Philipp Lohmann wrote: > On 3/12/10 2:50 PM, Herbert Duerr wrote: > >>your suggestion shows the fundamental flaw I've pointed out earlier > >>- that too much of the code makes implicit assumptions about the > >>available int ranges. Just grep for 0xFFFF, 0xFFFE etc. and weep. > > > >The hardcoded range-checks were probably good enough then because of the > >hardcoded types implied they would be safe forever. Changing any of > >these signatures now is a lot of work with "lots of pain, little gain". > >That's why it isn't high on anybodies priority list. > > +1 > Hi Philipp,
much of what Herbert writes is beside my point - it's not about changing existing code, but about defaults for writing new, or fixing old. It's not whether the current code using fixed size ints is of especially good quality, but whether it would be rather harmful, or rather positive, to permit ints and longs for everything. Ages ago there was a decision to use typedefs like USHORT, ULONG, with apparently a fixed range - those were superseded by the recommendation of the uno types, now in the current coding standards. I still consider this decision valid, as it eliminates a very subtle way of introducing bugs (that are even platform-dependent, something we try hard to avoid in above-the-vcl code) - without any necessary drawbacks except, err, readability. > >Or should they get some value-add by e.g. in debug mode by them becoming > >smart classes? With range checks, signed-unsigned checks, cast-checks, > >etc.? Range checks should be simple. Maybe there is already a generic > >template library for this? I haven't seen one though. If I had to > >implement it I'd use type names close to the cstdint typenames and > >switch the namespace depending on debug-mode or product-mode. > > +1 > You have a point here (and also with the unsigned ints are evil statement). But you'll need (much of) that checking for production code, too, if you say "don't need fixed int range, will check for overflow myself". It's just much easier do code static checks at strategic places, if you know exact ranges, and not only weak >= relations between types. Yes, I think the C int type system sucks. > To this whole thread I can only say: don't we have more pressing > problems than to change perfectly valid code to other perfectly > valid code which in the best case does the same as before. > See above. I was reasoning about coding style. Cheers, -- Thorsten
pgpMitIjBFUgz.pgp
Description: PGP signature
