Add some aliasing warnings to docstrings for mutating functions in Base

[gdalle]

Functions like sum!(B, A) have undefined behavior when A and B share memory. We might fix that in the long run, but in the short run, doc warnings are better than nothing.

Related issues:

• sum!, prod!, any!, and all! may silently return incorrect results #39385
• Document aliasing in map! #50814

See also: https://discourse.julialang.org/t/did-julia-community-do-something-to-improve-its-correctness/102515/

• accumulate!
• all!
• any!
• append! (unsure)
• asyncmap!
• broadcast!
• circcopy!
• circshift!
• clamp!
• conj!
• copy!
• copyto!
• count!
• cumprod!
• cumsum!
• delete!
• deleteat!
• digits!
• empty!
• extrema!
• fill!
• filter!
• findmax!
• findmin!
• get!
• hex2bytes!
• insert!
• intersect!
• invpermute!
• keepat!
• kron!
• map!
• maximum!
• merge! (unsure)
• mergewith! (unsure)
• minimum!
• modifyproperty!
• partialsort!
• partialsortperm!
• permute!
• permutedims!
• pop!
• popat!
• popfirst!
• prepend! (unsure)
• prod!
• push!
• pushfirst!
• put!
• read!
• readbytes!
• replace!
• replaceproperty!
• resize!
• reverse!
• setdiff!
• setindex!
• setproperty!
• sizehint!
• sort!
• sortperm!
• splice!
• sum!
• swapproperty!
• symdiff!
• take!
• union!
• unique!
• unsafe_copyto!
• unsafe_store!

[oscardssmith]

Should reduce! be on the list?

[gbaraldi]

I would even change should to must.

[gdalle]

Should reduce! be on the list?

Looked for it in the code base but the search didn't yield anything. Perhaps it doesn't exist 🤯

[gdalle]

I would even change should to must.

done

[gustaphe]

Is "alias with" a self-explanatory phrase? Not a native speaker, but I would understand this better if it said "share memory with" or something similar.

[gdalle]

Is "alias with" a self-explanatory phrase? Not a native speaker, but I would understand this better if it said "share memory with" or something similar.

I took the formulation from LinearAlgebra.mul! but I agree that "alias" is not obvious for beginners, and it's a CS-specific term. If this gets one or two likes I'm changing it

[gdalle]

Replacement done, I think this is ready for review

[CameronBieganek]

I agree with adding warnings to the docstrings. However, I'm not sure what to do with map!. I believe the map!(f, x, x) idiom is meant to be supported, e.g., the following should work:

julia> x = [1, 2];

julia> map!(x -> 2x, x, x); x
2-element Vector{Int64}:
 2
 4

In fact, there is a unit test for that use case.

[gdalle]

I just took a cue from #50814 but it's easy to remove. Should I leave map! aside?

[mikmoore]

Good catch. map! is tricky because it should definitely work when the destination is not aliased or is identical to a source, because it reads the element before writing and only reads/writes that element once. But you can still cause mischief with misaligned aliasing:

julia> x = ones(Int,4); @views map!(+, x[begin+1:end], x[begin+1:end], x[begin:end-1]); x
4-element Vector{Int64}:
 1
 2
 3
 4

We need to specify (or non-specify) an evaluation order for map!. If we want to commit to a specific order, something like (1) The collections are evaluated in iteration order. But if there are cases where that currently is not true, or we desire to leave room for such cases in the future, then we might do better to say (2) The order in which the collections are iterated is undefined.

Either of these would mean that map!(f,x,x) is well-behaved, but (1) would introduce a contract for my misaligned example while (2) would leave it as undefined behavior. A specified order would preclude SIMD or other re-ordering unless the compiler could prove there was no possible dependency. That makes me more sympathetic to (2). Going (2) to (1) in the future would be non-breaking but (1) to (2) would be breaking. For that reason, I think the "easy" answer is (2) unless we want to debate the contract here.

We should also consider the behavior of broadcast!, although it is not necessary that it match map!.

[CameronBieganek]

I actually had a PR (#47012) for the map! docstring a while ago, but I closed it since no one responded to it. However, after closing, Jameson did respond with this comment:

I think there may be exceptions (e.g. SparseArrays) to this, so it may not be quite right to say it is necessarily the same order as iteration, only that eventually each element will be updated once.

[CameronBieganek]

(2) The order in which the collections are iterated is undefined.

Yeah, that might be the safest thing to do for now.

[danielwe]

The "...intended to operate without making any allocations" clause seems redundant and buries the key point. How about sticking to mul!s version? I.e., "Note that destination must not share memory with any of the elements in collection..." etc.

[gdalle]

I removed the redundancy and fixed the map! docstring

[gdalle]

Gonna use @jakobnissen's suggestion and run

filter(map(String, names(Base))) do i
    endswith(i, '!')
end

to see if I missed a few spots.

[gdalle]

OK just went through the whole list, see the first message. If anyone objects to my selection of "aliasing-vulnerable" mutating functions, let them speak now or forever hold their peace

[CameronBieganek]

Can this be backported to 1.10? If 1.10 becomes an LTS release, it might be nice to have these changes in the docs.

[gdalle]

Can this be backported to 1.10? If 1.10 becomes an LTS release, it might be nice to have these changes in the docs.

Don't ask me, I'm just visiting around these parts 🤣

[LilithHafner]

Question for triage:

Should we add a boilerplate warning to every mutating function that can misbehave when passed aliased inputs?

[gdalle]

@LilithHafner did this come up in triage? Honestly at this point I'm happy to revert to whatever state of the PR is deemed more mergeable

[LilithHafner]

No. Last Traige we only talked about the Memory type (#51319) I'll try to make sure we talk about this this week.

[rafaqz]

Should we add a boilerplate warning to every mutating function that can misbehave when passed aliased inputs?

Yes

[mkitti]

1. We should clearly document which arguments may be mutated.
2. We should provide a warning, possibly, common as it is now.
3. The common warning should link to a section in the docs that discusses aliasing and mutating functions.
4. This section should explain to a general user what aliasing and mutating means.

[LilithHafner]

Triage says merge!

[LilithHafner]

Some usages of _DOCS_ALIASING_WARNING need to be qualified for Julia to build.

[LilithHafner]

Thanks @gdalle! Sorry I made this process so long.

[gdalle]

Don't apologize, thorough reviews are better than no reviews :)