On Mon, Jun 23, 2014 at 12:50 PM, Daniel Micay <danielmi...@gmail.com> wrote: > The discussion here is about checking for both signed / unsigned integer > overflow, as in passing both `-fsanitize=signed-integer-overflow` and > `-fsanitize=unsigned-integer-overflow`. Rust has defined signed overflow > already so it doesn't make sense to just check for that.
The undefinedness of just signed overflow in C has shown itself to be useful from a performance perspective and, paradoxically now that better testing tools exist, from a correctness perspective. I think a lot the discussion here has been about having checked types and making them a default, not in forcing all possible usage into them. If only making the signed type checked had much better performance characteristics then it ought to be considered. John was kind enough to post numbers for each of many microbenchmarks instead of a range. Beyond the signed vs signed+unsigned do you have any additional idea why his numbers would be lower than yours? _______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
