On Wed, 17 Jan 2007, Richard Guenther wrote: | On 17 Jan 2007 16:36:04 -0600, Gabriel Dos Reis <[EMAIL PROTECTED]> wrote: | > Paolo Carlini <[EMAIL PROTECTED]> writes: | > | > | Joe Buck wrote: | > | | > | >In the case of the containers, we are asserting/relying on the fact that | > | >the pointer difference is zero or positive. But this has become a | > | >widespread idiom: people write their own code in the STL style. If STL | > | >code now has to be fixed to silence warnings, so will a lot of user code. | > | > | > | Good point. About it, we should also take into account the recent | > | messages from Martin, pointing out that many C++ front-ends do not | > | warn for signed -> unsigned. | > | > I just built firefox (CVS) with GCC mainline. The compiler spitted | > avalanches of non-sensical warning about conversions signed -> | > unsigned may alter values, when in fact the compiler knows that | > such things cannot happen. | > | > First, let's recall that GCC supports only 2s complement targets. | > | > Second, a conversion from T to U may alter value if a round trip is | > not the identity function. That is, there exists a value t in T | > such that the assertion | > | > assert (T(U(t)) == t) | > | > fails. | | I think it warns if U(t) != t in a mathematical sense (without promoting | to the same type for the comparison), so it warns as (unsigned)-1 is | not "-1".
Except that in the mathematical sense, it does not make sense. The denotational domain for unsigned is not the set of natural numbers. Rather, it is Z/nZ for appropriate n. So, to compare an element in Z/nZ with an element in a segment [M..N] does not make much sense without further elaboration (which would reveal that the notion is flawed). That elaboration that needs injections and projections. Those are precisely denoted by the implicit conversions mentioned above. -- Gaby
