Re: [PATCH] base32, base64: prefer signed to unsigned integers

[Bruno Haible]

Hi Simon,

> I'm not sure I understand why idx_t is better than size_t
> here, can you elaborate?  Why not ssize_t?

You find a detailed explanation in the comments of idx.h.

> Maybe a compromise is to
> keep the old API but add new APIs with idx_t types and the
> implementation of the old functions uses the new one.

The objective is to eliminate bugs due to the use of unsigned types
for numerical values. We can achieve it only by increasing the use
of signed types such as 'idx_t'. If we keep the old function,
it needs to be marked with __attribute__ ((__deprecated__)), otherwise
existing code will continue to use the old function forever.

Such a compromise comes with a cost: extra function names, that will
stick around for a long time. Here, since size_t and idx_t have the
same size at the binary level, the churn is limited: only the functions
with a ctx argument have changed the element type of a pointer arguments,
and despite warnings, no wrong code will be executed — except where, like
in the test suite, a value > SIZE_MAX / 2 is passed as argument.

Bruno