[Development] QtCS 2017 QtCore sessions
Ville Voutilainen
ville.voutilainen at gmail.com
Wed Nov 1 16:58:15 CET 2017
On 1 November 2017 at 17:46, Thiago Macieira <thiago.macieira at intel.com> wrote:
> On quarta-feira, 1 de novembro de 2017 08:25:01 PDT Konstantin Tokarev wrote:
>> > No, not really, since it's already limited to half the full VM space. No
>> > object can be larger than that. Using unsigned is unnecessary.
>>
>> Using unsigned for size types is crucial in preventing signed overflow in
>> pathological cases.
>
> Using signed for size types is crucial because the API expects to be able to
> count backwards from the end and needs to report failure in other situations.
> So unsigned is simply ruled out.
>
> There are also no pathological cases since there is no overflow.
If your signed size type would ever overflow, a sanitizer can catch
that. It's *much* harder for a sanitizer
to diagnose incorrect wrap-around of an unsigned size type if that
sanitizer wishes to avoid false positives.
Having said that, it's non-trivial for a sanitizer to diagnose signed
overflow, since that happens to work correctly
and in the way the programmer expected on many platforms.
More information about the Development
mailing list