Add compile time verification of assumptions we're currently making implicitly/tacitly #15391

pull practicalswift wants to merge 1 commits into bitcoin:master from practicalswift:assumptions changing 3 files +51 −0
  1. practicalswift commented at 6:03 PM on February 12, 2019: contributor

    Add compile time verification of assumptions we're currently making implicitly/tacitly.

    As suggested by @sipa in #14239 (comment) and @MarcoFalke in #14479 (comment).

  2. gmaxwell commented at 8:17 PM on February 12, 2019: contributor

    It would be useful for it to get compiled, at least AFAICT adding a false assumption here won't make it fail. :) Concept ACK. Maybe also the #if defined(NDEBUG)? check? Probably every other primitive type we depend on the size of, including the unsigned ones.

  3. MarcoFalke commented at 8:20 PM on February 12, 2019: member

    You are only adding a header. Does this need to be included in a cpp file to get compiled?

  4. practicalswift commented at 8:27 PM on February 12, 2019: contributor

    @gmaxwell @MarcoFalke Yes, obviously it needs to be included :-) The inclusion somehow got lost during my latest git commit --amend fixup. Fixing!

  5. practicalswift force-pushed on Feb 12, 2019
  6. practicalswift commented at 8:33 PM on February 12, 2019: contributor

    Now including from src/util/system.h which also is the most included file FWIW :-)

    $ git grep -E "^#include " -- "*.cpp" | cut -f2 -d'<' | cut -f1 -d'>' | sort | uniq -c | \
      sort -n | tail -1
     99 util/system.h

    Let me know if you can think of a more appropriate file for the include.

  7. practicalswift force-pushed on Feb 12, 2019
  8. practicalswift force-pushed on Feb 12, 2019
  9. practicalswift force-pushed on Feb 13, 2019
  10. practicalswift commented at 10:02 AM on February 13, 2019: contributor

    Added a couple of assumptions and listed important "non-assumptions".

    Please help me identify further assumptions and corresponding examples of where we are relying on said assumptions :-)

  11. jb55 commented at 11:39 AM on February 14, 2019: member

    utACK 8add86e2b4a62535e2109d9d3119b4bbb8555d48

  12. practicalswift commented at 11:53 AM on February 14, 2019: contributor

    @jb55 Thanks for the review! Can you think of any further assumptions and examples of where we rely on them being true? :-)

  13. in src/assumptions.h:1 in 8add86e2b4 outdated 
       0 | @@ -0,0 +1,48 @@
   1 | +// Copyright (c) 2009-2010 Satoshi Nakamoto
    laanwj commented at 2:14 PM on February 14, 2019:

    Should this file be in one of the sub directories? compat maybe?

  14. practicalswift force-pushed on Feb 14, 2019
  15. practicalswift commented at 2:49 PM on February 14, 2019: contributor

    Moved to src/compat/ and added an explicit non-assumption regarding size_t :-)

  16. jb55 commented at 2:52 PM on February 14, 2019: member

    re-utACK 7548e6e6ebcf430bf8be0fb7684882b40692f657

  17. laanwj commented at 2:54 PM on February 14, 2019: member

    utACK 7548e6e6ebcf430bf8be0fb7684882b40692f657 I'm not 100% sure we make the int=32 bit assumption (more like "int is at least 32 bit" I think? otherwise we use explicitly sized types like int32_t), but I doubt anyone ever tested the code on an architecture with a different integer size so I'm fine with making the assumption.

  18. practicalswift commented at 3:06 PM on February 14, 2019: contributor

    @laanwj If I'm reading GetSizeOfCompactSize, WriteCompactSize and ReadCompactSize correctly we're assuming that int has a width of exactly 32 bits, no?

    Example:

    /**
 * Compact Size
 * size <  253        -- 1 byte
 * size <= USHRT_MAX  -- 3 bytes  (253 + 2 bytes)
 * size <= UINT_MAX   -- 5 bytes  (254 + 4 bytes)
 * size >  UINT_MAX   -- 9 bytes  (255 + 8 bytes)
 */
inline unsigned int GetSizeOfCompactSize(uint64_t nSize)
{
    if (nSize < 253)             return sizeof(unsigned char);
    else if (nSize <= std::numeric_limits<unsigned short>::max()) return sizeof(unsigned char) + sizeof(unsigned short);
    else if (nSize <= std::numeric_limits<unsigned int>::max())  return sizeof(unsigned char) + sizeof(unsigned int);
    else                         return sizeof(unsigned char) + sizeof(uint64_t);
}
  19. Add compile time verification of assumptions we're currently making implicitly/tacitly 7cee85807c
  20. practicalswift force-pushed on Feb 14, 2019
  21. practicalswift commented at 3:10 PM on February 14, 2019: contributor

    @jb55 @laanwj Please re-review after s/BITCOIN_ASSUMPTIONS_H/BITCOIN_COMPAT_ASSUMPTIONS_H/g

  22. laanwj commented at 3:13 PM on February 14, 2019: member

    @laanwj If I'm reading GetSizeOfCompactSize, WriteCompactSize and ReadCompactSize correctly we're assuming that int has a width of exactly 32 bits?

    You're right, thanks for giving an example.

  23. MarcoFalke commented at 3:37 PM on February 14, 2019: member

    Would it make sense to refer to an example for each assumption. That way, we know of at least one example. An alternative would be to just inline the assumptions where they are needed.

  24. practicalswift commented at 3:39 PM on February 14, 2019: contributor

    @MarcoFalke I'm not sure I follow: the examples have been there since this PR first was submitted? :-)

    In this specific case the following has been in there all along:

    // Assumption: We assume integer widths.
// Example(s): GetSizeOfCompactSize and WriteCompactSize in the serialization
//             code.
static_assert(sizeof(short) == 2, "16-bit short assumed");
static_assert(sizeof(int) == 4, "32-bit int assumed");

    :-)

  25. MarcoFalke commented at 3:41 PM on February 14, 2019: member

    Ok, my bad. I must have missed them when I last looked at it a few days ago.

  26. MarcoFalke commented at 3:44 PM on February 14, 2019: member

    ACK 7cee85807c4db679003c6659d247a2fe74c2464a

  27. DrahtBot commented at 4:20 PM on February 14, 2019: member

    <!--e57a25ab6845829454e8d69fc972939a-->

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    <!--174a7506f384e20aa4161008e828411d-->

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #15146 (Solve SmartOS FD_ZERO build issue by Empact)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  28. sipa commented at 11:54 PM on February 14, 2019: member

    utACK 7cee85807c4db679003c6659d247a2fe74c2464a

  29. laanwj merged this on Feb 15, 2019
  30. laanwj closed this on Feb 15, 2019
  31. laanwj referenced this in commit 95801902b9 on Feb 15, 2019
  32. MarcoFalke referenced this in commit b72c787dc8 on Feb 17, 2019
  33. jasonbcox referenced this in commit 9f466fe7a8 on Sep 27, 2019
  34. jonspock referenced this in commit d0e4fe6eae on Dec 24, 2019
  35. jonspock referenced this in commit 2187614e41 on Dec 24, 2019
  36. jonspock referenced this in commit 11c15c8d76 on Dec 24, 2019
  37. jonspock referenced this in commit e8ccd45f48 on Dec 24, 2019
  38. jonspock referenced this in commit b945eab9de on Dec 24, 2019
  39. jonspock referenced this in commit eeb0b2a19b on Dec 24, 2019
  40. jonspock referenced this in commit f6ef647429 on Dec 26, 2019
  41. MarcoFalke referenced this in commit 7027c67cac on Jul 2, 2020
  42. practicalswift deleted the branch on Apr 10, 2021
  43. PastaPastaPasta referenced this in commit 2ed7317a9a on Jun 27, 2021
  44. PastaPastaPasta referenced this in commit 87cd2776e5 on Jun 28, 2021
  45. PastaPastaPasta referenced this in commit 9276c78497 on Jun 29, 2021
  46. vijaydasmp referenced this in commit dfa262c93f on Oct 4, 2021
  47. DrahtBot locked this on Aug 18, 2022
Contributors
practicalswiftgmaxwellMarcoFalkejb55laanwjDrahtBotsipa
Linked (view graph)
#14239 Avoid dividing by zero in EstimateMedianVal (policy)/ConnectTip (validation)/CreateTransaction (wallet)#14479 serialization: Don't invoke undefined behaviour when doing type punning#15431 msvc: scripted-diff: Remove NDEBUG pre-define in project file#17459 Remove redundant NDEBUG preprocessor checks#18288 build: Add MemorySanitizer (MSan) in Travis to detect use of uninitialized memory
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-13 21:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me