bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 4/4] dfa: prefer signed integers for internals

From: Bruno Haible
Subject: Re: [PATCH 4/4] dfa: prefer signed integers for internals
Date: Thu, 12 Dec 2019 02:21:55 +0100
User-agent: KMail/5.1.3 (Linux/4.4.0-166-generic; KDE/5.18.0; x86_64; ; ) 
Hi Paul,

> Prefer a signed to an unsigned integer when calculating indexes,

In the other mail you ask for objections:

> I'd also like to change dfa.h's API to prefer ptrdiff_t to size_t, for 
> the same integer-overflow reason. This would be a (minor) API change so 
> I thought I'd ask first. Any objections?

I'd like to remind the objection I voiced in [1][2], and suggest to use a
typedef equivalent to ptrdiff_t, not ptrdiff_t directly, for variables
that SHOULD only take on values >= 0.

Rationale (summarized):
  1) Make it easier to understand and review the code in the future.
  2) Standards change over time.
  3) Help the compiler produce better code or better warnings through
     range types.
     It's quite possible that clang will have range types, 5 years from now.
     (clang already has knowledge about which types are signed [3]
     and which pointer types include the NULL value [4].)
  4) Help static analysis tools produce better warnings as well.

Last time we were trying to find a good name for this typedef. How about

  typedef ptrdiff_t uptrdiff_t;

?

Bruno

[1] http://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00009.html
[2] https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00039.html
[3] __is_unsigned in
    https://clang.llvm.org/docs/LanguageExtensions.html#type-trait-primitives
[4] https://clang-analyzer.llvm.org/annotations.html#attr_nonnull
reply via email to
[Prev in Thread] Current Thread [Next in Thread]