|
That Turkey Story posted:Wait, what? If anything I can think of cases where unsigned operations can be optimized whereas signed operations cannot, not the other way around. Maybe you know something I don't, but either way, that doesn't change the fact that using an unsigned type may be correct whereas a signed type isn't (or vice versa). Pick your type based on what makes your code more correct. Overflow behavior for signed integers is undefined, and so that enables the compiler to pretty much assume that signed integers don't overflow and make optimizations appropriately. Consider, code:code:code:In any case, the recommendation (as I understand it) applies to what to pick as a default signedness. If you need unsigned of course you should use it, but the number of use cases where you really need unsigned (other than bitfields) and not just a bigger int is rare.
|
#
?
Jul 2, 2008 22:31
|
|
|
|
| # ? May 18, 2024 04:32 |
|
|
While I've worked primarily with Perl and PHP in the past 9 years, before that I worked primarily in C. I have a fair knowlege of objects in the above languages and C++ (circa 1992) but for all intents and purposes, I'm pretty much a C++ noob. I think the biggest thing thats tripping me up is templates but I'm slowly getting there... Currently I'm working with the Boost libraries and Spirit in particular to write a parser that will be used from a Perl script to parse log file entries. I have this "working" but am convinced I'm doing many things "wrong" and would appreciate some advice on organization. I've figured out how to chain Boost/Spirit grammars together but it's making for a mighty unwieldy single file. So I'm breaking out the grammers including their related functions into other files. What is the recommended method for doing this? I'm currently extracting the grammar definitions into .hpp files and including them into my main .cpp file. That seems nasty and wrong but I don't see a more reasonable way of doing it.
|
|
#
?
Jul 3, 2008 00:25
|
|
|
Cheesus posted:Currently I'm working with the Boost libraries and Spirit in particular to write a parser that will be used from a Perl script to parse log file entries. I have this "working" but am convinced I'm doing many things "wrong" and would appreciate some advice on organization. Wow, how complex are these log files that you can't just use a line-by-line reader and boost::regex?
|
|
#
?
Jul 3, 2008 00:30
|
|
|
floWenOl posted:
|
|
#
?
Jul 3, 2008 00:53
|
|
|
That Turkey Story posted:First, before going into anything at all, I'd recommend using iterators here which as a side-effect avoids the issue of sign entirely, and if for some reason you didn't do that, I'd still say say use string::size_type instead of int and just don't write an algorithm which relies on negative values. The reason is, if you write your loop correctly and your loop uses the proper size type, your code works for all strings. If, on the other hand, you use int, your loop variable will risk overflow on larger strings no matter how you write it. It would be hard for me to disagree with more points here  First, the only thing I agree with: Yes, using iterators bypasses the issue of sign nicely. Sometimes, however, that's just not practical - I'm giving a small example of a situation where it breaks in an unexpected and subtle way, not a fullfledged example of a case where it's an inevitable bug (since I don't believe those exist.) However, I strongly disagree that using a signed int will cause a problem here. The vast majority of 32-bit systems aren't even capable of making a single 2gb allocation, due to reserved chunks of the address space, and even if they're capable of doing it, trying to get a string to do it is one of the most dubious things I've heard of (what happens when you append to it and the string decides to reallocate? What if you use .c_str() and the string decides to reallocate, which it is allowed to do?) It's just not something that ever comes up - I consider this to be well within the bounds of "this never happens". And even if it does, I'd say a better solution would be to use a longer signed type, like "long" (which will be 64-bit on virtually any sane system where .size() can be 1<<31) or "long long" (which will be 64-bit and which is nearly part of C++), not an unsigned type, for the same power-distribution reasons I mentioned beforehand. Also, saying "if you write it correctly, it always works!  " is kind of meaningless, because obviously it'll work if you write it correctly. What I'm getting at here is that unsigned variables make it much easier to introduce subtle unexpected bugs, thereby either reducing the chance that you'll write it correctly or increasing the amount of effort and time it takes to write it correctly (take your pick) while signed variables avoid a small but significant class of errors.quote:Either way, your for loop example is hardly indicative of why you should never use unsigned types even if that code actually were able to handle all strings. If anything, at least just recommend defaulting to signed if you are unsure rather than disallowing unsigned types completely for arithmetic calculations, though even that I'd disagree with. Use the type that makes sense for the job. Period. And this is why I believe in style guides, not style requirements. Yes, I agree with what you're saying - however I also think that unsigned is very rarely the right decision. I'd phrase it more as "don't use unsigned for arithmetic unless you're absolutely sure of what you're doing, and comment it if so".
|
|
#
?
Jul 3, 2008 04:55
|
|
|
ZorbaTHut posted:It would be hard for me to disagree with more points here And it's a bad example, because the simpler, more correct solution would be to use iterators, in which case you would have had to go way out of your way to introduce a bug like that. ZorbaTHut posted:It's just not something that ever comes up - I consider this to be well within the bounds of "this never happens". It's those subtle bugs -- like the ones that can be easily introduced by using offsets instead of iterators, that make "this never happens" turn into "But I never thought that would happen". Every simple programming error that can be made, will probably be made, often by you. Use a simpler and less error-prone solution where possible. ZorbaTHut posted:And even if it does, I'd say a better solution would be to use a longer signed type, like "long" (which will be 64-bit on virtually any sane system where .size() can be 1<<31) I'm not aware of any 32-bit system in which long is 64-bit, is that what you're saying? "ZorbaTHut posted:or "long long" (which will be 64-bit and which is nearly part of C++), not an unsigned type, for the same power-distribution reasons I mentioned beforehand. Well, "long long" technically isn't a part of C++. Compilers/runtimes in general can deal with it, but 64-bit long long on 32 bit systems generally means software manipulation, which is significantly slower. But the real problem here is that you're saying "adding 1 more bit to make sure you don't overflow/underflow is silly, you should add 32 bits." It is silly to add one bit, but just extending that to 32 bits is almost as silly -- it's a variation of throwing hardware at the problem, when the problem only exists because you're not using the correct method in the first place. ZorbaTHut posted:Also, saying "if you write it correctly, it always works! What he's saying is that using the correct approach means that your chance of not writing it correctly is decreased. Use signed ints for ints that will always be in a particular range that can be negative, use unsigneds for ints that will always be in a particular nonnegative range, and don't use ints when there's a more appropriate and less error-prone abstraction available to you.
|
|
#
?
Jul 3, 2008 08:57
|
|
|
more falafel please posted:And it's a bad example, because the simpler, more correct solution would be to use iterators, in which case you would have had to go way out of your way to introduce a bug like that. Okay I want to start this off by saying something: I have never claimed that iterators shouldn't be used. Okay? Can we end this part of the discussion? The point I'm making is that signed should almost always be preferred over unsigned. When I bring this up, the counter-argument is usually "but the STL containers are unsigned, so they can in theory store more than a signed value's worth of things", or "well, what if you know it can't be negative, like the number of items in a container". That's what I'm debating. If your response to "you should use signed instead of unsigned" is "you're wrong, you should only use iterators!" then we're not in a debate, we're not even talking about the same thing. As for my example, I've annoyingly frequently dealt with algorithms where I needed to compute things for adjacent pairs of elements. In this case, yes, you can use iterators (with a rather ugly itr[1] or *(itr + 1) for the next element, or an equally ugly technique including two iterators, and in both cases an extra conditional needed to start the loop) - but in several cases I've also needed to worry about the indexes of values, either because I need to store indices in a manner which is preserved across multiple copies/versions of the container, or because I need to append things to the container later, or because I need to store information in some way which is transferrable to someone who doesn't own that particular instance. I suppose I could technically store iterators, and then turn *that* into indices at the transfer point, or traverse with iterators and then get indices out of that, but it honestly seems kind of dumb when I can just stick with indices in the first place. I didn't bother to write up an entire algorithm because it just didn't seem applicable to "signed versus unsigned". There are cases where you want to use indices instead of iterators, and sometimes you also want a loop inside them, and sometimes you want to do math on indices (in fact, frequently you want to do math on indices, as frequently this is why you need indices in the first place.) more falafel please posted:It's those subtle bugs -- like the ones that can be easily introduced by using offsets instead of iterators, that make "this never happens" turn into "But I never thought that would happen". Every simple programming error that can be made, will probably be made, often by you. Use a simpler and less error-prone solution where possible. more falafel please posted:I'm not aware of any 32-bit system in which long is 64-bit, is that what you're saying? Range overflows on in-memory containers due to signed variables are a bug that really can't exist on any common 32-bit system. 32-bit Windows is, as I remember, simply incapable of allocating a contiguous 2gb of memory. It just can't do it, period, /3gb or not. I seem to remember that 32-bit Linux is the same unless you go and jump through a lot of hoops. Both of these are due to small chunks taken out of the memory space at various locations. Try malloc(0x80000000) on your compiler and, unless you've seriously tweaked your system, it'll return 0. Meanwhile, on 64-bit systems, "long" is easily sufficient for any size that you might need - once again, no processor being made today or even in the projected far future is even capable of addressing more than a tiny fraction of the address space. In both cases, the "signed" version is sufficient for the actual range you'll be using, avoiding the nasty problems with basic math that "unsigned" is occasionally prone to. more falafel please posted:Well, "long long" technically isn't a part of C++. Compilers/runtimes in general can deal with it, but 64-bit long long on 32 bit systems generally means software manipulation, which is significantly slower. But the real problem here is that you're saying "adding 1 more bit to make sure you don't overflow/underflow is silly, you should add 32 bits." It is silly to add one bit, but just extending that to 32 bits is almost as silly -- it's a variation of throwing hardware at the problem, when the problem only exists because you're not using the correct method in the first place. It technically isn't, but it's the next best thing. It's in c++0x, it has been for years, it's absolutely going to be in the final standard, it's part of C99, every serious compiler on the planet supports it. Unless you know you're going to be using a compiler from 2001 you can really rely on its existence now. Adding one more bit to make sure you don't overflow/underflow isn't silly. Adding one more bit to make sure you don't overflow, while adding a similarly large (or, IMHO, even larger) chance of underflow, is silly. I'm not saying "signed solves all your problems" or even "signed doesn't create problems", I'm saying "signed solves far more problems than it creates". more falafel please posted:What he's saying is that using the correct approach means that your chance of not writing it correctly is decreased. Use signed ints for ints that will always be in a particular range that can be negative, use unsigneds for ints that will always be in a particular nonnegative range And I am saying that is the incorrect approach. Unsigned is dangerous and errorprone if you're doing any sort of math to it, and very few people sit down and think "okay, I'm doing math . . . am I doing math to an unsigned variable? Am I absolutely sure this math is safe, when my instincts tell me it is? Oh no, it's not, it might become negative one!" My point, in summary: It's rare that a value is too large for signed someinttype but small enough for unsigned someinttype. It's relatively common that math involves comparisons or subtraction that can cause unsigned to accidentally underflow or behave unexpectedly. It's extremely rare that the range of "unsigned" is required and that just making the type longer isn't an acceptable solution. Mixing signed and unsigned can lead to weird results (assert((unsigned int)0xa0000000 > (int)0xb0000000)) fails on my system, for example) and that, in lieu of a magic bullet that can make all these problems go away, using "signed" and only resorting to unsigned when it is absolutely necessary will save you from more grief than any other option. Basically what I'm saying here is along similar lines to "you probably shouldn't be using reinterpret_cast as a common feature in your code."
|
|
#
?
Jul 3, 2008 09:30
|
|
|
ZorbaTHut posted:(assert((unsigned int)0xa0000000 > (int)0xb0000000)) fails on my system, for example) Any decent compiler ought to give a warning on that. Which is a good reason to use unsigned for data that should never be negative. When you get Warning: comparison between signed and unsigned types on line XXX you know it's time to put in something like this: code:
|
|
#
?
Jul 3, 2008 10:53
|
|
|
ZorbaTHut posted:If your response to "you should use signed instead of unsigned" is "you're wrong, you should only use iterators!" then we're not in a debate, we're not even talking about the same thing. So your argument basically boils down to "but what if I really want to use the wrong tool for this job?" ZorbaTHut posted:Range overflows on in-memory containers due to signed variables are a bug that really can't exist on any common 32-bit system. 32-bit Windows is, as I remember, simply incapable of allocating a contiguous 2gb of memory. Lazy lists.  ZorbaTHut posted:Meanwhile, on 64-bit systems, "long" is easily sufficient for any size that you might need - once again, no processor being made today or even in the projected far future is even capable of addressing more than a tiny fraction of the address space. Not with the LLP64 data model, which MSVC uses (longs are still 32-bit there).
|
|
#
?
Jul 3, 2008 19:34
|
|
|
Zorba provides a slightly contrived situation but a very good example of the kind of subtle and unintuitive bugs unsignedness can produce, and all you can do is rave about how the situation is slightly contrived? The point is you can do perfectly normal things with signed integers because it's pretty easy to avoid +/- 2 billion (all you have to consider is whether 32 bits is big enough). You pretty much always have to start thinking about modular arithmetic with unsigned integers because it's drat hard to avoid 0.
|
|
#
?
Jul 3, 2008 19:43
|
|
|
I'm having to do a little int to string conversion and I'm getting a silly little error I can't figure out. The background here is that this is some firmware where there is no room for including the standard library or extraneous h files for conversion, so I'm converting it myself. It isn't too bad because my only possible numbers are between 0 and 200. All I have to do is split the numbers up and convert them a character at a time, by adding '0'. Let's say my value is 199, I'll always get "1991" though and I don't know why. Here's my code: code:Any ideas? greatn fucked around with this message at 21:57 on Jul 3, 2008 |
|
#
?
Jul 3, 2008 21:50
|
|
|
greatn posted:Now this code pretty much works, except there is a phantom '1 put in at the end for some reason
|
|
#
?
Jul 3, 2008 21:54
|
|
|
greatn posted:
I don't think you mean this. Also number should be declared with size 4, and the last entry set to '\0'
|
|
#
?
Jul 3, 2008 21:54
|
|
|
csammis posted:I don't think you mean this. Also number should be declared with size 4, and the last entry set to '\0' Yeah, I mistyped that, no chars there. Ah, I forgot I needed to do that, thanks, with the '\0'. It's been so long since I dealt with having to actually null terminate I forgot you even had to.
|
|
#
?
Jul 3, 2008 21:56
|
|
|
Avenging Dentist posted:So your argument basically boils down to "but what if I really want to use the wrong tool for this job?" Yes, iterators are the right tool for the job 100% of the time! 
|
|
#
?
Jul 3, 2008 23:30
|
|
|
floWenoL posted:Yes, iterators are the right tool for the job 100% of the time! Then show me an example where both iterators are inappropriate and the unsigned-ness of size_t is an issue.
|
|
#
?
Jul 4, 2008 00:09
|
|
|
That Turkey Story posted:First, before going into anything at all, I'd recommend using iterators here which as a side-effect avoids the issue of sign entirely, and if for some reason you didn't do that, I'd still say say use string::size_type instead of int and just don't write an algorithm which relies on negative values. It's worth pointing out that using iterators here isn't correct either. For an empty string, begin() == end(), and so you'd be comparing one before the beginning of the array, which isn't necessarily valid (according to the standard). Not to mention the fact that if you used == instead of < (as is common with iterators) that would be an error, too.
|
|
#
?
Jul 4, 2008 00:50
|
|
|
Avenging Dentist posted:Then show me an example where both iterators are inappropriate and the unsigned-ness of size_t is an issue. It's not that iterators are entirely inappropriate, it's just that sometimes using indices is clearer; recommending "always use iterators" is the C++ equivalent to the (equally fallacious) mantra of "always use pointers". If you have a vector and you know you won't have enough elements to run into size issues, using iterators is unnecessary, verbose, and in fact may introduce bugs due to the fact that you have to repeat the name of the container twice, which is exacerbated by the fact that said verbosity encourages copying-and-pasting iterator-using for loops as to avoid having to type out vector<blah blah>::const_iterator or "typename T::const_iterator" (don't forget the typename!) yet again.
|
|
#
?
Jul 4, 2008 00:56
|
|
|
i just use iterators for FOREACH in C++ and use signed integers for everything else. code:
|
|
#
?
Jul 4, 2008 01:00
|
|
|
crazypenguin posted:Zorba provides a slightly contrived situation but a very good example of the kind of subtle and unintuitive bugs unsignedness can produce, and all you can do is rave about how the situation is slightly contrived? crazypenguin posted:The point is you can do perfectly normal things with signed integers because it's pretty easy to avoid +/- 2 billion (all you have to consider is whether 32 bits is big enough). You pretty much always have to start thinking about modular arithmetic with unsigned integers because it's drat hard to avoid 0. floWenoL posted:It's worth pointing out that using iterators here isn't correct either. For an empty string, begin() == end(), and so you'd be comparing one before the beginning of the array, which isn't necessarily valid (according to the standard). Not to mention the fact that if you used == instead of < (as is common with iterators) that would be an error, too. At least Avenging Dentist and falafel are sane. floWenoL posted:It's not that iterators are entirely inappropriate, it's just that sometimes using indices is clearer; recommending "always use iterators" is the C++ equivalent to the (equally fallacious) mantra of "always use pointers". floWenoL posted:If you have a vector and you know you won't have enough elements to run into size issues, using iterators is unnecessary, verbose, and in fact may introduce bugs due to the fact that you have to repeat the name of the container twice, which is exacerbated by the fact that said verbosity encourages copying-and-pasting iterator-using for loops as to avoid having to type out vector<blah blah>::const_iterator or "typename T::const_iterator" (don't forget the typename!) yet again. Entheogen posted:the reason to use signed integers for indecies of arrays is that you can set it to -1 to signify it not pointing to anything. Which sometimes you have to do. Otherwise what is the issue? both take up the same space.  Maybe everyone really should just use java. I don't know how to explain this anymore clearly.
That Turkey Story fucked around with this message at 01:55 on Jul 4, 2008 |
|
#
?
Jul 4, 2008 01:43
|
|
|
hey, i never had issues with C++ iterators and STL containers. I use Java for bigger projects because its easier to work with. C++ is good for small programs when you just want to calculate some stuff though. oh ok, is all the fuss about because many functions take size_t instead of int? i don't see how this could become an issue unless you are dealing with large indecies. Entheogen fucked around with this message at 01:54 on Jul 4, 2008 |
|
#
?
Jul 4, 2008 01:50
|
|
|
Entheogen posted:I use Java for bigger projects because its easier to work with. C++ is good for small programs when you just want to calculate some stuff though. Yeah, C++ is a toy language that will never be used for large-scale applications or for applications that require performance. quote:oh ok, is all the fuss about because many functions take size_t instead of int? i don't see how this could become an issue unless you are dealing with large indecies. I like how you jumped in the discussion without knowing anything of what's being discussed. It's spelled "indices", btw.
|
|
#
?
Jul 4, 2008 02:17
|
|
|
Quit being a jerk floWenoL. Let's all just relax and have a nice discussion about how much C++ owns and how everyone is a terrible programmer except for me, you and AD.
That Turkey Story fucked around with this message at 02:27 on Jul 4, 2008 |
|
#
?
Jul 4, 2008 02:22
|
|
|
That Turkey Story posted:You need to reread this conversation if that is what you pulled out. The problem is the signed version won't work for all strings whereas the unsigned version will. You're trading writing a proper algorithm for the ability to avoid an amateur mistake that could easily be picked up in testing. One is correct, the other is not. In library code, you need to be able to handle everything. There's a lot of great examples of how hard this is to do, the most famous is Bentley's paper on writing a binary search algorithm. Amusingly it had an error that nobody noticed for two decades. Unsignedness is important for correctness there because you need to work correctly with almost unknown inputs. (As an aside, I wrote a compiler recently that comes with a really fun complication example. The language had simple constructs like "for i := a..b" and it turns out you have to contort the translation of for loops in unexpected ways to accommodate b = MAX_INT. Exercise left for the reader!) In application code, you know your inputs a lot better. You know you're never going to be working with data structures 2GB in size on a 32 bit machine. You're not that loving insane. You also need to do applicationy things, like iterate over all elements of a list except the last one because that's a special case. Well, okay let's go to size()-1! Perfectly reasonable thing to do. You should simply NOT write application code like you would library code or you will never finish the project. Not as long as we're still using languages like our current ones, anyway. If the above blog post isn't a good enough example of how every piece of library code needs to be written in weird ways to handle odd corners cases, I'm not sure what is. It's really quite simple, for signed integers, all you have to do is ask "will the magnitude of this value ever exceed 2 billion" and you know whether the code is correct. For unsigned values, you have to ask "will the magnitude of this value ever exceed 4 billion, oh and for every single calculation I make with it, could it possibly underflow?" KISS principle. Don't over engineer things. That's all I'm saying, anyway.
|
|
#
?
Jul 4, 2008 02:50
|
|
|
I find it hard to believe that using the proper datatype is over-engineering.
|
|
#
?
Jul 4, 2008 03:37
|
|
|
That Turkey Story posted:I find it hard to believe that using the proper datatype is over-engineering. The preceding paragraph explains the conceptual complexity, the preceding examples show some of the practical complexity, and the fact that this discussion started with Google's recommended coding guidelines suggests that they've probably run into exactly these same problems internally.
|
|
#
?
Jul 4, 2008 03:53
|
|
|
schnarf posted:
Here's an algorithm that scales better with respect to integer size. I don't think it's a good idea to use a macro. code:
|
|
#
?
Jul 4, 2008 06:33
|
|
|
Wow what the hell, how does that even work.
|
|
#
?
Jul 4, 2008 16:01
|
|
|
what the crap happened in this thread? Using "integral indices" instead of iterators only ever even *remotely* "makes sense" because people learned how to deal with containers from examples based on C or Address+Offset arrays. Iterators are a hell of a lot more intuitive (especially when you consider that a given container might have an internal implementation utterly divorced from Address+Offset, such as a linked list) and the only reason they don't seem that way is because programmers have the c-style array approach engrained in their brains. Also, using "-1" as an "invalid flag" is fairly bad form, since it's semantically meaningless and is effectively a magic number. Yes, it allows you to write code like code:
|
|
#
?
Jul 4, 2008 16:48
|
|
|
sarehu posted:Here's an algorithm that scales better with respect to integer size. I don't think it's a good idea to use a macro. Why not? It can be verified that it works properly just like the function you posted can.
|
|
#
?
Jul 4, 2008 17:49
|
|
|
Ugg boots posted:Why not? It can be verified that it works properly just like the function you posted can. Macros are evil, and unless you absolutely have to, it's preferable to use an inline function to enforce type safety and all that good stuff.
|
|
#
?
Jul 4, 2008 18:52
|
|
|
Nuke Mexico posted:what the crap happened in this thread? Using "integral indices" instead of iterators... crazypenguin posted:Zorba provides a slightly contrived situation but a very good example of the kind of subtle and unintuitive bugs unsignedness can produce, and all you can do is rave about how the situation is slightly contrived? I wonder where this discussion might have gone if the example hadn't been a indexing into a data structure at all. Still not a real world example, but at least we can stop arguing about iterators! You can't have negative beers on the wall, right?!code:
|
|
#
?
Jul 4, 2008 19:12
|
|
|
crazypenguin posted:
That Turkey Story posted:Again, here is your choice -- write your code correctly, or write it incorrectly just to avoid an amateur mistake that can easily be found in testing anyway. The argument is that you're substituting something that fails on a known edge case (or in this example, fails 100% of the time) and is easy to diagnose if you actually, you know, run the code, in order to save yourself from the minimal effort to write code that doesn't fail for 50% of the valid use cases.
|
|
#
?
Jul 4, 2008 19:17
|
|
|
sarehu posted:Here's an algorithm that scales better with respect to integer size. I don't think it's a good idea to use a macro. What does L stand for in there?
|
|
#
?
Jul 4, 2008 19:33
|
|
|
Entheogen posted:What does L stand for in there? LL is the suffix for long long.
|
|
#
?
Jul 4, 2008 19:45
|
|
|
what does even bits mean? is it an AND operation with something that has 1's only in even places so the product only has 1's in even positions? vvvv thanks that makes perfect sense now vvvvv For what purposes would you want to use evenbits function for? Entheogen fucked around with this message at 20:01 on Jul 4, 2008 |
|
#
?
Jul 4, 2008 19:52
|
|
|
It might be more kosher to use ULL for unsigned long longs, but they were less than 0x8000000000000000 anyway. The 'even' bits are those in even-numbered positions, starting at zero. Take the number 74 for example, and write it in binary: 01001010. The even-numbered bits are the ones that represent "2 to the Nth power", for even numbers N. code:
|
|
#
?
Jul 4, 2008 19:59
|
|
|
Avenging Dentist posted:The argument is that you're substituting something that fails on a known edge case (or in this example, fails 100% of the time) and is easy to diagnose if you actually, you know, run the code, in order to save yourself from the minimal effort to write code that doesn't fail for 50% of the valid use cases. It is intended to be obvious that it fails, while being perfectly reasonable code if you had just not insisted on unsigned integers for a variable that "can't be negative." I guess I'll give one more example a shot. In the linux kernel, where it IS perfectly reasonable to use unsigned integers, there have been many security vulnerabilities (and this isn't just confined to linux) related to underflowing unsigned integers. The vast majority of these could have been avoided by using a large sized, signed integer, though obviously that's not always a potential solution for something like a kernel. If high profile, security sensitive things like kernels can make subtle mistakes involving underflow of unsigned integers, why would you recommend using unsigned more than is absolutely strictly necessary, inflicting this entire class of bugs on application code? Really, if you want to convince me I'm wrong, instead of focusing on the illustrative example, find something horribly wrong with this: crazypenguin posted:It's really quite simple, for signed integers, all you have to do is ask "will the magnitude of this value ever exceed 2 billion" and you know whether the code is correct. For unsigned values, you have to ask "will this value ever exceed 4 billion, oh and for every single calculation I make with it, could it possibly underflow?"
|
|
#
?
Jul 4, 2008 20:20
|
|
|
Avenging Dentist posted:Macros are evil, and unless you absolutely have to, it's preferable to use an inline function to enforce type safety and all that good stuff. Inline functions are all fine and dandy until your compiler decides that, no, it doesn't actually want to inline any more.
|
|
#
?
Jul 5, 2008 01:25
|
|
|
|
| # ? May 18, 2024 04:32 |
|
|
ehnus posted:Inline functions are all fine and dandy until your compiler decides that, no, it doesn't actually want to inline any more. Your compilers guess as to whether it should inline is probably as good as yours. It's a bit of a black art.
|
|
#
?
Jul 5, 2008 12:16
|
|