|
Highlights of 0.8.29f |
||||||
Non-Upwards Compatible Changes
ENodes are DeepPassByCopy. The safeScope is now arguably immutable enough.
Top Level Bindings are No Longer Retroactively Updated
Non-Upwards Compatible Changes
ENodes are DeepPassByCopy. The safeScope is now arguably immutable enough.
The highlight of this release is fixing the safeScope Mutability breaks confinement bug. The manner in which this has currently been fixed is, at this time, intended to be an interim fix, awaiting the "proper" fix. However, we must admit that such interim fixes often live past their expected lifetimes. The interim fix has three parts:
-
ENode, and therefore all subclasses of ENode, are now properly DeepPassByCopy. This has allowed us to remove the BootShuttle kludge from the system, since E ASTs may now be passed through the boot comm system within the rules. We ran into one painful conflict: We lost the LiteralNounExpr and LiteralSlotNounExpr optimizations, which we will need back.
The proper fix is to use Term trees for user-accessible ASTs, so that only these need to be DeepPassByCopy. ENodes then would be a mostly internal abstraction, and so could revert back to non-DeepPassByCopy. At that point, we could re-introduce the LiteralNounExpr and LiteralSlotNounExpr optimizations or their equivalents.
-
The old set of scope classes, including the mutable OuterScope, has simplified down to just the single concrete class Scope. A Scope represents a fixed set of bindings -- it is no longer either extensible or mutable in place. The safeScope contains only FinalSlots or LazyEvalSlots, initialized to hold values that would seem safe enough for programs, confined from each other, to share. Whether these values are indeed this safe bears further examination.
The proper fix is probably to use EMaps for user-accessible representation of Scopes, but this creates a potential conflict with the needs of Auditors: The Scope contains both the runtime mapping from names to Slots and the static mapping from names to NounPatterns, and should eventually ensure that these correspond. The proposed used of EMaps would not provide the name => NounPattern mapping needed by Auditors.
-
EExpr now provides two eval methods, neither of which is precisely the same as the old EExpr eval:
-
to evalToPair(scope :Scope) :Tuple[any, Scope]
evaluates the expr in the provided scope, returning the resulting value and a new scope derived from the current scope but also containing bindings for the expression's top level definitions. -
to eval(scope :Scope) :any
expr.eval(scope) is equivalent to expr.evalToPair(scope)[0]
If the expression does a non-local escape, then the current scope is not replaced, so its bindings are unmodified.
-
Top Level Bindings are No Longer Retroactively Updated
To fix bug Conflict between ForwardingSlots & PassByCopy,etc..., in order to make the world safe for Auditors (and to fix bug Reversion of FlexOuterScope is wrong ), the ForwardingSlot has been removed from the system, and old uses of old variables are no longer retroactively "fixed" to use the new redefinition of that same variable name.
Instead, as explained above, evaluation produces a pair of a value and a new derived replacement Scope. In the interactive case, in order to support redefinition, we consider each top level expression to be evaluated in a new contour nested within the previous one, as if there was a "{" between each top level expression.
? def a := 3 # value: 3 ? def f() :any { return a } # value: <f> ? f() # value: 3 ? def a := "foo" # value: "foo" ? f() # value: 3
Previously, this would have returned "foo", since the old use of a within f would now be referring to the new definition of a. While the old behavior was, in many ways more pleasant, the new (ML-like) behavior works with our other requirements.
? def i :int := 3 # value: 3 ? [i, var i :String := "foo", i := "bar", i] # value: [3, "foo", "bar", "bar"]
This last example shows that it really is like nesting contours. The first i in the last expression above refers to the definition already in scope. The remaining uses of i refer to the new definition.
The non-interactive case is unchanged: You may not have two different definitions of the same variable in the same contour.
SendExpr no longer in Kernel-E
The SendExpr (receiver <- verb(args...)) is no longer part of Kernel-E, but instead expands to (E.send(reveiver, "verb", [args...])) . This means that the Kernel-E evaluation machinery considered by itself -- the semantics of the special forms without considering the libraries -- defines only a sequential call-return language, without built-in committment to the E concurrency control model (event loops with promise pipelining). For example, the Kernel-E evaluation machinery could be used, if desired, for an E-like shell language for EROS, whose concurrency control was based on EROS's concurrency control model.
The for-loop has been weakened as requested.
The old sum.emaker can no longer work, and so has been removed, as a consequence of fixing the 'for' loop security concerns bug. This is a consequence of two upwards incompatibilities introduced by this bug fix:
-
The closure generated to represent the body of the for-loop is disabled once the for-loop is exited, thereby preventing the collection from surprisingly invoking it later.
-
If the for loop exits by successful return of the collection's iterate method, the for-loop's value in null, rather than whatever the iterate method may have returned. Therefore, a break of a non-null value may reliably be distinguished from completing the iteration.
Indeed, these two non-upwards compatibilities were the point of the bug fix.
Bugs Closed
| Thanks to... | ||
|---|---|---|
| Persistence broken by prior bug fixes |  |
Marc Stiegler |
| Null pointer exception in QAstro#matchBind | |
Darius Bacon |
| Term matching throws instead of escaping | |
Kevin Reid |
| safeScope Mutability breaks confinement | |
Kevin Reid |
| Conflict between ForwardingSlots & PassByCopy,etc... | |
Kevin Reid |
| Reversion of FlexOuterScope is wrong | |
|
| Object doc-comments not preserved | |
Kevin Reid |
| 'for' loop security concerns | |
Kevin Reid |
| leaf terms coerce indiscriminately | |
Darius Bacon |
| char arithmetic should check overflow | |
Darius Bacon |
| CharacterSugar#escaped won't make hex escapes | |
Darius Bacon |
| TextWriters nesting wrong | |
Unless stated otherwise, all text on this page which is either unattributed or by Mark S. Miller is hereby placed in the public domain.
|
|
report bug (including invalid html)
|
||||||||
