On Thu, Jan 26 2023 at 12:31:25 AM -0800, Myles Maxfield via webkit-dev
wrote:
Okay, sounds like we’re all pretty much in agreement.
How about I add a rule to our style guide that says “use unsigned
types to represent values which cannot be negative.”
Good idea?
This is pretty strict.
__
I agree with Alex. Underflow is just as bad as overflow.
—Myles
> On Jan 26, 2023, at 8:12 PM, Alex Christensen wrote:
>
> If you are subtracting things that have not been verified to produce a
> positive value, then you hopefully aren’t dealing with values that can’t be
> negative, so this w
If you are subtracting things that have not been verified to produce a positive
value, then you hopefully aren’t dealing with values that can’t be negative, so
this wouldn’t apply then. Forgetting to verify things is a bug in many places.
I also think that a buffer offset of -1 is just about a
Late to the party but….
Avoiding unsigned is usually recommended to avoid inadvertent underflow:
unsigned big = 200;
unsigned small = 100;
auto result = small - big; // underflow
This is particularly bad when doing math on buffer offsets and sizes, and can
result in OOB bugs. I beli
https://github.com/WebKit/WebKit/pull/9199
> On Jan 26, 2023, at 12:31 AM, Myles Maxfield via webkit-dev
> wrote:
>
> Okay, sounds like we’re all pretty much in agreement.
>
> How about I add a rule to our style guide that says “use unsigned types to
> represent values which cannot be negativ
Okay, sounds like we’re all pretty much in agreement.
How about I add a rule to our style guide that says “use unsigned types to
represent values which cannot be negative.”
Good idea?
> On Jan 25, 2023, at 4:11 PM, Alex Christensen wrote:
>
> If a value represents a size or a count or someth
If a value represents a size or a count or something that inherently cannot be
negative, I strongly prefer using unsigned types. It reduces the number of
places where we need to ask ourselves “what if it’s negative?” when it can
never be negative, leading to more straightforward code that doesn
> On Jan 24, 2023, at 2:00 AM, Myles Maxfield via webkit-dev
> wrote:
>
> I recently learned that the C++ core guidelines recommend against using
> unsigned to avoid negative values. Section 4.4 on page 73 of The C++
> Programming Language says unsigned types should be used for bitfields and
On Tue, Jan 24, 2023 at 11:00 AM Myles Maxfield via webkit-dev
wrote:
> What do you think?
What this immediately made me think of is that Web IDL and the web
platform at large use unsigned and signed integers of various types.
And as those have different value spaces you'd notice if you do
someth
Hi,
What’s the benefit? I don’t think we should be changing our long-time coding
practices unless there are clear benefits from doing so.
From your email, it is not yet clear to me what those benefits would be.
Chris.
> On Jan 24, 2023, at 6:58 AM, Michael Catanzaro via webkit-dev
> wrote:
>
On Tue, Jan 24 2023 at 02:00:11 AM -0800, Myles Maxfield via webkit-dev
wrote:
What do you think?
This has been a best practice for a long time now. It's a good rule to
reduce bugs if adopted consistently, but I also fear that if we were to
try to adapt existing WebKit code to follow these g
I could have sworn reading a few years ago a white paper discussing signed vs
unsigned discussed with Blink coding style showing that using unsigned had a
performance impact.
Of course, now I can’t find reference to it.
But I clearly recall recommendations like you mentioned.
Sent from my
12 matches
Mail list logo
