Hi folks, I've chatted with my peers in the C++ style/usage module, and while there are advantages to each approach, we are most persuaded by the rationale provided by Emilio. Accordingly, I've submitted a patch in bug 1740616 to update the style guide to prefer unsigned types in this situation, and also encourage the use of CheckedInt for managing overflow.
Cheers, Bobby On Wed, Nov 10, 2021 at 8:41 AM Mats Palmgren <[email protected]> wrote: > I fully agree with all the points Emilio makes below. > Unsigned types conveys the intent much more clearly to me. > > Also, can somebody please just fix the -fwrapv bug he mentioned? > It's been open for 8 years already... > > /Mats > > > On 11/10/21 11:54, Emilio Cobos Álvarez wrote: > > * Types provide value to the reader, and are superior to comments. If > > I'm reading a piece of code for the first time, knowing an argument > can't > > be negative is useful. Having this information in the type system > (rather > > than a comment + MOZ_ASSERT in the implementation) seems better. > > > > * Existing code seems largely on the "using unsigned when possible" > > camp, e.g., all the sizes in mfbt and xpcom data structures are > unsigned. > > Consistency with existing code might be valuable. > > > > * Rust also prefers unsigned when possible. Consistency with the other > > compiled language we have in the tree might also be valuable. > > > > * Signed integer overflow does cause real issues and any theoretical > > performance win we could have from abusing signed overflow being UB will > > go away when https://bugzilla.mozilla.org/show_bug.cgi?id=1031653 is > fixed. > > > > * I think the real issue here is the implicit narrowing conversions > and > > integer promotions of C++, which we do have static analysis to prevent > > (even if static analysis isn't always perfect, neither are the > diagnostics > > that compilers produce when you use signed types). > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/a3c1ea56-b199-b60f-9df9-ceaf81c797a2%40mozilla.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CADa3RMP4Ypryi62Cg8FttwOAFUguNcT3HYL5JPGgg%2BkKF2%3Dn8A%40mail.gmail.com.
