mcarrickscott commented on PR #95: URL: https://github.com/apache/incubator-milagro-crypto-c/pull/95#issuecomment-1449716156
I am disagreeing that it is a bug. Manifestly it is not, the program is running correctly. It is a compiler warning about undefined behaviour which could in theory cause a bug, but does not in practice, which is a failure on the part of the C language (it could easily have been defined, but the actual definition was left up to compiler writers.) All Rust did was to properly and unambiguously define the result of a shift which could cause an overflow. Fixing it (meaning not fixing the bug - there is none - but getting the compiler to stop complaining about the undefined behaviour) would be a big task involving the insertion of lots of data-dependent masking, an error prone undertaking which will have no practical real-world impact other than to slow down the code. But if you really feel you have to do that, then I guess that is what you have to do. Prior to each and every shift which could cause an overflow/underflow you need to mask to zero certain bits which might be pushed into the overflow range. It does not apply in every case. Right shifts of an unsigned integer by a positive amount for example can never overflow. Good luck! Mike On Wed, Mar 1, 2023 at 1:06 PM Matthias Görgens ***@***.***> wrote: > Yes, Rust is great, I like it, too. But let's leave that tangent aside for > now? > > To be clear, I am suggesting two things. > > First, in addition to the address sanitizer we already use, we should also > use undefined behaviour sanitizer. (And clang's memory sanitizer.) > > Second, I am suggesting that undefined behaviour by itself is a bug in > cryptographic library that should be addressed. > > This PR implements the first point, and asks for help with the second. > > What, if anything, are you disagreeing with? > > — > Reply to this email directly, view it on GitHub > <https://github.com/apache/incubator-milagro-crypto-c/pull/95#issuecomment-1449633146>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAU3ZDSOP5B46HWN556UI2LWZ4GRFANCNFSM6AAAAAATEDLYUI> > . > You are receiving this because you were mentioned.Message ID: > ***@***.***> > -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
