Don’t use reserved identifiers memczero and benchmark_verify_t #835

pull real-or-random wants to merge 2 commits into bitcoin-core:master from real-or-random:202010-reserved-identifiers changing 7 files +29 −23
  1. real-or-random commented at 1:01 pm on October 20, 2020: contributor

    As identified in #829 and #833. Fixes #829.

    Since we touch this anyway, this commit additionally makes the identifiers in the benchmark files a little bit more consistent.

    This is necessary before we can merge #833. I preferred a separate PR because it makes it easier to see the results of Travis in #833.

  2. Don't use reserved identifiers memczero and benchmark_verify_t
    As identified in #829 and #833. Fixes #829.
    
    Since we touch this anyway, this commit additionally makes the
    identifiers in the benchmark files a little bit more consistent.
    e89278f211
  3. elichai commented at 2:08 pm on October 20, 2020: contributor

    FWIW http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2572.pdf

    I wonder if we can use clang-tidy or something like that to catch these UBs in the CI

  4. gmaxwell commented at 7:11 am on October 21, 2020: contributor
  5. real-or-random commented at 12:43 pm on October 26, 2020: contributor
    @elichai @gmaxwell Mind to review? It’s trivial.
  6. elichai commented at 12:56 pm on October 26, 2020: contributor
  7. elichai commented at 12:58 pm on October 26, 2020: contributor
    tACK e89278f211a526062745c391d48a7baf782b4b2b
  8. real-or-random commented at 1:33 pm on October 26, 2020: contributor

    Just realized, are these also UB? :O

    https://github.com/bitcoin-core/secp256k1/blob/ac05f61fcf639a15b5101131561620303e4bd808/src/util.h#L269-L270

    Yeah, probably. We use __ types but we don’t declare them, so this fine. But we define types reserved for the standard lib, so I guess this is evil, yes… And this is probably the only case where we may see a real clash in practice in the future, if some compiler defines both int128_t and __int128_t. (Even then is unlikely to cause issues because it’s hopefully the same type.) What we could do is to guard these typedefs with defined(INT128_MAX). Does this make sense? I could add this to the PR.

    IMO the entire libary would be more readable if we used typedefs like i32 and u128. But we’d get a huge diff now, and would interrupt all PRs, pretty much like clang-format.

  9. sipa commented at 4:56 pm on October 26, 2020: contributor
    @real-or-random Replacing all int types everywhere is invasive, but I think can reasonably change uint128_t into uint128.
  10. gmaxwell commented at 11:01 pm on October 26, 2020: contributor

    I had thought the int128 typedefs only ran if they weren’t already defined. I agree clashing here is not great.

    Personally I really don’t like it when applications make local renames of all the generic standard types: Then I have to go digging through the code to make sure their custom type is defined to be the thing I think it is and that it’s consistently the thing I think it is and isn’t something different on some platform or another. Among other issues you end up with interface uglyness where your custom defined types end up in the interfaces and leak into applications. It was excusable back before there were standard fixed-size types, but isn’t really today, and I think today it mostly still lingers on as copying a style that doesn’t make sense anymore.

    This is distinct from e.g. making a type for a particular kind of data like a scalar or a field type, because at least that is defined to be fit for a particular purpose. In most cases using a for-application-type is preferable to using generic types (and, in fact, mandated pretty much universally by MISRA C).

    If a generic type needs to be renamed for some compatibility reason– e.g. there isn’t a universally available generic type with the required properties, then sure.

  11. sipa commented at 2:39 am on October 27, 2020: contributor
    ACK e89278f211a526062745c391d48a7baf782b4b2b
  12. real-or-random commented at 3:01 pm on October 27, 2020: contributor

    I had thought the int128 typedefs only ran if they weren’t already defined.

    I added a commit that implements this. I also added MAX and MIN macros

    Note: Currently there’s no compiler that provides (u)int128_t because that will open a can of worms due to (u)intmax_t. See http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2425.pdf .

  13. in src/util.h:269 in 7d878a0e4b outdated
    265 # define SECP256K1_WIDEMUL_INT128 1
    266 #else
    267 # define SECP256K1_WIDEMUL_INT64 1
    268 #endif
    269 #if defined(SECP256K1_WIDEMUL_INT128)
    270+# if !defined(UINT128_MAX) && defined(__SIZEOF_INT128__)
    


    sipa commented at 6:09 pm on October 27, 2020:
    This #if is missing a corresponding #endif.

    real-or-random commented at 7:20 pm on October 27, 2020:
    I hate the preprocessor.
  14. Typedef (u)int128_t only when they're not provided by the compiler 1f4dd03838
  15. real-or-random force-pushed on Oct 27, 2020
  16. real-or-random requested review from sipa on Oct 29, 2020
  17. jonasnick commented at 3:55 pm on November 4, 2020: contributor

    Just to spell it out, the assumption is that a compiler that adds int128_t in the future also defines UINT128_MAX?

    Looks good in general. Not sure how useful it is to define constants we don’t use.

  18. real-or-random commented at 5:36 pm on November 4, 2020: contributor

    Just to spell it out, the assumption is that a compiler that adds int128_t in the future also defines UINT128_MAX?

    Yes. And this is implied by the standard as far as I understand it.

    Looks good in general. Not sure how useful it is to define constants we don’t use.

    Yeah, one of the reasons why I decided for it is that it increases the probability to have a clash be apparent at compile-time (and fail compilation).

  19. jonasnick commented at 9:05 pm on November 4, 2020: contributor
    ACK 1f4dd0383807bfb7fef884601357b4c629dfb566
  20. sipa commented at 11:23 pm on November 4, 2020: contributor
    utACK 1f4dd0383807bfb7fef884601357b4c629dfb566
  21. sipa merged this on Nov 4, 2020
  22. sipa closed this on Nov 4, 2020

  23. Fabcien referenced this in commit 543f9c584f on Apr 8, 2021
  24. deadalnix referenced this in commit 1bb86f4723 on Apr 9, 2021

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-30 05:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me