Handle lists being modified by use of ~

[ChrisJefferson]

Adjust how lists are built when ~ is used, so we do not crash
even if the list is modified as it is being constructed.

This also makes the behaviour of GAP consistent between bytecode
and immediate code.

[codecov]

Codecov Report

Merging #2477 into master will decrease coverage by <.01%.
The diff coverage is 91.66%.

@@            Coverage Diff             @@
##           master    #2477      +/-   ##
==========================================
- Coverage   74.27%   74.27%   -0.01%     
==========================================
  Files         484      484              
  Lines      245311   245311              
==========================================
- Hits       182205   182200       -5     
- Misses      63106    63111       +5

Impacted Files	Coverage Δ
src/exprs.c	93.96% <91.66%> (-0.18%)	⬇️
hpcgap/lib/hpc/stdtasks.g	63.68% <0%> (-1.03%)	⬇️

[fingolfin]

Please set labels, and format the code

Otherwise looks good to me!

[fingolfin]

handle -> handles ? though I don't see how an argument can "handle" anything by itself?

[fingolfin]

missing words... perhaps "... is added, and that we don't crash ..."

[fingolfin]

Why ALWAYS_INLINE?

[ChrisJefferson]

Will fix all other comments.

With this one, ALWAYS_INLINE because I want the 'safe' compiled out when safe=0, so the fast route (without tilde) is as fast as it used to be.

[fingolfin]

ok

[fingolfin]

add space after if

[fingolfin]

add space after if (or just git clang-format)

[fingolfin]

Wow, that's pretty evil :-)

[ssiccha]

I agree. ^^

[ChrisJefferson]

I don't expect anyone to ever write this, but I feel there shouldn't be ways of making the interpreter crash (at least, without calling ALL_CAPS functions).

[fingolfin]

Yeah, sure, it's good to add that test. People do evil things, we shouldn't reward them for it with a crash ;-)

[ChrisJefferson]

Hopefully changes made, added to release notes.

[fingolfin]

"when its elements are being constructed" -> "while its ..." ? (It took me a moment to parse the current phrasing, but then I did understand it, so it's probably fine as it is -- I just try to be super sensitive and try to simulate how I might read a paragraph if I knew less about the kernel; but of course that's imperfect. Perhaps e.g. @ssiccha would be willing to chime and say whether the above text seems clear to him -- hopefull it is, but if not, it'd be useful to know which bits are not.

[ssiccha]

@fingolfin @ChrisJefferson Apart from knowing what exactly an expression is (system.h says its a UInt, but that's all I found out quickly), the formulation is clear to me.

[ssiccha]

"when its elements are being constructed" -> "while its ..."

"while its" also sounds better to me

[fingolfin]

Shouldn't this text be part of the documentation comment of ListExpr1 and ListExpr2 instead?

I understand that there are prototypes for those two functions below, but considering the rest of their documentation is elsewhere... Perhaps we could move them up, before this function, to avoid using prototypes? Then they could also be made static.

[fingolfin]

Hmm, is that safe? Couldn't the tnum be, say T_PLIST_DENSE at this point? That would suggest using if (!safe || IS_PLIST(list)) - or perhaps even IS_LIST?

But why is this necessary at all? SET_FILT_LIST uses a tnum dispatch table -- if the user did something really bad here, wouldn't that just trigger an error via that dispatch table?

[ChrisJefferson]

You are right, let me rethink this.

[fingolfin]

Perhaps that should say "we don't crash if the size or type of the list changed, or even if gets swapped for a non-list object" ? After all, the user could use SWAP_OBJ to replace it by, say, a bigint.

OTOH, perhaps I am just overthinking that; and people using SWAP_OBJ deserve what they get ;-).

[fingolfin]

Hmm, when I was reading the code below, I constantly had to refer back to this comment, because I could not remember whether safe meant: either "we are safe; it is safe to assume that the list won't be messed with", or perhaps "play it safe; use safe code which works even if the list gets messed with".

Since these are opposite, that's a bit of a problem, IMHO. Is it just me? Perhaps we can find a better name. Say protectAgainstListModification or safelyGrowList, safelyExtendList; or perhaps reverse the value, and say assumeListIsPlist or ...? Sorry, no great idea.

[ChrisJefferson]

I could just call it tildeInUse, seeing as that's all we use it for :)

[fingolfin]

Yes, that actually sounds very good to me!

[ChrisJefferson]

Now changed/improved

[fingolfin]

The documentation now says tildeInUse, great -- but the code still uses safe :-)

[ChrisJefferson]

bla!

[fingolfin]

Could also use SET_LEN_PLIST(list, tildeInUse ? 0 : len); for compactness -- but of course it's also perfectly fine as it is :-).

[fingolfin]

Why do we need the && !safe (resp. && !tildeInUse) here? Isn't the list fully constructed at this point?

Ahh, because we might have used unbind while constructing it, through the use of ~? Is that the reason?
Perhaps a small comment could be added to point that out (or, if I am wrong, then point out the actual reason)?

[ChrisJefferson]

I'm just assuming that SET_FILT_LIST is always an optimisation, and as you say, who knows what state the list is in, or if it's even a list.