| ▲ | uecker 14 hours ago |
| Having them available is not the issue, using them for sizes and indices is what causes a lot of tricky bugs. |
|
| ▲ | jltsiren 11 hours ago | parent | next [-] |
| I find it the opposite. Unsigned integers are intuitive, while signed integers are unintuitive and cause a lot of tricky bugs. Especially in languages, where signed overflow is undefined behavior. It's pretty rare to have values that can be negative but are always integers. At least in the work I do. The most common case I encounter are approximations of something related to log probability. Such as various scores in dynamic programming and graph algorithms. Most of the time, when you deal with integers, you need special handling to avoid negative values. Once you get used to thinking about unsigned integers, you quickly develop robust ways of avoiding situations where the values would be negative. |
| |
| ▲ | uecker 3 hours ago | parent [-] | | It is interesting that you find unsigned integers more intuitive. My experience (also with students, but also analysis of CVE give plenty of evidence) is that the opposite is true: signed integers in C are a model of integers which have a nice mathematical structure which people learn in elementary school. Yes, this breaks down on overflow, but for this you have to reach very high numbers and there is very good tooling to debug this. In contrast, unsigned integers in C are modulo arithmetic which people learn at university, if at all, and get wrong all the time, and the errors are mostly subtle and very difficult to find automatically. You are right that often you need to constrain an integer to be non-negative or positive, but usually not during arithmetic, but at certain points in the logic of a program. But then in my experience it is better expressed as some assertion. |
|
|
| ▲ | throwaway894345 13 hours ago | parent | prev [-] |
| Why does an unsigned type for sizes or indices fare worse than a signed type? When do I want the -247th element in an array? When do I have a block that is -10 bytes in size? |
| |
| ▲ | charlie90 11 hours ago | parent | next [-] | | Because doing subtraction on sizes/indicies is common, and signed handles the case where you subtract below 0. Unsigned yields unintuitive results. i.e, unsigned fails silently. For example, looping to the 2nd to last item in an array or getting the index before the given index. The source of confusion is that unsigned is a terrible name. Unsigned does not mean non-negative. Its 100% complete valid to assign a negative value to an unsigned, it just fails silently. If you want non-negative integers, then you should make a wrapper class that enforces non-negativity at compile and runtime. | | |
| ▲ | throwaway894345 6 hours ago | parent [-] | | > The source of confusion is that unsigned is a terrible name. Unsigned does not mean non-negative. Its 100% complete valid to assign a negative value to an unsigned, it just fails silently. C’s implicit casts are tripping you up. Unsigned ints can’t be negative, but C will happily let you assign a negative signed int to an unsigned int variable, but the moment it is assigned it ceases to be negative. In serious programming languages this implicit assignment is forbidden—you have to explicitly cast. > For example, looping to the 2nd to last item in an array or getting the index before the given index. I don’t understand what you mean here, can you clarify? > If you want non-negative integers, then you should make a wrapper class that enforces non-negativity at compile and runtime. Unsigned integers are the compile time side of the coin, but yes you may want to take care to enforce it at runtime as well, though this typically implies a performance penalty that most don’t want to pay. | | |
| ▲ | uecker 3 hours ago | parent [-] | | In C your compiler can help you with conversions and if not, please use a better one. In this regard, C is a very pragmatic language, and hence for actual work it is a more "serious" programming language than programming languages which are based on some idealistic theory that pedantic typing will fix all your problems, but actually keep you from doing your job. |
|
| |
| ▲ | uecker 13 hours ago | parent | prev | next [-] | | the reason is not that you want a negative index or size, but that you want the computation of the index to be correct, and you want to have obvious errors. Both turns out to be easier with signed types. | |
| ▲ | kevin_thibedeau 13 hours ago | parent | prev | next [-] | | There are (rare) times when you want negative array indices. C lets you index in both directions from a pointer to the middle of an array. That's why array indexing is signed in C. Some libc ctypes lookup tables do this. For sizing there is no strong case for negatives other than to shoehorn them into signed operations. | | |
| ▲ | throwaway894345 13 hours ago | parent [-] | | That’s interesting but seems pretty dangerous. How do you know you aren’t going to decrement off the front of the array? Keeping the pointer to the first element in the array and using offsets seems safer for humans and I don’t think the computer would care. | | |
| ▲ | mmilunic 12 hours ago | parent | next [-] | | Kinda a smart alec response, but how do you know you aren’t going to increment off the end of the array when operating normally? I guess it is twice the danger. | |
| ▲ | 8note 12 hours ago | parent | prev [-] | | i dont want an unsigned int either though. how do you know your arbitrary sized number is inside the size of the array? best off having a bespoke type that understands how big the array its indexing is |
|
| |
| ▲ | wavemode 12 hours ago | parent | prev [-] | | > When do I want the -247th element in an array? You never want any element of an array, except elements within the range [0, array_length). Anything outside of that is undefined behavior. I think people tend to overthink this. A function which takes an index argument, should simply return a result when the index is within the valid range, and error if it's outside of it (regardless of whether it's outside by being too low or too high). It doesn't particularly matter that the integer is signed. If you aren't storing 2^64 elements in your array (which you probably aren't - most systems don't even support addressing that much memory) then the only thing unsigned gets you is a bunch of footguns (like those described in the OP article). |
|
