-
Notifications
You must be signed in to change notification settings - Fork 631
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[proof engine] Forbid tactic code to raise exceptions #15937
Conversation
The job library:ci-fiat_crypto_legacy has failed in allow failure mode |
3c3b0b4
to
fc712f5
Compare
The job library:ci-fiat_crypto_legacy has failed in allow failure mode |
Actually, I am not sure I like this. It's part of the spec that What should be totally forbidden is to raise exception from within the monadic layer, which is a different story. |
What's this about? |
Not sure I understand your what you mean in your comment, the idea here is that tactics should indeed never raise and rely on My main motivation is that I'd like for values of type There are a few more pieces missing to make this PR a reality tho, related to what @SkySkimmer was asking IMHO we also need:
as to make this robust and realitistic, as we can't hope to make all code fucntional in one go, or to port the pretyper to the monad. We could by the way wrap a few usages here in a monadic API, but that depends on how we feel about code. |
Motivated by the recent discussion on Zulip about exceptions and tactics, we move forward with the porting of tactic code to the monadic proof engine and forbid tactics to raise non-critical exceptions. Instead, tactics calling exceptional code should catch and reify the exception locally and use the proper proof engine API `tclZero`. I think this is a very long due cleanup. I hope @ppedrot likes this! As of now, this is a draft, and not yet ready for benchmark. Stdlib compiles, test suite is close to pass. This should be combined with the work on PR #XXXX that adds exception static analysis to Coq's codebase. Next step is to remove `wrap_exceptions`, but that will require some more tweaks as it appears is some critical paths.
fc712f5
to
e210e02
Compare
In the case of enter it's the |
The job library:ci-fiat_crypto_legacy has failed in allow failure mode |
Yes, how would it be otherwise? |
The "needs: rebase" label was set more than 30 days ago. If the PR is not rebased in 30 days, it will be automatically closed. |
This PR was not rebased after 30 days despite the warning, it is now closed. |
Motivated by the recent discussion on Zulip about exceptions and
tactics, we move forward with the porting of tactic code to the
monadic proof engine and forbid tactics to raise non-critical
exceptions.
Instead, tactics calling exceptional code should catch and reify the
exception locally and use the proper proof engine API
tclZero
.I think this is a very long due cleanup.
I hope @ppedrot likes this!
As of now, this is a draft, and not yet ready for benchmark. Stdlib
compiles, test suite is close to pass.
This should be combined with the work on PR #XXXX that adds exception
static analysis to Coq's codebase.
Next step is to remove
wrap_exceptions
, but that will require somemore tweaks as it appears is some critical paths.
(Hint: Click "hide whitespace" on the GH review tab to see relevant changes better)