undefined | Better HN

0 pointsChabsff2y ago0 comments

I meant error "in the code".

A chunk of C that causes a signed overflow has an error in it. Seemingly, so does Rust code according to the behavior described in the post I was replying to.

My point is that I question how big is the value gain from having a predictable fallback when we are already within the realm of "this code is considered wrong". This isn't unlike the various arguments against the value of compiler warnings.

That being said, I agree that it's preferable in general, but the difference seems rather marginal to me. That is, within the context of what I'm replying to. I wouldn't be surprised if Rust had a few additional tricks up its sleeve to address this.

0 comments

3 comments · 1 top-level

marcosdumay2y ago· 2 in thread

You really mean the usual C reasoning of "if this program has an error, what difference does it makes if it returns the wrong value or formats the main disk" (With an implicit "I see none" added on the end)?

Because a caught static error, a runtime error, a wrong value, and C's UB are completely different beasts.

uecker2y ago

I think modular behavior at run-time is actively dangerous. It is not memory-unsafe, but still unsafe. Having it trap would better. For C, you can tell the compiler to trap for signed overflow.

marcosdumay2y ago

IMO, that's a job for the type system. But if you can only have one option, clearly an error is the best one.

Anyway, none of those are anything nearly as damaging as C's UB. All of them are reasonable, on the literal sense that you can reason about them, anticipate what your program may do, and defend against the problem (or shrug it off and claim "it doesn't matter here"). You can do neither with by the spec C.

1 more reply

j / k navigate · click thread line to collapse