|
| From: | Paul Eggert |
| Subject: | Re: checked integer arithmetic |
| Date: | Thu, 15 Dec 2016 23:35:40 -0800 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
Bruno Haible wrote:
1) You're basically saying "let's use signed integer types for indices", and you do that in the quotearg.c change.
Yes. This is not my invention; it's common in C programs generally to use int for indexes. Using ptrdiff_t for indexes is the preferred coding style in the C core of Emacs, where the maintainers don't want to use unsigned integers except for specialized uses like bitmasks. (ptrdiff_t is obviously a safer choice than int.)
2) The type __xalloc_count_type is sometimes signed, sometimes unsigned, depending on platform (like 'char' and 'wchar_t').
True, though it is signed on all practical platforms that I know about. The unsigned alternative is in some sense merely a hypothetical one.
It becomes one of the basic C types and should therefore deserve a name with wider scope.
I'm not sure I'd go that far. Emacs simply used ptrdiff_t for indexes, and this works well. ptrdiff_t works for all values that xalloc_oversized accepts. _xalloc_count_type exists merely to support efficient checking for oversized values even on weird platforms where SIZE_MAX < PTRDIFF_MAX, and this quite-specialized use doesn't need to leak out into applications -- at least, I've never felt the need for it in Emacs.
| [Prev in Thread] | Current Thread | [Next in Thread] |