lex-types 0.10.2

Type system + effect inference for Lex.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200

//! Static discharge of refinement-type predicates (#209 slice 2).
//!
//! Given a refined parameter type `Int{x | x > 0}` and a call-site
//! argument `5`, this module evaluates the predicate with the binding
//! bound to the argument's value and returns whether the call site
//! satisfies, violates, or can't statically decide the constraint.
//!
//! Scope (deliberately small for v1):
//!
//! - **Argument shape**: only `CLit` literals (`Int`, `Float`, `Bool`,
//!   `Str`). Anything else — variables, calls, arithmetic — defers
//!   to slice 3's runtime residual check.
//! - **Predicate shape**: literals, the bound variable, binary
//!   arithmetic / comparison, boolean `and` / `or` with short-circuit,
//!   `not`. Anything else defers.
//! - **Free variables**: the predicate must reference *only* its
//!   binding. Other identifiers (`balance`, `ceiling`, etc.) defer
//!   — slice 2 doesn't try to evaluate them. Slice 3 will plumb
//!   call-site context bindings.
//!
//! The deliberate fall-through to "deferred" is what makes this slice
//! ship-able: anything we can't reason about cleanly stays a
//! type-check pass and waits for slice 3's runtime check, rather
//! than blocking type-check on cases we can't yet handle.

use lex_ast::{CExpr, CLit};

#[derive(Debug, Clone, PartialEq)]
pub enum DischargeOutcome {
    /// Predicate evaluated to `true` with the binding bound to the
    /// argument value. Static check succeeds; no runtime work.
    Proved,
    /// Predicate evaluated to `false`. The call-site argument
    /// definitely violates the refinement — surface as a type error.
    Refuted { reason: String },
    /// Couldn't decide statically. Slice 3 will emit a residual
    /// runtime check at the call boundary; this slice just lets
    /// type-check pass.
    Deferred { reason: String },
}

/// Try to discharge `predicate` with `binding_name` bound to `arg`.
/// `arg` is the CallExpr's argument expression — only literal forms
/// (`CLit`) participate in static discharge; anything else defers.
pub fn try_discharge(
    predicate: &CExpr,
    binding_name: &str,
    arg: &CExpr,
) -> DischargeOutcome {
    let v = match arg_to_concrete(arg) {
        Some(v) => v,
        None => return DischargeOutcome::Deferred {
            reason: "argument is not a literal; static discharge can't \
                     evaluate it (slice 3 will add a runtime check)".into(),
        },
    };
    match eval(predicate, binding_name, &v) {
        Ok(Concrete::Bool(true)) => DischargeOutcome::Proved,
        Ok(Concrete::Bool(false)) => DischargeOutcome::Refuted {
            reason: format!(
                "predicate failed for {} = {}",
                binding_name, v.show()),
        },
        Ok(other) => DischargeOutcome::Deferred {
            reason: format!("predicate didn't reduce to a Bool (got {})",
                other.show()),
        },
        Err(e) => DischargeOutcome::Deferred { reason: e },
    }
}

/// Reduce a call-site argument expression to a `Concrete` value if
/// it's a literal or a sign-flipped literal. Lex parses `-5` as
/// `UnaryOp { op: "-", expr: Literal { Int(5) } }` rather than a
/// negative literal, so we fold that one shape inline. Anything
/// more involved (arithmetic, var refs) defers — slice 3 territory.
fn arg_to_concrete(e: &CExpr) -> Option<Concrete> {
    match e {
        CExpr::Literal { value } => Some(Concrete::from_lit(value)),
        CExpr::UnaryOp { op, expr } if op == "-" => match expr.as_ref() {
            CExpr::Literal { value: CLit::Int { value } } =>
                Some(Concrete::Int(-value)),
            CExpr::Literal { value: CLit::Float { value } } => {
                value.parse::<f64>().ok().map(|f| Concrete::Float(-f))
            }
            _ => None,
        },
        _ => None,
    }
}

#[derive(Debug, Clone, PartialEq)]
enum Concrete {
    Int(i64),
    Float(f64),
    Bool(bool),
    Str(String),
}

impl Concrete {
    fn from_lit(l: &CLit) -> Self {
        match l {
            CLit::Int { value } => Concrete::Int(*value),
            CLit::Float { value } => Concrete::Float(value.parse().unwrap_or(0.0)),
            CLit::Bool { value } => Concrete::Bool(*value),
            CLit::Str { value } => Concrete::Str(value.clone()),
            // Bytes / Unit are unusual in refinement contexts; surface
            // as Unit so the predicate evaluator defers cleanly.
            _ => Concrete::Bool(false),
        }
    }
    fn show(&self) -> String {
        match self {
            Concrete::Int(n) => format!("{n}"),
            Concrete::Float(f) => format!("{f}"),
            Concrete::Bool(b) => format!("{b}"),
            Concrete::Str(s) => format!("{s:?}"),
        }
    }
}

/// Tiny tree-walk evaluator for a predicate `CExpr` with a single
/// in-scope binding. Returns `Err` for unsupported forms (caller
/// folds these into `Deferred`).
fn eval(e: &CExpr, name: &str, value: &Concrete) -> Result<Concrete, String> {
    match e {
        CExpr::Literal { value: lit } => Ok(Concrete::from_lit(lit)),
        CExpr::Var { name: n } => {
            if n == name { Ok(value.clone()) }
            else { Err(format!("predicate references free var `{n}`; \
                                slice 2 only supports the binding itself")) }
        }
        CExpr::UnaryOp { op, expr } => {
            let v = eval(expr, name, value)?;
            match (op.as_str(), v) {
                ("not", Concrete::Bool(b)) => Ok(Concrete::Bool(!b)),
                ("-",   Concrete::Int(n)) => Ok(Concrete::Int(-n)),
                ("-",   Concrete::Float(n)) => Ok(Concrete::Float(-n)),
                (o, v) => Err(format!("unsupported unary `{o}` on {}", v.show())),
            }
        }
        CExpr::BinOp { op, lhs, rhs } => {
            // Short-circuit `and` / `or` so the right side never
            // gets evaluated when the left already decides.
            if op == "and" || op == "or" {
                let l = eval(lhs, name, value)?;
                let lb = match l {
                    Concrete::Bool(b) => b,
                    other => return Err(format!("`{op}` on non-bool: {}", other.show())),
                };
                if op == "and" && !lb { return Ok(Concrete::Bool(false)); }
                if op == "or"  &&  lb { return Ok(Concrete::Bool(true));  }
                let r = eval(rhs, name, value)?;
                return match r {
                    Concrete::Bool(b) => Ok(Concrete::Bool(b)),
                    other => Err(format!("`{op}` on non-bool: {}", other.show())),
                };
            }
            let l = eval(lhs, name, value)?;
            let r = eval(rhs, name, value)?;
            apply_binop(op, &l, &r)
        }
        // Anything else (Call, Let, Match, FieldAccess, Lambda, Block,
        // Constructors, Records, Tuples, Lists, Return) is out of
        // slice-2 scope. Slice 3's runtime check handles these by
        // falling back to actual evaluation under the host VM.
        _ => Err(format!("unsupported predicate node: {e:?}")),
    }
}

fn apply_binop(op: &str, l: &Concrete, r: &Concrete) -> Result<Concrete, String> {
    use Concrete::*;
    match (op, l, r) {
        ("+", Int(a), Int(b)) => Ok(Int(a + b)),
        ("-", Int(a), Int(b)) => Ok(Int(a - b)),
        ("*", Int(a), Int(b)) => Ok(Int(a * b)),
        ("/", Int(a), Int(b)) if *b != 0 => Ok(Int(a / b)),
        ("%", Int(a), Int(b)) if *b != 0 => Ok(Int(a % b)),
        ("+", Float(a), Float(b)) => Ok(Float(a + b)),
        ("-", Float(a), Float(b)) => Ok(Float(a - b)),
        ("*", Float(a), Float(b)) => Ok(Float(a * b)),
        ("/", Float(a), Float(b)) => Ok(Float(a / b)),

        ("==", a, b) => Ok(Bool(a == b)),
        ("!=", a, b) => Ok(Bool(a != b)),

        ("<",  Int(a), Int(b)) => Ok(Bool(a < b)),
        ("<=", Int(a), Int(b)) => Ok(Bool(a <= b)),
        (">",  Int(a), Int(b)) => Ok(Bool(a > b)),
        (">=", Int(a), Int(b)) => Ok(Bool(a >= b)),

        ("<",  Float(a), Float(b)) => Ok(Bool(a < b)),
        ("<=", Float(a), Float(b)) => Ok(Bool(a <= b)),
        (">",  Float(a), Float(b)) => Ok(Bool(a > b)),
        (">=", Float(a), Float(b)) => Ok(Bool(a >= b)),

        (op, a, b) => Err(format!(
            "unsupported binop `{op}` on {} and {}", a.show(), b.show())),
    }
}