www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Pure Contract bug? (unnecessarily strict)

reply Era Scarecrow <rtcvb32 yahoo.com> writes:
 Maybe someone's brought this up, but i seem to have the compiler complaining
to me that my function isn't 'pure' by calling a non-pure function,
specifically to!string().

 However the unpure functions are only accessed in the contracts, and only if
it failed seriously. Is this already planned to be worked on? I thought i read
the contracts shouldn't be considered as part of it since they are totally
excluded during the release builds (and shouldn't have any side effects). 

Error: pure function 'offset' cannot call impure function 'to'


	 property const pure int offset(int field)
	in {
		assert(field < notes.length);
	}
	out (o) {
		assert(o >= 0, "Negative value! Check structure:" ~ name ~ "\nReq:" ~ requ ~
"\nsize:" ~ to!string(size) ~ "\n");
	}
	body { ... }
Jan 28 2012
next sibling parent "Daniel Murphy" <yebblies nospamgmail.com> writes:
The way to avoid purity checking is to put code in a debug {} statement. 
I'm not aware of any plans to disable purity checking for contracts. 
Jan 28 2012
prev sibling next sibling parent "Jesse Phillips" <jessekphillips+D gmail.com> writes:
On Sunday, 29 January 2012 at 06:22:26 UTC, Era Scarecrow wrote:
 Maybe someone's brought this up, but i seem to have the 
 compiler complaining to me that my function isn't 'pure' by 
 calling a non-pure function, specifically to!string().

I don't see why this couldn't be done, not only does it get not exist in release, it shouldn't be changing variables in non-release. As mentioned there is a hole for debug code. Report it: http://d.puremagic.com/issues/ and we'll see what happens with that.
Jan 30 2012
prev sibling next sibling parent "Era Scarecrow" <rtcvb32 yahoo.com> writes:
 I don't see why this couldn't be done, not only does it get not 
 exist in release, it shouldn't be changing variables in 
 non-release. As mentioned there is a hole for debug code.

 Report it:

 http://d.puremagic.com/issues/

 and we'll see what happens with that.

Reported; Minor priority (Won't break code) http://d.puremagic.com/issues/show_bug.cgi?id=7401
Jan 30 2012
prev sibling next sibling parent reply "Era Scarecrow" <rtcvb32 yahoo.com> writes:
If I'm reading how pure works, my original example was likely 
broken as it was part of a struct that returned a state value 
(although the contract constraints meaning was still valid).

So is pure fully usable or is it not yet ready? Makes me think 
that pure should have further constraints/limits, if it's part of 
a class/struct it should either require or automatically be 
static (no state access) and if it accesses any global variables, 
they must be immutable.

int x;
immutable int y = 10;

pure int test(int z) {
	int t = z + x;		//should error
	t += y;			//fine, globally immutable.
	return t;
}

struct X {
	int s_x;
	static int s_st_x;
	immutable int s_y;
	static immutable int s_st_y = 100;

	pure int test(int z) {
		int t = x + z;	//should error
		t += s_x;	//error, mutable external state
		t += s_st_x;	//error, mutable external state (static)
		t += s_y;	//error, not statically immutable, mathematically 
impure.


		t += y;		//fine, global immutable
		t += s_st_y; 	//fine, statically immutable.
		return t;
	}
}

Errors I get currently are these:

test(int):
Error: pure function 'test' cannot access mutable static data 'x'

X.test(int):
Error: pure function 'test' cannot access mutable static data 'x'
Error: pure function 'test' cannot access mutable static data 
's_st_x'


If I understand pure correctly, I should get two more, for s_x 
and s_y.
Feb 04 2012
parent reply Timon Gehr <timon.gehr gmx.ch> writes:
On 02/04/2012 08:51 PM, Era Scarecrow wrote:
 If I'm reading how pure works, my original example was likely broken as
 it was part of a struct that returned a state value (although the
 contract constraints meaning was still valid).

 So is pure fully usable or is it not yet ready? Makes me think that pure
 should have further constraints/limits, if it's part of a class/struct
 it should either require or automatically be static (no state access)
 and if it accesses any global variables, they must be immutable.

 int x;
 immutable int y = 10;

 pure int test(int z) {
 int t = z + x; //should error
 t += y; //fine, globally immutable.
 return t;
 }

 struct X {
 int s_x;
 static int s_st_x;
 immutable int s_y;
 static immutable int s_st_y = 100;

 pure int test(int z) {
 int t = x + z; //should error
 t += s_x; //error, mutable external state
 t += s_st_x; //error, mutable external state (static)
 t += s_y; //error, not statically immutable, mathematically impure.


 t += y; //fine, global immutable
 t += s_st_y; //fine, statically immutable.
 return t;
 }
 }

 Errors I get currently are these:

 test(int):
 Error: pure function 'test' cannot access mutable static data 'x'

 X.test(int):
 Error: pure function 'test' cannot access mutable static data 'x'
 Error: pure function 'test' cannot access mutable static data 's_st_x'


 If I understand pure correctly, I should get two more, for s_x and s_y.

Pure does not imply const in D. If you want stronger guarantees, just turn 'test' into a const (or immutable) member function. In D, a function can change anything that is mutable and reachable through its parameters, this includes the implicit 'this' pointer. The reason for this design is simple: There is no need to be overly restrictive, because the additional restrictions are already trivially expressed in the type system. Furthermore, any mutation of a parameter can be turned into a less efficient protocol that only requires a const pure function, so there would be no gain if pure implied const, it would only make pure less useful. void foo(int* x)pure{*x+=2;} int bar(const(int)*x)pure{return *x+2;} void main() pure{ int x, y; foo(&x); // those two lines have y = bar(&y); // equivalent functionality! }
Feb 04 2012
parent reply Timon Gehr <timon.gehr gmx.ch> writes:
On 02/04/2012 11:04 PM, Era Scarecrow wrote:
 Pure does not imply const in D. If you want stronger guarantees, just
 turn 'test' into a const (or immutable) member function. In D, a
 function can change anything that is mutable and reachable through its
 parameters, this includes the implicit 'this' pointer. The reason for
 this design is simple: There is no need to be overly restrictive,
 because the additional restrictions are already trivially expressed in
 the type system. Furthermore, any mutation of a parameter can be
 turned into a less efficient protocol that only requires a const pure
 function, so there would be no gain if pure implied const, it would
 only make pure less useful.

 void foo(int* x)pure{*x+=2;}
 int bar(const(int)*x)pure{return *x+2;}

 void main() pure{
 int x, y;
 foo(&x); // those two lines have
 y = bar(&y); // equivalent functionality!
 }

Only external data I was implying, that was not based off the input arguments. Examples in the book refer that calculating Pi, or the square root of 2 is a constant and will always result in the same output, regardless the situation. Quote TDPL pg 165: "In D, a function is considered pure if returning a result is it's only effect and the result depends only on the function's arguments. Also, pure functions can run literally in parallel because they don't interact with the rest of the program except through their result."

Probably the restriction was lifted after TDPL was out.
 So... If we take a struct.

 struct X {
 int i;
 pure int squaredPlus(int x) {
 return x*x + i
 }
 alias squaredPlus sqp;
 }

 X st(15);

 writeln(st.sqp(0)); //15
 int i1 = st.sqp(10); st.i++;
 int i2 = st.sqp(10); st.i++;
 int i3 = st.sqp(10); st.i++;
 int i4 = st.sqp(10); st.i++;

 assert(i1 == 100); //pass/fail?
 assert(i2 == 101); //pass/fail?
 assert(i3 == 102); //pass/fail?
 assert(i4 == 103); //pass/fail?
 assert(s1.i == 104); //probably pass.

 If the compiler can reorder or run these in parallel (for optimization)
 or caches the result the first time (since it's suppose to always return
 the same value), what's correct in this case? This afterall isn't
 synchronized, even if it was, what's correct behavior? Am I wrong in
 understanding this?

Yes. The compiler will only reorder/run in parallel/optimize if it is safe (not changing execution semantics). Pure can be used to prove that certain optimizations are safe. If a pure function only takes const or immutable arguments, the compiler has more guarantees and can do more things. If a pure function takes mutable arguments, it can be used as a component of other pure functions (important!), but the kind of optimizations that can be performed directly on them are a lot more limited. 'Pure' means that the behavior of the function does not change between invocations with the same/equivalent arguments. This can include mutating actions on the arguments, if those are typed mutable.
Feb 04 2012
parent reply Timon Gehr <timon.gehr gmx.ch> writes:
On 02/05/2012 12:15 AM, Era Scarecrow wrote:
 Probably the restriction was lifted after TDPL was out.

 Yes. The compiler will only reorder/run in parallel/optimize if it is
 safe (not changing execution semantics). Pure can be used to prove
 that certain optimizations are safe. If a pure function only takes
 const or immutable arguments, the compiler has more guarantees and can
 do more things. If a pure function takes mutable arguments, it can be
 used as a component of other pure functions (important!), but the kind
 of optimizations that can be performed directly on them are a lot more
 limited.

 'Pure' means that the behavior of the function does not change between
 invocations with the same/equivalent arguments. This can include
 mutating actions on the arguments, if those are typed mutable.

Even if you changed the signature of the pure function to 'pure int squaredPlus(immutable int);' you'd have the same problem; Because the int argument it receives is a copy so it won't matter if it was mutable or not. (If it were an object, then it would be more enforced). I'll refer to the language specs to see if I can find an answer on this, but it feels wrong allowing access to 'this' on mutable data; I thought it could only mutate it's own data in regards to local variables and arguments it owned.

the signature I meant looks like pure int squaredPlus(int)immutable;
Feb 04 2012
parent Timon Gehr <timon.gehr gmx.ch> writes:
On 02/05/2012 01:20 AM, Era Scarecrow wrote:
 the signature I meant looks like

 pure int squaredPlus(int)immutable;

Which then the only way you could call it, was if the object itself was immutable, which is definitely safe (I think). Hmmm...

Alternatively you can use pure int squaredPlus(int)const;, of course.
Feb 04 2012
prev sibling next sibling parent "Era Scarecrow" <rtcvb32 yahoo.com> writes:
 Pure does not imply const in D. If you want stronger 
 guarantees, just turn 'test' into a const (or immutable) member 
 function. In D, a function can change anything that is mutable 
 and reachable through its parameters, this includes the 
 implicit 'this' pointer. The reason for this design is simple: 
 There is no need to be overly restrictive, because the 
 additional restrictions are already trivially expressed in the 
 type system. Furthermore, any mutation of a parameter can be 
 turned into a less efficient protocol that only requires a 
 const pure function, so there would be no gain if pure implied 
 const, it would only make pure less useful.

 void foo(int* x)pure{*x+=2;}
 int bar(const(int)*x)pure{return *x+2;}

 void main() pure{
 int x, y;
 foo(&x);     // those two lines have
 y = bar(&y); // equivalent functionality!
 }

Only external data I was implying, that was not based off the input arguments. Examples in the book refer that calculating Pi, or the square root of 2 is a constant and will always result in the same output, regardless the situation. Quote TDPL pg 165: "In D, a function is considered pure if returning a result is it's only effect and the result depends only on the function's arguments. Also, pure functions can run literally in parallel because they don't interact with the rest of the program except through their result." So... If we take a struct. struct X { int i; pure int squaredPlus(int x) { return x*x + i } alias squaredPlus sqp; } X st(15); writeln(st.sqp(0)); //15 int i1 = st.sqp(10); st.i++; int i2 = st.sqp(10); st.i++; int i3 = st.sqp(10); st.i++; int i4 = st.sqp(10); st.i++; assert(i1 == 100); //pass/fail? assert(i2 == 101); //pass/fail? assert(i3 == 102); //pass/fail? assert(i4 == 103); //pass/fail? assert(s1.i == 104); //probably pass. If the compiler can reorder or run these in parallel (for optimization) or caches the result the first time (since it's suppose to always return the same value), what's correct in this case? This afterall isn't synchronized, even if it was, what's correct behavior? Am I wrong in understanding this?
Feb 04 2012
prev sibling next sibling parent "Era Scarecrow" <rtcvb32 yahoo.com> writes:
 Probably the restriction was lifted after TDPL was out.

 Yes. The compiler will only reorder/run in parallel/optimize if 
 it is safe (not changing execution semantics). Pure can be used 
 to prove that certain optimizations are safe. If a pure 
 function only takes const or immutable arguments, the compiler 
 has more guarantees and can do more things. If a pure function 
 takes mutable arguments, it can be used as a component of other 
 pure functions (important!), but the kind of optimizations that 
 can be performed directly on them are a lot more limited.

 'Pure' means that the behavior of the function does not change 
 between invocations with the same/equivalent arguments. This 
 can include mutating actions on the arguments, if those are 
 typed mutable.

Even if you changed the signature of the pure function to 'pure int squaredPlus(immutable int);' you'd have the same problem; Because the int argument it receives is a copy so it won't matter if it was mutable or not. (If it were an object, then it would be more enforced). I'll refer to the language specs to see if I can find an answer on this, but it feels wrong allowing access to 'this' on mutable data; I thought it could only mutate it's own data in regards to local variables and arguments it owned.
Feb 04 2012
prev sibling parent "Era Scarecrow" <rtcvb32 yahoo.com> writes:
 the signature I meant looks like

 pure int squaredPlus(int)immutable;

Which then the only way you could call it, was if the object itself was immutable, which is definitely safe (I think). Hmmm...
Feb 04 2012