[GHC] #8695: Arithmetic overflow from (minBound :: Int) `quot` (-1)

Tue Jan 28 21:58:25 UTC 2014

#8695: Arithmetic overflow from (minBound :: Int) `quot` (-1)
------------------------------------------------+--------------------------
        Reporter:  rleslie                      |            Owner:
            Type:  bug                          |           Status:  patch
        Priority:  normal                       |        Milestone:  7.8.1
       Component:  libraries/haskell2010        |          Version:  7.6.3
      Resolution:                               |         Keywords:
Operating System:  Unknown/Multiple             |     Architecture:
 Type of failure:  Incorrect result at runtime  |  Unknown/Multiple
       Test Case:                               |       Difficulty:
        Blocking:                               |  Unknown
                                                |       Blocked By:
                                                |  Related Tickets:  #1042
------------------------------------------------+--------------------------

Comment (by rwbarton):

 Choosing the behavior to match the existing documentation is the wrong way
 around, in my opinion. If the current behavior is considered desirable,
 then there is a documentation bug, not a bug in the definition of
 division.

 Unfortunately, there is no choice of behavior that is best in all
 contexts. For the kinds of programs I most often write, which are
 computations I run on my own computer, raising an exception is preferable
 ("safer"). I'm likely to not consider the possibility of dividing
 `MIN_INT` by `-1`, and the exception protects me: If my program runs to
 completion, then I know the answer is correct (and that such a division
 never occurred). In the unlikely event that I do get an exception, then I
 can consider what to do in the event of such a division and ensure that it
 is treated properly. If the division silently produces `MIN_INT` then
 there's some chance that this was the correct thing to do in my context,
 and some chance that I silently got a nonsense answer, which to me is the
 worst possible outcome.

 On the other hand, for someone who is writing a server to, say, evaluate
 arithmetic expressions, it is a pain if a malicious user can crash the
 server by asking it to evaluate `MIN_INT / (-1)`, and there's not really
 any sense in which answers are "right" or "wrong" anyways. For a program
 that does division and then does something with the result (like indexing
 into an array) I tend to worry about the security implications of working
 with a result that may not be expected by the developer (though something
 has likely gone wrong already, in the specific event that we are dividing
 `MIN_INT` by `-1`).

 Personally I am against this change because it would make ghc less useful
 for me. Moreover, I tend to feel that servers are complicated bits of
 software that are prone to crashing for many other reasons already, and it
 is prudent to ensure that an exception raised while handling one request
 cannot bring down the whole server anyways.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8695#comment:14>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler