Fix and improve contract generation optimization for static types #2017
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit fixes a number of issues with the optimization of contract
generation from a static type annotation. It's been introduced to take
advantage of the guarantees of static typing to simplify the generated
contract and elide a number of useless checks at run-time.
However, this optimization was too agressive as implemented: it just
turned any non-function type in a positive position to `Dyn`. Indeed,
contracts in negative position must be kept around, because they check
what's come from the (potentially untyped) external world: the fact that
a function is statically typed doesn't ensure it'll be called with the
right arguments.
The first issue is that a negative contract can hide inside something
else than an arrow type. Typically, take `let functions: Array (Number
-> Number) in (std.array.at 0 functions) "a"`. The application is
untyped, and wrongly pass a string to a function of the array. However,
the current optimization code will turn this contract to just `Dyn` at
runtime and get rid of entirely, because there's an `Array _` in
positive position. This is only valid if `_` doesn't contain any arrow
type, which it does, in this example.
Another issue stems from the sealing/unsealing symmetry of polymorphic
row contracts. Take `let id : forall r. {foo : Number; r} -> {foo :
Number; r} = fun x => x in id {foo = 1, bar = 2}`. The current version
would return `{foo = 1}`, with the `bar` field missing. The issue is
that the second `{foo : Number; r}` is a record type in positive
position, which currently gets entirely elided, giving `forall r. {foo :
Number; r} -> Dyn` as an optimized contract. The argument contract seals
anything else than `foo` in the record's tail, but there's no dual
contract to unseal it anymore, such that it just becomes invisible.
This commit implements a more complicated strategy, but which is
hopefully correct. Instead of getting rid of type constructor in
positive positions, we try to simplify their content as well, and only
if the content is simplified down to `Dyn` (or `{; Dyn}` for record
rows, etc.), we get rid of the entire constructor. Otherwise, we try to
pay only for necessary checks. For example, `{foo : Number, bar : Number
-> Number}` now gets simplified to `{bar : Number -> Dyn; Dyn}` instead
of just `Dyn` before (which was incorrect).
The full simplification rules around polymorphic row contracts are a bit
intricate and are properly detailed in the documentation of the
corresponding methods.
yannham
force-pushed
the
fix/polymorphic-rows-tail-disappears
branch
from
c2e36b4
to
82d7d71
Compare
|
| Report | Mon, August 5, 2024 at 16:50:18 UTC |
| Project | nickel |
| Branch | 2017/merge |
| Testbed | ubuntu-latest |
⚠️ WARNING: The following Measure does not have a Threshold. Without a Threshold, no Alerts will ever be generated!
- Latency (latency)
Click here to create a new Threshold
For more information, see the Threshold documentation.
To only post results if a Threshold exists, set the--ci-only-thresholdsCLI flag.
Click to view all benchmark results
| Benchmark | Latency | Latency Results nanoseconds (ns) |
|---|---|---|
| fibonacci 10 | ➖ (view plot) | 487,060.00 |
| pidigits 100 | ➖ (view plot) | 3,168,400.00 |
| product 30 | ➖ (view plot) | 799,480.00 |
| scalar 10 | ➖ (view plot) | 1,487,900.00 |
| sum 30 | ➖ (view plot) | 796,720.00 |
Bencher - Continuous Benchmarking
View Public Perf Page
Docs | Repo | Chat | Help
|
@jneem if you have a chance to take a look - I'd like to include this in the 1.8 release (given the severity of the bug that is fixed) |
jneem
approved these changes
Aug 5, 2024
yannham
commented
Aug 5, 2024
yannham
commented
Aug 5, 2024
yannham
commented
Aug 5, 2024
Co-authored-by: jneem <joeneeman@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2014.
Motivation
This PR fixes a number of issues with the optimization of contract generation from a static type annotation. This optimization has been introduced to take advantage of the guarantees of static typing to simplify the generated contract and elide a number of useless checks at run-time.
However, the original optimization is too agressive: it turns any non-function type in a positive position to
Dyn.Contracts in negative position must be kept around, because they check what's come from the (potentially untyped) external world inside the function: the fact that a function is statically typed doesn't ensure it'll be called with the
right arguments. Basic contracts in positive position can be elided though: if a function has been statically checked to be of type
Number -> Number, we now that it'll always return aNumberat runtime, and we can simplify the contract toNumber -> Dyn(which is further specialized to an implementation that doesn't check anything on the codomain). Alas, this isn't true for more complex types in positive positions.Unsoundness
The first issue is that a type constructor in positive position can hide negative contracts inside. Typically, take
let functions: Array (Number -> Number) in (std.array.at 0 functions) "a". The application is untyped, and wrongly passes a string to a function of the array. However, the current optimization will turn this contract to justDynat runtime and get rid of entirely, because there's anArray _in positive position, and won't blame at runtime (might get a primop dynamic type error, or nothing, depending what exactly does the function). The elision is only valid if_doesn't contain any arrow type, which it does, in this example.Another issue stems from the sealing/unsealing symmetry of polymorphic row contracts. Take
let id : forall r. {foo : Number; r} -> {foo : Number; r} = fun x => x in id {foo = 1, bar = 2}. The current version would return{foo = 1}, with thebarfield missing. The issue is that the second{foo : Number; r}is a record type in positive position, which currently gets entirely elided, givingforall r. {foo : Number; r} -> Dynas an optimized contract. The argument contract seals anything else thanfooin the record's tail, but there's no dual contract to unseal it anymore, such thatbarstays sealed in the tail forever and thus invisible.This commit implements a more complicated strategy, but which is hopefully correct. Instead of getting rid of type constructor in positive positions, we try to simplify their content as well, and only if the content is simplified down to
Dyn(or{; Dyn}for record rows, etc.), we get rid of the entire constructor. Otherwise, we try to pay only for the necessary checks. For example,{foo : Number, bar : Number -> Number}now gets simplified to{bar : Number -> Dyn; Dyn}instead of justDynbefore (which was incorrect).The full simplification rules around polymorphic row contracts are a bit intricate and are detailed in the documentation of the corresponding methods.