[Pre-RFC?] NonNaN type

gbutler · 2018-09-20T23:18:21.668Z

johannesvollmer:

Also, it does not handle the addition two numbers where the sum is too large to be stored in a float. This could be handled like integer overflow, panicking in debug mode and returning NaN in release mode.

This kind of thing makes me think that this whole idea is somewhat misguided. Instead of talking about having Floats have different behavior than they do as defined by IEEE specs, why not just define completely different numeric types that do what is desired with defined semantics. I think floats should remain IEEE floats. It something different is wanted for other use-cases, define that type, don’t redefine floats. Just MHO.

DataAnalysisCosby · 2018-09-21T04:44:35.088Z

This is a specialization of floats, not a redefinition. The regular float types would still be around but we have a decent optimization around NaN, something we regularly considered an error anyway.

I believe that the pattern of specifying emptiness with a NaN float is common. And most all the times when NaN appears it is an error (to put it mildly, it is an error value). Why not, with that in mind, create a type that reflects the absense of that error state as an invariant, with the benefit of being able to Ord

This isn’t an invarient we need to perform arithmetic on. Extracting them is fine. It’s just a space saving optimization that let’s us use floats in data structures more easily. This way I don’t have to transmute f32s into u32s when I want to use floats in a set, a pattern I am certain I’m not the first to use: https://github.com/DataAnalysisCosby/mgf/blob/fd3a398a51d001e6257197092ae05d21fd55125b/src/simplex.rs#L425

None of us can solve ieee floating point math. That being said I think Rust the community has decided that some invariants are checked at runtime. Let’s make NaNs easier to use

skysch · 2018-09-21T05:41:44.087Z

Another way to think of it that this is just exposing Option-like methods on f32/f64 that treat NaN as a None variant. But in its own type so you have something to ‘unwrap’ into.

skysch · 2018-09-21T15:05:20.486Z

So I’ve been thinking about this a lot, because it’s something that I want in theory, to the point where I’ve already implemented over a half dozen float wrapper types in my own code. However, I’m skeptical that it will be ergonomic, and I’d like to outline what I think the basis of that is.

If we take a look at String, we can see it as a wrapper around Vec<u8> that maintains a UTF-8 invariant, but in practice that is not all that it is, and I’d argue that it is not enough to only do that. The difference is that String provides a complete suite of total (as in non-partial) methods for manipulating UTF-8 data. I’m imagining what I would be doing if it didn’t: I’d likely use Vec as an ‘ASCII’ type and convert to String only when I wanted/needed to verify it as UTF-8.

EDIT: Actually, the property I’m referring to above should be closure, not totality/partiality.

Anyway, the problem I’ve always had with my own float wrappers is that float operations are almost all partial, so you’ve got to exclude them (consider /=, for instance), or ‘escape’ your wrapper type, which hurts ergonomics by making you re-wrap. And in practice, I’ve gotten so frustrated with this that I only use them for Ord now. (There’s a similar level of frustration around as.) The trouble here being that this encourages you to only use these wrapper types at API boundaries, where an assertion would do just as well.

Maybe something could be done by introducing a whole zoo of wrapper types (Finite, NonZero, NonNan, NonNegative), but I feel like these will all have the same essential problem, and it’s not clear to me that we are doing anything but re-implementing float semantics at that point.

johannesvollmer:

We could define the float division operator with non-nan, finite, non-zero operand types, like for example fn div(a: FiniteNumber, b: FiniteNonZeroNumber) , which would guarantee never-failing division at compile time.

The ergonomic loss here is not in calling the div function, but in how you get your FiniteNumber and FiniteNonZeroNumber values. Calling the constructors for those types is no better than asserting that your denominator is nonzero. It’s potentially even worse. Sure, your div never panics, but your FiniteNumber constructor does… so we’re just pushing panics around unless you can statically determine all of your input values. And if you can do that, then just do CTFE and give a compiler error when a panic would occur.

johannesvollmer · 2018-09-21T16:37:36.359Z

skysch:

Calling the constructors for those types is no better than asserting that your denominator is nonzero

I see what you mean, but I’d argue it’s not as bad as one might think, because I would assume that a large portion of code would use NonZeros and Finites to begin with (thus not requiring a construction).

skysch:

so we’re just pushing panics around unless you can statically determine all of your input values. And if you can do that, then just do CTFE and give a compiler error when a panic would occur

Yes, that would be great, it’s basically the core idea of Rust: having as many things as proven at compile time as possible. That’s why we have lifetimes and immutability and the whole type system.

skysch:

The trouble here being that this encourages you to only use these wrapper types at API boundaries, where an assertion would do just as well

The assertion would have to be repeated at every function at the api, while the type has a single constructor definition, which contains a single assertion. Defining a type thus probably is less code duplication.

skysch · 2018-09-21T16:52:41.513Z

johannesvollmer:

The assertion would have to be repeated at every function at the api, while the type has a single constructor definition, which contains a single assertion. Defining a type thus probably is less code duplication.

I would expect float functions to inline most of the time, so any redundant assertions would probably be eliminated by an optimization pass?

johannesvollmer:

I would assume that a large portion of code would use NonZero s and Finite s to begin with (thus not requiring a construction).

Not to be a stick in the mud, but I would like some example code for this. Are you thinking that the compiler would generate these types from literals? I don’t see how this is possible in the presence of user-supplied data, FFI, or std floats.

skysch · 2018-09-21T17:19:59.361Z

The problem I’ve had with fixed point is that trig ops are very slow. (And when doing things like computing color spaces, coordinates, or vectors – very common uses for float – you tend to want to do trig.) If you’ve got a fast fixed point trig implementation, it might look more appealing.

johannesvollmer · 2018-09-21T17:34:08.071Z

skysch:

I don’t see how this is possible in the presence of user-supplied data, FFI, or std floats

Fair point, the FFI border is a problem. But we’re already doing all kinds of conversion with FFI from arrays / pointers to slices. That’s already something programmers are doing.

I must admit that I might be too optimistic concerning how much the Finite and NonZero types would be used.

johannesvollmer · 2018-09-21T17:37:18.382Z

skysch:

I would expect float functions to inline most of the time, so any redundant assertions would probably be eliminated by an optimization pass?

I was concerned about actual code that programmers have to write, not actual byte code performance. The programmer would have to write an assertion every time, instead of simply constraining values by using a type.

skysch · 2018-09-21T17:50:11.260Z

Compare the following:

Currently:

takes_val(52.0); // Calls the following.

fn takes_val(x: f32) {
    assert!(!x.is_nan());
    do_a_float_thing(x);
}

And with NonNan wrapper type:

takes_val(52.0.into());

fn takes_val(x: NonNan<f32>) {
    do_a_float_thing(x.unwrap());
}

We shave a line off, but certainly not for free.

DataAnalysisCosby · 2018-09-21T18:02:14.000Z

These code snippets look perfectly equivalent. So yes, that is “free”.

skysch · 2018-09-21T18:09:17.094Z

They’re not equivalent. The second example calls an extra function, for example. The are more types used. The lines are longer, even if there are fewer of them, etc… It’s a (syntactic) tradeoff, not a free lunch. And all we’ve actually accomplished is changing where the panic will happen.

johannesvollmer · 2018-09-21T18:10:30.177Z

In this specific example, the compiler could perfectly infer that 52.0 is not NaN, the same way that the compiler can infer it is an f32 and not f64. Thus it would be takes_val(52.0) in both cases.

skysch · 2018-09-21T18:11:14.477Z

Change 52.0 to a variable then. Parse it from a file, or get it from an existing codebase. I used a literal because it was easy. As I already mentioned, we can do CTFE to reason about literals. That is not what most people are doing with floats.

skysch · 2018-09-21T18:17:14.308Z

Anyway, the ‘broader’ pattern I’m trying to get at is that types don’t maintain invariants, they only allow us to specify where the invariants must be upheld. Functions maintain the invariants, and only if the type doesn’t change. Float operations will change the types of these things, which means that we either won’t get our float operations, or we will not be able to maintain these invariants.

johannesvollmer · 2018-09-21T18:21:36.733Z

That sounds really sad do you think there is no way we can challenge that problem?

skysch · 2018-09-21T18:41:05.604Z

The typical way to solve this kind of problem would be to generalize to include the broadest set of invariants you can maintain for the operations you want to support… and if you want all the float operations, that’s exactly what the floating point types are. (And that’s effectively why NaN is part of float in the first place.)

You can definitely specialize further if you know what operations you want to stop supporting. Or rather, if you identify a set of operations or tasks that the new types are meant to be optimized for. I don’t think “people who don’t want NaNs” is a reasonable starting point, because that’s far too broad, and it certainly doesn’t tell you if you want to support div, pow or tan or not.

DataAnalysisCosby · 2018-09-21T18:43:31.000Z

Firstly, this transformation is free in that all of the functions calls are easily inlinable. It is zero cost.

Secondly, you can argue all day about which is better “syntactically” but that is not something you can argue about objectively so I don’t understand how you can claim either style is better, and that therefore it is a trade off.

Thirdly, all you’ve done is shifted where a panic happens because your code doesn’t actually do anything with the NonNaN type. It’s purpose is to uphold invariants in the context of containers. Using it to just check if a value is a NaN and panicking would obviously be no better than just an if statement and a float. Converting a float to a NonNaN so it can be stored in a Set, for example, is extremely useful.

Fourthly, you wouldn’t call unwap on a NonNaN. They’d implement Into floats.

DataAnalysisCosby · 2018-09-21T18:46:22.000Z

Types maintain invariants by having a single point of creation that upholds that invariant. If NonNaNs are created only via a From func that checks if the float is NaN then it is perfectly acceptable to say that the type upholds the invariant it is claiming to. And again, we don’t need NonNaN to implement math operations besides Ord. That can be done after extracting a float. NonNaN is for storage and comparisons, not arithmetic.

skysch · 2018-09-21T18:58:33.723Z

DataAnalysisCosby:

Secondly, you can argue all day about which is better “syntactically” but that is not something you can argue about objectively so I don’t understand how you can claim either style is better, and that therefore it is a trade off.

I didn’t argue that one style is better than the other. I’ve been saying all along that the second style doesn’t buy us anything. It’s just a change in syntax.

DataAnalysisCosby:

Types maintain invariants by having a single point of creation that upholds that invariant.

Not… exactly? You’re saying the same things with different words. Every mutating operatation must also maintain the invariant. Anything which consumes the type and emits another one also will cease to maintain the invariant. Types maintain invariants by constraining which functions they can be passed to, ensuring that only variant-maintaining functions will be invoked.

DataAnalysisCosby:

And again, we don’t need NonNaN to implement math operations besides Ord. That can be done after extracting a float. NonNaN is for storage and comparisons, not arithmetic.

Yes! That’s been my point all along: there’s no need to define float operations on this type, since all it meaningfully can do is provide an Ord impl. (And the way that invariant is maintained is by not allowing mutation of the inner value at all. So naturally, any non-mutating impl could also be provided for it.) If you want to do any float operations, you have to unwrap it first, which means if you’re not storing it in a data structure, you will be equally well served by a simple assertion.

I apologize if I’ve given the impression that I am against the idea of a NonNaN type for the purpose of Ord. I just don’t see any value for it outside of that.