Hi Tiago,

> While indexing very high values is dubiously wrong, indexing negative values is unquestionably wrong.

Out of bounds access is just wrong, no matter which side. I don’t think it makes sense to make a distinction here.

Indexes are often pointed to as an example where unsigned is natural since negatives don’t make sense but the problem is unsigned doesn’t really provide any safety. I think this cppcon lightning talk explained it better than I can:

https://youtu.be/wvtFGa6XJDU?si=iv5F5-SI9xQn-x4X. Additionally Bjarne’s paper offers a thoughtful argument as to why indexes and sizes should just be signed:

https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2019/p1428r0.pdf

> Plus, if you make indexing signed you would need to perform double side bounds checking of indexes, while with unsigned you just need to do a one side bounds check since unsigned values can not be smaller than 0.

Fortunately this can actually codegen the same as a traditional unsigned comparison so I don’t think it should be a concern:

https://godbolt.org/z/P7xTbxWhW

Cheers,

Jeremy

On Tue, Dec 10, 2024 at 00:32 Tiago Freire <tmiguelf@hotmail.com> wrote:

I agree with making things uniform, but I completely disagree with making "signed" the default interface for indexing.

While indexing very high values is dubiously wrong, indexing negative values is unquestionably wrong.
There's no such thing as negatively indexing into an array, that is always wrong (even if achieves the exact same effect as a too high number), there's also no such thing as a container with a negative amount of slots.
Plus, if you make indexing signed you would need to perform double side bounds checking of indexes, while with unsigned you just need to do a one side bounds check since unsigned values can not be smaller than 0.
Signed integers are weird.
Unsigned integers should be the default, not the exception.