On Friday, 24 January 2014 at 13:30:06 UTC, Meta wrote:
On the Rust mailing list, there's recently been discussion
about auto-promotion to BigInt in case of overflow. Maybe
that's a discussion we should be having as well?
Nice idea. But is any overflow known at compile-time?
Also really unexpected auto-type...
I had something very simple in mind:
1) get rid of the asymmetric T.min value
that always causes problems with abs()
2) instead use this special value as NaN
3) let NaN be the init-value of the signed types
4) let every over-/underflow result in NaN
5) let every operation involving NaN result in NaN
5) let any cast from other types to the save
signed types check range and set NaN if the
value doesn't fit
None of that should be too expensive, but with such a type you
can simply execute the program and if it result in NaN you know
there had been some overflow (or uninitialized variable). That
makes analyzing easy, it allows for simple contracts, is easy to
catch and allows easy to decide what solution would be the best
(e.g. using next bigger type or limit the values).
And if performance is critical (which should be true only in some
inner loop where one can be sure that no overflow is possible) as
next step the now fool-prove program can be changed to use unsave
types (because they use the same range + one extra value that
hopefully never occures anyway).
