Bitcoin ABC 0.32.10
P2P Digital Currency
util.h
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2013, 2014 Pieter Wuille *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#ifndef SECP256K1_UTIL_H
8#define SECP256K1_UTIL_H
9
10#include <stdlib.h>
11#include <stdint.h>
12#include <stdio.h>
13#include <limits.h>
14
15#define STR_(x) #x
16#define STR(x) STR_(x)
17#define DEBUG_CONFIG_MSG(x) "DEBUG_CONFIG: " x
18#define DEBUG_CONFIG_DEF(x) DEBUG_CONFIG_MSG(#x "=" STR(x))
19
20typedef struct {
21 void (*fn)(const char *text, void* data);
22 const void* data;
23} secp256k1_callback;
24
25static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) {
26 cb->fn(text, (void*)cb->data);
27}
28
29#ifndef USE_EXTERNAL_DEFAULT_CALLBACKS
30static void secp256k1_default_illegal_callback_fn(const char* str, void* data) {
31 (void)data;
32 fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str);
33 abort();
34}
35static void secp256k1_default_error_callback_fn(const char* str, void* data) {
36 (void)data;
37 fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str);
38 abort();
39}
40#else
41void secp256k1_default_illegal_callback_fn(const char* str, void* data);
42void secp256k1_default_error_callback_fn(const char* str, void* data);
43#endif
44
45static const secp256k1_callback default_illegal_callback = {
46 secp256k1_default_illegal_callback_fn,
47 NULL
48};
49
50static const secp256k1_callback default_error_callback = {
51 secp256k1_default_error_callback_fn,
52 NULL
53};
54
55
56#ifdef DETERMINISTIC
57#define TEST_FAILURE(msg) do { \
58 fprintf(stderr, "%s\n", msg); \
59 abort(); \
60} while(0);
61#else
62#define TEST_FAILURE(msg) do { \
63 fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \
64 abort(); \
65} while(0)
66#endif
67
68#if SECP256K1_GNUC_PREREQ(3, 0)
69#define EXPECT(x,c) __builtin_expect((x),(c))
70#else
71#define EXPECT(x,c) (x)
72#endif
73
74#ifdef DETERMINISTIC
75#define CHECK(cond) do { \
76 if (EXPECT(!(cond), 0)) { \
77 TEST_FAILURE("test condition failed"); \
78 } \
79} while(0)
80#else
81#define CHECK(cond) do { \
82 if (EXPECT(!(cond), 0)) { \
83 TEST_FAILURE("test condition failed: " #cond); \
84 } \
85} while(0)
86#endif
87
88/* Like assert(), but when VERIFY is defined, and side-effect safe. */
89#if defined(COVERAGE)
90#define VERIFY_CHECK(check)
91#define VERIFY_SETUP(stmt)
92#elif defined(VERIFY)
93#define VERIFY_CHECK CHECK
94#define VERIFY_SETUP(stmt) do { stmt; } while(0)
95#else
96#define VERIFY_CHECK(cond) do { (void)(cond); } while(0)
97#define VERIFY_SETUP(stmt)
98#endif
99
100/* Define `VG_UNDEF` and `VG_CHECK` when VALGRIND is defined */
101#if !defined(VG_CHECK)
102# if defined(VALGRIND)
103# include <valgrind/memcheck.h>
104# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y))
105# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y))
106# else
107# define VG_UNDEF(x,y)
108# define VG_CHECK(x,y)
109# endif
110#endif
111
112/* Like `VG_CHECK` but on VERIFY only */
113#if defined(VERIFY)
114#define VG_CHECK_VERIFY(x,y) VG_CHECK((x), (y))
115#else
116#define VG_CHECK_VERIFY(x,y)
117#endif
118
119static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) {
120 void *ret = malloc(size);
121 if (ret == NULL) {
122 secp256k1_callback_call(cb, "Out of memory");
123 }
124 return ret;
125}
126
127static SECP256K1_INLINE void *checked_realloc(const secp256k1_callback* cb, void *ptr, size_t size) {
128 void *ret = realloc(ptr, size);
129 if (ret == NULL) {
130 secp256k1_callback_call(cb, "Out of memory");
131 }
132 return ret;
133}
134
135#if defined(__BIGGEST_ALIGNMENT__)
136#define ALIGNMENT __BIGGEST_ALIGNMENT__
137#else
138/* Using 16 bytes alignment because common architectures never have alignment
139 * requirements above 8 for any of the types we care about. In addition we
140 * leave some room because currently we don't care about a few bytes. */
141#define ALIGNMENT 16
142#endif
143
144#define ROUND_TO_ALIGN(size) ((((size) + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT)
145
146/* Macro for restrict, when available and not in a VERIFY build. */
147#if defined(SECP256K1_BUILD) && defined(VERIFY)
148# define SECP256K1_RESTRICT
149#else
150# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
151# if SECP256K1_GNUC_PREREQ(3,0)
152# define SECP256K1_RESTRICT __restrict__
153# elif (defined(_MSC_VER) && _MSC_VER >= 1400)
154# define SECP256K1_RESTRICT __restrict
155# else
156# define SECP256K1_RESTRICT
157# endif
158# else
159# define SECP256K1_RESTRICT restrict
160# endif
161#endif
162
163#if defined(_WIN32)
164# define I64FORMAT "I64d"
165# define I64uFORMAT "I64u"
166#else
167# define I64FORMAT "lld"
168# define I64uFORMAT "llu"
169#endif
170
171#if defined(__GNUC__)
172# define SECP256K1_GNUC_EXT __extension__
173#else
174# define SECP256K1_GNUC_EXT
175#endif
176
177/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */
178static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag) {
179 unsigned char *p = (unsigned char *)s;
180 /* Access flag with a volatile-qualified lvalue.
181 This prevents clang from figuring out (after inlining) that flag can
182 take only be 0 or 1, which leads to variable time code. */
183 volatile int vflag = flag;
184 unsigned char mask = -(unsigned char) vflag;
185 while (len) {
186 *p &= ~mask;
187 p++;
188 len--;
189 }
190}
191
197static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n) {
198 const unsigned char *p1 = s1, *p2 = s2;
199 size_t i;
200
201 for (i = 0; i < n; i++) {
202 int diff = p1[i] - p2[i];
203 if (diff != 0) {
204 return diff;
205 }
206 }
207 return 0;
208}
209
211static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag) {
212 unsigned int mask0, mask1, r_masked, a_masked;
213 /* Access flag with a volatile-qualified lvalue.
214 This prevents clang from figuring out (after inlining) that flag can
215 take only be 0 or 1, which leads to variable time code. */
216 volatile int vflag = flag;
217
218 /* Casting a negative int to unsigned and back to int is implementation defined behavior */
219 VERIFY_CHECK(*r >= 0 && *a >= 0);
220
221 mask0 = (unsigned int)vflag + ~0u;
222 mask1 = ~mask0;
223 r_masked = ((unsigned int)*r & mask0);
224 a_masked = ((unsigned int)*a & mask1);
225
226 *r = (int)(r_masked | a_masked);
227}
228
229#if defined(USE_FORCE_WIDEMUL_INT128_STRUCT)
230/* If USE_FORCE_WIDEMUL_INT128_STRUCT is set, use int128_struct. */
231# define SECP256K1_WIDEMUL_INT128 1
232# define SECP256K1_INT128_STRUCT 1
233#elif defined(USE_FORCE_WIDEMUL_INT128)
234/* If USE_FORCE_WIDEMUL_INT128 is set, use int128. */
235# define SECP256K1_WIDEMUL_INT128 1
236# define SECP256K1_INT128_NATIVE 1
237#elif defined(USE_FORCE_WIDEMUL_INT64)
238/* If USE_FORCE_WIDEMUL_INT64 is set, use int64. */
239# define SECP256K1_WIDEMUL_INT64 1
240#elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__)
241/* If a native 128-bit integer type exists, use int128. */
242# define SECP256K1_WIDEMUL_INT128 1
243# define SECP256K1_INT128_NATIVE 1
244#elif defined(_MSC_VER) && (defined(_M_X64) || defined(_M_ARM64))
245/* On 64-bit MSVC targets (x86_64 and arm64), use int128_struct
246 * (which has special logic to implement using intrinsics on those systems). */
247# define SECP256K1_WIDEMUL_INT128 1
248# define SECP256K1_INT128_STRUCT 1
249#elif SIZE_MAX > 0xffffffff
250/* Systems with 64-bit pointers (and thus registers) very likely benefit from
251 * using 64-bit based arithmetic (even if we need to fall back to 32x32->64 based
252 * multiplication logic). */
253# define SECP256K1_WIDEMUL_INT128 1
254# define SECP256K1_INT128_STRUCT 1
255#else
256/* Lastly, fall back to int64 based arithmetic. */
257# define SECP256K1_WIDEMUL_INT64 1
258#endif
259
260#ifndef __has_builtin
261#define __has_builtin(x) 0
262#endif
263
264/* Determine the number of trailing zero bits in a (non-zero) 32-bit x.
265 * This function is only intended to be used as fallback for
266 * secp256k1_ctz32_var, but permits it to be tested separately. */
267static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x) {
268 static const uint8_t debruijn[32] = {
269 0x00, 0x01, 0x02, 0x18, 0x03, 0x13, 0x06, 0x19, 0x16, 0x04, 0x14, 0x0A,
270 0x10, 0x07, 0x0C, 0x1A, 0x1F, 0x17, 0x12, 0x05, 0x15, 0x09, 0x0F, 0x0B,
271 0x1E, 0x11, 0x08, 0x0E, 0x1D, 0x0D, 0x1C, 0x1B
272 };
273 return debruijn[((x & -x) * 0x04D7651F) >> 27];
274}
275
276/* Determine the number of trailing zero bits in a (non-zero) 64-bit x.
277 * This function is only intended to be used as fallback for
278 * secp256k1_ctz64_var, but permits it to be tested separately. */
279static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x) {
280 static const uint8_t debruijn[64] = {
281 0, 1, 2, 53, 3, 7, 54, 27, 4, 38, 41, 8, 34, 55, 48, 28,
282 62, 5, 39, 46, 44, 42, 22, 9, 24, 35, 59, 56, 49, 18, 29, 11,
283 63, 52, 6, 26, 37, 40, 33, 47, 61, 45, 43, 21, 23, 58, 17, 10,
284 51, 25, 36, 32, 60, 20, 57, 16, 50, 31, 19, 15, 30, 14, 13, 12
285 };
286 return debruijn[((x & -x) * 0x022FDD63CC95386D) >> 58];
287}
288
289/* Determine the number of trailing zero bits in a (non-zero) 32-bit x. */
290static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x) {
291 VERIFY_CHECK(x != 0);
292#if (__has_builtin(__builtin_ctz) || SECP256K1_GNUC_PREREQ(3,4))
293 /* If the unsigned type is sufficient to represent the largest uint32_t, consider __builtin_ctz. */
294 if (((unsigned)UINT32_MAX) == UINT32_MAX) {
295 return __builtin_ctz(x);
296 }
297#endif
298#if (__has_builtin(__builtin_ctzl) || SECP256K1_GNUC_PREREQ(3,4))
299 /* Otherwise consider __builtin_ctzl (the unsigned long type is always at least 32 bits). */
300 return __builtin_ctzl(x);
301#else
302 /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */
303 return secp256k1_ctz32_var_debruijn(x);
304#endif
305}
306
307/* Determine the number of trailing zero bits in a (non-zero) 64-bit x. */
308static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x) {
309 VERIFY_CHECK(x != 0);
310#if (__has_builtin(__builtin_ctzl) || SECP256K1_GNUC_PREREQ(3,4))
311 /* If the unsigned long type is sufficient to represent the largest uint64_t, consider __builtin_ctzl. */
312 if (((unsigned long)UINT64_MAX) == UINT64_MAX) {
313 return __builtin_ctzl(x);
314 }
315#endif
316#if (__has_builtin(__builtin_ctzll) || SECP256K1_GNUC_PREREQ(3,4))
317 /* Otherwise consider __builtin_ctzll (the unsigned long long type is always at least 64 bits). */
318 return __builtin_ctzll(x);
319#else
320 /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */
321 return secp256k1_ctz64_var_debruijn(x);
322#endif
323}
324
325/* Read a uint32_t in big endian */
326SECP256K1_INLINE static uint32_t secp256k1_read_be32(const unsigned char* p) {
327 return (uint32_t)p[0] << 24 |
328 (uint32_t)p[1] << 16 |
329 (uint32_t)p[2] << 8 |
330 (uint32_t)p[3];
331}
332
333/* Write a uint32_t in big endian */
334SECP256K1_INLINE static void secp256k1_write_be32(unsigned char* p, uint32_t x) {
335 p[3] = x;
336 p[2] = x >> 8;
337 p[1] = x >> 16;
338 p[0] = x >> 24;
339}
340
341#endif /* SECP256K1_UTIL_H */
secp256k1_ctz64_var
static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x)
Definition: util.h:308
secp256k1_memcmp_var
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:197
secp256k1_int_cmov
static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
Definition: util.h:211
secp256k1_default_error_callback_fn
static void secp256k1_default_error_callback_fn(const char *str, void *data)
Definition: util.h:35
default_error_callback
static const secp256k1_callback default_error_callback
Definition: util.h:50
secp256k1_read_be32
static SECP256K1_INLINE uint32_t secp256k1_read_be32(const unsigned char *p)
Definition: util.h:326
secp256k1_ctz32_var
static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x)
Definition: util.h:290
secp256k1_write_be32
static SECP256K1_INLINE void secp256k1_write_be32(unsigned char *p, uint32_t x)
Definition: util.h:334
secp256k1_default_illegal_callback_fn
static void secp256k1_default_illegal_callback_fn(const char *str, void *data)
Definition: util.h:30
secp256k1_ctz64_var_debruijn
static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x)
Definition: util.h:279
checked_realloc
static SECP256K1_INLINE void * checked_realloc(const secp256k1_callback *cb, void *ptr, size_t size)
Definition: util.h:127
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:96
secp256k1_ctz32_var_debruijn
static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x)
Definition: util.h:267
checked_malloc
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
Definition: util.h:119
secp256k1_memczero
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
Definition: util.h:178
secp256k1_callback_call
static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback *const cb, const char *const text)
Definition: util.h:25
default_illegal_callback
static const secp256k1_callback default_illegal_callback
Definition: util.h:45
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: secp256k1.h:131
secp256k1_callback
Definition: util.h:20
secp256k1_callback::fn
void(* fn)(const char *text, void *data)
Definition: util.h:21
secp256k1_callback::data
const void * data
Definition: util.h:22
Generated on Fri Mar 13 2026 20:21:47 for Bitcoin ABC by doxygen 1.9.4