(corrode.dev)

168 points pjmlp | 1 comments | 04 Apr 25 17:55 UTC | HN request time: 0.204s | source

Show context

forrestthewoods ◴[06 Apr 25 19:18 UTC] No.43604132[source]▶

>>43585742 (OP) #

> Overflow errors can happen pretty easily

No they can’t. Overflows aren’t a real problem. Do not add checked_mul to all your maths.

Thankfully Rust changed overflow behavior from “undefined” to “well defined twos-complement”.

replies(4): >>43604262 #>>43605035 #>>43605473 #>>43605491 #

int_19h ◴[06 Apr 25 22:23 UTC] No.43605473[source]▶

>>43604132 #

The vast majority of code that does arithmetic will not produce a correct result with two's complement. It is simply assuming that the values involved are small enough that it won't matter. Sometimes it is a correct assumption, but whenever it involves anything derived from inputs, it can go very wrong.

replies(2): >>43605520 #>>43607770 #

1. zozbot234 ◴[06 Apr 25 22:31 UTC] No.43605520[source]▶

>>43605473 #

For any arithmetic expression that involves only + - * operators and equally-sized machine words, two's complement will actually yield a "correct" result. It's just that the given result might be indicating a different range than you expect.

↑

Pitfalls of Safe Rust