From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,635cd9622b25ae59
X-Google-Attributes: gid103376,public
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news2.google.com!news2.google.com!news3.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!newsfeed00.sul.t-online.de!t-online.de!130.59.10.21.MISMATCH!kanaga.switch.ch!news-zh.switch.ch!switch.ch!cernne03.cern.ch!cern.ch!news
From: Maciej Sobczak <no.spam@no.spam.com>
Newsgroups: comp.lang.ada
Subject: Re: Type safety, C++ and code generation
Date: Fri, 28 Apr 2006 07:57:09 +0200
Organization: CERN - European Laboratory for Particle Physics
Message-ID: <e2sark$65f$1@sunnews.cern.ch>
References: <e2q6p8$idj$1@sunnews.cern.ch>
   <1146143954.169807.207080@t31g2000cwb.googlegroups.com>
   <e2qj9l$edt$1@sunnews.cern.ch>
 <1146148380.102042.119860@y43g2000cwc.googlegroups.com>
 <e2qn8t$n13$1@sunnews.cern.ch>
 <445101bf$0$11061$9b4e6d93@newsread4.arcor-online.net>
NNTP-Posting-Host: abpc10883.cern.ch
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: sunnews.cern.ch 1146203828 6319 (None) 137.138.37.241
X-Complaints-To: news@sunnews.cern.ch
User-Agent: Mozilla Thunderbird 1.0.8-1.4.1.SL (X11/20060424)
X-Accept-Language: en-us, en
In-Reply-To: <445101bf$0$11061$9b4e6d93@newsread4.arcor-online.net>
Xref: g2news2.google.com comp.lang.ada:3972
Date: 2006-04-28T07:57:09+02:00
List-Id: <comp.lang.ada>

Georg Bauhaus wrote:

>>type ranged_type<int, 0, 250> Speed;
>>Speed s1, s2, s3; // with some values
>>s1 = s2 + s3; // OK
>>s1 = s2 * s3; // not OK
>>
>>The addition is fine, but the multiplication should not be provided,
>>because speed multiplied by speed is not a speed. Can you extend your
>>class so that the compiler will refuse to compile the second operation
>>above?
>>(Ada, anyone? :) )
> 
> 
> Just so it is visible:
> 
> 
> procedure useop is
> 
>    s1, s2, s3: SPEED;  -- with some values
> 
> begin
>    s3 := s1 * s2;
> end useop;
> 
>      8.    s3 := s1 * s2;
>                     |
>         >>> cannot call abstract subprogram "*"
> 
> where
> 
> package Op is
> 
>    type SPEED is range 0 .. 250;
> 
>    function "*"(a, b: SPEED) return SPEED is abstract;
> 
> end Op;

I like it, although there is some potential problem with this approach. 
It uses the "negative logic" - in other words, specifies what is 
forbidden, not what is allowed - so it's more prone to errors than the 
"positive logic", where you specify what *is* supported instead. In the 
"positive logic" approach you can start with the default setting (no 
operations) and the compiler will point you to each new operation usage 
in your code - then, you can either consciously extend the type 
definition to cover the new use case or reject it if it was a bug. It's 
much more cumbersome with the "negative logic", where the default 
setting provides no protection at all.


-- 
Maciej Sobczak : http://www.msobczak.com/
Programming    : http://www.msobczak.com/prog/