Be stricter with side effects in VERIFY #1485

pull real-or-random wants to merge 1 commits into bitcoin-core:master from real-or-random:202401-i-side-effect changing 10 files +92 −76
  1. real-or-random commented at 6:06 PM on January 17, 2024: contributor

    Adds a rule to CONTRIBUTING.md and makes the code adhere to it.

  2. real-or-random added the label assurance on Jan 17, 2024
  3. real-or-random added the label refactor/smell on Jan 17, 2024
  4. real-or-random added the label meta/development on Jan 17, 2024
  5. real-or-random commented at 6:06 PM on January 17, 2024: contributor

    cc @theStack because you worked on #1393

  6. in src/group_impl.h:252 in a24dd539f6 outdated 
     249 | +        size_t i_ver;
 250 | +        for (i_ver = 0; i_ver < len; i_ver++) {
 251 | +            SECP256K1_GE_VERIFY(&r[i_ver]);
 252 | +        }
 253 |      }
 254 |  #endif
    real-or-random commented at 6:09 PM on January 17, 2024:

    These loops caught my attention initially. Here we set i inside VERIFY block, but we also use it outside. I think this should be avoided out of an abundance of caution.

  7. real-or-random force-pushed on Jan 17, 2024
  8. khademreza5 approved
  9. in CONTRIBUTING.md:53 in 690a890f03 outdated 
      48 | @@ -49,6 +49,10 @@ In addition, libsecp256k1 tries to maintain the following coding conventions:
  49 |  * Operations involving secret data should be tested for being constant time with respect to the secrets (see [src/ctime_tests.c](src/ctime_tests.c)).
  50 |  * Local variables containing secret data should be cleared explicitly to try to delete secrets from memory.
  51 |  * Use `secp256k1_memcmp_var` instead of `memcmp` (see [#823](https://github.com/bitcoin-core/secp256k1/issues/823)).
  52 | +* When a test binary is compiled, the `VERIFY` macro will be defined.
  53 | +  * Use `VERIFY_CHECK(cond)` for assertions. The will only be enabled if `VERIFY` is defined.
    theStack commented at 1:02 PM on January 19, 2024:

    Seems like a missing character typo:

      * Use `VERIFY_CHECK(cond)` for assertions. They will only be enabled if `VERIFY` is defined.

    (or The check ..., These?)

    real-or-random commented at 7:05 AM on April 16, 2024:

    Fixed (and restructured a bit).

  10. theStack commented at 1:04 PM on January 19, 2024: contributor

    Concept ACK

  11. real-or-random force-pushed on Apr 16, 2024
  12. theStack approved
  13. theStack commented at 12:15 AM on June 26, 2024: contributor

    Code-review ACK f65f1a43e8389cdcce2cdfc5e7df9ffeb872b134

  14. real-or-random force-pushed on Jun 26, 2024
  15. real-or-random commented at 9:35 AM on June 26, 2024: contributor

    thanks, rebased.

  16. in src/modules/ellswift/main_impl.h:269 in f3b91f0303 outdated 
     265 | @@ -266,11 +266,11 @@ static int secp256k1_ellswift_xswiftec_inv_var(secp256k1_fe *t, const secp256k1_
 266 |          secp256k1_fe_mul(&q, &q, &s);                   /* q = s*(4*(u^3+7)+3*u^2*s) */
 267 |          secp256k1_fe_negate(&q, &q, 1);                 /* q = -s*(4*(u^3+7)+3*u^2*s) */
 268 |          if (!secp256k1_fe_is_square_var(&q)) return 0;
 269 | -        ret = secp256k1_fe_sqrt(&r, &q);                /* r = sqrt(-s*(4*(u^3+7)+3*u^2*s)) */
 270 | +        ret_ver = secp256k1_fe_sqrt(&r, &q);                /* r = sqrt(-s*(4*(u^3+7)+3*u^2*s)) */
    theStack commented at 5:39 PM on June 26, 2024:

    white-space-identation-nit (to be adjusted to the comments above):

            ret_ver = secp256k1_fe_sqrt(&r, &q);            /* r = sqrt(-s*(4*(u^3+7)+3*u^2*s)) */
    real-or-random commented at 10:54 AM on June 27, 2024:

    fixed

  17. in src/modules/ellswift/main_impl.h:290 in f3b91f0303 outdated 
     286 | @@ -287,8 +287,8 @@ static int secp256k1_ellswift_xswiftec_inv_var(secp256k1_fe *t, const secp256k1_
 287 |      }
 288 |  
 289 |      /* Let w = sqrt(s). */
 290 | -    ret = secp256k1_fe_sqrt(&m, &s);                    /* m = sqrt(s) = w */
 291 | -    VERIFY_CHECK(ret);
 292 | +    ret_ver = secp256k1_fe_sqrt(&m, &s);                    /* m = sqrt(s) = w */
    theStack commented at 5:40 PM on June 26, 2024: 
        ret_ver = secp256k1_fe_sqrt(&m, &s);                /* m = sqrt(s) = w */
    real-or-random commented at 10:55 AM on June 27, 2024:

    fixed

  18. theStack approved
  19. theStack commented at 5:41 PM on June 26, 2024: contributor

    re-ACK f3b91f0303a1d3885df61f87150ee19b1d20da9f

  20. Be stricter with side effects in VERIFY
    Adds a rule to CONTRIBUTING.md and makes the code adhere to it.
    ee7083feb5
  21. real-or-random force-pushed on Jun 27, 2024
  22. theStack approved
  23. theStack commented at 11:24 AM on June 27, 2024: contributor

    re-ACK ee7083feb5fedcb217c584656271cbce8cf107af (only whitespace fixes since my previous ACK)

  24. gatleas17 approved
  25. bitcoin-core deleted a comment on Aug 5, 2024
  26. bitcoin-core deleted a comment on Aug 5, 2024
  27. stratospher commented at 8:30 AM on February 24, 2025: contributor

    ACK ee7083f. if you retouch - few more places in the musig module needs to be updated with this pattern too.

  28. real-or-random referenced this in commit 586772c237 on Aug 19, 2025
Contributors
real-or-randomkhademreza5theStackgatleas17stratospher
Labels
assurancetweak/refactormeta/development
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-18 23:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me