K 10
svn:author
V 6
iulius
K 8
svn:date
V 27
2015-06-26T17:59:29.274222Z
K 7
svn:log
V 866
lib/timer.c:  Make sure timer arithmetic is done in unsigned types

Some care is required.  The divison must be done in the signed type
(otherwise the answer is wrong if usec<0) but any operation that can
overflow (+ and *) must be done in an unsigned type.

In the current code the multiplication is done in the signed type.
If it overflows (as it will after a few weeks, on 32-bit platforms)
then we are already into undefined behaviour (C99 s6.5#5).

The subsequent conversion to an unsigned type does not make any
difference - the 'working type' for the multiplication is determined
by the operands alone, not by the treatment of the result.

Note that overflow behaviour for unsigned types (including conversion
of negative values to unsigned types) is defined:  the result is the
residue modulo 2^n (C99 s6.2.5#9).

Thanks to Richard Kettlewell for the patch.

END
