[rust-dev] Integer overflow, round -2147483648

Vadim Chugunov vadimcn at gmail.com
Sat Jun 21 14:21:14 PDT 2014


My 2c:

The world is finally becoming security-conscious, so I think it is a only
matter of time before architectures that implement zero-cost integer
overflow checking appear.  I think we should be ready for it when this
happens.  So I would propose the following practical solution (I think
Gabor is also leaning in favor of something like this):

1. Declare that regular int types (i8, u8, i32, u32, ...) are
non-wrapping.
Check them for overflow in debug builds, maybe even in optimized builds on
platforms where the overhead is not too egregious.  There should probably
be a per-module performance escape hatch that disables overflow checks in
optimized builds on all platforms.  On zero-cost overflow checking
platforms, the checks would of course always be on.
Also, since we are saving LLVM IR in rlibs for LTO, it may even be possible
to make this a global (i.e. not just for the current crate) compile-time
decision.

2. Introduce new wrapping counterparts of the above for cases when wrapping
is actually desired.

If we don't do this now, it will be much more painful later, when large
body of Rust code will have been written that does not make the distinction
between wrapping and non-wrapping ints.

Vadim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140621/627dcceb/attachment.html>


More information about the Rust-dev mailing list