On 27/06/14 01:45 AM, Gregory Maxwell wrote: > On Thu, Jun 26, 2014 at 10:30 PM, Daniel Micay <danielmi...@gmail.com> wrote: >> It's a perfect example of a case where this feature wouldn't have >> helped. Performance critical loops with years of micro-optimization are >> not going to use checked arithmetic types. Every branch that the >> programmer thinks can be avoided will be avoided. > > Checked integer operation during tests would potentially have detected > this even where the tests were not quite good enough to usefully > trigger the out of bounds memory access, even given your argument that > the tests would be off in production. > > (We had bugs like that in the development of the opus specification > which were detected by Regehr's interger overflow checker but didn't > trigger valgrind for inputs probable enough for the fuzzer to reach.)
If you had actually written a test to pass >16M of zeroes to it on 32-bit, and terabytes of data on 64-bit. It wouldn't have ever been caught on 64-bit hardware.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev