Check for overflow in arithmetic negation #24500
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
r? @eddyb (rust_highfive has picked a reviewer for you, use r? to override) |
|
(oh, but I am going to give this a whirl on try...) |
|
@bors try |
bors
added a commit
that referenced
this pull request
Apr 16, 2015
Add conditional overflow-checking to signed negate operator. I argue this can land independently of #24420 , because one can write the implementation of `wrapped_neg()` inline if necessary (as illustrated in two cases on this PR). This needs to go into beta channel.
|
💔 Test failed - try-mac |
15 tasks
pnkfelix
force-pushed
the
oflo-checked-neg
branch
from
f9c6780 to
a8b1776
Compare
|
(I'm going to rebase so that I can make use of the methods that landed in #24420 ; after that's done, this should be ready to land.) |
pnkfelix
force-pushed
the
oflo-checked-neg
branch
from
a8b1776 to
5e7785c
Compare
| @@ -1321,7 +1321,11 @@ macro_rules! int_impl { | |||
| #[stable(feature = "rust1", since = "1.0.0")] | |||
| #[inline] | |||
| pub fn abs(self) -> $T { | |||
| if self.is_negative() { -self } else { self } | |||
| if self.is_negative() { | |||
| self.wrapping_neg() | |||
There was a problem hiding this comment.
Hmm, I guess this is assuming we want abs(INT_IN) to be INT_MIN? I kind of feel like I want it to be the original def'n -- but I guess this is a question for the RFC as much as anything. Still, given that -self was apparently unchecked before, it feels like we can "change" the behavior here and (legitimately) call it a bug fix.
There was a problem hiding this comment.
Never mind, pnkfelix points out the result for min-value is documented.
There was a problem hiding this comment.
the docs that lie just out of reach of the diff say:
Int::min_value()will be returned if the number isInt::min_value().
So I was just preserving that. (Plus I think there are tests that check it.)
But yeah, seems like a Q for rust-lang/rfcs#1017
|
r+ we can settle abs() later |
|
@bors r=nikomatsakis |
|
📌 Commit b8ec7e8 has been approved by |
|
@bors p=1 |
bors
added a commit
that referenced
this pull request
Apr 17, 2015
Add conditional overflow-checking to signed negate operator. I argue this can land independently of #24420 , because one can write the implementation of `wrapped_neg()` inline if necessary (as illustrated in two cases on this PR). This needs to go into beta channel.
|
⌛ Testing commit b8ec7e8 with merge b08d6cf... |
pnkfelix
added
the
beta-nominated
|
going from nominated to (nominated, accepted) |
pnkfelix
added
the
beta-accepted
alexcrichton
removed
the
beta-nominated
alexcrichton
added a commit
to alexcrichton/rust
that referenced
this pull request
May 15, 2015
Debug overflow checks for arithmetic negation landed in rust-lang#24500, at which time the `abs` method on signed integers was changed to using `wrapping_neg` to ensure that the function never panicked. This implied that `abs` of `INT_MIN` would return `INT_MIN`, another negative value. When this change was back-ported to beta, however, in rust-lang#24708, the `wrapping_neg` function had not yet been backported, so the implementation was changed in rust-lang#24785 to `!self + 1`. This change had the unintended side effect of enabling debug overflow checks for the `abs` function. Consequently, the current state of affairs is that the beta branch checks for overflow in debug mode for `abs` and the nightly branch does not. This commit alters the behavior of nightly to have `abs` always check for overflow in debug mode. This change is more consistent with the way the standard library treats overflow as well, and it is also not a breaking change as it's what the beta branch currently does (albeit if by accident). cc rust-lang#25378
alexcrichton
added a commit
to alexcrichton/rust
that referenced
this pull request
May 19, 2015
Debug overflow checks for arithmetic negation landed in rust-lang#24500, at which time the `abs` method on signed integers was changed to using `wrapping_neg` to ensure that the function never panicked. This implied that `abs` of `INT_MIN` would return `INT_MIN`, another negative value. When this change was back-ported to beta, however, in rust-lang#24708, the `wrapping_neg` function had not yet been backported, so the implementation was changed in rust-lang#24785 to `!self + 1`. This change had the unintended side effect of enabling debug overflow checks for the `abs` function. Consequently, the current state of affairs is that the beta branch checks for overflow in debug mode for `abs` and the nightly branch does not. This commit alters the behavior of nightly to have `abs` always check for overflow in debug mode. This change is more consistent with the way the standard library treats overflow as well, and it is also not a breaking change as it's what the beta branch currently does (albeit if by accident). cc rust-lang#25378
bors
added a commit
that referenced
this pull request
May 19, 2015
Debug overflow checks for arithmetic negation landed in #24500, at which time the `abs` method on signed integers was changed to using `wrapping_neg` to ensure that the function never panicked. This implied that `abs` of `INT_MIN` would return `INT_MIN`, another negative value. When this change was back-ported to beta, however, in #24708, the `wrapping_neg` function had not yet been backported, so the implementation was changed in #24785 to `!self + 1`. This change had the unintended side effect of enabling debug overflow checks for the `abs` function. Consequently, the current state of affairs is that the beta branch checks for overflow in debug mode for `abs` and the nightly branch does not. This commit alters the behavior of nightly to have `abs` always check for overflow in debug mode. This change is more consistent with the way the standard library treats overflow as well, and it is also not a breaking change as it's what the beta branch currently does (albeit if by accident). cc #25378
alexcrichton
added a commit
to alexcrichton/rust
that referenced
this pull request
Jun 10, 2015
Debug overflow checks for arithmetic negation landed in rust-lang#24500, at which time the `abs` method on signed integers was changed to using `wrapping_neg` to ensure that the function never panicked. This implied that `abs` of `INT_MIN` would return `INT_MIN`, another negative value. When this change was back-ported to beta, however, in rust-lang#24708, the `wrapping_neg` function had not yet been backported, so the implementation was changed in rust-lang#24785 to `!self + 1`. This change had the unintended side effect of enabling debug overflow checks for the `abs` function. Consequently, the current state of affairs is that the beta branch checks for overflow in debug mode for `abs` and the nightly branch does not. This commit alters the behavior of nightly to have `abs` always check for overflow in debug mode. This change is more consistent with the way the standard library treats overflow as well, and it is also not a breaking change as it's what the beta branch currently does (albeit if by accident). cc rust-lang#25378
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add conditional overflow-checking to signed negate operator.
I argue this can land independently of #24420 , because one can write the implementation of
wrapped_neg()inline if necessary (as illustrated in two cases on this PR).[breaking-change]
If you are relying on the prior behavior of negate on
Integer::MIN_VALUE, use thewrapping_negmethod instead.This needs to go into beta channel.