To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CACSHbcQuW_NdcR1UfTs15HuR%3DD940kD9wuN2NhcC-dQ53h7JBA%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CABiGVV8fzLciSytXsFYtzDPzmSuhjqiS_q_PKcO63ZR62mocQg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/a5600d6a-67d4-4ec8-8ab3-04aaddb2e8d6%40chromium.org.
Given my druthers, I'd have POSIX, libc, and `base::File` all use uint64_t for sizes and offsets. Not ssize_t, size_t, or even off_t (whose width, and even signedness, you have to look up). Reasons: uint64_t is explicit about signedness and width; it's more than large enough to handle all practical sizes; it doesn't require any weird stuff like http://users.suse.com/~aj/linux_lfs.html; it's unambiguous across IPC, RPC, and hardware architectures; and semantics for overflow are defined because it's unsigned. (Although you should be using `base::checked_cast` and `base::CheckedNumeric` anyway.)
Chromium style guide already recommends size_t wherever it seems reasonable.
--
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/c8f6a142-e0f8-4d92-a1c0-408ea7153fe9%40chromium.org.
I'm with Chris on this one: it should be uint64_t for sizes and absolute offsets, and int64_t for relative offsets. Otherwise it forces everything that passes these values over IPC to do sanity checks: instead, we'd strongly prefer the types themselves express the constraints.
Daniel--On Wed, Oct 4, 2017, 15:57 Vladislav Kuzkokov <vkuz...@chromium.org> wrote:Sizes passed to Read* and Write* are sizes of a memory buffer. And we should try to avoid 2Gb contiguous buffers even on 64 bit systems.For file sizes and offsets base::File uses int64_t (always signed), so it's not functionally broken.--
On Wednesday, October 4, 2017 at 10:39:22 PM UTC+2, Peter Kasting wrote:On Wed, Oct 4, 2017 at 12:30 PM, Vladislav Kuzkokov <vkuz...@chromium.org> wrote:Chromium style guide already recommends size_t wherever it seems reasonable.Yes, and unless the API is constrained as I mentioned, it's not reasonable here. Files are not guaranteed to be small enough to fit in memory, so size_t is asking for overflow (much like int).PK
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/c8f6a142-e0f8-4d92-a1c0-408ea7153fe9%40chromium.org.
--
Chromium Developers mailing list: chromi...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-dev
---
You received this message because you are subscribed to the Google Groups "Chromium-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-dev/CAF3XrKr-pjQqyChgtxA8ACVQ6vLkpQVk-85EP-CCsi4LM%2BFcHQ%40mail.gmail.com.
Sizes passed to Read* and Write* are sizes of a memory buffer.
I'm with Chris on this one: it should be uint64_t for sizes and absolute offsets, and int64_t for relative offsets. Otherwise it forces everything that passes these values over IPC to do sanity checks: instead, we'd strongly prefer the types themselves express the constraints.Doesn't that follow for every thing we pass over ipc tho, in which case we should replace all size_t with uint64_t? afaik we just write uint64_t in the IPC defns for things that are size_ts in the c++ code, and that's worked out.