Skip to content

[Guideline] Add do not divide by 0 #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

[Guideline] Add do not divide by 0 #132

wants to merge 3 commits into from
+41 −0

Conversation

vapdrs
Copy link
Contributor

@vapdrs vapdrs commented Jun 10, 2025
edited
Loading

Closes #131

@netlify Netlify
Copy link

netlify bot commented Jun 10, 2025
edited
Loading

Deploy Preview for scrc-coding-guidelines ready!

Name Link
🔨 Latest commit 899d826
🔍 Latest deploy log https://app.netlify.com/projects/scrc-coding-guidelines/deploys/685c00be8336c600095c5bbc
😎 Deploy Preview https://deploy-preview-132--scrc-coding-guidelines.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@felix91gr
Copy link
Collaborator

felix91gr commented Jun 11, 2025
edited
Loading

Hi @vapdrs! I have already sent you a message in Zulip, but here seems like a better place to do so.

I come to add a couple of things to this guideline :)

  1. There is a Clippy lint (actually a couple of lints, but this one is the main one) that one can enable to catch these kinds of operations: arithmetic_side_effects. This is a fairly general lint that, if enabled using warn or deny, lints any arithmetic expression that either overflows or panics (division and modulo by 0 will do the latter).

  2. The aforementioned lint should indicate to the user that there are arithmetic operations in the stdlib that can be used to guarantee well-defined behavior. In the case of division by zero, it will suggest using operations such as checked_div, which outputs an Option<T> that the user must then handle properly. The None result indicates overflow, underflow or division by zero.

There are other such operations for division, such as checked_div_rem_euclid for when a remainder is desired.

And for other arithmetic operations, there are quite a few functions one can use to avoid Undefined Behavior: https://doc.rust-lang.org/std/?search=checked

  1. A complement to the two resources above is the NonZero type. One uses NonZero to enclose a value that is known, by construction, to not equal zero.

This combines rather well with Option, as in Option<NonZero>, since the compiler can do some memory layout optimization due to the fact that the value being enclosed by NonZero has one bit-pattern that is known to not be possible (the 000...000 pattern)

I will review the PR shortly :3

felix91gr
felix91gr reviewed Jun 11, 2025
View reviewed changes
src/coding-guidelines/expressions.rst
:status: draft
:release: latest
:fls: fls_Q9dhNiICGIfr
:decidability: Undecidable
Copy link
Collaborator

@felix91gr felix91gr Jun 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whether the program is or isn't dividing by zero is indeed Undecidable.

But whether the program is performing checked arithmetic or not is Decidable. So... perhaps this guideline should be changed to enforce checked arithmetic?

By which I mean: maybe it shouldn't be "Do not divide by 0". Maybe it should always be checked arithmetic.

Let's talk about it on Zulip!

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whether the program is or isn't dividing by zero is indeed Undecidable.

Hmm. Does that make this quite onerous to the engineer which must comply with this?

Perhaps it could be advisory to allow easy deviation.

Maybe it should always be checked arithmetic.

This might be the right choice for another guideline, perhaps required which would make every division use checked_div().

What do you think @vapdrs?

Copy link
Contributor Author

@vapdrs vapdrs Jun 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good suggestion. As discussed in #75 and #127, I think a good way forward would be to leave the categorization of this guideline Mandatory and Undecidable, and also create a Required, Decidable rule which enforces "Always use checked arithmetic". Compliance with the required rule would ensure compliance with the mandatory rule. I'll create that other rule in a separate PR.

The reason I think this approach makes sense is because of

Does that make this quite onerous to the engineer which must comply with this?

If you are starting off a new project with new code then it should be easy to comply with a "always used checked arithmetic" rule.

If instead you are inheriting a large project that now needs to become compliant with our guidelines, the safety engineer can pick their poison:

  • do a large rewrite to comply with "always used checked arithmetic rule" to ensure you never divide by zero
  • do a manual review and justification at every location where static analysis can't determine you aren't dividing by zero.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Created #136

felix91gr
felix91gr reviewed Jun 11, 2025
View reviewed changes
PLeVasseur
PLeVasseur reviewed Jun 11, 2025
View reviewed changes
Copy link
Collaborator

@PLeVasseur PLeVasseur left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for opening this up @vapdrs! Could you check the comments I left?

src/coding-guidelines/expressions.rst
:status: draft
:release: latest
:fls: fls_Q9dhNiICGIfr
:decidability: Undecidable
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Whether the program is or isn't dividing by zero is indeed Undecidable.

Hmm. Does that make this quite onerous to the engineer which must comply with this?

Perhaps it could be advisory to allow easy deviation.

Maybe it should always be checked arithmetic.

This might be the right choice for another guideline, perhaps required which would make every division use checked_div().

What do you think @vapdrs?

vapdrs added 2 commits June 24, 2025 17:23
@vapdrs
Remove example code from compliant example
a976035 
As stated there is no compliant way to do this, so no example should be
present.
@vapdrs
Add compliant example with a suggestion
899d826 
While the guideline does not strictly apply to this example, it is a
good suggestion for what to do instead.
@vapdrs vapdrs requested review from felix91gr and PLeVasseur June 27, 2025 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfernandes adfernandes adfernandes left review comments

@felix91gr felix91gr Awaiting requested review from felix91gr

@PLeVasseur PLeVasseur Awaiting requested review from PLeVasseur

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Coding Guideline]: Do not divide by 0
4 participants
@vapdrs @felix91gr @adfernandes @PLeVasseur
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy