Re: Type System as Design Tool [Was: We do not use C++ exceptions]
Thant Tessman wrote:
Andrei Alexandrescu wrote:
[snip]
So a 'contract' is what a programmer has decided to do in the case that
a stack is empty? Again, I'll try to ask the dumb question: What makes a
'contract' different than "the decided-upon behavior"?
I think the difference is the place where the decision is being made.
Much of the motivation behind contracts has been that interfaces wanted
to enforce that their implementers are correct.
Let's try another tack. Instead of using a Stack as a stand-in for 'some
data structure,' let's consider an actual stack boiled down to its essence:
datatype 'a Stack = EmptyStack
| NotEmptyStack of 'a * 'a Stack
Yeah, I was positive that at some point or another discriminated options
will come into the discussion sooner or later. In fact I confess that it
was my plan all along since I suggested you define a stack (not an
array, which I'll bring now to make my point).
There are two nice things about the stack as a discriminated union:
a) The empty stack is a distinct from any other stack. This is of course
doable in other languages but not so concisely and elegantly.
b) The stack does not need to define a contract because there's no
chance any usage would fail it.
On the flipside:
a) Note how all this forces you into value semantics and functional
style all the way. Now you are free to argue that functional style is
the one true way to do anything around computers, to which I'll just
note that some bad people still want their mutative semantics.
b) Instead of defining a contract, the discriminated union forces the
user to pick their contract at each use. This may turn out to be very
cumbersome. I mean, *every* time I plan to extract an element I need to
handle the empty stack case, even when I know a priory the stack can't
be empty, or if I'd be ok with just an exception being thrown.
So you didn't do away with contracts; you put them in a different place,
which may often be a worse place. (Btw, if configurable contracts were a
must, I, being a policy guy, would make the behavior of the empty stack
a policy and call it a day.)
But now comes the killer argument: design an array that way. In that
case, the array would be a convolution of types:
EmptyArray
ArrayOfSizeAtLeast1
ArrayOfSizeAtLeast2
ArrayOfSizeAtLeast3
....
Now, when a user wants to access element at index N, they need to do so
for an ArrayOfSizeAtLeastN, and then specify what happens for all other
types. I'm a nice guy, so I suggest you make ArrayOfSizeAtLeast2 would
be a subtype of ArrayOfSizeAtLeast1 and so on. That way you only need to
specify what happens for arrays of size up to N.
I guess it's easy to see how this all becomes untenable.
Now I would hope the amazing elegance of this two-line 'Stack'
implementation would be self-evident, never mind compared to the
behaviorally-equivalent C++ code.
Well where you see amazing elegance I see yet another way to look at
some problems known to be tough, with its own advantages, disadvantages
and other consequences.
I would also hope that folks might be
impressed enough with its elegance to try to identify its source. I've
come to the conclusion that elegance in this case is a reflection of the
type system (specifically the notion of discriminated unions combined
with genericity) along with automatic memory management. [2]
I agree that algebraic types have some rather nifty uses.
You can at most claim that using pattern
matching clarified that you need to make the contract explicit, instead
of relying on the system's enforcement of the contract (e.g. an "out of
bound array" or "null dereference" in Java). That's a fine claim, but
it's not the original claim.
Talk about the need to decide what to do in the empty-stack case all you
want, but nowhere does the explicit notion of preconditions,
postconditions, or invariants as described in the OO world bring
anything to this particular party. In this version I never even wrote a
'top' function. There was no need. It (and any contract it embodied)
would be superfluous. More than that, the function embodying the
contract would--if we were being strict--itself require a contract.
As I said in another post, the need for contracts, like the need for
'design patterns' should more properly be interpreted as evidence of
weakness in one's language.
No.
Andrei
--
[ See http://www.gotw.ca/resources/clcm.htm for info about ]
[ comp.lang.c++.moderated. First time posters: Do this! ]