Fix unsafe @pures via separate methods for BitInts

NHDaly · NHDaly · commit fe63195132f0 · 2020-02-01T16:52:38.000-05:00
The current usages of `Base.@pure` are _unsafe if called with user-defined types_, since their definitions may change arbitrarily. We fix this by _only providing `@pure` methods for the built in BitInteger types,_ and non-`@pure` methods for any types. Consider the following demonstration of the broken behavior: ```julia (@v1.4) pkg> add FixedPointDecimals#master Updating git-repo `https://github.com/JuliaMath/FixedPointDecimals.jl.git` julia> struct MyInt <: Integer x::Int end julia> Base.typemax(::Type{MyInt}) = 10000000 julia> Base.widen(::Type{MyInt}) = Int128 julia> using FixedPointDecimals julia> a = reinterpret(FixedPointDecimals.FD{MyInt,2}, MyInt(2)); julia> Base.typemax(::Type{MyInt}) = 10 julia> a = reinterpret(FixedPointDecimals.FD{MyInt,2}, MyInt(2)); # SHOULD BE AN ERROR! julia> ``` This is fixed, after this commit: ```julia julia> struct MyInt <: Integer x::Int end julia> Base.typemax(::Type{MyInt}) = 10000000 julia> Base.widen(::Type{MyInt}) = Int128 julia> using FixedPointDecimals [ Info: Precompiling FixedPointDecimals [fb4d412d-6eee-574d-9565-ede6634db7b0] julia> a = reinterpret(FixedPointDecimals.FD{MyInt,2}, MyInt(2)); julia> Base.typemax(::Type{MyInt}) = 10 julia> a = reinterpret(FixedPointDecimals.FD{MyInt,2}, MyInt(2)); # SHOULD BE AN ERROR! ERROR: ArgumentError: Requested number of decimal places 2 exceeds the max allowed for the storage type MyInt: [0, 0] ``` --------------------------------------------------------------- In order to reduce code-duplication, we add a small macro that duplicates the function definition to provide two identical macros, where one is restricted to BitIntegers.
diff --git a/src/FixedPointDecimals.jl b/src/FixedPointDecimals.jl
@@ -69,6 +69,35 @@ for fn in [:trunc, :floor, :ceil]
     end
 end
 
+"""
+    @_pure_for_BitInts T function foo(::FD{T,f}) where {T,f} ... end
+    @_pure_for_BitInts {T,U} bar(::FD{T,f}, ::FD{U,g}) where {T,f,U,g} = ...
+
+Defines the provided function _twice_, once as written, and once as a _@pure method_,
+restricted to only Base.BitInteger types. This is because `@pure` is not safe for calling
+generic user-defined methods on generic user-defined types.
+"""
+macro _pure_for_BitInts(int_type_params, f)
+    if int_type_params isa Symbol
+        int_type_params = [int_type_params]
+    else
+        int_type_params = int_type_params.args
+    end
+    @assert length(int_type_params) >= 1 && f.args[1].head == :where "Usage: @_pure_for_BitInts T function foo(::FD{T,f}) where {T,f} ... end"
+    bitint_f = deepcopy(f)
+    for param_name in int_type_params
+        type_param_idx = findfirst(isequal(param_name), bitint_f.args[1].args)
+        @assert type_param_idx !== nothing "Unmatched int_type param name `$param_name` in where clause params $(f.args[1].args[2:end])"
+        new_type_restriction = :($param_name <: $Base.BitInteger)
+        bitint_f.args[1].args[type_param_idx] = new_type_restriction
+    end
+
+    esc(quote
+        Base.@__doc__ $f
+        Base.@pure $bitint_f
+    end)
+end
+
 """
     FixedDecimal{T <: Integer, f::Int}
 
@@ -80,7 +109,7 @@ struct FixedDecimal{T <: Integer, f} <: Real
 
     # inner constructor
     # This function is marked as `Base.@pure`. It does not have or depend on any side-effects.
-    Base.@pure function Base.reinterpret(::Type{FixedDecimal{T, f}}, i::Integer) where {T, f}
+    @_pure_for_BitInts T function Base.reinterpret(::Type{FixedDecimal{T, f}}, i::Integer) where {T, f}
         n = max_exp10(T)
         if f >= 0 && (n < 0 || f <= n)
             new{T, f}(i % T)
@@ -115,15 +144,15 @@ Base.:+(x::FD{T, f}, y::FD{T, f}) where {T, f} = reinterpret(FD{T, f}, x.i+y.i)
 Base.:-(x::FD{T, f}, y::FD{T, f}) where {T, f} = reinterpret(FD{T, f}, x.i-y.i)
 
 # wide multiplication
-Base.@pure function Base.widemul(x::FD{<:Any, f}, y::FD{<:Any, g}) where {f, g}
+@_pure_for_BitInts {T,U} function Base.widemul(x::FD{<:T, f}, y::FD{<:U, g}) where {T, f, U, g}
     i = widemul(x.i, y.i)
     reinterpret(FD{typeof(i), f + g}, i)
 end
-Base.@pure function Base.widemul(x::FD{T, f}, y::Integer) where {T, f}
+@_pure_for_BitInts T function Base.widemul(x::FD{T, f}, y::Integer) where {T, f}
     i = widemul(x.i, y)
     reinterpret(FD{typeof(i), f}, i)
 end
-Base.@pure Base.widemul(x::Integer, y::FD) = widemul(y, x)
+@_pure_for_BitInts T Base.widemul(x::Integer, y::FD{T}) where T = widemul(y, x)
 
 """
     _round_to_even(quotient, remainder, divisor)
@@ -333,7 +362,7 @@ Base.promote_rule(::Type{<:FD}, ::Type{Rational{TR}}) where {TR} = Rational{TR}
 
 # TODO: decide if these are the right semantics;
 # right now we pick the bigger int type and the bigger decimal point
-Base.@pure function Base.promote_rule(::Type{FD{T, f}}, ::Type{FD{U, g}}) where {T, f, U, g}
+@_pure_for_BitInts T,U function Base.promote_rule(::Type{FD{T, f}}, ::Type{FD{U, g}}) where {T, f, U, g}
     FD{promote_type(T, U), max(f, g)}
 end
 
@@ -480,10 +509,6 @@ NOTE: This function is expensive, since it contains a while-loop, but it is actu
       This function does not have or depend on any side-effects.
 """
 function max_exp10(::Type{T}) where {T <: Integer}
-    # This function is marked as `Base.@pure`. Even though it does call some generic
-    # functions, they are all simple methods that should be able to be evaluated as
-    # constants. This function does not have or depend on any side-effects.
-
     W = widen(T)
     type_max = W(typemax(T))
 
@@ -515,8 +540,8 @@ end
 Compute `10^f` as an Integer without overflow. Note that overflow will not occur for any
 constructable `FD{T, f}`.
 """
-Base.@pure coefficient(::Type{FD{T, f}}) where {T, f} = T(10)^f
-Base.@pure coefficient(fd::FD{T, f}) where {T, f} = coefficient(FD{T, f})
+@_pure_for_BitInts T coefficient(::Type{FD{T, f}}) where {T, f} = T(10)^f
+@_pure_for_BitInts T coefficient(fd::FD{T, f}) where {T, f} = coefficient(FD{T, f})
 value(fd::FD) = fd.i
 
 # for generic hashing
