[mercury-users] Circular lists

Thomas Charles CONWAY conway at cs.mu.oz.au
Thu Nov 27 13:46:30 AEDT 1997

Richard A. O'Keefe wrote:
	[I've rearranges Richard's message somewhat]

>     +---------------------------------------------------------+
>     | Is there some tool that can be used to verify that the  |
>     | Mercury foreign interface has been used in a useful but |
>     | disciplined way that CAN'T break Mercury's type system, |
>     | mode system, termination verification, or other safety  |
>     | features?                                               |
>     +---------------------------------------------------------+

Passing arguments of type int or float betweem Mercury and C is
completely safe. Passing arguments of type string is safe so
long as and strings that are being returned to Mercury are
word aligned.

Generally speaking, passing arguments of any other type can be
dangerous since the data representation is exposed.

There are cases (such as the tcl/tk interface) where arguments of
complex type get passed, but they only get passed around in the C
code, and their representation is treated as abstract (even so,
this poses an unaddressed problem for the native GC. Any comment

Any use of the C interface is a risk. However, we have been very
careful to ensure that all the procedures in the library that are
defined in C have safe behaviour (at least up until Fergus'
reference hack). Most of the C code in the library manipulates
strings, or does IO (with strings, ints, or floats).

> We've seen quite a few examples recently of how Mercury's C interface can be
> used to do strange and terrible things.  I keep on telling people that one
> of the reasons special-purpose languages can be such a productivity boost
> is not what they make it _easy_ to do but what they make it _impossible_ to
> do; what classes of possible bugs are completely eliminated by construction
> so that you don't have to spend any time at all looking for them.

Certainly. The only case where the circular list that I posted would
even be slightly useful would be in cases where you want a repeating
list, and would currently write something like:

p([], _, _, []).

p([X|Xs], [], WholeList, Result) :-
	p([X|Xs], WholeList, WholeList, Result).

p([X|Xs], [Y|Ys], WholeList, [X+Y|Zs]) :-
	p(Xs, Ys, WholeList, Zs).

> Thomas Conway has just shown us how Mercury's C interface can be used to
> subvert Mercury's compile-time termination verification.  That's not what
> he meant it for, of course, but that is one (and not the worst) of its
> effects.

Actually if it subverts termination verification then there is a bug
in the analyzer. The inst indicated that there cannot be a [] in
the term, so if it exists, it must be infinite.

While I agree that the circularize predicate is awful (and valuable
for shock value only), it cannot cause mysterious core dumps or
similar problems - only nontermination.

ps I've experienced some mail problems, so other people may have posted
comments that I missed - I got this post from someone by hand, not from
the list.
Thomas Conway               				      conway at cs.mu.oz.au
AD DEUM ET VINUM	  			      Every sword has two edges.

More information about the users mailing list