[rust-dev] Appeal for CORRECT, capable, future-proof math, pre-1.0
dbau.pp at gmail.com
Sun Jan 12 05:27:33 PST 2014
On 13/01/14 00:23, james wrote:
> On 11/01/2014 22:38, Owen Shepherd wrote:
>> I agree, however, I feel that the names like "i32" and "u32" should
>> be trap-on-overflow types. The non overflow ones should be "i32w"
>> (wrapping) or similar.
>> Why? Because I expect that otherwise people will default to the
>> wrapping types. Less typing. "It'll never be a security issue", or
>> "Looks safe to me", etc, etc. Secure by default is a good thing, IMO
> I don't think making 'i32' have different semantics by default from
> int32_t (or from the 'i32' typedef most of us will have used for
> years) is a good idea in a wannabe systems programming language. It
> is too surprising.
> There might be a good case for having a pragma control some 'check for
> overflow' in a paranoid test mode, but i think that most programmers,
> most of the time, will expect 2s complement arithmetic 'as usual'.
> Rust-dev mailing list
> Rust-dev at mozilla.org
Coincidentally, i32 already has different semantics to int32_t: overflow
of signed types is undefined behaviour in C, but is defined (as
wrap-around) in Rust.
More information about the Rust-dev