Paul Eggert wrote: > > - /* Avoid calling both strcpy and strlen. */ > > - for (int i = 0; (salg.salg_name[i] = alg[i]); i++) > > + /* Copy alg into salg.salg_name, without calling strcpy nor strlen. */ > > + for (size_t i = 0; (salg.salg_name[i] = alg[i]) != '\0'; i++)
> If you don't like int due to concerns about too-large sizes (of course > theoretical in this case, but here we are...) Yes, this was my point. When I see an 'int' type, a bell rings in my head: "32 bit! too small!". When someone is unlucky enough to pass a string that is larger than 2 GiB in length, they should get correct behaviour nevertheless. > I prefer to use signed integer types when possible, as it allows better > runtime checking (for integer overflow). This is a style encouraged > within Emacs and I'd like to encourage it elsewhere too. > > If you don't like int due to concerns about too-large sizes (of course > theoretical in this case, but here we are...), then how about ptrdiff_t > instead? We talked through it already. I have nothing against ptrdiff_t as a type in principle, but I want a typedef that clearly indicates (to the reader, to a compiler that is able to emit diagnostics, and to possible static analysis / program verification tools that will be added in the future) that the variable is supposed to hold values >= 0 only. [1] Bruno [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00024.html
