[xquery-talk] XQuery treatment of xs:positiveInteger?

Michael Kay mhk at mhk.me.uk
Tue Jul 20 17:06:48 PDT 2004

> Now let's see if I can't get Jeni mad at me: I have to 
> disagree with the
> "be generous with what you accept." Wouldn't good coding and security
> practices say the opposite? If the compiler complained about 
> this (as I
> think it should,) then there's no need to cast and type correctness is
> more assured. Putting it another way, if I pass 
> my:simple-add(-1,3), I'd
> rather have the compiler refuse to do the work rather than failing at
> run-time when it tried to cast -1 to positive integer.

I think it's unlikely that the compiler will often be able to check that an
integer is in the required range, except in the trivial case where the
supplied value is a constant. The choice is whether the run-time range check
(i.e., the cast) is done by the caller or the callee. If you declare the
type as xs:positiveInteger, then the caller has to do the check; if you
declare it as xs:integer then the callee can do it. This seems friendlier to
me. It's secure either way.

A particular problem with the numeric type hierarchy in XML Schema is that
it's completely arbitrary. Ranges of numeric values do not fall naturally
into a type hierarchy. If you have a function that expects an integer in the
range 1 to 31, you can:

(a) declare it as xs:integer and do a range check in your code
(b) define a simple type my:day-of-month and require callers to cast to that
(c) use any of the built-in types that have 1-31 as a subrange, (for example
xs:positiveInteger, xs:byte, xs:unsignedByte - take your pick) and then do a
range check in your code

Of these only (a) seems workable; and since we wanted stylistic consistency
across the F+O library we decided to do this throughout. 

Frankly, I have no idea what types like xs:short are doing in XML Schema.
People writing schemas should be worrying about what the valid ranges of
their data are, they shouldn't be worrying about how many bits are needed
for storage. The chance of real-world data having an intrinsic upper limit
of 65535 seems remote.

Michael Kay

More information about the talk mailing list