Thanks for posting this Mirko! :) On 11/10/21 11:07, Mirko Brodesser wrote:
What do other people think about this?
For the record, just re-instating some of the reasons I disagree with preferring signed integers when the variable can't be negative:
* Types provide value to the reader, and are superior to comments. If I'm reading a piece of code for the first time, knowing an argument can't be negative is useful. Having this information in the type system (rather than a comment + MOZ_ASSERT in the implementation) seems better.
* Existing code seems largely on the "using unsigned when possible" camp, e.g., all the sizes in mfbt and xpcom data structures are unsigned. Consistency with existing code might be valuable.
* Rust also prefers unsigned when possible. Consistency with the other compiled language we have in the tree might also be valuable.
* Signed integer overflow does cause real issues and any theoretical performance win we could have from abusing signed overflow being UB will go away when https://bugzilla.mozilla.org/show_bug.cgi?id=1031653 is fixed.
* I think the real issue here is the implicit narrowing conversions and integer promotions of C++, which we do have static analysis to prevent (even if static analysis isn't always perfect, neither are the diagnostics that compilers produce when you use signed types).
I mentioned this on a private thread too, but this is not a hill I want to die on, so happy to accept whatever the module owners say about this. I concur with Mirko that we just need _some_ direction to put in the style guide :-)
-- Emilio -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/64ab3129-9275-4f34-c4d4-59c8618626a3%40mozilla.com.
