[webkit-dev] Unsigned to avoid negative values

Myles Maxfield mmaxfield at apple.com
Thu Jan 26 17:44:29 PST 2023


https://github.com/WebKit/WebKit/pull/9199

> On Jan 26, 2023, at 12:31 AM, Myles Maxfield via webkit-dev <webkit-dev at lists.webkit.org> wrote:
> 
> Okay, sounds like we’re all pretty much in agreement.
> 
> How about I add a rule to our style guide that says “use unsigned types to represent values which cannot be negative.”
> 
> Good idea?
> 
>> On Jan 25, 2023, at 4:11 PM, Alex Christensen <achristensen at apple.com> wrote:
>> 
>> If a value represents a size or a count or something that inherently cannot be negative, I strongly prefer using unsigned types.  It reduces the number of places where we need to ask ourselves “what if it’s negative?” when it can never be negative, leading to more straightforward code that doesn’t have to handle impossible cases.  It also eliminates the possibility of malicious content somehow incrementing a signed 32 bit integer past its maximum value and executing code with unexpected negative values used in signed comparison operations.
>> 
>>>> On Jan 24, 2023, at 11:44 AM, Ryosuke Niwa via webkit-dev <webkit-dev at lists.webkit.org> wrote:
>>>> 
>>>> 
>>>>> On Jan 24, 2023, at 2:00 AM, Myles Maxfield via webkit-dev <webkit-dev at lists.webkit.org> wrote:
>>>> 
>>>> I recently learned that the C++ core guidelines recommend against using unsigned to avoid negative values. Section 4.4 on page 73 of The C++ Programming Language says unsigned types should be used for bitfields and not in an attempt to ensure values are positive. Some talks by people on the C++ standards committee (e.g., Herb Sutter) recommend against using unsigned types simply because the value is expected to by positive.
>>>> 
>>>> Should we be avoiding unsigneds for these purposes? WebKit uses unsigneds all over the place, and I’m assuming a fair many of them are there to indicate that negative values are avoided. The C++ recommendation goes against my intuition that the type is there for clarity, to indicate expectations about the meaning and behavior of its value. But if it’s standard practice to just use int instead, perhaps we should update the style guide?
>>>> 
>>>> What do you think?
>>> 
>>> I don’t think we should change our coding style guidelines just because C++ core guideline says something.
>>> 
>>> - R. Niwa
>>> 
>>> _______________________________________________
>>> webkit-dev mailing list
>>> webkit-dev at lists.webkit.org
>>> https://lists.webkit.org/mailman/listinfo/webkit-dev
>> 
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20230126/3cca494b/attachment.htm>


More information about the webkit-dev mailing list