Hi, 2013/4/29 Jack Moffitt <[email protected]>: > > I would like to see checked math by default, which can be disabled > with some unsafe block. I would also like it if unsafe blocks > described what safety guarantees they gave up, so I could write code > like: > > unsafe(math) { x + y } > > to get the fast path where overflow is not checked.
I don't entirely dislike this, but I'm afraid this will turn real-world code into a "broken window" land. Of course there is a school of software engineering that says you should first make the program correct and then profile and selectively optimize the hot spots, but this would bring Rust dangerously close to the slow-unless-made-ugly territory where I found Haskell after looking at their much touted qsort example... As was pointed out earlier with Mozilla source code, integer overflows "do not happen". Probably because, in security-conscious code, you are supposed to validate your inputs for your actual expected range, and when you do, built-in overflow checks are just unnecessary overhead. OTOH, Rust does array bound checks, but hopefully the optimizer can turn these into loop boundary checks for inner loops where performance matters. This topic is annoyingly a tug of war between academics who want mathematical rigor above all else (see also the discussion on integer division), the folks who want safety above all else, and people who just want a practical system programming language with modern concurrency features built in. I'm in the latter category: I don't mind protection against shooting myself in the foot (outside unsafe blocks), but not at a significant runtime cost, compared to the existing languages where I have already learned not to have my foot shot at every so often. I agree with Graydon's assessment in the modulo thread that Rust belongs with the languages where adding a conditional jump after every integer arithmetic operation is considered unacceptable performance-wise. That said, I can't see why there should not appear a nice scripting language based on the Rust runtime some day, where overflow safety, arbitrary precision math, and variously ramified division modes could be enabled for arithmetic operators. Best regards, Mikhail _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
