Detecting use cases for GADTs in OCaml (opens in new tab)

(mads-hartmann.com)

53 pointsmads_hartmann11y ago21 comments

21 comments

17 comments · 3 top-level

ufo11y ago· 10 in thread

BTW, if any HN readers have good practical examples of GADT I'd love to hear them. The article does a fine job of explaining the advantages GADT give but real world examples would greatly complement that.

Also, has anyone ever used gadts to implement type safe syntax trees like that? Last time I implemented a little programming language I used regular ADTs and had a separate type-checking pass to verify that everything is all right. I don't know how hard it would be to write a gadt version of my ast and if it would be worth the trouble.

Martijn11y ago

My Magic: the Gathering implementation uses a few GADTs. Interestingly they use GADTs in very different ways. Source code is here: https://github.com/MedeaMelana/Magic/blob/master/Magic/src/M...

Let me briefly highlight three of them:

1) Type Question models questions that the game might ask of players. Its constructors are tagged with the type of the answer to that question:

  data Question a where
    AskKeepHand :: Question Bool
    AskTarget   :: [EntityRef] -> Question EntityRef
    ...

This allows me to write cards that ask questions and later on plug in various interpreters of these questions (command line interface, JSON webserver, AI, test framework).

2) The ZoneRef datatype enumerates the various zones in a game of Magic (battlefield, hand, etc) but I've chosen to tag each ZoneRef constructor with a type that indicates what the type of a card is when you look up a reference to a card ("object" in Magic jargon):

  type ObjectRef ty = (ZoneRef ty, Id)
  lookupObject :: ObjectRef ty -> Magic (ObjectOfType ty)

Most functions that take object references as an argument like to constrain the type of the object referenced, and using a GADT allows them to do so. For example, dealing damage to an object (creature or planeswalker):

  data SimpleOneShotEffect = DamageObject Object (ObjectRef TyPermanent) Int ...

3) Type TargetList models zero or more targets a spell on the stack can target. Even though in essence it is just a list of targets, it is a GADT so that it can have a "return type" which is re-evaluated when one of more of the targets change (for example, by a card like Redirect or Reverberate).

Hope this helps!

ufo11y ago

What an interesting example. Not what I was expecting!

Can you think of an example of a bug that you avoided due to the extra type safety of gadts? Magic has some pretty complex rules so I imagine that writing exaustive test must be hard and that the extra static guarantees might be able to find something a dynamic checker wouldn't. (Its ok if you need some ingame jargon to explain that, I know the basic rules).

1 more reply

tel11y ago

I use them all the time for little EDSLs in Haskell. They also go really nicely when implementing AFRP libraries. You can also do a lot with them and type families for making typed APIs. Oliver Charles has some work doing this over websockets for instance: https://skillsmatter.com/skillscasts/5356-oliver-charles

lomnakkus11y ago

That video doesn't appear to available to everyone. It says

"Sorry

Because of its privacy settings, this video cannot be played here."

Not sure if it's because of country/IP restrictions or what.

1 more reply

avsm11y ago

The Mirage OS configuration languages use them to provide a safe interface between device driver descriptions and module implementations.

The core is as simple as:

    type _ typ =
      | Type: 'a -> 'a typ
      | Function: 'a typ * 'b typ -> ('a -> 'b) typ

From https://github.com/mirage/mirage/blob/master/lib/mirage.ml#L...

I talked about this usecase in the ML Workshop in ICFP this year; video here: https://www.youtube.com/watch?v=oKJ8Sxqr4r8

Some blog posts here: http://openmirage.org/blog/intro-tcpip

Peaker11y ago

https://github.com/yairchu/red-black-tree

Has implementations of some binary search trees with GADTs to guarantee, at compile-time, that most of the tree's invariants always hold.

MaxScheiber11y ago

http://www.seas.upenn.edu/~cis552/lectures/RedBlackGADT1.htm...

Red-black trees via GADTs, courtesy of Penn's CIS 552 course.

lpw2511y ago

> Also, has anyone ever used gadts to implement type safe syntax trees like that?

I believe the main use is for embedded DSLs. I'm afraid I don't have any practical examples on hand to link to.

moomin11y ago

Consider an HTTP request. A get can't have a body, a post can.

So you could define

    data Request b where
      GET :: Headers -> Request ()
      POST :: Headers -> body -> Request body

As the article says, building up your intuition is the hard bit.

You could go further by typing the headers to recognize the type of body you're dealing with.

toolslive11y ago

we use it to create a remote procedure call serialization protocol. (in essence, this is an interpreter too)

wk_end11y ago· 4 in thread

Unless I'm misreading this, there's a slight semantic difference between the two cases: with the GADT-based interpreter, an if expression's two branches must both evaluate to integers:

  | GIf : bool expr' * int expr' * int expr' -> int expr'

...whereas in the original both branches could evaluate to bools (or even totally separate types). Do you need a separate case for each type, or could one write something like the following?

  | GIf : bool expr' * a expr' * a expr' -> a expr'

mads_hartmannOP11y ago

The following implementation comes closer to the original semantics of the ADT implementation.

  type _ value' =
    | GBool : bool -> bool value'
    | GInt : int -> int value'
  
  type _ expr' =
    | GValue : 'a value' -> 'a expr'
    | GIf : bool expr' * 'a expr' * 'a expr' -> 'a expr'
    | GEq : 'a expr' * 'a expr' -> bool expr'
    | GLt : int expr' * int expr' -> bool expr'
  
  let rec eval' : type a. a expr' -> a = function
    | GValue (GBool b) -> b
    | GValue (GInt i) -> i
    | GIf (b, l, r) -> if eval' b then eval' l else eval' r
    | GEq (a, b) -> (eval' a) = (eval' b)
    | GLt (a,b) -> a < b ;;
  
  eval' (GIf ((GEq ((GValue (GInt 2)), (GValue (GInt 2)))),
        (GValue (GInt 42)),
        (GValue (GInt 12))));;
  
  eval' (GIf ((GEq ((GValue (GInt 2)), (GValue (GInt 2)))),
        (GValue (GBool true)),
        (GValue (GBool false))));;

It does not support having separate return types for the branches on an if-statement but I consider that to be a good thing ;) I should probably update the ADT example to dis-allow that.

nhaehnle11y ago

It should still be possible to simplify eval' by merging the two GValue cases, right?

2 more replies

tel11y ago

You can think of GADTs as generating equalities when you match on a constructor. So when you open up `GIf(c, t, e)` you'll find

    c : vc expr'
    t : vt expr'
    e : ve expr'

with an ambient type variable `a` and proofs of type equalities

    vc ~ bool
    vt ~ a
    ve ~ a

When you solve those equations they'll work for any choices of `a` so long as `vt` and `ve` both can unify with it.

mads_hartmannOP11y ago

Well spotted, you're absolutely right. My hunch is that it's doable to maintain the semantics but I need to play around with the example a bit to know for sure.

kxyvr11y ago

In the past, I've used them to eliminate and optimize branches with simple interpreters. That being said, I've had better luck with using things like Coq to write a certified interpreter and then outputing to OCaml.

In any case, when we write a simple interpreter for a typed language, we normally run things through a type checker first and then evaluate it. After type checking, we know that certain errors can not occur, such as adding an integer to a boolean, but this information gets lost when passing everything to the evaluator. As far as the evaluator knows, all we have are expressions, so we still have to check for situations like adding an integer to a boolean in the evaluator. Again, this can not occur because we type checked everything, but these branches are necessary to have the OCaml compiler type check everything. What GADTs allow is for the type checker to translate an expression into a typed expression and then the evaluator translates a typed expression into a value. This eliminates these redundant branches.

For some sample code, I wrote about this on StackOverflow some time back. The following link contains both a traditional implementation of an OCaml interpreter as well as one that uses GADTs. It differs some from the one in the article because I work out how to make this work with an environment, lambda functions, and closures:

https://stackoverflow.com/questions/22676975/simple-lambda-c...

j / k navigate · click thread line to collapse

21 comments

17 comments · 3 top-level

ufo11y ago· 10 in thread

Martijn11y ago

My Magic: the Gathering implementation uses a few GADTs. Interestingly they use GADTs in very different ways. Source code is here: https://github.com/MedeaMelana/Magic/blob/master/Magic/src/M...

Let me briefly highlight three of them:

1) Type Question models questions that the game might ask of players. Its constructors are tagged with the type of the answer to that question:

  data Question a where
    AskKeepHand :: Question Bool
    AskTarget   :: [EntityRef] -> Question EntityRef
    ...

This allows me to write cards that ask questions and later on plug in various interpreters of these questions (command line interface, JSON webserver, AI, test framework).

  type ObjectRef ty = (ZoneRef ty, Id)
  lookupObject :: ObjectRef ty -> Magic (ObjectOfType ty)

  data SimpleOneShotEffect = DamageObject Object (ObjectRef TyPermanent) Int ...

Hope this helps!

ufo11y ago

What an interesting example. Not what I was expecting!

1 more reply

tel11y ago

lomnakkus11y ago

That video doesn't appear to available to everyone. It says

"Sorry

Because of its privacy settings, this video cannot be played here."

Not sure if it's because of country/IP restrictions or what.

1 more reply

avsm11y ago

The Mirage OS configuration languages use them to provide a safe interface between device driver descriptions and module implementations.

The core is as simple as:

    type _ typ =
      | Type: 'a -> 'a typ
      | Function: 'a typ * 'b typ -> ('a -> 'b) typ

From https://github.com/mirage/mirage/blob/master/lib/mirage.ml#L...

I talked about this usecase in the ML Workshop in ICFP this year; video here: https://www.youtube.com/watch?v=oKJ8Sxqr4r8

Some blog posts here: http://openmirage.org/blog/intro-tcpip

Peaker11y ago

https://github.com/yairchu/red-black-tree

Has implementations of some binary search trees with GADTs to guarantee, at compile-time, that most of the tree's invariants always hold.

MaxScheiber11y ago

http://www.seas.upenn.edu/~cis552/lectures/RedBlackGADT1.htm...

Red-black trees via GADTs, courtesy of Penn's CIS 552 course.

lpw2511y ago

> Also, has anyone ever used gadts to implement type safe syntax trees like that?

I believe the main use is for embedded DSLs. I'm afraid I don't have any practical examples on hand to link to.

moomin11y ago

Consider an HTTP request. A get can't have a body, a post can.

So you could define

    data Request b where
      GET :: Headers -> Request ()
      POST :: Headers -> body -> Request body

As the article says, building up your intuition is the hard bit.

You could go further by typing the headers to recognize the type of body you're dealing with.

toolslive11y ago

we use it to create a remote procedure call serialization protocol. (in essence, this is an interpreter too)

wk_end11y ago· 4 in thread

Unless I'm misreading this, there's a slight semantic difference between the two cases: with the GADT-based interpreter, an if expression's two branches must both evaluate to integers:

  | GIf : bool expr' * int expr' * int expr' -> int expr'

...whereas in the original both branches could evaluate to bools (or even totally separate types). Do you need a separate case for each type, or could one write something like the following?

  | GIf : bool expr' * a expr' * a expr' -> a expr'

mads_hartmannOP11y ago

The following implementation comes closer to the original semantics of the ADT implementation.

  type _ value' =
    | GBool : bool -> bool value'
    | GInt : int -> int value'
  
  type _ expr' =
    | GValue : 'a value' -> 'a expr'
    | GIf : bool expr' * 'a expr' * 'a expr' -> 'a expr'
    | GEq : 'a expr' * 'a expr' -> bool expr'
    | GLt : int expr' * int expr' -> bool expr'
  
  let rec eval' : type a. a expr' -> a = function
    | GValue (GBool b) -> b
    | GValue (GInt i) -> i
    | GIf (b, l, r) -> if eval' b then eval' l else eval' r
    | GEq (a, b) -> (eval' a) = (eval' b)
    | GLt (a,b) -> a < b ;;
  
  eval' (GIf ((GEq ((GValue (GInt 2)), (GValue (GInt 2)))),
        (GValue (GInt 42)),
        (GValue (GInt 12))));;
  
  eval' (GIf ((GEq ((GValue (GInt 2)), (GValue (GInt 2)))),
        (GValue (GBool true)),
        (GValue (GBool false))));;

It does not support having separate return types for the branches on an if-statement but I consider that to be a good thing ;) I should probably update the ADT example to dis-allow that.

nhaehnle11y ago

It should still be possible to simplify eval' by merging the two GValue cases, right?

2 more replies

tel11y ago

You can think of GADTs as generating equalities when you match on a constructor. So when you open up `GIf(c, t, e)` you'll find

    c : vc expr'
    t : vt expr'
    e : ve expr'

with an ambient type variable `a` and proofs of type equalities

    vc ~ bool
    vt ~ a
    ve ~ a

When you solve those equations they'll work for any choices of `a` so long as `vt` and `ve` both can unify with it.

mads_hartmannOP11y ago

Well spotted, you're absolutely right. My hunch is that it's doable to maintain the semantics but I need to play around with the example a bit to know for sure.

kxyvr11y ago

https://stackoverflow.com/questions/22676975/simple-lambda-c...

j / k navigate · click thread line to collapse