[ghc-steering-committee] Please review #313: Delimited continuation primops, Shepherd: Simon Marlow

Eric Seidel eric at seidel.io
Wed Dec 2 14:21:51 UTC 2020


I think the key distinction between “undefined” as used in C/C++ and what I call “illegal but unchecked” is that the optimizer operates under the assumption that “undefined” behavior is impossible. This is what leads to the bizarre and scary stories that people post about UB, but it also lets C/C++ compilers emit much more efficient code in some common places. In contrast, an “illegal but unchecked” operation would be left alone by the optimizer. The runtime behavior would be unspecified and possibly platform-dependent, but still more constrained and predictable than UB. 

I agree that unsafe primops are fine, but I’m curious now if GHC optimizes based on the assumption that they’re used correctly. 

Sent from my iPhone

> On Dec 2, 2020, at 08:34, Simon Marlow <marlowsd at gmail.com> wrote:
> 
> 
> "Illegal but unchecked" would be fine too, although we do already use the term "undefined" in the documentation for various primops.
> 
> We've so far taken the approach that undefined behaviour in primops is OK. The idea is that libraries built on top can provide a safe and fully-defined API. e.g.
> 
> * division-by-zero is undefined (libraries are supposed to check before invoking the primop)
> * The uncheckedIShift family are undefined for arguments outside the allowed bounds
> * unsafeCoerce is undefined when used in certain ways, of course
> 
> There are probably more that aren't documented.
> 
> Cheers
> Siimon
> 
> 
>> On Tue, 1 Dec 2020 at 18:25, Eric Seidel <eric at seidel.io> wrote:
>> Oh I see. I'm always uncomfortable declaring things "undefined" because of how C/C++ compilers can run wild  with code that invokes UB. So I kinda prefer saying that it's "illegal but unchecked".
>> 
>> On Tue, Dec 1, 2020, at 12:35, Simon Marlow wrote:
>> > The issue with unsafePerformIO is really just that the proposal says 
>> > that it's illegal to use the primops with unsafePerformIO. I don't 
>> > think it's possible to make it "illegal" in any meaningful sense, 
>> > probably a better way to say it would be "undefined" or "unsupported" 
>> > or somesuch.
>> > 
>> > Cheers
>> > Simon
>> > 
>> > On Mon, 30 Nov 2020 at 01:53, Eric Seidel <eric at seidel.io> wrote:
>> > > This is a very well-written and motivated proposal, and I love that it's just three new primops (really two, plus a tag to add some guard rails). I'm not very familiar with the literature on delimited continuations, but I support going with the most general formulation, especially for primops.
>> > > 
>> > > I'm not sure we need to be able to detect all uses of the new primops with unsafePerformIO, it's already a deeply unsafe function. Just another thing that advanced users will need to keep in mind.
>> > > 
>> > > On Mon, Nov 23, 2020, at 09:37, Simon Marlow wrote:
>> > > > Committee,
>> > > > 
>> > > > We have been asked to review 
>> > > > #313: Delimited continuation primops
>> > > > 
>> > > > https://github.com/ghc-proposals/ghc-proposals/pull/313
>> > > > https://github.com/lexi-lambda/ghc-proposals/blob/delimited-continuation-primops/proposals/0000-delimited-continuation-primops.md
>> > > > 
>> > > > *Summary*
>> > > > 
>> > > > The proposal makes no language changes, it only adds three primops 
>> > > > <https://github.com/lexi-lambda/ghc-proposals/blob/delimited-continuation-primops/proposals/0000-delimited-continuation-primops.md#proposed-change-specification>.
>> > > > 
>> > > > The main motivation is to support building efficient implementations of 
>> > > > Algebraic Effect systems, which depend on being able to efficiently 
>> > > > capture a continuation. Currently this is done explicitly, which 
>> > > > imposes a severe performance penalty.
>> > > > 
>> > > > These primops are the minimal support needed to be able to capture a 
>> > > > continuation and apply it at runtime, together with some basic type 
>> > > > safety via the PromtTag type to ensure that at least we don't replace a 
>> > > > continuation with a computation of a different type.  (there are other 
>> > > > ways to go wrong with these primops though, they're not a safe 
>> > > > interface by themselves: they need to be wrapped in a safe library).
>> > > > 
>> > > > The primops are implemented by copying chunks of stack into the heap. 
>> > > > This is something that GHC's runtime already does a lot of, so it's not 
>> > > > a new concept, although it does require a new closure type and knock-on 
>> > > > changes across several files in the runtime (though it's mainly 
>> > > > mechanical). There's a prototype implementation here: 
>> > > > https://gitlab.haskell.org/lexi.lambda/ghc/-/compare/master...first-class-continuations?view=inline
>> > > > 
>> > > > *Decision*
>> > > > *
>> > > > *
>> > > > I'm going to tentatively recommend acceptance. 
>> > > >  * This is a sensible choice for the primtives, being the most general 
>> > > > of the alternatives, as explained in the proposal. 
>> > > > <https://github.com/lexi-lambda/ghc-proposals/blob/delimited-continuation-primops/proposals/0000-delimited-continuation-primops.md#operational-semantics>
>> > > >  * Would the new primops impose a significant ongoing maintenance 
>> > > > burden? Having looked at the patch, although there are some missing 
>> > > > pieces, I don't think the new concepts impose any significant new 
>> > > > requirements on other parts of the runtime.
>> > > >  * I suspect there may be some difficulties around unsafePerformIO, so 
>> > > > I raised that on the github thread 
>> > > > <https://github.com/ghc-proposals/ghc-proposals/pull/313#issuecomment-732181948>
>> > > > Thoughts?
>> > > > 
>> > > > 
>> > > > 
>> > > > On Sat, 12 Sep 2020 at 22:59, Joachim Breitner <mail at joachim-breitner.de> wrote:
>> > > > > Dear Committee,
>> > > > > 
>> > > > > this is your secretary speaking:
>> > > > > 
>> > > > > Delimited continuation primops
>> > > > > has been proposed by Alexis King
>> > > > > https://github.com/ghc-proposals/ghc-proposals/pull/313
>> > > > > https://github.com/lexi-lambda/ghc-proposals/blob/delimited-continuation-primops/proposals/0000-delimited-continuation-primops.md
>> > > > > 
>> > > > > I’ll propose Simon Marlow as the shepherd.
>> > > > > 
>> > > > > Please guide us to a conclusion as outlined in 
>> > > > > https://github.com/ghc-proposals/ghc-proposals#committee-process
>> > > > > 
>> > > > > Thanks,
>> > > > > Joachim
>> > > > > -- 
>> > > > > Joachim Breitner
>> > > > >   mail at joachim-breitner.de
>> > > > >   http://www.joachim-breitner.de/
>> > > > > 
>> > > > > 
>> > > > > _______________________________________________
>> > > > > ghc-steering-committee mailing list
>> > > > > ghc-steering-committee at haskell.org
>> > > > > https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-steering-committee
>> > > > _______________________________________________
>> > > > ghc-steering-committee mailing list
>> > > > ghc-steering-committee at haskell.org
>> > > > https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-steering-committee
>> > > >
>> > > _______________________________________________
>> > > ghc-steering-committee mailing list
>> > > ghc-steering-committee at haskell.org
>> > > https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-steering-committee
>> _______________________________________________
>> ghc-steering-committee mailing list
>> ghc-steering-committee at haskell.org
>> https://mail.haskell.org/cgi-bin/mailman/listinfo/ghc-steering-committee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-steering-committee/attachments/20201202/60cbc315/attachment-0001.html>


More information about the ghc-steering-committee mailing list