Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/assumptions.h
/********************************************************************** | /********************************************************************** | ||||
* Copyright (c) 2020 Pieter Wuille * | * Copyright (c) 2020 Pieter Wuille * | ||||
* Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
* file COPYING or http://www.opensource.org/licenses/mit-license.php.* | * file COPYING or http://www.opensource.org/licenses/mit-license.php.* | ||||
**********************************************************************/ | **********************************************************************/ | ||||
#ifndef SECP256K1_ASSUMPTIONS_H | #ifndef SECP256K1_ASSUMPTIONS_H | ||||
#define SECP256K1_ASSUMPTIONS_H | #define SECP256K1_ASSUMPTIONS_H | ||||
#include <limits.h> | |||||
#include "util.h" | #include "util.h" | ||||
/* This library, like most software, relies on a number of compiler implementation defined (but not undefined) | /* This library, like most software, relies on a number of compiler implementation defined (but not undefined) | ||||
behaviours. Although the behaviours we require are essentially universal we test them specifically here to | behaviours. Although the behaviours we require are essentially universal we test them specifically here to | ||||
reduce the odds of experiencing an unwelcome surprise. | reduce the odds of experiencing an unwelcome surprise. | ||||
*/ | */ | ||||
struct secp256k1_assumption_checker { | struct secp256k1_assumption_checker { | ||||
/* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not | /* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not | ||||
allowed. */ | allowed. */ | ||||
int dummy_array[( | int dummy_array[( | ||||
/* Bytes are 8 bits. */ | /* Bytes are 8 bits. */ | ||||
CHAR_BIT == 8 && | (CHAR_BIT == 8) && | ||||
/* No integer promotion for uint32_t. This ensures that we can multiply uintXX_t values where XX >= 32 | |||||
without signed overflow, which would be undefined behaviour. */ | |||||
(UINT_MAX <= UINT32_MAX) && | |||||
/* Conversions from unsigned to signed outside of the bounds of the signed type are | /* Conversions from unsigned to signed outside of the bounds of the signed type are | ||||
implementation-defined. Verify that they function as reinterpreting the lower | implementation-defined. Verify that they function as reinterpreting the lower | ||||
bits of the input in two's complement notation. Do this for conversions: | bits of the input in two's complement notation. Do this for conversions: | ||||
- from uint(N)_t to int(N)_t with negative result | - from uint(N)_t to int(N)_t with negative result | ||||
- from uint(2N)_t to int(N)_t with negative result | - from uint(2N)_t to int(N)_t with negative result | ||||
- from int(2N)_t to int(N)_t with negative result | - from int(2N)_t to int(N)_t with negative result | ||||
- from int(2N)_t to int(N)_t with positive result */ | - from int(2N)_t to int(N)_t with positive result */ | ||||
▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines |