Subject: Re: Making counts and lengths unsigned
To: Allen Briggs <briggs@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 04/14/2006 08:18:15
On Thu, Apr 13, 2006 at 10:52:08PM -0400, Allen Briggs wrote:
> 
> What would it help to have the values unsigned?  Would the code behave
> any less unreasonably if it got a really huge value instead of a
> negative value?

If we make them unsigned, the compiler will catch some (obviously
not all) errors that it can't catch now.

There's a bunch of code out there now that is "correct" only because
of unstated, unenforced invariants about the values of these fields.
If we want to add explicit checks for values that are too large,
that's another thing to consider; but I think the simplest way to
express the requirement that the values be > 0 is simply to make the
variable type say so.

-- 
  Thor Lancelot Simon	                                     tls@rek.tjls.com

  "We cannot usually in social life pursue a single value or a single moral
   aim, untroubled by the need to compromise with others."      - H.L.A. Hart