On 03/07/2012 11:01 AM, Timon Gehr wrote:
On 03/07/2012 07:05 AM, ixid wrote:
Ah, thank you, so it's wrapping. That seems like a bad idea, what is the
benefit to size being unsigned rather than signed? This case would seem
like one where allowing negatives is clearly better and more intuitive.
The problem is not that length is unsigned. The issue is the implicit
conversion from signed to unsigned. The right thing would be to disallow
signed -> unsigned and unsigned -> signed implicit conversion unless
value range propagation can prove it safe, and to make comparison
between signed and unsigned actually work by translating it to more than
one machine instruction.
Furthermore, bitwise boolean operators should still accept arguments of
arbitrary signedness but the result should implicitly convert to both
signed and unsigned.
