Hi Paul, > I am planning to make xalloc.h use idx_t rather than size_t for object > and byte counts, as we really should be using signed integers there, for > all the usual reasons.
I agree that using idx_t in more places helps reduce overflow problem. However, since 'xalloc' started out as "malloc() which can't return NULL", this would introduce an inconsistency w.r.t. malloc(). Could programmers still replace calls to malloc() with calls to xmalloc() without thinking, without considering the context? And vice versa, when transforming code into library code, can programmers still replace calls to xmalloc() with calls to malloc() and a NULL check, mechanically? (I hope the answer is "yes", but maybe I'm overlooking something?) Bruno
