On 11/10/21 12:07, Mirko Brodesser wrote:
Hello,
TLDR: C++ offers signed and unsigned integer types, e.g. `int32_t` and `uint32_t`. Should variables which *should* not contain negative values have a
signed or unsigned type? Arguments for both types can be found in Bjarne Stroustrup's paper [1].
I've discussed the issue in recent days with Botond, Emilio and Masayuki, since we disagreed on the answer and Mozilla's style guide [2] doesn't
explicitly answer it either. The latter is based on Google's C++ Style Guide, which recommends using signed types [3].
For the sake of completeness, the most recent discussion about this on
dev.platform can be found at [4].
Botond's proposal was to "contain" the use of unsigned types to certain layers of the code and cast when entering or exiting those layers [5] and to
follow Google's Style Guide [2] for new code.
That sounds reasonable, though what a "layer" is is vague. In general I think our DOM code, as an example, should follow the conventions the
specifications have - that just makes the code easier to follow and makes it less error prone.
For example Range object's offsets are unsigned long in the DOM spec, and WebIDL spec defines that type so our code should just use a native type
which maps to that. And CharacterData uses unsigned long too etc.
We should not use int64_t just that we can represent unsigned long in C++, that
would increase memory usage for no good reason - and it would be
less clear to the reader too ("are negative values allowed here?").
In practice Gecko's DOM as a whole may be seen as one layer because it is so
tightly connected to the DOM and WebIDL (and HTML and other) specs.
There are of course some areas even in our DOM code where we have some more
flexibility. And other modules may not have similar specs behind them.
-Olli
While I think that makes sense, I'd of course accept other decisions as well.
The important issue is to come to /some/ decision which should be added to Mozilla's style guide. Otherwise, such discussions will emerge again,
unnecessarily delaying reviews.
I don't know, how much static analysis currently helps to detect overflows of signed types, which would be one benefit of using signed instead of
unsigned types. Does anyone know?
What do other people think about this?
Mirko
[1] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1428r0.pdf.
[2]
https://firefox-source-docs.mozilla.org/code-quality/coding-style/coding_style_cpp.html#c-c-practices
[3] https://google.github.io/styleguide/cppguide.html#Integer_Types
[4]
https://groups.google.com/g/mozilla.dev.platform/c/ekmfMjjF7Mg/m/ir6HXSYbAwAJ
[5]
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/c5e54c66-2fdb-4174-8093-0bbf2c62b102n%40mozilla.org
<https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/c5e54c66-2fdb-4174-8093-0bbf2c62b102n%40mozilla.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/6756692f-81e8-339b-721d-418609857b60%40mozilla.com.
