> On 1 Oct 2019, at 10:35, Paul Eggert <[email protected]> wrote: > > In other GNU applications, we've been moving away from using unsigned types > due to their confusing behavior (particularly when comparing signed vs > unsigned), and because modern tools such as 'gcc -fsanitize=undefined' can > check for signed integer overflow but (obviously) not for unsigned integer > overflow. In this newer style, it's OK to use unsigned types for bit vectors > and hash values since these typically don't involve integer comparisons and > integer overflow is typically harmless; for indexes, though, unsigned types > are so error-prone that they should be avoided.
One should note that the unsigned types are required to be 2’s complement C/C++, unlike the signed ones, cf. [1]. Also, in C++, indices are required to be large enough to hold all values, so on 64-bit machines they are that also for strings that usually are quite small. 1. https://en.wikipedia.org/wiki/Integer_overflow#Methods_to_mitigate_integer_overflow_problems
