flagging unsigned subtraction assigned to bigger signed number?

[Jonathan M Davis]

On Monday, May 19, 2025 9:11:47 PM Mountain Daylight Time Steven Schveighoffer via Digitalmars-d wrote:
> So why not just flag all unsigned/signed conversions? The problem
> with this idea (and technically it is a sound idea) is that it
> will flag so many things that are likely fine. Flagging all
> conversions just is going to be extremely noisy, and require
> casts everywhere. Subtraction is where the problems are.
>
> In cases where the compiler knows that unsigned subtraction won't
> wrap, it can also skip the warning.
>
> Thoughts?

Personally, I think that we should abolish all warnings in general. So, I'm
very much against adding more. If you have warnings, ultimately, you either
get stuck with a list of warnings that you have to wade through to see if
there's anything that actually needs to be fixed, or you're forced to "fix"
them even when they're not broken. I very much do not want the compiler
spitting out stuff that I have to ignore or "fix" just to shut it up. And
the fact that we currently have -w makes it all that much worse, because it
means that warnings can change the results for type introspection and thus
actually change what a program does rather than just warn the programmer of
a potential problem. But even with -w being removed (or changed to behave
like -wi), I still think that it's a mistake for the compiler to have
warnings. Sometimes, a warning will show an actual problem, but in general,
it just adds more stuff that programmers have to "fix" to shut the compiler
up. If a problem is truly bad enough that it merits telling the programmer
about it, then we should be looking at a reasonable set of conditions which
are clearly an error and should be treated that way.

So, if we can come up with a compiler error that unequivocally indicates bad
logic that actually does need to be fixed, then I'm all for adding it, but I
think that anything along the lines of a warning should be left to a linting
tool.

And really, this particular issue comes from the general issues of implicit
conversions between signed and unsigned. Such implicit conversions are
sometimes useful, but they also easily cause bugs which can be hard to find.
I do wonder if we'd be better off if we just treated converting between
signed and unsigned as the narrowing conversion that it is, or whether it
would just create a need for too many casts. VRP would help, but it's not
very sophisticated, so I don't know if it would help enough to matter. I
suspect that with my code at least, making it an error would be absolutely
fine, but it's likely to be very dependent on the kind of code that's
written. Either way, from what I recall, Walter is very much against
treating converting signedness as a narrowing conversion (even thouhgh it
is), so I doubt that he'd agree to it.

- Jonathan M Davis