So supposing you have a type that can either be a uid_t or no value... Can you specify that the high bit on the uid_t cannot be set? I.e. prevent an explicit stuffing of negative values (or unsigned values that are bit-identical to negative ones in the corresponding signed types) into such a type?
That is the most explicit way I can think of to block this with a type system. If uid_t is 32 bits, you need a type that can either contain 31 bits or no value, to prevent that 32nd bit being stuffed into the syscall somehow.
That is the most explicit way I can think of to block this with a type system. If uid_t is 32 bits, you need a type that can either contain 31 bits or no value, to prevent that 32nd bit being stuffed into the syscall somehow.