On Fri, 21 Nov 2014 14:36:53 -0300 Ary Borenszweig via Digitalmars-d <[email protected]> wrote:
> On 11/21/14, 11:29 AM, ketmar via Digitalmars-d wrote: > > On Fri, 21 Nov 2014 19:31:23 +1100 > > Daniel Murphy via Digitalmars-d <[email protected]> wrote: > > > >> "bearophile" wrote in message news:[email protected]... > >> > >>> From my experience in coding in D they are far more unlikely than > >>> sign-related bugs of array lengths. > >> > >> Here's a simple program to calculate the relative size of two files, that > >> will not work correctly with unsigned lengths. > >> > >> module sizediff > >> > >> import std.file; > >> import std.stdio; > >> > >> void main(string[] args) > >> { > >> assert(args.length == 3, "Usage: sizediff file1 file2"); > >> auto l1 = args[1].read().length; > >> auto l2 = args[2].read().length; > >> writeln("Difference: ", l1 - l2); > >> } > >> > >> The two ways this can fail (that I want to highlight) are: > >> 1. If either file is too large to fit in a size_t the result will > >> (probably) > >> be wrong > >> 2. If file2 is bigger than file1 the result will be wrong > >> > >> If length was signed, problem 2 would not exist, and problem 1 would be > >> more > >> likely to occur. I think it's clear that signed lengths would work for > >> more > >> possible realistic inputs. > > no, the problem 2 just becomes hidden. while the given code works most > > of the time, it is still broken. > > So how would you solve problem 2? with proper check before doing subtraction. or by switching to some Scheme compiler with full numeric tower.
signature.asc
Description: PGP signature
