• Laeeth Isharc (26/26) Apr 30 2016 All the design/discussion/implementation of this scheme for
• Ed (7/34) Apr 30 2016 I wonder if Rust uses the built-in "LLVM integer overflow

Laeeth Isharc <laeethnospam nospam.laeeth.com> writes:

All the design/discussion/implementation of this scheme for 
handling integer overflow would be wasted if it didn’t actually 
find any bugs in practice. I personally have had quite a few bugs 
found nearly as I write them, with expressions like cmp::max(x - 
y, z) (they never hit the internet, so no links for them), 
especially when combined with testing infrastructure like 
quickcheck.

The overflow checks have found bugs through out the ecosystem; 
for instance, (not exhaustive!)

     the standard library
     the compiler
     the built-in benchmark harness
     Servo
     image
     url
     webrender

Beyond Rust, there’s a lot of evidence for the dangers of integer 
overflow and desire for detecting/protecting against them. It was 
on the CWE/SANS list of top 25 errors in 2011, languages like 
Swift will unconditionally check for overflow, and others like 
Python 3 and Haskell will avoid overflow entirely by default, via 
arbitrary precision integers. Furthermore, in C, several 
compilers have options to both make signed overflow defined as 
two’s complement wrapping (-fwrapv) and to catch it when it does 
happen (-fsanitize=signed-integer-overflow).

http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/

Ed <Ed ed.de> writes:

On Saturday, 30 April 2016 at 23:11:20 UTC, Laeeth Isharc wrote:
 All the design/discussion/implementation of this scheme for 
 handling integer overflow would be wasted if it didn’t actually 
 find any bugs in practice. I personally have had quite a few 
 bugs found nearly as I write them, with expressions like 
 cmp::max(x - y, z) (they never hit the internet, so no links 
 for them), especially when combined with testing infrastructure 
 like quickcheck.

 The overflow checks have found bugs through out the ecosystem; 
 for instance, (not exhaustive!)

     the standard library
     the compiler
     the built-in benchmark harness
     Servo
     image
     url
     webrender

 Beyond Rust, there’s a lot of evidence for the dangers of 
 integer overflow and desire for detecting/protecting against 
 them. It was on the CWE/SANS list of top 25 errors in 2011, 
 languages like Swift will unconditionally check for overflow, 
 and others like Python 3 and Haskell will avoid overflow 
 entirely by default, via arbitrary precision integers. 
 Furthermore, in C, several compilers have options to both make 
 signed overflow defined as two’s complement wrapping (-fwrapv) 
 and to catch it when it does happen 
 (-fsanitize=signed-integer-overflow).

 http://huonw.github.io/blog/2016/04/myths-and-legends-about-integer-overflow-in-rust/

I wonder if Rust uses the built-in "LLVM integer overflow 
checking". Recently this has been posted to r/programming:

http://blog.regehr.org/archives/1384

Since LLVM is used as backend the Rust article might talk exactly 
about the same thing. (to be verified, actually I know nothing 
about Rust).