Add compile time verification of assumptions we're currently making i…

…mplicitly/tacitly Summary: Add compile time verification of assumptions we're currently making implicitly/tacitly. Backport of Bitcoin Core PR15391 bitcoin/bitcoin#15391 Test Plan: ``` make check ``` Reviewers: Fabien, #bitcoin_abc, deadalnix Reviewed By: Fabien, #bitcoin_abc Differential Revision: https://reviews.bitcoinabc.org/D4043
jonspock · Dec 24, 2019 · d0e4fe6 · d0e4fe6
1 parent 8f428fa
commit d0e4fe6
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 6 deletions.
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -132,6 +132,7 @@ BITCOIN_CORE_H = \
   clientversion.h \
   coins.h \
   compat.h \
+  compat/assumptions.h \
   compat/byteswap.h \
   compat/endian.h \
   compat/sanity.h \

diff --git a/src/compat/assumptions.h b/src/compat/assumptions.h
@@ -0,0 +1,48 @@
+// Copyright (c) 2009-2010 Satoshi Nakamoto
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+// Compile-time verification of assumptions we make.
+
+#ifndef BITCOIN_COMPAT_ASSUMPTIONS_H
+#define BITCOIN_COMPAT_ASSUMPTIONS_H
+
+#include <limits>
+
+// Assumption: We assume that the macro NDEBUG is not defined.
+// Example(s): We use assert(...) extensively with the assumption of it never
+//             being a noop at runtime.
+#if defined(NDEBUG)
+#error "Bitcoin cannot be compiled without assertions."
+#endif
+
+// Assumption: We assume the floating-point types to fulfill the requirements of
+//             IEC 559 (IEEE 754) standard.
+// Example(s): Floating-point division by zero in ConnectBlock,
+// CreateTransaction
+//             and EstimateMedianVal.
+static_assert(std::numeric_limits<float>::is_iec559, "IEEE 754 float assumed");
+static_assert(std::numeric_limits<double>::is_iec559,
+              "IEEE 754 double assumed");
+
+// Assumption: We assume floating-point widths.
+// Example(s): Type punning in serialization code
+// (ser_{float,double}_to_uint{32,64}).
+static_assert(sizeof(float) == 4, "32-bit float assumed");
+static_assert(sizeof(double) == 8, "64-bit double assumed");
+
+// Assumption: We assume integer widths.
+// Example(s): GetSizeOfCompactSize and WriteCompactSize in the serialization
+//             code.
+static_assert(sizeof(short) == 2, "16-bit short assumed");
+static_assert(sizeof(int) == 4, "32-bit int assumed");
+
+// Some important things we are NOT assuming (non-exhaustive list):
+// * We are NOT assuming a specific value for sizeof(std::size_t).
+// * We are NOT assuming a specific value for std::endian::native.
+// * We are NOT assuming a specific value for std::locale("").name().
+// * We are NOT assuming a specific value for
+// std::numeric_limits<char>::is_signed.
+
+#endif // BITCOIN_COMPAT_ASSUMPTIONS_H
diff --git a/src/util.h b/src/util.h
@@ -13,6 +13,7 @@
 #include <config/bitcoin-config.h>
 
 #include <compat.h>
+#include <compat/assumptions.h>
 #include <logging.h>
 #include <sync.h>
 #include <tinyformat.h>

diff --git a/src/validation.cpp b/src/validation.cpp
@@ -53,12 +53,6 @@
 #include <sstream>
 #include <thread>
 
-#include <thread>
-
-#if defined(NDEBUG)
-#error "DeVault cannot be compiled without assertions."
-#endif
-
 #define MICRO 0.000001
 #define MILLI 0.001
 /**