
<p dir="ltr">I believe the guarantee at that chunk of code is that void_total of the era will be >= 0.</p>

<p dir="ltr">I could add an asset at those sections of code if need be.</p>

<p dir="ltr">If not, what is the correct type to be used here? I think size_t is reasonable as none of them are supposed to be negative in the first place. </p>

<br><div class="gmail_quote"><div dir="ltr">On Sat 11 Feb, 2017, 3:51 PM GHC, <<a href="mailto:ghc-devs@haskell.org">ghc-devs@haskell.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">#12636: ProfHeap's printf modifiers are incorrect<br class="gmail_msg">

-------------------------------------+-------------------------------------<br class="gmail_msg">

        Reporter:  Phyx-             |                Owner:  bollu<br class="gmail_msg">

            Type:  bug               |               Status:  new<br class="gmail_msg">

        Priority:  normal            |            Milestone:<br class="gmail_msg">

       Component:  Runtime System    |              Version:  8.0.1<br class="gmail_msg">

      Resolution:                    |             Keywords:  newcomer<br class="gmail_msg">

Operating System:  Windows           |         Architecture:<br class="gmail_msg">

                                     |  Unknown/Multiple<br class="gmail_msg">

 Type of failure:  None/Unknown      |            Test Case:<br class="gmail_msg">

      Blocked By:                    |             Blocking:<br class="gmail_msg">

 Related Tickets:                    |  Differential Rev(s):<br class="gmail_msg">

       Wiki Page:                    |<br class="gmail_msg">

-------------------------------------+-------------------------------------<br class="gmail_msg">

<br class="gmail_msg">

Comment (by Phyx-):<br class="gmail_msg">

<br class="gmail_msg">

 I actually question the use of `ssize_t` at all for these values. I think<br class="gmail_msg">

 the calculations violate the expected value ranges of `ssize_t` namely<br class="gmail_msg">

 with<br class="gmail_msg">

<br class="gmail_msg">

 {{{<br class="gmail_msg">

 censuses[t].void_total   += size;<br class="gmail_msg">

 censuses[era].void_total -= size;<br class="gmail_msg">

 }}}<br class="gmail_msg">

<br class="gmail_msg">

 So I think the types in `_counter` are wrong and have the potential to do<br class="gmail_msg">

 an unsigned underflow as `ssize_t` is only guaranteed to be able to store<br class="gmail_msg">

 values between `[-1, {SSIZE_MAX}]`[1]<br class="gmail_msg">

<br class="gmail_msg">

 [1]<a href="http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html" rel="noreferrer" class="gmail_msg" target="_blank">http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_types.h.html</a><br class="gmail_msg">

<br class="gmail_msg">

--<br class="gmail_msg">

Ticket URL: <<a href="http://ghc.haskell.org/trac/ghc/ticket/12636#comment:5" rel="noreferrer" class="gmail_msg" target="_blank">http://ghc.haskell.org/trac/ghc/ticket/12636#comment:5</a>><br class="gmail_msg">

GHC <<a href="http://www.haskell.org/ghc/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.haskell.org/ghc/</a>><br class="gmail_msg">

The Glasgow Haskell Compiler<br class="gmail_msg">

</blockquote></div><div dir="ltr">-- <br></div><div data-smartmail="gmail_signature"><div dir="ltr">Sending this from my phone, please excuse any typos!</div></div>