Add static assertion that uint32_t is unsigned int or wider #818

pull real-or-random wants to merge 1 commits into bitcoin-core:master from real-or-random:202009_assert_sizeof_int changing 1 files +7 −1
  1. real-or-random commented at 11:36 AM on September 17, 2020: contributor

    Solves one item in #792 .

  2. Add static assertion that uint32_t is unsigned int or wider c0041b5cfc
  3. in src/assumptions.h:28 in c0041b5cfc 
      20 | @@ -19,7 +21,11 @@ struct secp256k1_assumption_checker {
  21 |         allowed. */
  22 |      int dummy_array[(
  23 |          /* Bytes are 8 bits. */
  24 | -        CHAR_BIT == 8 &&
  25 | +        (CHAR_BIT == 8) &&
  26 | +
  27 | +        /* No integer promotion for uint32_t. This ensures that we can multiply uintXX_t values where XX >= 32
  28 | +           without signed overflow, which would be undefined behaviour. */
  29 | +        (UINT_MAX <= UINT32_MAX) &&
    roconnor-blockstream commented at 2:50 PM on September 17, 2020:

    I think INT_MAX < UINT32_MAX would more directly capture your intention here; however given the other rules of C, I do admit that what you have written ends up being equivalent.

    real-or-random commented at 11:42 AM on September 18, 2020:

    Yeah, I think our intuition is just different. My thought was that if uint32_t is at least as large as unsigned int, then no promotion can happen at all, neither to signed int nor to unsigned int.

    roconnor-blockstream commented at 12:06 PM on September 18, 2020:

    I think of the rule as if every value of a type can fit within a signed int, then it is subject to integer promotion.

    sipa commented at 8:52 PM on September 18, 2020:

    Both seem reasonable and harmless to me.

    real-or-random commented at 9:56 AM on September 19, 2020:

    Wanna ACK then?

  4. elichai approved
  5. elichai commented at 7:40 AM on September 21, 2020: contributor

    Looks good. ACK c0041b5cfca5efb160aa9a5616350069c89a8c29

  6. sipa commented at 3:41 AM on September 26, 2020: contributor

    utACK c0041b5cfca5efb160aa9a5616350069c89a8c29

  7. real-or-random merged this on Sep 26, 2020
  8. real-or-random closed this on Sep 26, 2020
  9. jasonbcox referenced this in commit 7ccaa00435 on Sep 29, 2020
  10. deadalnix referenced this in commit 7516ca138d on Sep 30, 2020
Contributors
real-or-randomroconnor-blockstreamsipaelichai
Linked (view graph)
#792 Document / assert non-portable assumptions#817 Experimental features should be deprecated
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-15 03:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me