Michael Niedermayer (12019-12-09): > mixing unsigned and signed int of course works if one is aware of > * what is signed, what is unsigned > * exact semantics of expressions mixing them > * does not miss any corner cases
I think it is reasonable to demand from FFmpeg developers that they know enough C to be at ease with this. And for remembering exactly and not missing corner cases, there are compiler warnings. IIRC they are not enabled in FFmpeg, but they do lead to a much better code hygiene. > OTOH if everything is signed, then the developer does not need to worry > about these things, and its easier to remember "all is signed int" vs. > "these specific fields are unsigned" Indeed. Instead, if everything is signed, they have to worry about the many undefined behaviors attached with signed. Plus the risks that are not related to UB, like checking that an array index is small enough but forgetting to check non-negative. Considering the time you spent recently "fixing" signed integer overflows, I suspect you may be receptive to the fact that unsigned arithmetic is entirely specified. Regards, -- Nicolas George
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
