[rust-dev] Integer overflow, round -2147483648

Daniel Micay danielmicay at gmail.com
Thu Jun 26 23:02:46 PDT 2014


On 27/06/14 01:45 AM, Gregory Maxwell wrote:
> On Thu, Jun 26, 2014 at 10:30 PM, Daniel Micay <danielmicay at gmail.com> wrote:
>> It's a perfect example of a case where this feature wouldn't have
>> helped. Performance critical loops with years of micro-optimization are
>> not going to use checked arithmetic types. Every branch that the
>> programmer thinks can be avoided will be avoided.
> 
> Checked integer operation during tests would potentially have detected
> this even where the tests were not quite good enough to usefully
> trigger the out of bounds memory access, even given your argument that
> the tests would be off in production.
> 
> (We had bugs like that in the development of the opus specification
> which were detected by Regehr's interger overflow checker but didn't
> trigger valgrind for inputs probable enough for the fuzzer to reach.)

If you had actually written a test to pass >16M of zeroes to it on
32-bit, and terabytes of data on 64-bit. It wouldn't have ever been
caught on 64-bit hardware.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.mozilla.org/pipermail/rust-dev/attachments/20140627/2ed801d8/attachment.sig>


More information about the Rust-dev mailing list