Hello bearophile,
Simen:
You are of course correct. Some such analysis could still be
performed, and the examples you give would simply leave the
typestate in an indeterminate state.
BCS:
Having code that's "leagal unless proven guilty" doesn't sound like a
good idea to me.
There are situations where it may be impossible to perform the static
analysis needed by the typestate implementation (external C code that
modifies some struct state or some multiprocessing situation), and in
some other situations this static analysis may be theoretically
possible but it becomes too much slow for a certain pathological case
My take on this is that the type system should promise to check something
and then always check it or say nothing at all. It should never say maybe.
The worst it can do is check something most of the time but then not check
it in the really hard cases (where I most need it).
--
... <IXOYE><
