feat: Standard library support + DafnyStdLibs.Wrappers #4678
Conversation
robin-aws
changed the title
Fixes #446 ### Description Do not let documentSymbol API return a faulty line when parsing a symbol name has an error ### How has this been tested? - Added language server test <small>By submitting this pull request, I confirm that my contribution is made under the terms of the [MIT license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
### Description Attempt at making `QuickEditsInLargeFile` pass more reliably on OSX ### How has this been tested? It's a change intended to affect the existing test `QuickEditsInLargeFile` <small>By submitting this pull request, I confirm that my contribution is made under the terms of the [MIT license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
Move Littish tests from `Test` to `Source/IntegrationTests/Test`. This way there's no symlink needed which causes Rider to behave annoyingly <small>By submitting this pull request, I confirm that my contribution is made under the terms of the [MIT license](https://github.com/dafny-lang/dafny/blob/master/LICENSE.txt).</small>
Source/DafnyCore/DooFile.cs
Outdated
| @@ -212,6 +221,30 @@ public class ManifestData { | |||
| return false; | |||
| } | |||
|
|
|||
| // Checks that the library option ==> the local option. | |||
There was a problem hiding this comment.
I think it's better to use /// comments. IDE will then also move the comments if you move the definition.
| but we should be very resistant to raising the limit in the checked in copy. | ||
|
|
||
| **Brittleness of code using the standard libraries**: This one is tougher. | ||
| There is tension between two different use cases: |
There was a problem hiding this comment.
Should imports have the ability to customize opaqueness ? @MikaelMayer
There was a problem hiding this comment.
We can deal with this at the library side by refining modules and expose more or less data, and also define careful export sets.
That way, customizing opaqueness is done at the import level.
I also wish users should also be able to refine a library module while exposing everything, and then in their refining module they could hide everything they don't want.
| be applied. When a FC-value is returned by a method there is no place to call such a conversion function: the return value of the method must be captured by either `:=` or `:-`. | ||
| So some new syntax will be needed --- what this will be is under design and discussion. | ||
|
|
||
| The workaround, however, is straitforward: just capture the results using `:=` and make the conversion directly. Here the is example above restated using a method. |
|
|
||
| The Wrappers module holds some | ||
| simple datatypes to support common patterns, such as optional values or the result of operations that can fail. | ||
| These are additionally useful with Dafny's abrupt-termination-on-failure `:-` operator. |
There was a problem hiding this comment.
I'm not a native English speaker but: additionally -> particularly?
| - `Outcome<E>` - which is either `Pass` with no informatino or `Fail` with an error value of type `E` (often a `string`) | ||
| - `Result<R,E>` - which is either `Success` with a value of type `R` or `Failure` with error value of type `E` | ||
|
|
||
| These are common programming idioms. The main complication comes when they are mixed in the same program. |
There was a problem hiding this comment.
Consider leaving out line 16. Line 5 already says these datatypes help with common patterns, and the second sentence on line 16 does not constructive to me.
|
|
||
| In this library module Dafny defines three such types: | ||
| - `Option<R>` - which is either `Some` with a value of type `T` or a `None` with no information | ||
| - `Outcome<E>` - which is either `Pass` with no informatino or `Fail` with an error value of type `E` (often a `string`) |
| ``` | ||
|
|
||
| You could just capture the result of `Find` using `:=` in a `Option<int>` variable and inspect it. But if the `None` condition is | ||
| generally a rare error, it is easy to forget to always check that each operation was successful. Instead, the `:-` changes the |
There was a problem hiding this comment.
I think I prefer this text not to have line breaks, so the viewer can take care of the appropriate breaking.
There was a problem hiding this comment.
Looks like this when I'm reading it
There was a problem hiding this comment.
My general preference is loosely adhering to https://sembr.org/ personally. I didn't want to edit this too heavily so we can see a clean diff against the original, though: https://github.com/dafny-lang/libraries/blob/master/src/dafny/Wrappers.md
There was a problem hiding this comment.
I don't get it. Why wouldn't you want regular text to look the same when writing as when reading? If we're soft-wrapping it with no explicit line breaks when reading, why not also write it like that?
| See the [reference manual](https://dafny.org/latest/DafnyRef/DafnyRef#sec-update-with-failure-statement) | ||
| for more on the similarities and differences with exceptions. | ||
|
|
||
| ### Outcome |
There was a problem hiding this comment.
Is this used a lot? C#'s anonymous records Option<(int x, string y)> seem nicer
There was a problem hiding this comment.
I actually disagree with the statement that this is the most common use case. It's more important that returning an Outcome instead of a Result means you can say :- CheckSomeThings(x) as opposed to var _ :- CheckSomeThings(x), where in the latter case it's too easy to do var _ := CheckSomeThings(x) which has no effect!
Rewriting.
There was a problem hiding this comment.
Ended up just flipping the order of use cases.
|
|
||
| A `Result` carries both a success value and failure information, with two separate, specifiable types. Its use is then very similar to `Option`. | ||
|
|
||
| ### Combining different FC-types in expressions |
There was a problem hiding this comment.
While the acronym FC has been defined before (once, and was not used afterwards), I would not use it in the title here.
There was a problem hiding this comment.
Agreed about the titles, although "FC" is used a handful of times in the content.
| enforcing a tight upper-bound on the resources needed to verify each batch of assertions. | ||
| For simplicitly, this project just sets a direct `--resource-limit`, | ||
| rather than relying on the second-pass approach of the `dafny-reportgenerator`. | ||
| I have set this limit aggressively low in the hopes that we can maintain it |
There was a problem hiding this comment.
I would use a passive voice there.
…ndard-library-support-verification-only
robin-aws
changed the title
robin-aws
changed the title
robin-aws
changed the title
robin-aws
changed the title
Description
This change adds support for "standard libraries" that are packaged together with the Dafny distribution, at least for now. They are automatically available for import with the option
--standard-libraries, which will likely become true by default in Dafny 5. To avoid Dafny's footprint from getting larger and larger over time, some portion of them may be moved into separately distributed packages at a later date. They will remain optional and the Dafny language itself should not depend on them.A later change will likely add pre-translated source to the runtimes as well, and a translation option such as
--include-standard-librariessimilar to--include-runtimeto rely on this copy of them instead of translating them into every component.Implementation notes:
.doofiles and embed them inDafnyPipeline.dll, just as we already do with the various runtime files such asDafnyRuntime.dll. They are added as inputDafnyFiles, using URIs of the formdllresource://DafnyPipeline/<name>.doo, so they are not re-verified but are in scope for compilation..doofiles, such as loosening the library checks for some options, and no longer checking options that only affect compilation (it may make sense to leverage these files for compilation compatibility checking in the future but that's not currently in scope).Source/DafnyStandardLibraries/CONTRIBUTING.md, and should make it clear which pending libraries are still partially blocked.How has this been tested?
stdlibsandmetatests/StdLibsOffByDefaultInTests.dfyWrappersExamples.dfyBy submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.