On Mon, Jun 23, 2014 at 4:49 PM, Daniel Micay <danielmi...@gmail.com> wrote:
> I don't understand what the problem would be with my proposal to have
> either `checked { }` or checked operators + a lint for unchecked usage.
I don't see 'checked { }' anywhere in the discussion before this
message... sounds like it should be doable as a macro too.
I think it would be nice to at least make checked arithmetic *really
easy* like that. For example, I was just analyzing an integer
overflow vulnerability in a tricky C++ function in a low-level
component that parses binary files. If the component were written in
Rust, because it's low-level, normal memory safety checks might or
might not be sufficient - but since most of it is not terribly
performance sensitive, a good hardening approach would be to liberally
add checked {} around such functions or even the whole file.
_______________________________________________
Rust-dev mailing list
Rust-dev@mozilla.org
https://mail.mozilla.org/listinfo/rust-dev
