[rust-dev] Appeal for CORRECT, capable, future-proof math, pre-1.0

Huon Wilson dbau.pp at gmail.com
Sun Jan 12 05:27:33 PST 2014


On 13/01/14 00:23, james wrote:
> On 11/01/2014 22:38, Owen Shepherd wrote:
>> I agree, however, I feel that the names like "i32" and "u32" should 
>> be trap-on-overflow types. The non overflow ones should be "i32w" 
>> (wrapping) or similar.
>>
>> Why? Because I expect that otherwise people will default to the 
>> wrapping types. Less typing. "It'll never be a security issue", or 
>> "Looks safe to me", etc, etc. Secure by default is a good thing, IMO
> I don't think making 'i32' have different semantics by default from 
> int32_t (or from the 'i32' typedef most of us will have used for 
> years) is a good idea in a wannabe systems programming language.  It 
> is too surprising.
>
> There might be a good case for having a pragma control some 'check for 
> overflow' in a paranoid test mode, but i think that most programmers, 
> most of the time, will expect 2s complement arithmetic 'as usual'.
>
> _______________________________________________
> Rust-dev mailing list
> Rust-dev at mozilla.org
> https://mail.mozilla.org/listinfo/rust-dev

Coincidentally, i32 already has different semantics to int32_t: overflow 
of signed types is undefined behaviour in C, but is defined (as 
wrap-around) in Rust.


Huon


More information about the Rust-dev mailing list