You’re going to need to cite that.
I’m not familiar with C23 or many of the compiler-specific extensions, but in all the previous versions I worked with, there is no type visibility other than “fully exposed” or opaque and dangerous (void*
).
You could try wrapping your Foo
in
typedef struct {
Foo validated
} ValidFoo;
But nothing stops someone from being an idiot about it and constructing it by hand:
ValidFoo trustMeBro;
trustMeBro.validated = someFoo;
otherFunction(trustMeBro);
Or even just casting it.
Foo* someFoo;
otherFunction((ValidFoo*) someFoo);
That’s not the point, though. The point is to use a nominal type that asserts an invariant and make it impossible to create an instance of said type which violates the invariant.
Both validation functions and refinement types put the onus on the caller to ensure they’re not passing invalid data around, but only refinement types can guarantee it. Humans are fallible, and it’s easy to accidentally forget to put a
check_if_valid()
function somewhere or assume that some function earlier in the call stack did it for you.With smart constructors and refinement types, the developer literally can’t pass an unvalidated type downstream by accident.