Non-trivial sum type exhaustiveness checking

[erszcz]

I tried exercising sum type exhaustiveness checking on some practical examples and realised that these checks only worked on simple sum types whose variants were builtin types - e.g. an alternative of atoms:

-type allergen() :: eggs
                  | chocolate
                  | pollen
                  | cats.

I hoped I could rely on these checks when defining functions over a type with many variants, each carrying extra data. For example:

-type term_() :: {true, info()}
               | {false, info()}
               | {'if', info(), term_(), term_(), term_()}
               | {zero, info()}
               | {succ, info(), term_()}
               | {pred, info(), term_()}
               | {is_zero, info(), term_()}.

The first approach was to enable typechecker:refinable() and gradualizer_lib:pick_value() to handle {user_type, _, _, _} types. However, this first implementation was prone to falling into an infinite loop on recursive variants. This lead me to add the Trace parameter to refinable - in other words, I optimistically assume that a type T is refinable as soon as recursion on T's variants reaches T again. This assumes that the other non-recursive variants of T will ultimately determine its refinability. Thanks to storing a trace of already seen types instead of a binary seen | not-seen flag mutually recursive types are also handled gracefully.

Then it turned out that if the sum type is defined in another module, the check doesn't work. Obviously, data types like this might be handled in multiple modules of a project, so this was not acceptable. The fix I applied is too look up user types in gradualizer_db first and only if not found there try the available TEnv. I tried the reverse order (TEnv first, then gradualizer_db), but it seems to lead to more convoluted code since #tenv{} is not available in a header, therefore not shareable with gradualizer_lib - nothing impossible to handle, but the former fix was already good enough.

Ultimately, this allows to rely on exhaustiveness warnings when working with (mutually recursive) non-trivial variant types from external modules, which IMO is a significant ergonomics improvement. For a larger example, please see erszcz/tapl-erlang@300d1ed and try:

$ rebar3 compile
$ gradualizer -pa _build/default/lib/arith/ebin -- src/arith_core.erl
src/arith_core.erl: Nonexhaustive patterns on line 34 at column 9
Example values which are not covered:
	{false, 0}

Gradualizer correctly detects the missing clauses:

-type term_() :: arith_syntax:term_().

-spec eval1(term_()) -> term_().
eval1(T) ->
    case T of
        %{false, _} ->
        %    erlang:throw(constant);
        %{true, _} ->
        %    erlang:throw(constant);
        %{zero, _} ->
        %    erlang:throw(constant);
        %{'if', _, {true, _}, T2, _} ->
        %    T2;
        %{'if', _, {false, _}, _, T3} ->
        %    T3;
        %{'if', Info, T1, T2, T3} ->
        %    T1_ = eval1(T1),
        %    {'if', Info, T1_, T2, T3};
        {succ, Info, T1} ->
            T1_ = eval1(T1),
            {succ, Info, T1_};
        {pred, _, {zero, _}} ->
            {zero, 0};
        {pred, _, {succ, _, T1}} ->
            T1;
        {pred, Info, T1} ->
            T1_ = eval1(T1),
            {pred, Info, T1_};
        {is_zero, _, {zero, _}} ->
            {true, 0};
        {is_zero, _, {succ, _, _}} ->
            {false, 0};
        {is_zero, Info, T1} ->
            T1_ = eval1(T1),
            {is_zero, Info, T1_}
    end.

[codecov-commenter]

Codecov Report

Merging #330 (5e85d5b) into master (3ad6dc4) will increase coverage by 0.07%.
The diff coverage is 93.33%.

@@            Coverage Diff             @@
##           master     #330      +/-   ##
==========================================
+ Coverage   87.39%   87.46%   +0.07%     
==========================================
  Files          18       18              
  Lines        2744     2760      +16     
==========================================
+ Hits         2398     2414      +16     
  Misses        346      346              

Impacted Files	Coverage Δ
src/gradualizer_lib.erl	88.17% <92.00%> (+1.68%)	⬆️
src/typechecker.erl	90.29% <95.00%> (+0.03%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3ad6dc4...5e85d5b. Read the comment docs.

[zuiderkwast]

Very nice feature!

I have only some suggestions on style.

I have the feeling we now have multiple ways to lookup user types. Is it worth refactoring the other accesses to get less ways of doing it?

[zuiderkwast]

I just saw you're using get_opaque_type here. I don't think want to do exhaustiveness-checking on opaque remote types, since they are opaque...

[erszcz]

Indeed, this was just an easy to way to avoid the opaque return value from gradualizer_db:get_type, which can be handled easily in refinable (opaque is not refinable), but will require an error to be thrown if it ever shows up being returned in pick_value. I wanted to avoid introducing a new kind of error as I don't see anything relevant to opaque in gradualizer_fmt, but maybe it's the best way to go? Do you have any suggestions?

[zuiderkwast]

Good point. If we want to pick_value of type {tag, opaque_type()}, we'd need a value of the opaque type. But OTOH opaque values shouldn't be shown.

Since pick_value is only used for producing error messages, perhaps we can put an underscore, a variable name or three dots in there instead? {tag, _}, {tag, OpaqueValue1} or {tag, ...}, whatever is best. We could also change the exhaustiveness error messages slightly so that it doesn't explicitly say that it's a value of the type. Just some ideas. WDYT?

[erszcz]

I've pushed some changes - all the style / parameter order / spec points are addressed (unless you have more comments on these). The open issues I still have to think of are the throw(opaque, ...) from pick_value and the Args <-> Params substitution - any more feedback is appreciated :)

[zuiderkwast]

Idea: return {var, Anno, '_'} here, for now. Or generate a unique OpaqueValueNNN variable name using unique_integer or something.

[zuiderkwast]

Really nice that you managed to test this stuff!

[erszcz]

I think this one is ready to merge, unless you have further comments.

Maybe the last commit introducing behaviour described by test/known_problems/should_fail/exhaustive_map_variants.erl is debatable, since AFAICT map typing is still not completely sound, and I'm not sure if you think map variants are a reasonable goal (I personally think they are). WDYT?

[zuiderkwast]

Yes, I will look through it again. I might have a few minor comment.

I think we should aim for handling map variants/unions.

[zuiderkwast]

I may accept it as is, if you reply to the comments. :-)

[zuiderkwast]

This probably doesn't even work with the map union directly, i.e. without the user type. A minimal example of the known problem would be using the union type directly, without a user type.

[erszcz]

I haven't really looked for the reason of this not being detected - I'm aware that typing maps in general is not 100% correct yet, so it might be because of this PR or because of the existing code. I just wanted to add map variants for completeness' sake, since ordinary tuples and records are already taken care of.

[zuiderkwast]

If there are multiple opaque types in a picked value, using the same variable name would imply all opaque values are equal, as in {picked_tuple, _Opaque, _Opaque}. That's why I suggested adding a unique integer to the name or use just a _. Not a big deal though since this only for an error message. There is a point in not flooding the atom table as well.

[erszcz]

Indeed, this might be slightly misleading if more than one opaque type is used... I wanted to avoid passing extra mappings from types to names, but it shouldn't be hard to add - I'll do it in this PR.

[zuiderkwast]

Is there a need for passing around extra mappings? I was thinking just

list_to_atom("Opaque" ++ integer_to_list(erlang:unique_integer([positive])))

Numbers might look a bit random in this way but at least they would be unique.

[zuiderkwast]

passing extra mappings from types to names

The same type used twice doesn't mean it's the same value, so I think it would actually be wrong to use the same variable twice in this case. [Edit] Oh, well, since we're generating an example, using the same variable for the same type would be OK...

[zuiderkwast]

I'm happy now.

Do you wan to summarize a commit message for a squash merge?

[erszcz]

Maybe:

Add non-trivial sum type exhaustiveness checking

Enable exhaustiveness checking on sum types whose variants are tuples and records. Local and remote types, as well as (mutually) recursive types are supported. Map variant tests are added to known problems, but support is not present yet.

Please adjust it as you see appropriate.

[zuiderkwast]

Awesome!