From: Philip McGrath <philip@philipmcgrath.com>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Ricardo Wurmus <rekado@elephly.net>, guix-devel@gnu.org
Subject: Re: better error messages through assertions
Date: Mon, 28 Mar 2022 16:25:33 -0400 [thread overview]
Message-ID: <c2e05e68-e2dd-67ab-4ae1-88b1e8adface@philipmcgrath.com> (raw)
In-Reply-To: <87cziy2hq0.fsf@gnu.org>
Hi,
On 3/7/22 05:13, Ludovic Courtès wrote:
> Hi Philip,
>
> Philip McGrath <philip@philipmcgrath.com> skribis:
>
>> Racket's state-of-the-art contract system has many features and nuances. I *do
>> not* think anyone should try to implement them all in one fell swoop. I'm
>> hoping there's a way to implement your simple assertions with only a modest
>> amount of overhead that will provide the right base on which to grow the rest
>> of a contract system. In the short term, the advantage over:
>>
>>> (assert-type (listof service?) services
>>> "SERVICES must be a list of <service> values.")
>>
>> is that you don't have to write error messages by hand.
>>
>> You need two types of values:
>>
>> 1. Contracts, recognized by `contract?`; and
>> 2. Blame objects, recognized by `blame?`.
>
> [...]
>
> Thanks for the explanation and references! I had briefly looked at
> Racket’s contract API in the past but your message gave a clearer view
> of how this all fits together.
>
I'm glad this is something Guix people are interested in!
>> I would love to have contracts in Guix, even very rudimentary contracts. If
>> it's something the community more generally would be interested in, I'd be
>> glad to help as much as I can.
>
> It’d be great to benefit from your expertise here. Like you wrote, I
> think we should start with a simple contract system, certainly simpler
> than Racket’s, and build from there.
>
> If you’re willing and able to spend time prototyping this, that’s great.
> :-)
>
I'm interested in putting together a prototype.
I've taken my own suggestion and asked the Racket community for more
advice:
https://racket.discourse.group/t/advice-on-implementing-a-contract-system/832
To quote the end of my last message there,
> The tl;dr of all that is that `(guix records)` seems to ultimately call for "indy-dependent" contracts[1].
>
> On the one hand, the distinction between "indy-dependent" `->i`[2] and "lax-dependent" `->d`[3] is exactly the sort of hard-learned lesson that I hope the Guix community can draw from Racket's decades of experience.
>
> On the other hand, I'm increasingly intrigued by the idea of starting with forms along the lines of `invariant-assertion`[4] and `struct-guard/c`[5] and truly sticking to flat contracts to start with, leaving all the higher-order complexity for another day.
I'm thinking that a reasonable place to start might be to implement a
`contract->sanitizer` form that would allow using contracts to create
sanitizers, ideally with no changes to `(guix records)`.
In addition to the questions about contract system design, I realized I
have a few questions about Guix/Guile that would be relevant when
starting a prototype.
What is the preferred mechanism for exceptions? I know about:
* (rnrs exceptions)
* (ice-9 exceptions)
* (srfi srfi-34)
* (srfi srfi-35)
and IIRC I've seen more than one of them used in the Guix codebase.
Likewise, what record system should I use? I think the answer should
*not* be (guix records): instead, I think (guix records) should
eventually use (guix contracts). But should I use:
* (rnrs records syntactic)
* (rnrs records procedural)
* (srfi srfi-9)
* (oop goops)
Of those, I'm most familiar with R6RS records. I know (guix records) is
implemented on top of (srfi srfi-9), though I vaguely remember some
discussion about potentially changing that.
Also, I don't know much about how the "abi" aspect of (guix records)
works and what types of changes there would trigger rebuilds. (Though,
again, I hope no changes would be needed for the proof-of-concept phase.)
Finally, when I looked again at the example at the top of this thread:
On 2/14/22 17:32, Ricardo Wurmus wrote:
> ice-9/boot-9.scm:1685:16: In procedure raise-exception:
> In procedure struct-vtable: Wrong type argument in position 1 (expecting struct):
> --8<---------------cut here---------------end--------------->8---
>
> As you can probably tell easily by looking at this message, the
> “service” field of the operating system configuration looked something
> like this:
>
> (services (append (list a b c %desktop-services) #;oops))
>
> instead of this
>
> (services (append (list a b c) %desktop-services))
>
> This is because INSTANTIATE-MISSING-SERVICES — and FOLD-SERVICES, and
> many more — assumes that it is only passed a plain list of services. It
> then proceeds to call SERVICE-KIND on what may or may not be a service.
Another problem here seems to be the fault of (srfi srfi-9). For example:
```
$ guile
GNU Guile 3.0.8
Copyright (C) 1995-2021 Free Software Foundation, Inc.
Guile comes with ABSOLUTELY NO WARRANTY; for details type `,show w'.
This program is free software, and you are welcome to redistribute it
under certain conditions; type `,show c' for details.
Enter `,help' for help.
scheme@(guile-user)> ,use (srfi srfi-9)
scheme@(guile-user)> (define-record-type container (make-container
contents) container? (contents container-contents))
scheme@(guile-user)> (container-contents '())
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure struct-vtable: Wrong type argument in position 1 (expecting
struct): ()
Entering a new prompt. Type `,bt' for a backtrace or `,q' to continue.
scheme@(guile-user) [1]> ,bt
In current input:
3:0 1 (_)
In ice-9/boot-9.scm:
1685:16 0 (raise-exception _ #:continuable? _)
```
It seems like `container-contents` and other field accessors ought to
check their arguments with `container?` (or the applicable predicate)
and not leave error reporting to `struct-vtable`.
Perhaps this could be fixed in the (guix records) layer?
-Philip
[1]: https://www2.ccs.neu.edu/racket/pubs/popl11-dfff.pdf
[2]:
https://docs.racket-lang.org/reference/function-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._-~3ei%29%29
[3]:
https://docs.racket-lang.org/reference/function-contracts.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._-~3ed%29%29
[4]:
https://docs.racket-lang.org/reference/attaching-contracts-to-values.html#%28form._%28%28lib._racket%2Fcontract%2Fprivate%25in2Fbase..rkt%29._invariant-assertion%29%29
[5]:
https://docs.racket-lang.org/reference/attaching-contracts-to-values.html#%28form._%28%28lib._racket%2Fcontract%2Fbase..rkt%29._struct-guard%2Fc%29%29
next prev parent reply other threads:[~2022-03-28 20:38 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-14 22:32 better error messages through assertions Ricardo Wurmus
2022-02-15 8:48 ` Maxime Devos
2022-02-15 21:45 ` Philip McGrath
2022-02-15 22:15 ` Ricardo Wurmus
2022-02-28 12:59 ` Ludovic Courtès
2022-02-28 16:18 ` Philip McGrath
2022-03-07 10:13 ` Ludovic Courtès
2022-03-28 20:25 ` Philip McGrath [this message]
2022-03-30 9:37 ` Ludovic Courtès
2022-03-30 13:28 ` Andy Wingo
2022-04-01 8:47 ` Ludovic Courtès
2022-04-01 19:28 ` Philip McGrath
2022-04-05 12:04 ` Ludovic Courtès
2022-04-01 19:47 ` Philip McGrath
2022-02-22 4:31 ` Arun Isaac
2022-02-25 18:55 ` Maxim Cournoyer
2022-02-26 13:33 ` Ricardo Wurmus
2022-02-26 13:51 ` Maxim Cournoyer
2022-02-28 13:02 ` Ludovic Courtès
2022-02-28 16:00 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c2e05e68-e2dd-67ab-4ae1-88b1e8adface@philipmcgrath.com \
--to=philip@philipmcgrath.com \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
--cc=rekado@elephly.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.