[e-lang] Safe compile-time evaluation

Kevin Reid kpreid at attglobal.net
Sun May 7 07:35:13 EDT 2006 

On May 6, 2006, at 20:08, Mark S. Miller wrote:

> Kevin Reid wrote:
>> Another issue with constant folding:
>>
>> Is it allowable for an E compiler to hang due to code like:
>>
>>    if (false_but_not_statically_known) {
>>      __loop(thunk implements DeepFrozen { true })
>>    }
...
>> If not, how shall we avoid it? What I've thought of so far:
>>
>> 1. Have a rubber-stamp auditor to mark objects[*] as allowing
>> constant-folding for calls to them. [...]
>>
>> 2. Evaluate constant calls with an interpreter with execution time/
>> step-count limits. (This smaller-than-vat-granularity [...]
>
> Why smaller than vat granularity?

Because most of the objects involved in this optimization (from  
observation) are vat-resident Selfish objects.

>> [*] Given Selfless auditors, this can be made specific to a certain
>> subset of messages to an object.
>
> Could you explain your footnote? I don't understand it. Thanks.

def Foop {
   to get(mverb) {
     def `@verb/@arity` := mverb
     def Foop1 implements TransparentSelfless {
       to __optUncall() { return [Foop, "get", [mverb]] }

       to audit(object, witness) {
         def methodz :notNull := object.getScript().getOptMethods()
         def methd :notNull := \
           for methd ? (methd.getVerb() == verb &&
                         methd.getParams().size() == arity) \
               in methodz { break methd }
         def body := methd.getBody()
         require(body =~ e`escape __return { return @expr; null }` \
              || body =~ expr)
         require(expr =~ e`"foo"` \
              || expr =~ e`"foo" + @_`)
         require(!expr.staticScope().namesRead().maps("__return"))
       }

       to coerce(specimen, optEjector) {
         return standardCoerce(fn s { __auditedBy(Foop1, s) },
                               fn { Foop1 },
                               fn { w`$specimen#$mverb is not a foop` })
       }
     }
   }

   match [=="get", mverbs] {
     def pieces := map.v(Foop.get, mverbs)
     def intersection := makeIntersectionGuard(pieces)

     def FoopN implements DeepFrozen {
       to audit(object, witness) {
         for piece in pieces { witness.ask(piece) }
         return false
       }

       to coerce(specimen, optEjector) {
         return intersection.coerce(specimen, optEjector)
       }
     }
   }
}

def object implements Foop["a/1", "b/0"] {
   to a(x) { return "foo" + x }
   to b() { return "foo" }
   to c() { return "bar" }
}

The result is that e`(x :Foop["a/1"]).a(y)` is guaranteed to return  
only strings starting with "foo", which I picked just for an example  
of general auditing that could apply to any method.

The Selflessness of the auditors allows one to be made for any  
particular verb without keeping that particular auditor around for  
approval checks.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>

More information about the e-lang mailing list