0 < negative loop condition bug or misunderstanding on my part

[Jonathan M Davis]

On Wednesday, March 07, 2012 11:01:05 Timon Gehr wrote:
> On 03/07/2012 07:05 AM, ixid wrote:
> > Ah, thank you, so it's wrapping. That seems like a bad idea, what is the
> > benefit to size being unsigned rather than signed? This case would seem
> > like one where allowing negatives is clearly better and more intuitive.
> 
> The problem is not that length is unsigned. The issue is the implicit
> conversion from signed to unsigned. The right thing would be to disallow
> signed -> unsigned and unsigned -> signed implicit conversion unless
> value range propagation can prove it safe, and to make comparison
> between signed and unsigned actually work by translating it to more than
> one machine instruction.

Though that's one of those things that you're not going to convince Walter of 
- primarily, I believe, because it would require a lot more casting. The 
interesting part about _that_ is that if it's bad enough, it will actually 
make code _worse_, because the cast forces things. To really deal with it 
cleanly, you'd proabably need something similar to the const_cast nonsense in 
C++ except that it just converts signedness.

I suspect that the reality of the matter is that if we disallowed implicit 
conversions between signed and unsigned, a number of bugs would completely go 
away, but others would creep in as a result, and the overal situation wouldn't 
necessarily be any better, but I don't know. My initial reaction would be to 
agree with you, but there are definitely cases where such an approach would get 
annoying and bug-prone (due to the casting involved). But regardless, I really 
don't think that you're going to convince Walter on this one, given what he's 
said in the past.

- Jonathan M Davis