Function rust_examples::typing::safe_cmp_f64[][src]

pub fn safe_cmp_f64(a: Positive, b: Positive) -> Ordering
Expand description

Safe and efficient version of comparison of two Positive floats.

This approach is a combination of the make illegal states unrepresentable and fail early principles. Instead of having two f64 arguments we enforce the user to pass in instances of Positive which makes the comparison both trivial and safe.

Pros

  1. Now his operation is completely safe even though it uses unsafe. It is not possible to compile and run a program which calls this function with a negative number. This is a form of formal validation done by the compiler and thus much stronger result than any (unit) test!
  2. The constructor of the wrapper type pushes the clients to check for errors early on
  3. The wrapper type carries certain semantics which can be taken to a benefit in the implementation

Cons

  1. Clients must wrap their data into the wrapper type which might get tedious and not worth it for non-critical data flows (although, this might be mitigated in the future).