Add section about current PubGrub limitations (pubgrub-rs#3)

* Intro to PubGrub limitations

* Tweak limitations intro

* Prepare section for optional dependencies

* Complete the optional_deps section

* Update PackageName in the code examples for optional deps

* Start explanation for multiple versions

* Typos and consistency

* Less ambiguous proxi example

* Change solution to multiple example

* Complete the multiple_versions section

* Add a section about continuous version space

* Complete the prerelease section

* Typos and adjustments to continuous_versions

* Typos and adjustments to intro

* Typos and adjustments to multiple_versions

* Proxy and proxies

* Typos and text adjustments

* Joking ;)

* Mention dart prerelease issue

* Adjust section on pre-releases

Author: mpizenberg

src/SUMMARY.md

@@ -8,6 +8,11 @@
   - [Strategical decision making in a DependencyProvider](./pubgrub_crate/strategy.md)
   - [Solution and error reporting](./pubgrub_crate/solution.md)
   - [Writing your own error reporting logic](./pubgrub_crate/custom_report.md)
+- [Advanced usage and limitations](./limitations/intro.md)
+  - [Optional dependencies](./limitations/optional_deps.md)
+  - [Allowing multiple versions of a package](./limitations/multiple_versions.md)
+  - [Versions in a continuous space](./limitations/continuous_versions.md)
+  - [Pre-release versions](./limitations/prerelease_versions.md)
 - [Internals of the PubGrub algorithm](./internals/intro.md)
   - [Overview of the algorithm](./internals/overview.md)
   - [Terms](./internals/terms.md)

src/limitations/continuous_versions.md

@@ -0,0 +1,82 @@
+# Versions in a continuous space
+
+The current design of pubgrub exposes a `Version` trait demanding two properties, (1) that there exists a lowest version, and (2) that versions live in a discrete space where the successor of each version is known.
+So versions are basically isomorph with N^n, where N is the set of natural numbers.
+
+## The successor design
+
+There is a good reason why we started with the successor design for the `Version` trait.
+When building knowledge about the dependency system, pubgrub needs to compare sets of versions, and to perform common set operations such as intersection, union, inclusion, comparison for equality etc.
+In particular, given two sets of versions S1 and S2, it needs to be able to answer if S1 is a subset of S2 (S1 ⊂ S2).
+And we know that S1 ⊂ S2 if and only if S1 ∩ S2 == S1.
+So checking for subsets can be done by checking for the equality between two sets of versions.
+Therefore, **sets of versions need to have unique canonical representations to be comparable**.
+
+We have the interesting property that we require `Version` to have a total order.
+As a consequence, the most adequate way to represent sets of versions with a total order, is to use a sequence of non intersecting segments, such as `[0, 3] ∪ ]5, 9[ ∪ [42, +∞[`.
+
+> Notation: we note segments with close or open brackets depending on if the value at the frontier is included or excluded of the interval.
+> It is also common to use a parenthesis for open brackets.
+> So `[0, 14[` is equivalent to `[0, 14)` in that other notation.
+
+The previous set is for example composed of three segments,
+- the closed segment [0, 3] containing versions 0, 1, 2 and 3,
+- the open segment ]5, 9[ containing versions 6, 7 and 8,
+- the semi-open segment [42, +∞[ containing all numbers above 42.
+
+For the initial design, we did not want to have to deal with close or open brackets on both interval bounds.
+Since we have a lowest version, the left bracket of segments must be closed to be able to contain that lowest version.
+And since `Version` does not impose any upper bound, we need to use open brackets on the right side of segments.
+So our previous set thus becomes: `[0, ?[ ∪ [?, 9[ ∪ [42, +∞[`.
+But the question now is what do we use in place of the 3 in the first segment and in place of the 5 in the second segment.
+This is the reason why we require the `bump()` method on the `Version` trait.
+If we know the next version, we can replace 3 by bump(3) == 4, and 5 by bump(5) == 6.
+We finally get the following representation `[0, 4[ ∪ [6, 9[ ∪ [42, +∞[`.
+And so the `Range` type is defined as follows.
+
+```rust
+pub struct Range<V: Version> {
+    segments: Vec<Interval<V>>,
+}
+type Interval<V> = (V, Option<V>);
+// set = [0, 4[ ∪ [6, 9[ ∪ [42, +∞[
+let set = vec![(0, Some(4)), (6, Some(9)), (42, None)];
+```
+
+## The bounded interval design
+
+We may want however to have versions live in a continuous space.
+For example, if we want to use fractions, we can always build a new fraction between two others.
+As such it is impossible to define the successor of a fraction version.
+
+We are currently investigating the use of bounded intervals to enable continuous spaces for versions.
+If it happens, this will only be in the next major release of pubgrub, probably 0.3.
+The current experiments look like follows.
+
+```rust
+/// New trait for versions.
+/// Bound is core::ops::Bound.
+pub trait Version: Clone + Ord + Debug + Display {
+    /// Returns the minimum version.
+    fn minimum() -> Bound<Self>;
+    /// Returns the maximum version.
+    fn maximum() -> Bound<Self>;
+}
+
+/// An interval is a bounded domain containing all values
+/// between its starting and ending bounds.
+/// RangeBounds is core::ops::RangeBounds.
+pub trait Interval<V>: RangeBounds<V> + Debug + Clone + Eq + PartialEq {
+    /// Create an interval from its starting and ending bounds.
+    /// It's the caller responsability to order them correctly.
+    fn new(start_bound: Bound<V>, end_bound: Bound<V>) -> Self;
+}
+
+/// The new Range type is composed of bounded intervals.
+pub struct Range<I> {
+    segments: Vec<I>,
+}
+```
+
+It is certain though that the flexibility of enabling usage of continuous spaces will come at a performance price.
+We just have to evaluate how much it costs and if it is worth sharing a single implementation, or having both a discrete and a continuous implementation.

src/limitations/intro.md

@@ -0,0 +1,23 @@
+# Advanced usage and limitations
+
+By design, the current implementation of PubGrub is rather well suited to handle a dependency system with the following constraints:
+
+1. Packages are uniquely identified.
+2. Versions are in a discrete set, with a total order.
+3. The successor of a given version is always uniquely defined.
+4. Dependencies of a package version are fixed.
+5. Exactly one version must be selected per package depended on.
+
+The fact that packages are uniquely identified (1) is perhaps the only constraint that makes sense for all common dependency systems.
+But for the rest of the constraints, they are all inadequate for some common real-world dependency systems.
+For example, it's possible to have dependency systems where order is not required for versions (2).
+In such systems, dependencies must be specified with exact sets of compatible versions, and bounded ranges make no sense.
+Being able to uniquely define the successor of any version (3) is also a constraint that is not a natural fit if versions have a system of pre-releases.
+Indeed, what is the successor of `2.0.0-alpha`?
+We can't tell if that is `2.0.0` or `2.0.0-beta` or `2.0.0-whatever`.
+Having fixed dependencies (4) is also not followed in programming languages allowing optional dependencies.
+In Rust packages, optional dependencies are called "features" for example.
+Finally, restricting solutions to only one version per package (5) is also too constraining for dependency systems allowing breaking changes.
+In cases where packages A and B both depend on different ranges of package C, we sometimes want to be able to have a solution where two versions of C are present, and let the compiler decide if their usages of C in the code are compatible.
+
+In the following subsections, we try to show how we can circumvent those limitations with clever usage of dependency providers.

src/limitations/multiple_versions.md

@@ -0,0 +1,253 @@
+# Allowing multiple versions of a package
+
+One of the main goals of PubGrub is to pick one version per package depended on, under the assumption that at most one version per package is allowed.
+Enforcing this assumption has two advantages.
+First, it prevents data and functions interactions of the same library at different, potentially incompatible versions.
+Second, it reduces the code size and therefore also the disk usage and the compilation times.
+
+However, under some circonstances, we may relax the "single version allowed" constraint.
+Imagine that our package "a" depends on "b" and "c", and "b" depends on "d" @ 1, and "c" depends on "d" @ 2, with versions 1 and 2 of "d" incompatible with each other.
+With the default rules of PubGrub, that system has no solution and we cannot build "a".
+Yet, if our usages of "b" and "c" are independant with regard to "d", we could in theory build "b" with "d" @ 1 and build "c" with "d" @ 2.
+
+Such situation is sufficiently common that most package managers allow multiple versions of a package.
+In Rust for example, multiple versions are allowed as long as they cross a major frontier, so 0.7 and 0.8 or 2.0 and 3.0.
+So the question now is can we circumvent this fundamental restriction of PubGrub?
+The short answer is yes, with buckets and proxies.
+
+## Buckets
+
+We saw that implementing optional dependencies required the creation of on-demand feature packages, which are virtual packages created for each optional feature.
+In order to allow for multiple versions of the same package to coexist, we are also going to play smart with packages.
+Indeed, if we want two versions to coexist, there is only one possibility, which is that they come from different packages.
+And so we introduce the concept of buckets.
+A package bucket is a set of versions of the same package that cannot coexist in the solution of a dependency system, basically just like before.
+So for Rust crates, we can define one bucket per major frontier, such as one bucket for 0.1, one for 0.2, ..., one for 1.0, one for 2.0, etc.
+As such, versions 0.7.0 and 0.7.3 would be in the same bucket, but 0.7.0 and 0.8.0 would be in different buckets and could coexist.
+
+Are buckets enought? Not quite, since once we introduce buckets, we also need a way to depend on multiple buckets alternatively.
+Indeed, most packages should have dependencies on a single bucket, because it doesn't make sense to depend on potentially incompatible versions at the same time.
+But rarely, dependencies are written such that they can depend on multiple buckets, such as if one write `v >= 2.0`.
+Then, any version from the 2.0 bucket would satisfy it, as well as any version from the 3.0 or any other later bucket.
+Thus, we cannot write "a depends on b in bucket 2.0".
+So how do we write dependencies of "a"?
+That's where we introduce the concept of proxies.
+
+## Proxies
+
+A proxy package is an intermediate on-demand package, placed just between one package and one of its dependencies.
+So if we need to express that package "a" has a dependency on package "b" for different buckets, we create the intermediate proxy package "a->b".
+Then we can say instead that package "a" depends on any version of the proxy package "a->b".
+And then, we create one proxy version for each bucket.
+So if there exists the following five buckets for "b", 0.1, 0.2, 1.0, 2.0, 3.0, we create five corresponding versions for the proxy package "a->b".
+And since our package "a" depends on any version of the proxy package "a->b", it will be satisfied as soon as any bucket of "b" has a version picked.
+
+## Example
+
+We will consider versions in the form `major.minor` with a major component starting at 1, and a minor component starting at 0.
+The smallest version is 1.0, and each major component represents a bucket.
+
+> Note that we could start versions at 0.0, but since different dependency system tends to interpret versions before 1.0 differently, we will simply avoid that problem by saying versions start at 1.0.
+
+For convenience, we will use a string notation for proxies and buckets.
+Buckets will be indicated by a "#", so "a#1" is the 1.0 bucket of package "a", and "a#2" is the 2.0 bucket of package "a".
+And we will use "@" to denote exact versions, so "a" @ 1.0 means package "a" at version 1.0.
+Proxies will be represented by the arrow "->" as previously mentioned.
+Since a proxy is tied to a specific version of the initial package, we also use the "@" symbol in the name of the proxy package.
+For example, if "a" @ 1.4 depends on "b", we create the proxy package "a#[email protected]>b".
+It's a bit of a mouthful, but once you learn how to read it, it makes sense.
+
+> Note that we might be tempted to just remove the version part of the proxy, so "a#1->b" instead of "a#[email protected]>b".
+> However, we might have "a" @ 1.4 depending on "b" in range `v >= 2.2` and have "a" @ 1.5 depending on "b" in range `v >= 2.6`.
+> Both dependencies would map to the same "a#1->b" proxy package, but we would not know what to put in the dependency of "a#1->b" to the "b#2" bucket.
+> Should it be "2.2 <= v < 3.0" as in "a" @ 1.4, or should it be "2.6 <= v < 3.0" as in "a" @ 1.5?
+> That is why each proxy package is tied to an exact version of the source package.
+
+Let's consider the following example, with "a" being our root package.
+- "a" @ 1.4 depends on "b" in range `1.1 <= v < 2.9`
+- "b" @ 1.3 depends on "c" at version `1.1`
+- "b" @ 2.7 depends on "d" at version `3.1`
+
+Using buckets and proxies, we can rewrite this dependency system as follows.
+- "a#1" @ 1.4 depends on "a#[email protected]>b" at any version (we use the proxy).
+- "a#[email protected]>b" proxy exists in two versions, one per bucket of "b".
+- "a#[email protected]>b" @ 1.0 depends on "b#1" in range `1.1 <= v < 2.0` (the first bucket intersected with the dependency range).
+- "a#[email protected]>b" @ 2.0 depends on "b#2" in range `2.0 <= v < 2.9` (the second bucket intersected with the dependency range).
+- "b#1" @ 1.3 depends on "c#1" at version `1.1`.
+- "b#2" @ 2.7 depends on "d#3" at version `3.1`.
+
+There are potentially two solutions to that system.
+The one with the newest versions is the following.
+- "a#1" @ 1.4
+- "a#[email protected]>b" @ 2.0
+- "b#2" @ 2.7
+- "d#3" @ 3.1
+
+Finally, if we want to express the solution in terms of the original packages, we just have to remove the proxy packages from the solution.
+
+## Example implementation
+
+A complete example implementation of this extension allowing multiple versions is available in the [`allow-multiple-versions` crate of the `advanced_dependency_providers` repository][multiple-versions-crate].
+In that example, packages are of the type `String` and versions of the type `SemanticVersion` defined in pubgrub, which does not account for pre-releases, just the (Major, Minor, Patch) format of versions.
+
+[multiple-versions-crate]: https://github.com/pubgrub-rs/advanced_dependency_providers/tree/main/allow-multiple-versions
+
+### Defining an index of packages
+
+Inside the `index.rs` module, we define a very basic `Index`, holding all packages known, as well as a helper function `add_deps` easing the writing of tests.
+
+```rust
+/// Each package is identified by its name.
+pub type PackageName = String;
+/// Alias for dependencies.
+pub type Deps = Map<PackageName, Range<SemVer>>;
+
+/// Global registry of known packages.
+pub struct Index {
+    /// Specify dependencies of each package version.
+    pub packages: Map<PackageName, BTreeMap<SemVer, Deps>>,
+}
+
+// Initialize an empty index.
+let mut index = Index::new();
+// Add package "a" to the index at version 1.0.0 with no dependency.
+index.add_deps::<R>("a", (1, 0, 0), &[]);
+// Add package "a" to the index at version 2.0.0 with a dependency to "b" at versions >= 1.0.0.
+index.add_deps("a", (2, 0, 0), &[("b", (1, 0, 0)..)]);
+```
+
+### Implementing a dependency provider for the index
+
+Since our `Index` is ready, we now have to implement the `DependencyProvider` trait for it.
+As explained previously, we'll need to differenciate packages representing buckets and proxies, so we define the following new `Package` type.
+
+```rust
+/// A package is either a bucket, or a proxy between a source and a target package.
+pub enum Package {
+    /// "a#1"
+    Bucket(Bucket),
+    /// source -> target
+    Proxy {
+        source: (Bucket, SemVer),
+        target: String,
+    },
+}
+
+/// A bucket corresponds to a given package, and match versions
+/// in a range identified by their major component.
+pub struct Bucket {
+    pub name: String, // package name
+    pub bucket: u32, // 1 maps to the range 1.0.0 <= v < 2.0.0
+}
+```
+
+In order to implement the first required method, `choose_package_version`, we simply reuse the `choose_package_with_fewest_versions` helper function provided by pubgrub.
+That one requires a list of available versions for each package, so we have to create that list.
+As explained previously, listing the existing (virtual) versions depend on if the package is a bucket or a proxy.
+For a bucket package, we simply need to retrieve the original versions and filter out those outside of the bucket.
+
+```rust
+match package {
+    Package::Bucket(p) => {
+        let bucket_range = Range::between((p.bucket, 0, 0), (p.bucket + 1, 0, 0));
+        self.available_versions(&p.name)
+            .filter(|v| bucket_range.contains(*v))
+    }
+    ...
+```
+
+If the package is a proxy however, there is one version per bucket in the target of the proxy.
+
+```rust
+match package {
+    Package::Proxy { target, .. } => {
+        bucket_versions(self.available_versions(&target))
+    }
+    ...
+}
+
+/// Take a list of versions, and output a list of the corresponding bucket versions.
+/// So [1.1, 1.2, 2.3] -> [1.0, 2.0]
+fn bucket_versions(
+    versions: impl Iterator<Item = SemVer>
+) -> impl Iterator<Item = SemVer> { ... }
+```
+
+Additionally, we can filter out buckets that are outside of the dependency range in the original dependency leading to that proxy package.
+Otherwise it will add wastefull computation to the solver, but we'll leave that out of this walkthrough.
+
+The `get_dependencies` method is slightly hairier to implement, so instead of all the code, we will just show the structure of the function in the happy path, with its comments.
+
+```rust
+fn get_dependencies(
+    &self,
+    package: &Package,
+    version: &SemVer,
+) -> Result<Dependencies<Package, SemVer>, ...> {
+    let all_versions = self.packages.get(package.pkg_name());
+    ...
+    match package {
+        Package::Bucket(pkg) => {
+            // If this is a bucket, we convert each original dependency into
+            // either a dependency to a bucket package if the range is fully contained within one bucket,
+            // or a dependency to a proxy package at any version otherwise.
+            let deps = all_versions.get(version);
+            ...
+            let pkg_deps = deps.iter().map(|(name, range)| {
+                    if let Some(bucket) = single_bucket_spanned(range) {
+                        ...
+                        (Package::Bucket(bucket_dep), range.clone())
+                    } else {
+                        ...
+                        (proxy, Range::any())
+                    }
+                })
+                .collect();
+            Ok(Dependencies::Known(pkg_deps))
+        }
+        Package::Proxy { source, target } => {
+            // If this is a proxy package, it depends on a single bucket package, the target,
+            // at a range of versions corresponding to the bucket range of the version asked,
+            // intersected with the original dependency range.
+            let deps = all_versions.get(&source.1);
+            ...
+            let mut bucket_dep = Map::default();
+            bucket_dep.insert(
+                Package::Bucket(Bucket {
+                    name: target.clone(),
+                    bucket: target_bucket,
+                }),
+                bucket_range.intersection(target_range),
+            );
+            Ok(Dependencies::Known(bucket_dep))
+        }
+    }
+}
+
+/// If the range is fully contained within one bucket,
+/// this returns that bucket identifier, otherwise, it returns None.
+fn single_bucket_spanned(range: &Range<SemVer>) -> Option<u32> { ... }
+```
+
+That's all!
+The implementation also contains tests, with helper functions to build them.
+Here is the test corresponding to the example we presented above.
+
+```rust
+#[test]
+/// Example in guide.
+fn success_when_simple_version() {
+    let mut index = Index::new();
+    index.add_deps("a", (1, 4, 0), &[("b", (1, 1, 0)..(2, 9, 0))]);
+    index.add_deps("b", (1, 3, 0), &[("c", (1, 1, 0)..(1, 1, 1))]);
+    index.add_deps("b", (2, 7, 0), &[("d", (3, 1, 0)..(3, 1, 1))]);
+    index.add_deps::<R>("c", (1, 1, 0), &[]);
+    index.add_deps::<R>("d", (3, 1, 0), &[]);
+    assert_map_eq(
+        &resolve(&index, "a#1", (1, 4, 0)).unwrap(),
+        &select(&[("a#1", (1, 4, 0)), ("b#2", (2, 7, 0)), ("d#3", (3, 1, 0))]),
+    );
+}
+```
+
+Implementing a dependency provider allowing both optional dependencies and multiple versions per package is left to the reader as an exercise (I've always wanted to say that).