From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS22989 209.51.188.0/24
X-Spam-Status: No, score=-3.7 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS
	shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 7E7A91F8C6
	for <normalperson@yhbt.net>; Sun, 29 Aug 2021 09:57:10 +0000 (UTC)
Received: from localhost ([::1]:49284 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1mKHYr-00089N-6v
	for normalperson@yhbt.net; Sun, 29 Aug 2021 05:57:09 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34982)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bruno@clisp.org>) id 1mKHYn-00089B-UJ
 for bug-gnulib@gnu.org; Sun, 29 Aug 2021 05:57:06 -0400
Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.24]:30574)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <bruno@clisp.org>) id 1mKHYk-0001ur-3j
 for bug-gnulib@gnu.org; Sun, 29 Aug 2021 05:57:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1630231017;
 s=strato-dkim-0002; d=clisp.org;
 h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date:
 From:Subject:Sender;
 bh=NEEW0MbEM4ElEc8NZ0AgLRuFdz1qbdJsViqM5wFI+0k=;
 b=iYhcldgUa5s9Zm4HL8BNgLpmM3Bmc8LNETDihEW9guC4mXXCa+gbtLgG8Sn3KdzsTX
 7afxPmfZ7X5/JNaJIXDmm+eroaE4yrXBmcf4Kz/Z4Y/YjQGAag47wCLL433MjQ4jZDxy
 QT0FlrzKY6JO3Ctarm0lMT4ruDxhs+z68jnzvB3hwwXnnEhSsjOTiwgmyu511Bw7p/fA
 659u4AaNY5YiXe2K92AK4gxbL1+jdOcaYyKnSjDvn1cclneFy6X99MaLCijF7nqhs2P6
 76L/lA16rqFokxT+KjZbmiDPMwRYS6NzE9lwO9GgRGLDbf6dettr5HMMGxsmmPCjSICA
 GIIg==
Authentication-Results: strato.com;
    dkim=none
X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94z26ll5ip69ul0iGsqz23qGdf6ocUvVBxZEOAQ=="
X-RZG-CLASS-ID: mo00
Received: from omega.localnet by smtp.strato.de (RZmta 47.31.0 AUTH)
 with ESMTPSA id I0beb9x7T9uvpsM
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits))
 (Client did not present a certificate);
 Sun, 29 Aug 2021 11:56:57 +0200 (CEST)
From: Bruno Haible <bruno@clisp.org>
To: Simon Josefsson <simon@josefsson.org>
Subject: Re: [PATCH] base32, base64: prefer signed to unsigned integers
Date: Sun, 29 Aug 2021 11:56:56 +0200
Message-ID: <4787795.FjKLVJYuhi@omega>
In-Reply-To: <87tuj8pspu.fsf@latte.josefsson.org>
References: <20210827222756.530247-1-eggert@cs.ucla.edu>
 <87tuj8pspu.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="UTF-8"
Received-SPF: none client-ip=85.215.255.24; envelope-from=bruno@clisp.org;
 helo=mo4-p00-ob.smtp.rzone.de
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001,
 SPF_NONE=0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: Paul Eggert <eggert@cs.ucla.edu>, bug-gnulib@gnu.org
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

Hi Simon,

> I'm not sure I understand why idx_t is better than size_t
> here, can you elaborate?  Why not ssize_t?

You find a detailed explanation in the comments of idx.h.

> Maybe a compromise is to
> keep the old API but add new APIs with idx_t types and the
> implementation of the old functions uses the new one.

The objective is to eliminate bugs due to the use of unsigned types
for numerical values. We can achieve it only by increasing the use
of signed types such as 'idx_t'. If we keep the old function,
it needs to be marked with __attribute__ ((__deprecated__)), otherwise
existing code will continue to use the old function forever.

Such a compromise comes with a cost: extra function names, that will
stick around for a long time. Here, since size_t and idx_t have the
same size at the binary level, the churn is limited: only the functions
with a ctx argument have changed the element type of a pointer arguments,
and despite warnings, no wrong code will be executed =E2=80=94 except where=
, like
in the test suite, a value > SIZE_MAX / 2 is passed as argument.

Bruno