On Fri, 21 Nov 2014 19:31:23 +1100 Daniel Murphy via Digitalmars-d <digitalmars-d@puremagic.com> wrote:
> "bearophile" wrote in message news:lkcltlokangpzzdzz...@forum.dlang.org... > > > From my experience in coding in D they are far more unlikely than > > sign-related bugs of array lengths. > > Here's a simple program to calculate the relative size of two files, that > will not work correctly with unsigned lengths. > > module sizediff > > import std.file; > import std.stdio; > > void main(string[] args) > { > assert(args.length == 3, "Usage: sizediff file1 file2"); > auto l1 = args[1].read().length; > auto l2 = args[2].read().length; > writeln("Difference: ", l1 - l2); > } > > The two ways this can fail (that I want to highlight) are: > 1. If either file is too large to fit in a size_t the result will (probably) > be wrong > 2. If file2 is bigger than file1 the result will be wrong > > If length was signed, problem 2 would not exist, and problem 1 would be more > likely to occur. I think it's clear that signed lengths would work for more > possible realistic inputs. no, the problem 2 just becomes hidden. while the given code works most of the time, it is still broken.
signature.asc
Description: PGP signature
