On 1 November 2017 at 17:46, Thiago Macieira <thiago.macie...@intel.com> wrote: > On quarta-feira, 1 de novembro de 2017 08:25:01 PDT Konstantin Tokarev wrote: >> > No, not really, since it's already limited to half the full VM space. No >> > object can be larger than that. Using unsigned is unnecessary. >> >> Using unsigned for size types is crucial in preventing signed overflow in >> pathological cases. > > Using signed for size types is crucial because the API expects to be able to > count backwards from the end and needs to report failure in other situations. > So unsigned is simply ruled out. > > There are also no pathological cases since there is no overflow.
If your signed size type would ever overflow, a sanitizer can catch that. It's *much* harder for a sanitizer to diagnose incorrect wrap-around of an unsigned size type if that sanitizer wishes to avoid false positives. Having said that, it's non-trivial for a sanitizer to diagnose signed overflow, since that happens to work correctly and in the way the programmer expected on many platforms. _______________________________________________ Development mailing list Development@qt-project.org http://lists.qt-project.org/mailman/listinfo/development
