-
Notifications
You must be signed in to change notification settings - Fork 18
Note constraints in rustc and libraries
This page is an attempt to catalogue places in the compiler, and in the standard Rust libraries, where the addition of a typestate constraint would improve quality.
All "types" suggestions probably require either nominal records, or constraints on variants (which simulate the same effect) -- see Constrained types.
This list is incomplete. You can help by adding to it.
ast::path_
-- could give this type a constraint indicating that idents
and types
have the same length and are non-empty. Requires a call to ivec::len
(use an unchecked
block).
node_id
-- could have constrained types that relate a node_id
with a context, inducing a type-based distinction between node IDs for uses
and node IDs for definitions
.
tstate::tritv::t
-- could have a constraint saying that uncertain
and val
have the same length, and that for all indices i
, it's not the case that uncertain.(i)
and val.(i)
are both 1. (The latter part seems hard.)
[IMPLEMENTED] trans::GEP_tag
-- could give this function a precondition expressing that the argument ix
must be ≥ 0 and ≤ the number of variants that the argument tag_id
has. Specifying the latter constraint involves looking up some information in the type context (which is also an argument), but it should be do-able as a pure predicate.
[IMPLEMENTED] trans::trans_be
-- could make the assertion is_call_expr(e)
a precondition instead. (Is is_call_expr
a pred?)
- It's a pred now -- but this points to the usefulness of syntax for checking that "
e
is built with tagexpr_call
" without having to write out a pred to do it.
[IMPLEMENTED] zip
-- could have a precondition indicating that both arguments have the same length.
Typestate for array bounds checking? The idea is that if we have a constraint in the environment like le_len_of(x, v)
, where x:uint
and v:vec<T>
, then v[x]
shouldn't require a dynamic bounds check.
However, this would violate the idea that typestate constraints don't have semantics and need not in order to guarantee type soundness.