* Graydon Hoare: > How much of a performance penalty is it worth? I believe you can trap > this in C presently with a gcc flag too (-ftrapv); but it's a flag > rarely turned on.
GCC cannot use the OF flag, but LLVM has overflow-checking instructions, and Clang actually emits instructions using the OF flag for operator new[]: <http://gcc.gnu.org/ml/gcc/2010-12/msg00154.html> With undefined or trapping overflow, it's even more difficult to write overflow checks. GNAT addresses this by offering a mode which evaluates comparisons with infinite precision (with appropriate optimizations for common cases where full bignum arithmetic is not necessary). Ada allows suppressing an overflow exception as long as the mathematically correct result is produced. For a memory-safe language such as Java where pointer arithmetic or equivalents are rare (although some native code wrappers contain security-relevant range checks in Java code), overflow checking for integer types is not absolutely essential. For writing unsafe modules, I imagine overflow checks whould be rather helpful. For Rust, the interaction with resource management would be tricky, I think. _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
