From mboxrd@z Thu Jan  1 00:00:00 1970
From: Russ Allbery <rra@stanford.edu>
To: gcc@gcc.gnu.org
Subject: Re: comparisons..
Date: Thu, 13 Jul 2000 17:30:00 -0000
Message-id: <ylwvip8sex.fsf@windlord.stanford.edu>
References: <396D78FE.C4A91B53@uow.edu.au> <Pine.BSF.4.21.0007131840510.71820-100000@taygeta.dbai.tuwien.ac.at> <396E5ABD.856EACF4@uow.edu.au>
X-SW-Source: 2000-07/msg00428.html

Andrew Morton <andrewm@uow.edu.au> writes:

> There are probably some bugs hiding behind "comparison between signed
> and unsigned", but I didn't check these - there were many hundreds.

This is a rather interesting warning.  I've recently gone through the
exercise of making some code free of this warning, and I'm convinced that
it results in higher code quality, but it does require some work.  Most
code that I see plays fairly rough and loose with whether things are
signed or unsigned and gets away with it because the values that it deals
with are never high enough to cause a problem.  To be really correct, code
should care and deal with those boundary cases correctly.

Unfortunately, fixing these warnings often requires a good bit of fiddling
and can have some propagation effects similar to trying to const-ify old
code that makes fixing them all sometimes impractical for old code bases.

I don't think a lot of C programmers pay enough attention to signed vs.
unsigned issues, including a lot of interface designers.  Note, for
example, the interface to write:

  ssize_t write(int fildes, const void *buf, size_t nbyte);

What *do* you return if you can successfully write out as one block more
data than will fit in the range of ssize_t, but that will fit into size_t
(which is normally twice as large on the positive end)?  :)

-- 
Russ Allbery (rra@stanford.edu)             < http://www.eyrie.org/~eagle/ >