[webkit-dev] Unsigned to avoid negative values
Alex Christensen
achristensen at apple.com
Thu Jan 26 20:12:26 PST 2023
If you are subtracting things that have not been verified to produce a positive value, then you hopefully aren’t dealing with values that can’t be negative, so this wouldn’t apply then. Forgetting to verify things is a bug in many places. I also think that a buffer offset of -1 is just about as bad as a buffer offset of 4294967295.
> On Jan 26, 2023, at 6:44 PM, Simon Fraser via webkit-dev <webkit-dev at lists.webkit.org> wrote:
>
> Late to the party but….
>
> Avoiding unsigned is usually recommended to avoid inadvertent underflow:
>
> unsigned big = 200;
> unsigned small = 100;
> auto result = small - big; // underflow
>
> This is particularly bad when doing math on buffer offsets and sizes, and can result in OOB bugs. I believe Apple’s media frameworks code has a “no unsigned usage” rule because of that. I’m surprised that no-one has raised it in this discussion.
>
> Simon
>
>> On Jan 24, 2023, at 2:00 AM, Myles Maxfield via webkit-dev <webkit-dev at lists.webkit.org> wrote:
>>
>> Hello!
>>
>> I recently learned that the C++ core guidelines recommend against using unsigned to avoid negative values. Section 4.4 on page 73 of The C++ Programming Language says unsigned types should be used for bitfields and not in an attempt to ensure values are positive. Some talks by people on the C++ standards committee (e.g., Herb Sutter) recommend against using unsigned types simply because the value is expected to by positive.
>>
>> Should we be avoiding unsigneds for these purposes? WebKit uses unsigneds all over the place, and I’m assuming a fair many of them are there to indicate that negative values are avoided. The C++ recommendation goes against my intuition that the type is there for clarity, to indicate expectations about the meaning and behavior of its value. But if it’s standard practice to just use int instead, perhaps we should update the style guide?
>>
>> What do you think?
>>
>> —Myles
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20230126/2dded4e0/attachment.htm>
More information about the webkit-dev
mailing list