EPICS Home EPICS Controls Argonne National Laboratory

Experimental Physics and
Industrial Control System

Format page
for printing


Search Tech-talk
2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>
Subject: RE: Fundamental Types document / unsigned integers
From: "Jeff Hill" <[email protected]>
To: "'Benjamin Franksen'" <[email protected]>, <[email protected]>
Date: Thu, 23 Jun 2005 18:40:51 -0600 

> -----Original Message-----
> From: Benjamin Franksen [mailto:[email protected]]
> Sent: Friday, June 17, 2005 8:12 PM
> To: [email protected]
> Subject: Re: Fundamental Types document / unsigned integers
> 
> On Saturday 18 June 2005 02:15, Jeff Hill wrote:
> > > I would argue that this is also mostly valid in C/C++, where
> > > arrays are always indexed starting with zero.
> >
> > There are many integer variables/parameters, other than array
> > indexes, that should never be allowed to be negative, and will cause
> > unexpected behavior if they are allowed to be negative.
> 
> Yes, of course. Almost none of the functions we write are total. Most
> require some precondition on the parameters or the state of the world
> or some object, in order to not cause random crashes. The case of
> integers that are not allowed to be negative is merely one of them, and
> furthermoer one that is quite easily avoided by a modest amount of
> programmer discipline. And I know of very few examples where /only/ a
> lower bound has to be observed, but no upper.

When producing robust code that is to be used by many users (you never know
what users will do) one must sanity check incoming parameters. This is
easier, and faster, with unsigned interfaces. 

> 
> > > Furthermore, with regard to the efficiency question (only one
> > > range-check for upper bound instead of two for upper and lower),
> > > in  C/C++ you are always free to apply the zero-cost type cast
> > > from signed to unsigned, thereby mapping negative numbers to
> > > large positive ones, and then range-test only for the upper bound.
> >
> > Such type casts might not be portable. Also, this isn't so much of a
> > CPU efficiency issue as a programming efficiency issue. If it takes
> > time to write the code to do the check it's less likely to be checked
> > and strange and mysterious bugs are more likely to find a place to
> > roost.
> 
> Yes, the more bugs are detected statically, the better. I need not be
> convinced of the merits of static type checking. But with unsigned
> integers in addition to signed ones, this gain in safety is very, very
> minor. OTOH, including unsigned integers in a generic interface makes
> it a lot more complicated. Complicated interfaces cause errors, too.
> Note: I agree with your sentiment in general, but I just think in this
> case the complication is not worth the cost.

IMHO, the unsigned type removes complication - it has less range that can be
wrong.

IMHO, most serious code failures occur because:
O untested paths in the code
O unchecked request variables

> 
> IMO, unsigned integers make sense mostly for low-level programming, such
> as register access or memory management code. Thus, you may need it for
> programming on the IOC but I doubt it makes much sense for client
> applications, except when and where they want to monitor raw hardware
> values for diagnostics.

IMHO, the reduced range is desirable in many circumstances.

> 
> Another question is this: Will DA even work without unsigned integers? I
> ask because it is not clear to me which of the overloaded member
> functions would be called if you give an unsigned but there are only
> functions for signed ints defined. Will the unsigned values be silently
> promoted or casted? Note that this problem does not exist in Java,
> because there we simply have no unsigned ints, thus no problem.
> 

There are overloaded interface virtual functions for all C++ primitive types
(or in some cases all promoted C++ primitive types).

> So maybe it is correct to have unsigned in the C++ DA, but not in the
> Java DA?

Yes, given that a property is defined by standard to have a particular
dynamic range then we will need to avoid standardizing an integer range that
would not be expressible with a JAVA integer. AFAICT that is on 32 bit hosts
just INT_MAX < n <= UINT_MAX. For really big numbers floating point should
be used. 

Didn't I hear someone say that JAVA has a special type for bit masks? If so,
then wouldn't it be possible to implement special conversions in the JAVA
implementation of data access mapping between C++ unsigned integer types and
the JAVA bit mask types.

Jeff
Replies:
Re: Fundamental Types document / unsigned integers Benjamin Franksen
References:
Re: Fundamental Types document / unsigned integers Benjamin Franksen
Navigate by Date:
Prev: Re: Fundamental Types document / unsigned integers Benjamin Franksen
Next: Re: Fundamental Types document / unsigned integers Benjamin Franksen
Index: 2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: Re: Fundamental Types document / unsigned integers Benjamin Franksen
Next: Re: Fundamental Types document / unsigned integers Benjamin Franksen
Index: 2002  2003  2004  <20052006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
ANJ, 02 Feb 2012 Valid HTML 4.01! · Home · News · About · Base · Modules · Extensions · Distributions · Download ·
· Search · EPICS V4 · IRMIS · Talk · Bugs · Documents · Links · Licensing ·