proxy-types.h: add static_assert to detect int/enum size mismatch #120

ryanofsky commented at 4:14 PM on November 12, 2024: collaborator

Add static_assert to detect when an int field is too small to hold an enum value

This catches the bug TheCharlatan pointed out in https://github.com/bitcoin/bitcoin/pull/29409#discussion_r1834362068

proxy-types.h: add static_assert to detect when an int fields is too small to hold an enum value bbc80abc20

sedited approved

sedited commented at 1:00 PM on November 13, 2024: collaborator

lgtm ACK bbc80abc20300dca7481e01e20709ec0d1a6bd5b

Sjors commented at 3:07 PM on January 10, 2025: member

Looks correct to me based on the description, but I'm not very familiar with the libmultiprocess internals.

Maybe add a test to illustrate the fix?

test: Add coverage for enum/int conversions 110349f626

ryanofsky commented at 9:47 PM on January 13, 2025: collaborator

Maybe add a test to illustrate the fix?

Good idea. There was no coverage for enum/int conversions so I pushed a new commit 110349f6268dc95179c0a36b6fc3b00c6e3f1751 to add some.

I don't think there's a good way to add test coverage for the new static_assert since it just triggers compile errors if enum and int types aren't compatible. But it is possible to trigger the static assert manually by changing:

--- a/test/mp/test/foo.capnp
+++ b/test/mp/test/foo.capnp
@@ -27,7 +27,7 @@ interface FooInterface $Proxy.wrap("mp::test::FooImplementation") {
     passEmpty [@12](/bitcoin-core-multiprocess/contributor/12/) (arg :FooEmpty) -> (result :FooEmpty);
     passMessage [@13](/bitcoin-core-multiprocess/contributor/13/) (arg :FooMessage) -> (result :FooMessage);
     passMutable [@14](/bitcoin-core-multiprocess/contributor/14/) (arg :FooMutable) -> (arg :FooMutable);
-    passEnum [@15](/bitcoin-core-multiprocess/contributor/15/) (arg :Int32) -> (result :Int32);
+    passEnum [@15](/bitcoin-core-multiprocess/contributor/15/) (arg :Int16) -> (result :Int32);
 }
 
 interface FooCallback $Proxy.wrap("mp::test::FooCallback") {

Then there should be a compile error if you run make check:

include/mp/proxy-types.h:968:19: error: static assertion failed due to requirement 'std::numeric_limits<unsigned short>::max() >= std::numeric_limits<unsigned int>::max()': mismatched integral/enum types
  968 |     static_assert(std::numeric_limits<T>::max() >= std::numeric_limits<E>::max(), "mismatched integral/enum types");
[...]
include/mp/proxy-types.h:968:49: note: expression evaluates to '65535 >= 4294967295'
  968 |     static_assert(std::numeric_limits<T>::max() >= std::numeric_limits<E>::max(), "mismatched integral/enum types");

ryanofsky merged this on Jan 13, 2025

ryanofsky closed this on Jan 13, 2025

Sjors referenced this in commit b298856792 on Jan 16, 2025

Sjors referenced this in commit 2f7dc7d665 on Jan 16, 2025

Sjors referenced this in commit d7013a805b on Jan 17, 2025

Sjors referenced this in commit 42673bf471 on Jan 17, 2025

Sjors referenced this in commit 0ca9eef7a5 on Jan 20, 2025

Sjors referenced this in commit a3be4d6731 on Jan 22, 2025

Sjors referenced this in commit b804b6c4b8 on Jan 23, 2025

Sjors referenced this in commit 0325502620 on Jan 27, 2025

Sjors referenced this in commit 57e60735cf on Jan 27, 2025

Sjors referenced this in commit 71be9377ee on Jan 27, 2025

ryanofsky referenced this in commit 90b116bd70 on Jan 27, 2025

ryanofsky referenced this in commit ada8c1a5b8 on Jan 27, 2025

ryanofsky referenced this in commit 2221c8814d on Jan 27, 2025

Sjors referenced this in commit b66fe2fc03 on Jan 28, 2025

fanquake referenced this in commit ad2f9324c6 on Jan 29, 2025

janus referenced this in commit 311822f35f on Sep 1, 2025

bitcoin-core locked this on Jan 13, 2026