Distwit -- "Distributed Witnesses" -- make it possible to use exceptions and extensible variant types with Marshalling.

Extension constructors (including exceptions) are generated at runtime. Each "exception" or "type t += A" statement allocate a new constructor.

A constructor witnesses the type of its arguments. If two objects have the same constructor (by physical equality), then parameters of the constructor have the same type.

But physical equality does not span across processes, it is lost when marshalling. Unmarshalling creates a new copy which will never match the existing witness.

Type safety is preserved, but equalities are lost. (Otherwise, imagine matching constructors generated in a similar way but with slightly different types and exchanged between processes: it would be possible to introduce arbitrary false equalities).

The difficulty is the generation of unique witnesses independent of an address space ("pure" values).

A solution is to delegate the generation of witnesses to an external trusted "gensym" service. As long as generated symbols don't collide, type safety can be preserved.

Distwit implements this idea: it turns symbols generated by an arbitrary service (provided as an argument to the main functor) into witnesses valid for OCaml runtime (locally bypassing the typechecker!).

This implementation produces witnesses valid for OCaml 4.03 and 4.04 runtimes. They may or may not be valid for later versions.

Safety relies on the validity of the symbol generator. Freshly generated symbol should be unique. As usual with marshalling, this should be used between trusted processes.

Furthermore, symbols registered by user (via [register] function) should only be used with the exact same constructor -- otherwise incorrect equalities are generated.

An example using Uuidm as a symbol generator:

module W = Distwit.Make_unsafe(struct
    type t = Uuidm.t
    let equal = Uuidm.equal
    let hash = Hashtbl.hash

    let fresh () = Uuidm.v5 Uuidm.nil "distwit"
  end)

let roundtrip (x : 'a) : 'a =
  Marshal.from_string (Marshal.to_string x []) 0

let exn = Failure "..."

let () = match roundtrip exn with
  | Failure _ ->
    prerr_endline "marshalling preserved identity, that's unexpected!";
    assert false
  | _ ->
    prerr_endline "marshalling lost identity";
    ()

let () = match W.unwrap (roundtrip (W.wrap exn)) with
  | Failure _ ->
    prerr_endline "distwit recovered identity"
  | _ ->
    prerr_endline "distwit didn't recover identity, that's wrong!";
    assert false