Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document **all** safety requirements or remove undocumented unsafe functions from public API #544

Closed
Kixunil opened this issue Nov 30, 2022 · 2 comments · Fixed by #561
Closed

Document **all** safety requirements or remove undocumented unsafe functions from public API #544

Kixunil opened this issue Nov 30, 2022 · 2 comments · Fixed by #561

Comments

@Kixunil
Copy link
Collaborator

Kixunil commented Nov 30, 2022

Several unsafe functions have this in their Safety documentation:

This list is not exhaustive, and any violation may lead to Undefined Behavior.

Which is essentially same as saying: "if you don't obey secret rules this is UB" and since the code can never guarantee obeying secret safety rules it's equivalent to core::hint::unreachable_unchecked but without improved performance.

In other words those functions are totally useless.

Thus I propose for each function to either document all the rules (and make really, really sure they are correct) or just remove it from API if the rules can not be guaranteed.
@tcharding
Copy link
Member

We also need to be super careful in future reviewing patches to functions with safter docs that the docs don't go stale. I was a bit worried about this when I wrote docs that are based on line-by-line parts of the function, they are begging to go stale.

@apoelstra
Copy link
Member

In other words those functions are totally useless.

Well, in fairness, it's more like "they're useless unless you read all the source, including the C source, and you know all the UB rules for both languages and you're logically omniscient" ;).

But I agree, we absolutely should fix this.

tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Dec 8, 2022
@tcharding
Fully describe safety requirements
ef6836d 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
@tcharding tcharding mentioned this issue Dec 8, 2022
Merged
tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Dec 11, 2022
@tcharding
Fully describe safety requirements
382206f 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Dec 12, 2022
@tcharding
Fully describe safety requirements
0bd9c96 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Dec 15, 2022
@tcharding
Fully describe safety requirements
312cc1b 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Dec 21, 2022
@tcharding
Fully describe safety requirements
da49368 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
tcharding added a commit to tcharding/rust-secp256k1 that referenced this issue Jan 30, 2023
@tcharding
Fully describe safety requirements
3b2e786 
Currently we have a wildcard on safety requirements, saying more or less
"plus a bunch of other stuff we don't mention". This is not helpful.

Attempt to fully describe the safety requirements of creating a context
from a raw context (all, signing only, and verification only).

Fix: rust-bitcoin#544
apoelstra added a commit that referenced this issue Feb 6, 2023
@apoelstra
Merge #561: Fully describe safety requirements
6ec968a 
e705bcf Fully describe safety requirements (Tobin C. Harding)

Pull request description:

  Currently we have a wildcard on safety requirements, saying more or less "plus a bunch of other stuff we don't mention". This is not helpful.

  Attempt to fully describe the safety requirements of creating a context from a raw context (all, signing only, and verification only).

  Fix: #544

  ## Note

  This is best effort only, will require some thought to review. To do this I read https://doc.rust-lang.org/reference/behavior-considered-undefined.html and then I flicked through `depend/secp256k1/src/secp256k1.c` and `util.h` to look for things that could cause things in the linked to list of UB.

ACKs for top commit:
  apoelstra:
    ACK e705bcf
  Kixunil:
    ACK e705bcf

Tree-SHA512: 0180d196f6d528e3c7a06da54ef58d015df19c351d98030453ae5c5e62e0565797b06169f27f5d8b40ea0b9adba377cadd45dd306c8213d0bdc98b20651766c7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fully describe safety requirements tcharding/rust-secp256k1
3 participants
@Kixunil @apoelstra @tcharding