Bitcoin ABC 0.32.8
P2P Digital Currency
util.h
Go to the documentation of this file.
1/***********************************************************************
2 * Copyright (c) 2013, 2014 Pieter Wuille *
3 * Distributed under the MIT software license, see the accompanying *
4 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
5 ***********************************************************************/
6
7#ifndef SECP256K1_UTIL_H
8#define SECP256K1_UTIL_H
9
10#if defined HAVE_CONFIG_H
11#include "libsecp256k1-config.h"
12#endif
13
14#include <stdlib.h>
15#include <stdint.h>
16#include <stdio.h>
17#include <limits.h>
18
19#define STR_(x) #x
20#define STR(x) STR_(x)
21#define DEBUG_CONFIG_MSG(x) "DEBUG_CONFIG: " x
22#define DEBUG_CONFIG_DEF(x) DEBUG_CONFIG_MSG(#x "=" STR(x))
23
24typedef struct {
25 void (*fn)(const char *text, void* data);
26 const void* data;
27} secp256k1_callback;
28
29static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback * const cb, const char * const text) {
30 cb->fn(text, (void*)cb->data);
31}
32
33#ifndef USE_EXTERNAL_DEFAULT_CALLBACKS
34static void secp256k1_default_illegal_callback_fn(const char* str, void* data) {
35 (void)data;
36 fprintf(stderr, "[libsecp256k1] illegal argument: %s\n", str);
37 abort();
38}
39static void secp256k1_default_error_callback_fn(const char* str, void* data) {
40 (void)data;
41 fprintf(stderr, "[libsecp256k1] internal consistency check failed: %s\n", str);
42 abort();
43}
44#else
45void secp256k1_default_illegal_callback_fn(const char* str, void* data);
46void secp256k1_default_error_callback_fn(const char* str, void* data);
47#endif
48
49static const secp256k1_callback default_illegal_callback = {
50 secp256k1_default_illegal_callback_fn,
51 NULL
52};
53
54static const secp256k1_callback default_error_callback = {
55 secp256k1_default_error_callback_fn,
56 NULL
57};
58
59
60#ifdef DETERMINISTIC
61#define TEST_FAILURE(msg) do { \
62 fprintf(stderr, "%s\n", msg); \
63 abort(); \
64} while(0);
65#else
66#define TEST_FAILURE(msg) do { \
67 fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, msg); \
68 abort(); \
69} while(0)
70#endif
71
72#if SECP256K1_GNUC_PREREQ(3, 0)
73#define EXPECT(x,c) __builtin_expect((x),(c))
74#else
75#define EXPECT(x,c) (x)
76#endif
77
78#ifdef DETERMINISTIC
79#define CHECK(cond) do { \
80 if (EXPECT(!(cond), 0)) { \
81 TEST_FAILURE("test condition failed"); \
82 } \
83} while(0)
84#else
85#define CHECK(cond) do { \
86 if (EXPECT(!(cond), 0)) { \
87 TEST_FAILURE("test condition failed: " #cond); \
88 } \
89} while(0)
90#endif
91
92/* Like assert(), but when VERIFY is defined, and side-effect safe. */
93#if defined(COVERAGE)
94#define VERIFY_CHECK(check)
95#define VERIFY_SETUP(stmt)
96#elif defined(VERIFY)
97#define VERIFY_CHECK CHECK
98#define VERIFY_SETUP(stmt) do { stmt; } while(0)
99#else
100#define VERIFY_CHECK(cond) do { (void)(cond); } while(0)
101#define VERIFY_SETUP(stmt)
102#endif
103
104/* Define `VG_UNDEF` and `VG_CHECK` when VALGRIND is defined */
105#if !defined(VG_CHECK)
106# if defined(VALGRIND)
107# include <valgrind/memcheck.h>
108# define VG_UNDEF(x,y) VALGRIND_MAKE_MEM_UNDEFINED((x),(y))
109# define VG_CHECK(x,y) VALGRIND_CHECK_MEM_IS_DEFINED((x),(y))
110# else
111# define VG_UNDEF(x,y)
112# define VG_CHECK(x,y)
113# endif
114#endif
115
116/* Like `VG_CHECK` but on VERIFY only */
117#if defined(VERIFY)
118#define VG_CHECK_VERIFY(x,y) VG_CHECK((x), (y))
119#else
120#define VG_CHECK_VERIFY(x,y)
121#endif
122
123static SECP256K1_INLINE void *checked_malloc(const secp256k1_callback* cb, size_t size) {
124 void *ret = malloc(size);
125 if (ret == NULL) {
126 secp256k1_callback_call(cb, "Out of memory");
127 }
128 return ret;
129}
130
131static SECP256K1_INLINE void *checked_realloc(const secp256k1_callback* cb, void *ptr, size_t size) {
132 void *ret = realloc(ptr, size);
133 if (ret == NULL) {
134 secp256k1_callback_call(cb, "Out of memory");
135 }
136 return ret;
137}
138
139#if defined(__BIGGEST_ALIGNMENT__)
140#define ALIGNMENT __BIGGEST_ALIGNMENT__
141#else
142/* Using 16 bytes alignment because common architectures never have alignment
143 * requirements above 8 for any of the types we care about. In addition we
144 * leave some room because currently we don't care about a few bytes. */
145#define ALIGNMENT 16
146#endif
147
148#define ROUND_TO_ALIGN(size) ((((size) + ALIGNMENT - 1) / ALIGNMENT) * ALIGNMENT)
149
150/* Macro for restrict, when available and not in a VERIFY build. */
151#if defined(SECP256K1_BUILD) && defined(VERIFY)
152# define SECP256K1_RESTRICT
153#else
154# if (!defined(__STDC_VERSION__) || (__STDC_VERSION__ < 199901L) )
155# if SECP256K1_GNUC_PREREQ(3,0)
156# define SECP256K1_RESTRICT __restrict__
157# elif (defined(_MSC_VER) && _MSC_VER >= 1400)
158# define SECP256K1_RESTRICT __restrict
159# else
160# define SECP256K1_RESTRICT
161# endif
162# else
163# define SECP256K1_RESTRICT restrict
164# endif
165#endif
166
167#if defined(_WIN32)
168# define I64FORMAT "I64d"
169# define I64uFORMAT "I64u"
170#else
171# define I64FORMAT "lld"
172# define I64uFORMAT "llu"
173#endif
174
175#if defined(__GNUC__)
176# define SECP256K1_GNUC_EXT __extension__
177#else
178# define SECP256K1_GNUC_EXT
179#endif
180
181/* Zero memory if flag == 1. Flag must be 0 or 1. Constant time. */
182static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag) {
183 unsigned char *p = (unsigned char *)s;
184 /* Access flag with a volatile-qualified lvalue.
185 This prevents clang from figuring out (after inlining) that flag can
186 take only be 0 or 1, which leads to variable time code. */
187 volatile int vflag = flag;
188 unsigned char mask = -(unsigned char) vflag;
189 while (len) {
190 *p &= ~mask;
191 p++;
192 len--;
193 }
194}
195
201static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n) {
202 const unsigned char *p1 = s1, *p2 = s2;
203 size_t i;
204
205 for (i = 0; i < n; i++) {
206 int diff = p1[i] - p2[i];
207 if (diff != 0) {
208 return diff;
209 }
210 }
211 return 0;
212}
213
215static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag) {
216 unsigned int mask0, mask1, r_masked, a_masked;
217 /* Access flag with a volatile-qualified lvalue.
218 This prevents clang from figuring out (after inlining) that flag can
219 take only be 0 or 1, which leads to variable time code. */
220 volatile int vflag = flag;
221
222 /* Casting a negative int to unsigned and back to int is implementation defined behavior */
223 VERIFY_CHECK(*r >= 0 && *a >= 0);
224
225 mask0 = (unsigned int)vflag + ~0u;
226 mask1 = ~mask0;
227 r_masked = ((unsigned int)*r & mask0);
228 a_masked = ((unsigned int)*a & mask1);
229
230 *r = (int)(r_masked | a_masked);
231}
232
233/* If USE_FORCE_WIDEMUL_{INT128,INT64} is set, use that wide multiplication implementation.
234 * Otherwise use the presence of __SIZEOF_INT128__ to decide.
235 */
236#if defined(USE_FORCE_WIDEMUL_INT128)
237# define SECP256K1_WIDEMUL_INT128 1
238#elif defined(USE_FORCE_WIDEMUL_INT64)
239# define SECP256K1_WIDEMUL_INT64 1
240#elif defined(UINT128_MAX) || defined(__SIZEOF_INT128__)
241# define SECP256K1_WIDEMUL_INT128 1
242#else
243# define SECP256K1_WIDEMUL_INT64 1
244#endif
245#if defined(SECP256K1_WIDEMUL_INT128)
246# if !defined(UINT128_MAX) && defined(__SIZEOF_INT128__)
247SECP256K1_GNUC_EXT typedef unsigned __int128 uint128_t;
248SECP256K1_GNUC_EXT typedef __int128 int128_t;
249#define UINT128_MAX ((uint128_t)(-1))
250#define INT128_MAX ((int128_t)(UINT128_MAX >> 1))
251#define INT128_MIN (-INT128_MAX - 1)
252/* No (U)INT128_C macros because compilers providing __int128 do not support 128-bit literals. */
253# endif
254#endif
255
256#ifndef __has_builtin
257#define __has_builtin(x) 0
258#endif
259
260/* Determine the number of trailing zero bits in a (non-zero) 32-bit x.
261 * This function is only intended to be used as fallback for
262 * secp256k1_ctz32_var, but permits it to be tested separately. */
263static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x) {
264 static const uint8_t debruijn[32] = {
265 0x00, 0x01, 0x02, 0x18, 0x03, 0x13, 0x06, 0x19, 0x16, 0x04, 0x14, 0x0A,
266 0x10, 0x07, 0x0C, 0x1A, 0x1F, 0x17, 0x12, 0x05, 0x15, 0x09, 0x0F, 0x0B,
267 0x1E, 0x11, 0x08, 0x0E, 0x1D, 0x0D, 0x1C, 0x1B
268 };
269 return debruijn[((x & -x) * 0x04D7651F) >> 27];
270}
271
272/* Determine the number of trailing zero bits in a (non-zero) 64-bit x.
273 * This function is only intended to be used as fallback for
274 * secp256k1_ctz64_var, but permits it to be tested separately. */
275static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x) {
276 static const uint8_t debruijn[64] = {
277 0, 1, 2, 53, 3, 7, 54, 27, 4, 38, 41, 8, 34, 55, 48, 28,
278 62, 5, 39, 46, 44, 42, 22, 9, 24, 35, 59, 56, 49, 18, 29, 11,
279 63, 52, 6, 26, 37, 40, 33, 47, 61, 45, 43, 21, 23, 58, 17, 10,
280 51, 25, 36, 32, 60, 20, 57, 16, 50, 31, 19, 15, 30, 14, 13, 12
281 };
282 return debruijn[((x & -x) * 0x022FDD63CC95386D) >> 58];
283}
284
285/* Determine the number of trailing zero bits in a (non-zero) 32-bit x. */
286static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x) {
287 VERIFY_CHECK(x != 0);
288#if (__has_builtin(__builtin_ctz) || SECP256K1_GNUC_PREREQ(3,4))
289 /* If the unsigned type is sufficient to represent the largest uint32_t, consider __builtin_ctz. */
290 if (((unsigned)UINT32_MAX) == UINT32_MAX) {
291 return __builtin_ctz(x);
292 }
293#endif
294#if (__has_builtin(__builtin_ctzl) || SECP256K1_GNUC_PREREQ(3,4))
295 /* Otherwise consider __builtin_ctzl (the unsigned long type is always at least 32 bits). */
296 return __builtin_ctzl(x);
297#else
298 /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */
299 return secp256k1_ctz32_var_debruijn(x);
300#endif
301}
302
303/* Determine the number of trailing zero bits in a (non-zero) 64-bit x. */
304static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x) {
305 VERIFY_CHECK(x != 0);
306#if (__has_builtin(__builtin_ctzl) || SECP256K1_GNUC_PREREQ(3,4))
307 /* If the unsigned long type is sufficient to represent the largest uint64_t, consider __builtin_ctzl. */
308 if (((unsigned long)UINT64_MAX) == UINT64_MAX) {
309 return __builtin_ctzl(x);
310 }
311#endif
312#if (__has_builtin(__builtin_ctzll) || SECP256K1_GNUC_PREREQ(3,4))
313 /* Otherwise consider __builtin_ctzll (the unsigned long long type is always at least 64 bits). */
314 return __builtin_ctzll(x);
315#else
316 /* If no suitable CTZ builtin is available, use a (variable time) software emulation. */
317 return secp256k1_ctz64_var_debruijn(x);
318#endif
319}
320
321/* Read a uint32_t in big endian */
322SECP256K1_INLINE static uint32_t secp256k1_read_be32(const unsigned char* p) {
323 return (uint32_t)p[0] << 24 |
324 (uint32_t)p[1] << 16 |
325 (uint32_t)p[2] << 8 |
326 (uint32_t)p[3];
327}
328
329/* Write a uint32_t in big endian */
330SECP256K1_INLINE static void secp256k1_write_be32(unsigned char* p, uint32_t x) {
331 p[3] = x;
332 p[2] = x >> 8;
333 p[1] = x >> 16;
334 p[0] = x >> 24;
335}
336
337#endif /* SECP256K1_UTIL_H */
secp256k1_ctz64_var
static SECP256K1_INLINE int secp256k1_ctz64_var(uint64_t x)
Definition: util.h:304
secp256k1_memcmp_var
static SECP256K1_INLINE int secp256k1_memcmp_var(const void *s1, const void *s2, size_t n)
Semantics like memcmp.
Definition: util.h:201
secp256k1_int_cmov
static SECP256K1_INLINE void secp256k1_int_cmov(int *r, const int *a, int flag)
If flag is true, set *r equal to *a; otherwise leave it.
Definition: util.h:215
secp256k1_default_error_callback_fn
static void secp256k1_default_error_callback_fn(const char *str, void *data)
Definition: util.h:39
SECP256K1_GNUC_EXT
#define SECP256K1_GNUC_EXT
Definition: util.h:178
default_error_callback
static const secp256k1_callback default_error_callback
Definition: util.h:54
secp256k1_read_be32
static SECP256K1_INLINE uint32_t secp256k1_read_be32(const unsigned char *p)
Definition: util.h:322
secp256k1_ctz32_var
static SECP256K1_INLINE int secp256k1_ctz32_var(uint32_t x)
Definition: util.h:286
secp256k1_write_be32
static SECP256K1_INLINE void secp256k1_write_be32(unsigned char *p, uint32_t x)
Definition: util.h:330
secp256k1_default_illegal_callback_fn
static void secp256k1_default_illegal_callback_fn(const char *str, void *data)
Definition: util.h:34
secp256k1_ctz64_var_debruijn
static SECP256K1_INLINE int secp256k1_ctz64_var_debruijn(uint64_t x)
Definition: util.h:275
checked_realloc
static SECP256K1_INLINE void * checked_realloc(const secp256k1_callback *cb, void *ptr, size_t size)
Definition: util.h:131
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:100
secp256k1_ctz32_var_debruijn
static SECP256K1_INLINE int secp256k1_ctz32_var_debruijn(uint32_t x)
Definition: util.h:263
checked_malloc
static SECP256K1_INLINE void * checked_malloc(const secp256k1_callback *cb, size_t size)
Definition: util.h:123
secp256k1_memczero
static SECP256K1_INLINE void secp256k1_memczero(void *s, size_t len, int flag)
Definition: util.h:182
secp256k1_callback_call
static SECP256K1_INLINE void secp256k1_callback_call(const secp256k1_callback *const cb, const char *const text)
Definition: util.h:29
default_illegal_callback
static const secp256k1_callback default_illegal_callback
Definition: util.h:49
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: secp256k1.h:127
secp256k1_callback
Definition: util.h:24
secp256k1_callback::fn
void(* fn)(const char *text, void *data)
Definition: util.h:25
secp256k1_callback::data
const void * data
Definition: util.h:26
Generated on Fri Feb 13 2026 20:17:44 for Bitcoin ABC by doxygen 1.9.4