[Ur] need help with unification and field name disjointness proof failures

Benjamin Barenblat bbaren at mit.edu
Thu Apr 6 18:22:20 EDT 2017


*looks at Ur/Web source* It is! I wonder why I wrote
urweb-crypto-random-openssl. My best guess is that I was concerned by
the fact that `rand` returns -1 on failure instead of throwing an
application error. On the other hand, freaking out and writing my own
library seems a bit of an overreaction. More likely I just didn’t
bother to check the randomness properties of the built-in `rand` and
assumed that it wrapped C `rand`.

The fact that `rand` returns -1 on failure, however, is a bit scary.
That sounds like a CVE waiting to happen – people aren’t going to
check the result code from `rand`. Adam, how would you feel about it
returning an `option` or throwing an application error if it fails?



More information about the Ur mailing list