[rust-dev] Integer overflow, round -2147483648

Alex Bradbury asb at asbradbury.org
Sun Jun 22 09:17:38 PDT 2014


On 22 June 2014 17:06, Florian Zeitz <florob at babelmonkeys.de> wrote:
> To me the point of this discussion boils down to this:
> I think we can all agree that having checked arithmetic is worthwhile.
> Rust already has it as e.g. `.checked_add()'.
> I think it might even be non-controversial that it is worthwhile to make
> using them more ergonomic. Either by providing a separate operator, or a
> separate type (I personally think the later option fits the language
> better, but YMMV).
>
> What is apparently reason for a heated debate is, whether this should be
> the default. That certainly is a safety vs. performance debate.
>
> It has been pointed out that checked arithmetic actually impacts
> performance beyond introducing a jump instruction, after each add.
> It causes a lot of optimization to be disabled/ineffective.
>
> I have however not seen strong arguments that the issues imposed by not
> always using checked arithmetic are generally security critical.
>
> I'd welcome a civil, rational discussion of the costs and benefits of
> each approach, instead of whatever this is currently starting to turn into.

I can't help but feel this discussion has been going round in circles.
There seems general agreement that checked arithmetic can be useful
and there is a community interested in it. Surely the obvious next
step is for that community to work to make checked arithmetic easier
to use in Rust and analyse the performance impact of replacing
instances of unchecked arithmetic with it. Then we can have this
performance debate with some actual results to back up people's
statements.

Alex


More information about the Rust-dev mailing list