Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

For what it's worth, if you enabled all the useful warnings you'll be warned about all the implicit casts that can cause problems in any modern C compiler. You'll have to specify three or four flags that say "yes I want all the warnings" but you'll know when you do dangerous casts.

Rust with its mandatory explicit casts is a lot less strict in this sense, your compiler won't complain because you decided to do casts yourself, which is why you should remember to be wary of simple casts every time you use them. Nothing wrong with casting constants and upcasting, but you have to double check because it's easy to introduce bugs this way.

If you want to make full use of Rust's safety features, you may also want to use checked numeric operations rather than the standard operators that may under/overflow.

Rust is a great tool for writing safer programs, but it won't defend you from many if not most DoS attacks if you're not careful



Note that if we're talking opt-in warnings, Rust's linting tool Clippy offers a whole bunch of warnings related to `as` casts. See https://rust-lang.github.io/rust-clippy/master/index.html#as... .


Not sure why this was downvoted. I’m an unabashed Rust apologist and everything in here is reasonable.

`as` casts are generally a code smell, but they’re sometimes the best (or only) way to accomplish a task. This can absolutely make it more challenging to identify correct and incorrect examples at a glance.

And Rust is awesome in that you can use explicit numerical operations that wrap, panic, saturate, etc on overflow. But there is no clippy lint (that I know of) to make sure you use them (which I would love).


> But there is no clippy lint

There actually is! You can activate the lint with a `#[deny(clippy::integer_arithmetic)]` or by using the lint group `restriction`.[0]

  // https://rust-lang.github.io/rust-clippy/master/index.html#integer_arithmetic
  #[deny(clippy::integer_arithmetic)]

  fn main() {
      let (a, b) = (u32::MAX, 1);
      //let c = a + b; // clippy: `error: integer arithmetic detected`
      let (c, carry) = a.overflowing_add(b); // or any of checked_*, saturating_*, unchecked_*, wrapping_*
      println!("{a} + {b} = {c} (carry bit: {carry})");
      // output: `4294967295 + 1 = 0 (carry bit: true)`
  }
Playground link: https://play.rust-lang.org/?version=stable&mode=debug&editio...

[0]: https://rust-lang.github.io/rust-clippy/master/index.html#in...


TIL, thanks!


> Rust is a great tool for writing safer programs, but it won't defend you from many if not most DoS attacks if you're not careful

Just want to stop by and point out "behavior not considered unsafe": https://doc.rust-lang.org/reference/behavior-not-considered-...

I have a simple phrase I use to explain this. Rust tries to give you memory safety. It does not imply nor check for correctness.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: