Re: Beware: Rep spec on an enumeration type causes code explosion

[dewar@merv.cs.nyu.edu (Robert Dewar)]

Matthew Heaney says

<<This is a seriously wrong way to build safety-critical software.  As a
matter of fact, it's a wrong way to build *any* software.  You are quite
correct in pointing out that it is "pretty horrible."

As John Volan wisely pointed out, create holey types for use at the
EXTERNAL INTERFACE ONLY.  You should have an "interface object,"
implemented as a layered machine, to manage communication with each
external device.  The machine has three purposes: to read in the data from
the hardware, verify that the data received is valid, and then convert that
data from interface format to application format.
>>>

I strongly disagree. In fact this particular example, of Booleans that
differ by multiple bits, is one of the strong justifications in past
discussions of keeping holey enumeration types in the language. Note that
in this case it is in practice quite unusual to have loops through Boolean,
or arrays with a Boolean subscript, so typically there is ZERO overhead
in using this representation, and you get the one-bit-clobbered protection.

If you convert these boolean values to application format, you are introducing
an unnecessary lack of safety at the hardware level, namely a sensitivity to
undectable one-bit errors that does not exist with the non-standard
representation.

This is an entirely appropriate way to use this feature, and the language
was deliberately designed to facilitate this usage.

I see nothing 'pretty horrible' about this approach, and it is a commonly
used one. Brian Wichman has pointed this particular usage out on a number
of occasions and explained why it is important (indeed as I remember there
are contexts in which coding standards *require* this kind of approach,
and such standards make good sense to me!)

Robert Dewar