[isabelle-dev] Transparent/opaque module signature ascription
Makarius
makarius at sketis.net
Fri Nov 12 14:48:53 CET 2010
On Thu, 11 Nov 2010, Brian Huffman wrote:
> Hello everyone,
>
> The recent appearance of some new warning messages got me thinking
> about transparent-vs-opaque ascription again. (I.e. "structure Foo :
> FOO = struct ... end" vs "structure Foo :> FOO = struct ... end")
>
> http://isabelle.in.tum.de/repos/isabelle/rev/daaa0b236a3f
The log message is also important here: "... saves extra paragraph in
implementation manual", i.e. this warning was meant to simplify life as
much as possible.
> Here is the reason I am reluctant to use transparent ascription:
> Programmers use modules and signatures as an abstraction mechanism. (I
> shouldn't need to explain to anyone on this list why abstraction in
> programming is a good thing.) But transparent ascription makes it easy
> to accidentally break module abstractions: If signature FOO contains an
> abstract type like "type foo" (with no definition in the signature), and
> structure Foo implements it with a type synonym like "type foo = int",
> then the ascription Foo : FOO will make "Foo.foo = int" globally
> visible, violating the abstraction specified in the signature and
> breaking modularity.
The way signatures and structures are used in Isabelle is more like "table
of contents" vs. "body text". I.e. the signature tells about intended
exports without necessarily abstracting the representation fully. There
are some modules that need to be fully abstract, and this is where abstype
is used with plain-old ":" matching. Moreover, in recent years we did
narrow-down the signatures more systematically, to delimited the
boundaries of modules more clearly, although some people have occasionally
complained about that.
When SML90 was young, other ways of module abstraction were propagated by
some authors of text books. I vaguely remember the "functorial style"
that was still present in our sources in the early 1990-ies, and greatly
complicating things until Larry purged it in one big sweep.
When SML97 came out, we adopted few of its features and ignored many new
problems introduced by the general NJ approach to ML. I don't think you
want to have their fixed-precisions ints or 8-bit characters, or worse
16bit wide chars.
Nonetheless, I started using opaque signature matching for some kernel
modules some years ago, for the reasons you have given above. This
destroyed the toplevel pretty printers for SML/NJ and recent Poly/ML. It
required a long time until the problem was detected, and eliminated by
going back to plain old ":" with "abstype".
This demonstrates once more, that anything coming from the 97/NJ update of
the SML language needs to be treated with extreme care.
Now I have spent much more than a paragraph ...
Makarius
More information about the isabelle-dev
mailing list