On 12/11/2012 10:44 AM, foobar wrote:
All of the above relies on the assumption that the safety problem is due to the
memory layout. There are many other programming languages that solve this by
using a different point of view - the problem lies in the implicit casts and not
the memory layout. In other words, the culprit is code such as:
uint a = -1;
which compiles under C's implicit coercion rules but _really shouldn't_.
The semantically correct way would be something like:
uint a = 0xFFFF_FFFF;
but C/C++ programmers tend to think the "-1" trick is less verbose and "better".
Trick? Not at all.
1. -1 is the size of an int, which varies in C.
2. -i means "complement and then increment".
3. Would you allow 2-1? How about 1-1? (1-1)-1?
Arithmetic in computers is different from the math you learned in school. It's
2's complement, and it's best to always keep that in mind when writing programs.