Monday, January 3, 2022

Almost Always Unsigned

Dale Weiler (via Richard Geldreich):

There are a lot of arguments against the use of unsigned integers. Let me explain why I think they’re mostly incorrect.


Trap representations are actually quite insufficient as they can only trigger at runtime when those paths are successfully executed with the correct trap-producing inputs. This coverage is impossible to expect in any non-trivial program even with exhaustive unit testing. The idea is also incompatible in many contexts such as library code where you almost never want the library to panic, but rather all errors be recoverable by the calling application code, or in service-availability sensitive code which must not be susceptible to denial of service attacks, where a panic is pretty much not acceptable.


The reality is that the use of signed and unsigned paints all your integers red or blue, respectively. What color is Your Function. The more of one you use, the more likely it is everything will also share the same signedness regardless of if it’s appropriate. Since most integers never require representing negative values, I personally think it’s more appropriate to paint everything blue in this case.


In many ways signed integers are the null pointers of integers.


Comments RSS · Twitter

Leave a Comment