[cap-talk] Dan Bernstein's qmail security lessons paper
David Wagner
daw at cs.berkeley.edu
Mon Dec 17 20:15:31 EST 2007
Sandro Magi wrote:
> ALL supposed computable "integer arithmetic" is modular arithmetic [1].
I wrote:
> That doesn't sound right to me.
Sandro Magi elaborated:
> I say there's no semantic difference at all. Consider the signature of
> addition for register-sized integers:
>
> val (+): int -> int -> int
>
> This is really a partial function, since it could overflow. We can make
> it total as follows:
>
> type Result = Overflow | Success of int
> val (+): int -> int -> Result
That's not modular arithmetic. Modular arithmetic would be
val modplus: int -> int -> int
where modplus x y returns x+y mod 2^w, for some word size w.
I accept the similarities between "fixed-precision integer arithmetic
with exception on overflow" and "unlimited-precision integer arithmetic
with exception on resource exhaustion", but neither of those are
modular arithmetic.
More information about the cap-talk
mailing list