-
Notifications
You must be signed in to change notification settings - Fork 733
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
size_type should be unsigned #171
Comments
It is an explicit design decision for A natural, portable implementation of
|
The maximum addressable distance can be signed but only because negative values are ok and wrapping is expected. Neither is true of the number of items in a collection where negative is a programming error and wrapping around can be catastrophic. You cannot address large numbers of items with a signed value. The existing convention already set by std have containers return size_t for the count leading developers to naturally use size_t when indexing collections. It sounds as this is already a done decision though which is too bad. Adopting GSL in our existing code would require lots of potentially unsafe casting and add extra complexity when indexing as one would have to carefully inspect code to see if the collection is a std one or a non-std collection with a different addressing. |
This is how I look at it: it is a fundamental mistake that the standard library uses an unsigned type as index type for Also, I personally find catching bugs related to signed -> unsigned implicit conversions coming from out-of-bound accesses much more important than a platonic uniformity with a standard container practice that we know are mistakes. |
Certainly it is a mistake that the standard library uses But we're writing C++ code, which heavily uses standard containers (or at least that's what we're supposed to do). And the standard containers use unsigned
The code above is no good. It's not easy to read, it has long_ugly_casts, many braces, that What can we do?It might not look good, but I think that we should add the
Yes it looks like a crutch and it is a crutch. That "u" in |
If I am reading this GCC bug report correctly, GCC, glibc, and Bionic libc do not permit allocating more than half of the available address space in a single allocation. A significant reason seems to be that values in this range can cause various issues, some of which are security sensitive (just read the report; don't want to mis-summarize). So it seems that this statement is, in practice, wrong anyway. |
I agree with @ascheglov . The decision to use STL may have made a mistake in using |
Anyway, it is unnecessary to argue anymore. I have just found out that GSL has changed |
GSL uses
std::ptrdiff_t
forsize_type
, which leads to the "signed/unsigned comparison" warnings.It doesn't look like
span::size
can return negative values, so it should usestd::size_t
forsize_type
, as standard library containers do.The text was updated successfully, but these errors were encountered: