- | ------- |--| ----- |
| NN | RS | RA  | RB  | deg | 0 1  011 |Rc| gfaddi |
| NN | RS | RA  | RB  | RC  | 1 1  111 |Rc| gfadd |

GFMOD is a pseudo-op where RA=0

## gf invert

```
def gf_degree(a) :
  res = 0
  a >>= 1
  while (a != 0) :
    a >>= 1;
    res += 1;
  return res

def gf_invert(a, mod=0x1B) :
  v = mod
  g1 = 1
  g2 = 0
  j = gf_degree(a) - 8

  while (a != 1) :
    if (j < 0) :
      a, v = v, a
      g1, g2 = g2, g1
      j = -j

    a ^= v << j
    g1 ^= g2 << j

    a %= 256  # Emulating 8-bit overflow
    g1 %= 256 # Emulating 8-bit overflow

    j = gf_degree(a) - gf_degree(v)

  return g1
```

# bitmatrix

```
uint64_t bmatflip(uint64_t RA)
{
    uint64_t x = RA;
    x = shfl64(x, 31);
    x = shfl64(x, 31);
    x = shfl64(x, 31);
    return x;
}
uint64_t bmatxor(uint64_t RA, uint64_t RB)
{
    // transpose of RB
    uint64_t RBt = bmatflip(RB);
    uint8_t u[8]; // rows of RA
    uint8_t v[8]; // cols of RB
    for (int i = 0; i < 8; i++) {
        u[i] = RA >> (i*8);
        v[i] = RBt >> (i*8);
    }
    uint64_t x = 0;
    for (int i = 0; i < 64; i++) {
        if (pcnt(u[i / 8] & v[i % 8]) & 1)
            x |= 1LL << i;
    }
    return x;
}
uint64_t bmator(uint64_t RA, uint64_t RB)
{
    // transpose of RB
    uint64_t RBt = bmatflip(RB);
    uint8_t u[8]; // rows of RA
    uint8_t v[8]; // cols of RB
    for (int i = 0; i < 8; i++) {
        u[i] = RA >> (i*8);
        v[i] = RBt >> (i*8);
    }
    uint64_t x = 0;
    for (int i = 0; i < 64; i++) {
        if ((u[i / 8] & v[i % 8]) != 0)
            x |= 1LL << i;
    }
    return x;
}

```