Add Clash.Class.Convert
#2915
Add Clash.Class.Convert
#2915
Conversation
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as resolved.
|
I'd vote against naming it (I really want to make the silly pun |
martijnbastiaan
force-pushed
the
martijn/add-clash-class-convert
branch
from
6d3840f to
d8f851c
Compare
Utilities for safely converting between various Clash number types.
martijnbastiaan
force-pushed
the
martijn/add-clash-class-convert
branch
from
d8f851c to
25c7757
Compare
| @clash-convertible@ is similar to the @convertible@ package in that it aims to | ||
| facilitate conversions between different number types. It has two key differences: |
There was a problem hiding this comment.
To change because it isn't a separate package
| {- | Conversions that are, based on their types, guaranteed to succeed. | ||
|
|
||
| == __Laws__ | ||
| A conversion is safe and total if a round trip conversion is guaranteed to be |
There was a problem hiding this comment.
"safe and total" is not terminology introduced earlier
There was a problem hiding this comment.
Also, we usually mean something else by total in the Haskell world. We mean the function always returns a value, there is no input value for which it bottoms. But resize . bitCoerce and bitCoerce . resize are both total functions for most types in that sense! I think only Resize Index does not.
resize is not injective, though. But in the interest of clarity to users who are not very used to mathematical language, I feel a description is more useful than just saying injective.
But I would recommend dropping the use of the term total for that other group of users, the ones who do know what it usually means for a Haskell function and might misinterpret.
| {- | Conversions that may fail for some values. | ||
|
|
||
| == __Laws__ | ||
| A conversion is safe if a round trip conversion does not produce errors (also |
There was a problem hiding this comment.
I don't like the word "safe" here.
There was a problem hiding this comment.
In addition, the laws don't mention this property that is in the module documentation:
Utilities for converting between Clash number types in a safe way.
You define what safe means in the laws, but then only require the property in the module documentation, not directly in the laws. I'd like to add a law such that the set of laws does not depend on the module documentation.
There was a problem hiding this comment.
LGTM overall.
I'm going to accept this, because I cannot see anything really controversial in the sense that it would be hard to fix it later on.
Regarding the Convert vs Convertible question: I don't like either name, as they both suggest much freedom in terms of which types could be converted with the classes. Your documentation clearly restricts the setting to number types, which is in contrast to Convertible for example, which is also open for conversion between custom non-number types. So maybe we should keep the users of that package happy by not producing any name clash at this point.
A name like changeNumType would make it more clear to me what the purpose of this function is. Convert, Convertible, and convert are just super generic names!
I still find it strange to consider BitVector a number type. If we are going to have a discussion about this at some point, then I'd suggest to keep it out here for the time being. Adding it later is easy and the user still can define the instance locally, if necessary.
I don't like the fact that we need to have two classes in the end, but I get the point that the need for individual selection of constraints per instance introduces that requirement.
| A conversion is safe and total if a round trip conversion is guaranteed to be | ||
| lossless. I.e., | ||
|
|
||
| > Just x == maybeConvert (convert @a @b x) |
There was a problem hiding this comment.
Is there a particular reason for mixing maybeConvert and convert in a single law? Wouldn't it make more sense to have a separate law per class, as a type not necessarily needs to be an instance of both?
There was a problem hiding this comment.
Hmm, well it isn't imposed by anything, but it seems natural to me that everything that defines a Convert also defines a MaybeConvert. I get that that makes laws like these a bit iffy -- I'm happy to add a superclass constraint if that makes more sense to you. I'm not sure how to rephrase this law properly to just talk about convert.
|
|
||
| > L.any isNothing (L.map (maybeConvert @a @b) [minBound ..]) | ||
|
|
||
| Additionally, any implementation should be translatable to synthesizable RTL. |
There was a problem hiding this comment.
You mention synthesizable HDL in Clash.Class.Convert. I'd suggest to keep the wording consistent.
| -} | ||
| class Convert a b where | ||
| {- | Convert a supplied value of type @a@ to a value of type @b@. The conversion | ||
| is guaranteed to succeed. |
There was a problem hiding this comment.
The classical wording in legal specification documents usually is "must be guaranteed to succeed", as it is a user requirement, in case you like to stick with that.
| instance (Convert (Unsigned 8) a) => Convert Word8 a where | ||
| convert = convert . bitCoerce @_ @(Unsigned 8) | ||
|
|
||
| instance (Convert (Signed 64) a) => Convert Int a where |
There was a problem hiding this comment.
I would either not add any instances for Word and Int, as their sizes are machine dependent, or the source of the respective conversions should be restricted to at most 32 bit, as this is what base fixes independently from the underlying machine.
There was a problem hiding this comment.
Oh woops. I think this just fails to compile on any platform that is not 32-bit, as the bitCoerce would type error. This did cross my mind, but I never followed up on it -- I'll add some CPP foo.
| instance (KnownNat n, KnownNat m, n <= m) => Convert (BitVector n) (BitVector m) where | ||
| convert = resize | ||
|
|
||
| instance (Convert (Unsigned 64) a) => Convert Word a where |
There was a problem hiding this comment.
The RHS parenthesis are redundant here.
Just noting this, as hlint won't complain about that, in case you prefer them being removed.
There was a problem hiding this comment.
Yeah.. this is something fourmolu does by default
There was a problem hiding this comment.
As you have instances covering BitVector, it might be also desirable to have instances converting from Bit (Bool). Something like a Bit to Word8 conversion sounds reasonable to me.
On the other hand, we should ask ourselves whether BitVector should be considered a number type? I'm still struggling with conceptual separation here, as if BitVector is a number type, what distinguishes it from Unsigned then in the end?
There was a problem hiding this comment.
Bit/Bool: yes good point.
Num: I've got two answers:
- For this PR specifically: IMO this class shouldn't take a stance on that -- anything that has a
Numis a number type for its sake. - Zooming out a bit I feel that
BitVectorshould be an "unstructured collection of bits". (In practice it probably isn't truly unstructured, but for the domain that it is being handled in it is.) From a theoretical POV this makes theNuminstance forBitVectoricky IMO. However, I also feel that the convenience of being able to use literals (e.g.,0xFFAA) to construct them and do basic arithmetic on them trumps my theoretical concerns (not to mention what a massive API changes it would be to remove the instance). In practice I just end up using it to signal to developers that bits are unstructured.
| For the time being, if the input is an @XException@, then the output is too. | ||
| This property might be relaxed in the future. | ||
| -} | ||
| maybeConvert :: a -> Maybe b |
There was a problem hiding this comment.
I personally prefer the convention to call this function convertMaybe (similar to readMaybe in base), as the name then denotes the order of operation: "first convert and then put the potential result into the Maybe container". maybeConvert suggests to me that the function converts from a Maybe as the input.
Another advantage of convertMaybe is that TAB completion in the REPL will display both: convert and convertMaybe, as soon as you started typing c o n ... .
There was a problem hiding this comment.
I'm fine with either as far as naming schemes go. I do think we've already set a precedent in clash-prelude, i.e.:
martijn@volthe:~/code/clash-compiler$ egrep -r '^maybe[A-Z].*::' clash-prelude/src | wc -l
7
martijn@volthe:~/code/clash-compiler$ egrep -r '^.*Maybe ::' clash-prelude/src | wc -l
1
so I think we should continue that. (Or change that, but that's for another PR.)
|
Thanks for the comments @kleinreact, I'll get to them, though I'm fairly time constrained at the moment :(. I think your comment about the name |
|
Somehow I feel Also, we could rewrite the laws such that the class can also be used for non-numbers. I think that would work? |
There was a problem hiding this comment.
I also feel Convert is too generic a name and squats too much, except if it is only to be used qualified. I'm personally leaning towards renaming it NumConvert, numConvert, MaybeNumConvert and maybeNumConvert as the names used, and exporting them from Prelude. Note that you currently to not export them from Prelude, I'd like that to be added.
Something I noticed is that for Convert, you seem to put a bang pattern only on the instances that need one to preserve the XException, yet on MaybeConvert you just bang almost everything. Was this intended? I'm not against it, I'm just wondering.
| {- | Conversions that are, based on their types, guaranteed to succeed. | ||
|
|
||
| == __Laws__ | ||
| A conversion is safe and total if a round trip conversion is guaranteed to be |
There was a problem hiding this comment.
Also, we usually mean something else by total in the Haskell world. We mean the function always returns a value, there is no input value for which it bottoms. But resize . bitCoerce and bitCoerce . resize are both total functions for most types in that sense! I think only Resize Index does not.
resize is not injective, though. But in the interest of clarity to users who are not very used to mathematical language, I feel a description is more useful than just saying injective.
But I would recommend dropping the use of the term total for that other group of users, the ones who do know what it usually means for a Haskell function and might misinterpret.
| > toInteger x == toInteger (convert @a @b x) | ||
|
|
||
| Instances should make sure their constraints are as \"tight\" as possible. I.e., | ||
| if an instance exist, but the constraints cannot be satisfied, then |
There was a problem hiding this comment.
| if an instance exist, but the constraints cannot be satisfied, then | |
| if an instance exists, but the constraints cannot be satisfied, then |
|
|
||
| Instances should make sure their constraints are as \"tight\" as possible. I.e., | ||
| if an instance exist, but the constraints cannot be satisfied, then | ||
| 'Clash.Class.Convert.convertMaybe' should return 'Nothing' for one or more values in |
There was a problem hiding this comment.
| 'Clash.Class.Convert.convertMaybe' should return 'Nothing' for one or more values in | |
| 'maybeConvert' should return 'Nothing' for one or more values in |
This is a dead link.
The qualification is not necessary; the function is documented in this module. If it's unqualified, our Haddock CI check will notice the dead link, unlike in the qualified situation.
But regarding this whole paragraph: I found it hard to understand because I misinterpreted what it means for an instance to exist. Because to me, if the constraints are not satisfied, an instance does not exist. So I'd say that there is no instance for Convert (Unsigned 8) (Unsigned 4), whereas the language in this paragraph says the instance exists, but its constraints can't be satisfied. I hope we can rephrase it to avoid this pitfall.
| >>> convert (3 :: Index 8) :: Unsigned 2 | ||
| ... | ||
|
|
||
| For the time being, if the input is an @XException@, then the output is too. This |
There was a problem hiding this comment.
| For the time being, if the input is an @XException@, then the output is too. This | |
| For the time being, if the input is an 'XException', then the output is too. This |
I didn't check it is in scope.
| instance (KnownNat n, KnownNat m, 1 <= n, n <= 2 ^ m) => Convert (Index n) (Unsigned m) where | ||
| convert !a = resize $ bitCoerce a | ||
|
|
||
| {- | Note: Conversion from @Index 1@ to @Signed 0@ is total, but not within the |
There was a problem hiding this comment.
As per earlier comment: let's get rid of the word total here.
| instance (KnownNat n, KnownNat m) => MaybeConvert (Signed n) (Index m) where | ||
| maybeConvert n | ||
| | n < 0 = Nothing | ||
| | otherwise = maybeResize (bitCoerce @_ @(Index (2 ^ (n + 1))) (extend n)) |
There was a problem hiding this comment.
This seems unnecessary? We know the Signed n is positive, so we can, without loss of semantics, bitCoerce @_ @(Index (2 ^ n), right? It's basically casting Signed n to Unsigned n. We could even have reduced that to Unsigned (n-1) because we know the MSB of the Signed n is 0, but this gives us natural-number-headaches, so I'm not suggesting that. But the n + 1 is really overly broad if I'm not terribly mistaken.
| instance (MaybeConvert (Unsigned 64) a) => MaybeConvert Word a where | ||
| maybeConvert = maybeConvert . bitCoerce @_ @(Unsigned 64) | ||
| instance (MaybeConvert (Unsigned 64) a) => MaybeConvert Word64 a where | ||
| maybeConvert = maybeConvert . bitCoerce @_ @(Unsigned 64) |
There was a problem hiding this comment.
bitCoerce loses the message and back trace of an XException (meaning, it throws a new one). I'd prefer the original XException being preserved (with a bang pattern).
|
|
||
| instance (MaybeConvert a (Unsigned 64)) => MaybeConvert a Word where | ||
| maybeConvert = fmap (bitCoerce @(Unsigned 64)) . maybeConvert | ||
| instance (MaybeConvert a (Unsigned 64)) => MaybeConvert a Word64 where |
There was a problem hiding this comment.
Did you forget
instance (MaybeConvert a (Signed 64)) => MaybeConvert a Int64
instance (MaybeConvert a (Signed 32)) => MaybeConvert a Int32
instance (MaybeConvert a (Signed 16)) => MaybeConvert a Int16
instance (MaybeConvert a (Signed 8)) => MaybeConvert a Int8?
| {- | Tightness law: this law is tested for if there is _no_ instance of | ||
| 'Convert'. If this is the case, 'MaybeConvert' should at least return a 'Nothing' | ||
| once when converting the domain of @a@ to @b@. If all conversions are possible, | ||
| the constraints of the instances should be relaxed. If the domain of @a@ is | ||
| empty, this law is considered satisfied too. | ||
| -} | ||
| convertLaw3 :: forall a b. (MaybeConvert a b, Bounded a, Enum a) => Proxy a -> Proxy b -> Bool | ||
| convertLaw3 _ _ = L.any isNothing results || not (L.null results) | ||
| where | ||
| results = L.map (maybeConvert @a @b) [minBound ..] |
There was a problem hiding this comment.
So this test completes in two cases:
- There's a
Nothingin theresults resultsis not empty
Condition 1 is no longer relevant, as condition 2 already captures all cases where condition 1 is true. This just tests results is not empty!
I feel this would capture the stated behaviour:
convertLaw3 _ _ = L.any isNothing results || L.null resultsbut that L.null results never actually has an effect, and it still makes the tests fail for:
convert @(Index 1) @(Signed 0)
convert @(Unsigned 0) @(Signed 0)
convert @(BitVector 0) @(Signed 0)The problem is that
>>> L.map (maybeConvert @(Index 1) @(Signed 0)) [minBound ..]
[Just 0]
>>> L.map (maybeConvert @(Unsigned 0) @(Signed 0)) [minBound ..]
[Just 0]
>>> L.map (maybeConvert @(BitVector 0) @(Signed 0)) [minBound ..]
[Just 0]There was a problem hiding this comment.
Let me be a bit more explicit:
The L.null results branch of the test never helps you. I think this case simply never occurs, but it is clear you can remove it and not affect the outcome: convertLaw3 _ _ = L.any isNothing results works just as well.
The three problematic tests are precisely those of which you already note:
Note: Conversion from
Index 1toSigned 0is total, but not within the constraints of the instance.
So your test correctly tests the law, it just needs some exceptions for the cases where you document a deviation from the laws. I think in your Python script you actually already flag these cases with constraints[(a, b)][0], but you never use this boolean, you only use the second element of the tuple. I suspect that you should use that flag to generate
assertBool (show (n, m))
(convertLaw3 (Proxy @(Index (n + 1))) (Proxy @(Signed m)) || (n == 0 && m == 0))instead of the current
assertBool (show (n, m)) (convertLaw3 (Proxy @(Index (n + 1))) (Proxy @(Signed m)))|
|
||
| -- | Checks whether an @XException@ in, means an @XException@ out | ||
| convertXException :: forall a b. (MaybeConvert a b) => Proxy a -> Proxy b -> Bool | ||
| convertXException _ _ = isLeft $ isX $ maybeConvert @a @b (errorX "" :: a) |
There was a problem hiding this comment.
If you make it so that the original XException is always preserved, you could make this test stricter by testing that the message of the original XException is also the message of the ouput XException (same for the Convert tests).
| instance (KnownNat n, KnownNat m, n <= m) => Convert (Unsigned n) (Unsigned m) where | ||
| convert = resize | ||
|
|
||
| {- | Note: Conversion from @Unsigned 0@ to @Signed 0@ is total, but not within the |
There was a problem hiding this comment.
Ah skipped one. As per earlier comment: let's get rid of the word total here.
Utilities for safely converting between various Clash number types.
To discuss / investigate (but maybe not for this PR?)
1 <= nconstraints to every result where the result isIndex nIndex 0has no inhabitants, so we cannot create it. On the other hand, we can of course just callerrorX "foo". I'm not sure whether I would say this violates the "guaranteed to succeed" rule.1 <= nconstraints to every argument where the argument isIndex nconvertandmaybeConvertwill always returnXExceptionif given anXException.BitVector 0toIndex/Unsigned/Signed? The HDL will happily do it, why wouldn't Clash simulation? Similarly, anyBitVector ncould be repacked to be partially undefined if converted to anotherBitVector mwherem > n.I'd push for kicking these questions to after this PR, because:
XExceptionbehavior (but not introduce it).clash-prelude.Still TODO:
Clash.Class.ConvertorClash.Class.Convertible. The latter has some buy-in (?) from the community, given thatcovertiblealready exists. On the other hand, this might make users think it isconvertible, but it isn't.