Thanks for all the feedback and the decision. Mirko
On Wednesday, November 10, 2021 at 10:51:37 PM UTC+1 Bobby Holley wrote: > Hi folks, > > I've chatted with my peers in the C++ style/usage module, and while there > are advantages to each approach, we are most persuaded by the rationale > provided by Emilio. Accordingly, I've submitted a patch in bug 1740616 to > update the style guide to prefer unsigned types in this situation, and also > encourage the use of CheckedInt for managing overflow. > > Cheers, > Bobby > > On Wed, Nov 10, 2021 at 8:41 AM Mats Palmgren <[email protected]> wrote: > >> I fully agree with all the points Emilio makes below. >> Unsigned types conveys the intent much more clearly to me. >> >> Also, can somebody please just fix the -fwrapv bug he mentioned? >> It's been open for 8 years already... >> >> /Mats >> >> >> On 11/10/21 11:54, Emilio Cobos Álvarez wrote: >> > * Types provide value to the reader, and are superior to comments. If >> > I'm reading a piece of code for the first time, knowing an argument >> can't >> > be negative is useful. Having this information in the type system >> (rather >> > than a comment + MOZ_ASSERT in the implementation) seems better. >> > >> > * Existing code seems largely on the "using unsigned when possible" >> > camp, e.g., all the sizes in mfbt and xpcom data structures are >> unsigned. >> > Consistency with existing code might be valuable. >> > >> > * Rust also prefers unsigned when possible. Consistency with the >> other >> > compiled language we have in the tree might also be valuable. >> > >> > * Signed integer overflow does cause real issues and any theoretical >> > performance win we could have from abusing signed overflow being UB >> will >> > go away when https://bugzilla.mozilla.org/show_bug.cgi?id=1031653 is >> fixed. >> > >> > * I think the real issue here is the implicit narrowing conversions >> and >> > integer promotions of C++, which we do have static analysis to prevent >> > (even if static analysis isn't always perfect, neither are the >> diagnostics >> > that compilers produce when you use signed types). >> >> -- >> You received this message because you are subscribed to the Google Groups >> "[email protected]" group. >> > To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/a3c1ea56-b199-b60f-9df9-ceaf81c797a2%40mozilla.com >> . >> > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/06b5efa4-470f-4501-a296-e97b63b3667en%40mozilla.org.
