Using an operator[] on a type that takes size_t works great with unsigned types. They convert to primitives.
However operator[] on a pointer is built in and takes a signed ptrdiff_t. Converting from an unsigned value to signed ptrdiff_t could overflow and thus needs to check(). But we want implicit signed conversions to not compile.
There's no way I can think of to limit the conversions to only happening inside ptr[x]. If the compiler would convert that to *(ptr + x) then it would work fine, but it doesn't. It needs x to become ptrdiff_t.
Allowing conversion to ptrdiff_t also allows conversion to long (on linux) and int64_t which is much too broad.
What do?
- A method on unsigned types to check+convert?
- Expect code with pointer indexing to be converted to span/array/vector/etc first? This should be happening regardless but ordering dependencies are not good.
- Rewrite it to
*(ptr + x)?
- Introduce
-funsigned-pointer-index which adds a size_t overload???
- ???
Using an
operator[]on a type that takessize_tworks great with unsigned types. They convert to primitives.However
operator[]on a pointer is built in and takes a signedptrdiff_t. Converting from an unsigned value to signedptrdiff_tcould overflow and thus needs tocheck(). But we want implicit signed conversions to not compile.There's no way I can think of to limit the conversions to only happening inside
ptr[x]. If the compiler would convert that to*(ptr + x)then it would work fine, but it doesn't. It needsxto becomeptrdiff_t.Allowing conversion to
ptrdiff_talso allows conversion tolong(on linux) andint64_twhich is much too broad.What do?
*(ptr + x)?-funsigned-pointer-indexwhich adds asize_toverload???