--- Log opened Mon Mar 06 00:00:02 2023
00:04 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Quit: My iMac has gone to sleep. ZZZzzz…]
00:32 -!- Guest82 [~Guest82@2409:408a:39a:fd92::1f0d:f8ad] has joined #secp256k1
00:32 -!- Guest82 [~Guest82@2409:408a:39a:fd92::1f0d:f8ad] has quit [Client Quit]
01:18 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has joined #secp256k1
03:56 -!- midnight [~midnight@user/midnight] has quit [Ping timeout: 252 seconds]
03:57 -!- midnight [~midnight@user/midnight] has joined #secp256k1
06:48 -!- tromp [~textual@92-110-219-57.cable.dynamic.v4.ziggo.nl] has quit [Read error: Connection reset by peer]
07:10 -!- hg [~halosghos@user/halosghost] has joined #secp256k1
08:50 < roconnor> https://github.com/bitcoin-core/secp256k1/blob/5757318782672f478d3f6fd7a2c961c38d4e0337/src/modinv64_impl.h#L422-L423
08:51 < roconnor> These lines claim to test for overflow; however integer overflow is UB.
08:52 < roconnor> did you mean for abs to return unsigned, and to compare with INT64_MAX or whatever it is called?
08:54 < roconnor> (P.S. should sd and se simply be inlined?)
08:55 < roconnor> ah no you want to share the computation of sd and se.
09:45 -!- BlueMatt_ [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
09:47 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has quit [Ping timeout: 248 seconds]
10:13 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Ping timeout: 255 seconds]
11:17 -!- hg [~halosghos@user/halosghost] has quit [Ping timeout: 260 seconds]
11:34 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
11:37 -!- p2plife_ [~p2plife@vps-46773dd2.vps.ovh.net] has joined #secp256k1
11:37 -!- p2plife [~p2plife@vps-46773dd2.vps.ovh.net] has quit [Ping timeout: 248 seconds]
11:37 -!- BlueMatt_ [~BlueMatt@ircb.bluematt.me] has quit [Ping timeout: 248 seconds]
11:37 -!- realtbast[m] [~realtbast@2001:470:69fc:105::1:69a9] has quit [Ping timeout: 248 seconds]
11:37 -!- sipa [~sipa@user/sipa] has quit [Ping timeout: 248 seconds]
11:49 -!- hg [~halosghos@user/halosghost] has joined #secp256k1
11:51 -!- realtbast[m] [~realtbast@2001:470:69fc:105::1:69a9] has joined #secp256k1
11:52 -!- sipa [~sipa@user/sipa] has joined #secp256k1
12:28 < real_or_random> roconnor: indeed, that's a bug. are you willing to open a PR?
12:32 < real_or_random> no need to change to uint. we could simply VERIFY_CHECK that summands are positive 
12:33 < real_or_random> and then VERIFY_CHECK(a <= INT64_MAX - b)
12:44 < sipa> Are the summands not 62-bit integers or so?
13:08 < roconnor> My suggestion would be to change the result of abs to unsigned and then just do the 2^62 check.
13:09 < roconnor> adding the absolute value of two signed integers cannot overflow, so long as the INT64_MIN check in abs passes.
13:10 < roconnor> IDK, I guess there are lots of ways of phrasing all this.
13:12 < roconnor> another way is to check that the abs is bounded by 2^62 and then check that the sum of the abs is also bounded by 2^62.
13:39 -!- BlueMatt_ [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
13:39 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has quit [Ping timeout: 255 seconds]
14:10 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
14:14 < roconnor> https://github.com/bitcoin-core/secp256k1/pull/1218
14:18 -!- Netsplit *.net <-> *.split quits: BlueMatt_
14:29 < real_or_random> lol
14:29 < real_or_random> https://github.com/bitcoin-core/secp256k1/pull/1219
14:30 < real_or_random> heh my PR has the same issue..
14:32 < real_or_random> ok, I'll go to bed and let you guys deal with it :D
14:33 < roconnor> yeah, I didn't give much though to the 32 bit case.
14:34 < roconnor> what a pain.
14:36 < sipa> (uint32_t)labs(u) + (uint32_t)labs(v) <= 0x80000000 ?
14:40 < roconnor> actually even the 64 bit case is a problem, so it seems I just don't know how to program.
14:41 < sipa> Programming is pretty hard.
14:47 < roconnor> We might chalk this up as a win for VST.  While techincally I'm just at the phase where I'm going over how to approach the proof, even if I hadn't caught it at this stage, there is no way that VST would let me verify the code as written.
15:41 -!- hg [~halosghos@user/halosghost] has quit [Quit: WeeChat 3.8]
15:42 -!- p2plife_ [~p2plife@vps-46773dd2.vps.ovh.net] has quit [Read error: Connection reset by peer]
15:45 -!- p2plife [~p2plife@vps-46773dd2.vps.ovh.net] has joined #secp256k1
16:22 < roconnor> I take that back actually.  Under the preconditions of the function that sum provably does not overflow, so even VST would let it pass.
20:33 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has quit [Quit: Quit]
20:33 -!- BlueMatt [~BlueMatt@ircb.bluematt.me] has joined #secp256k1
--- Log closed Tue Mar 07 00:00:03 2023