Conversation

This Tweet was deleted by the Tweet author. Learn more

It's meant to bother people. It was intended to add friction to depending on wrapping and to keep people aware that it's a bug to have unmarked overflows. The language can't accept the significant cost of having overflow checks enabled by default today but wants to do it later.

2

Replying to

and

Intel supports the carry and overflow flags. It's nearly free to detect wrapping. Even if they didn't, modern CPU performance is dictated by memory latency. Any extra computation that doesn't do extra fetches is close to free.

1

Replying to

and

That's not the kind of hardware support I'm talking about. You can enable overflow checking and see for yourself that it has a significant performance and code size cost despite using the available intrinsics / hardware support.

1

Replying to

and

Having overflow checks for all arithmetic operation blocks many other optimizations which hurts much more in idiomatic Rust than C. Branches and larger code size hurt overall performance by wasting global resources. The bounds checks are already expensive but not quite as bad.

1

Replying to

and

The decision involved a lot of people reviewing potential compromises and data on performance. It was a frequent topic and the unfortunate reality is the current compiler and hardware support is very inadequate for the performance tier Rust wants to compete in by default.

1

Replying to

and

Unfortunate indeed. I hope feedback has been given to hardware vendors. Thanks for the explanation!

1

Replying to

and

MIPS has trapping versions of the arithmetic instructions so it avoids extra code size but that would likely still have a fair bit of overhead in a modern CPU and the compiler would still miss optimizations. A lot of work needs to be done to eliminate the overhead.

2

Replying to

and

Maybe the RISC-V community would be open for suggestions. Also, would you happen to have pointers to the performance analysis that has been done? Just out of curiosity.

1

Replying to

and

It's spread out over a lot of threads, issues, etc. and it was a couple years ago so I don't have links handy. The overhead at the hardware level ends up being 3-10% in most cases, but missed optimizations like loop unrolling, vectorization, etc. can make it far larger.

1

Replying to

and

I haven't read huonw.github.io/blog/2016/04/m for a long time but I think it's probably a good overview.

8:11 AM · Oct 25, 2018Twitter Web Client

Replying to

and

Integer overflows are also much more dangerous in C (and unsafe Rust) where it instantly turns into a buffer overflow vs. normal Rust code where that can't happen. It makes it harder to justify a significant cost (i.e. in the ballpark of 10%, but varying a huge amount).

1

Replying to

and

Logic errors involving integer overflow are definitely a problem, but not quite the same as pervasive heap overflows, etc. caused by them. That part is at least contained to unsafe code in Rust. Lots of that is for data structures where int overflow -> heap overflow is common.

1

Show replies