Re: size_t vs long.

[A via Libc-alpha <libc-alpha@sourceware.org>]

> >
> > But if size_t is used, then most probably, it will result in a crash -
>
> And I love that.  Crashing is the best thing you can do.  That tells me
> immediately that I wrote a bug.  Isn't that what we wanted in the first place?

No, I don't want a crash if I can get an error value returned back and
errno being set properly.

>
> > like malloc(-1) will crash the program because unsigned -1 is
> > 0xFFFFFFFF and this much memory is not available on today's computers
> > and probably may not be available at all in future also (RAM size of
> > 2^64 bits is really really huge).
>
> We're not so lucky with malloc(3), since it's virtual memory, and you won't get
> it all at once.  But yes, sooner or later, if you passed -1 to malloc(3), you'll
> see a crash, which is a Good Thing (tm).
>

I am programming since last 35 years and I haven't heard this kind of
logic before that crash is better than getting an error value returned
back and errno being set properly. And I have worked for companies
like Cisco Systems and Juniper Networks.

Crash is not a good thing otherwise things like checking the
validity/sanity of arguments passed in a function would not have
existed. If we all loved crashes then we would never check any
argument passed to a function. We would simply go ahead without
checking the arguments and let the function crash and then let the
user debug it. Getting an error value returned back and errno being
set properly is way more easier than debugging the crash. Debugging a
crash can take several man hours, but  by getting an error value back
and then checking errno can solve the issue very quickly.

> >
> > Another thing is that if size_t is used an array index then array[-1]
> > will result in wrong behavior or program crash. But with long, the
> > developer can check whether the index is negative, thus avoiding
> > program crash.
>
> And what do you plan to do when you detect -1 in your code?  Set errno to
> EPROGRAMMERNOTSMARTENOUGH and return -1 from your function?

Looks like you are trying  to make fun of me. I don't appreciate this.
However, you can set errno to something like - "ENEGATIVESUBSCRIPT".

Anyways, to shorten the discussion and making it to the point, I would
like to know why is size_t used in malloc() when a negative value
(passed by user by mistake) can crash the program. Using long and
checking for negative values can prevent the program from crashing.

Some people might say that user should check for value being negative
but for checking for negative values long is required, not size_t. So,
then the user will end up using long instead of size_t. So, in effect
using size_t in malloc is not correct (unless we get further insight
that explains why size_t is correct in malloc()).

Just saying that size_t is good and long is bad (in malloc()) without
any reasons will not make any sense.

Amit