On Thu, Jun 26, 2014 at 10:30 PM, Daniel Micay <[email protected]> wrote: > It's a perfect example of a case where this feature wouldn't have > helped. Performance critical loops with years of micro-optimization are > not going to use checked arithmetic types. Every branch that the > programmer thinks can be avoided will be avoided.
Checked integer operation during tests would potentially have detected this even where the tests were not quite good enough to usefully trigger the out of bounds memory access, even given your argument that the tests would be off in production. (We had bugs like that in the development of the opus specification which were detected by Regehr's interger overflow checker but didn't trigger valgrind for inputs probable enough for the fuzzer to reach.) _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
