Remove usage of CHECK from non-test file #1149

pull tcharding wants to merge 1 commits into bitcoin-core:master from tcharding:11-04-check changing 1 files +9 −3
  1. tcharding commented at 3:33 AM on November 4, 2022: contributor

    Currently CHECK is used only in test and bench mark files except for one usage in ecmult_impl.h.

    We would like to move the definition of CHECK out of util.h so that util.h no longer has a hard dependency on stdio.h.

    Done as part of an effort to allow secp256k1 to be compiled to WASM as part of rust-secp256k1.

    Note to reviewers

    Please review carefully, I don't actually know if this patch is correct. Done while working on #1095. I'm happy to make any changes both in concept and execution - I'm super rusty at C programming.

    cc real-or-random

  2. real-or-random approved
  3. real-or-random commented at 11:21 AM on November 4, 2022: contributor

    utACK 0a3ebd7a364da68ce760e773955b0ac8e772a41f

    I wasn't even aware that there's a CHECK left in the main code, good to remove it.

    I was about to say leave the #ifdef VERIFY in but the code is safer without it due to the side-effect on bit. This is a side-effect that we can afford -- any sane compiler will remove this code anyway.

  4. apoelstra commented at 2:37 PM on November 4, 2022: contributor

    I also utACK this approach -- though I worry that we'll get "value of bit is never read" errors, which I haven't checked.

    But @tcharding why does this affect your wasm build at all? This code should be completely elided if you don't have VERIFY set, so it shouldn't matter what's in there (as long as it can be parsed by cpp).

  5. sipa commented at 2:53 PM on November 4, 2022: contributor

    Why does this remove the #ifdef CHECK around this whole loop? That looks like it could result in meaningfully worse performance if the compiler isn't smart enough the loop is free of side-effects.

  6. real-or-random commented at 5:48 PM on November 4, 2022: contributor

    But @tcharding why does this affect your wasm build at all? This code should be completely elided if you don't have VERIFY set, so it shouldn't matter what's in there (as long as it can be parsed by cpp).

    I think it doesn't affect the wasm build. It's just that I suggested this as an additional change in #1148.

    Why does this remove the #ifdef CHECK around this whole loop? That looks like it could result in meaningfully worse performance if the compiler isn't smart enough the loop is free of side-effects.

    You mean #ifdef VERIFY, I guess. Yes, we could leave it it but it's literally a dead store, except for the loop condition. Even the oldest available gcc on godbolt manages to remove this: https://gcc.godbolt.org/z/5arb8EaMn

    though I worry that we'll get "value of bit is never read" errors, which I haven't checked.

    No, it is read (in the loop condition :) ).

  7. sipa commented at 5:51 PM on November 4, 2022: contributor

    You mean #ifdef VERIFY, I guess. Yes, we could leave it it but it's literally a dead store, except for the loop condition. Even the oldest available gcc on godbolt manages to remove this: https://gcc.godbolt.org/z/5arb8EaMn

    VERIFY_CHECK doesn't macro-expand to nothing; it expands to do { (void)(cond); } while(0);, so that equivalence requires the compiler to reason through the fact that secp256k1_scalar_get_bits is side-effect free.

  8. real-or-random commented at 6:33 PM on November 4, 2022: contributor

    VERIFY_CHECK doesn't macro-expand to nothing; it expands to do { (void)(cond); } while(0);, so that equivalence requires the compiler to reason through the fact that secp256k1_scalar_get_bits is side-effect free.

    Oh, sure. Ok, then I guess it's better to keep the #ifdef VERIFY.

  9. tcharding commented at 8:05 PM on November 4, 2022: contributor

    Awesome, thanks lads, will re-spin.

  10. real-or-random commented at 12:09 AM on November 5, 2022: contributor

    Sorry for spending too much thoughts on this piece of test code. ;) But I think a very clean way would be to have a new variable in a new scope, like

    #ifdef VERIFY 
{
    int verify_bit = bit;
    while (verify_bit < 256) {
        VERIFY_CHECK(...);
        veirfy_bit++;
    }
}
#endif

    This pattern avoids any side effects on the non-VERIFY code... Of course, this particular piece of code is simple enough so that it doesn't really matter. But this seems to be a clean approach whenever we have some extra code in a #ifdef VERIFY block.

  11. tcharding force-pushed on Nov 7, 2022
  12. tcharding commented at 2:06 AM on November 7, 2022: contributor

    Thanks @real-or-random, your code snippet wasn't quite complete but I think I've distilled out the essence of it :)

  13. tcharding commented at 2:08 AM on November 7, 2022: contributor

    Changes in force push:

    • Better worded the commit log to mention the intent of moving CHECK.
    • Kept the ifdef on VERIFY.
    • Used a new local variable instead of mutating bit as suggested.

    thanks

  14. tcharding force-pushed on Nov 7, 2022
  15. tcharding commented at 2:15 AM on November 7, 2022: contributor

    I'm getting a compiler warning for "mixed declarations and code", what is the project style guide for such a thing please?

    src/ecmult_impl.h: In function ‘secp256k1_ecmult_wnaf’: src/ecmult_impl.h:205:5: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement] 205 | int verify_bit;

    Should I use an ugly declaration at the top of the function:

    
#ifdef VERIFY
    int verify_bit;
#endif
  16. Remove usage of CHECK from non-test file
    Currently CHECK is used only in test and bench mark files except for one
usage in `ecmult_impl.h`.

We would like to move the definition of CHECK out of `util.h` so that
`util.h` no longer has a hard dependency on `stdio.h`.

Done in preparation for moving the definition of `CHECK` as part of an
effort to allow secp256k1 to be compiled to WASM as part of
`rust-secp256k1`.
    6a965b6b98
  17. in src/ecmult_impl.h:208 in 0a894ee0d0 outdated 
     206 | +    VERIFY_CHECK(carry == 0);
 207 | +
 208 | +    int verify_bit = bit;
 209 | +    while (verify_bit < 256) {
 210 | +        VERIFY_CHECK(secp256k1_scalar_get_bits(&s, verify_bit, 1) == 0);
 211 | +        verify_bit++;
    real-or-random commented at 3:34 PM on November 7, 2022:

    You need to wrap that piece of code in a new block , i.e., { and }. Then the compiler will accept it. (The brackets in my suggestion weren't a mistake ;)).

    C90 has this strange rule that variable declarations must always come first in a block.

    tcharding commented at 7:29 PM on November 7, 2022:

    Face palm! Thanks bro

  18. tcharding force-pushed on Nov 7, 2022
  19. tcharding commented at 8:31 PM on November 7, 2022: contributor

    Added braces as suggested and cleared compiler warning.

  20. real-or-random approved
  21. real-or-random commented at 2:39 AM on November 8, 2022: contributor

    utACK 6a965b6b98bc08646c87bcfc826181e317079a9e

  22. sipa commented at 4:54 PM on November 16, 2022: contributor

    utACK 6a965b6b98bc08646c87bcfc826181e317079a9e

  23. real-or-random merged this on Nov 16, 2022
  24. real-or-random closed this on Nov 16, 2022
  25. sipa referenced this in commit 9d47e7b71b on Dec 13, 2022
  26. dhruv referenced this in commit 55ffd47cc6 on Dec 14, 2022
  27. dhruv referenced this in commit 967c65b158 on Dec 14, 2022
  28. dhruv referenced this in commit 78b5ddf28b on Jan 11, 2023
  29. dhruv referenced this in commit 215394a1d5 on Jan 11, 2023
  30. div72 referenced this in commit 945b094575 on Mar 14, 2023
  31. str4d referenced this in commit 0df7b459f6 on Apr 21, 2023
  32. vmta referenced this in commit e1120c94a1 on Jun 4, 2023
  33. vmta referenced this in commit 8f03457eed on Jul 1, 2023
  34. delta1 referenced this in commit 3f32c20932 on Aug 8, 2023
  35. delta1 referenced this in commit 31ac0c1081 on Aug 31, 2023
  36. uncomputable referenced this in commit 89e849788d on Nov 26, 2023
  37. uncomputable referenced this in commit 4e4edb8599 on Dec 1, 2023
  38. roconnor-blockstream referenced this in commit 09b8f058fe on Dec 2, 2023
  39. backpacker69 referenced this in commit 8a5f7d0637 on Mar 5, 2024
  40. roconnor-blockstream referenced this in commit 9a4adf727a on May 7, 2024
  41. eth-ravenxcb54 referenced this in commit a85a9f6f34 on Sep 29, 2025
  42. Fabcien referenced this in commit e58090722e on Feb 23, 2026
  43. Fabcien referenced this in commit d5a26fe98f on Feb 23, 2026
Contributors
tchardingreal-or-randomapoelstrasipa
Linked (view graph)
#1095 Don't #include standard library headers unconditionally
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-05-20 06:52 UTC