@thephd this is possibly a controversial opinion, but in my view, integer overflows are _mostly_ dangerous when they cause a “second order” buffer overflow, for instance if the overflowed value is passed to malloc and you get a significantly smaller buffer than you were expecting. If we fix bounds safety, integer overflows aren’t nearly as dangerous as they are today even if we do nothing about them

@fay59 @thephd but hey: what if we just fixed both?

@fay59 @thephd I mean, you’re absolutely right, but also we know exactly how to fix both, so

@steve @thephd well, we know where to put the traps, but we don’t know how to help people navigate them. Having been on both sides of that work, putting the traps is the easy one unfortunately

@steve @thephd One example is that C code today can have while(i--) {…} to repeat {…} i times. If it’s unsigned and you trap on unsigned integer overflow (which you should because size calculations almost always are unsigned), this will blow up in your face

@fay59 @thephd hey, what if we had a language that gave you both wrapping and trapping arithmetic?

@fay59 @thephd I’m being glib, but, like, we know what to do here.

@steve @fay59 @thephd I don’t think glib helps here