[rust-dev] Integer overflow, round -2147483648

Daniel Micay danielmicay at gmail.com
Mon Jun 23 17:33:58 PDT 2014


On 23/06/14 08:16 PM, John Regehr wrote:
>> I do think Rust should exposed either `checked { }` or operators for
>> checked arithmetic along with an opt-in lint to deny the unchecked
>> operators. You can opt-out of a lint for a function/impl/module after
>> opting into it at a higher scope.
>>
>> I'm just making it clear that doing this by default would make Rust
>> slower than Java by default, and I think that would kill off interest in
>> the language. I know I wouldn't be interested anymore.
> 
> Sure, I think there are a lot of reasonable options here, and I agree
> that speed and predictability are super important for Rust.
> 
> One thing I personally think is very important (not for 1.0, but
> eventually) is to make it possible -- no need for this to be mandatory
> -- to get overflow checking for the default integer type.  I'm happy to
> use a special compiler flag or whatever to get this.  The only
> controversial thing this requires from the core language is a way for me
> to tell the compiler which integers (a tiny subset, typically) should
> have wrapping behavior.
> 
> I realize that safe integers are available and that operator overloading
> goes a lot ways towards making these palatable, but the fact is that
> everyone is an optimist when it comes to integer overflow bugs.  People
> just do not think they're going to get bitten.
> 
> Finally, I'll note that certain optimizations such as array bounds check
> removal and some loop optimziations actually get better then integers
> cannot wrap.  Clearly we would not expect, in general, for these
> benefits to make up for the costs of overflow checking.

They'll get better if they're simply guaranteed not to wrap, but not if
there are checks enforcing that at runtime. It can only get worse with
runtime enforcement. LLVM becomes unable to hoist out a bounds check in
many cases if there's a separate failure path for overflow checking.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140623/449d2901/attachment.sig>


More information about the Rust-dev mailing list