Björkus "No time_t to Die" DorkusOh cool, another Chrome 0-day abusing integer overflow.
Neat.
Great.
Awesome.
Meanwhile, we'll be writing about how we need to have "high impact libraries that help lots of users" and then give examples like CLI Parsing/JSON Parsing before we sit down and go "we should have some standard library types / functions for integers...?".
v.v.v.v. cool prioritization we do here.
Paul Cantrell@thephd
Swift really got this one right IMO:
+ - * / all trap on overflow.
If you want mod-2^n operations, there are entirely separate operators for that: &+ &- &* &/
There is no implicit conversion between ints of different bit widths, or between ints and floats (in either direction).
Literals implicitly take the contextual type, so there’s no need to explicitly cast, say, `17` to assign it to an Int8 or a UInt64.
Hard to accomplish this consistency anywhere except at the language level.
Ed Davies@inthehands @thephd Better still, actually use the type system. If you write:
i = j * k
then make sure, at compile time, that the type of i can hold the result for any possible values for the types of j and k.
And uint16, etc, aren't types; they're implementations/representations of types. The types we should be using would be something like 0..65536 (or better some number which makes sense for the application rather than an arbitrary number because we happen to be running on a binary computer today).
penguin42@edavies @inthehands @thephd That's very difficult; a chain of multiplications gives you a rapidly increasing type size unless you've bounded everything.
@penguin42 Indeed. I doubt it happens that much in practice, though. For most real software you can easily work out what the bounds for various variables are. Automatically proving them is a bit more tricky hence @inthehands 's comment about dependent types, e.g., var i: 0..len(buffer). But it's where I think the next “Rust-like” step forward will come from. Even doing simple cases would take us a long way with most software even if some more difficult cases need a bit more manual intervention to make things really solid.
@edavies @inthehands @thephd It looks like Rust does have a (nigjtly) Ranged type:
https://docs.rs/ranged_integers/latest/ranged_integers/
I have done a bit of this type of thing in formal proving (using someone elses prover); it's often really hard to pin the range down.
https://docs.rs/ranged_integers/latest/ranged_integers/
I have done a bit of this type of thing in formal proving (using someone elses prover); it's often really hard to pin the range down.