DSL for module semantics

[ShinWonho]

DSL for module semantics.
This PR depends on #30

[rossberg]

Cool, thanks! I have some comments, see below.

[rossberg]

FWIW, I dropped the option on purpose, since I figured it's simpler to just desugar an empty upper bound into 2^32-1 in the AST.

[rossberg]

Suggested change

	-- if $table(z, x) = ti
	-- if $grow_table(ti, n, ref) = ti'
	-- if $grow_table($table(z, x), n, ref) = ti'

[rossberg]

This condition should probably be moved to $grow_table, such that that becomes a self-contained abstraction.

[rossberg]

Suggested change

	-- if $mem(z, 0) = mi
	-- if $grow_memory(mi, n) = mi'
	-- if $grow_memory($mem(z, 0), n) = mi'

[rossberg]

Same comment as above.

[rossberg]

Oh. The run functions are supposed to be auxiliary functions that produce a program to run (i.e., desugar active segments), not actually execute the instructions.

[rossberg]

Can we avoid duplicating the definition? Why would the approach from the spec not work?

[rossberg]

So, the instantiate (and similarly invoke) functions in the spec are meant to macro-expand into an actual instruction sequence, which then can be reduced separately by the usual means. This definition seems to be interleave expansion and execution and couple them together, which I'd rather like to avoid.

[rossberg]

Here and below we are conflating the allocx functions with the allocx* liftings. Could we keep them separate? In particular, for the Latex spec, we will only want to include the allocx ones, and not write out each of the others.

[rossberg]

I see why you did it this way, but now the alloc_module functions is not actually allocating one module instance, but an arbitrary number of them. Can we change this so that there is only one module instance being created in the end?

Also, Conrad suggested we can avoid resorting to mutating immutable parts of the store and instead break the cycle by precomputing the function addresses and the module instance before creating the function instances.

[ShinWonho]

I refined the module semantics. To reflect the aforementioned comments, I extended the DSL (you can see the detailed explanation below). This change requires updating the EL parser, IL validation and other components, and we're planning to update them. Before that, I'd like to know whether the updated DSL looks good enough.

[ShinWonho]

I'm implementing this in dsl branch. It might be helpful to see the implementation to understand the extended syntax.

[ShinWonho]

I suggest new syntax for order preserving filter in the spec.

Or, we can use recursion

def $funcs(externval*) : funcaddr*
def $funcs(epsilon) = epsilon
def $funcs((FUNC fa) externval'*) = fa $funcs(externval'*)
def $funcs(externval externval'*) = $funcs(externval'*)
  -- otherwise

[ShinWonho]

I updated the syntax in 236de04.

def $funcs(externval*) = `[fa|FUNC fa <- externval]
def $globals(externval*) = `[ga|GLOBAL ga <- externval]
def $tables(externval*) = `[ta|TABLE ta <- externval]
def $mems(externval*) = `[ma|MEM ma <- externval]

[rossberg]

Makes sense, though extending the DSL may be quite a cost for a one-off auxiliary definition like this. Let's perhaps discuss this on Thursday.

[ShinWonho]

I suggest new syntax for range to precomputing the addresses.
For example, 0 ... 5 means 0 1 2 3 4 5.

[rossberg]

Can this perhaps be expressed by an auxiliary function?

def $range(nat_1, nat_2) : nat*  hint(show %...%)
def $range(n_1, n_2) = epsilon  -- if n_1 > n_2
def $range(n_1, n_2) = n_1 $range(n_1+1, n_2)  -- otherwise

[ShinWonho]

Thanks for the idea. I'll reflect it.

[ShinWonho]

Now, we don't need allocx* liftings.
But we can use allocx* liftings, if you want.

def $allocfunc(store, moduleinst, func) : store
def $allocfunc(s, m, func) = s[.FUNC =.. fi]
  -- if fi = { MODULE m, CODE func }

def $allocfunc*(store, moduleinst, func*) : store
def $allocfunc*(s, m, epsilon) = s
def $allocfunc*(s, m, func func'*) = $allocfunc*($allocfunc(s, m, func), m, func'*)

...

def $allocmodule(store, module, externval*, val*, (ref*)*) : (store, moduleinst)
def $allocmodule(s, module, externval*, val*, (ref*)*) = (s_6, m)
  ...
  -- if s_1 = $allocfunc*(s, m, func*)
  ...

[rossberg]

The alloc functions are meant as an abstraction that encapsulates allocation (and they are used in other places, specifically, the embedding interface in the appendix). The formulation you suggest, while cute, would be problematic in that sense, because then these functions no longer actually allocate.

So I'd go with the liftings for now. (You probably need to name them without the star and make that a show-hint.)

Mid-term I'd like to revamp the module representation into a linear list of declaration that is processed sequentially. Then this mess should go away.

[ShinWonho]

I have a few questions related to the comments you made:

1. To avoid mutation, we decided to precompute the addresses before allocation. As a result, the alloc functions no longer return address. Is it acceptable to return store only?
2. In the spec, the allocx lifting is defined for arbitrary object kinds, but DSL doesn't allow it. So I define a lifting function for each of the alloc functions. Is this approach acceptable?
3. You mentioned that it is necessary to name the lifting functions without a star. If we remove the star, the name of lifting function would be the same as the name of allocation function. To ensure distinct names, would it be appropriate to use the name allocfuncs for the lifting function?
4. I didn't fully understand the sentence: "Mid-term I'd like to revamp the module representation into a linear list of declaration that is processed sequentially." Could you provide further clarification on its meaning?

[rossberg]

Re 1: Well, if you rephrase "precompute" as "predict", then no change to the allocation functions is necessary, I believe.

Re 2: Yes, defining a function for each type is fine for the DSL. We can probably still tweak it to produce a single template in the Latex output.

Re 3: allocfuncs sounds good to me.

Re 4: With some of the future extensions, module checking and instantiation becomes more sequential, with ordered dependencies between declarations. Also, there are ideas for allowing multiple appearances of section types, so that the order of different sorts of declarations can be mixed. So I would like to refactor modules to be more like a sequence of different declarations that is processed in order, which would also eliminate the specific iterations. I still have to work out the details, though, in particular wrt instantiation.

[ShinWonho]

Thank you for your kind reply!

[ShinWonho]

We also need range for runelem and rundata.
Here, i* is a range 0 ... $(n-1), so $runelem(elem*[i], i)* means $runelem(elem*[0], 0) ... $runelem(elem*[$(n-1)]), $(n-1)) where n = |elem*|.
However, type of $runelem(..) is instr*, so type of $runelem(..)* is instr**.
Therefore, it requires new syntax for flattening.

...$runelem(..)* notation stands for kind of flattening which comes from JavaScript syntax spread.
Alternatively, we can use notations from Scala or Python
Scala repeated parameters: $runelem(..):_*
Python unpacking: *($runelem(..)*)

---

Rather than using *-notation, we can also use syntax similar to the spec
$runelem(elem*[0], 0) ... $runelem(elem*[$(n-1)], $(n-1))

[rossberg]

Yeah, at this point I wonder if we shouldn't have a version of iteration with an index variable, e.g., exp^(i<n). Then this could be expressed as

(runelem_(i, elem))^(i<n)

when given elem^n. But maybe that's going too far?

Note that the spec also defines an auxiliary concat operator for flattening (see here).
A monomorphic version of that can already be defined in the DSL. For example, this works:

def $concat(nat**) : nat*
def $concat(epsilon) = epsilon
def $concat(n* n'**) = n* $concat(n'**)

def $f(nat) : nat*
def $f(n) = n n n
def $g(nat*) : nat*
def $g(n*) = $concat($f(n)*) $concat($f(n)*)

[ShinWonho]

Oh, Thanks for the ideas! I'll reflect them.

[ShinWonho]

We can also use iteration with an index to express the range
For example, fa* = $range(|s.FUNC|, $(|s.FUNC| + |func*| - 1)) can be replaced by fa* = $(|s.FUNC| + i)^(i<n) where n is |func*|.
I think it is more compact.

[ShinWonho]

I updated module-semantics, filter with recursive version.

[rossberg]

Looks mostly good, module nits. However, I would suggest minor refactorings of the new AST node:

• Instead of a separate IndexedListN, have single ListN of exp * id option. That avoids repeating the logic for the exponent.

• Introduce the same in the EL and disambiguate the syntax in the parser.

[rossberg]

Why is this change needed?

[ShinWonho]

def $instantiation(s, module, externval*) = s'; f; instr_elem* instr_data* (CALL x)?
  ...

This is instantiation function in DSL.
In this context, (CALL x)? should be interpreted as admininstr*, which can either be epsilon (empty) or have a length of one.
So, it is intended to allow the optional iterative expression to have a list iteration type.

[rossberg]

I suggest we introduce an IndexedListN constructor in the EL as well and disambiguate in the parser already.

[ShinWonho]

Thanks for the comments. I have a few questions.

1. I want to check whether I understand correctly. As I understand, EL should include both ListN of id and IndexedListN of exp * id, while IL should only have ListN of exp * id option. Is it correct?
2. To have both ListN and IndexedListN in EL,

iter :
  | QUEST { Opt }
  | PLUS { List1 }
  | STAR { List }
  | UP arith_prim
    { match $2.it with
      | ParenE ({ it = CmpE({ it = VarE id; _ }, LtOp, e); _}, false) ->
          IndexedListN (e, id)
      | _ -> ListN $2
    }

is it enough for parser code, or do I have to refactor parsing the iter?

[rossberg]

Ah, sorry for the confusion, I wrote this comment about IndexedListN in EL before I arrived at the other. I'd prefer both to use ListN of exp * id option.

[ShinWonho]

Oh, I see.
However, I believe pattern matching is still necessary to obtain id information if we do not intend to refactor the parser.

iter :
  | QUEST { Opt }
  | PLUS { List1 }
  | STAR { List }
  | UP arith_prim
    { match $2.it with
      | ParenE ({ it = CmpE({ it = VarE id; _ }, LtOp, e); _}, false) ->
          ListN (e, Some id)
      | _ -> ListN ($2, None)
    }

Is this pattern matching seems okay?

[rossberg]

Yes, that's fine with me.

[rossberg]

Suggested change

	| IndexedListN _
	| ListN _ -> List
	| ListN _ | IndexedListN _ -> List

[rossberg]

The only difference between this function and render_red_conditions seems to be the number of tabs to insert. Instead of duplicating the entire definition, can we perhaps make tab string ("&&&" vs "&&&&") a parameter?

[ShinWonho]

I reflected your comments!
Thanks for the comments :)

[rossberg]

Thanks! I have mostly nits, but I think there are few things missing around checking the iteration variable.

[rossberg]

Shouldn't his be

Suggested change

	| ListN (e, _) -> free_exp e
	| ListN (e, id_opt) → union (free_exp e) (free_opt free_varid id_opt)

[rossberg]

I'm not sure I understand this assertion. Why can't there be any other ids in that case?

[ShinWonho]

It is because I would like to block the use of "iter with index" like this:

def $foo() : nat
def $foo() = 0
  -- if x* = 0 1 2
  -- if (x*[i] = y)^(i<3)

If you think we should allow semantics like this, I will remove the assertion.

[rossberg]

I don't think I follow, what problem do you see with that example? In Shouldn't using them for indexing be one of the primary use cases for iter vars?

[ShinWonho]

I apologize for not providing sufficient explanation earlier.
My intention was to use 'iter with index' in a way that restricts iteration on variables other than the index variable.
However, upon further consideration, I realized that 'iter with index' merely introduces an index for iteration, so there shouldn't be such a restriction. I'll erase the assertion.

[rossberg]

Nit:

Suggested change

	| ListN (e, opt) ->
	| ListN (e, id_opt) ->

Also, I believe this needs to check that the variable has the right type.

[rossberg]

Suggested change

	ListN (e', opt), occur
	ListN (e', id_opt), occur

[rossberg]

Don't we still need this check?

[rossberg]

Nit: I think you can undo the reformatting now.

[rossberg]

Suggested change

	| ListN (e, id) -> ListN (t_exp env e, id)
	| ListN (e, id_opt) -> ListN (t_exp env e, id_opt)

[rossberg]

Suggested change

	| ListN (e, id) -> ListN (t_exp env e, id)
	| ListN (e, id_opt) -> ListN (t_exp env e, id_opt)

[rossberg]

Suggested change

	| ListN (e, id) -> unary t_exp n e (fun e' -> ListN (e', id))
	| ListN (e, id_opt) -> unary t_exp n e (fun e' -> ListN (e', id_opt))

[rossberg]

Suggested change

	| ListN (e, id) -> unary t_exp env e (fun e' -> ListN (e', id))
	| ListN (e, id_opt) -> unary t_exp env e (fun e' -> ListN (e', id_opt))

[ShinWonho]

I introduced a check for the 'iter with index.'
If we check IterE where iter is of the form ListN (e, Some id), I treat the dimension of id as [ListN (e, Some id)], which is recursive.
Should we allow this recursion? If you prefer to avoid recursion, I can modify the dimension as [ListN (e)] or [List]

[rossberg]

Good point. Now that you mention it, I think no iteration variables should occur in any variable dimension. They are not part of the "dimension type". I believe this means that in multiplicity.ml:

• check_iter needs to strip the variable, like you suggest
• both check_exp and check_prem also need to strip any variable from the iter that they add to the ctx list in the cases of IterE and IterPr,
• the equality assertion in annot_iterexp must strip iter before comparing it.

And in il/validation.ml:

• in valid_iter the iter must be stripped before comparing to dim

Perhaps some other places I am missing?

[rossberg]

I missed this nit before:

Suggested change

	| ListN (e, Some (id)) -> "^(" ^ id.it ^ "<" ^ string_of_exp e ^ ")"
	| ListN (e, Some id) -> "^(" ^ id.it ^ "<" ^ string_of_exp e ^ ")"

[rossberg]

Suggested change

	| ListN (e, opt) ->
	Option.iter (fun id -> check_id env (iter::ctx) id) opt;
	check_exp env ctx e
	| ListN (e, id_opt) ->
	Option.iter (fun id -> check_id env (ListN (e, None) :: ctx) id) id_opt;
	check_exp env ctx e

[rossberg]

Suggested change

	| ListN (e, None) ->
	let e', occur = annot_exp env e in
	ListN (e', opt), occur
	ListN (e', None), occur
	| ListN (e, Some id) ->
	let e', occur1 = annot_exp env e in
	let occur2 = Env.singleton id.it [] in
	ListN (e', Some id), union occur1 occur2
	| ListN (e, id_opt) ->
	let e', occur1 = annot_exp env e in
	let occur2 =
	match id_opt with None -> Env.empty | Some id -> Env.singleton id.it [] in
	ListN (e', id_opt), union occur1 occur2

[rossberg]

I don't think I follow, what problem do you see with that example? In Shouldn't using them for indexing be one of the primary use cases for iter vars?

[rossberg]

This also needs to check the type of the id.

[ShinWonho]

I add type check for index variable.
However, there is no region information of index, the error prints the wrong region.

[rossberg]

This seems to be defined twice in this module.

[ShinWonho]

I defined strip_index for both El and Il. Would it better to use distinct names?

[rossberg]

Ah, sorry, missed that. It's fine then.

[rossberg]

Suggested change

[rossberg]

I think you still need to validate the id here, see comment below.

[rossberg]

Ah, sorry for not being clearer. We still need to validate the variable. We only need to strip it for the purpose of the eq_iter check below. Because this combination should be legal:

(...x...)^n          (...x...)^(i<n)

[ShinWonho]

Oh, I see. I've fixed it.
Thanks for the comments.

[rossberg]

Nit: can we name this iter' to avoid confusion?

[rossberg]

Looks good, modulo the two comments below. Thanks!

[rossberg]

Nit: can we name this iter' to avoid confusion?

[rossberg]

@ShinWonho, I fixed a couple of bugs in the multiplicity annotation and the renderer backend that I had overlooked during the code review. However, the bigger issue I really only noticed now is that the index variable is completely ignored in all the middlend phases. Who will implement this? Or is the plan to have a pass that eliminates the variable first?

[ShinWonho]

My naive thought was that introducing 'iter with index' wouldn't affect the middle-end phases.
I'm willing to implement that, but I don't have a deep understanding of middle-end phases, so there could be someone more suited for this task.
Therefore, I suggest discussing it in today's meeting.