On Wednesday, March 07, 2012 11:01:05 Timon Gehr wrote: > On 03/07/2012 07:05 AM, ixid wrote: > > Ah, thank you, so it's wrapping. That seems like a bad idea, what is the > > benefit to size being unsigned rather than signed? This case would seem > > like one where allowing negatives is clearly better and more intuitive. > > The problem is not that length is unsigned. The issue is the implicit > conversion from signed to unsigned. The right thing would be to disallow > signed -> unsigned and unsigned -> signed implicit conversion unless > value range propagation can prove it safe, and to make comparison > between signed and unsigned actually work by translating it to more than > one machine instruction.
Though that's one of those things that you're not going to convince Walter of - primarily, I believe, because it would require a lot more casting. The interesting part about _that_ is that if it's bad enough, it will actually make code _worse_, because the cast forces things. To really deal with it cleanly, you'd proabably need something similar to the const_cast nonsense in C++ except that it just converts signedness. I suspect that the reality of the matter is that if we disallowed implicit conversions between signed and unsigned, a number of bugs would completely go away, but others would creep in as a result, and the overal situation wouldn't necessarily be any better, but I don't know. My initial reaction would be to agree with you, but there are definitely cases where such an approach would get annoying and bug-prone (due to the casting involved). But regardless, I really don't think that you're going to convince Walter on this one, given what he's said in the past. - Jonathan M Davis