[Proposal]: Add private and namespace accessibility modifiers for top-level types.
#6794
Comments
|
Does the runtime already support this or is there an implied runtime change dependency? |
private class C1
{
}
internal class C2
{
internal void M(C1 c1) { }
}I'd like to be able to call |
Make M private, or make C1 internal. Right now this is the IVT problem. you're exposing MS to everything in IVT. Unclear if we have have a middle ground for members that says "internal, but only to this assembly". |
|
@RikkiGibson To me, that example says that since a new kind of accessibility is being added, it needs a new keyword, that can then be used everywhere. And |
CyrusNajmabadi
changed the title
private accessibility for type-level types.private and namespace accessibility modifiers for top-level types.
|
I feel it seems a bit difficult to teach beginners the difference between private and intenal, because there are not so many opportunities for beginners to use IVT attributes. |
|
I imagine you wouldn't teach beginners this. |
|
Isn't the |
|
Why would this not be taught? It may not be a beginner topic, but that hardly relevant here. |
|
Even now, people try to put private on top-level types mistaking it for internal. I think that if we introduce the private modifier, people will use private unintentionally and without worrying about the difference between it and internal. My concern is that private - a common word - is associated with IVT - a less familiar feature. |
|
would I see some positives here if that is the case, although it might lead to people doing things they really shouldn't and creating fragile code when another assembly pushes a new version. |
Why would that be a problem? If they're not using ivt it won't matter. If they are using ivt, then private will still be a good choice for limited visibility. And if they actually need to expose the type to one of their other assemblies, they can make it internal. |
No. This would be within an assembly. |
|
These days, C# tends to make the most recommended style the easiest to write. If you want to encourage people to use |
|
I have no dog in the race about encouragement. I think people should use whatever pattern makes sense for their codebase. If people want to make their types private, because that fits their goals better, then i'm all for that. If they want to keep them internal, i'm also fine with that. What i care most about is that those who do want to use IVT, but not expose as much, have an option to help themselves out here :) |
Making what sealed? |
|
The use case for this top-level private seems extremely narrow. IVT already has to be part of the declaring assembly; you are explicitly opting into sharing your internals with another assembly. Meaning that this feature would not be applicable for any package referenced from NuGet, potentially only useful for library authors with multiple assemblies. So we're already talking about a use case that only applies to assemblies that are owned by the same organization and have implemented IVT (which I'd wager is a vanishingly small percentage of C# code out there- most devs don't even know IVT exists). Is this use case really compelling enough that it outweighs the additional language complexity? For namespace accessibility, what has changed since you said this two years ago?
|
|
I have to agree that I think these are both pretty niche, probably on a similar order to As for driving accessibility from namespaces, that just feels ... off ... to me. Like someone used to Java accessibility wants to recreate it in C#. I think there are numerous questions about how such accessibility would be enforced. Does that accessibility extend between assemblies, like Java 1-8, or is it limited to only the current assembly, like Java 9+? What about "child" namespaces? I think you could ask 5 different developers and get 10 different answers, which to me lends itself more to enforcement via analyzer. |
Namespace accessibility was added at the request of another LDM member who was interested in it and felt it would be good to have the discussion at the same time. My views on it have not changed. |
That's what will have to be determined. Very possible it won't be. |
I don't know what you're asking for. Can you give an example of what you want to write and what you want it's to compile down to @buvinghausen ? |
Why would a |
A |
I don't understand waht you're asking for. You're showing an example of code that is already legal and has meaning :) Can you show me what you want to be able to write, and what semantics it woudl have? Thanks! |
I don't know what this means. There's nothing about generated code being discussed here. This is about accessibility placed by the user on types.
I have no idea what you're asking to be reviewed in that repo... :) Can you please walk us through what you're asking for? I genuinely don't really understand, and i'm not seeing what it has to do with this proposal. Thanks! |
|
+1 for this, I need this feature for my roslyn source generator. |
Weren't |
|
Yes. |
|
Instead of As such, I introduce three new attributes: // Asm1
[InternalsExplicitlyVisibleTo("Asm2")]
internal class A
{
}
internal class B
{
}
// Asm2
A a = new(); // ok
B b = new(); // error: B cannot be found
// Asm3
A a = new(); // error: A cannot be found
B b = new(); // error: B cannot be foundInternally, Asm1 is compiled to: [assembly: InternalsVisibleTo("Asm2")]
[InternalsExplicitlyVisibleTo("Asm2")]
internal class A
{ }
[InternalsExplicitlyHidden]
internal class B
{ }Examples: // Asm1
public class A
{
[InternalsExplicitlyVisibleTo("Asm2")]
internal void B() { }
}
[InternalsExplicitlyVisibleTo("Asm3")]
internal static class C
{
// inherits attribute applied to class
[InternalsExplicitlyVisibleTo("Asm2")] // warn: Asm2 cannot access C
internal static void B()
{ }
}
// Asm2
A a = new();
a.B(); // ok
C.B(); // error: C cannot be found
// Asm3
A a = new();
a.B(); // error: A.B() cannot be found
C.B(); // ok
// Asm1 Internally compiled to:
[assembly: InternalsVisibleTo("Asm2")]
[assembly: InternalsVisibleTo("Asm3")]
public class A
{
[InternalsExplicitlyVisibleTo("Asm2")]
[InternalsExplicitlyHiddenFrom("Asm3")]
internal void B()
{ }
}
[InternalsExplicitlyVisibleTo("Asm3")]
[InternalsExplicitlyHiddenFrom("Asm2")]
internal static class C
{
[InternalsExplicitlyVisibleTo("Asm2")] // attribute is still added, although not used.
internal static void B()
{ }
} |
This comment was marked as resolved.
This comment was marked as resolved.
|
@glen-84 the modifiers are not the interesting part of the discussion. The discussion is around designing narrower scopes for sets of types. Discussing the various use cases will help flesh out the idea and will then help motivate a particular set of syntaxes and semantics. |
|
Question: is there a specific reason why this is being proposed only for top-level types? It would be really nice to be able to express "namespace" and "this assembly" accessibilities for nested types as well. Would that be possible? I realize that |
Agreed -- I'm not picky about the keyword(s) for this functionality, but being specify any element (type, method, etc.) to be |
|
Leaving a comment here for reference, discussed this with @CyrusNajmabadi on Discord: rather than allowing
cc. @CyrusNajmabadi since you said "that might be viable." 🙏 |
|
Are IVTs that common outside of testing scenarios to warrant having an accessibility modifier that is 99.9999% redundant? If that's the case, fix IVTs. |
|
I think it'd be very confusing if
Both of these have problems. The former feels redundant, while the latter is inconsistent with other parts of the language. What about That said, given these two options, |
Yes. In Paint.NET I have IVTs spanning most of my app DLLs, which ensures plugins cannot access app Having a special access modifier for |
|
Having |
That doesn't sound like a remotely common scenario. Even if more than a small handful of exceptionally complicated projects can benefit from new accessibility levels, I would still suggest that it would be preferable to improve IVTs. C# already has more accessibility levels than most languages. |
|
Think of "private" then as the improvement to 'IVT' :) It would generally be the norm to just make all types within an assembly private. And if you wanted to expose them outwards you'd use:
It would basically be flipping IVT from the very broadly exposing feature it is today, to one that could narrowly expose things. For most users this would be a non-issue. They don't use IVT, and as such wouldn't ever have to do anything or be aware of this. All our defaults would continue working well for them. But for users that do use IVT, this would be the knob that goes with it to make separation of concerns nicer. FWIW, this is feedback i've heard quite a bit from library authors that ship their libraries for external consumption. They want to share small bits of code among their lib dlls (and so use IVT), but now have exposed everything, even though they'd like to have additional protection from that. |
|
And it's def the case that for the sample size of: MS owned libs, this is def something wanted. For 2nd and 3rd parties the desire is there. Though not as universal as hte 1st party case :) |
That means all devs are now exposed to these accessibility levels, despite almost nobody having a need to use them. Worse, it'll probably encourage trying to further finely slice the onion only leading to more and more requests for accessibility levels. IVTs are an advanced scenario, if they are not suitable for the extreme minority of developers that rely on them outside of test scenarios, I still think "fixing" IVTs would be a much better route. |
|
Would it make sense to repurpose the It was already mentioned that they’re not an ergonomic feature, but it’s also been repeated brought up that this is a niche scenario. Maybe someone can make a private wrapper if necessary. |
|
In terms of "fixing IVTs", I might suggest that .NET take a page from the Java Module System and have a resource file embedded in the assembly which can explicitly specify which internal types are visible to which assemblies. Then the entire assembly could be exposed to test suites, a smaller subset exposed to sibling assemblies in the same framework and a smaller subset still could be exposed to known plugins, etc. |
|
Why not "just" allow IVT to be applied to types and members also. |
|
I would use private for that purpose halo. |
And My point is that it feels like adding more accessibility levels here feels like a very big hammer to address something experienced by an extreme minority of the developer audience. |
|
@FaustVX that's what this proposal is ... Finding a way to allow ivt, without exposing everything. I feel like people are way too caught up on Syntax. |
|
To reiterate, this proposal is about a way to more narrowly expose types to other assemblies. The private keyword is strawman Syntax for that. Just like my other proposal is about scoping typesinside an assembly (with strawman around that). The fundamental goal is better control around the scoping of the type, since all we have is internal today. That's both too broad within, and too broad without. |
That's fair. I think it's worth exploring if there are non-language ways to accomplish that, especially given that IVT is already a non-language mechanism for expanding accessibility, and if that mechanism offered more flexibility that could satisfy the use cases without requiring language changes. Internally, maybe it'd be more interesting to talk about adding modules to C# that are independent of namespaces, and types/members can have module accessibility within the module. Of course all of that could be defined via custom attributes and analyzers also. |
I'm def interested. The reason i went with |
You can use |
|
What would be nice is: public class ClassB { The Friend attribute would be the same as private/protected + allow any classes within the friend group to access. Namespace is just a convenient way to declare a group of classes that all have special access to each other. This would be a lot simpler to implement, I would think. |
|
You could accomplish this today with |
|
@HaloFour Does this include hiding methods from other classes in the same assembly (that are not friends)? |
|
Here's an analyzer that claims to have this capability: https://github.com/piotrstenke/Durian |
|
Java modules and packages, with related accessibility rules, are THE features where Java trumps C#, IMHO. C# already has a lot of accessibility modifiers and none solve problems that people (included me) actually have, and that is "friendship" which use-cases have been elaborated elsewhere. In a green-field project it's possible to split functionality across assemblies so that For my part I often wanted
[1] Use-case example: the namespace defines a tree framework, and predefines a So And the more I think about accessibility rules in C#, the more I wonder about why namespaces exist at all. The reason for me (still) using namespaces are
The mentioned scenario about trees could be emulated as and then in another assembly: The only thing that feels "iffy" about it is that it significantly deviates from C# code one sees "out in the wild", including BCL, i.e., it uses class as namespace with enhanced access control. With classes, one might run into issues with lack of MI, but one could just as well use And then we have
As of today, |
and others
privateandnamespaceaccessibility modifiers for top-level typesSummary
[summary]: Enable the
privatemodifier to be used for top level types in C#. The semantics of this would differ frominternalin that whileinternalmeans "this assembly and any assemblies with IVT to this",privatewould mean "this assembly only". This is already the meaning for nested types, but is not available for top level types.Similarly, enable the
namespacemodifier to be used for types in c#. The semantics of this are that these types are only accessible within thatnamespaceonly (not including sub-namespaces).Motivation
[motivation]: Currently, based on the v1 rules of the language, the narrowest accessibility a top-level-type (i.e. one directly in a namespace) can get is
internal. This was fine in v1 as that meant "within this assembly only". Later, this was found to be problematic for components (including Roslyn, the BCL, 3rd parties) that wish to keep things non-public, but which want to share some types across assemblies. To that end, we added the InternalsVisibleTo (IVT) attribute to allow these types to be seeing by a particular clique of assemblies.This came with a downside though. Using IVT opens up your entire space of internal types to all these assemblies, even if it is only wanted/desirable for a narrow subset of those types. It also makes it more difficult to know what portion of your symbols actually are actually intended for use in these downstream assemblies, and what just got pulled in because there was no way to be excluded.
For tooling, this also makes things more expensive. For example, in the IDE, tools like 'find refs' have to figure out the set of domains they need to look for something in. Once IVT is involved in a project, then effectively all top level symbols have to be looked for in those larger cliques. Being able to explicitly make types exist only in a single assembly can greatly improve performance.
Similar issues exist for things like ref-assemblies. Right now they must include internal types (if IVT) is on, and will be updated whenever any of those change (even if there is no intent or usage of those types downstream). Having these types truly be 'private' (and thus not included in these artifacts), limits the surface area, and makes more changes less impactful downstream.
Detailed design
Allow
privateas a modifier for top-level-types. These types would only be visible within that assembly, including when the IVT attribute was present.Similar to how accessibility is checked today, a private-type could not be exposed by some type/member taht itself was exposed beyond the assembly. For example, it could not be the base-type of an internal type, or a parameter/return type of some internal visible member.
Drawbacks
internal.Design meetings
The text was updated successfully, but these errors were encountered: