• simendsjo (12/12) Jan 17 2012 At the top of the module:
• Jonathan M Davis (5/21) Jan 17 2012 Exception itself isn't @safe yet (its constructor in particular), and I ...
• simendsjo (3/24) Jan 17 2012 So basically @safe is mostly a no-go as of now? Not sure I understand
• Jonathan M Davis (5/7) Jan 17 2012 Honestly, I suspect that that's a hole in @safe, since Exception's const...
• H. S. Teoh (10/13) Jan 17 2012 [...]
• Timon Gehr (2/12) Jan 17 2012 The code for it was presumably written before SafeD was invented.
• Jonathan M Davis (9/27) Jan 17 2012 That, and not many Phobos developers have been in the habit of using @sa...
• H. S. Teoh (16/18) Jan 17 2012 [...]
• bearophile (4/7) Jan 18 2012 Common subexpression factorization for strongly pure functions that retu...
• Jonathan M Davis (15/34) Jan 17 2012 _pure_ is implemented. It's @safe that isn't fully implemented. pure, @s...
• Timon Gehr (5/39) Jan 17 2012 I think he is interested in the state of implementation of specific
• Jonathan M Davis (19/23) Jan 17 2012 I have no idea what currently gets optimized by the compiler with regard...

simendsjo <simendsjo gmail.com> writes:

At the top of the module:
 safe:

later
unittest {
   assertThrown(...)
}

Ooops. AssertThrown not safe.

Changing the top to:
version(Unittest) {}
else {  safe: }

makes it work, but then I'll need to use that idom in all safe modules 
as assert*Thrown is handly methods.

Jonathan M Davis <jmdavisProg gmx.com> writes:

On Tuesday, January 17, 2012 15:27:04 simendsjo wrote:
 At the top of the module:
  safe:
 
 later
 unittest {
    assertThrown(...)
 }
 
 Ooops. AssertThrown not safe.
 
 Changing the top to:
 version(Unittest) {}
 else {  safe: }
 
 makes it work, but then I'll need to use that idom in all safe modules
 as assert*Thrown is handly methods.

Exception itself isn't  safe yet (its constructor in particular), and I don't 
think that AssertError is either. A number of stuff like that in druntime and 
Phobos still needs to be marked  safe or  trusted.

- Jonathan M Davis

simendsjo <simendsjo gmail.com> writes:

On 17.01.2012 18:07, Jonathan M Davis wrote:
 On Tuesday, January 17, 2012 15:27:04 simendsjo wrote:
 At the top of the module:
  safe:

 later
 unittest {
     assertThrown(...)
 }

 Ooops. AssertThrown not safe.

 Changing the top to:
 version(Unittest) {}
 else {  safe: }

 makes it work, but then I'll need to use that idom in all safe modules
 as assert*Thrown is handly methods.

 Exception itself isn't  safe yet (its constructor in particular), and I don't
 think that AssertError is either. A number of stuff like that in druntime and
 Phobos still needs to be marked  safe or  trusted.

 - Jonathan M Davis

So basically  safe is mostly a no-go as of now? Not sure I understand 
what you mean though.. enforce() can be used in  safe mode.

"Jonathan M Davis" <jmdavisProg gmx.com> writes:

On Tuesday, January 17, 2012 20:26:48 simendsjo wrote:
 So basically  safe is mostly a no-go as of now? Not sure I understand
 what you mean though.. enforce() can be used in  safe mode.

Honestly, I suspect that that's a hole in  safe, since Exception's constructor 
isn't  safe. But I don't know.  safe is not fully implemented, so there are 
likely to be issues with it. I don't know how much it really works.

- Jonathan M Davis

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Tue, Jan 17, 2012 at 09:07:05AM -0800, Jonathan M Davis wrote:
[...]
 Exception itself isn't  safe yet (its constructor in particular), and
 I don't think that AssertError is either. A number of stuff like that
 in druntime and Phobos still needs to be marked  safe or  trusted.

[...]

Just out of curiosity, why isn't it marked  safe? I looked over the
source and didn't see anything immediately obvious that would preclude
 safe.


T

-- 
If Java had true garbage collection, most programs would delete
themselves upon execution. -- Robert Sewell

Timon Gehr <timon.gehr gmx.ch> writes:

On 01/17/2012 08:21 PM, H. S. Teoh wrote:
 On Tue, Jan 17, 2012 at 09:07:05AM -0800, Jonathan M Davis wrote:
 [...]
 Exception itself isn't  safe yet (its constructor in particular), and
 I don't think that AssertError is either. A number of stuff like that
 in druntime and Phobos still needs to be marked  safe or  trusted.

 [...]

 Just out of curiosity, why isn't it marked  safe? I looked over the
 source and didn't see anything immediately obvious that would preclude
  safe.


 T

The code for it was presumably written before SafeD was invented.

"Jonathan M Davis" <jmdavisProg gmx.com> writes:

On Tuesday, January 17, 2012 20:28:52 Timon Gehr wrote:
 On 01/17/2012 08:21 PM, H. S. Teoh wrote:
 On Tue, Jan 17, 2012 at 09:07:05AM -0800, Jonathan M Davis wrote:
 [...]
 
 Exception itself isn't  safe yet (its constructor in particular), and
 I don't think that AssertError is either. A number of stuff like that
 in druntime and Phobos still needs to be marked  safe or  trusted.

 
 [...]
 
 Just out of curiosity, why isn't it marked  safe? I looked over the
 source and didn't see anything immediately obvious that would preclude
  safe.
 
 
 T

 
 The code for it was presumably written before SafeD was invented.

That, and not many Phobos developers have been in the habit of using  safe. It 
isn't fully implemented, and any code in druntime or Phobos which is using it 
is generally newer. It's a lot like pure in that not all that much has been 
marked with it historically, making it kind of useless - though pure has 
generally been used more than  safe. Attribute inferrence is a big step 
forward in making as much as possible  safe and pure, but there's still plenty 
to do there.

- Jonathan M Davis

"H. S. Teoh" <hsteoh quickfur.ath.cx> writes:

On Tue, Jan 17, 2012 at 05:04:18PM -0500, Jonathan M Davis wrote:
[...]
 Attribute inferrence is a big step forward in making as much as
 possible  safe and pure, but there's still plenty to do there.

[...]

Funny you should mention that, I was just starting to wonder if I should
start littering my code with 'pure', and whether it's possible to make
the compiler infer it for me. From the little that I know, it seems that
in most cases 'pure' can be automatically inferred. The compiler already
distinguishes between weakly pure and strongly pure internally, so why
not take it all the way? Not sure how this will affect inter-module
analysis, though.

But since this is apparently not yet implemented, just what *is*
implemented currently when you specify 'pure'?  Common subexpression
factorization? Hoisting? Not (yet) memoization, apparently.


T

-- 
There's light at the end of the tunnel. It's the oncoming train.

bearophile <bearophileHUGS lycos.com> writes:

H. S. Teoh:

 But since this is apparently not yet implemented, just what *is*
 implemented currently when you specify 'pure'?  Common subexpression
 factorization? Hoisting? Not (yet) memoization, apparently.

Common subexpression factorization for strongly pure functions that return
integral values.

Bye,
bearophile

"Jonathan M Davis" <jmdavisProg gmx.com> writes:

On Tuesday, January 17, 2012 14:14:36 H. S. Teoh wrote:
 On Tue, Jan 17, 2012 at 05:04:18PM -0500, Jonathan M Davis wrote:
 [...]
 
 Attribute inferrence is a big step forward in making as much as
 possible  safe and pure, but there's still plenty to do there.

 
 [...]
 
 Funny you should mention that, I was just starting to wonder if I should
 start littering my code with 'pure', and whether it's possible to make
 the compiler infer it for me. From the little that I know, it seems that
 in most cases 'pure' can be automatically inferred. The compiler already
 distinguishes between weakly pure and strongly pure internally, so why
 not take it all the way? Not sure how this will affect inter-module
 analysis, though.
 
 But since this is apparently not yet implemented, just what *is*
 implemented currently when you specify 'pure'? Common subexpression
 factorization? Hoisting? Not (yet) memoization, apparently.

_pure_ is implemented. It's  safe that isn't fully implemented. pure,  safe, 
and nothrow are inferred for templated functions when they're instantiated so 
that they can be pure (or  safe or nothrow) based on the code that's generated 
rather than always forcing it to be one or the other, since that would be far 
too restrictive. But that's completely unnecessary for normal functions. You 
_do_ need to mark those pure,  safe, or nothrow yourself.

If attributes were inferred for normal functions, the compiler would always 
have to have the full source of every function. And even then, it might be an 
instance of the halting problem. Every function is and must be pure (or  safe 
or nothrow) or not when it's declared, and that's part of its signature, so it 
can be known even when the full source isn't. Inference works with templates 
only because they're generating code, and the compiler needs their full source 
anyway.

- Jonathan M Davis

Timon Gehr <timon.gehr gmx.ch> writes:

On 01/17/2012 11:31 PM, Jonathan M Davis wrote:
 On Tuesday, January 17, 2012 14:14:36 H. S. Teoh wrote:
 On Tue, Jan 17, 2012 at 05:04:18PM -0500, Jonathan M Davis wrote:
 [...]

 Attribute inferrence is a big step forward in making as much as
 possible  safe and pure, but there's still plenty to do there.

 [...]

 Funny you should mention that, I was just starting to wonder if I should
 start littering my code with 'pure', and whether it's possible to make
 the compiler infer it for me. From the little that I know, it seems that
 in most cases 'pure' can be automatically inferred. The compiler already
 distinguishes between weakly pure and strongly pure internally, so why
 not take it all the way? Not sure how this will affect inter-module
 analysis, though.

 But since this is apparently not yet implemented, just what *is*
 implemented currently when you specify 'pure'? Common subexpression
 factorization? Hoisting? Not (yet) memoization, apparently.

 _pure_ is implemented. It's  safe that isn't fully implemented. pure,  safe,
 and nothrow are inferred for templated functions when they're instantiated so
 that they can be pure (or  safe or nothrow) based on the code that's generated
 rather than always forcing it to be one or the other, since that would be far
 too restrictive. But that's completely unnecessary for normal functions. You
 _do_ need to mark those pure,  safe, or nothrow yourself.

 If attributes were inferred for normal functions, the compiler would always
 have to have the full source of every function. And even then, it might be an
 instance of the halting problem. Every function is and must be pure (or  safe
 or nothrow) or not when it's declared, and that's part of its signature, so it
 can be known even when the full source isn't. Inference works with templates
 only because they're generating code, and the compiler needs their full source
 anyway.

 - Jonathan M Davis

I think he is interested in the state of implementation of specific 
compiler _optimisations_ that make use of function purity in order to 
prove their correctness. IIRC ldc has CSE for pure functions, but I 
don't know exactly.

"Jonathan M Davis" <jmdavisProg gmx.com> writes:

On Tuesday, January 17, 2012 23:40:35 Timon Gehr wrote:
 I think he is interested in the state of implementation of specific
 compiler _optimisations_ that make use of function purity in order to
 prove their correctness. IIRC ldc has CSE for pure functions, but I
 don't know exactly.

I have no idea what currently gets optimized by the compiler with regards to 
pure except for the fact that the function must be strongly pure and that 
optimizations only ever occur in a single statement (maybe even only in a 
single expression). That's a compiler implementation issue that I don't 
generally worry about. I'd _like_ it to optimize a lot, but that could easily 
vary as the implementation changes even after the language has been fully 
implemented.

Now, if you want to test it, aside from looking at the assembly generated by 
the compiler, you could use debug{} blocks with print statements in them, 
since you can put impure code in debug{} blocks for debugging purposes. So, 
with something like

auto pureFunc(immutable Type arg)
{
 debug { writefln("%s(%s): pureFunc called", __FILE__, __LINE__); }
 //... code
}

it becomes easy to see how well optimized out a pure functions' calls are.

- Jonathan M Davis