[RFC] Integer signedness story #246
Comments
|
cc @csoriano89 |
|
How are you going to deal with valid unsigned values when they are invalid as gint? I would say, just follow what gtk+ does to avoid problems with gtk+... (although some decisions might be not the best ones). |
|
It's not unsecure to provide an invalid value to gtk since it'll return an error value. However it's not perfect since rust is supposed to provide full safety. But |
Catch with @GuillaumeGomez GTK+ relies on optional asserts to handle various edge cases. If they're not compiled in, those edge cases (even as simple as calling |
Bad news.
Not necessarily. It's always possible to find cases where a developer isn't directly responsible. However the |
|
Another possible alternative is using some |
|
Not sure this is a nice idea to add a new type (even if we use it only internally). But let's keep an eye on it just in case. |
|
"Catch with asserts probably because typically an out of range value would be a "programmer error". " That's the thing, a big uint value is not an overflow, but the developer will see errors coming from gtk+ about negative values when they used just a guint. Sounds more confusing than what it tries to fix. In case you use a i32 and set a negative value the developer will catch it just printing it, but not a u32. However if you use a u32 and make some asserts internally with a message explaining to the developer that it's a big value that cannot be processed and the maximum value is 2^31, then why not. |
|
Yeah, I wouldn't want a negative value to reach gtk+. To be clear the approach I had in mind is fn get_foo() -> u32 {
let ret = gtk_get_foo();
assert!(ret >= 0, "Unexpected negative value");
ret as u32
}
fn set_foo(val: u32)
let val = val as c_int;
assert!(val >= 0, "Value bigger than i32::max_value");
gtk_set_foo(val);
}and documenting the presence of this |
|
Then looks like a good idea to me and no downsides on top of my head from the gtk+/c side. |
Write error list for commented signals
|
There doesn't seem to be anything actionable here anymore. To some degree this is done manually now, but as there is no annotation for any such thing it will have to be done manually on a case-by-case basis in the future too. |
Most GTK APIs use
gintwhenever an integer is needed, largely for C-specific reasons. Since Rust has more strict integer semantics my desire is to useu32(oru16, orOption<u32>where appropriate) wherever negative values are invalid.This approach has been applied to a few classes so far: EntryBuffer, Notebook, partly to List/TreeStore.
It may follow that unsignedness needs to be applied as far as the basic structs like
GtkAllocationakaGdkRectangleakacairo_rectangle_int_t(widthandheightat least). This discussion makes me think it has merit.Before any further effort is made on this it'd be nice to get some opinions on whether the direction is right or the above classes should be reverted to the upstream C convention (
i32everywhere).The text was updated successfully, but these errors were encountered: