Paul Eggert <eggert@cs.ucla.edu> schrieb am Fr., 20. Nov. 2015 um 01:03 Uhr:

> On 11/19/2015 03:57 PM, Philipp Stephani wrote:
> > Thanks. I saw you changed some other members to ptrdiff_t (the public
> > size members of emacs_runtime and emacs_env), is that intentional, and
> > if so, what is the reason?
>
> As a general rule, in Emacs source code we prefer signed arithmetic to
> unsigned, because the latter is so error prone when it comes to
> comparisons. Also, signed arithmetic allows for better low-level
> checking, e.g., with -fsanitize=undefined. (There are a few exceptions,
> e.g., hash values, but they're relatively rare.)  So the module
> interface should encourage the use of signed integer arithmetic when
> possible.
>

This is generally a good practice.
However for the size members I think there's still a slight advantage in
using size_t. This member will typically be used as follows:

if (env->size >= sizeof *env) {
  // good, object is at least as big as expected
} else {
  // Emacs is too old
}

The return type of sizeof is size_t. Using ptrdiff_t for the size member
means that this is now a comparison between types of different signedness.
Such comparisons are rather subtle, and compilers warn about them (e.g.
clang with -Wextra). So I'd suggest th avoid such comparisons. As we never
do any arithmetic with the size members, the wrap-around behavior is not an
issue in this case.


>
> It might also be useful to support modules that, for whatever reason,
> cannot deal with signed integers and must use unsigned integers. That
> could be something we add later, if necessary.
>

I think we always expect a reasonably standard C or C++ compiler, which has
to support signed integers.


>
> > Anyway, emacs-module.h now lacks an #include <stddef.h>.
>
> Thanks, fixed now.
>