In a bid to expand my programming brain by learning something about “dependent types”, I recently bought the Idris book.
(Idris is a pure functional programming language that is mostly known for supporting dependent types. Not knowing what that really meant, and seeing that this recently-published book written by the author of the language was warmly reviewed on Amazon, I saw an opportunity.)
The idea behind dependent typing is to allow types to be declared as having dependencies on information that would, in most languages, only be known at runtime. For example, a function might accept two arrays as arguments, but only work correctly if the two arrays that are actually passed to it have the same length: with dependent types, this dependency can be written into the type declaration and checked at compile time. On the face of it we can’t in general know things like the number of elements in an arbitrary array at compile time, so this seems like compelling magic. Types are, in fact, first class values, and if that raises a lot of horribly recursive-seeming questions in your mind, then this book might help.
A number of academic languages are exploring this area, but Idris is interesting because of its ambition to be useful for general-purpose programming. The book is pleasingly straightforward about this: it adopts an attitude that “this is how we program, and I’ll help you do it”. In fact, the Idris book might be the most inspiring programming book I’ve read since ML for the Working Programmer (although the two are very different, more so than their synopses would suggest). It’s not that the ideas in it are new — although they are, to me — but that it presents them so crisply as to project a tantalising image of a better practice of programming.
What the book suggests
The principles in the book — as I read it — are:
- We always write down the type of a function before writing the function. Because the type system is so expressive, this gives the compiler, and the programmer, an awful lot of information — sometimes so much that there remains only one obvious way to satisfy the type requirements when writing the rest of the function. (The parallel with test-driven development, which can be a useful thinking aid when you aren’t sure how to address a problem, presumably inspired the title of the book.)
- Sometimes, we don’t even implement the rest of the function yet. Idris supports a lovely feature called “holes”, which are just names you plonk down in place of code you haven’t got around to writing yet. The compiler will happily type-check the rest of the program as if the holes were really there, and then report the holes and their types to you to give you a checklist of the bits you still need to fill in.
- Functions are pure, as in they simply convert their input values to their return values and don’t modify any other state as they go along, and are if possible total, meaning that every input has a corresponding return value and the function won’t bail out or enter an infinite loop. The compiler will actually check that your functions are total — the Halting Problem shows that this can’t be done in general, but apparently it can be done enough of the time to be useful. The prospect of having a compiler confirm that your program cannot crash is exciting even to someone used to Standard ML, where typing is generally sound but inexhaustive cases and range errors still happen.
- Because functions are pure, all input and output uses monads. That means that I/O effects are encapsulated into function return types. The book gives a supremely matter-of-fact introduction to monadic I/O, without using the word monad.
- We use an IDE which supports all this with handy shortcuts — there is an impressive Idris integration for Atom which is used extensively throughout the book. For an Emacs user like me this is slightly offputting. There is an Emacs Idris mode as well, it’s just that so much of the book is expressed in terms of keystrokes in Atom.
None of these principles refers to dependent types at all, but the strength of the type system is what makes it plausible that this could all work. Idris does a lot of evaluation at compile time, to support the type system and totality checking, so you always have the feeling of having run your program a few times before it has even compiled.
So, I enjoyed the book. To return to earth-based languages for a moment, it reminds me a bit of Bjarne Stroustrup’s “A Tour of C++”, which successfully sets out “modern C++” as if most of the awkward history of C++ had never happened. One could see this book as setting out a “modern Haskell” as if the actual Haskell had not happened. Idris is quite closely based on Haskell, and I think, as someone who has never been a Haskell programmer, that much of the syntax and prelude library are the same. The biggest difference is that Idris uses eager evaluation, where Haskell is lazily evaluated. (See 10 things Idris improved over Haskell for what appears to be an informed point of view.)
Then what happened?
How did I actually get on with it? After absorbing some of this, I set out to write my usual test case (see Four MLs and a Python) of reading a CSV file of numbers and adding them up. The goal is to read a text file, split each line into number columns, sum the columns across all lines, then print out a single line of comma-separated sums — and to do it in a streaming fashion without reading the whole file into memory.
Here’s my first cut at it. Note that this doesn’t actually use dependent types at all.
module Main import Data.String parseFields : List String -> Maybe (List Double) parseFields strs = foldr (\str, acc => case (parseDouble str, acc) of (Just d, Just ds) => Just (d :: ds) _ => Nothing) (Just []) strs parseLine : String -> Maybe (List Double) parseLine str = parseFields $ Strings.split (== ',') str sumFromFile : List Double -> File -> IO (Either String (List Double)) sumFromFile xs f = do False <- fEOF f | True => pure (Right xs) Right line <- fGetLine f | Left err => pure (Left "Failed to read line from file") if line == "" then sumFromFile xs f else case (xs, parseLine line) of ([], Just xs2) => sumFromFile xs2 f (xs1, Just xs2) => if length xs1 == length xs2 then sumFromFile (zipWith (+) xs1 xs2) f else pure (Left "Inconsistent-length rows") (_, Nothing) => pure (Left $ "Failed to parse line: " ++ line) sumFromFileName : String -> IO (Either String (List Double)) sumFromFileName filename = do Right f <- openFile filename Read | Left err => pure (Left "Failed to open file") sumFromFile [] f main : IO () main = do [_, filename] <- getArgs | _ => putStrLn "Exactly 1 filename must be given" Right result <- sumFromFileName filename | Left err => putStrLn err putStrLn (pack $ intercalate [','] $ map (unpack . show) $ result)
Not beautiful, and I had some problems getting this far. The first thing is that compile times are very, very slow. As soon as any I/O got involved, a simple program took 25 seconds or more to build. Surprisingly, almost all of the time was used by gcc, compiling the C output of the Idris compiler. The Idris type checker itself was fast enough that this at least didn’t affect the editing cycle too much.
The combination of monadic I/O and eager evaluation was also a problem for me. My test program needs to process lines from a file one at a time, without reading the whole file first. In an impure language like SML, this is easy: you can read a line in any function, without involving any I/O in the type signature of the function. In a pure language, you can only read in an I/O context. In a pure lazy language, you can read once in an I/O context and get back a lazily-evaluated list of all the lines in a file (Haskell has a prelude function called lines that does this), which makes toy examples like this simple without having to engage properly with your monad. In a pure eager language, it isn’t so simple: you have to actually “do the I/O” and permeate the I/O context through the program.
This conceptual difficulty was compounded by the book’s caginess about how to read from a file. It’s full of examples that read from the terminal, but the word “file” isn’t in the index. I have the impression this might be because the “right way” is to use a higher-level stream interface, but that interface maybe wasn’t settled enough to go into a textbook.
(As a non-Haskell programmer I find it hard to warm to the “do” syntax used as sugar for monadic I/O in Haskell and Idris. It is extremely ingenious, especially the way it allows alternation — see the lines starting with a pipe character in the above listing — as shorthand for handling error cases. But it troubles me, reminding me of working with languages that layered procedural sugar over Lisp, like the RLisp that the REDUCE algebra system was largely written in. Robert Harper once described Haskell as “the world’s best imperative programming language” and I can see where that comes from: if you spend all your time in I/O context, you don’t feel like you’re writing functional code at all.)
Anyway, let’s follow up my clumsy first attempt with a clumsy second attempt. This one makes use of what seems to be the “hello, world” of dependent typing, namely vectors whose length is part of their compile type. With this, I guess we can guarantee that the lowest-level functions, such as summing two vectors, are only called with the proper length arguments. That doesn’t achieve much for our program since we’re dealing directly with arbitrary-length user inputs anyway, but I can see it could be useful to bubble up error handling out of library code.
Here’s that second effort:
module Main import Data.Vect import Data.String total sumVects : Vect len Double -> Vect len Double -> Vect len Double sumVects v1 v2 = zipWith (+) v1 v2 total parseFields : List String -> Maybe (List Double) parseFields strs = foldr (\str, acc => case (parseDouble str, acc) of (Just d, Just ds) => Just (d :: ds) _ => Nothing) (Just []) strs total parseVect : String -> Maybe (len ** Vect len Double) parseVect str = case parseFields $ Strings.split (== ',') str of Nothing => Nothing Just xs => Just (_ ** fromList xs) sumFromFile : Maybe (len ** Vect len Double) -> File -> IO (Either String (len ** Vect len Double)) sumFromFile acc f = do False <- fEOF f | True => case acc of Nothing => pure (Right (_ ** [])) Just v => pure (Right v) Right line <- fGetLine f | Left err => pure (Left "Failed to read line from file") if line == "" then sumFromFile acc f else case (acc, parseVect line) of (_, Nothing) => pure (Left $ "Failed to parse line: " ++ line) (Nothing, other) => sumFromFile other f (Just (len ** xs), Just (len' ** xs')) => case exactLength len xs' of Nothing => pure (Left "Inconsistent-length rows") Just xs' => sumFromFile (Just (len ** (sumVects xs xs'))) f sumFromFileName : String -> IO (Either String (len ** Vect len Double)) sumFromFileName filename = do Right f <- openFile filename Read | Left err => pure (Left "Failed to open file") sumFromFile Nothing f main : IO () main = do [_, filename] <- getArgs | _ => putStrLn "Exactly 1 filename must be given" Right (_ ** result) <- sumFromFileName filename | Left err => putStrLn err putStrLn (pack $ intercalate [','] $ map (unpack . show) $ toList result)
Horrible. This is complicated and laborious, at least twice as long as it should be, and makes me feel as if I’ve missed something essential about the nature of the problem. You can see that, as a programmer, I’m struggling a surprising amount here.
Both of these examples compile, run, and get the right answers. But when I tried them on a big input file, both versions took more than 8 minutes to process it — on a file that was processed in less than 30 seconds by each of the languages I tried out in for this post. A sampling profiler did not pick out any obvious single source of delay. Something strange is going on here.
All in all, not a wild success. That’s a pity, because:
Good Things
My failure to produce a nice program that worked efficiently didn’t entirely burst the bubble. I liked a lot in my first attempt to use Idris.
The language has a gloriously clean syntax. I know my examples show it in a poor light; compare instead this astonishingly simple typesafe implementation of a printf-like string formatting function, where format arguments are typechecked based on the content of the format string, something you can’t do at all in most languages. Idris tidies up a number of things from Haskell, and has a beautifully regular syntax for naming types.
Idris is also nice and straightforward, compared with other strongly statically-typed languages, when it comes to things like using arithmetic operators for different kinds of number, or mechanisms like “map” over different types. I assume this is down to the pervasive use of what in Haskell are known as type classes (here called interfaces).
I didn’t run into any problems using the compiler and tools. They were easy to obtain and run, and the compiler (version 1.1.1) gives very clear error messages considering how sophisticated some of the checks it does are. The compiler generally “feels” solid.
I’m not sold on the fact that these languages are whitespace-sensitive — life’s too short to indent code by hand — though this does contribute to the tidy syntax. Idris seems almost pathologically sensitive to indentation level, and a single space too many when indenting a “do” block can leave the compiler lost. But this turned out to be less of a problem in practice than I had expected.
Will I be using Idris for anything bigger? Not yet, but I’d like to get better at it. I’m going to keep an eye on it and drop in occasionally to try another introductory problem or two. Meanwhile if you’d like to improve on anything I’ve written here, please do post below.
The Breakfast Post 