Thanks for using Compiler Explorer
Sponsors
Jakt
C++
Ada
Algol68
Analysis
Android Java
Android Kotlin
Assembly
C
C3
Carbon
C with Coccinelle
C++ with Coccinelle
C++ (Circle)
CIRCT
Clean
CMake
CMakeScript
COBOL
C++ for OpenCL
MLIR
Cppx
Cppx-Blue
Cppx-Gold
Cpp2-cppfront
Crystal
C#
CUDA C++
D
Dart
Elixir
Erlang
Fortran
F#
GLSL
Go
Haskell
HLSL
Hook
Hylo
IL
ispc
Java
Julia
Kotlin
LLVM IR
LLVM MIR
Modula-2
Mojo
Nim
Numba
Nix
Objective-C
Objective-C++
OCaml
Odin
OpenCL C
Pascal
Pony
PTX
Python
Racket
Raku
Ruby
Rust
Sail
Snowball
Scala
Slang
Solidity
Spice
SPIR-V
Swift
LLVM TableGen
Toit
TypeScript Native
V
Vala
Visual Basic
Vyper
WASM
Zig
Javascript
GIMPLE
Ygen
sway
rust source #1
Output
Compile to binary object
Link to binary
Execute the code
Intel asm syntax
Demangle identifiers
Verbose demangling
Filters
Unused labels
Library functions
Directives
Comments
Horizontal whitespace
Debug intrinsics
Compiler
mrustc (master)
rustc 1.0.0
rustc 1.1.0
rustc 1.10.0
rustc 1.11.0
rustc 1.12.0
rustc 1.13.0
rustc 1.14.0
rustc 1.15.1
rustc 1.16.0
rustc 1.17.0
rustc 1.18.0
rustc 1.19.0
rustc 1.2.0
rustc 1.20.0
rustc 1.21.0
rustc 1.22.0
rustc 1.23.0
rustc 1.24.0
rustc 1.25.0
rustc 1.26.0
rustc 1.27.0
rustc 1.27.1
rustc 1.28.0
rustc 1.29.0
rustc 1.3.0
rustc 1.30.0
rustc 1.31.0
rustc 1.32.0
rustc 1.33.0
rustc 1.34.0
rustc 1.35.0
rustc 1.36.0
rustc 1.37.0
rustc 1.38.0
rustc 1.39.0
rustc 1.4.0
rustc 1.40.0
rustc 1.41.0
rustc 1.42.0
rustc 1.43.0
rustc 1.44.0
rustc 1.45.0
rustc 1.45.2
rustc 1.46.0
rustc 1.47.0
rustc 1.48.0
rustc 1.49.0
rustc 1.5.0
rustc 1.50.0
rustc 1.51.0
rustc 1.52.0
rustc 1.53.0
rustc 1.54.0
rustc 1.55.0
rustc 1.56.0
rustc 1.57.0
rustc 1.58.0
rustc 1.59.0
rustc 1.6.0
rustc 1.60.0
rustc 1.61.0
rustc 1.62.0
rustc 1.63.0
rustc 1.64.0
rustc 1.65.0
rustc 1.66.0
rustc 1.67.0
rustc 1.68.0
rustc 1.69.0
rustc 1.7.0
rustc 1.70.0
rustc 1.71.0
rustc 1.72.0
rustc 1.73.0
rustc 1.74.0
rustc 1.75.0
rustc 1.76.0
rustc 1.77.0
rustc 1.78.0
rustc 1.79.0
rustc 1.8.0
rustc 1.80.0
rustc 1.81.0
rustc 1.82.0
rustc 1.83.0
rustc 1.84.0
rustc 1.85.0
rustc 1.86.0
rustc 1.87.0
rustc 1.88.0
rustc 1.9.0
rustc beta
rustc nightly
rustc-cg-gcc (master)
x86-64 GCCRS (GCC master)
x86-64 GCCRS (GCCRS master)
x86-64 GCCRS 14.1 (GCC assertions)
x86-64 GCCRS 14.1 (GCC)
x86-64 GCCRS 14.2 (GCC assertions)
x86-64 GCCRS 14.2 (GCC)
x86-64 GCCRS 14.3 (GCC assertions)
x86-64 GCCRS 14.3 (GCC)
x86-64 GCCRS 15.1 (GCC assertions)
x86-64 GCCRS 15.1 (GCC)
Options
Source code
#![no_std] /// Not an intrinsic, but works like an unaligned load. fn sha512load(v0: [u64; 2], v1: [u64; 2]) -> [u64; 2] { [v1[1], v0[0]] } /// Performs 2 rounds of the SHA-512 message schedule update. pub fn sha512_schedule_x2(v0: [u64; 2], v1: [u64; 2], v4to5: [u64; 2], v7: [u64; 2]) -> [u64; 2] { // sigma 0 fn sigma0(x: u64) -> u64 { (x.rotate_right(1)) ^ (x.rotate_right(8)) ^ (x >> 7) } // sigma 1 fn sigma1(x: u64) -> u64 { (x.rotate_right(19)) ^ (x.rotate_left(3)) ^ (x >> 6) } let [w1, w0] = v0; let [_, w2] = v1; let [w10, w9] = v4to5; let [w15, w14] = v7; let w16 = sigma1(w14) .wrapping_add(w9) .wrapping_add(sigma0(w1)) .wrapping_add(w0); let w17 = sigma1(w15) .wrapping_add(w10) .wrapping_add(sigma0(w2)) .wrapping_add(w1); [w17, w16] } /// Performs one round of the SHA-512 message block digest. pub fn sha512_digest_round( ae: [u64; 2], bf: [u64; 2], cg: [u64; 2], dh: [u64; 2], wk0: u64, ) -> [u64; 2] { macro_rules! big_sigma0 { ($a:expr) => { ($a.rotate_right(28) ^ $a.rotate_right(34) ^ $a.rotate_right(39)) }; } macro_rules! big_sigma1 { ($a:expr) => { ($a.rotate_right(14) ^ $a.rotate_right(18) ^ $a.rotate_right(41)) }; } macro_rules! bool3ary_202 { ($a:expr, $b:expr, $c:expr) => { $c ^ ($a & ($b ^ $c)) }; } // Choose, MD5F, SHA1C macro_rules! bool3ary_232 { ($a:expr, $b:expr, $c:expr) => { ($a & $b) ^ ($a & $c) ^ ($b & $c) }; } // Majority, SHA1M let [a0, e0] = ae; let [b0, f0] = bf; let [c0, g0] = cg; let [d0, h0] = dh; // a round let x0 = big_sigma1!(e0) .wrapping_add(bool3ary_202!(e0, f0, g0)) .wrapping_add(wk0) .wrapping_add(h0); let y0 = big_sigma0!(a0).wrapping_add(bool3ary_232!(a0, b0, c0)); let (a1, _, _, _, e1, _, _, _) = ( x0.wrapping_add(y0), a0, b0, c0, x0.wrapping_add(d0), e0, f0, g0, ); [a1, e1] } #[inline(always)] fn add_rk(mut w: [u64; 2], i: usize) -> [u64; 2] { fn rk(i: usize, j: usize) -> u64 { // `read_volatile` forces compiler to read round constants from the static // instead of inlining them, which improves codegen and performance unsafe { let p = K64.as_ptr().add(2 * i + j); core::ptr::read_volatile(p) } } w[1] = w[1].wrapping_add(rk(i, 0)); w[0] = w[0].wrapping_add(rk(i, 1)); w } /// Process a block with the SHA-512 algorithm. pub fn sha512_digest_block_u64(state: &mut [u64; 8], block: [u64; 16]) { macro_rules! schedule { ($v0:expr, $v1:expr, $v4:expr, $v5:expr, $v7:expr) => { sha512_schedule_x2($v0, $v1, sha512load($v4, $v5), $v7) }; } macro_rules! rounds4 { ($ae:ident, $bf:ident, $cg:ident, $dh:ident, $wk0:expr, $wk1:expr) => {{ let [u, t] = $wk0; let [w, v] = $wk1; $dh = sha512_digest_round($ae, $bf, $cg, $dh, t); $cg = sha512_digest_round($dh, $ae, $bf, $cg, u); $bf = sha512_digest_round($cg, $dh, $ae, $bf, v); $ae = sha512_digest_round($bf, $cg, $dh, $ae, w); }}; } let mut ae = [state[0], state[4]]; let mut bf = [state[1], state[5]]; let mut cg = [state[2], state[6]]; let mut dh = [state[3], state[7]]; // Rounds 0..20 let (mut w1, mut w0) = ([block[3], block[2]], [block[1], block[0]]); rounds4!(ae, bf, cg, dh, add_rk(w0, 0), add_rk(w1, 1)); let (mut w3, mut w2) = ([block[7], block[6]], [block[5], block[4]]); rounds4!(ae, bf, cg, dh, add_rk(w2, 2), add_rk(w3, 3)); let (mut w5, mut w4) = ([block[11], block[10]], [block[9], block[8]]); rounds4!(ae, bf, cg, dh, add_rk(w4, 4), add_rk(w5, 5)); let (mut w7, mut w6) = ([block[15], block[14]], [block[13], block[12]]); rounds4!(ae, bf, cg, dh, add_rk(w6, 6), add_rk(w7, 7)); let mut w8 = schedule!(w0, w1, w4, w5, w7); let mut w9 = schedule!(w1, w2, w5, w6, w8); rounds4!(ae, bf, cg, dh, add_rk(w8, 8), add_rk(w9, 9)); // Rounds 20..40 w0 = schedule!(w2, w3, w6, w7, w9); w1 = schedule!(w3, w4, w7, w8, w0); rounds4!(ae, bf, cg, dh, add_rk(w0, 10), add_rk(w1, 11)); w2 = schedule!(w4, w5, w8, w9, w1); w3 = schedule!(w5, w6, w9, w0, w2); rounds4!(ae, bf, cg, dh, add_rk(w2, 12), add_rk(w3, 13)); w4 = schedule!(w6, w7, w0, w1, w3); w5 = schedule!(w7, w8, w1, w2, w4); rounds4!(ae, bf, cg, dh, add_rk(w4, 14), add_rk(w5, 15)); w6 = schedule!(w8, w9, w2, w3, w5); w7 = schedule!(w9, w0, w3, w4, w6); rounds4!(ae, bf, cg, dh, add_rk(w6, 16), add_rk(w7, 17)); w8 = schedule!(w0, w1, w4, w5, w7); w9 = schedule!(w1, w2, w5, w6, w8); rounds4!(ae, bf, cg, dh, add_rk(w8, 18), add_rk(w9, 19)); // Rounds 40..60 w0 = schedule!(w2, w3, w6, w7, w9); w1 = schedule!(w3, w4, w7, w8, w0); rounds4!(ae, bf, cg, dh, add_rk(w0, 20), add_rk(w1, 21)); w2 = schedule!(w4, w5, w8, w9, w1); w3 = schedule!(w5, w6, w9, w0, w2); rounds4!(ae, bf, cg, dh, add_rk(w2, 22), add_rk(w3, 23)); w4 = schedule!(w6, w7, w0, w1, w3); w5 = schedule!(w7, w8, w1, w2, w4); rounds4!(ae, bf, cg, dh, add_rk(w4, 24), add_rk(w5, 25)); w6 = schedule!(w8, w9, w2, w3, w5); w7 = schedule!(w9, w0, w3, w4, w6); rounds4!(ae, bf, cg, dh, add_rk(w6, 26), add_rk(w7, 27)); w8 = schedule!(w0, w1, w4, w5, w7); w9 = schedule!(w1, w2, w5, w6, w8); rounds4!(ae, bf, cg, dh, add_rk(w8, 28), add_rk(w9, 29)); // Rounds 60..80 w0 = schedule!(w2, w3, w6, w7, w9); w1 = schedule!(w3, w4, w7, w8, w0); rounds4!(ae, bf, cg, dh, add_rk(w0, 30), add_rk(w1, 31)); w2 = schedule!(w4, w5, w8, w9, w1); w3 = schedule!(w5, w6, w9, w0, w2); rounds4!(ae, bf, cg, dh, add_rk(w2, 32), add_rk(w3, 33)); w4 = schedule!(w6, w7, w0, w1, w3); w5 = schedule!(w7, w8, w1, w2, w4); rounds4!(ae, bf, cg, dh, add_rk(w4, 34), add_rk(w5, 35)); w6 = schedule!(w8, w9, w2, w3, w5); w7 = schedule!(w9, w0, w3, w4, w6); rounds4!(ae, bf, cg, dh, add_rk(w6, 36), add_rk(w7, 37)); w8 = schedule!(w0, w1, w4, w5, w7); w9 = schedule!(w1, w2, w5, w6, w8); rounds4!(ae, bf, cg, dh, add_rk(w8, 38), add_rk(w9, 39)); let [a, e] = ae; let [b, f] = bf; let [c, g] = cg; let [d, h] = dh; state[0] = state[0].wrapping_add(a); state[1] = state[1].wrapping_add(b); state[2] = state[2].wrapping_add(c); state[3] = state[3].wrapping_add(d); state[4] = state[4].wrapping_add(e); state[5] = state[5].wrapping_add(f); state[6] = state[6].wrapping_add(g); state[7] = state[7].wrapping_add(h); } pub fn compress(state: &mut [u64; 8], blocks: &[[u8; 128]]) { for block in blocks { sha512_digest_block_u64(state, to_u64s(block)); } } static K64: [u64; 80] = [ 0x428a2f98d728ae22, 0x7137449123ef65cd, 0xb5c0fbcfec4d3b2f, 0xe9b5dba58189dbbc, 0x3956c25bf348b538, 0x59f111f1b605d019, 0x923f82a4af194f9b, 0xab1c5ed5da6d8118, 0xd807aa98a3030242, 0x12835b0145706fbe, 0x243185be4ee4b28c, 0x550c7dc3d5ffb4e2, 0x72be5d74f27b896f, 0x80deb1fe3b1696b1, 0x9bdc06a725c71235, 0xc19bf174cf692694, 0xe49b69c19ef14ad2, 0xefbe4786384f25e3, 0x0fc19dc68b8cd5b5, 0x240ca1cc77ac9c65, 0x2de92c6f592b0275, 0x4a7484aa6ea6e483, 0x5cb0a9dcbd41fbd4, 0x76f988da831153b5, 0x983e5152ee66dfab, 0xa831c66d2db43210, 0xb00327c898fb213f, 0xbf597fc7beef0ee4, 0xc6e00bf33da88fc2, 0xd5a79147930aa725, 0x06ca6351e003826f, 0x142929670a0e6e70, 0x27b70a8546d22ffc, 0x2e1b21385c26c926, 0x4d2c6dfc5ac42aed, 0x53380d139d95b3df, 0x650a73548baf63de, 0x766a0abb3c77b2a8, 0x81c2c92e47edaee6, 0x92722c851482353b, 0xa2bfe8a14cf10364, 0xa81a664bbc423001, 0xc24b8b70d0f89791, 0xc76c51a30654be30, 0xd192e819d6ef5218, 0xd69906245565a910, 0xf40e35855771202a, 0x106aa07032bbd1b8, 0x19a4c116b8d2d0c8, 0x1e376c085141ab53, 0x2748774cdf8eeb99, 0x34b0bcb5e19b48a8, 0x391c0cb3c5c95a63, 0x4ed8aa4ae3418acb, 0x5b9cca4f7763e373, 0x682e6ff3d6b2b8a3, 0x748f82ee5defb2fc, 0x78a5636f43172f60, 0x84c87814a1f0ab72, 0x8cc702081a6439ec, 0x90befffa23631e28, 0xa4506cebde82bde9, 0xbef9a3f7b2c67915, 0xc67178f2e372532b, 0xca273eceea26619c, 0xd186b8c721c0c207, 0xeada7dd6cde0eb1e, 0xf57d4f7fee6ed178, 0x06f067aa72176fba, 0x0a637dc5a2c898a6, 0x113f9804bef90dae, 0x1b710b35131c471b, 0x28db77f523047d84, 0x32caab7b40c72493, 0x3c9ebe0a15c9bebc, 0x431d67c49c100d4c, 0x4cc5d4becb3e42b6, 0x597f299cfc657e2a, 0x5fcb6fab3ad6faec, 0x6c44198c4a475817, ]; fn to_u64s(block: &[u8; 128]) -> [u64; 16] { let mut res = [0u64; 16]; // note: we intentionally do not use `zip`-based code here since // it results in a suboptimal codegen for `opt-level = "s"` for i in 0..16 { let chunk = block[8 * i..][..8].try_into().unwrap(); res[i] = u64::from_be_bytes(chunk); } res }
Become a Patron
Sponsor on GitHub
Donate via PayPal
Source on GitHub
Mailing list
Installed libraries
Wiki
Report an issue
How it works
Contact the author
CE on Mastodon
CE on Bluesky
About the author
Statistics
Changelog
Version tree