I fully agree with all the points Emilio makes below.
Unsigned types conveys the intent much more clearly to me.
Also, can somebody please just fix the -fwrapv bug he mentioned?
It's been open for 8 years already...
/Mats
On 11/10/21 11:54, Emilio Cobos Álvarez wrote:
* Types provide value to the reader, and are superior to comments. If
I'm reading a piece of code for the first time, knowing an argument can't
be negative is useful. Having this information in the type system (rather
than a comment + MOZ_ASSERT in the implementation) seems better.
* Existing code seems largely on the "using unsigned when possible"
camp, e.g., all the sizes in mfbt and xpcom data structures are unsigned.
Consistency with existing code might be valuable.
* Rust also prefers unsigned when possible. Consistency with the other
compiled language we have in the tree might also be valuable.
* Signed integer overflow does cause real issues and any theoretical
performance win we could have from abusing signed overflow being UB will
go away when https://bugzilla.mozilla.org/show_bug.cgi?id=1031653 is fixed.
* I think the real issue here is the implicit narrowing conversions and
integer promotions of C++, which we do have static analysis to prevent
(even if static analysis isn't always perfect, neither are the diagnostics
that compilers produce when you use signed types).
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/a3c1ea56-b199-b60f-9df9-ceaf81c797a2%40mozilla.com.
