In Rust, both signed and unsigned integer overflow is always considered a bug. Intended overflows need to be marked and it supports wrapping for both signed and unsigned via the appropriate APIs. It traps for unintended overflows in debug builds by default and can in production.
Conversation
What's your disagreement with Rust's overflow behavior?
1
It gives you the option when that's what you want. Why would you want that to be the default?
1
But that's just rephrasing the question. Why would you define int math that way? Is it due to concern about unexpected traps escalating a system failure, like the one that destroyed the first Ariane 5?
1
Rust gives you a choice about how you handle these bugs in production though. You aren't forced to trap, and code can be written to handle panics within processes if it's built with unwinding support. It just draws a clear line between intended and unintended overflows.
1
It has full support for wrapping on overflow. It just has to be done with the appropriate methods. Intended overflow is rare, so those are rarely used in practice. On the other hand, the checked overflow methods are fairly widely used, for handling the overflow failure easily.
1
Essentially all it does is forcing clear marking of intended overflows, which is great. It also has full support for wrapping signed integers, unlike C. If you want, you can define your own types that wrap with the default operators for syntactic sugar if you need a lot of it.
1
Either way, it's going to be clearly marked as having intended overflow, from either using the wrapping methods or using integer types that wrap on overflow. It communicates exactly where overflow is intended to the compiler, static analyzers and readers of the code.