
The CXX Debate - steveklabnik
https://steveklabnik.com/blog/the-cxx-debate
======
cratermoon
"we know that we can pass any u32 to this function, and it's safe"

What happens if you pass in 0xFFFFFFFF?

~~~
steveklabnik
This is a great point; I was thinking purely of Rust's semantics, where this
is safe, and ends up turning into a panic or a zero. I'll add something here,
thank you.

EDIT: wait, since this is unsigned, it is the same semantics as Rust. Well, it
wraps no matter the optimization level, but it's not UB.

~~~
cratermoon
I haven't quite wrapped my head around Rust but I know that anything that
moves the possibility of UB towards 0 is a godsend. Just ask the folks at ESA
who worked on the first Ariane 5 launch.

~~~
steveklabnik
Rust's semantics are:

* in debug builds, you get a panic on overflow

* otherwise, you may choose to panic, but if you do not, it is two's compliment wrapping

It is defined this way so that someday if checks get cheap enough we can
enable them in release builds too, but at least it's not UB!

