(corrode.dev)

168 points pjmlp | 1 comments | 04 Apr 25 17:55 UTC | HN request time: 0.226s | source

Show context

forrestthewoods ◴[06 Apr 25 19:18 UTC] No.43604132[source]▶

>>43585742 (OP) #

> Overflow errors can happen pretty easily

No they can’t. Overflows aren’t a real problem. Do not add checked_mul to all your maths.

Thankfully Rust changed overflow behavior from “undefined” to “well defined twos-complement”.

replies(4): >>43604262 #>>43605035 #>>43605473 #>>43605491 #

wongarsu ◴[06 Apr 25 22:26 UTC] No.43605491[source]▶

>>43604132 #

I'm a big fan of liberal use of saturating_mul/add/sub whenever there is a conceivable risk of coming withing a couple orders of magnitude of overflow. Or checked_*() or whatever the best behavior in the given case is. For my code it happens to mostly be saturating.

Overflow bugs are a real pain, and so easy to prevent in Rust with just a function call. It's pretty high on my list of favorite improvements over C/C++

replies(1): >>43606416 #

forrestthewoods ◴[07 Apr 25 01:03 UTC] No.43606416[source]▶

>>43605491 #

If you saturate you almost never ever want to use the result. You need to check and if it saturates do something else.

replies(2): >>43609149 #>>43613178 #

1. sfink ◴[07 Apr 25 16:23 UTC] No.43613178[source]▶

>>43606416 #

If you're going to check then you shouldn't be saturating, you should just be checking.

↑

Pitfalls of Safe Rust