[rust-dev] Appeal for CORRECT, capable, future-proof math, pre-1.0

Tobias Müller troplin at bluewin.ch
Sun Jan 12 10:23:46 PST 2014


Isaac Dupree
<ml at isaac.cedarswampstudios.org> wrote:
> In general, Rust is a systems language, so fixed-size integral types are 
> important to have.  They are better-behaved than in C and C++ in that 
> signed types are modulo, not undefined behaviour, on overflow.  It could 
> be nice to have integral types that are task-failure on overflow as an 
> option too.  As you note, bignum integers are important too; it's good 
> they're available.  I think bignum rationals would be a fine additional 
> choice to have (Haskell and GMP offer them, for example).

Wrapping overflow is just as bad as undefined behavior IMO. I cannot
remember a single case of using signed integers where wrapping would make
any sense.
And you lose some optimization opportunities.

Trapping overflow is a bit better security wise, but performance is worse.
Also IIRC it does not play nicely with existing code that assumes
otherwise.
Checking only at runtime is also not optimal. 

Bigints are secure but IMO not suited as default for a systems PL.

So why not take the path of the rust memory management and enforce bounds
statically? It would need annotations on the types, like lifetimes, but it
would be very rusty. Like C but safe.

Tobi



More information about the Rust-dev mailing list