major improvements to std/wrapnils: optimal codegen, case objects, lvalue semantics (#18435)

* wrapnils now generates optimal code; also handles case objects
* changelog
* unsafeAddr => addr

changelog.md

@@ -279,6 +279,10 @@
   issues like https://github.com/nim-lang/Nim/issues/13063 (which affected error messages)
   for modules importing `std/wrapnils`.
   Added `??.` macro which returns an `Option`.
+  `std/wrapnils` can now be used to protect against `FieldDefect` errors in
+  case objects, generates optimal code (no overhead compared to manual
+  if-else branches), and preserves lvalue semantics which allows modifying
+  an expression.
 
 - Added `math.frexp` overload procs. Deprecated `c_frexp`, use `frexp` instead.
 

lib/std/wrapnils.nim

@@ -1,9 +1,20 @@
-## This module allows chains of field-access and indexing where the LHS can be nil.
-## This simplifies code by reducing need for if-else branches around intermediate values
-## that may be nil.
+## This module allows evaluating expressions safely against the following conditions:
+## * nil dereferences
+## * field accesses with incorrect discriminant in case objects
+##
+## `default(T)` is returned in those cases when evaluating an expression of type `T`.
+## This simplifies code by reducing need for if-else branches.
 ##
 ## Note: experimental module, unstable API.
 
+#[
+TODO:
+consider handling indexing operations, eg:
+doAssert ?.default(seq[int])[3] == default(int)
+]#
+
+import macros
+
 runnableExamples:
   type Foo = ref object
     x1: string
@@ -24,8 +35,124 @@ runnableExamples:
 
   assert (?.f2.x2.x2).x3 == nil  # this terminates ?. early
 
+runnableExamples:
+  # ?. also allows case object
+  type B = object
+    b0: int
+    case cond: bool
+    of false: discard
+    of true:
+      b1: float
+
+  var b = B(cond: false, b0: 3)
+  doAssertRaises(FieldDefect): discard b.b1 # wrong discriminant
+  doAssert ?.b.b1 == 0.0 # safe
+  b = B(cond: true, b1: 4.5)
+  doAssert ?.b.b1 == 4.5
+
+  # lvalue semantics are preserved:
+  if (let p = ?.b.b1.addr; p != nil): p[] = 4.7
+  doAssert b.b1 == 4.7
+
+proc finalize(n: NimNode, lhs: NimNode, level: int): NimNode =
+  if level == 0:
+    result = quote: `lhs` = `n`
+  else:
+    result = quote: (let `lhs` = `n`)
+
+proc process(n: NimNode, lhs: NimNode, level: int): NimNode =
+  var n = n.copyNimTree
+  var it = n
+  let addr2 = bindSym"addr"
+  var old: tuple[n: NimNode, index: int]
+  while true:
+    if it.len == 0:
+      result = finalize(n, lhs, level)
+      break
+    elif it.kind == nnkCheckedFieldExpr:
+      let dot = it[0]
+      let obj = dot[0]
+      let objRef = quote do: `addr2`(`obj`)
+        # avoids a copy and preserves lvalue semantics, see tests
+      let check = it[1]
+      let okSet = check[1]
+      let kind1 = check[2]
+      let tmp = genSym(nskLet, "tmpCase")
+      let body = process(objRef, tmp, level + 1)
+      let tmp3 = nnkDerefExpr.newTree(tmp)
+      it[0][0] = tmp3
+      let dot2 = nnkDotExpr.newTree(@[tmp, dot[1]])
+      if old.n != nil: old.n[old.index] = dot2
+      else: n = dot2
+      let assgn = finalize(n, lhs, level)
+      result = quote do:
+        `body`
+        if `tmp3`.`kind1` notin `okSet`: break
+        `assgn`
+      break
+    elif it.kind in {nnkHiddenDeref, nnkDerefExpr}:
+      let tmp = genSym(nskLet, "tmp")
+      let body = process(it[0], tmp, level + 1)
+      it[0] = tmp
+      let assgn = finalize(n, lhs, level)
+      result = quote do:
+        `body`
+        if `tmp` == nil: break
+        `assgn`
+      break
+    elif it.kind == nnkCall: # consider extending to `nnkCallKinds`
+      # `copyNimTree` needed to avoid `typ = nil` issues
+      old = (it, 1)
+      it = it[1].copyNimTree
+    else:
+      old = (it, 0)
+      it = it[0]
+
+macro `?.`*(a: typed): auto =
+  ## Transforms `a` into an expression that can be safely evaluated even in
+  ## presence of intermediate nil pointers/references, in which case a default
+  ## value is produced.
+  let lhs = genSym(nskVar, "lhs")
+  let body = process(a, lhs, 0)
+  result = quote do:
+    var `lhs`: type(`a`)
+    block:
+      `body`
+    `lhs`
+
+# the code below is not needed for `?.`
 from options import Option, isSome, get, option, unsafeGet, UnpackDefect
 
+macro `??.`*(a: typed): Option =
+  ## Same as `?.` but returns an `Option`.
+  runnableExamples:
+    import std/options
+    type Foo = ref object
+      x1: ref int
+      x2: int
+    # `?.` can't distinguish between a valid vs invalid default value, but `??.` can:
+    var f1 = Foo(x1: int.new, x2: 2)
+    doAssert (??.f1.x1[]).get == 0 # not enough to tell when the chain was valid.
+    doAssert (??.f1.x1[]).isSome # a nil didn't occur in the chain
+    doAssert (??.f1.x2).get == 2
+
+    var f2: Foo
+    doAssert not (??.f2.x1[]).isSome # f2 was nil
+
+    doAssertRaises(UnpackDefect): discard (??.f2.x1[]).get
+    doAssert ?.f2.x1[] == 0 # in contrast, this returns default(int)
+
+  let lhs = genSym(nskVar, "lhs")
+  let lhs2 = genSym(nskVar, "lhs")
+  let body = process(a, lhs2, 0)
+  result = quote do:
+    var `lhs`: Option[type(`a`)]
+    block:
+      var `lhs2`: type(`a`)
+      `body`
+      `lhs` = option(`lhs2`)
+    `lhs`
+
 template fakeDot*(a: Option, b): untyped =
   ## See top-level example.
   let a1 = a # to avoid double evaluations
@@ -58,51 +185,7 @@ func `[]`*[U](a: Option[U]): auto {.inline.} =
     if a2 != nil:
       result = option(a2[])
 
-import macros
-
-func replace(n: NimNode): NimNode =
-  if n.kind == nnkDotExpr:
-    result = newCall(bindSym"fakeDot", replace(n[0]), n[1])
-  elif n.kind == nnkPar:
-    doAssert n.len == 1
-    result = newCall(bindSym"option", n[0])
-  elif n.kind in {nnkCall, nnkObjConstr}:
-    result = newCall(bindSym"option", n)
-  elif n.len == 0:
-    result = newCall(bindSym"option", n)
-  else:
-    n[0] = replace(n[0])
-    result = n
-
-proc safeGet[T](a: Option[T]): T {.inline.} =
-  get(a, default(T))
-
-macro `?.`*(a: untyped): auto =
-  ## Transforms `a` into an expression that can be safely evaluated even in
-  ## presence of intermediate nil pointers/references, in which case a default
-  ## value is produced.
-  result = replace(a)
-  result = quote do:
-    # `result`.val # TODO: expose a way to do this directly in std/options, e.g.: `getAsIs`
-    safeGet(`result`)
-
-macro `??.`*(a: untyped): Option =
-  ## Same as `?.` but returns an `Option`.
-  runnableExamples:
-    import std/options
-    type Foo = ref object
-      x1: ref int
-      x2: int
-    # `?.` can't distinguish between a valid vs invalid default value, but `??.` can:
-    var f1 = Foo(x1: int.new, x2: 2)
-    doAssert (??.f1.x1[]).get == 0 # not enough to tell when the chain was valid.
-    doAssert (??.f1.x1[]).isSome # a nil didn't occur in the chain
-    doAssert (??.f1.x2).get == 2
-
-    var f2: Foo
-    doAssert not (??.f2.x1[]).isSome # f2 was nil
-    from std/options import UnpackDefect
-    doAssertRaises(UnpackDefect): discard (??.f2.x1[]).get
-    doAssert ?.f2.x1[] == 0 # in contrast, this returns default(int)
-
-  result = replace(a)
+when false:
+  # xxx: expose a way to do this directly in std/options, e.g.: `getAsIs`
+  proc safeGet[T](a: Option[T]): T {.inline.} =
+    get(a, default(T))

tests/stdlib/twrapnils.nim

@@ -7,80 +7,213 @@ proc checkNotZero(x: float): float =
 
 proc main() =
   var witness = 0
-  type Bar = object
-    b1: int
-    b2: ptr string
+  block:
+    type Bar = object
+      b1: int
+      b2: ptr string
 
-  type Foo = ref object
-    x1: float
-    x2: Foo
-    x3: string
-    x4: Bar
-    x5: seq[int]
-    x6: ptr Bar
-    x7: array[2, string]
-    x8: seq[int]
-    x9: ref Bar
+    type Foo = ref object
+      x1: float
+      x2: Foo
+      x3: string
+      x4: Bar
+      x5: seq[int]
+      x6: ptr Bar
+      x7: array[2, string]
+      x8: seq[int]
+      x9: ref Bar
 
-  type Gook = ref object
-    foo: Foo
+    type Gook = ref object
+      foo: Foo
 
-  proc fun(a: Bar): auto = a.b2
+    proc fun(a: Bar): auto = a.b2
 
-  var a: Foo
+    var a: Foo
 
-  var x6: ptr Bar
-  when nimvm: discard # pending https://github.com/timotheecour/Nim/issues/568
-  else:
-    x6 = create(Bar)
-    x6.b1 = 42
-  var a2 = Foo(x1: 1.0, x5: @[10, 11], x6: x6)
-  var a3 = Foo(x1: 1.2, x3: "abc")
-  a3.x2 = a3
+    var x6: ptr Bar
+    when nimvm: discard # pending https://github.com/timotheecour/Nim/issues/568
+    else:
+      x6 = create(Bar)
+      x6.b1 = 42
+    var a2 = Foo(x1: 1.0, x5: @[10, 11], x6: x6)
+    var a3 = Foo(x1: 1.2, x3: "abc")
+    a3.x2 = a3
 
-  var gook = Gook(foo: a)
+    var gook = Gook(foo: a)
 
-  proc initFoo(x1: float): auto =
-    witness.inc
-    result = Foo(x1: x1)
+    proc initFoo(x1: float): auto =
+      witness.inc
+      result = Foo(x1: x1)
 
-  doAssert ?.a.x2.x2.x1 == 0.0
-  doAssert ?.a3.x2.x2.x1 == 1.2
-  doAssert ?.a3.x2.x2.x3[1] == 'b'
+    doAssert ?.a.x2.x2.x1 == 0.0
+    doAssert ?.a3.x2.x2.x1 == 1.2
+    doAssert ?.a3.x2.x2.x3[1] == 'b'
 
-  doAssert ?.a3.x2.x2.x5.len == 0
-  doAssert a3.x2.x2.x3.len == 3
+    doAssert ?.a3.x2.x2.x5.len == 0
+    doAssert a3.x2.x2.x3.len == 3
 
-  doAssert ?.a.x2.x2.x3[1] == default(char)
-  # here we only apply wrapnil around gook.foo, not gook (and assume gook is not nil)
-  doAssert ?.(gook.foo).x2.x2.x1 == 0.0
+    doAssert ?.a.x2.x2.x3[1] == default(char)
+    # here we only apply wrapnil around gook.foo, not gook (and assume gook is not nil)
+    doAssert ?.(gook.foo).x2.x2.x1 == 0.0
 
-  when nimvm: discard
-  else:
-    doAssert ?.a2.x6[] == Bar(b1: 42) # deref for ptr Bar
+    when nimvm: discard
+    else:
+      doAssert ?.a2.x6[] == Bar(b1: 42) # deref for ptr Bar
 
-  doAssert ?.a2.x1.checkNotZero == 1.0
-  doAssert a == nil
-  # shows that checkNotZero won't be called if a nil is found earlier in chain
-  doAssert ?.a.x1.checkNotZero == 0.0
+    doAssert ?.a2.x1.checkNotZero == 1.0
+    doAssert a == nil
+    # shows that checkNotZero won't be called if a nil is found earlier in chain
+    doAssert ?.a.x1.checkNotZero == 0.0
 
-  when nimvm: discard
-  else:
-    # checks that a chain without nil but with an empty seq still raises
-    doAssertRaises(IndexDefect): discard ?.a2.x8[3]
+    when nimvm: discard
+    else:
+      # checks that a chain without nil but with an empty seq still raises
+      doAssertRaises(IndexDefect): discard ?.a2.x8[3]
 
-  # make sure no double evaluation bug
-  doAssert witness == 0
-  doAssert ?.initFoo(1.3).x1 == 1.3
-  doAssert witness == 1
+    # make sure no double evaluation bug
+    doAssert witness == 0
+    doAssert ?.initFoo(1.3).x1 == 1.3
+    doAssert witness == 1
 
-  # here, it's used twice, to deref `ref Bar` and then `ptr string`
-  doAssert ?.a.x9[].fun[] == ""
+    # here, it's used twice, to deref `ref Bar` and then `ptr string`
+    doAssert ?.a.x9[].fun[] == ""
 
-  block: # `??.`
-    doAssert (??.a3.x2.x2.x3.len).get == 3
-    doAssert (??.a2.x4).isSome
-    doAssert not (??.a.x4).isSome
+    block: # `??.`
+      doAssert (??.a3.x2.x2.x3.len).get == 3
+      doAssert (??.a2.x4).isSome
+      doAssert not (??.a.x4).isSome
+
+  block:
+    type
+      A = object
+        b: B
+      B = object
+        c: C
+      C = object
+        d: D
+      D = ref object
+        e: E
+        e2: array[2, E]
+        e3: seq[E]
+        d3: D
+        i4: int
+      E = object
+        f: int
+        d2: D
+    proc identity[T](a: T): T = a
+    proc identity2[T](a: T, ignore: int): T = a
+    var a: A
+    doAssert ?.a.b.c.d.e.f == 0
+    doAssert ?.a.b.c.d.e.d2.d3[].d3.e.d2.e.f == 0
+    doAssert ?.a.b.c.d.d3[].e.f == 0
+    doAssert ?.a.b.c.d.e2[0].d2.e3[0].f == 0
+    doAssert ?.a == A.default
+    doAssert ?.a.b.c.d.e == E.default
+    doAssert ?.a.b.c.d.e.d2 == nil
+
+    doAssert ?.a.identity.b.c.identity2(12).d.d3.e.f == 0
+    doAssert ?.a.b.c.d.d3.e2[0].f == 0
+    a.b.c.d = D()
+    a.b.c.d.d3 = a.b.c.d
+    a.b.c.d.e2[0].f = 5
+    doAssert ?.a.b.c.d.d3.e2[0].f == 5
+
+    var d: D = nil
+    doAssert ?.d.identity.i4 == 0
+    doAssert ?.d.i4.identity == 0
+
+  block: # case objects
+    type
+      Kind = enum k0, k1, k2
+      V = object
+        case kind: Kind
+        of k0:
+          x0: int
+        of k1:
+          x1: int
+        of k2:
+          x2: int
+      A = object
+        v0: V
+
+    block:
+      var a = V(kind: k0, x0: 3)
+      doAssert ?.a.x0 == 3
+      doAssert ?.a.x1 == 0
+      a = V(kind: k1, x1: 5)
+      doAssert ?.a.x0 == 0
+      doAssert ?.a.x1 == 5
+
+    block:
+      var a = A(v0: V(kind: k0, x0: 10))
+      doAssert ?.a.v0.x0 == 10
+      doAssert ?.a.v0.x1 == 0
+      a.v0 = V(kind: k2, x2: 8)
+      doAssert ?.a.v0.x0 == 0
+      doAssert ?.a.v0.x1 == 0
+      doAssert ?.a.v0.x2 == 8
+
+  block: # `nnkCall`
+    type
+      A = object
+        a0: int
+        d: D
+      D = ref object
+        i4: int
+
+    proc identity[T](a: T): T = a
+    var d: D = nil
+    doAssert ?.d.i4.identity == 0
+    doAssert ?.identity(?.d.i4) == 0
+    doAssert ?.identity(d.i4) == 0
+    doAssert ?.identity(d) == nil
+    doAssert ?.identity(d[]) == default(typeof(d[]))
+    doAssert ?.identity(d[]).i4 == 0
+    var a: A
+    doAssert ?.identity(a) == default(A)
+    doAssert ?.identity(a.a0) == 0
+    doAssert ?.identity(a.d) == nil
+    doAssert ?.identity(a.d.i4) == 0
+
+  block: # lvalue semantic propagation
+    type
+      A = ref object
+        a0: A
+        a1: seq[A]
+        a2: int
+
+      B = object
+        b0: int
+        case cond: bool
+        of false: discard
+        of true:
+          b1: float
+
+    block:
+      var a: A
+      doAssert ?.a.a0.a1[0].a2.addr == nil
+      a = A(a2: 3)
+      doAssert ?.a.a0.a1[0].a2.addr == nil
+      a.a0 = a
+      a.a1 = @[a]
+      let p = ?.a.a0.a1[0].a2.addr
+      doAssert p != nil
+      p[] = 5
+      doAssert a.a2 == 5
+
+    block:
+      var b = B(cond: false, b0: 3)
+      let p = ?.b.b1.addr
+      doAssert p == nil
+      b = B(cond: true, b1: 4.5)
+      let p2 = ?.b.b1.addr
+      doAssert p2 != nil
+      p2[] = 4.6
+      doAssert b.b1 == 4.6
+      # useful pattern, impossible with Options
+      if (let p3 = ?.b.b1.addr; p3 != nil):
+        p3[] = 4.7
+      doAssert b.b1 == 4.7
 
 main()
 static: main()