2016-05-20 22:55:26 +00:00
//: Ingredients of a recipe are meant to be immutable unless they're also
//: products. This layer will start enforcing this check.
//:
//: One hole for now: variables in surrounding spaces are implicitly mutable.
2016-11-25 19:33:13 +00:00
//: [tag: todo]
2016-05-20 22:55:26 +00:00
5001 - drop the :(scenario) DSL
I've been saying for a while[1][2][3] that adding extra abstractions makes
things harder for newcomers, and adding new notations doubly so. And then
I notice this DSL in my own backyard. Makes me feel like a hypocrite.
[1] https://news.ycombinator.com/item?id=13565743#13570092
[2] https://lobste.rs/s/to8wpr/configuration_files_are_canary_warning
[3] https://lobste.rs/s/mdmcdi/little_languages_by_jon_bentley_1986#c_3miuf2
The implementation of the DSL was also highly hacky:
a) It was happening in the tangle/ tool, but was utterly unrelated to tangling
layers.
b) There were several persnickety constraints on the different kinds of
lines and the specific order they were expected in. I kept finding bugs
where the translator would silently do the wrong thing. Or the error messages
sucked, and readers may be stuck looking at the generated code to figure
out what happened. Fixing error messages would require a lot more code,
which is one of my arguments against DSLs in the first place: they may
be easy to implement, but they're hard to design to go with the grain of
the underlying platform. They require lots of iteration. Is that effort
worth prioritizing in this project?
On the other hand, the DSL did make at least some readers' life easier,
the ones who weren't immediately put off by having to learn a strange syntax.
There were fewer quotes to parse, fewer backslash escapes.
Anyway, since there are also people who dislike having to put up with strange
syntaxes, we'll call that consideration a wash and tear this DSL out.
---
This commit was sheer drudgery. Hopefully it won't need to be redone with
a new DSL because I grow sick of backslashes.
2019-03-13 01:56:55 +00:00
void test_can_modify_ingredients_that_are_also_products ( ) {
run (
// mutable container
" def main [ \n "
" local-scope \n "
" p:point <- merge 34, 35 \n "
" p <- foo p \n "
" ] \n "
" def foo p:point -> p:point [ \n "
" local-scope \n "
" load-ingredients \n "
" p <- put p, x:offset, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_can_modify_ingredients_that_are_also_products_2 ( ) {
run (
" def main [ \n "
" local-scope \n "
" p:&:point <- new point:type \n "
" p <- foo p \n "
" ] \n "
// mutable address to container
" def foo p:&:point -> p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
" *p <- put *p, x:offset, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_can_modify_ingredients_that_are_also_products_3 ( ) {
run (
" def main [ \n "
" local-scope \n "
" p:&:@:num <- new number:type, 3 \n "
" p <- foo p \n "
" ] \n "
// mutable address
" def foo p:&:@:num -> p:&:@:num [ \n "
" local-scope \n "
" load-ingredients \n "
" *p <- put-index *p, 0, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_ignore_literal_ingredients_for_immutability_checks ( ) {
run (
" def main [ \n "
" local-scope \n "
" p:&:d1 <- new d1:type \n "
" q:num <- foo p \n "
" ] \n "
" def foo p:&:d1 -> q:num [ \n "
" local-scope \n "
" load-ingredients \n "
" x:&:d1 <- new d1:type \n "
" *x <- put *x, p:offset, 34 \n " // ignore this 'p'
" return 36 \n "
" ] \n "
" container d1 [ \n "
" p:num \n "
" q:num \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_cannot_modify_immutable_ingredients ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" x:&:num <- new number:type \n "
" foo x \n "
" ] \n "
// immutable address to primitive
" def foo x:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
" *x <- copy 34 \n "
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'x' in instruction '*x <- copy 34' because it's an ingredient of recipe foo but not also a product \n "
) ;
}
void test_cannot_modify_immutable_containers ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" x:point-number <- merge 34, 35, 36 \n "
" foo x \n "
" ] \n "
// immutable container
" def foo x:point-number [ \n "
" local-scope \n "
" load-ingredients \n "
// copy an element: ok
" y:point <- get x, xy:offset \n "
// modify the element: boom
// This could be ok if y contains no addresses, but we're not going to try to be that smart.
// It also makes the rules easier to reason about. If it's just an ingredient, just don't try to change it.
" y <- put y, x:offset, 37 \n "
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'y' in instruction 'y <- put y, x:offset, 37' because that would modify 'x' which is an ingredient of recipe foo but not also a product \n "
) ;
}
void test_can_modify_immutable_pointers ( ) {
run (
" def main [ \n "
" local-scope \n "
" x:&:num <- new number:type \n "
" foo x \n "
" ] \n "
" def foo x:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
// modify the address, not the payload
" x <- copy null \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_can_modify_immutable_pointers_but_not_their_payloads ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" x:&:num <- new number:type \n "
" foo x \n "
" ] \n "
" def foo x:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
// modify address: ok
" x <- new number:type \n "
// modify payload: boom
// this could be ok, but we're not going to try to be that smart
" *x <- copy 34 \n "
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'x' in instruction '*x <- copy 34' because it's an ingredient of recipe foo but not also a product \n "
) ;
}
void test_cannot_call_mutating_recipes_on_immutable_ingredients ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" p:&:point <- new point:type \n "
" foo p \n "
" ] \n "
" def foo p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
" bar p \n "
" ] \n "
" def bar p:&:point -> p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
// p could be modified here, but it doesn't have to be; it's already
// marked mutable in the header
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'p' in instruction 'bar p' because it's an ingredient of recipe foo but not also a product \n "
) ;
}
void test_cannot_modify_copies_of_immutable_ingredients ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" p:&:point <- new point:type \n "
" foo p \n "
" ] \n "
" def foo p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
" q:&:point <- copy p \n "
" *q <- put *q, x:offset, 34 \n "
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'q' in instruction '*q <- put *q, x:offset, 34' because that would modify p which is an ingredient of recipe foo but not also a product \n "
) ;
}
void test_can_modify_copies_of_mutable_ingredients ( ) {
run (
" def main [ \n "
" local-scope \n "
" p:&:point <- new point:type \n "
" foo p \n "
" ] \n "
" def foo p:&:point -> p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
" q:&:point <- copy p \n "
" *q <- put *q, x:offset, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_cannot_modify_address_inside_immutable_ingredients ( ) {
Hide_errors = true ;
run (
" container foo [ \n "
" x:&:@:num \n " // contains an address
" ] \n "
" def main [ \n "
" ] \n "
" def foo a:&:foo [ \n "
" local-scope \n "
" load-ingredients \n "
" x:&:@:num <- get *a, x:offset \n " // just a regular get of the container
" *x <- put-index *x, 0, 34 \n " // but then a put-index on the result
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'x' in instruction '*x <- put-index *x, 0, 34' because that would modify a which is an ingredient of recipe foo but not also a product \n "
) ;
}
void test_cannot_modify_address_inside_immutable_ingredients_2 ( ) {
run (
" container foo [ \n "
" x:&:@:num \n " // contains an address
" ] \n "
" def main [ \n "
// don't run anything
" ] \n "
" def foo a:&:foo [ \n "
" local-scope \n "
" load-ingredients \n "
" b:foo <- merge null \n "
// modify b, completely unrelated to immutable ingredient a
" x:&:@:num <- get b, x:offset \n "
" *x <- put-index *x, 0, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_cannot_modify_address_inside_immutable_ingredients_3 ( ) {
Hide_errors = true ;
run (
" def main [ \n "
// don't run anything
" ] \n "
" def foo a:&:@:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
" x:&:num <- index *a, 0 \n " // just a regular index of the array
" *x <- copy 34 \n " // but then modify the result
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'x' in instruction '*x <- copy 34' because that would modify a which is an ingredient of recipe foo but not also a product \n "
) ;
}
void test_cannot_modify_address_inside_immutable_ingredients_4 ( ) {
run (
" def main [ \n "
// don't run anything
" ] \n "
" def foo a:&:@:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
" b:&:@:&:num <- new {(address number): type}, 3 \n "
// modify b, completely unrelated to immutable ingredient a
" x:&:num <- index *b, 0 \n "
" *x <- copy 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_latter_ingredient_of_index_is_immutable ( ) {
run (
" def main [ \n "
// don't run anything
" ] \n "
" def foo a:&:@:&:@:num, b:num -> a:&:@:&:@:num [ \n "
" local-scope \n "
" load-ingredients \n "
" x:&:@:num <- index *a, b \n "
" *x <- put-index *x, 0, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_can_traverse_immutable_ingredients ( ) {
run (
" container test-list [ \n "
" next:&:test-list \n "
" ] \n "
" def main [ \n "
" local-scope \n "
" p:&:test-list <- new test-list:type \n "
" foo p \n "
" ] \n "
" def foo p:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" p2:&:test-list <- bar p \n "
" ] \n "
" def bar x:&:test-list -> y:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" y <- get *x, next:offset \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_treat_optional_ingredients_as_mutable ( ) {
run (
" def main [ \n "
" k:&:num <- new number:type \n "
" test k \n "
" ] \n "
// recipe taking an immutable address ingredient
" def test k:&:num [ \n "
" local-scope \n "
" load-ingredients \n "
" foo k \n "
" ] \n "
// ..calling a recipe with an optional address ingredient
" def foo -> [ \n "
" local-scope \n "
" load-ingredients \n "
" k:&:num, found?:bool <- next-ingredient \n "
// we don't further check k for immutability, but assume it's mutable
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_treat_optional_ingredients_as_mutable_2 ( ) {
Hide_errors = true ;
run (
" def main [ \n "
" local-scope \n "
" p:&:point <- new point:type \n "
" foo p \n "
" ] \n "
" def foo p:&:point [ \n "
" local-scope \n "
" load-ingredients \n "
" bar p \n "
" ] \n "
" def bar [ \n "
" local-scope \n "
" load-ingredients \n "
" p:&:point <- next-ingredient \n " // optional ingredient; assumed to be mutable
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'p' in instruction 'bar p' because it's an ingredient of recipe foo but not also a product \n "
) ;
}
2016-05-20 22:55:26 +00:00
//: when checking for immutable ingredients, remember to take space into account
5001 - drop the :(scenario) DSL
I've been saying for a while[1][2][3] that adding extra abstractions makes
things harder for newcomers, and adding new notations doubly so. And then
I notice this DSL in my own backyard. Makes me feel like a hypocrite.
[1] https://news.ycombinator.com/item?id=13565743#13570092
[2] https://lobste.rs/s/to8wpr/configuration_files_are_canary_warning
[3] https://lobste.rs/s/mdmcdi/little_languages_by_jon_bentley_1986#c_3miuf2
The implementation of the DSL was also highly hacky:
a) It was happening in the tangle/ tool, but was utterly unrelated to tangling
layers.
b) There were several persnickety constraints on the different kinds of
lines and the specific order they were expected in. I kept finding bugs
where the translator would silently do the wrong thing. Or the error messages
sucked, and readers may be stuck looking at the generated code to figure
out what happened. Fixing error messages would require a lot more code,
which is one of my arguments against DSLs in the first place: they may
be easy to implement, but they're hard to design to go with the grain of
the underlying platform. They require lots of iteration. Is that effort
worth prioritizing in this project?
On the other hand, the DSL did make at least some readers' life easier,
the ones who weren't immediately put off by having to learn a strange syntax.
There were fewer quotes to parse, fewer backslash escapes.
Anyway, since there are also people who dislike having to put up with strange
syntaxes, we'll call that consideration a wash and tear this DSL out.
---
This commit was sheer drudgery. Hopefully it won't need to be redone with
a new DSL because I grow sick of backslashes.
2019-03-13 01:56:55 +00:00
void test_check_space_of_reagents_in_immutability_checks ( ) {
run (
" def main [ \n "
" a:space/names:new-closure <- new-closure \n "
" b:&:num <- new number:type \n "
" run-closure b:&:num, a:space \n "
" ] \n "
" def new-closure [ \n "
" local-scope \n "
" x:&:num <- new number:type \n "
" return default-space/names:new-closure \n "
" ] \n "
" def run-closure x:&:num, s:space/names:new-closure [ \n "
" local-scope \n "
" load-ingredients \n "
" 0:space/names:new-closure <- copy s \n "
// different space; always mutable
" *x:&:num/space:1 <- copy 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
2016-05-20 22:55:26 +00:00
: ( before " End Transforms " )
Transform . push_back ( check_immutable_ingredients ) ; // idempotent
: ( code )
2016-10-22 23:10:23 +00:00
void check_immutable_ingredients ( const recipe_ordinal r ) {
2016-05-20 22:55:26 +00:00
// to ensure an address reagent isn't modified, it suffices to show that
// a) we never write to its contents directly,
// b) we never call 'put' or 'put-index' on it, and
// c) any non-primitive recipe calls in the body aren't returning it as a product
const recipe & caller = get ( Recipe , r ) ;
2019-02-25 08:17:46 +00:00
trace ( 101 , " transform " ) < < " --- check mutability of ingredients in recipe " < < caller . name < < end ( ) ;
2016-05-20 22:55:26 +00:00
if ( ! caller . has_header ) return ; // skip check for old-style recipes calling next-ingredient directly
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( caller . ingredients ) ; + + i ) {
2016-05-20 22:55:26 +00:00
const reagent & current_ingredient = caller . ingredients . at ( i ) ;
if ( is_present_in_products ( caller , current_ingredient . name ) ) continue ; // not expected to be immutable
// End Immutable Ingredients Special-cases
2018-06-25 20:36:27 +00:00
set < reagent , name_and_space_lt > immutable_vars ;
2016-05-20 22:55:26 +00:00
immutable_vars . insert ( current_ingredient ) ;
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( caller . steps ) ; + + i ) {
2016-05-20 22:55:26 +00:00
const instruction & inst = caller . steps . at ( i ) ;
check_immutable_ingredient_in_instruction ( inst , immutable_vars , current_ingredient . name , caller ) ;
2016-11-26 01:44:15 +00:00
if ( inst . operation = = INDEX & & SIZE ( inst . ingredients ) > 1 & & inst . ingredients . at ( 1 ) . name = = current_ingredient . name ) continue ;
2016-05-20 22:55:26 +00:00
update_aliases ( inst , immutable_vars ) ;
}
}
}
2018-06-25 20:36:27 +00:00
void update_aliases ( const instruction & inst , set < reagent , name_and_space_lt > & current_ingredient_and_aliases ) {
2016-05-20 22:55:26 +00:00
set < int > current_ingredient_indices = ingredient_indices ( inst , current_ingredient_and_aliases ) ;
if ( ! contains_key ( Recipe , inst . operation ) ) {
// primitive recipe
switch ( inst . operation ) {
case COPY :
2016-10-20 05:10:35 +00:00
for ( set < int > : : iterator p = current_ingredient_indices . begin ( ) ; p ! = current_ingredient_indices . end ( ) ; + + p )
2016-05-20 22:55:26 +00:00
current_ingredient_and_aliases . insert ( inst . products . at ( * p ) . name ) ;
break ;
case GET :
case INDEX :
2016-05-21 08:50:48 +00:00
case MAYBE_CONVERT :
// current_ingredient_indices can only have 0 or one value
2016-11-26 01:44:15 +00:00
if ( ! current_ingredient_indices . empty ( ) & & ! inst . products . empty ( ) ) {
2016-05-21 08:50:48 +00:00
if ( is_mu_address ( inst . products . at ( 0 ) ) | | is_mu_container ( inst . products . at ( 0 ) ) | | is_mu_exclusive_container ( inst . products . at ( 0 ) ) )
2016-05-20 22:55:26 +00:00
current_ingredient_and_aliases . insert ( inst . products . at ( 0 ) ) ;
}
break ;
default : break ;
}
}
else {
// defined recipe
set < int > contained_in_product_indices = scan_contained_in_product_indices ( inst , current_ingredient_indices ) ;
2016-10-20 05:10:35 +00:00
for ( set < int > : : iterator p = contained_in_product_indices . begin ( ) ; p ! = contained_in_product_indices . end ( ) ; + + p ) {
2016-05-20 22:55:26 +00:00
if ( * p < SIZE ( inst . products ) )
current_ingredient_and_aliases . insert ( inst . products . at ( * p ) ) ;
}
}
}
set < int > scan_contained_in_product_indices ( const instruction & inst , set < int > & ingredient_indices ) {
2018-06-25 20:36:27 +00:00
set < reagent , name_and_space_lt > selected_ingredients ;
2016-05-20 22:55:26 +00:00
const recipe & callee = get ( Recipe , inst . operation ) ;
2016-10-20 05:10:35 +00:00
for ( set < int > : : iterator p = ingredient_indices . begin ( ) ; p ! = ingredient_indices . end ( ) ; + + p ) {
2016-05-20 22:55:26 +00:00
if ( * p > = SIZE ( callee . ingredients ) ) continue ; // optional immutable ingredient
selected_ingredients . insert ( callee . ingredients . at ( * p ) ) ;
}
set < int > result ;
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( callee . products ) ; + + i ) {
2016-05-20 22:55:26 +00:00
const reagent & current_product = callee . products . at ( i ) ;
const string_tree * contained_in_name = property ( current_product , " contained-in " ) ;
if ( contained_in_name & & selected_ingredients . find ( contained_in_name - > value ) ! = selected_ingredients . end ( ) )
result . insert ( i ) ;
}
return result ;
}
2018-05-13 06:08:39 +00:00
bool is_mu_container ( const reagent & r ) {
return is_mu_container ( r . type ) ;
}
bool is_mu_container ( const type_tree * type ) {
if ( ! type ) return false ;
if ( ! type - > atom )
return is_mu_container ( get_base_type ( type ) ) ;
if ( type - > value = = 0 ) return false ;
if ( ! contains_key ( Type , type - > value ) ) return false ; // error raised elsewhere
type_info & info = get ( Type , type - > value ) ;
return info . kind = = CONTAINER ;
}
bool is_mu_exclusive_container ( const reagent & r ) {
return is_mu_exclusive_container ( r . type ) ;
}
bool is_mu_exclusive_container ( const type_tree * type ) {
if ( ! type ) return false ;
if ( ! type - > atom )
return is_mu_exclusive_container ( get_base_type ( type ) ) ;
if ( type - > value = = 0 ) return false ;
if ( ! contains_key ( Type , type - > value ) ) return false ; // error raised elsewhere
type_info & info = get ( Type , type - > value ) ;
return info . kind = = EXCLUSIVE_CONTAINER ;
}
2018-06-25 20:36:27 +00:00
: ( before " End Types " )
// reagent comparison -- only in the context of a single recipe
struct name_and_space_lt {
bool operator ( ) ( const reagent & a , const reagent & b ) const ;
} ;
: ( code )
bool name_and_space_lt : : operator ( ) ( const reagent & a , const reagent & b ) const {
int aspace = 0 , bspace = 0 ;
if ( has_property ( a , " space " ) ) aspace = to_integer ( property ( a , " space " ) - > value ) ;
if ( has_property ( b , " space " ) ) bspace = to_integer ( property ( b , " space " ) - > value ) ;
if ( aspace ! = bspace ) return aspace < bspace ;
return a . name < b . name ;
}
5001 - drop the :(scenario) DSL
I've been saying for a while[1][2][3] that adding extra abstractions makes
things harder for newcomers, and adding new notations doubly so. And then
I notice this DSL in my own backyard. Makes me feel like a hypocrite.
[1] https://news.ycombinator.com/item?id=13565743#13570092
[2] https://lobste.rs/s/to8wpr/configuration_files_are_canary_warning
[3] https://lobste.rs/s/mdmcdi/little_languages_by_jon_bentley_1986#c_3miuf2
The implementation of the DSL was also highly hacky:
a) It was happening in the tangle/ tool, but was utterly unrelated to tangling
layers.
b) There were several persnickety constraints on the different kinds of
lines and the specific order they were expected in. I kept finding bugs
where the translator would silently do the wrong thing. Or the error messages
sucked, and readers may be stuck looking at the generated code to figure
out what happened. Fixing error messages would require a lot more code,
which is one of my arguments against DSLs in the first place: they may
be easy to implement, but they're hard to design to go with the grain of
the underlying platform. They require lots of iteration. Is that effort
worth prioritizing in this project?
On the other hand, the DSL did make at least some readers' life easier,
the ones who weren't immediately put off by having to learn a strange syntax.
There were fewer quotes to parse, fewer backslash escapes.
Anyway, since there are also people who dislike having to put up with strange
syntaxes, we'll call that consideration a wash and tear this DSL out.
---
This commit was sheer drudgery. Hopefully it won't need to be redone with
a new DSL because I grow sick of backslashes.
2019-03-13 01:56:55 +00:00
void test_immutability_infects_contained_in_variables ( ) {
Hide_errors = true ;
transform (
" container test-list [ \n "
" value:num \n "
" next:&:test-list \n "
" ] \n "
" def main [ \n "
" local-scope \n "
" p:&:test-list <- new test-list:type \n "
" foo p \n "
" ] \n "
" def foo p:&:test-list [ \n " // p is immutable
" local-scope \n "
" load-ingredients \n "
" p2:&:test-list <- test-next p \n " // p2 is immutable
" *p2 <- put *p2, value:offset, 34 \n "
" ] \n "
" def test-next x:&:test-list -> y:&:test-list/contained-in:x [ \n "
" local-scope \n "
" load-ingredients \n "
" y <- get *x, next:offset \n "
" ] \n "
) ;
CHECK_TRACE_CONTENTS (
" error: foo: cannot modify 'p2' in instruction '*p2 <- put *p2, value:offset, 34' because that would modify p which is an ingredient of recipe foo but not also a product \n "
) ;
}
2016-05-20 22:55:26 +00:00
2018-06-25 20:36:27 +00:00
void check_immutable_ingredient_in_instruction ( const instruction & inst , const set < reagent , name_and_space_lt > & current_ingredient_and_aliases , const string & original_ingredient_name , const recipe & caller ) {
2016-05-20 22:55:26 +00:00
// first check if the instruction is directly modifying something it shouldn't
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( inst . products ) ; + + i ) {
2016-05-20 22:55:26 +00:00
if ( has_property ( inst . products . at ( i ) , " lookup " )
& & current_ingredient_and_aliases . find ( inst . products . at ( i ) ) ! = current_ingredient_and_aliases . end ( ) ) {
string current_product_name = inst . products . at ( i ) . name ;
if ( current_product_name = = original_ingredient_name )
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_product_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because it's an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
else
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_product_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because that would modify " < < original_ingredient_name < < " which is an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
return ;
}
}
// check if there's any indirect modification going on
set < int > current_ingredient_indices = ingredient_indices ( inst , current_ingredient_and_aliases ) ;
if ( current_ingredient_indices . empty ( ) ) return ; // ingredient not found in call
2016-10-20 05:10:35 +00:00
for ( set < int > : : iterator p = current_ingredient_indices . begin ( ) ; p ! = current_ingredient_indices . end ( ) ; + + p ) {
2016-05-20 22:55:26 +00:00
const int current_ingredient_index = * p ;
reagent current_ingredient = inst . ingredients . at ( current_ingredient_index ) ;
canonize_type ( current_ingredient ) ;
const string & current_ingredient_name = current_ingredient . name ;
if ( ! contains_key ( Recipe , inst . operation ) ) {
// primitive recipe
// we got here only because we got an instruction with an implicit product, and the instruction didn't explicitly spell it out
// put x, y:offset, z
// instead of
// x <- put x, y:offset, z
if ( inst . operation = = PUT | | inst . operation = = PUT_INDEX ) {
if ( current_ingredient_index = = 0 ) {
if ( current_ingredient_name = = original_ingredient_name )
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_ingredient_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because it's an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
else
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_ingredient_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because that would modify ' " < < original_ingredient_name < < " ' which is an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
}
}
}
else {
// defined recipe
if ( is_modified_in_recipe ( inst . operation , current_ingredient_index , caller ) ) {
if ( current_ingredient_name = = original_ingredient_name )
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_ingredient_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because it's an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
else
2017-05-26 23:43:18 +00:00
raise < < maybe ( caller . name ) < < " cannot modify ' " < < current_ingredient_name < < " ' in instruction ' " < < to_original_string ( inst ) < < " ' because that would modify ' " < < original_ingredient_name < < " ' which is an ingredient of recipe " < < caller . name < < " but not also a product \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
}
}
}
}
2016-10-22 23:10:23 +00:00
bool is_modified_in_recipe ( const recipe_ordinal r , const int ingredient_index , const recipe & caller ) {
2016-05-20 22:55:26 +00:00
const recipe & callee = get ( Recipe , r ) ;
if ( ! callee . has_header ) {
2016-05-21 05:09:06 +00:00
raise < < maybe ( caller . name ) < < " can't check mutability of ingredients in recipe " < < callee . name < < " because it uses 'next-ingredient' directly, rather than a recipe header. \n " < < end ( ) ;
2016-05-20 22:55:26 +00:00
return true ;
}
if ( ingredient_index > = SIZE ( callee . ingredients ) ) return false ; // optional immutable ingredient
return is_present_in_products ( callee , callee . ingredients . at ( ingredient_index ) . name ) ;
}
bool is_present_in_products ( const recipe & callee , const string & ingredient_name ) {
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( callee . products ) ; + + i ) {
2016-05-20 22:55:26 +00:00
if ( callee . products . at ( i ) . name = = ingredient_name )
return true ;
}
return false ;
}
2018-06-25 20:36:27 +00:00
set < int > ingredient_indices ( const instruction & inst , const set < reagent , name_and_space_lt > & ingredient_names ) {
2016-05-20 22:55:26 +00:00
set < int > result ;
2016-10-20 05:10:35 +00:00
for ( int i = 0 ; i < SIZE ( inst . ingredients ) ; + + i ) {
2016-05-20 22:55:26 +00:00
if ( is_literal ( inst . ingredients . at ( i ) ) ) continue ;
if ( ingredient_names . find ( inst . ingredients . at ( i ) ) ! = ingredient_names . end ( ) )
result . insert ( i ) ;
}
return result ;
}
//: Sometimes you want to pass in two addresses, one pointing inside the
//: other. For example, you want to delete a node from a linked list. You
//: can't pass both pointers back out, because if a caller tries to make both
//: identical then you can't tell which value will be written on the way out.
//:
2016-10-22 23:56:07 +00:00
//: Experimental solution: just tell Mu that one points inside the other.
2016-05-20 22:55:26 +00:00
//: This way we can return just one pointer as high up as necessary to capture
//: all modifications performed by a recipe.
//:
//: We'll see if we end up wanting to abuse /contained-in for other reasons.
5001 - drop the :(scenario) DSL
I've been saying for a while[1][2][3] that adding extra abstractions makes
things harder for newcomers, and adding new notations doubly so. And then
I notice this DSL in my own backyard. Makes me feel like a hypocrite.
[1] https://news.ycombinator.com/item?id=13565743#13570092
[2] https://lobste.rs/s/to8wpr/configuration_files_are_canary_warning
[3] https://lobste.rs/s/mdmcdi/little_languages_by_jon_bentley_1986#c_3miuf2
The implementation of the DSL was also highly hacky:
a) It was happening in the tangle/ tool, but was utterly unrelated to tangling
layers.
b) There were several persnickety constraints on the different kinds of
lines and the specific order they were expected in. I kept finding bugs
where the translator would silently do the wrong thing. Or the error messages
sucked, and readers may be stuck looking at the generated code to figure
out what happened. Fixing error messages would require a lot more code,
which is one of my arguments against DSLs in the first place: they may
be easy to implement, but they're hard to design to go with the grain of
the underlying platform. They require lots of iteration. Is that effort
worth prioritizing in this project?
On the other hand, the DSL did make at least some readers' life easier,
the ones who weren't immediately put off by having to learn a strange syntax.
There were fewer quotes to parse, fewer backslash escapes.
Anyway, since there are also people who dislike having to put up with strange
syntaxes, we'll call that consideration a wash and tear this DSL out.
---
This commit was sheer drudgery. Hopefully it won't need to be redone with
a new DSL because I grow sick of backslashes.
2019-03-13 01:56:55 +00:00
void test_can_modify_contained_in_addresses ( ) {
transform (
" container test-list [ \n "
" value:num \n "
" next:&:test-list \n "
" ] \n "
" def main [ \n "
" local-scope \n "
" p:&:test-list <- new test-list:type \n "
" foo p \n "
" ] \n "
" def foo p:&:test-list -> p:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" p2:&:test-list <- test-next p \n "
" p <- test-remove p2, p \n "
" ] \n "
" def test-next x:&:test-list -> y:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" y <- get *x, next:offset \n "
" ] \n "
" def test-remove x:&:test-list/contained-in:from, from:&:test-list -> from:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" *x <- put *x, value:offset, 34 \n " // can modify x
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
2016-05-20 22:55:26 +00:00
: ( before " End Immutable Ingredients Special-cases " )
if ( has_property ( current_ingredient , " contained-in " ) ) {
const string_tree * tmp = property ( current_ingredient , " contained-in " ) ;
3309
Rip out everything to fix one failing unit test (commit 3290; type
abbreviations).
This commit does several things at once that I couldn't come up with a
clean way to unpack:
A. It moves to a new representation for type trees without changing
the actual definition of the `type_tree` struct.
B. It adds unit tests for our type metadata precomputation, so that
errors there show up early and in a simpler setting rather than dying
when we try to load Mu code.
C. It fixes a bug, guarding against infinite loops when precomputing
metadata for recursive shape-shifting containers. To do this it uses a
dumb way of comparing type_trees, comparing their string
representations instead. That is likely incredibly inefficient.
Perhaps due to C, this commit has made Mu incredibly slow. Running all
tests for the core and the edit/ app now takes 6.5 minutes rather than
3.5 minutes.
== more notes and details
I've been struggling for the past week now to back out of a bad design
decision, a premature optimization from the early days: storing atoms
directly in the 'value' slot of a cons cell rather than creating a
special 'atom' cons cell and storing it on the 'left' slot. In other
words, if a cons cell looks like this:
o
/ | \
left val right
..then the type_tree (a b c) used to look like this (before this
commit):
o
| \
a o
| \
b o
| \
c null
..rather than like this 'classic' approach to s-expressions which never
mixes val and right (which is what we now have):
o
/ \
o o
| / \
a o o
| / \
b o null
|
c
The old approach made several operations more complicated, most recently
the act of replacing a (possibly atom/leaf) sub-tree with another. That
was the final straw that got me to realize the contortions I was going
through to save a few type_tree nodes (cons cells).
Switching to the new approach was hard partly because I've been using
the old approach for so long and type_tree manipulations had pervaded
everything. Another issue I ran into was the realization that my layers
were not cleanly separated. Key parts of early layers (precomputing type
metadata) existed purely for far later ones (shape-shifting types).
Layers I got repeatedly stuck at:
1. the transform for precomputing type sizes (layer 30)
2. type-checks on merge instructions (layer 31)
3. the transform for precomputing address offsets in types (layer 36)
4. replace operations in supporting shape-shifting recipes (layer 55)
After much thrashing I finally noticed that it wasn't the entirety of
these layers that was giving me trouble, but just the type metadata
precomputation, which had bugs that weren't manifesting until 30 layers
later. Or, worse, when loading .mu files before any tests had had a
chance to run. A common failure mode was running into types at run time
that I hadn't precomputed metadata for at transform time.
Digging into these bugs got me to realize that what I had before wasn't
really very good, but a half-assed heuristic approach that did a whole
lot of extra work precomputing metadata for utterly meaningless types
like `((address number) 3)` which just happened to be part of a larger
type like `(array (address number) 3)`.
So, I redid it all. I switched the representation of types (because the
old representation made unit tests difficult to retrofit) and added unit
tests to the metadata precomputation. I also made layer 30 only do the
minimal metadata precomputation it needs for the concepts introduced
until then. In the process, I also made the precomputation more correct
than before, and added hooks in the right place so that I could augment
the logic when I introduced shape-shifting containers.
== lessons learned
There's several levels of hygiene when it comes to layers:
1. Every layer introduces precisely what it needs and in the simplest
way possible. If I was building an app until just that layer, nothing
would seem over-engineered.
2. Some layers are fore-shadowing features in future layers. Sometimes
this is ok. For example, layer 10 foreshadows containers and arrays and
so on without actually supporting them. That is a net win because it
lets me lay out the core of Mu's data structures out in one place. But
if the fore-shadowing gets too complex things get nasty. Not least
because it can be hard to write unit tests for features before you
provide the plumbing to visualize and manipulate them.
3. A layer is introducing features that are tested only in later layers.
4. A layer is introducing features with tests that are invalidated in
later layers. (This I knew from early on to be an obviously horrendous
idea.)
Summary: avoid Level 2 (foreshadowing layers) as much as possible.
Tolerate it indefinitely for small things where the code stays simple
over time, but become strict again when things start to get more
complex.
Level 3 is mostly a net lose, but sometimes it can be expedient (a real
case of the usually grossly over-applied term "technical debt"), and
it's better than the conventional baseline of no layers and no
scenarios. Just clean it up as soon as possible.
Definitely avoid layer 4 at any time.
== minor lessons
Avoid unit tests for trivial things, write scenarios in context as much as
possible. But within those margins unit tests are fine. Just introduce them
before any scenarios (commit 3297).
Reorganizing layers can be easy. Just merge layers for starters! Punt on
resplitting them in some new way until you've gotten them to work. This is the
wisdom of Refactoring: small steps.
What made it hard was not wanting to merge *everything* between layer 30
and 55. The eventual insight was realizing I just need to move those two
full-strength transforms and nothing else.
2016-09-10 01:32:52 +00:00
if ( ! tmp - > atom
2016-10-18 15:33:20 +00:00
| | ( ! is_present_in_ingredients ( caller , tmp - > value )
& & ! is_present_in_products ( caller , tmp - > value ) ) ) {
3309
Rip out everything to fix one failing unit test (commit 3290; type
abbreviations).
This commit does several things at once that I couldn't come up with a
clean way to unpack:
A. It moves to a new representation for type trees without changing
the actual definition of the `type_tree` struct.
B. It adds unit tests for our type metadata precomputation, so that
errors there show up early and in a simpler setting rather than dying
when we try to load Mu code.
C. It fixes a bug, guarding against infinite loops when precomputing
metadata for recursive shape-shifting containers. To do this it uses a
dumb way of comparing type_trees, comparing their string
representations instead. That is likely incredibly inefficient.
Perhaps due to C, this commit has made Mu incredibly slow. Running all
tests for the core and the edit/ app now takes 6.5 minutes rather than
3.5 minutes.
== more notes and details
I've been struggling for the past week now to back out of a bad design
decision, a premature optimization from the early days: storing atoms
directly in the 'value' slot of a cons cell rather than creating a
special 'atom' cons cell and storing it on the 'left' slot. In other
words, if a cons cell looks like this:
o
/ | \
left val right
..then the type_tree (a b c) used to look like this (before this
commit):
o
| \
a o
| \
b o
| \
c null
..rather than like this 'classic' approach to s-expressions which never
mixes val and right (which is what we now have):
o
/ \
o o
| / \
a o o
| / \
b o null
|
c
The old approach made several operations more complicated, most recently
the act of replacing a (possibly atom/leaf) sub-tree with another. That
was the final straw that got me to realize the contortions I was going
through to save a few type_tree nodes (cons cells).
Switching to the new approach was hard partly because I've been using
the old approach for so long and type_tree manipulations had pervaded
everything. Another issue I ran into was the realization that my layers
were not cleanly separated. Key parts of early layers (precomputing type
metadata) existed purely for far later ones (shape-shifting types).
Layers I got repeatedly stuck at:
1. the transform for precomputing type sizes (layer 30)
2. type-checks on merge instructions (layer 31)
3. the transform for precomputing address offsets in types (layer 36)
4. replace operations in supporting shape-shifting recipes (layer 55)
After much thrashing I finally noticed that it wasn't the entirety of
these layers that was giving me trouble, but just the type metadata
precomputation, which had bugs that weren't manifesting until 30 layers
later. Or, worse, when loading .mu files before any tests had had a
chance to run. A common failure mode was running into types at run time
that I hadn't precomputed metadata for at transform time.
Digging into these bugs got me to realize that what I had before wasn't
really very good, but a half-assed heuristic approach that did a whole
lot of extra work precomputing metadata for utterly meaningless types
like `((address number) 3)` which just happened to be part of a larger
type like `(array (address number) 3)`.
So, I redid it all. I switched the representation of types (because the
old representation made unit tests difficult to retrofit) and added unit
tests to the metadata precomputation. I also made layer 30 only do the
minimal metadata precomputation it needs for the concepts introduced
until then. In the process, I also made the precomputation more correct
than before, and added hooks in the right place so that I could augment
the logic when I introduced shape-shifting containers.
== lessons learned
There's several levels of hygiene when it comes to layers:
1. Every layer introduces precisely what it needs and in the simplest
way possible. If I was building an app until just that layer, nothing
would seem over-engineered.
2. Some layers are fore-shadowing features in future layers. Sometimes
this is ok. For example, layer 10 foreshadows containers and arrays and
so on without actually supporting them. That is a net win because it
lets me lay out the core of Mu's data structures out in one place. But
if the fore-shadowing gets too complex things get nasty. Not least
because it can be hard to write unit tests for features before you
provide the plumbing to visualize and manipulate them.
3. A layer is introducing features that are tested only in later layers.
4. A layer is introducing features with tests that are invalidated in
later layers. (This I knew from early on to be an obviously horrendous
idea.)
Summary: avoid Level 2 (foreshadowing layers) as much as possible.
Tolerate it indefinitely for small things where the code stays simple
over time, but become strict again when things start to get more
complex.
Level 3 is mostly a net lose, but sometimes it can be expedient (a real
case of the usually grossly over-applied term "technical debt"), and
it's better than the conventional baseline of no layers and no
scenarios. Just clean it up as soon as possible.
Definitely avoid layer 4 at any time.
== minor lessons
Avoid unit tests for trivial things, write scenarios in context as much as
possible. But within those margins unit tests are fine. Just introduce them
before any scenarios (commit 3297).
Reorganizing layers can be easy. Just merge layers for starters! Punt on
resplitting them in some new way until you've gotten them to work. This is the
wisdom of Refactoring: small steps.
What made it hard was not wanting to merge *everything* between layer 30
and 55. The eventual insight was realizing I just need to move those two
full-strength transforms and nothing else.
2016-09-10 01:32:52 +00:00
raise < < maybe ( caller . name ) < < " /contained-in can only point to another ingredient or product, but got ' " < < to_string ( property ( current_ingredient , " contained-in " ) ) < < " ' \n " < < end ( ) ;
2016-10-18 15:33:20 +00:00
}
2016-05-20 22:55:26 +00:00
continue ;
}
2016-10-18 15:33:20 +00:00
5001 - drop the :(scenario) DSL
I've been saying for a while[1][2][3] that adding extra abstractions makes
things harder for newcomers, and adding new notations doubly so. And then
I notice this DSL in my own backyard. Makes me feel like a hypocrite.
[1] https://news.ycombinator.com/item?id=13565743#13570092
[2] https://lobste.rs/s/to8wpr/configuration_files_are_canary_warning
[3] https://lobste.rs/s/mdmcdi/little_languages_by_jon_bentley_1986#c_3miuf2
The implementation of the DSL was also highly hacky:
a) It was happening in the tangle/ tool, but was utterly unrelated to tangling
layers.
b) There were several persnickety constraints on the different kinds of
lines and the specific order they were expected in. I kept finding bugs
where the translator would silently do the wrong thing. Or the error messages
sucked, and readers may be stuck looking at the generated code to figure
out what happened. Fixing error messages would require a lot more code,
which is one of my arguments against DSLs in the first place: they may
be easy to implement, but they're hard to design to go with the grain of
the underlying platform. They require lots of iteration. Is that effort
worth prioritizing in this project?
On the other hand, the DSL did make at least some readers' life easier,
the ones who weren't immediately put off by having to learn a strange syntax.
There were fewer quotes to parse, fewer backslash escapes.
Anyway, since there are also people who dislike having to put up with strange
syntaxes, we'll call that consideration a wash and tear this DSL out.
---
This commit was sheer drudgery. Hopefully it won't need to be redone with
a new DSL because I grow sick of backslashes.
2019-03-13 01:56:55 +00:00
: ( code )
void test_contained_in_product ( ) {
transform (
" container test-list [ \n "
" value:num \n "
" next:&:test-list \n "
" ] \n "
" def foo x:&:test-list/contained-in:result -> result:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" result <- copy null \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
void test_contained_in_is_mutable ( ) {
transform (
" container test-list [ \n "
" value:num \n "
" next:&:test-list \n "
" ] \n "
" def foo x:&:test-list/contained-in:result -> result:&:test-list [ \n "
" local-scope \n "
" load-ingredients \n "
" result <- copy x \n "
" put *x, value:offset, 34 \n "
" ] \n "
) ;
CHECK_TRACE_COUNT ( " error " , 0 ) ;
}
