@roconnor-blockstream can you give these a shot with Elements master?

utACK 4466c89

src/simplicity

• dag.c 97.0% coverage
  • lines 35-37 and 75-77 are unreachable.
  • line 385 is assert(false);
  • lines 533 and 543-545 are known to be unreachable due to typeskip invariants.
  • line 588 would require a malloc failure.
• eval.c 98.9% coverage
  • line 193 and lines 203-204 are known to be unreachable due to typeskip invariants.
  • line 514 is unreachable.
• jest-secp256k1.c 96.1% coverage
  • simplicity_off_curve_scale and simplicity_off_curve_linear_combination_1 are disable in liquid in order to be extra cautious.
• sha256.c 98.5% coverage
  • simplicity_sha256_compression_is_optimized is only made available for testing purposes and not production.
• type.c 96.9% coverage`
  • line 18 is unreachable.
• typeInference.c 99.5% coverage
  • line 79 is assert(false);

src/simplicity/include/simplicity

• errorCodes.h 88.2% coverage
  • Hitting the default or SIMPLICITY_ERR_NOT_YET_IMPLEMENTED cases are expected to be impossible.
  • Hitting SIMPLICITY_ERR_MALLOC would require a malloc failure.
  • We don't expect the SIMPLICITY_NO_ERROR error message to be used.

src/simplicity/primitive/elements

• elementsJets.c 99.8% coverage
  • lines 450 and 464 are unreachable.
• env.c 99.5% coverage
  • lines 524-525 would require a malloc failure.
• exec.c 98.6% coverage
  • line 115 would require a malloc failure.
• ops.c 98.8% coverage
  • line 47 is unreachable.

src/simplicity/secp256k1

• eckey_impl.h 90.9% coverage.
  • line 70 probably could be covered
• ecmult_impl.h 98.8% coverage.
  • lines 282-283 I think is unreachable because we only have jets that do one-point multi-exp rather than multiple points.
• extrakeys_impl.h 90.8% coverage.
  • lines 36, 50, 78, 98 are all handling parsing errors, which are probably unreachable.
  • line 82 sets a parity return value that we don't use.
• generator_impl.h 93.1% coverage.
  • lines 219-223 and 235-236 are used when blind32 is provided, however we currently don't make use of this in our jets.
• group_impl.h 94.5% coverage.
  • line 271 is an error case that probably is unreachable.
  • lines 317, 352, 371, 381, 413-417 involve an optional rzr parameter that we do not make use of.
  • line 476 handles an infinity case that is maybe unreachable.
  • line 499 handles an infinity case that is maybe unreachable.
• modinv64_impl.h 98.5% coverage.
  • lines 476-477 is perhaps cryptographically unreachable. Also this file is proven correct in Coq anyways.
• schnorrsig_impl.h 98.1% coverage.
  • line 71 handles a parsing errors, which is probably unreachable.

src/script

• interpreter.cpp
  • I'm not sure why line 2693 is listed as uncovered when it is part of PrecomputedTransactionData::PrecomputedTransactionData which is covered.
  • line 3125 is effectively an assert(false).
  • line 3156 we don't expect to have AMR errors since AMRs are not used in production.
  • line 3157 we don't expect to hit the default case.
• interpreter.h
  • lines 342-345 we don't expect to execute the default CheckSimplicity handler that does nothing.
• script_error.cpp
  • 100% coverage

LGTM

Upon further consideration of eckey_impl.h, I now think it is cryptographically unreachable. This code is only activated by the simplicity_generic_taptweak function, which actually hashes data into the tweak parameter rather than just reading it as input. This makes hitting the infinity case cryptographically impossible.