www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - Re: opImplicitCast/opImplicitCastFrom

reply bearophile <bearophileHUGS lycos.com> writes:
A possible Pascal-inspired syntax to specify the bounds of all integral values:

typedef int : 1 .. 7 TyDice1; // int in [1, 6]
typedef ubyte : 1 .. 7 TyDice2; // ubyte in [1, 6]
typedef ubyte : 1 .. 300 TyWarriors; // compilation error
int : 1 .. 1000 i; // int in [0, 999]
ubyte ub; // the same as  ubyte : 0 .. 256 ub;
char : 'a' .. 'z'+1 c; // char in [a, z]

Possibile alternative syntax:

typedef int TyDice1 : 1 .. 7; // int in [1, 6]
typedef ubyte TyDice2 : 1 .. 7; // ubyte in [1, 6]
typedef ubyte TyWarriors : 1 .. 300; // compilation error
int i : 1 .. 1000; // int in [0, 999]
ubyte ub; // the same as  ubyte ub : 0 .. 256;
char c: 'a' .. 'z'+1; // char in [a, z]

Plus some syntax to locally enable/disable the bound checks (-release disables
them globally):

unsafe(integral, bounds) {
    // here both array bounds and integral bounds aren't checked
    ...
}

Bye,
bearophile
Oct 30 2008
parent reply Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
bearophile wrote:
 A possible Pascal-inspired syntax to specify the bounds of all integral values:
 
 typedef int : 1 .. 7 TyDice1; // int in [1, 6]
 typedef ubyte : 1 .. 7 TyDice2; // ubyte in [1, 6]
 typedef ubyte : 1 .. 300 TyWarriors; // compilation error
 int : 1 .. 1000 i; // int in [0, 999]
 ubyte ub; // the same as  ubyte : 0 .. 256 ub;
 char : 'a' .. 'z'+1 c; // char in [a, z]
 
 Possibile alternative syntax:
 
 typedef int TyDice1 : 1 .. 7; // int in [1, 6]
 typedef ubyte TyDice2 : 1 .. 7; // ubyte in [1, 6]
 typedef ubyte TyWarriors : 1 .. 300; // compilation error
 int i : 1 .. 1000; // int in [0, 999]
 ubyte ub; // the same as  ubyte ub : 0 .. 256;
 char c: 'a' .. 'z'+1; // char in [a, z]

Why worry about syntax? The use of typedefs makes syntax even less relevant in the examples above, as users would emply the typedef'ed names, not the nice interval notations. I'm thinking maybe we should start with library types. The nice thing about those is that they allow you to specify infinite behavioral variations via policies. For example, you'd want to choose the behavior on overflow to be e.g. throwing, unchecked, or wraparound: typedef Bounded!(int, 1, 7, OnOverflow.nocheck) TyDice1; typedef Bounded!(char, 'a', 'z', OnOverflow.throwing) TyLowercaseAscii; ... I do agree that syntax may constitute an acceptance threshold, i.e. users may be willing to use a particular feature only if it also comes packaged with an easy-enough syntax.
 Plus some syntax to locally enable/disable the bound checks (-release disables
them globally):
 
 unsafe(integral, bounds) {
     // here both array bounds and integral bounds aren't checked
     ...
 }

That would be more interesting because it can't be done conveniently via a library. Andrei
Oct 30 2008
next sibling parent reply bearophile <bearophileHUGS lycos.com> writes:
Andrei Alexandrescu:
 Why worry about syntax?

Because from past experience I have seen that having a suitable syntax helps focus the mind a little. While when I discuss a feature in "abstract" most people just ignore what I have written. And because the absence/presence of a natural-looking syntax is often a sign that the semantics of something is muddy/clear.
 The nice thing 
 about those is that they allow you to specify infinite behavioral 
 variations via policies. For example, you'd want to choose the behavior 
 on overflow to be e.g. throwing, unchecked, or wraparound:

It's also useful to follow the 80/20 rule, to avoid making the semantics of this overly complex, increasing the complexity to give the programmer the possibility of specifying cases that aren't common. That's why the lambdas of C++ have an horrible design, they are over-generalized, while 95% of the times people need just a basic lambda (and in the other 5% of the cases the user can write a normal function/class manually). The "wraparound" seems not much useful to me. Bye, bearophile
Oct 30 2008
parent Andrei Alexandrescu <SeeWebsiteForEmail erdani.org> writes:
bearophile wrote:
 Andrei Alexandrescu:
 Why worry about syntax?

Because from past experience I have seen that having a suitable syntax helps focus the mind a little. While when I discuss a feature in "abstract" most people just ignore what I have written.

I agree many people can work easier on concrete examples.
 And
 because the absence/presence of a natural-looking syntax is often a
 sign that the semantics of something is muddy/clear.

I do not agree with that. I can't see myself at the end of a train of thoughts leading to the above, as right now I have (as far as D is concerned) an embarrassment of riches in terms of concepts that are well-understood but for which devising a simple syntax is difficult. Saving on syntax can have many other causes, most of which are prevalent in a language that tries to stay slim. Put another way, there are much more things that are clear without a simple syntax, than things that are unclear with a simple syntax.
 The nice thing about those is that they allow you to specify
 infinite behavioral variations via policies. For example, you'd
 want to choose the behavior on overflow to be e.g. throwing,
 unchecked, or wraparound:

It's also useful to follow the 80/20 rule, to avoid making the semantics of this overly complex, increasing the complexity to give the programmer the possibility of specifying cases that aren't common. That's why the lambdas of C++ have an horrible design, they are over-generalized, while 95% of the times people need just a basic lambda (and in the other 5% of the cases the user can write a normal function/class manually). The "wraparound" seems not much useful to me.

But the wraparound is probably the most principled of all; it's linked to modulo arithmetic. Anyhow... I'm not an expert on C++ lambdas. How are they overly general? Andrei
Oct 30 2008
prev sibling parent reply Janderson <ask me.com> writes:
Andrei Alexandrescu wrote:
  > typedef Bounded!(int, 1, 7, OnOverflow.nocheck) TyDice1;
 typedef Bounded!(char, 'a', 'z', OnOverflow.throwing) TyLowercaseAscii;
 ...
 
 I do agree that syntax may constitute an acceptance threshold, i.e. 
 users may be willing to use a particular feature only if it also comes 
 packaged with an easy-enough syntax.
 
 Plus some syntax to locally enable/disable the bound checks (-release 
 disables them globally):

 unsafe(integral, bounds) {
     // here both array bounds and integral bounds aren't checked
     ...
 }

That would be more interesting because it can't be done conveniently via a library. Andrei

Will bounds include subtypes /subranges AKA ADA? -Joel
Nov 01 2008
parent bearophile <bearophileHUGS lycos.com> writes:
Janderson:
 Will bounds include subtypes /subranges AKA ADA?

I presume the answer is yes, because subranges of ranges/enums are often useful. Another feature: unsafe(integral, bounds, stack) { // here both array bounds, integral bounds and stack bound and aren't checked ... } Now that part of the program has stack bound checks too. Note all such checks are already present in the current FreePascal (Open Source) compiler: http://lazarus-ccr.sourceforge.net/fpcdoc/prog/progsu100.html http://www.freepascal.org/docs-html/prog/progsu62.html Just that the performance of FreePascal is quite similar to the performance of DMD (but for that performance you have to disable checks in the inner loops): http://shootout.alioth.debian.org/gp4/benchmark.php?test=all&lang=fpascal&lang2=dlang Some links on related topics: http://www.fefe.de/intof.html https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/coding/312-BSI.html http://www.codeplex.com/SafeInt http://www.ddj.com/security/193501774 http://www.boost.org/doc/libs/1_32_0/libs/numeric/conversion/doc/numeric_cast.html Bye, bearophile
Nov 01 2008