feat: API to avoid deadlocks from dropped promises

Author: Kha

Diff for: src/Init/System/IO.lean

@@ -238,7 +238,12 @@ protected def TaskState.toString : TaskState → String
 
 instance : ToString TaskState := ⟨TaskState.toString⟩
 
-/-- Returns current state of the `Task` in the Lean runtime's task manager. -/
+/--
+Returns current state of the `Task` in the Lean runtime's task manager.
+
+Note that for tasks derived from `Promise`s, `waiting` and `running` should be considered
+equivalent.
+-/
 @[extern "lean_io_get_task_state"] opaque getTaskState : @& Task α → BaseIO TaskState
 
 /-- Check if the task has finished execution, at which point calling `Task.get` will return immediately. -/

Diff for: src/Init/System/Promise.lean

@@ -21,14 +21,13 @@ private structure PromiseImpl (α : Type) : Type where
 
 Typical usage is as follows:
 1. `let promise ← Promise.new` creates a promise
-2. `promise.result : Task α` can now be passed around
-3. `promise.result.get` blocks until the promise is resolved
+2. `promise.result? : Task (Option α)` can now be passed around
+3. `promise.result?.get` blocks until the promise is resolved
 4. `promise.resolve a` resolves the promise
-5. `promise.result.get` now returns `a`
+5. `promise.result?.get` now returns `some a`
 
-Every promise must eventually be resolved.
-Otherwise the memory used for the promise will be leaked,
-and any tasks depending on the promise's result will wait forever.
+If the promise is dropped without ever being resolved, `promise.result.get` will panic and return
+`default : α`. See `Promise.result?/resultD` for other ways to handle this case.
 -/
 def Promise (α : Type) : Type := PromiseImpl α
 
@@ -47,12 +46,32 @@ Only the first call to this function has an effect.
 @[extern "lean_io_promise_resolve"]
 opaque Promise.resolve (value : α) (promise : @& Promise α) : BaseIO Unit
 
+/--
+Like `Promise.result`, but resolves to `none` if the promise is dropped without ever being resolved.
+-/
+@[extern "lean_io_promise_result_opt"]
+opaque Promise.result? (promise : @& Promise α) : Task (Option α)
+
+-- TODO: publicize?
+@[extern "lean_option_get_or_block"]
+private opaque Option.getOrBlock! [Nonempty α] : Option α → α
+
 /--
 The result task of a `Promise`.
 
-The task blocks until `Promise.resolve` is called.
+The task blocks until `Promise.resolve` is called. If the promise is dropped without ever being
+resolved, evaluating the task will panic and, when not using fatal panics, block forever. Use
+`Promise.result?` to handle this case explicitly.
+-/
+def Promise.result! (promise : @& Promise α) : Task α :=
+  let _ : Nonempty α := promise.h
+  promise.result?.map (sync := true) Option.getOrBlock!
+
+@[inherit_doc Promise.result!, deprecated Promise.result! (since := "2025-02-05")]
+def Promise.result := @Promise.result!
+
+/--
+Like `Promise.result`, but resolves to `dflt` if the promise is dropped without ever being resolved.
 -/
-@[extern "lean_io_promise_result"]
-opaque Promise.result (promise : Promise α) : Task α :=
-  have : Nonempty α := promise.h
-  Classical.choice inferInstance
+def Promise.resultD (promise : Promise α) (dflt : α): Task α :=
+  promise.result?.map (sync := true) (·.getD dflt)

Diff for: src/Lean/AddDecl.lean

@@ -77,12 +77,9 @@ def addDecl (decl : Declaration) : CoreM Unit := do
   async.commitConst async.asyncEnv (some info)
   setEnv async.mainEnv
   let checkAct ← Core.wrapAsyncAsSnapshot fun _ => do
-    try
-      setEnv async.asyncEnv
-      doAdd
-      async.commitCheckEnv (← getEnv)
-    finally
-      async.commitFailure
+    setEnv async.asyncEnv
+    doAdd
+    async.commitCheckEnv (← getEnv)
   let t ← BaseIO.mapTask (fun _ => checkAct) env.checked
   let endRange? := (← getRef).getTailPos?.map fun pos => ⟨pos, pos⟩
   Core.logSnapshotTask { range? := endRange?, task := t }

Diff for: src/Lean/Elab/Command.lean

@@ -497,7 +497,7 @@ partial def elabCommand (stx : Syntax) : CommandElabM Unit := do
                     newNextMacroScope := nextMacroScope
                     hasTraces
                     next := Array.zipWith (fun cmdPromise cmd =>
-                      { range? := cmd.getRange?, task := cmdPromise.result }) cmdPromises cmds
+                      { range? := cmd.getRange?, task := cmdPromise.resultD default }) cmdPromises cmds
                     : MacroExpandedSnapshot
                   }
                   -- After the first command whose syntax tree changed, we must disable

Diff for: src/Lean/Elab/MutualDef.lean

@@ -222,7 +222,7 @@ private def elabHeaders (views : Array DefView)
               view.ref.getPos?.map fun pos => ⟨pos, pos⟩
             else
               getBodyTerm? view.value |>.getD view.value |>.getRange?
-            task := bodyPromise.result }
+            task := bodyPromise.resultD default }
         snap.new.resolve <| some {
           diagnostics :=
             (← Language.Snapshot.Diagnostics.ofMessageLog (← Core.getAndEmptyMessageLog))
@@ -263,7 +263,7 @@ where
    := do
     if let some e := getBodyTerm? body then
       if let `(by $tacs*) := e then
-        return (e, some { range? := mkNullNode tacs |>.getRange?, task := tacPromise.result })
+        return (e, some { range? := mkNullNode tacs |>.getRange?, task := tacPromise.resultD default })
     tacPromise.resolve default
     return (none, none)
 
@@ -1077,7 +1077,7 @@ def elabMutualDef (ds : Array Syntax) : CommandElabM Unit := do
         } }
         defs := defs.push {
           fullHeaderRef
-          headerProcessedSnap := { range? := d.getRange?, task := headerPromise.result }
+          headerProcessedSnap := { range? := d.getRange?, task := headerPromise.resultD default }
         }
         reusedAllHeaders := reusedAllHeaders && view.headerSnap?.any (·.old?.isSome)
       views := views.push view

Diff for: src/Lean/Elab/Tactic/Basic.lean

@@ -234,7 +234,7 @@ where
                         diagnostics := .empty
                         state? := (← Tactic.saveState)
                       }
-                      next := #[{ range? := stx'.getRange?, task := promise.result }]
+                      next := #[{ range? := stx'.getRange?, task := promise.resultD default }]
                     }
                     -- Update `tacSnap?` to old unfolding
                     withTheReader Term.Context ({ · with tacSnap? := some {

Diff for: src/Lean/Elab/Tactic/BuiltinTactic.lean

@@ -93,9 +93,9 @@ where
               desc := tac.getKind.toString
               diagnostics := .empty
               stx := tac
-              inner? := some { range?, task := inner.result }
-              finished := { range?, task := finished.result }
-              next := #[{ range? := stxs.getRange?, task := next.result }]
+              inner? := some { range?, task := inner.resultD default }
+              finished := { range?, task := finished.resultD default }
+              next := #[{ range? := stxs.getRange?, task := next.resultD default }]
             }
             -- Run `tac` in a fresh info tree state and store resulting state in snapshot for
             -- incremental reporting, then add back saved trees. Here we rely on `evalTactic`

Diff for: src/Lean/Elab/Tactic/Induction.lean

@@ -285,9 +285,9 @@ where
               stx := mkNullNode altStxs
               diagnostics := .empty
               inner? := none
-              finished := { range? := none, task := finished.result }
+              finished := { range? := none, task := finished.resultD default }
               next := Array.zipWith
-                (fun stx prom => { range? := stx.getRange?, task := prom.result })
+                (fun stx prom => { range? := stx.getRange?, task := prom.resultD default })
                 altStxs altPromises
             }
             goWithIncremental <| altPromises.mapIdx fun i prom => {

Diff for: src/Lean/Environment.lean

@@ -463,7 +463,7 @@ private def setCheckedSync (env : Environment) (newChecked : Kernel.Environment)
 
 def promiseChecked (env : Environment) : BaseIO (Environment × IO.Promise Environment) := do
   let prom ← IO.Promise.new
-  return ({ env with checked := prom.result.bind (sync := true) (·.checked) }, prom)
+  return ({ env with checked := prom.result?.bind (sync := true) (·.getD env |>.checked) }, prom)
 
 /--
 Checks whether the given declaration name may potentially added, or have been added, to the current
@@ -607,8 +607,9 @@ structure AddConstAsyncResult where
   /--
   Resulting "async branch" environment which should be used to add the desired declaration in a new
   task and then call `AddConstAsyncResult.commit*` to commit results back to the main environment.
-  One of `commitCheckEnv` or `commitFailure` must be called eventually to prevent deadlocks on main
-  branch accesses.
+  `commitCheckEnv` completes the addition; if it is not called and the `AddConstAsyncResult` object
+  is dropped, `sorry`ed default values will be reported instead and the kernel environment will be
+  left unchanged.
   -/
   asyncEnv : Environment
   private constName : Name
@@ -632,20 +633,43 @@ def addConstAsync (env : Environment) (constName : Name) (kind : ConstantKind) (
   let infoPromise ← IO.Promise.new
   let extensionsPromise ← IO.Promise.new
   let checkedEnvPromise ← IO.Promise.new
+
+  -- fallback info in case promises are dropped unfulfilled
+  let fallbackVal := {
+    name := constName
+    levelParams := []
+    type := mkApp2 (mkConst ``sorryAx [0]) (mkSort 0) (mkConst ``true)
+  }
+  let fallbackInfo := match kind with
+    | .defn => .defnInfo { fallbackVal with
+      value := mkApp2 (mkConst ``sorryAx [0]) fallbackVal.type (mkConst ``true)
+      hints := .abbrev
+      safety := .safe
+    }
+    | .thm  => .thmInfo { fallbackVal with
+      value := mkApp2 (mkConst ``sorryAx [0]) fallbackVal.type (mkConst ``true)
+    }
+    | .axiom  => .axiomInfo { fallbackVal with
+      isUnsafe := false
+    }
+    | k => panic! s!"AddConstAsyncResult.addConstAsync: unsupported constant kind {repr k}"
+
   let asyncConst := {
     constInfo := {
       name := constName
       kind
-      sig := sigPromise.result
-      constInfo := infoPromise.result
+      sig := sigPromise.resultD fallbackVal
+      constInfo := infoPromise.resultD fallbackInfo
     }
-    exts? := guard reportExts *> some extensionsPromise.result
+    exts? := guard reportExts *> some (extensionsPromise.resultD #[])
   }
   return {
     constName, kind
     mainEnv := { env with
       asyncConsts := env.asyncConsts.add asyncConst
-      checked := checkedEnvPromise.result }
+      checked := checkedEnvPromise.result?.bind (sync := true) fun
+        | some kenv => .pure kenv
+        | none      => env.checked }
     asyncEnv := { env with
       asyncCtx? := some { declPrefix := privateToUserName constName.eraseMacroScopes }
     }
@@ -679,43 +703,14 @@ def AddConstAsyncResult.commitConst (res : AddConstAsyncResult) (env : Environme
   let kind' := .ofConstantInfo info
   if res.kind != kind' then
     throw <| .userError s!"AddConstAsyncResult.commitConst: constant has kind {repr kind'} but expected {repr res.kind}"
-  let sig := res.sigPromise.result.get
+  let sig := res.sigPromise.result!.get
   if sig.levelParams != info.levelParams then
     throw <| .userError s!"AddConstAsyncResult.commitConst: constant has level params {info.levelParams} but expected {sig.levelParams}"
   if sig.type != info.type then
     throw <| .userError s!"AddConstAsyncResult.commitConst: constant has type {info.type} but expected {sig.type}"
   res.infoPromise.resolve info
   res.extensionsPromise.resolve env.checkedWithoutAsync.extensions
 
-/--
-Aborts async addition, filling in missing information with default values/sorries and leaving the
-kernel environment unchanged.
--/
-def AddConstAsyncResult.commitFailure (res : AddConstAsyncResult) : BaseIO Unit := do
-  let val := if (← IO.hasFinished res.sigPromise.result) then
-    res.sigPromise.result.get
-  else {
-    name := res.constName
-    levelParams := []
-    type := mkApp2 (mkConst ``sorryAx [0]) (mkSort 0) (mkConst ``true)
-  }
-  res.sigPromise.resolve val
-  res.infoPromise.resolve <| match res.kind with
-    | .defn => .defnInfo { val with
-      value := mkApp2 (mkConst ``sorryAx [0]) val.type (mkConst ``true)
-      hints := .abbrev
-      safety := .safe
-    }
-    | .thm  => .thmInfo { val with
-      value := mkApp2 (mkConst ``sorryAx [0]) val.type (mkConst ``true)
-    }
-    | .axiom  => .axiomInfo { val with
-      isUnsafe := false
-    }
-    | k => panic! s!"AddConstAsyncResult.commitFailure: unsupported constant kind {repr k}"
-  res.extensionsPromise.resolve #[]
-  let _ ← BaseIO.mapTask (t := res.asyncEnv.checked) (sync := true) res.checkedEnvPromise.resolve
-
 /--
 Assuming `Lean.addDecl` has been run for the constant to be added on the async environment branch,
 commits the full constant info from that call to the main environment, waits for the final kernel

Diff for: src/Lean/Language/Lean.lean

@@ -467,7 +467,7 @@ where
         infoTree? := cmdState.infoState.trees[0]!
         result? := some {
           cmdState
-          firstCmdSnap := { range? := none, task := prom.result }
+          firstCmdSnap := { range? := none, task := prom.result! }
         }
       }
 
@@ -489,7 +489,7 @@ where
           oldNext.bindIO (sync := true) fun oldNext => do
             parseCmd oldNext newParserState oldFinished.cmdState newProm sync ctx
             return .pure ()
-        prom.resolve <| { old with nextCmdSnap? := some { range? := none, task := newProm.result } }
+        prom.resolve <| { old with nextCmdSnap? := some { range? := none, task := newProm.result! } }
       else prom.resolve old  -- terminal command, we're done!
 
     -- fast path, do not even start new task for this snapshot (see [Incremental Parsing])
@@ -548,15 +548,15 @@ where
       -- report terminal tasks on first line of decl such as not to hide incremental tactics'
       -- progress
       let initRange? := getNiceCommandStartPos? stx |>.map fun pos => ⟨pos, pos⟩
-      let finishedSnap := { range? := initRange?, task := finishedPromise.result }
+      let finishedSnap := { range? := initRange?, task := finishedPromise.result! }
       let tacticCache ← old?.map (·.tacticCache) |>.getDM (IO.mkRef {})
 
       let minimalSnapshots := internal.cmdlineSnapshots.get cmdState.scopes.head!.opts
       let next? ← if Parser.isTerminalCommand stx then pure none
         -- for now, wait on "command finished" snapshot before parsing next command
         else some <$> IO.Promise.new
       let nextCmdSnap? := next?.map
-        ({ range? := some ⟨parserState.pos, ctx.input.endPos⟩, task := ·.result })
+        ({ range? := some ⟨parserState.pos, ctx.input.endPos⟩, task := ·.result! })
       let diagnostics ← Snapshot.Diagnostics.ofMessageLog msgLog
       let (stx', parserState') := if minimalSnapshots && !Parser.isTerminalCommand stx then
         (default, default)
@@ -565,8 +565,8 @@ where
       prom.resolve {
         diagnostics, finishedSnap, tacticCache, nextCmdSnap?
         stx := stx', parserState := parserState'
-        elabSnap := { range? := stx.getRange?, task := elabPromise.result }
-        reportSnap := { range? := initRange?, task := reportPromise.result }
+        elabSnap := { range? := stx.getRange?, task := elabPromise.result! }
+        reportSnap := { range? := initRange?, task := reportPromise.result! }
       }
       let cmdState ← doElab stx cmdState beginPos
         { old? := old?.map fun old => ⟨old.stx, old.elabSnap⟩, new := elabPromise }
@@ -576,8 +576,8 @@ where
           -- We want to trace all of `CommandParsedSnapshot` but `traceTask` is part of it, so let's
           -- create a temporary snapshot tree containing all tasks but it
           let snaps := #[
-            { range? := none, task := elabPromise.result.map (sync := true) toSnapshotTree },
-            { range? := none, task := finishedPromise.result.map (sync := true) toSnapshotTree }] ++
+            { range? := none, task := elabPromise.result!.map (sync := true) toSnapshotTree },
+            { range? := none, task := finishedPromise.result!.map (sync := true) toSnapshotTree }] ++
             cmdState.snapshotTasks
           let tree := SnapshotTree.mk { diagnostics := .empty } snaps
           BaseIO.bindTask (← tree.waitAll) fun _ => do
@@ -672,7 +672,7 @@ def processCommands (inputCtx : Parser.InputContext) (parserState : Parser.Modul
   process.parseCmd (old?.map (·.2)) parserState commandState prom (sync := true)
     |>.run (old?.map (·.1))
     |>.run { inputCtx with }
-  return prom.result
+  return prom.result!
 
 /-- Waits for and returns final command state, if importing was successful. -/
 partial def waitForFinalCmdState? (snap : InitialSnapshot) : Option Command.State := do

Diff for: src/Lean/Server/FileWorker.lean

@@ -379,7 +379,7 @@ section Initialization
     let processor := Language.Lean.process (setupImports meta opts chanOut srcSearchPathPromise)
     let processor ← Language.mkIncrementalProcessor processor
     let initSnap ← processor meta.mkInputContext
-    let _ ← IO.mapTask (t := srcSearchPathPromise.result) fun srcSearchPath => do
+    let _ ← IO.mapTask (t := srcSearchPathPromise.result!) fun srcSearchPath => do
       let importClosure := getImportClosure? initSnap
       let importClosure ← importClosure.filterMapM (documentUriFromModule srcSearchPath ·)
       chanOut.send <| mkImportClosureNotification importClosure

Diff for: src/Std/Internal/Async/Basic.lean

@@ -91,14 +91,14 @@ Create an `AsyncTask` that resolves to the value of `x`.
 -/
 @[inline]
 def ofPromise (x : IO.Promise (Except IO.Error α)) : AsyncTask α :=
-  x.result
+  x.result!
 
 /--
 Create an `AsyncTask` that resolves to the value of `x`.
 -/
 @[inline]
 def ofPurePromise (x : IO.Promise α) : AsyncTask α :=
-  x.result.map pure
+  x.result!.map pure
 
 /--
 Obtain the `IO.TaskState` of `x`.

Diff for: src/Std/Sync/Channel.lean

@@ -76,7 +76,7 @@ def Channel.recv? (ch : Channel α) : BaseIO (Task (Option α)) :=
     else if !st.closed then
       let promise ← IO.Promise.new
       set { st with consumers := st.consumers.enqueue promise }
-      return promise.result
+      return promise.result?.map (sync := true) (·.bind id)
     else
       return .pure none
 

Diff for: src/bin/lean-gdb.py

@@ -49,8 +49,9 @@ class LeanObjectPrinter:
     """Print a lean_object object."""
 
     kinds = [
-        # 244, ...
+        # 243, ...
         ('ctor', []),
+        ('promise', ['m_result']),
         ('closure', ['m_arity', 'm_fun', 'm_num_fixed']),
         ('array', ['m_size', 'm_capacity']),
         ('sarray', ['m_size', 'm_capacity']),
@@ -62,7 +63,7 @@ class LeanObjectPrinter:
         ('ref', ['m_value']),
         ('external', ['m_class', 'm_data']),
     ]
-    lean_max_ctor_tag = 244
+    lean_max_ctor_tag = 243
 
     def __init__(self, val):
         self.val = val.address