Electroneum
assumptions.h
Go to the documentation of this file.
1 /***********************************************************************
2  * Copyright (c) 2020 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5  ***********************************************************************/
6 
7 #ifndef SECP256K1_ASSUMPTIONS_H
8 #define SECP256K1_ASSUMPTIONS_H
9 
10 #include <limits.h>
11 
12 #include "util.h"
13 #if defined(SECP256K1_INT128_NATIVE)
14 #include "int128_native.h"
15 #endif
16 
17 /* This library, like most software, relies on a number of compiler implementation defined (but not undefined)
18  behaviours. Although the behaviours we require are essentially universal we test them specifically here to
19  reduce the odds of experiencing an unwelcome surprise.
20 */
21 
23  /* This uses a trick to implement a static assertion in C89: a type with an array of negative size is not
24  allowed. */
25  int dummy_array[(
26  /* Bytes are 8 bits. */
27  (CHAR_BIT == 8) &&
28 
29  /* No integer promotion for uint32_t. This ensures that we can multiply uintXX_t values where XX >= 32
30  without signed overflow, which would be undefined behaviour. */
31  (UINT_MAX <= UINT32_MAX) &&
32 
33  /* Conversions from unsigned to signed outside of the bounds of the signed type are
34  implementation-defined. Verify that they function as reinterpreting the lower
35  bits of the input in two's complement notation. Do this for conversions:
36  - from uint(N)_t to int(N)_t with negative result
37  - from uint(2N)_t to int(N)_t with negative result
38  - from int(2N)_t to int(N)_t with negative result
39  - from int(2N)_t to int(N)_t with positive result */
40 
41  /* To int8_t. */
42  ((int8_t)(uint8_t)0xAB == (int8_t)-(int8_t)0x55) &&
43  ((int8_t)(uint16_t)0xABCD == (int8_t)-(int8_t)0x33) &&
44  ((int8_t)(int16_t)(uint16_t)0xCDEF == (int8_t)(uint8_t)0xEF) &&
45  ((int8_t)(int16_t)(uint16_t)0x9234 == (int8_t)(uint8_t)0x34) &&
46 
47  /* To int16_t. */
48  ((int16_t)(uint16_t)0xBCDE == (int16_t)-(int16_t)0x4322) &&
49  ((int16_t)(uint32_t)0xA1B2C3D4 == (int16_t)-(int16_t)0x3C2C) &&
50  ((int16_t)(int32_t)(uint32_t)0xC1D2E3F4 == (int16_t)(uint16_t)0xE3F4) &&
51  ((int16_t)(int32_t)(uint32_t)0x92345678 == (int16_t)(uint16_t)0x5678) &&
52 
53  /* To int32_t. */
54  ((int32_t)(uint32_t)0xB2C3D4E5 == (int32_t)-(int32_t)0x4D3C2B1B) &&
55  ((int32_t)(uint64_t)0xA123B456C789D012ULL == (int32_t)-(int32_t)0x38762FEE) &&
56  ((int32_t)(int64_t)(uint64_t)0xC1D2E3F4A5B6C7D8ULL == (int32_t)(uint32_t)0xA5B6C7D8) &&
57  ((int32_t)(int64_t)(uint64_t)0xABCDEF0123456789ULL == (int32_t)(uint32_t)0x23456789) &&
58 
59  /* To int64_t. */
60  ((int64_t)(uint64_t)0xB123C456D789E012ULL == (int64_t)-(int64_t)0x4EDC3BA928761FEEULL) &&
61 #if defined(SECP256K1_INT128_NATIVE)
62  ((int64_t)(((uint128_t)0xA1234567B8901234ULL << 64) + 0xC5678901D2345678ULL) == (int64_t)-(int64_t)0x3A9876FE2DCBA988ULL) &&
63  (((int64_t)(int128_t)(((uint128_t)0xB1C2D3E4F5A6B7C8ULL << 64) + 0xD9E0F1A2B3C4D5E6ULL)) == (int64_t)(uint64_t)0xD9E0F1A2B3C4D5E6ULL) &&
64  (((int64_t)(int128_t)(((uint128_t)0xABCDEF0123456789ULL << 64) + 0x0123456789ABCDEFULL)) == (int64_t)(uint64_t)0x0123456789ABCDEFULL) &&
65 
66  /* To int128_t. */
67  ((int128_t)(((uint128_t)0xB1234567C8901234ULL << 64) + 0xD5678901E2345678ULL) == (int128_t)(-(int128_t)0x8E1648B3F50E80DCULL * 0x8E1648B3F50E80DDULL + 0x5EA688D5482F9464ULL)) &&
68 #endif
69 
70  /* Right shift on negative signed values is implementation defined. Verify that it
71  acts as a right shift in two's complement with sign extension (i.e duplicating
72  the top bit into newly added bits). */
73  ((((int8_t)0xE8) >> 2) == (int8_t)(uint8_t)0xFA) &&
74  ((((int16_t)0xE9AC) >> 4) == (int16_t)(uint16_t)0xFE9A) &&
75  ((((int32_t)0x937C918A) >> 9) == (int32_t)(uint32_t)0xFFC9BE48) &&
76  ((((int64_t)0xA8B72231DF9CF4B9ULL) >> 19) == (int64_t)(uint64_t)0xFFFFF516E4463BF3ULL) &&
77 #if defined(SECP256K1_INT128_NATIVE)
78  ((((int128_t)(((uint128_t)0xCD833A65684A0DBCULL << 64) + 0xB349312F71EA7637ULL)) >> 39) == (int128_t)(((uint128_t)0xFFFFFFFFFF9B0674ULL << 64) + 0xCAD0941B79669262ULL)) &&
79 #endif
80  1) * 2 - 1];
81 };
82 
83 #endif /* SECP256K1_ASSUMPTIONS_H */
unsigned short uint16_t
Definition: stdint.h:125
unsigned char uint8_t
Definition: stdint.h:124
int dummy_array[((CHAR_BIT==8) &&(UINT_MAX<=UINT32_MAX) &&((int8_t)(uint8_t) 0xAB==(int8_t) -(int8_t) 0x55) &&((int8_t)(uint16_t) 0xABCD==(int8_t) -(int8_t) 0x33) &&((int8_t)(int16_t)(uint16_t) 0xCDEF==(int8_t)(uint8_t) 0xEF) &&((int8_t)(int16_t)(uint16_t) 0x9234==(int8_t)(uint8_t) 0x34) &&((int16_t)(uint16_t) 0xBCDE==(int16_t) -(int16_t) 0x4322) &&((int16_t)(uint32_t) 0xA1B2C3D4==(int16_t) -(int16_t) 0x3C2C) &&((int16_t)(int32_t)(uint32_t) 0xC1D2E3F4==(int16_t)(uint16_t) 0xE3F4) &&((int16_t)(int32_t)(uint32_t) 0x92345678==(int16_t)(uint16_t) 0x5678) &&((int32_t)(uint32_t) 0xB2C3D4E5==(int32_t) -(int32_t) 0x4D3C2B1B) &&((int32_t)(uint64_t) 0xA123B456C789D012ULL==(int32_t) -(int32_t) 0x38762FEE) &&((int32_t)(int64_t)(uint64_t) 0xC1D2E3F4A5B6C7D8ULL==(int32_t)(uint32_t) 0xA5B6C7D8) &&((int32_t)(int64_t)(uint64_t) 0xABCDEF0123456789ULL==(int32_t)(uint32_t) 0x23456789) &&((int64_t)(uint64_t) 0xB123C456D789E012ULL==(int64_t) -(int64_t) 0x4EDC3BA928761FEEULL) &&((((int8_t) 0xE8) >> 2)==(int8_t)(uint8_t) 0xFA) &&((((int16_t) 0xE9AC) >> 4)==(int16_t)(uint16_t) 0xFE9A) &&((((int32_t) 0x937C918A) >> 9)==(int32_t)(uint32_t) 0xFFC9BE48) &&((((int64_t) 0xA8B72231DF9CF4B9ULL) >> 19)==(int64_t)(uint64_t) 0xFFFFF516E4463BF3ULL) &&1) *2 - 1]
Definition: assumptions.h:80
unsigned int uint32_t
Definition: stdint.h:126
signed short int16_t
Definition: stdint.h:122
unsigned __int64 uint64_t
Definition: stdint.h:136
signed char int8_t
Definition: stdint.h:121
#define UINT32_MAX
Definition: stdint.h:188
signed __int64 int64_t
Definition: stdint.h:135
signed int int32_t
Definition: stdint.h:123