[rust-dev] Integer overflow, round -2147483648

Gregory Maxwell gmaxwell at gmail.com
Thu Jun 26 22:45:09 PDT 2014


On Thu, Jun 26, 2014 at 10:30 PM, Daniel Micay <danielmicay at gmail.com> wrote:
> It's a perfect example of a case where this feature wouldn't have
> helped. Performance critical loops with years of micro-optimization are
> not going to use checked arithmetic types. Every branch that the
> programmer thinks can be avoided will be avoided.

Checked integer operation during tests would potentially have detected
this even where the tests were not quite good enough to usefully
trigger the out of bounds memory access, even given your argument that
the tests would be off in production.

(We had bugs like that in the development of the opus specification
which were detected by Regehr's interger overflow checker but didn't
trigger valgrind for inputs probable enough for the fuzzer to reach.)


More information about the Rust-dev mailing list