From: Paul Eggert <eggert@cs.ucla.edu>
To: Alejandro Colomar <alx.manpages@gmail.com>,
A <amit234234234234@gmail.com>,
libc-alpha@sourceware.org
Subject: Re: size_t vs long.
Date: Thu, 17 Nov 2022 11:17:28 -0800 [thread overview]
Message-ID: <dd16db9e-bdfe-901d-9b9f-c0aa2836e55e@cs.ucla.edu> (raw)
In-Reply-To: <c139d396-4084-f8c0-44e8-31d20d171056@gmail.com>
On 2022-11-17 01:21, Alejandro Colomar via Libc-alpha wrote:
> I'd like to change your opinion. Please read this excellent article by
> Jens Gustedt (member of WG14, the group that develops the ISO C
> standard) which explains why size_t is better:
>
> <https://gustedt.wordpress.com/2013/07/15/a-praise-of-size_t-and-other-unsigned-types/>
Sorry, but that article is not excellent: it's mostly wrong. Among other
things it says size_t is better because it lets you write code like this:
> for (size_t i = 41; i < sizeof A / sizeof A[0]; --i) {
> A[i] = something_nice;
> }
and that there will be "No traps, no signals, no exceptions".
First, Gustedt technically incorrect, because the code *can* trap on
platforms where SIZE_MAX <= INT_MAX, because on such a platform when i
is zero, '--i' can store a trap value into i.
Second and more important, that code is bogus. Nobody should ever write
code like that. If I wrote code like that, I'd *want* a trap. Traps are
*good* when they prevent buggy code from doing further damage.
For what it's worth, in Gnulib's more recent code we've been using the
type "idx_t". It is a signed type, thus avoiding C's bug-inducing
comparison rules, where most size_t values compare to be less than -1.
However, by convention idx_t contains only nonnegative values.
The idx_t type is *much* better than size_t, both because we can tell
the compiler to do some overflow checking on it, and because it compares
nicely to ordinary integers. This overcomes two major disadvantages of
size_t.
next prev parent reply other threads:[~2022-11-17 19:17 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-17 7:02 A
2022-11-17 9:21 ` Alejandro Colomar
2022-11-17 9:48 ` A
2022-11-17 11:00 ` Alejandro Colomar
2022-11-17 19:40 ` Jason Duerstock
2022-11-17 20:01 ` Alejandro Colomar
2022-11-17 19:17 ` Paul Eggert [this message]
2022-11-17 20:27 ` Alejandro Colomar
2022-11-17 21:39 ` Paul Eggert
2022-11-17 23:04 ` Alejandro Colomar
2022-11-23 20:08 ` Using size_t to crash on off-by-one errors (was: size_t vs long.) Alejandro Colomar
2022-11-18 2:11 ` size_t vs long Maciej W. Rozycki
2022-11-18 2:47 ` Paul Eggert
2022-11-23 20:01 ` Alejandro Colomar
2022-11-17 21:58 ` DJ Delorie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dd16db9e-bdfe-901d-9b9f-c0aa2836e55e@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=alx.manpages@gmail.com \
--cc=amit234234234234@gmail.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).