But if you do any sort of math on those sizes then you probably want them to be signed anyway to avoid -1 rolling over to UINT_MAX and bugging out your system. Automatic signed to unsigned type coercion is extremely bug prone, so better avoid using unsigned integers entirely unless you never want to use them in math formulas. You avoid many more bugs by limiting collections to 2 billion than by mixing signed and unsigned integers. I have never had a bug related to signed collection sizes, but I have had a lot of bugs related to unsigned to signed casts.
When I write algorithmic code based on collections, the math is usually done on offsets, not sizes. And since negative offsets don't exist, situations where they could arise require explicit handling anyway.
As I work in bioinformatics, the in-memory collections tend to be pretty large. While the arithmetic is usually done with 64-bit integers, it often makes sense to store the numbers in 32 bits to save space. And since the length of a human genome is ~3 Gbp, that means unsigned 32-bit integers. Signed 32-bit integers are just bugs waiting to happen.
And sometimes the integers are stored in bit-packed arrays, where the width could be 29 bits, 33 bits, or something like that. Those are much easier and less error-prone with unsigned integers.
There is no automatic signed to unsigned coercion in Rust, so maybe that's why I don't have that problem. And I almost entirely use unsigned, even when doing math on sizes, so I never mix them. The only place one has to be careful is subtraction.
> Automatic signed to unsigned type coercion is extremely bug prone
When adding unsigned int as a language feature, don't we get to make up the rules? It seems like we can choose to make the rules not awful; we are not beholden to what C++ has done.
> But if you do any sort of math on those sizes then you probably want them to be signed anyway to avoid -1 rolling over to UINT_MAX and bugging out your system.
Both are shit and will create bugs if you let them through, doesn't make much a difference.
In fact there are languages which allow negative indices, in which going to -1 is a lot worse, because that's a valid index, just a nonsensical one.
> Automatic signed to unsigned type coercion is extremely bug prone, so better avoid using unsigned integers entirely unless you never want to use them in math formulas
Or you can just not have "automatic signed to unsigned type coercion" in the first place. Or any sort of automatic coercion for that matter.
> You avoid many more bugs by limiting collections to 2 billion than by mixing signed and unsigned integers.
Hell you'd avoid many more bugs by limiting collections to 32000 too!
> I have had a lot of bugs related to unsigned to signed casts.
I've had a lot of bugs related to signed to signed casts.
That doesn't say anything about signed values, that says something about casts.
