boost/safe_numerics
2
0
Fork 0
mirror of https://github.com/boostorg/safe_numerics.git synced 2026-02-12 00:13:20 +00:00
Code Issues Projects Releases Wiki Activity
Files
f185d014f28b40ddbaafc17c998bc5ed22c5ce68
safe_numerics/doc/html/rationale.html
Robert Ramey 6b6579d48c Updated documentation based on Damion's input
2015-06-17 11:25:28 -07:00

220 lines
10 KiB
HTML
Raw Blame History

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Rationale</title>
<link rel="stylesheet" href="boostbook.css" type="text/css">
<meta name="generator" content="DocBook XSL Stylesheets V1.76.1">
<link rel="home" href="index.html" title="Safe Numerics">
<link rel="up" href="index.html" title="Safe Numerics">
<link rel="prev" href="exception_safety.html" title="Exception Safety">
<link rel="next" href="pending_issues.html" title="Pending Issues">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table cellpadding="2" width="100%"><tr>
<td valign="top"><img alt="pre-boost" width="30%" height="30%" src="pre-boost.jpg"></td>
<td align="center"><a href="../../index.html">Home</a></td>
<td align="center"><a href="http://www.boost.org/doc/libs">Libraries</a></td>
<td align="center"><a href="http://www.boost.org/users/people.html">People</a></td>
<td align="center"><a href="http://www.boost.org/users/faq.html">FAQ</a></td>
<td align="center"><a href="../../more/index.htm">More</a></td>
</tr></table>
<hr>
<div class="spirit-nav">
<a accesskey="p" href="exception_safety.html"><img src="images/prev.png" alt="Prev"></a><a accesskey="u" href="index.html"><img src="images/up.png" alt="Up"></a><a accesskey="h" href="index.html"><img src="images/home.png" alt="Home"></a><a accesskey="n" href="pending_issues.html"><img src="images/next.png" alt="Next"></a>
</div>
<div class="section">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="safe_numerics.rationale"></a>Rationale</h2></div></div></div>
<div class="qandaset">
<a name="idm305379810000"></a><dl>
<dt>1. <a href="rationale.html#idm305379809520">Why does a binary operation on two
safe&lt;int&gt; values not return another
safe type ?</a>
</dt>
<dt>2. <a href="rationale.html#idm305379804224">Why is there no policy driven design for handling
overflows?</a>
</dt>
<dt>3. <a href="rationale.html#idm305381225568">Why is Boost.Convert not used.</a>
</dt>
<dt>4. <a href="rationale.html#idm305381223648">Why is the library named "safe ..." rather than something like
"checked ..." ?</a>
</dt>
<dt>5. <a href="rationale.html#idm305381221376">Given that the library is called "numerics" why is floating
point arithmetic not addressed?</a>
</dt>
<dt>6. <a href="rationale.html#idm305381219168">Isn't putting a defensive check just before any potential
undefined behavior is often considered a bad practice?</a>
</dt>
<dt>7. <a href="rationale.html#idm305381215952">Why are safe_compare and safe_cast included in the library?
The don't really fit with the "drop-in" replacement idea for
built-in types.</a>
</dt>
<dt>8. <a href="rationale.html#idm305381213680">It looks like it presumes two's complement arithmetic at the
hardware level. So this library is not portable - correct? What
about other hardware architectures?</a>
</dt>
<dt>9. <a href="rationale.html#idm305381211104">Why do you specialize numeric_limits for "safe" types? Do you
need it?</a>
</dt>
</dl>
<table border="0" width="100%" summary="Q and A Set">
<col align="left" width="1%">
<col>
<tbody>
<tr class="question">
<td align="left" valign="top">
<a name="idm305379809520"></a><a name="idm305379809264"></a><p><b>1.</b></p>
</td>
<td align="left" valign="top"><p>Why does a binary operation on two
<code class="computeroutput">safe&lt;int&gt;</code> values not return another
<code class="computeroutput">safe</code> type ?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top">
<p>There are a number of reasons:</p>
<div class="itemizedlist"><ul class="itemizedlist" type="disc">
<li class="listitem"><p>it was too hard to implement.</p></li>
<li class="listitem"><p>it doesn't really seem necessary. We always do SOMETHING
with result of the operation. This will result in an assignment
or a conversion to some other type where the result will be
validated.</p></li>
</ul></div>
</td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305379804224"></a><a name="idm305379803968"></a><p><b>2.</b></p>
</td>
<td align="left" valign="top"><p>Why is there no policy driven design for handling
overflows?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>This is planned for a future version of the library. However,
attempts to implement this idea have so far failed as it turns out
to more technically challenging than one would think. Rather than
wait for a future event that might never happen, it was decided to
release the library without this feature.</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381225568"></a><a name="idm305381225312"></a><p><b>3.</b></p>
</td>
<td align="left" valign="top"><p>Why is Boost.Convert not used.</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>I couldn't figure out how to use it from the
documentation.</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381223648"></a><a name="idm305381223392"></a><p><b>4.</b></p>
</td>
<td align="left" valign="top"><p>Why is the library named "safe ..." rather than something like
"checked ..." ?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>I used "safe" in large part this is what has been used by
other similar libraries. Maybe a better word might have been
"correct" but that would raise similar concerns. I'm not inclined to
change this. I've tried to make it clear in the documentation what
the problem that the library addressed is</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381221376"></a><a name="idm305381221120"></a><p><b>5.</b></p>
</td>
<td align="left" valign="top"><p>Given that the library is called "numerics" why is floating
point arithmetic not addressed?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>Actually, I believe that this can/should be applied to any
type T which satisfies the type requirement "Numeric" type as
defined in the documentation. So there should be specializations
safe&lt;float&gt; et. al. and eventually safe&lt;fixed_decimal&gt;
etc. But the current version of the library only addresses integer
types. Hopefully the library will evolve to match the promise
implied by it's name.</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381219168"></a><a name="idm305381218912"></a><p><b>6.</b></p>
</td>
<td align="left" valign="top"><p>Isn't putting a defensive check just before any potential
undefined behavior is often considered a bad practice?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>By whom? Is leaving code which can produce incorrect results
better? Note that the documentation contains references to various
sources which recommend exactly this approach to mitigate the
problems created by this C/C++ behavior. See <a class="link" href="bibliography.html#Seacord" title="Secure Coding in C and C++">[<a class="citation" href="bibliography.html#Seacord"><span class="citation">Seacord</span></a>]</a>, <a href="https://www.cert.org" target="_top">Software Engineering Institute - Carnegie
Mellon University</a></p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381215952"></a><a name="idm305381215696"></a><p><b>7.</b></p>
</td>
<td align="left" valign="top"><p>Why are safe_compare and safe_cast included in the library?
The don't really fit with the "drop-in" replacement idea for
built-in types.</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>They are part of the implementation of the library. I thought
they would be useful outside the formal context of the library so I
make access to them public.</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381213680"></a><a name="idm305381213424"></a><p><b>8.</b></p>
</td>
<td align="left" valign="top"><p>It looks like it presumes two's complement arithmetic at the
hardware level. So this library is not portable - correct? What
about other hardware architectures?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>Correct. Almost all hardware in current use two's complement
arithmetic. This library works all and only on all such machines.
For example, if one were to implement 48 bit integers with two's
complement arithmetic, the save .. versions could be used without
change. To support hardware which does not use two's complement
arithmetic, at least part of the library would have to be
re-implemented.</p></td>
</tr>
<tr class="question">
<td align="left" valign="top">
<a name="idm305381211104"></a><a name="idm305381210848"></a><p><b>9.</b></p>
</td>
<td align="left" valign="top"><p>Why do you specialize numeric_limits for "safe" types? Do you
need it?</p></td>
</tr>
<tr class="answer">
<td align="left" valign="top"></td>
<td align="left" valign="top"><p>safe&lt;T&gt; behaves like a "number" just as int does. It has
max, min, etc Any code which uses numeric limits to test a type T
should works with safe&lt;T&gt;. safe&lt;T&gt; is a drop-in
replacement for T so it has to implement all the operations.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<table xmlns:rev="http://www.cs.rpi.edu/~gregod/boost/tools/doc/revision" width="100%"><tr>
<td align="left"></td>
<td align="right"><div class="copyright-footer">Copyright &#169; 2012 Robert Ramey<p><a href="http://www.boost.org/LICENSE_1_0.txt" target="_top">Subject to Boost
Software License</a></p>
</div></td>
</tr></table>
<hr>
<div class="spirit-nav">
<a accesskey="p" href="exception_safety.html"><img src="images/prev.png" alt="Prev"></a><a accesskey="u" href="index.html"><img src="images/up.png" alt="Up"></a><a accesskey="h" href="index.html"><img src="images/home.png" alt="Home"></a><a accesskey="n" href="pending_issues.html"><img src="images/next.png" alt="Next"></a>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink