Rust piece on integer safety
Ed via Digitalmars-d-learn
digitalmars-d-learn at puremagic.com
Sat Apr 30 16:45:38 PDT 2016
On Saturday, 30 April 2016 at 23:11:20 UTC, Laeeth Isharc wrote:
> All the design/discussion/implementation of this scheme for
> handling integer overflow would be wasted if it didn’t actually
> find any bugs in practice. I personally have had quite a few
> bugs found nearly as I write them, with expressions like
> cmp::max(x - y, z) (they never hit the internet, so no links
> for them), especially when combined with testing infrastructure
> like quickcheck.
>
> The overflow checks have found bugs through out the ecosystem;
> for instance, (not exhaustive!)
>
> the standard library
> the compiler
> the built-in benchmark harness
> Servo
> image
> url
> webrender
>
> Beyond Rust, there’s a lot of evidence for the dangers of
> integer overflow and desire for detecting/protecting against
> them. It was on the CWE/SANS list of top 25 errors in 2011,
> languages like Swift will unconditionally check for overflow,
> and others like Python 3 and Haskell will avoid overflow
> entirely by default, via arbitrary precision integers.
> Furthermore, in C, several compilers have options to both make
> signed overflow defined as two’s complement wrapping (-fwrapv)
> and to catch it when it does happen
> (-fsanitize=signed-integer-overflow).
>
> http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/
I wonder if Rust uses the built-in "LLVM integer overflow
checking". Recently this has been posted to r/programming:
http://blog.regehr.org/archives/1384
Since LLVM is used as backend the Rust article might talk exactly
about the same thing. (to be verified, actually I know nothing
about Rust).
More information about the Digitalmars-d-learn
mailing list