Check types of algorithm inputs and outputs.

[jyasskin]

@domenic says ECMAScript just did something like this.

[domenic]

https://github.com/tc39/ecma262/pull/545 in progress

[mikewest]

I'd like something like it in Bikeshed, as it's implicitly what I'm doing in a lot of specs anyway.

It doesn't look like the patch @domenic referenced actually landed in the ecma repo; did y'all go in a different direction?

[mikewest]

FWIW, some kind of type checking (even something as small as counting the number of arguments) would have prevented me from making the refactoring mistake in https://github.com/w3c/webappsec-csp/pull/105#discussion_r74672732.

[tabatkins]

So my big challenge here is designing something that isn't just invisible metadata that can get obsolete and disconnected from the text.

Hmm. Thinking out loud:

• Start with an algorithm container (something with algorithm attribute).
• Requires a <dfn> of type "dfn" or "abstract-op", annotated as the algorithm name. If there's only one such dfn Bikeshed assumes it's the name?
• Input args are denoted by <var>, with some annotation that they're an argument. Maybe <var algo-arg>. Provide a shorthand element to make this more obvious, like <argument>, that gets translated into a <var> for you? Arg name is the text content.
• Allow specifying that an argument is optional.
• The spider then extracts this information, producing an algorithm data structure with a name, zero or more required arguments, and zero or more optional arguments.

Then, on the calling side:

• Use some simple inline annotation - <span algo-call>? Again, maybe provide a custom element for this. Wrap some text in this so that it includes the algorithm name and args.
• Within this, annotate an <a> as the algorithm name. If there's only one <a> with "dfn" or "abstract-op" type, assume that's the name.
• Assume that vars in the call are arguments? Maybe require an annotation, and again let <argument> be used to just desugar to a <var>.
• If the arg name is unknown, throw an error. If any argument name is unknown, throw an error. If not all required args are provided, throw an error. In the error I can summarize the required algorithm shape.

Typing can come later, but this will at least give us basic variable annotations. It'll detect algo changes and missing arguments.

[jyasskin]

That looks mostly good. We also need to be able to write things like <algo-call><a>foo the bar</a> with a <param>baz</param> of <var>quux</var></algo-call> where the parameter and argument have different names.

[tabatkins]

Yeah, that's what I'm intending by talking about how you'd have to opt-in the <var>s that denote parameters from the ones that are reffing values from elsewhere.

[tobie]

Want.

[equalsJeffH]

use case:

webauthn algorithm that returns an algorithm to credential management: https://w3c.github.io/webauthn/#createCredential

associated credential managment PR: https://github.com/w3c/webappsec-credential-management/pull/100

[jyasskin]

@camillelamy mentioned that this would be useful for her team's work.

In talking to @tabatkins about how to make it happen, they described the following list of sub-tasks:

• [ ] defining a markup model for declaring algo args, along with types, and adding BS syntax making it ergonomic,
• [ ] adding WebRef scraping for this info,
• [ ] adding Bikeshed digestion of this info into a data file,
• [ ] defining a markup model for invoking algos with args, and adding BS syntax to make it ergonomic,
• [ ] checking invocations against the definitions we've obtained

[samuelgoto]

+1 as an interested user here!