如何在类型级别指定非负数,如果我不应该使用unsigned? [英] How do I specify a non-negative number at the type level, if I shouldn't be using unsigned?
问题描述
在 Going Native 2013 中,面板建议在指定不能为负面的变量时避免无符号整数类型
。
In a Going Native 2013 talk, the panel had suggested avoiding unsigned integer types
when specifying variables that "can't be negative".
12:15:使用有符号整数,除非你需要2的补码算术或一个
模式。
12:15: "Use signed integers unless you need 2's compliment arithmetic or a bit pattern."
12:55:使用整数有一个原因不要使用unsigned除非
你正在fiddling与位模式,从不混合签名和未签名。
12:55: "Use ints until you have a reason not to. Don't use unsigned unless you are fiddling with bit patterns, and never mix signed and unsigned."
42:45:每当你混合签名和未签名的数字时,你会遇到麻烦,
规则非常奇怪,他们在
奇怪的地方的代码,他们非常强烈地与错误相关联当
人使用无符号整数,他们通常有一个理由。
的原因将是类似 ,它不能是负的...当
你认为你不能有负数,你会有一个人
初始化你的未签名-2,并认为他们-2。只是
高度容易出错...有太多的整数类型。有
是太宽松的规则将它们混合在一起,它是一个主要的
的错误源,这是为什么我在说,保持尽可能简单,你可以。使用
整数,直到真的真的需要别的东西。
42:45: "Whenever you mix signed and unsigned numbers you get trouble. The rules are just very surprising, and they turn up in code in the strangest places. They correlate very strongly with bugs. When people use unsigned integer numbers, they usually have a reason. The reason will be something like "well, it can't be negative" ... When you think you can't have negative numbers, you will have someone who initializes your unsigned with -2, and think they get -2. It is just highly error prone. ... There are far too many integer types. There are far too lenient rules for mixing them together, and it's a major bug source. Which is why I'm saying, stay as simple as you can. Use integers until you really really need something else."
这是可以理解的,设计只能接受正数的接口我可以记录:
This is understood, but there is no mention to alternatives when designing interfaces that must only accept positive numbers. I could document it:
//NOTE: i must be positive!
void function(int i);
我可以依靠调试断言无处不在:
I could rely on debug assertions everywhere:
void function(int i){
assert(i >= 0);
}
我真正想要的是在类型级别指定它,这是一个更强大的合同。该函数不能接受一个负整数,这是我通常选择一个无符号,但考虑到这是一个不鼓励的做法,我的替代品是什么?
What I'd really like, is to specify it at the type level. This is a stronger contract. I want to make sure the function is incapable of accepting an integer that is negative. This is where I would normally choose an unsigned, but given that this is a discouraged practice, what are my alternatives?
可以创建类似这样的类型以满足值约束吗?
Can a type like this be created to satisfy the value constraint?
void function(positive<int> i);
这是否有意义?
推荐答案
使参数 unsigned 解决什么的原因是因为传递一个运行时负值到这样的函数中不检查任何东西。 -1 将重新解释为 4294967295 ,程序将静默继续。
The reason why having the parameter unsigned solves nothing is because passing a run-time negative value into such a function checks nothing. -1 will be reinterpreted as 4294967295 and the program will silently continue.
只有当你尝试传递一个编译时已知常量时,才会产生一个警告。
Only if you try to pass a compile-time known constant a warning will be raised.
如果你想检查每个参数, ,即使在运行时,使用assert也是最简单的方法。
If you want to check every parameter you pass into your function, even at run-time, having an assert is the simplest way.
如果你想更花哨和描述性,你可以定义你自己的类型正这将:
If you want to be more fancy and descriptive, you can define your own type positive which would:
- 允许静默转换为
int(降级) - 允许从
int投射,但执行assert这样做(促销) - 支持算术运算
- allow silent casts to
int(demotion) - allow casts from
int, but performing anassertwhen doing so (promotion) - support arithmetic operations
代码更清洁有明确的意图 - 但这是更多的编码。
This will definitely make your code ``cleaner'' with a clear intent - but that is much more coding.
这篇关于如何在类型级别指定非负数,如果我不应该使用unsigned?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
