Changeset View
Changeset View
Standalone View
Standalone View
src/secp256k1/src/assumptions.h
| /********************************************************************** | /********************************************************************** | ||||
| * Copyright (c) 2020 Pieter Wuille * | * Copyright (c) 2020 Pieter Wuille * | ||||
| * Distributed under the MIT software license, see the accompanying * | * Distributed under the MIT software license, see the accompanying * | ||||
| * file COPYING or http://www.opensource.org/licenses/mit-license.php.* | * file COPYING or http://www.opensource.org/licenses/mit-license.php.* | ||||
| **********************************************************************/ | **********************************************************************/ | ||||
| #ifndef SECP256K1_ASSUMPTIONS_H | #ifndef SECP256K1_ASSUMPTIONS_H | ||||
| #define SECP256K1_ASSUMPTIONS_H | #define SECP256K1_ASSUMPTIONS_H | ||||
| #include <limits.h> | |||||
| #include "util.h" | #include "util.h" | ||||
| /* This library, like most software, relies on a number of compiler implementation defined (but not undefined) | /* This library, like most software, relies on a number of compiler implementation defined (but not undefined) | ||||
| behaviours. Although the behaviours we require are essentially universal we test them specifically here to | behaviours. Although the behaviours we require are essentially universal we test them specifically here to | ||||
| reduce the odds of experiencing an unwelcome surprise. | reduce the odds of experiencing an unwelcome surprise. | ||||
| */ | */ | ||||
| struct secp256k1_assumption_checker { | struct secp256k1_assumption_checker { | ||||
| /* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not | /* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not | ||||
| allowed. */ | allowed. */ | ||||
| int dummy_array[( | int dummy_array[( | ||||
| /* Bytes are 8 bits. */ | /* Bytes are 8 bits. */ | ||||
| CHAR_BIT == 8 && | (CHAR_BIT == 8) && | ||||
| /* No integer promotion for uint32_t. This ensures that we can multiply uintXX_t values where XX >= 32 | |||||
| without signed overflow, which would be undefined behaviour. */ | |||||
| (UINT_MAX <= UINT32_MAX) && | |||||
| /* Conversions from unsigned to signed outside of the bounds of the signed type are | /* Conversions from unsigned to signed outside of the bounds of the signed type are | ||||
| implementation-defined. Verify that they function as reinterpreting the lower | implementation-defined. Verify that they function as reinterpreting the lower | ||||
| bits of the input in two's complement notation. Do this for conversions: | bits of the input in two's complement notation. Do this for conversions: | ||||
| - from uint(N)_t to int(N)_t with negative result | - from uint(N)_t to int(N)_t with negative result | ||||
| - from uint(2N)_t to int(N)_t with negative result | - from uint(2N)_t to int(N)_t with negative result | ||||
| - from int(2N)_t to int(N)_t with negative result | - from int(2N)_t to int(N)_t with negative result | ||||
| - from int(2N)_t to int(N)_t with positive result */ | - from int(2N)_t to int(N)_t with positive result */ | ||||
| ▲ Show 20 Lines • Show All 44 Lines • Show Last 20 Lines | |||||