View mode: basic / threaded / horizontal-split · Log in · Help
December 12, 2012
For a Safeint
This post grows from the "Re: OT (partially): about promotion of 
integers" thread.


>What you (and anyone else) *can* do, today, is write a SafeInt 
>struct that acts just like an int, but checks for overflow. It's 
>very doable (one exists for C++). Write it, use it, and prove 
>its worth. Then you'll have a far better case. Write a good one, 
>and we'll consider it for Phobos.<

There are some issues to be faced (and solved) before the 
creation of a Safeint implemented in library D code:


1) A Safeint (or SafeInt) should be usable in code written to use 
ints, unints, shorts, ubytes, and so on, as much as possible. 
This means I think code like this should be supported (this is a 
mix of D language design issue, and DMD implementation bugs):

alias safeint = SafeInt!(int.min, int.max);
struct Foo {
    safeint x;
    void bar() { x++; }
safeint[10] a;
a[] = 1;
safeint i = 5;
foreach (j; 0 .. i) {}
safeint z = true;
safeint y;
i = y = 5;
safeint[] a2 = [1, 2, 3];
safeint[safeint] a3 = [1:1, 2:2, 3:3];

Another problem:

Later, once safeints are implemented, some library support will 
be useful:

safeint[10] a;
safeint i = 5;
writeln("%10d", a[i]);
auto r = iota(i);
auto s = to!string(i, 5);


2) Safeints should be efficient, this means to access the CPU 
overflow flags they need to contain both asm and a fallback D 
implementation. But to be efficient DMD has to inline those 
functions in both cases. (LDC is sometimes able to inline 
functions that contain asm.)


3) How do you tell the D front-end that a Safeint should support 
the normal algebraic simplifications supported by built-in ints? 
I have suggested a not enforceable attribute to tell the D 
compiler such user defined structs support such proprieties and 


4) How do you perform compile-time expression range-analysis on 
safeInts too? So code like this doesn't compile:

safeint x = long.max; // Compile-time error.
alias safeubyte = SafeInt!(ubyte.min, ubyte.max);
ubyte y = 50;
safeubyte z = y + 230;


In the end is it harder to implement all this for a 
library-defined struct, or it's simpler to just add a safeint to 
the D language? (The library defined solution allows those 
improvements to be used for other future user-defined types).

December 12, 2012
Re: For a Safeint
In the meantime in another thread Walter has given some answers:

Top | Discussion index | About this forum | D home