Late to the party but…. Avoiding unsigned is usually recommended to avoid inadvertent underflow:
unsigned big = 200; unsigned small = 100; auto result = small - big; // underflow This is particularly bad when doing math on buffer offsets and sizes, and can result in OOB bugs. I believe Apple’s media frameworks code has a “no unsigned usage” rule because of that. I’m surprised that no-one has raised it in this discussion. Simon > On Jan 24, 2023, at 2:00 AM, Myles Maxfield via webkit-dev > <webkit-dev@lists.webkit.org> wrote: > > Hello! > > I recently learned that the C++ core guidelines recommend against using > unsigned to avoid negative values. Section 4.4 on page 73 of The C++ > Programming Language says unsigned types should be used for bitfields and not > in an attempt to ensure values are positive. Some talks by people on the C++ > standards committee (e.g., Herb Sutter) recommend against using unsigned > types simply because the value is expected to by positive. > > Should we be avoiding unsigneds for these purposes? WebKit uses unsigneds all > over the place, and I’m assuming a fair many of them are there to indicate > that negative values are avoided. The C++ recommendation goes against my > intuition that the type is there for clarity, to indicate expectations about > the meaning and behavior of its value. But if it’s standard practice to just > use int instead, perhaps we should update the style guide? > > What do you think? > > —Myles > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > https://lists.webkit.org/mailman/listinfo/webkit-dev
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev