Bug 1740616 - Modify the C++ style guide to prefer unsigned types and…

… CheckedInt. r=glandium DONTBUILD This commit resolves the question posed in [1], largely on the basis of the rationale put forth by emilio [2]. The reasons cited for using signed types boil down to (1) taking advantage of UB optimizations, (2) more tractable dynamic overflow analysis, and (3) increased chance of the surrounding logic identifying and rejecting overflowed values. Emilio points out that (1) is not a durable advantage. I see some value in (2) and (3), but I see more value in consistency with existing code and clear communication of semantic intent to the reader. [1] https://groups.google.com/a/mozilla.org/g/dev-platform/c/-h_2cz5APmY/ [2] https://groups.google.com/a/mozilla.org/g/dev-platform/c/-h_2cz5APmY/m/NPdl2uIhAgAJ Differential Revision: https://phabricator.services.mozilla.com/D130928
dothq · Nov 16, 2021 · 02e9792 · 02e9792
1 parent 6ed64bd
commit 02e9792
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/docs/code-quality/coding-style/coding_style_cpp.rst b/docs/code-quality/coding-style/coding_style_cpp.rst
@@ -392,6 +392,8 @@ C/C++ practices
 -  Use ``char32_t`` as the return type or argument type of a method that
    returns or takes as argument a single Unicode scalar value. (Don't
    use UTF-32 strings, though.)
+-  Prefer unsigned types for semantically-non-negative integer values.
+-  When operating on integers that could overflow, use ``CheckedInt``.
 -  Avoid the usage of ``typedef``, instead, please use ``using`` instead.
 
 .. note::