Hi,
For the "A vs a" problem, there is already a warning being issued. Possibly
the full warnings options should be enabled by default?

Since both a and 42 are constants, I feel it would be easy (besides useful)
to be able to detect it at compile time. The operation should even be
evaluated at compile time, IMHO.

regards,
Vlad

3 please. This is not feature I want anyone here relying on :-)

Sean

I would like (2). (1) would be a bit weird since there are already
warnings for e.g. unused functions, but (3) might be annoying if I
know test/1 is broken but want to poke around some other functions.

Is this coming from the type-analysis stuff mentioned in the EUC HiPE
presentation? If so, to firmly put myself into broken-record-mode :-),
I think what CMUCL does with the type information it discovers is
pretty nice -- warnings like this and optional "efficiency-notes".

And if you end up doing optional efficiency-notes in HiPE, as in

foo.erl:10: Bit-syntax pattern is not byte-aligned - not native-compiling
foo.erl:20: Can't determine operand types in "X*Y*Z" - not inlining '*'

then I promise to hack up a fancy Emacs front-end like CMUCL has

Loading Image...

.. though I won't suggest we have to make the compiler so
unpredictable as to require efficiency-notes just so that the Emacs
mode can be fancier :-)

(And of course Emacs needs to know a little more than just the line
number to figure out what to underline..)

Exactly. And if compile time evaluation fails, give compile time error
{badarith,....}.

best regards,
taavi

We don't do that, ergo, no preference.
I'd rather see cond added.

:-)

On Wed, 10 Dec 2003 18:25:44 +0100 (MET)
5. Would prefer it returned the atom 'a42' (PerLang/I! Yesss!!!)

(Dark humour aside... I think #2 makes the most sense.)

-Chris

I would choose 2, which btw is the behaviour you get in this case if you
have set ERL_COMPILER_OPTIONS="[warn_unused_vars]". In the case where you
don't get that warning (for instance by using the variable earlier in the
function) I still like option 2.

It would be easy (and nice) to add a warning at all points where constant
propagation detects a possible (probable?) run-time error. I use the word
possible since I would like the warning in the case

test(A,B) ->
case B of
true -> a + 42;
_ -> A.

The above function is also a good example of why option 3 is bad. There
might actually be a reason that the programmer wants to generate a
run-time error in the case that B is true (I can't think of one, but...).
Anyway it would be bad to disallow program lines that might actually never
even be reached.


btw Since I am delurking I should probably say hi to the list. Hi list.

I am a last year student at Uppsala University, studying Computer Science
and Mathematics (in no particular order of preference). I recently took a
course in compiler techniques where we rewrote the constant propagation
pass on the ICode level for HiPE. This made me interested in Erlang so I
started lurking here.

My email log says that I have been lurking since July, but in reality I
have been deleting more than I have read; increasing my read/delete ratio
steadily. Up to almost 1 the last week (or "division by zero exception"
depending on how you count).

#Luna

I prefer (2) with an OPTIONAL warning, and otherwise
concur with Luke. CMUCL:s user interaction is the most
sophisticated I know of, so building on efficiency
notes etc. sounds like a good idea. (As a principle,
it is a bad idea to leave the programmer guessing
about what sort of tweaks should be made for good
performance.)

However, there are some problems. First, it should be
noted that Common Lisp has a much richer type system
than Erlang. Expressing that something is a fixnum or
a specialized sort of tuple is tedious in Erlang.

Second, the various type annotations one might want to
make are probably easier and more elegantly done with
macros in CL than in Erlang. Some easy way of
communicating those to the compiler is probably
needed.

In short, the compiler-user interaction is worth some
careful thinking.

Best,
Thomas

PS. As regards warnings in general, I would like two
more options:

- Warn when a variable occurrence is matched rather
than bound. This has turned out to be a bug more often
than I would have liked.

- Warn about unknown compiler options (currently just ignored)

__________________________________
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/

Still disagree. Erlang specification does not disallow optimizing
compilers, which try to evaluate constant expressions compile time.

Language allready has special construct for throwing exceptions -
throw(...).

Why not force explicit usage of throw() instead of obscure evaluation
side effects?


best regards,
taavi

I am certainly putting my money on no 1!

The case when "a + 32" craches my code will be easily detected
the first time I run that piece of code, and since I *do* test my
code before delivery, this is a non-problem. I would not like
having anyone wasting their valuable time improving the compiler
to catch this and also wasting more CPU power on everyones
computer when compiling.

/Peter

i choose 3.


bengt

Well ...

a + 42

IS legal code, it might be part of a test suit to test that the
run-time exception handling stuff works.

We need pragmas :-)

a + 42 generates a hard compiler error (not like to today)
and refuses to compile ie your (3)

PRAGMA deliberate_error
a + 42
END

works like (1)

This is what I called "intentionality" in my thesis :-) - the thing is
you don't know why the programmer wrote 42+a - there are two cases

a) The programmer knew it was an error, or,
b) It was an error

Adding a pragma allows the best of both worlds, :-)

/DrJoe :-)

Hello,

I am quite content with the current situation. I always compile
with [warn_unused_vars], and even if A were used elsewhere I would
detect the runtime error in my unit tests.

Please don't make compile times any longer!

Regards,

Dominic Williams.

We in the Erlang/OTP group at Ericsson have also discussed
this question recently.

For the R10B release, we will probably change the compiler
according to #2 or #3. It is not hard that hard to do. What
we will do is to keep line number information a bit longer
so that the optimization passes that can easily detect this
kind of type error also has access to the original line number
when writing the message.

In the Erlang/OTP group, there are different opinions whether
#2 or #3 is the best way to go.

Personally, I think that #2 is the way to go, but most others
in the Erlang/OTP group seem to favor #3.

/Bj?rn Gustavsson, Erlang/OTP, Ericsson AB

I wanted to answer "3, of course" until I realized the
follow-up poll questions might be embarrassing.


- Suppose we reject a+42. Then what about:
test(A) -> a<42.
This is exactly the same typo. Can we also detect it and still
allow < between arbitrary terms (e.g. keys in data structures) ?

The ML way would be to declare < with the type:
'<'(T,T) -> bool().
and allow the programmer to explicitly widen the type of
operands to term() when needed. But this does not make sense
without a clear notion of type inference (i.e. what is the type
of 'a' ? atom() ? The atom 'a' ? a|42 ?).


- More generally, the verification will not be complete.
How do we explain the rationale when a programmer complains
"Hey, the compiler caught this mistake, but not that one" ?


- Should the compiler also reject:
test(A) ->
if a+42 == 0 -> true;
a+42 =/= 0 -> false;
true -> fish
end.
In other words, do people occasionally rely on the fact that
exceptions are silently ignored in guards, possibly in more
elaborate ways than above ?


All things considered, obviously even a local, partial
typechecker would be welcome.

And since Christmas is approaching, #1 on my wishlist would be
a tool which unifies in a consistent way:
- a syntax for function and data type declarations
- erldoc
- typechecking
- uniqatom
- xref
- user-definable, typed behaviours, as in:
%% File: gen_server.bhv
+defbehaviour gen_server(InitArg, State, Request, Result).
+type handle_call(Request, {pid(),term()}, State) ->
{reply, Result, State}
| {reply, Result, State, timeout_val()}
| {noreply, State}
| {noreply, State, timeout_val()}
| {stop, Reason, Result, State}
| {stop, Reason, State}.
- warnings related to the emulation of destructive updates with
single assignment, as in:
handle_call({set,NewValue}, From, State) ->
State1 = State#state{val=NewValue},
State2 = State1#state{timestamp=now()},
{reply, ok, State1}. % Catch this.

-- Pascal

Hi Joe,
And macros, and conditional compilation, and packages...
Pity, I was enjoying Erlang, now I might as well go back to C++.
How did your "defense" go?
Well, apparently! Congratulations, Dr!

Regards,

Dominic Williams.

You must be kidding, right?

As it is now the compiler always does constant propagation and folding.
If you write:
A = 1 + 2,
you get
A = 3,
in the compiled beam code.
(These types of expressions do come up, especially if you are using
macros...)

The problem is that if you write
a + 1,
then the compiler has to spend extra time compiling the expression, handling
the
special case that constant folding does not work, and produce larger
code than necessary.
This already has to be cached and handled by the compiler.
More CPU power is probably used today in order to 'fix' this
special case, at least for native code.

Erik

I vote for #2 (followed by #3 + flag to force compilation, followed
by #1, followed by plain #3).


/martin

Glad to receive so many responses. Let me reply on a few of them.
First of all, let's disconnect this thread from "unused_variables"
(although the warning **SHOULD** be turned on by default). Let's
say that the program was:

test(A) ->
bar(A),
a + 42.
Regardless of whether this is evaluated at compile time or not, there
are still three options as I wrote in my previous mail:

1. the compiler happily compiles this program, but simply replaces
a + 42 with a call to spit {badarith,....}
2. generate a warning, but also byte code.
3. the compiler refuses to compile such erroneous code.

I will try to make a case for 3 below.

Option 1, seems strange to me: The compiler has found out that a particular
evaluation will result in an error, but does not inform its user about it
and moreover generates more code (in terms of space) than that needed for
the expression "a + 42" (if the expression is statically evaluated to
badarith) or refuses to do work at compile time, leaving this work for
run-time (which is what the BEAM compiler currently does).

Option 2 on the surface seems a reasonable choice, but is it really ?
I claim that at least 90% of all such cases are programming errors.
As Taavi mentioned, if the programmer _really_ wants to generate an
error, there is throw() and the a + 42 can be its argument (either
as a string or as a tuple). Seems much, much cleaner to me.

Now let me tell you why I am interested in 3:

In the context of generating native code, it is really a nuisance
to have to handle all sorts of illegal combinations of arguments
to "basic" primitives like "+". Moreover, in the case of HiPE,
because the compiler is (much) more sophisticated than the BEAM
one, it actually discovers quite a lot more cases of such errors.
Currently, we try our best to "immitate" the behaviour of the BEAM
compiler, but in sleepless nights like this one, I keep wondering
whether there should really be a limit to the level of naivety
one pretends to show, or shouldn't there be?

(Just in case it is not obvious, this is a more general issue,
not just related to the simple "a+42" case I chose to illustrate
my point.)

Cheers,
Kostis.
Exactly how do you "rely" on this?

I've sent the following at about 3:00 last night, but have not seen
it in the list yet. I am re-sending it again; apologies if you get
it twice.

Kostis.

---------------------------------------------------------------------

Glad to receive so many responses. Let me reply on a few of them.
First of all, let's disconnect this thread from "unused_variables"
(although the warning **SHOULD** be turned on by default). Let's
say that the program was:

test(A) ->
bar(A),
a + 42.
Regardless of whether this is evaluated at compile time or not, there
are still three options as I wrote in my previous mail:

1. the compiler happily compiles this program, but simply replaces
a + 42 with a call to spit {badarith,....}
2. generate a warning, but also byte code.
3. the compiler refuses to compile such erroneous code.

I will try to make a case for 3 below.

Option 1, seems strange to me: The compiler has found out that a particular
evaluation will result in an error, but does not inform its user about it
and moreover generates more code (in terms of space) than that needed for
the expression "a + 42" (if the expression is statically evaluated to
badarith) or refuses to do work at compile time, leaving this work for
run-time (which is what the BEAM compiler currently does).

Option 2 on the surface seems a reasonable choice, but is it really ?
I claim that at least 90% of all such cases are programming errors.
As Taavi mentioned, if the programmer _really_ wants to generate an
error, there is throw() and the a + 42 can be its argument (either
as a string or as a tuple). Seems much, much cleaner to me.

Now let me tell you why I am interested in 3:

In the context of generating native code, it is really a nuisance
to have to handle all sorts of illegal combinations of arguments
to "basic" primitives like "+". Moreover, in the case of HiPE,
because the compiler is (much) more sophisticated than the BEAM
one, it actually discovers quite a lot more cases of such errors.
Currently, we try our best to "immitate" the behaviour of the BEAM
compiler, but in sleepless nights like this one, I keep wondering
whether there should really be a limit to the level of naivety
one pretends to show, or shouldn't there be?

(Just in case it is not obvious, this is a more general issue,
not just related to the simple "a+42" case I chose to illustrate
my point.)

Cheers,
Kostis.
Exactly how do you "rely" on this?

Concerning

test(A) -> a + 42. /* 1 */

I like to have tools that I can form mental models of.
Suppose we have a compiler that catches the clause above.
Now let's change it:

test(A) -> X = a, X + 42. /* 2 */

Now /* 2 */ _ought_ to have exactly the same semantics as /* 1 */.
But will it? Not if the compiler lets /* 2 */ past but rejects /* 1 */.
To be consistent, the compiler had better do some kind of data flow
analysis. But then we bring in

test(A) -> f(A) + 42. /* 3 */
f(A) -> a.

Apart from tracing, run time, and number of reductions, we'd expect
/* 3 */ to behave just like /* 1 */. Is it proposed that the compiler
will catch this also? Now we're into inter-procedural data flow analysis.

In order to predict which clauses will be rejected and which will be
allowed through, suddenly I have to know more than syntax rules and
variable scope, I have to know quite a bit about how the compiler works.

Now let's try another one. This one is NOT expected to have the same
semantics as /* 1 */, /* 2 */, or /* 3 */.

test(A) -> if 0==0 -> A+42 ; 1==0 -> a+42 end. /* 4 */

Why should the compiler warn about a+42 when there is no possibility of
that expression ever being evaluated?

In order to figure out whether /* 4 */ will be accepted or rejected,
I have to know whether the compiler does its weak type checking before
or after dead code elimination.

A compiler can warn about anything. There's nothing to stop a compiler
saying "Warning: your PC has a camera, you are UGLY." or even
"Warning: code compiled on Friday 13 may not work" or
"Warning: I've seen this before and I didn't like it then either".
But *inconsistent* rejection is another matter entirely.

Consider the following Haskell program as an analogue:

module Main(main)
where
main = print (x `div` x)
x :: Int
x = 0

This is guaranteed to produce an error at run time. Guaranteed.
0 is not a legal right argument for `div`; this is just like the
fact that 'a' is not a legal argument for + .

I tried this program with three different Haskell compilers.
All of them were completely silent about it at compile time.
All of them gave a run time exception.
Yet some of them do quite serious unfolding; at least one of them
_must_ have noticed that I was asking for (0 `div` 0).

My vote would therefore be for option 2:
warn about it but still generate code.

Kostis Sagonas <kostis> wrote:
Option 2 on the surface seems a reasonable choice, but is it really ?
I claim that at least 90% of all such cases are programming errors.

And a warning from the compiler tells the programmer about it.

In the context of generating native code, it is really a nuisance
to have to handle all sorts of illegal combinations of arguments
to "basic" primitives like "+".

But choosing option 3 does not remove this requirement.

-module(foo).
-export(bar/1).
bar(X) -> X + 42.

a+42 is *not* the typical case. This is. And it is precisely in this
case that you have no idea what X is going to be.

The following cases are surely legal:
fixnum + fixnum -- add, may overflow and generate bignum
fixnum + bignum -- call out-of-line code
fixnum + flonum -- convert, add, box (lazily)
bignum + fixnum -- call out-of-line code
bignum + bignum -- call out-of-line code
bignum + flonum -- call out-of-line code
flonum + fixnum -- convert, add, box (lazily)
flonum + bignum -- call out-of-line code
flonum + flonum -- add, box (lazily)

By box (lazily) I mean that the compiler may leave the result in a
floating-point register and only box it when/if it is returned or
included in a data structure.

With 9 legal cases, surely handling one more ("none of the above") is
no big deal. There would appear to be the following interesting cases:
(1) The compiler can prove that X and Y are fixnums:
addcc X, Y, result
bpvs,pn %icc,overflow_handler
nop
(2) The compiler can prove that X is a fixnum and Y a flonum:
(get X into an fp register as 32-bit integer; get Y into an fp reg.)
fitod fX, fX
fadd fX, fY, fresult
(3) The compiler can prove that X is a flonum and Y a fixnum:
(get Y into fp reg as 32-bit integer; get X into fp reg.)
fitod fY, fY
fadd fX, fY, fresult
(4) The compiler can prove that X and Y are both flonums
fadd fX, fY, fresult
(5) None of the above
taddcc X, Y, result
bpvc,pt %icc,1f
nop
call general_case
nop
1:
Or, on a machine without tagged add,
or X, Y, result
andcc result, 3, %g0
bpnz,pn 1f
add X, Y, result
bpvc,pt %icc,2f
nop
1: call general_case
nop
2:

This can be simplified a bit. Suppose Y, for example, is a constant
which will bit as an immediate operand. Then

andcc X, 3, %g0
bpnz,pn 1f
add X, immedY, result
bpvc,pt %icc,2f
nop
1: call general_case
set immedY, Y
2:

But it really can't be simplified _much_.

The problem with (1), of course, is that just because the operands
of + are both fixnums doesn't mean the result is; the result could be
a fixnum or a bignum, so when you do X+X+X the second add has to be
the general case (simplified because we don't need the 'or'; we know
X is still fixnum, but we _don't_ know that X+X is).

There are only three ways I can think of to get an integer calculation
down to a single instruction:

(1) Use taddcctv, which traps on overflow, and put the general case in
the trap handler. However, that does nasty things to an Ultra's
pipeline and is now a deprecated instruction. Keeps the code short,
though. This only works for add, subtract, and compare, of course,
and isn't available for most machines.

(2) Use some really amazing interval analysis as well as type inference.
Erlang doesn't give you much to get started with, though. About the
only thing I can think of is that starting with size(_) and counting
down towards 0 should be safe.

(3) Stop supporting Erlang, and implement a related language in which
only fixnums exist, no bignums. (There was some discussion at one
time about having the Erlang standard only require 64-bit integers,
but even those would count as bignums on a 32-bit machine.) Of
course this would cause great problems interoperating with C, Java,
CORBA, and so on (C99, Java, and CORBA all require 64-bit integers,
don't they?), so that won't do.

Moreover, in the case of HiPE,
because the compiler is (much) more sophisticated than the BEAM
one, it actually discovers quite a lot more cases of such errors.

That's great. So issue a lot more warnings. The BEAM and HiPE compilers
should accept *exactly* the same language. (Although HiPE could "accept"
some files in the sense of giving up and leaving them as BEAM.)
But "accept" is not the same as "not warn about".

I keep wondering
whether there should really be a limit to the level of naivety
one pretends to show, or shouldn't there be?

This is an argument against option 1. It is NOT an argument for option 3.
Option 2 (complain loudly but accept, compatibly with BEAM, and generate
code which generates compatible run-time behaviour) is also non-naive.

I have read through the discussion on this suggestion and found it a little strange, to say the least.

There are a few points I would like to make:

1. If I understood Richard correctly he means that the compiler should be careful when it can't do things consistently, in this case warn about a a construction which will generate an error. He also gave some equivalent code to "a+42" which the compiler would not warn about. His first case, "X = a, X+42" is especially funny as the compiler will generate exactly the same code for it, as it has some simple constant propagation in it. I completely agree with Richard.

2. As Dr. Joe (again congratulations Joe) points out "a+42" IS LEGAL ERLANG! Sorry for shouting but the point must be stressed. How can any one seriously suggest that the compiler disallow legal code? You are actually changing the semantics of the language when you do this. Are you aware of this fact?

3. What is the point is the compiler transforming it to exit({badarith,...})? What are you exactly gaining by doing it? Not saving code anyway, and hardly runtime either.

So my suggestion would be #2, generate a warning. I say that the compiler should disallow illegal code and allow all legal code while warning for potentially stupid things. It should NEVER disallow legal code. Sorry Bjorn but this also includes a compiler option which transforms all warnings to errors. Do you seriously mean that it should be illegal to have singleton variables, unused functions, bad calls to format etc? It is one thing to warn, but to disallow?

The compiler should help me and not hinder me by trying to be too stupidly smart. As example just look at what Word/Outlook Express do for some really terrifying examples. This is somewhat similar to the syntax change suggestion a while back try and catch the case where there was a missing blank in X =<<...>>.

Sorry for getting worked up about this but I wish people would think through their suggestions a bit more and consider the deeper implications of them.

Finally one definite reason not to outlaw a+42 is that it is one of my standard ways of generating an error in code, being much shorter to write than exit(some_bogus_exit_value). I also use 1=2 (N.B. only one =). Which should also be banned I suppose.

Robert

P.S. If things like this are added to the compiler then it is time for an alternate compiler.

----- Original Message -----
From: "Kostis Sagonas" <kostis>
To: <erlang-questions>
Sent: Wednesday, December 10, 2003 6:25 PM
Subject: Small poll

Quite right.

As I pointed out before there can be two possible reasons why the
programmer wrote a+42.

1) The programmer made an error, or,
2) The programmer wants the system to raise an exception.

THERE IS NO WAY THE COMPILER KNOWS WHICH OF THESES TWO CASES APPLIES

(Sorry for shouting)

Conclusion:

You must tell the compiler (ie the compiler needs to know the
programmer's intention - << what I call intentionality >>)

There are two ways of telling the compiler:

a) add pragmas to Erlang

pragma(bad_code)
a+42
end

b) add a known wrapper that the compiler understands

for example make a function

this_is_not_an_error(X) -> X. and then call it thus:

this_is_not_an_error( a + 42)


Method b) needs no syntactic changes to the language, and (I guess)
a very simple change to the compiler.


If we adopt b) then the compiler should reasonably behave as follows:

a+42 Produces a warning
and compiles the code correctly

this_is_not_an_error(a+42) Compiles the code correctly
with no warning

In both cases the function is compiled - the only difference is
whether you warn or not.

Robert is entirely right - legal code must ALWAYS be correctly
compiled --- the compiler should never try to outguess the programmer
and guess that this was an error - half our test suits would stop
working if this were the case.

/Joe

Robert Virding wrote a mail quoting my mail, and he finished it as
I will try to avoid the temptation of replying directly to the first
statement above, and instead reply to the following question of Robert.
Ah, Robert, you seem to have very limited imagination... let me help
you here. Consider the code:

-module(a42).
-export([test/0]).

test() ->
catch f(),
ok.

f() when a+42 == 0 ->
%% extremely long sequence of code here
ok_1;
f() ->
Y = ackerman(), % very long computation here
% (without side-effects)
X = a+42,
mod:funct(X,Y),
%% possibly lots more other code here
ok_2.

ackerman() -> ....


QUESTION 1
----------
Do the "semantics" of Erlang (BTW, I would really like to see them
formally specified before people use this term again) allow a compiler
to transform the code above to just:

-module(a42).
-export([test/0]).

test() ->
ok.

QUESTION 2
----------
Can the savings in time and code space be made arbitrarily big, or not?

QUESTIONS 3-N
-------------
- Do the two occurrences of "a+42" need to be treated differently
by the compiler in the above example, or not?
- Is "a+42" an expression that always generates an error in Erlang?
(as far as the user is concerned)
- Is it just me that finds this Erlang-ism confusing to say
the least? (I.e., is this a user-friendly language design?)


Kostis.

PS. I am very well aware that the subject has shifted from
warnings vs. errors to something else now, but I could
not resist. Apologies.

Is it clear to everyone that

"This code must raise an exception at run time"

and

"This code is in error"

are different? Let me give an Interlisp example first.

In Interlisp-D, there was a built-in function (SHOULDNT).
For example, you might define the factorial function like this:
[PUTDQ FACTORIAL
(LAMBDA (N)
(IF (> N 1) THEN (* N (FACTORIAL (- N 1)))
ELSE IF (>= N 0) THEN 1
ELSE (SHOULDNT]
Now the call to (SHOULDNT) must raise an exception at run time,
and if the call is _executed_ that indicates an error in the way
the function is used, but it isn't an error in the program to _have_
the call sitting there. An Interlisp compiler that rejected code
containing (SHOULDNT) would have rejected every Interlisp program I
ever wrote.

The C equivalent of (SHOULDNT) is abort(). Not, by the way, assert(0).

Is it also clear that

"This code is obviously silly"

and

"This code must raise an exception at run time"

are different? Lint warns about things that are clearly silly,
yet perfectly legal, and perfectly harmless. For example,
x == y;
as a C statement is perfectly well defined, and quite harmless,
yet lint warns about it because you probably didn't mean it.
A C compiler which refused to compile such a program would not
be helpful, it would be buggy.

It is possible to make (=)-for-(==) and (==)-for-(=) errors in
Erlang, and lint checking for Erlang might warn about them even
though they are legal.

Whether a particular piece of apparent silliness is worth warning
about is an empirical question: how often do programmers make the
kind of mistake that results in an instance of that pattern, and
how often do they intend it?

I have no idea what kinds of mistakes are commonest in Erlang.
It would be interesting to find out.

I've worked on a couple of compilers for languages that supported
exception handling. (I _think_ mine was the first paper on doing this
for Prolog, except that Quintus insisted on yanking it from the conference
after it was accepted.) Exception handling can be very tricky to get
right. (There's a debate raging in the Clean mailing list at this moment.)
ANSI Smalltalk exception handling is a case in point; to me it seems
insanely complicated, and it's not clear that Squeak has got it 100% right
yet. This means that especially when you are maintaining compilers, you
_need_ simple test cases which are certain to cause exceptions because
that's what you're testing.

<<<< limited imagination -- never - I've never heard anybody accuse
Robert of limited imagination before -- he has his little quirks, we
all do, but limited imagination is not among them... deciding to
totally rewrite the compiler one week before it's to be released and a
month after the last final-final code stop might be a more appropriate
failing :-) >>>>
ABSOLUTELY NOT - the programs mean *completely* different things.

In your example the compiler writers job is to make sure that
ackerman() gets evaluated as quicky as possible - it is NOT to change
the meaning of the program.

Programs are ONLY correct wrt to specifications - period - end of story.

Here is the spec (which you didn't show us :-)

<<

Write me a program, that performs a long and evolved computation
(say by calling the ackerman function) - then generate an error and
return ok.

This is to be used in a regression test where we test the speed-up
introduce by our new big-num acceleration hardware.
One good property that a programming language should have is
"predictability" the programmer should be able to naively understand
the (space-time) consequences of their code - break this rule and you
are in trouble.

I *hate* compilers that make assumptions about my code and optimize
away my so-called "mistakes".

If the programmer tells the system to do something stupid then it
should do something stupid.

<< aside -- why is this: Once upon a time I had to program a "radar
controller" when I worked for the Eiscat scientific association. The radar
controller had lots of lamps on the front panel.

The hardware guys wanted me to write an *incorrect* program which
would cause the red error lamp on the front panel to light up.

This proved *impossible* because a "smart" compiler refused all
programs which were incorrect and thus I could not write a test
program that light the red lamp.

I struggled for weeks - eventual we had to throw away all the
control software and re-write it from scratch so that I could write
"incorrect" programs.

Moral - the system should do *exactly* what you tell it and nothing
else >>
No - the compiler/run-time system should make the code do exactly
what the programmer said the code should do - what one should optimize
are the artificial artifacts introduced by compilation - ie minimize
garbage collection times, instruction dispatching times etc.
No
Yes
I don't find this strange at all - I guess it's just you :-)

/Joe

I've been following this thread with interest.

My gut feeling is that it's a can of worms that's best left closed. Why
warn about this case, but not slightly more complex cases? Depending on the
kind of optimizations the compiler does, you might be able to get warnings
about some of the these, but you'll still never get constant propagation
across module boundaries, for example. And "a + 42" as a legitimate mistake
on the programmer's part is much, much rarer than a simple fat-fingering of
the name of a function in a another module and having the compiler accept it
anyway (note: I'm not suggesting that this should be addressed!).

James

Sorry to suddently turn this thread into a political one, but the
above argument seems to me an argument of the form:

"Why try to eliminate some social injustices, since we are never
going to eliminate them all (especially the most subtle ones)."

Just think about it...

Cheers,
Kostis.

First, you can't compare software and social injustices. You just can't.
Well, okay, you just did, but it's not meaningful :)

Second, software is a battle against complexity. In this particular case
you're adding a check and a warning about something that's (A) a rare
occurrence, (B) going to bomb out immediately the first time you test the
function, and (C) detected at compile time in specific circumstances and not
detected in others. To provide a warning for this, you are adding
additional code to the compiler. Is it worth it?

I would buy that, yes, it makes sense because "a + 42" is a typical newbie
mistake, and we're probably not talking about a lot of additional code to
warn about this. But it's also a typical newbie mistake to use an atom in a
function header, like "first({x,y}) -> x", and that can't be warned against.
So it's hit-or-miss about what can be warned about and what can't. This is
what I meant about a can of worms. It is more straightforward to dismiss
the issue, rather than going down a long road of adding warnings for all
kinds of things that may or may not be errors, because realistically this is
a minor issue.

Again, this has nothing to do with social injustices. You don't engineer
laws the same way you engineer software.

James

First of all, I am not comparing them with "software" but with
"software errors". To me, the analogy is a very good one.
In the same way that we cannot eliminate all social injustices,
we cannot eliminate all software errors. However, trying to is
a worthwhile cause, and achieving partial success is probably
better than doing nothing about it. The analogy is even better
if you take into account that most often than not, there is no
unanimous agreement about what really constitutes an injustice
or an error.
You are obviously not a compiler writer, are you? In this particular
case, we are actually talking about *eliminating* (in the case of the
BEAM compiler) and *avoiding adding* (in the case of HiPE) lots of
stupid code that is now special-handling the case of "a+42" (and
generating instructions with very weird argument types). If you
do not believe me, just look at the sources.

Best,
Kostis.

But you're only getting this win if you make this an error, not a warning,
right? You'll still be "generating instructions with weird argument types"
if you print a warning, then generate code. In fact, you're *adding* (what
I suspect is a trivial amount of) code to print the warning.

James

It should then come as to no suprise that I have made a case
for the error over the warning in a previous mail of mine.

Kostis.

If possible, of course.

When HiPE compiles code as a JIT (i.e. starting from BEAM code)
this is not possible. When hipe compiles starting from source
through Core Erlang, the line numbers will of course be printed.

Kostis.

Kostis Sagonas <kostis> wrote:
Sorry to suddently turn this thread into a political one, but the
above argument seems to me an argument of the form:

"Why try to eliminate some social injustices, since we are never
going to eliminate them all (especially the most subtle ones)."

Just think about it...

Well yes, I have thought about it, and the analogy is invalid.
A much more interesting and possibly more fruitful analogy is to
the "human factors and safety of interfaces" stuff one often sees
popping up in comp.risks. If you automate too much, people get to
rely on the machine, and then the automation has to be _really_ good.
If you have alarms that keep going off, people start ignoring them,
and then really bad things happen, because some of the alarms aren't
false. It seems that there's an optimal level of human involvement
in checking; too much and people can't do it, too little and people
do even less than they should. It is important for people to have
a clear understanding of what the machine will check (so they don't
have to) and what it won't (so they DO have to).

A question I asked a couple of times in this year's functional programming
exam paper had the general form
- description of data structure
- set up the type declarations in Haskell!
- how much of the data structure invariants were you able
to tell the Haskell compiler about, and why?
- finish the job!

Whatever you end up doing, it is a human factors disaster if the
BEAM compiler and the HiPE compiler disagree, because then people will
not be able to form a coherent mental model of what will be checked
by machine and what they must check in their inspections.

I tried to make this point in an earlier message, though I may not
have succeeded. I don't really want to see the compiler cluttered up
with a lot of checks for things that may or may not be errors,
especially when:

1. There are many more things that are not checked (for example, any
place where a newbie types "x" instead of "X"). Trying to catch them
all seems like a long and unproductive road to go down. (Okay, I
once complained about list comprehensions without generators being
quietly compiled, but I'd argue that's invalid Erlang.)

2. Simple, interactive testing catches all of these errors anyway,
even the ones that aren't warned about.

Additionally, I think Erlang--both the language and implementation--
are on the verge of becoming too complicated. I think both could use
some streamlining. Adding ad hoc warnings is a step in the other
direction.

I agree in principle, but then you see newbies making errors that you
can't check for:

second([x,y|t]) -> y.

Where x, y, and t were intended to be variables, not atoms. Or using
"/" instead of "div". Or the more common case of calling an external
function with the wrong number of parameters, or simply a non-
existant external function (which, I admit, would be nice to check
for, though not so simple). It's a slippery slope to try to fix all
of these at compile time, and it isn't clear that an overly pedantic
compiler is a worthy goal. There should at least be consistent
principles for what is warned about and what isn't.

That said, I still like the new warning for "This statement will
never match," maybe just because I've seen similar warnings in ML-
like languages.

I totally understand the argument for maintaining backwards compatibility,
even though I do not fully agree with it, but if the decision is to add
the extra clause, there is still something which is needed.

Besides checking that M and F are atoms, there needs to be a check that
the {M,F} is a valid fun object and its arity is 1 (note the is_fun_arity
new guard that is required in the second clause -- I wrote it as a comment
but it really needs to be introduced in the language for the type inference
algorithm to infer that the F in the first and the second clause are of
the same type).

Kostis

Fine, but that should not be an inner loop check.

BTW, can is_fun_arity() really be a guard function?
With on-demand code loading, is_fun_arity can only
say whether a given function has the right arity if
it's already loaded - otherwise, it must fail - or
the guard check potentially hang while the considerable
side effect of loading the module into memory is
executed. I assume that this will not be allowed.

This would mean that lists:map/2 could fail even if
the function {M,F} exists and has the right arity,
which would seem to violate Joe's Principle of Least
Astonishment.

Given that {M,F} must point to an exported function,
the BIF erlang:function_exported/3 seems to do pretty
much what you're asking for, except for a few oddities:

Eshell V5.4.3 (abort with ^G)
1> lists:map({erlang,abs},[-2,-1,0,1,2,3]).
[2,1,0,1,2,3]
2> erlang:function_exported(erlang,abs,1).
false
3>

The documentation says the following:

"erlang:function_exported(Module, Function, Arity)

Returns true if the module Module is loaded and contains
an exported function Function/Arity; otherwise false.

Returns false for any BIF (functions implemented in C
rather than in Erlang).

This function is retained mainly for backwards
compatibility.
It is not clear why you really would want to use it."


Note that this function is not allowed in guards.

PS
4> erlang:function_exported(erlang,send_nosuspend,3).
true
4> erlang:function_exported(erlang,send_nosuspend,3).
true
5> erlang:function_exported(ets,insert,2).
false
6> erlang:function_exported(ets,tab2list,1).
true
7> erlang:function_exported(lists,append,2).
true
8> erlang:function_exported(erlang,yield,0).
true

The rule of returning 'false' for BIFs pretty much makes
this BIF unusable for practical purposes. In the examples
above, it's not even enough to look into the source code
to predict what this function will return. The Erlang source
for erlang:yield() looks like this:

yield() ->
erlang:yield().

Go figure. (:

/Uffe

This is true, but the above yet one more argument for finally
deciding to discontinue support for the {M,F} fun notation.

It ain't fun!

Kostis

Kostis replied:

I am not sure I get this, because map naturally protects itself from
inproper lists in its second argument.

It is not true that "map naturally protects itself. In Scheme,

(define (map F L)
(if (pair? L)
(cons (F (car L)) (map F (cdr L)))
'()))

is the most obvious way to implement map. You have to go out of your way
to explicitly check for an empty list. And that's my point: in a case
where it would not just be _as_ easy to be "generous" but it would actually
be _easier_ to be "generous", Scheme demands a proper list.

Can it be that you are mixing
map with some other function like append?

No. append does *not* require its second argument to be a proper list in
Scheme implementations. There is an interesting but obvious reason:

- in cases where the only burden is one extra check "now that this
argument isn't a pair, is it an empty list?", the check is done.

- in cases where the burden would be traversing a list that would
otherwise _not_ have been traversed, the check is not done.

That is, checks are made that don't change the expression inside the big Oh.
Not a bad rule for a library implementor.

The bad news is that F must be allowed to be a "tuple fun" too,
to keep backward compatibility.

Thus the revised code must look like this:

map(F, [H|T]) ->
[F(H)|map(F, T)];
map(F, []) when is_function(F) -> %% andalso is_fun_arity(F) == 1
[];
map({M,F}, []) when is_atom(M), is_atom(F) ->
[].

That should still give the Dialyzer more information about the type.

Everywhere we have an argument that should be a function but might not
always be applied we are going to have the same problem. A fix that adds
an extra clause is going to be a pain.

We need
is_applicable(F, N)
- succeeds or returns true when N is a non-negative integer
and F is such that F(T1,...,TN) would make sense
- fails or returns false otherwise
is_applicable(F)
- succeeds or returns true when there exists an N such that
is_applicable(F, N) would succeed or return true
- fails or returns false otherwise

Then
map(F, [F|T]) -> [F(H)|map(F,T)];
map(F, []) when is_applicable(F, 2) -> [].

Yes, it will.

However, apparently I am missing the obvious, because I do not see
how this is easier (though I see that it is more elegant) to
implement than what we were essentially discussing yesterday...

The key question is: does "is_applicable({M,F}, 1)" always check that
the M:F/1 is a valid fun (and succeeds accordingly) or not?
(I am assuming the "2" above is just a typo and should read "1" BTW).

Kostis

Ok, at least now I know we are on the same wavelength.
Sounds a reasonable plan. Since is_applicable/2 will, some fine day,
be changed to only accept proper funs in its first argument and till
then will only be doing crippled tests with tuple funs anyway,
let me propose that we call this is_function/2 instead.

So map/2 will read:

map(F, [F|T]) -> [F(H)|map(F,T)];
map(F, []) when is_function(F,1) -> [].

This is more consistent with the current is_function/1 guard (which
is the is_applicable/1 which Richard O'Keefe has described).
(Moreover, you can see the current implementation of is_function/1
as one where the tuple fun case is already gone! :-)

Kostis

I proposed
The words "would make sense" were very carefully chosen.

Kostis Sagonas <kostis> wrote:
However, apparently I am missing the obvious, because I do not see
how this is easier (though I see that it is more elegant) to
implement than what we were essentially discussing yesterday...

It isn't easier to IMPLEMENT but easier to USE.

Remember the context. Someone else proposed

map(F, [H|T]) -> [F(H) | map(F, T)];
map(F, []) when is_function(F) -> [];
map({M,F}, []) when is_atom(M), is_atom(F) -> [].

This is problematic in two ways.
First, when the argument *is* a function it doesn't check as much as
it easily could. (It doesn't check the arity.)

Second, the extra clause to check for {M,F} is such a pain to add
that it probably won't be done consistently throughout the libraries.

is_applicable/[1,2] is meant to address both points:
- if there is a required arity, that can be passed
and used for a more precise test
- it is *MUCH* easier to use than adding an extra clause.

The key question is: does "is_applicable({M,F}, 1)" always check that
the M:F/1 is a valid fun (and succeeds accordingly) or not?

"would make sense" is not the same as "is currently defined".
Like other guards, is_applicable/[1,2] is meant to be a *time-independent*
test which can be checked by *local inspection* of the term in question.

Consider this example:

m:f(X) -> unload module X.

lists:map({m,f}, [m])

At the time the call *starts*, m:f/1 *is* defined.
By the time the call reaches [], m:f/1 is *not* defined any longer.
If we had the stronger time-dependent non-local check we'd get a
run-time error, for a call that actually made sense at the beginning
and has in fact completed without any difficulty.

Closures don't have that problem. Once a closure of arity 1, always
a closure of arity 1. That doesn't actually mean they are safer:

lists:map(fun (X) -> m:f(X) end, [m])

It makes sense to think of {m,f} as short-hand for
"whichever of
fun (X1) -> m:f(X1) end
...
fun (X1,...,X99) -> m:f(X1,...,X999) end
...
is actually required at the time of call."
So it makes sense to treat it has having the same validity as the
corresponding fun.

(I am assuming the "2" above is just a typo and should read "1" BTW).

No, it was a thinko: too much Prolog. It should read "1".

Yes, it is used in (older parts of) our software at CellPoint.

/Fredrik

Well, I did the same mistake. But the reply is the same - it is in use (but I'd change it to the fun M:F/A syntax as soon as it's there).

/Fredrik

Not yet as far as I know, but they will be available at the ACM
Digital Library.
Another option is to go and ask for or buy a copy at the workshop's
venue in Tallinn. There are other co-located events still going on
till the end of this week.

Best,
Kostis