Support 64-bit limbs on no-asm platforms

Currently, platforms without assembler support always use 32-bit limbs,
but the Rust bindings always assume 64-bit limbs.  This breaks on
big-endian platforms like our IBM Z (s390x).

This patch enables 64-bit limbs on 64-bit platforms even if there is
no hand-written assembler, by using a 128-bit integer type in the
C implementation (this is an extension that is widely supported on
64-bit platforms with GCC or LLVM).

This fixes the broken Rust bindings on IBM Z, and also improves
performance by a factor or 3 or more, because compiler-generated
code handling __int128 already uses the 64x64->128 multiply
instruction our ISA provides.

To improve performance of compiler-generated code a bit more, this
also switches to the -O3 optimization level, which helps with
unrolling of the Montgomery multiply core loop.

bindings/rust/build.rs

@@ -116,7 +116,11 @@ fn main() {
         .flag_if_supported("-Wno-unused-function")
         .flag_if_supported("-Wno-unused-command-line-argument");
     if !cfg!(debug_assertions) {
-        cc.opt_level(2);
+        if target_arch.eq("s390x") {
+            cc.opt_level(3);
+        } else {
+            cc.opt_level(2);
+        }
     }
     cc.files(&file_vec).compile("libblst.a");
 

src/no_asm.h

@@ -6,6 +6,8 @@
 
 #if LIMB_T_BITS==32
 typedef unsigned long long llimb_t;
+#else
+typedef unsigned __int128 llimb_t;
 #endif
 
 #if defined(__clang__)

src/vect.h

@@ -18,7 +18,7 @@ typedef unsigned long long limb_t;
 typedef unsigned __int64 limb_t;
 # define LIMB_T_BITS    64
 
-#elif defined(__BLST_NO_ASM__) || defined(__wasm64__)
+#elif defined(__wasm64__)
 typedef unsigned int limb_t;
 # define LIMB_T_BITS    32
 # ifndef __BLST_NO_ASM__
@@ -31,8 +31,10 @@ typedef unsigned long limb_t;
 #   define LIMB_T_BITS   64
 #  else
 #   define LIMB_T_BITS   32
-#   define __BLST_NO_ASM__
 #  endif
+# ifndef __BLST_NO_ASM__
+#  define __BLST_NO_ASM__
+# endif
 #endif
 
 /*