Hi Paul,
> Prefer a signed to an unsigned integer when calculating indexes,
In the other mail you ask for objections:
> I'd also like to change dfa.h's API to prefer ptrdiff_t to size_t, for
> the same integer-overflow reason. This would be a (minor) API change so
> I thought I'd ask first. Any objections?
I'd like to remind the objection I voiced in [1][2], and suggest to use a
typedef equivalent to ptrdiff_t, not ptrdiff_t directly, for variables
that SHOULD only take on values >= 0.
Rationale (summarized):
1) Make it easier to understand and review the code in the future.
2) Standards change over time.
3) Help the compiler produce better code or better warnings through
range types.
It's quite possible that clang will have range types, 5 years from now.
(clang already has knowledge about which types are signed [3]
and which pointer types include the NULL value [4].)
4) Help static analysis tools produce better warnings as well.
Last time we were trying to find a good name for this typedef. How about
typedef ptrdiff_t uptrdiff_t;
?
Bruno
[1] http://lists.gnu.org/archive/html/bug-gnulib/2017-06/msg00009.html
[2] https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00039.html
[3] __is_unsigned in
https://clang.llvm.org/docs/LanguageExtensions.html#type-trait-primitives
[4] https://clang-analyzer.llvm.org/annotations.html#attr_nonnull
