uint8_t is effective protection, given the normal assumption of a stack with 4096 to 16384 bytes of space and a call stack that isn't insane.
If you wish to make a formal proof of correctness, feel free to make worst-case assumptions.
uint8_t is effective protection, given the normal assumption of a stack with 4096 to 16384 bytes of space and a call stack that isn't insane.
If you wish to make a formal proof of correctness, feel free to make worst-case assumptions.