You are a stupid programmer, you can't have that

Sat Aug 7 17:20:09 UTC 2021

On Saturday, 7 August 2021 at 14:21:52 UTC, Guillaume Piolat 
wrote:
>
> It's hard to appreciate how good that Java decision was without 
> maintaining large C++ codebases.
> Unsigned/signed math and the implicit conversions between them 
> absolutely DO cause bugs in real-world code, the most prominent 
> of which must be:
>
>     #include <vector>
>     #include <iostream>
>
>     bool isArrayOrdered(std::vector<int>& vec)
>     {
>         for (size_t n = 0; n < vec.size() - 1; ++n)
>         {
>             if (vec[n] > vec[n+1])
>                 return false;
>         }
>         return true;
>     }
>
>     int main(int argc, char** argv)
>     {
>         std::vector<int> v;
>         // works if the array isn't empty
>         // v.push_back(4);
>         std::cout << isArrayOrdered(v);
>     }
>
>
> See the bug in isArrayOrdered?
>
> It will fail with an empty array since:
> 1. vec.size() yields size_t
> 2. vec.size() - 1 stays unsigned, if the size was zero it is 
> now the maximum possible size
> 3. and we have an unsigned comparison, with a very long loop 
> which in this case will cause out of bounds
>
> (Solution: use + 1 on the other side of the comparison)
>
> Similar problems happen when people store image size with 
> unsigned, or widget positions in unsigned, or dates in unsigned 
> integers.
>
> All of these problems disappear:
> - if only signed integers are available.
> - if container length return a signed integer (and that's what 
> D could have done...)
> - if comparison or arithmetic with mixed signedness is 
> forbidden (but: lots of casts)
>
> Programmers do not actually learn about integer promotion 
> except when forced by such bugs.
> It has nothing to with programmers being dumb or low-skilled, 
> and everything to do with an economy of information: it's 
> better if the problem doesn't exist in the first place.
>
> So I believe Java made a decision that saves up mental space.

Your example is a valid argument as well as you provide the 
solution for unsigned math. The most interesting with the example 
is that your example provide a one comparison solution for 
signed/unsigned. This type of error would quickly be found as it 
would generate an exception in both C++ and D. Then perhaps the 
lazy programmer would just do an extra check when the size is 
zero. For example

      bool isArrayOrdered(std::vector<int>& vec)
      {
          if (vec.empty())
          {
               return true;
          }

          for (size_t n = 0; n < vec.size() - 1; ++n)
          {
              if (vec[n] > vec[n+1])
                  return false;
          }
          return true;
      }

This would be better but requires an extra check, two 
comparisons. I think you provide an excellent example that the 
problem isn't signed/unsigned math but how you can use the 
arithmetics to your advantage regardless signed/unsigned. There 
are often solutions when using unsigned math and that is what I 
think the programmer should learn instead of limiting the 
language.