hostilefork
commented
10 years ago I've removed all the unsigned usages and gone to int for now.
Moving to SafeInt is not a sensible priority at this time, but may become so later...so I'll leave this open. (It is the flagship program built on the "pathological application framework", after all.)
A decade ago I believed there was a type safety and documentation purpose to correctly marking the signed intent of values in C++.
It's true there is documentation value, but the safety is perhaps worse than it would be otherwise. And even at this time--in 2014--only clang offers compiler support for exceptions on numeric overflows:
http://stackoverflow.com/questions/199333/best-way-to-detect-integer-overflow-in-c-c
Using
maybe_castI put in some checks that have not really caught any significant bugs to speak of (as a data point).There are stronger "Safe Integer" classes, one of which I know about is SafeInt:
http://safeint.codeplex.com/
It hasn't been updated in a few years, and doesn't seem to have broad usage. There are competing efforts arising in boost--possibly some other places.
While mostly these are used in sensitive situations where the extra effort involved is considered "truly worth it", the particular pathology I'm going for is trying to check as much of an application's logic at compile time as possible (without switching to a functional programming language; staying within the C++ code/library paradigm).
Some experiments will be required to determine the reasonable course of action.