Defaulting #774
Defaulting #774
Conversation
tests/mono-binds/test05.icry.stdout
Outdated
| module test05 | ||
| import Cryptol | ||
| /* Not recursive */ | ||
| test05::foo : [10] | ||
| test05::foo = Cryptol::number 10 [10] <> | ||
|
|
||
| /* Not recursive */ | ||
| test05::test : {n, a, b} (Zero b, Literal 10 a) => [n]b -> a | ||
| test05::test = \{n, a, b} (Zero b, Literal 10 a) (a : [n]b) -> | ||
| test05::test : {n, m, a, b} (Literal 10 a, fin n, Zero b) => |
There was a problem hiding this comment.
This is one of the more substantial changes to inference
| [warning] at unary-2.cry:2:11--2:14: | ||
| Defaulting type argument 'a' of 'min' to [2] | ||
| True | ||
| Showing a specific instance of polymorphic result: |
There was a problem hiding this comment.
This is an actual change in semantics due to defaulting.
I hope that's an oversimplification. Does this type of defaulting no longer work? |
|
That example does still work; we apply additional defaulting at the REPL, and those haven't changed. All the defaulting rules described above are the ones that apply during typechecking. The REPL defaulting rules are applied later, when a term is evaluated at the command line, or in a :check, etc. |
|
How about this ever so slightly modified (but still correct) DES.cry? |
|
Does this still work: |
|
The DES example fails in this current branch with: |
|
Likewise, the example with |
|
Both failures are proper, in my opinion. The DES one works fine if you leave off the |
|
Does this proof still work? I'm pretty sure |
|
Those error messages are pretty rough...The warnings before were pretty concise --- Could we replicate that conciseness somehow? It also look like, from the error messages, that the defaulting information is still there, so maybe Cryptol could say: |
This proof still works. Any concrete integers will get evaluated away during symbolic evaluation, so the solver should never see them. |
|
I agree, the error messages are quite unpleasant. We might be able to get the best of both worlds here. The logic for doing width defaulting still exists: we could simply compute the same defaulting decisions we used to and report them as errors instead (maybe also have a configuration option to degrade them to warnings, preserving some of the previous behavior). |
I'm not too keen on Cryptol specs that rely on configuration options. It's nice to hear the messages can be improved, allowing the user to, in the worst case, just plop in what Cryptol suggests. |
|
Following the plan outlined above, the latest patch computes basically the same defaulting information as before, but issues an error instead of a warning. This gives good improvements to errors, but also converts some examples that would eventually typecheck with ambiguous types into outright failures instead. The specific examples I've seen seem like a strict improvement. Regarding the two examples above, we now get the following interactions: Here, the first two messages are basically symptoms of the root cause, identified in the third message. We can suppress them by actually doing the defaulting so that later definitions don't encounter unconstrained type variables. This has other side effects, I'm not certain what is the better way to go. These messages are way more readable than the previous ones. |
|
If we actually apply the computed defaulting when typechecking dependent definitions, the error messages for the modified DES become: I think doing this is probably a net positive. |
|
Concerning the |
|
A quick grep shows that both terms occur, but "numeric type" is much more prevalent. We should probably just stick to that. |
Instead of defaulting to `[n]` for some `n`, prefer instead to default to `Integer` or `Rational` depending on the other required constraints.
Fix up the test suite. This mostly delays defaulting warnings into "showing specific instance of polymorpic type warnings", but requires actual fixes in a small number of places. Those places were higly questionable, in my opinion.
Now that we only default to unlimited-precision types, this warning is considerably less useful.
use that information to emit error messages rather than warnings. This provides more specific messages than simply allowing the affected type variables to remain uninstantiated and failing later. It also causes some examples that otherwise would have ambiguous types to fail earlier. This converts some test instances where REPL defaulting would eventually succeed into examples that fail outright instead. I largely think these instances are improvements.
rest of a module. This helps prevent a single ambiguous size variable from causing additional errors in other definition.
This used to look for decimal literals applied to specific primitive operations and cause them to silently default to bitvector types large enough to hold their values. With the new literal defaulting system, this special case is no longer necessary.
|
It is my understanding that we're now in agreement about this strategy, and I believe this code is ready to merge. Let me know if there are additional issues to discuss before I merge. |
|
I think its fine to merge it |
…w4`. PR GaloisInc/cryptol#774 changed cryptol's defaulting rules in such a way that some indexing operators in `test_w4` are assigned different types. PR GaloisInc/saw-core#61 was then necessary to avoid a panic; also the out-of-bounds indexing tests have changed from expected proof success to expected proof failure.
Rework defaulting rules.
This is an experiment in progress. This branch implements new defaulting rules that are now possible with recent Cryptol changes.
In short: we no longer perform defaulting by guessing bit-widths. Instead literals are defaulted to unlimited precision types (
IntegerorRational) when appropriate. Defaulting warnings are now suppressed by default, as they are essentially harmless.There are only a tiny collection of tests in the test suite that changed semantics as a result of these changes. By far, the most common result was the elimination of defaulting warnings.