Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Lukevalenty/p02993 r0 refactor #43

Draft
wants to merge 13 commits into
base: main
Choose a base branch
from
Draft

Lukevalenty/p02993 r0 refactor #43

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
07551eb
refactoring to match P02993R0
lukevalenty Mar 21, 2024
d2af6ef
remove big_integer tests in preperation to remove big_integer
lukevalenty Mar 21, 2024
b8f0f8d
remove big_integer usage
lukevalenty Mar 21, 2024
1c7c4f6
removed big_integer
lukevalenty Mar 21, 2024
9e0d0e8
provide a single _cn literal type to create constant constrained_numbers
lukevalenty Mar 21, 2024
0215991
fixing constrained_number constructors, move constraint_cast into own…
lukevalenty Mar 22, 2024
ee00a6a
rename Operand to `any_constraint` and use in constrained_number
lukevalenty Mar 22, 2024
6b4ed20
fix constraint_cast to match P2993R0
lukevalenty Mar 22, 2024
8c8c3a6
remove value.hpp and associated function
lukevalenty Mar 22, 2024
c32f159
import constraint_of into safe namespace
lukevalenty Mar 22, 2024
fc7ed59
add make_constrained
lukevalenty Mar 22, 2024
99cc59e
rename unsafe_value to raw_value
lukevalenty Mar 22, 2024
cec615d
rename match to match_constraint
lukevalenty Mar 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,20 +51,20 @@ using namespace safe::literals;
to assign a value to this variable outside this range.

```c++
ival_s32<0, 1023> enqueue_index = 0_s32;
ival_s32<0, 1023> enqueue_index = 0_cn;
```

We can perform arithmetic operations and prove we will not overflow. If we
try to just add '1' to enqueue_index, we could overflow

```c++
enqueue_index = enqueue_index + 1_s32; // <- COMPILE ERROR
enqueue_index = enqueue_index + 1_cn; // <- COMPILE ERROR
```
Instead, we are required to keep the value in-bounds, in this case we choose
to use the modulo operator.

```c++
enqueue_index = (enqueue_index + 1_s32) % 1024_s32; // GOOD!
enqueue_index = (enqueue_index + 1_cn) % 1024_cn; // GOOD!
```

for cases in which we must index into an array, the *safe arithmetic* library
Expand All @@ -76,68 +76,68 @@ queue_data[enqueue_index] = 0xc001;
```

It is not possible to index into the `safe::array` with a raw integral value or
a `safe::var` with an interval outside the bounds of the array.
a `safe::constrained_number` with an interval outside the bounds of the array.

```c++
auto result_err = queue_data[4]; // <- COMPILE ERROR
```

The `_u32` user-defined literal creates a `safe::var` type at compile time that
The `_u32` user-defined literal creates a `safe::constrained_number` type at compile time that
is constrained to the single value given to it.

```c++
auto result = queue_data[4_u32]; // GOOD!
auto result = queue_data[4_cn]; // GOOD!
```

Arithmetic operations generate a new requirement for the result-type. Adding `1`
Arithmetic operations generate a new constraint for the result-type. Adding `1`
to `enqueue_index` means it could be one larger than the last element of the
array. The *safe arithmetic* library correctly produces a compilation error.

```c++
auto result = queue_data[enqueue_index + 1_u32]; // <- COMPILE ERROR
auto result = queue_data[enqueue_index + 1_cn]; // <- COMPILE ERROR
```

We must prove to the `safe::array` that the index value is within bounds.
There are many ways to do this. For this queue implementation we want
`enqueue_index` to wrap around.

```c++
auto result = queue_data[(enqueue_index + 1_u32) % 1024_u32]; // GOOD!
auto result = queue_data[(enqueue_index + 1_cn) % 1024_cn]; // GOOD!
```

The `safe::array` advertises this requirement on the `safe::var` index
The `safe::array` advertises this constraint on the `safe::constrained_number` index
parameter.

```c++
constexpr T & operator[](
safe::var<std::size_t, safe::ival<0, Size - 1>> index
safe::constrained_number<safe::constrain_interval<0, Size - 1>, std::size_t> index
) {
return storage[index.unsafe_value()];
return storage[index.raw_value()];
}
```

User-code can (and should) do the same: use `safe::var` to specify the
User-code can (and should) do the same: use `safe::constrained_number` to specify the
requirements or assumptions about the input to the function. It is up to the
caller to prove the values it is passing in are safe.

More complex numerical requirements can be conveyed with *safe arithmetic*. For
example, a disjoint union of intervals can be used in a requirement to exclude
example, a disjoint union of intervals can be used in a constraint to exclude
values or value ranges.

For example, if a `0` is invalid, but all other values are OK, a union of
intervals can be used in the `safe::var`:
intervals can be used in the `safe::constrained_number`:

```c++
constexpr void dont_give_me_zero(
safe::var<int, safe::ival<-1000, -1> || safe::ival<1, 1000>> not_zero
safe::constrained_number<safe::constrain_interval<-1000, -1> || safe::constrain_interval<1, 1000>, int> not_zero
) {
// ... do something really cool with this non-zero value ...
}
```

This makes it impossible to pass a value of `0` to this function. `safe::var`
This makes it impossible to pass a value of `0` to this function. `safe::constrained_number`
can't be created or initialized with naked integral values, so how do we pass
in parameters? We either need to use a `safe::var` that is already proven
in parameters? We either need to use a `safe::constrained_number` that is already proven
to satisfy the callees requirements, or we can use `safe::function`:

```c++
Expand Down
Loading
Loading