<div dir="ltr"><div dir="ltr">Hi Melissa and Hubert,<div><br></div><div>Thanks for the corrections and for the education. If an R1 of the paper is published it will include your contributions.</div><div><br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature">Scott Schurr<br><a href="mailto:S.Scott.Schurr@gmail.com" target="_blank">S.Scott.Schurr@gmail.com</a></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jan 30, 2019 at 11:18 AM Myria <<a href="mailto:myriachan@gmail.com">myriachan@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div>On Wed, Jan 30, 2019 at 11:08 Scott Schurr <<a href="mailto:s.scott.schurr@gmail.com" target="_blank">s.scott.schurr@gmail.com</a>> wrote:<br></div><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div><br></div><div>This clouds the actual issue you're trying to get at. Using simply "int" and "unsigned int" for the example solves the problem.<br></div></div></div></blockquote><div>I'm inclined to point the finger at "auto" here. Although this code would also not have been written if we taught to avoid relying on the "modulo" behaviour. The (I believe Google) check while processing JF's paper was that even unsigned overflow was often a bug.<br></div></div></div></blockquote><div><br></div><div>Yes, I think auto is the problem. I didn't want to use auto in the example, but I was trying to get the lines to not wrap in the Tony table. As many people have noted, auto has fewer characters. Sounds like I need to get rid of auto in the example and find a way to format the code. Thanks for pointing that out.</div><div> </div></div></div></div></div></blockquote><div dir="auto"><br></div><div dir="auto">Auto isn’t the only problem: keep in mind that on a 64-bit int system, the int32_t case is fully defined, because there is no overflow on the addition. The addition is 64-bit, and without auto, it would truncate after the addition. So on a 64-bit int system, the code will always work regardless of compiler settings, because everything that happens is well-defined.</div><div dir="auto"><br></div><div dir="auto">The existence of alternate possibilities clouds the point you’re trying to make; using int and unsigned int avoids these issues entirely.</div><div dir="auto"><br></div><div dir="auto">Unsigned overflow is usually a bug, but not always. Many cryptographic operations are defined in terms of wrapping arithmetic.</div><div dir="auto"><br></div><div dir="auto">Melissa</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_quote"><div></div></div></div></div></div></blockquote></div></div>
_______________________________________________<br>
ub mailing list<br>
<a href="mailto:ub@isocpp.open-std.org" target="_blank">ub@isocpp.open-std.org</a><br>
<a href="http://www.open-std.org/mailman/listinfo/ub" rel="noreferrer" target="_blank">http://www.open-std.org/mailman/listinfo/ub</a><br>
</blockquote></div></div>