Unsigned sizes: a five year mistake
Posted by Dear-Economics-315@reddit | programming | View on Reddit | 14 comments
Posted by Dear-Economics-315@reddit | programming | View on Reddit | 14 comments
dgkimpton@reddit
This is really just a long handed way of saying "I don't like type safety so I decided to simply not care about it" which is certainly a choice.
Noxitu@reddit
But in order to have type safety you need to pick one: either you use signed for sizes or you make subtraction of two unsigned integers signed.
dgkimpton@reddit
How is this a complaint? What is wrong with it? There's an edge case there that you very much need to pay attention to, it's perfectly reasonable to have the type system call this out.
Noxitu@reddit
The fact that difference of two unsigned numbers can be negative is not an edge case - it is bad abstraction.
The way I see it, type system and specifically the signed/unsigned split is just not the correct way to model that a number is required to be non-negative. Because type describes not just the range of values of something, but also its operations. Unsigned operations are not appropieate for type representing size - independently of whether they work in modulo ring, or if they panic on underflows.
Just like this article, this is also acknowledged by people working on C++. And while C++ wont fix that mistake, it is working on the way that should be better tool for that - contracts. Although I am not up to date with those proposals to know how this will turn out in practice.
dgkimpton@reddit
I don't see what you mean...
Unsigned minus unsigned might be negative - usually it won't be but it could be which is the edge case you need to worry about.
The size of something can never go negative which makes unsigned a valid representation. The difference between sizes can absolutely go negative, and so there signed is the correct abstraction.
Once you've validated that a particular instance doesn't go negative (either because of domain knowledge not available to the compiler or by inserting a check) then you are free to make it unsigned again.
Now, you can claim this gets in the way of some optimisations, and maybe it does, but that doesn't make it funamentally wrong.
The fix can't be to make sizes signed, because a negative size is always a mistake.
Noxitu@reddit
The fact you say unsigned minus unsigned is an edge case, but size minus size can absolutely go negative are a hint you also consider them as slightly different "things" (types).
The bottom line is that when you are designing "size" type in C-like languages (although it probably extends to most low level languages) you can either have a type that can represent negative values, or a type for which minus operator doesn't yield a difference. Neither of those is what we would like from size - and many language designers think that not having error-prone difference would've been a better choice.
And as they have already proposed - there are different, and most likely better ways to represent a notion that an argument must be non-negative than making it unsigned. Because the type of the value should match what you are going to do with it - and you are likely going to do math with sizes.
SirDale@reddit
Yep, he gives the game away here...
"Let’s say the code was originally written to cast an
u16tou32, but later the variable type changes fromu16tou64and the cast is now actually silently truncating things."Ada has a very robust and unique type system that works well for integers - none of what he says here would be a problem at all.
That's he's ignorant of these approaches is sad.
demosdemon@reddit
How many times is this going to be posted? At least post it with commentary.
FullPoet@reddit
Is it my turn to post it today?
Trang0ul@reddit
A description should be mandatory. I'm fed up with "posts" containing links only (even worse: links to OP's personal stuff).
Jaded-Asparagus-2260@reddit
What? Reddit was (and still is) a link aggregator. Posting links and discussing them in the comments is one of its primary features.
Trang0ul@reddit
So the OP should start the discussion, not just post random links and hope for upvotes. Even a brief introduction would be welcome.
Jaded-Asparagus-2260@reddit
Well, agree to disagree. But a good discussion also requires that differing opinions are not downvoted. The blue arrow is not a disagree button.
sweetno@reddit
But how would you represent an array filling the entirety of 64-bit memory space?! ^/s