Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: Go 2: immutable type qualifier #27975

Open
romshark opened this issue Oct 2, 2018 · 99 comments
Open

proposal: Go 2: immutable type qualifier #27975

romshark opened this issue Oct 2, 2018 · 99 comments

Comments

@romshark
Copy link

@romshark romshark commented Oct 2, 2018

This issue describes a language feature proposal to Immutable Types. It targets the current Go 1.x (> 1.11) language specification and doesn't violate the Go 1 compatibility promise. It also describes an even better approach to immutability for a hypothetical, backward-incompatible Go 2 language specification.

The linked Design Document describes the entire proposal in full detail, including the current problems, the benefits, the proposed changes, code examples and the FAQ.

Updates

  • October 7th: This proposal is approaching its second revision addressing major flaws such as const-poisoning, verbosity, const-keyword overloading and others.

Introduction

Immutability is a technique used to prevent mutable shared state, which is a very common source of bugs, especially in concurrent environments, and can be achieved through the concept of immutable types.

Bugs caused by mutable shared state are not only hard to find and fix, but they're also hard to even identify. Such kind of problems can be avoided by systematically limiting the mutability of certain objects in the code. But a Go 1.x developer's current approach to immutability is manual copying, which lowers runtime performance, code readability, and safety. Copying-based immutability makes code verbose, imprecise and ambiguous because the intentions of the code author are never clear. Documentation can be rather misleading and doesn't solve the problems either.

Immutable Types in Go 1.x

Immutable types can help achieve this goal more elegantly improving the safety, readability, and expressiveness of the code. They're based on 5 fundamental rules:

  • I. Each and every type has an immutable counterpart.
  • II. Assignments to objects of an immutable type are illegal.
  • III. Calls to mutating methods (methods with a mutable receiver type) on objects of an immutable type are illegal.
  • IV. Mutable types can be cast to their immutable counterparts, but not the other way around.
  • V. Immutable interface methods must be implemented by a method with an immutable receiver type.

These rules can be enforced by making the compiler scan all objects of immutable types for illegal modification attempts, such as assignments and calls to mutating methods and fail the compilation. The compiler would also need to check, whether types correctly implement immutable interface methods.

To prevent breaking Go 1.x compatibility this document describes a backward-compatible approach to adding support for immutable types by overloading the const keyword (see here for more details) to act as an immutable type qualifier.

Immutable types can be used for:

Immutable Types in Go 2.x

Ideally, a safe programming language should enforce immutability by default where all types are immutable unless they're explicitly qualified as mutable because forgetting to make an object immutable is easier, than accidentally making it mutable. But this concept would require significant,
backward-incompatible language changes breaking existing Go 1.x code. Thus such an approach to immutability would only be possible in a new backward-incompatible Go 2.x language specification.

Related Proposals

This proposal is somewhat related to:

Detailed comparisons to other proposals are described in the design document, section 5..


Please feel free to file issues and pull requests, become a stargazer,
contact me directly at roman.scharkov@gmail.com and join the conversation on Slack Gophers (@romshark), the international and the russian Telegram groups, as well as the original golangbridge, reddit and hackernews posts! Thank you!

@gopherbot gopherbot added this to the Proposal milestone Oct 2, 2018
@dsnet
Copy link
Member

@dsnet dsnet commented Oct 2, 2018

Nice document; clearly you spent a while on it. I only briefly glanced over it.

Copies are the only way to achieve immutability in Go 1.x, but copies inevitably degrade runtime performance. This dilemma encourages Go 1.x developers to either write unsafe mutable APIs when targeting optimal runtime performance or safe but slow and copy-code bloated ones.

Not exactly the only way. An alternative approach is to have an opaque type with only exported methods that provide read-only access, which is how reflect.Type achieves immutability. The v2 protobuf reflection API also takes this approach. It has other downsides (like needing to manually create methods for each read-only operation), but pointing out that there are non-copy approaches to immutability.

@networkimprov
Copy link

@networkimprov networkimprov commented Oct 2, 2018

I like the idea of mut more than const, but I think similar effect could be achieved with optional naming conventions (field_m, mField, field$ :-) and a go-vet switch.

Also forgetting to use const somewhere can cause havoc down the road...

EDIT: Related: #21130, #6386

@kirillDanshin
Copy link

@kirillDanshin kirillDanshin commented Oct 2, 2018

@networkimprov please no $ in names, I don't think we need to start another PHP again

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Oct 2, 2018

As far as I can tell in my initial skim, this doesn't solve the memchr problem. In C the standard library memchr function, which returns a pointer to the first occurence of a character in a string, is defined as char *memchar(const char *, char). The problem is that in terms of types, if memchr is passed a const char * it should return a const char *, and if memchr is passed a char * it should return a char *. That is, it should preserve the const-ness of its first argument. But there is no way to write that in C. And I don't see how to write that in your proposal.

Other comments:

  • Is there any difference between this proposal and the use of const as a type qualifier in C, other than the logical extension to interfaces?
  • Look up "const-poisoning."
  • Pedantically, I don't particularly like using the word "immutable" to describe the parameter to func F(const []int). That slice is not immutable; all that declaration says is that F will not change it. This is particularly clear if you write func F(s1 const []int, s2 []int) and then call it as F(s, s). You can't say that s1 is immutable within F, because if s2 changes then s1 will change.
  • Do we really have to worry about immutable containers of mutable values? Yes, that comes up once in a while, but it is often enough to make it worth writing const [] const T?
@romshark
Copy link
Author

@romshark romshark commented Oct 3, 2018

@dsnet
getters/setters are doing just that: they copy stuff from the inner scope of the struct. You
don't want to copy everything every time, and you certainly don't want to do it manually. Writing setters, getters, cloners just for the sake of ensuring immutability is not only quite tedious but also very error-prone due to pointer aliasing, which is the scariest part actually. Copy-code tends to be rather complicated in Go, one wrong copy (like copying a pointer, or naively copying a reference type such as a slice) and you've introduced aliasing that could have terrific, non-obvious consequences. With immutable types though, having read-only aliasing is just fine because there's no mutable shared state.

Currently, the safest way of avoiding manual copying of large structs are interfaces. You could define 2 interfaces where one of them lacks the mutating methods and return interfaces from the getters only. This is an "okay" solution, but it doesn't solve internal mutability problems. In big open source projects many people are working on the code, intentions must be unambiguous, clear and precise, which they're currently not. Can you automatically ensure that the methods implementing the read-only interface do not mutate the object for sure, even after merging a pull request from an external developer who's not fully aware of your intentions? You can't! You'll have to write proper unit tests and carefully analyze each and every commit! With immutable types you declare your interface methods immutable and you can be 100% sure that any implementation of it trying to mutate the object will fail the compilation. Apart from that, interfaces aren't free, they do have a slight runtime cost due to indirection, so having an option to avoid them for performance reasons while still preserving safety is a good thing!

I always prefer to solve these kinds of problems declaratively. I declare what is mutable/immutable while the compiler does all the dirty work of making sure neither me, nor my coworkers, nor the open source contributors sending in their pull requests shoot themselves in the foot introducing bugs. Isn't this the way compiled languages should make our lives easier?

@romshark
Copy link
Author

@romshark romshark commented Oct 3, 2018

@networkimprov
As section 3. of the design document clearly states: immutability by default and explicit mutability qualification through mut is preferable, but would only be possible in a backward-incompatible Go 2.x specification, which is not to be expected any time soon (AFAIK, the "Go 2" they're advertising is rather a Go 1.13+ because the folks at Google aren't big fans of breaking compatibility as it seems).

Naming conventions would break backward-compatibility. Old Go 1.x code could either stop compiling or fail at linting, which is unacceptable. This proposal aspires to preserve backward-compatibility at all cost. There's also a somewhat related question in the FAQ by the way.

@randall77
Copy link
Contributor

@randall77 randall77 commented Oct 3, 2018

You may want to read Russ' evaluation of a read-only slices proposal. It contains a lot of the issues that this proposal should grapple with.

@dsnet
Copy link
Member

@dsnet dsnet commented Oct 3, 2018

getters/setters are doing just that: they copy stuff from the inner scope of the struct.

But they don't have to. If the inner field is a composite type, the getter can return an opaque type that internally holds a pointer to the composite type and only provides exported read-only getter methods.

Writing setters, getters, cloners just for the sake of ensuring immutability is not only quite tedious but also very error-prone due to pointer aliasing, which is the scariest part actually

I've written several immutable APIs in this way. I absolutely agree that it is tedious, but I personally don't think it was "very error-prone" from the perspective of the API author. Pointer aliasing is not inherently the problem; it is problematic if a pointer to a non-opaque type leaks to the public API. However, I find it relatively straight-forward to review the public API and reason that it doesn't violate immutability.

Can you automatically ensure that the methods implementing the read-only interface do not mutate the object for sure, even after merging a pull request from an external developer who's not fully aware of your intentions? You can't!

Since read-only APIs are usually just getters, they are not terribly complicated such that you would accidentally mutate the object (e.g., it is not hard to review this and reason it is read-only).

In big open source projects many people are working on the code, intentions must be unambiguous, clear and precise, which they're currently not.

An opaque read-only API does make the intention clear. The lack of any setter methods is a clear signal that the user should not (and cannot) mutate anything.

Apart from that, interfaces aren't free, they do have a slight runtime cost due to indirection, so having an option to avoid them for performance reasons

Interfaces are one such implementation, but it doesn't have to be. It can be a concrete type too:

type MutableStruct struct {
    Field int
    ...
}
type ImmutableStruct struct { p *MutableStruct }
func (p ImmutableStruct) GetField() int { return p.p.Field }

There is practically no runtime cost to this as the compiler can inline all the getters as if they were nested field accesses (or slice indexes, map lookups, etc).


I am bringing the technique up not as an end-all alternative to your proposal, but more so to counter the claim that "copies are the only way to achieve immutability ... [which] degrades runtime performance". It is a legitimate approach taken today to address this problem, which the proposal seems to gloss over.

I agree that there are disadvantages to opaque APIs with read-only getters (especially with regard to their tediousness and perhaps the lack of implicit casting), but I think it would help the case of a proposal trying to add immutability to acknowledge techniques done today to work around the problem and show that the benefit of adding immutability outweighs the cost (e.g., complexity in type system and the "const poisoning" mentioned earlier).

@networkimprov
Copy link

@networkimprov networkimprov commented Oct 3, 2018

Naming conventions would break backward-compatibility.

Above I suggested a go-vet switch to support a naming convention. Such a convention would be optional, permanently. As would a mut keyword. Lots of folks don't want to code that way.

There has been plenty of discussion about const-ness over the years, yet the two priorities for Go2 are error handling & generics, and code for them presumably won't land for a couple years (there is no defined schedule as yet).

@alvaroloes
Copy link

@alvaroloes alvaroloes commented Oct 3, 2018

I love how well done the proposal is. Thank you for your hard work on this.

I have just one thought that I would like to share:
It is stated in the proposal that we can't cast an immutable var to a mutable one, as we could break the immutability. The opposite, casting a mutable var to an immutable one, can be done, which makes sense. However, in this case, we can break immutability. I know that you talk about this in section 4.5. How are constants different from immutable types?, but this could lead to very subtle and unexpected situations.

For example, let's say we have this Slice type:

type Slice []int

func (s *Slice) Add(elem const int) {
    *s = append(*s, elem)
} 

func (s const Slice) ImmutableVersion() const [] const int {
    return s
}

And then we use it like this:

slice := Slice{1,2,3,4}
immutableVersion := slice.ImmutableVersion()
// Now immutableVersion = {1,2,3,4}
slice.Add(5)
// Now immutableVersion = {1,2,3,4,5} It has changed

This behavior could be unexpected and lead to confusion, as you were guaranteed by the type system that the var immutableVersion was immutable.
This can be even worse with slices as, if the capacity is exceeded, append will allocate a new underlying array, what means that the immutableVersion won't be changed. So we don't really know if/when the immutableVersion will change.

This won't happen if the method ImmutableVersion() returns a copy.

Don't get me wrong! I love the proposal. I think it is the best one I have seen for immutability and I would like it to come true as soon as possible.

I just wanted to know the general opinion about the case I have posted.

Thanks!

@nemith
Copy link
Contributor

@nemith nemith commented Oct 3, 2018

In 2.6. Immutable Interface Methods I am not sure I understand why enforcement of mutability on the interface is important. This seems more like an implementation detail and could severely limit the usefulness of interfaces if abused too much. The answer in 4.7 doesn't make much sense to me.

@rsc rsc added the Go2 label Oct 3, 2018
@romshark
Copy link
Author

@romshark romshark commented Oct 3, 2018

@ianlancetaylor

The difference between C-style const and the proposed const

Is there any difference between this proposal and the use of const as a type qualifier in C, other than the logical extension to interfaces?

There is! The const in C is just confusing while the const in this proposal always targets the type on the right:

goal Go C
reassignable pointer to writable T * T Т *
reassignable pointer to read-only T * const T T const *
read-only pointer to writable T const * T T * const
read-only pointer to read-only T const * const T T const * const

In fact, C-style const is so confusing that const char * is the exact same as char const *. You also can cast const to non-const in C, which you can't in this proposal. Please do not compare the const from C with the proposed const for Go, we don't wanna do it the horrible C-way, but rather learn from its mistakes!

Const-Poisoning

If by "const-poisoning" you mean the ability to cast immutable types to their mutable counterparts then I've got good news for you: C-style const poisoning is impossible with this proposal.

IV. Mutable types can be cast to their immutable counterparts, but not the other way around.

Terminology

Pedantically, I don't particularly like using the word "immutable"

This proposal is not about functional-programming-style "immutable objects", it's about "immutable types". Immutable objects remain immutable after they're initialized while immutable types are types you can't perform mutations on. "Types" and "objects" are obviously not the same and this proposal doesn't propose immutable objects.

Immutable Reference Types

Do we really have to worry about immutable containers of mutable values? Yes, that comes up once in a while, but it is often enough to make it worth writing const [] const T?

Reference types such as pointers, slices and maps shall be no exception in the concept of immutable types (slices and maps are reference types. Yes, they're implemented by a struct but to us users they're opaque). Section 5.2.1. describes why transitive immutability is to be avoided. Basically, it makes the entire concept of immutable types useless when the developer faces a slightly more complex situation like when a reference, such as a pointer, must point to an exact mutable object. But it's the complex situations the developers need the compiler's help most! Transitive immutability will force the developer to throw immutable types out the window because they limit his/her expressiveness making it totally useless.

@networkimprov
Copy link

@networkimprov networkimprov commented Oct 3, 2018

@ianlancetaylor's 2010 blog post on const: https://www.airs.com/blog/archives/428

He describes const as compiler-enforced documentation, except for variable definition where it directs the compiler to use read-only memory. (And he discusses const poisoning.)

But there is another way that const can affect generated code; a const function argument can be passed by reference instead of by value, so that a compound object (Go struct or array) isn't copied onto the stack. (Go maps and slice contents are already passed by reference.)

I'd like to see Go support that kind of const.

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Oct 3, 2018

@romshark Const poisoning refers to what happens when you add const to one function, and then you have to add const to every function that it calls, and then you have to add const to every function that those functions call, etc.

Then sometimes you discover that you have to change some lower function to not use const, for perfectly valid reasons, and const poisoning refers to the problem of removing const from the entire call chain.

These aren't made up problems, they are real issues that arise in practice in large programs.

Also, let me ask the comparison with C again: is there any difference between the use of const in this proposal and the use of const in C, other than syntax?

@romshark
Copy link
Author

@romshark romshark commented Oct 3, 2018

@ianlancetaylor
This is the reason Section 2.12. even exists. It's definitely true that once you've got immutable types you need to use them everywhere. This, essentially, is the price you pay for having predictability, clarity, and safety. It's kind of a stopper for the Go 1.x proposal, I agree, but in Go 2.x this must be done with immutable types by default to avoid having ambiguity from the very start and not end up with the Go 1.x problem of having to fix all libraries including the standard one.

I honestly can't imagine what "perfectly valid reasons" you need to have to, for example, make any of the lower functions called by strings.Join() not use const for the slice of strings you pass to a because a should be guaranteed to not be touched in any way neither by strings.Join() nor by any of the functions up the stack. And since immut -> mut casting is inherently forbidden I see no problems here. Once you provide a contract (API) - you either support it or you break it, not silently violate it!

Can you give us an example of when we'd suddenly discover that we actually needed mutable inputs and thus have to "remove immutability"?

There is no semantic difference between the C-style const and the proposed const. The proposed const is a better execution of the C version, but in the end, they both serve a similar purpose:

  • make the intentions of the code author clear and reliable.
  • protect the code from undesired and unexpected mutations.
@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Oct 3, 2018

Problematic cases happen in large, complex, programs, so there are no small examples. In terms of your proposal, the kind of thing that happens is that you start passing a map around, and there is no reason to change it, so you mark it const everywhere. Let's say it's a map of names to codes or something. Then later you realize that the names sometimes change, but you can only discover that deep in the call hierarchy. So you have to add some code there to change the map, and you have to remove const from all the callers. Obviously that is easy to nit pick, it's just an example, and, yes, I've seen this kind of thing happen in real code. In fact in C++ this is where most people reach for const_cast.

That aside, I note that you haven't replied to my memchr comment. In that regard you might want to read through #22876, which tries to address that problem through "permission genericity."

@romshark
Copy link
Author

@romshark romshark commented Oct 4, 2018

@ianlancetaylor
Yes, that is a problem indeed and the "permission genericity" concept proposed by Jonathan Amsterdam in #22876 does look promising (I wonder how I missed that). I'll give it a thought, it probably makes sense to integrate the concept of immutability genericity into this proposal as well.

@beoran
Copy link

@beoran beoran commented Oct 4, 2018

I appreciate the thought that went into this proposal, however I think immutability is mostly an academic concern. Seeing how complex this proposal is, I'd like to hear of some experience reports where accidental mutation actually caused serious problems in a large Go code base. In my experience, accidental mutation is a relatively rare cause of bugs in programming. Therefore I think it does not warrant the troubles of having to use const constantly, or having to constantly worry about const correctness.

@imatmati
Copy link

@imatmati imatmati commented Oct 4, 2018

I appreciate the thought that went into this proposal, however I think immutability is mostly an academic concern. Seeing how complex this proposal is, I'd like to hear of some experience reports where accidental mutation actually caused serious problems in a large Go code base. In my experience, accidental mutation is a relatively rare cause of bugs in programming. Therefore I think it does not warrant the troubles of having to use const constantly, or having to constantly worry about const correctness.

I am more than reluctant to introduce more complex solution than the problem you're trying to solve. Go is a simple language to a certain extent, we don't need to copy other language just to make some swing.

@deanveloper
Copy link

@deanveloper deanveloper commented Oct 4, 2018

I haven't seen any comments from those who've given a 👎, so here's my input.

Personally I don't like the idea behind const types. It reminds me of C's const which, IMO, was a disaster that complicated C's otherwise simple type system.

I am aware that it brings in a lot of safety, but it comes at the cost of a lot of readability. I also understand that sometimes sacrifices to readability need to be made to increase safety, but I'm not sure if this is one of them.

@bcmills
Copy link
Member

@bcmills bcmills commented Oct 4, 2018

In fact in C++ this is where most people reach for const_cast.

In the C++ codebases I've maintained, the vast majority of uses of const_cast were in order to overload const and non-const member functions.

That technique is recommended in Effective C++ (and in this StackOverflow answer), but disrecommended in the isocpp.org core guidelines.

That seems to support the theory that const-parametricity is sufficient to avoid the need for such casts.

@ianlancetaylor
Copy link
Contributor

@ianlancetaylor ianlancetaylor commented Oct 4, 2018

I didn't mean to imply it was the only time people used const_cast.

@bcmills
Copy link
Member

@bcmills bcmills commented Oct 4, 2018

That does raise the problem of migration paths, though: there are widespread APIs today, such as io.Writer that accept read-write slices, and a naive approach to const in the type system would require at least one of:

  • workarounds at every call site, such as conversions through unsafe.Pointer;
  • escape hatches for calling existing (Go 1) APIs, such as (unsound) bivariant subtyping; or
  • large-scale updates to ~all existing packages.

In contrast, a dynamic analysis (such as the one in #22048, possibly only enforced when the race detector is enabled) would only affect existing APIs that actually perform unexpected writes.

@LeonineKing1199
Copy link

@LeonineKing1199 LeonineKing1199 commented Oct 4, 2018

I'm not sure why you're bringing up io.Writer, @bcmills.

Mutable variables can safely be accepted as const and the API documentation for io.Writer itself attempts to convey its immutability requirements.

@jimmyfrasche
Copy link
Member

@jimmyfrasche jimmyfrasche commented Oct 4, 2018

Languages that get this right start with immutable by default and do a lot of work behind the scenes to make everything seamless and need some syntax sugar to make it easy to use. I love immutability, but I don't think it'd really fit in to Go well.

I do want to provide my position on one of @ianlancetaylor's points, though.

[T]he memchr problem. In C the standard library memchr function, which returns a pointer to the first occurence of a character in a string, is defined as char *memchar(const char *, char). The problem is that in terms of types, if memchr is passed a const char * it should return a const char *, and if memchr is passed a char * it should return a char *. That is, it should preserve the const-ness of its first argument.

Let's say A is const char * and B is char *.

memchr(A, B) is fine.

memchr(A, A) and memchr(B, B) should both be type errors. Each should need an explicit step to transition to/from an immutable copy: something like memchr(A, mutable_copy_of(A)) and memchr(immutable_copy_of(B), B).

This is the same as if this were a Go func with the signature func memchr(string, []byte) []byte where A is a string and B is a []byte. You can't just call memchr(A, A) and have it be the same as string(memchr(A, []byte(A))).

This inevitably leads to needing (at least) two versions of everything to avoid copying everything dozens of time or not being able to use (im)mutable versions of types because a needed dependency made the choice for you.

Sometimes generics could help with that by letting you write multiple versions simultaneously, but that means making a lot of things generic that otherwise would not need to be, essentially swapping "const poisoning" with "generics poisoning".

Having freeze/unfreeze/isFrozen sidesteps this but adds a dynamic axis to a static type system. Instead of having two versions of each function you have one version that needs to cope with both at runtime.

@Dragomir-Ivanov
Copy link

@Dragomir-Ivanov Dragomir-Ivanov commented Oct 4, 2018

@romshark I also had bad experience with C++ const poisoning, and it is not due to "bad design/API" but mere new features/requirements added, that need to modify something deep in the call chain, that nobody though should be modified before. And usually these features are needed for "yesterday", I did the only possible thing - const_cast right on the spot. So @ianlancetaylor concerns are very valid. One thought on all this const correctness thing: We have to declare that if something is marked as const in the current call chain, doesn't mean that it will not change by other part of the program running concurrently where they are not const types. It is just that current call chain can't change it ( unless you remove the const with something along the lines of const_cast ). Yeah, const correctness it is not a simple beast.

@go101
Copy link

@go101 go101 commented Feb 9, 2019

Currently, slice/map/function values can't be used as map keys is not because they are not immutable, it is just because different people have different views on how these values should be compared. To avoid the confusions caused by different views, Go forbids comparing them.

@JordanMcCulloch
Copy link

@JordanMcCulloch JordanMcCulloch commented Dec 6, 2019

Just wanted to say that this would be an amazing addition to Golang, and mention that Microsoft is in the races with their new open-source Project Verona language focused on memory safety (and is highly influenced by RUST).

@Robula
Copy link

@Robula Robula commented Dec 17, 2019

I definitely would prefer immutable by default as Golang is function first and it's difficult to enforce developers to declare runtime constants as readonly or immutible. I personally really like how Rust does it, let mut ....

@pbarker
Copy link
Contributor

@pbarker pbarker commented Jan 4, 2020

I would be curious to see a meta-analysis on immutable defaults with regard to the following topics:

  • Would declaring mut in every mutable variable declaration cause more code bloat than accessors across current popular repos?
  • Would introducing mut cause a cognitive burden on understanding the language?
@romshark
Copy link
Author

@romshark romshark commented Jan 6, 2020

@pbarker That's how the Go compiler would act if:

  • the Go type system was immutable by default
  • Go would allow safe implicit casting (safe only)
  • Go would allow mixed-mutability types

https://gist.github.com/romshark/5d4650d837c1d87ef237e68ca1408280

IMHO we'd get easier debugging and reading by trading off:

  • language simplicity (e.g. most people will struggle to understand the difference between mut *T, * mut T and mut * mut T, etc.)
  • the ease of writing
  • and probably the ease of refactoring too (making code more reliable usually also makes it less flexible)
@ORESoftware
Copy link

@ORESoftware ORESoftware commented Mar 17, 2020

how about const? oh wait 🤣

something that works with := is probably necessary, so maybe:

const a, var b, const c  :=  get3Results();  

🤣

HONESTLY, I would say something like OCaml would be nice, like a quote after the variable:

a',  b,  c'  :=  get3Results();  

if the variable has ' after it, it's immutable...it's also important to do this in function parameters (JS and TypeScript do not have this to my knowledge):

func HasImmutableParams(a string, b' bool, c int){
   // b is immutable
}
@romshark
Copy link
Author

@romshark romshark commented Mar 17, 2020

@ORESoftware

how about const?

We already came to the conclusion that the const keyword shouldn't be overloaded.

I would say something like OCaml would be nice, like a quote after the variable:

a',  b,  c'  :=  get3Results();  

if the variable has ' after it, it's immutable...it's also important to do this in function parameters

This proposal is about read-only types, not about immutable variables. I already explained why I find the type-based approach better than the variable-based one.

@Splizard
Copy link

@Splizard Splizard commented Mar 12, 2021

I don't like the idea of immut and mut keywords.

Why not use the existing 'readonly' type-syntax that already applies to channels?
(<-)

IE.

//You can assign read/write values to readonly types.
//(like with channels)
var readonly <-int = 5
readonly = 2

//However, if the type is a pointer type or struct, slice or map
//then it is a compiler error to mutate/write the underlying value.
var slice  <-[]int = []int{1, 2, 3}
fmt.Println(slice) //Allowed
slice[0] = 2  //COMPILE ERROR

var pointer <-*int = new(int)
pointer = new(int) //allowed
*pointer = 3 //COMPILE ERROR

type Something struct { Value <-*int }
var thing Something
thing.Value = new(int) //allowed
*thing.Value = 3 //COMPILE ERROR

var readOnlyThing <-Something

//allowed
readOnlyThing = Something{
    Value: new(int),
}

readOnlyThing.Value = new(int) //COMPILE ERROR
@romshark
Copy link
Author

@romshark romshark commented Mar 12, 2021

@Splizard what if you want an immutable slice of pointers to mutable objects though?
IMHO, <- syntax looks very confusing:

/* Immutable slice of pointers to mutable objects */
<-[]* T<-
immut []* mut T

/* Mutable pointer to an immutable object */
*<- <-T
mut * immut T

* <-T
* immut T
@Splizard
Copy link

@Splizard Splizard commented Mar 12, 2021

@romshark <- indicates that the semantic region of memory for a value is read only.

For a slice, this is the elements of that slice.
For a pointer, this is the value being pointed to.
For a map this is the values inside that map.
For a struct, this is the fields of that struct.
Etc

However, any pointers inside immutable types are still ordinary typed pointers. <- isn't recursive and needs to be added to any type with pointer semantics in order for the underlying value of that type to be made immutable.

//ie this is allowed
var slice = <-[]*int{new(int)}
*slice[0] = 3
pointer := slice[0]
*pointer = 5

//but this is not allowed
slice[0] = new(int) //COMPILE ERROR

//in order to prevent the underlying value of
//the pointers from being 
//modified then you need to create a
//read only slice with read only int pointers.
var safeslice = <-[]<-*int{new(int)}
*safeslice[0] = 3 //COMPILE ERROR
@romshark
Copy link
Author

@romshark romshark commented Mar 17, 2021

@Splizard we're going to run into issues because of the existing read-only and write-only channel declaration syntax.

According to this proposal, the following statement declares an immutable channel:

c := make(immut chan int, 1)
var r immut <-chan int = c
var w immut chan<- int = c

c = nil // Illegal assignment on read-only type
r = nil // Illegal assignment on read-only type
w = nil // Illegal assignment on read-only type

There's an obvious semantic conflict in case of the <-chan and chan<- syntax since var c <-chan int would declare a mutable variable. Alternative syntax like var c <-<-chan int would be very confusing and far from ideal IMHO.
Specifying mutability on the variable like this: var <-c <-chan int is not supported by this proposal since I propose to define mutability on the data types.

To avoid overly verbose declarations such as var s immut chan immut * immut T, this issue suggest propagating mutability qualification in the type definition: var s immut chan *T.

@Splizard
Copy link

@Splizard Splizard commented Mar 17, 2021

@romshark
I'm confused.

This proposal is about read-only types, not about immutable variables. I already explained why I find the type-based approach better than the variable-based one.

Why is assigning nil to a variable with type immut chan int illegal?

For example, strings are immutable in Go and this is completely valid:

c := string("hello")
c = ""

I mean a string is almost an alias of <-[]byte.

I don't see a semantic conflict with channels, they already have a read-only 'immutable' type equivalent. <-<- chan int is the same type as <-chan int because the type is already read only.
You don't have to like this notation but I don't see why there should be multiple ways in Go to declare a type to be read-only/immutable.

@deanveloper
Copy link

@deanveloper deanveloper commented Mar 17, 2021

@Splizard While I like your proposed syntax for its consistency, it produces an ambiguity:

var chanOfSlices chan<-[]Type = nil

Is this (chan<-)([]Type) or chan (<-[]Type)?

@romshark
Copy link
Author

@romshark romshark commented Mar 17, 2021

@Splizard

Why is assigning nil to a variable with type immut chan int illegal?

Take a look at this example:

type S struct {
  ID immut int
  Name string
}

s := S{42, "foo"}
s.ID = 43        // no!
s.Name = "bar"   // fine
s = S{43, "bar"} // fine

var s2 immut S = S{42, "foo"}
s2.ID = 43        // no!
s2.Name = "bar"   // no!
s2 = S{43, "bar"} // no!

immut makes s2 read-only.

For example, strings are immutable in Go and this is completely valid.
I mean a string is almost an alias of <-[]byte.

I initially picked the wrong title for this proposal. We're rather talking about read-only, not immutable types.
A variable or field of type string is still assignable/writable, the underlying data, however, is read-only. const string is somewhat closer to immut string with the only difference being that contstants must be known at compile-time while immut types are just read-only once they're initialized.

@Splizard
Copy link

@Splizard Splizard commented Mar 18, 2021

@deanveloper
No, this ambiguity already exists in Go, try creating a channel of read-only channels.
You need to use parentheses.
chan (<-chan int) vs chan <-chan int

@romshark
I suppose I should create a new proposal, as I reject the idea that a type can restrict a variable from being reassigned. Variables are reassignable by definition. What s2 = S{43, "bar"} // no! shows, is that immut changes the meaning of the variable and it is no longer a variable, it is a const pointer to a read-only type. IE const s2 <-*S = &S{43, "bar"}

@romshark
Copy link
Author

@romshark romshark commented Mar 18, 2021

@Splizard If immut wouldn't apply to variables then we'd lose a crucial feature of this proposal because a very common use case would be package-level read-only variables:

package something

var ErrSomethingWentWrong immut error = errors.New("something went wrong")
var Options = immut []string {"foo", "bar", "baz"}
var Dict = immut map[string]string {"foo": "bar", "baz": "faz"}
var DefaultLogger immut *Log = &Log{os.Stdout}
// etc.

Variables are reassignable by definition

No, not necessarily. Functional programming languages usually don't even feature reassignment. A variable is a placeholder for values unknown at compile-time.

it is a const pointer to a read-only type,

A constant's value must be known at compile time. A variable of immut type isn't required to be known at compile-time.

@jfcg
Copy link

@jfcg jfcg commented Mar 23, 2021

Hi,
I am in favor of adding only *const T which is a pointer type that can only read target data, no writing. This does not mean target data is constant, just that target cannot be changed by read-only pointer. No immutability for regular data (including pointers). Declarations are like

var x int
p := &x       // regular pointer
r := &const x // read-only pointer

var s *const int
s = &x // ok

p = r // forbidden without a cast
r = p // ok
// they should have different reflection kinds. design document does not talk about reflection.

*p++
*r++ // forbidden

var z struct {
    A int
    B string
}
r := &const z
r.B += "abc" // forbidden

func (r *const Object) Some() { // read-only method of type

Thanks..

@romshark
Copy link
Author

@romshark romshark commented Mar 24, 2021

@jfcg 3 issues:

  • How do you define read-only package-scope variables?
  • How do you define read-only struct fields?
  • How do you make maps and slices read-only?

If those issues remain unanswered then this should be a different proposal because it serves a different purpose.

@jfcg
Copy link

@jfcg jfcg commented Mar 24, 2021

* How do you define read-only package-scope variables?
* How do you define read-only struct fields?

expose them with read-only pointers

* How do you make maps and slices read-only?

similarly for slices, []const T could mean read-only slice, cannot be used to write to underlying data.
for maps, maybe map[K]const T could mean the same thing. In both cases expansion/deletion/overwrite could be forbidden.

Or, slice expansion could be allowed if there is capacity. For map, map[const K]const T could mean not-expandbale as well.

@romshark
Copy link
Author

@romshark romshark commented Mar 24, 2021

@jfcg If, and only if *const int is similar to const int in the sense that it cannot be mutated and assigned to then it'd be an interesting alternative to consider.

However, I see a potential problem as it'll lead to pointer abuse and cause increased number of allocations and hence generate more pressure on the garbage collector since objects referred to by a pointer escaping the function scope will be allocated on the heap. This contradicts one of the goals of this proposal: improve performance by avoiding unnecessary copying.

Also, it'd be impossible to have mixed-mutability types, which, I fear might lead to problems.

@jfcg
Copy link

@jfcg jfcg commented Mar 25, 2021

@jfcg If, and only if *const int is similar to const int in the sense that it cannot be mutated and assigned to then it'd be an interesting alternative to consider.

However, I see a potential problem as it'll lead to pointer abuse and cause increased number of allocations and hence generate more pressure on the garbage collector since objects referred to by a pointer escaping the function scope will be allocated on the heap. This contradicts one of the goals of this proposal: improve performance by avoiding unnecessary copying.

Also, it'd be impossible to have mixed-mutability types, which, I fear this might lead to problems.

I think an example is better:

package mypkg

type ConfVar struct {
    A int
    B string
}

var pkgVar ConfVar

func PkgVar() *const ConfVar {
    return &const pkgVar
}

So, there is no global read-only pointer to mess with and no allocation. mypkg can modify pkgVar and outsiders have fast & read-only access to that package-level variable by one call to PkgVar(). You can write similar methods for allowing read-only access to private struct fields. Can you elaborate what you mean with examples?

@romshark
Copy link
Author

@romshark romshark commented Mar 25, 2021

@jfcg let's say you want a factory that returns objects with an immutable field:

type Object struct { ID *const uint64 }

type Factory struct { counter uint64 }

func (f *Factory) NewObject() *Object {
  f.counter++
  id := f.counter                // Will be allocated
  return &Object {ID: &const id} // Pointer escapes function scope
}

This approach leads to a performance penalty.

The read-only type approach doesn't:

type Object struct { ID immut uint64 }

type Factory struct { counter uint64 }

func (f *Factory) NewObject() *Object {
  f.counter++
  return &Object {ID: f.counter} // No pointers, no allocations
}

This is an oversimplified example. I know that we could just return *const instead, but we might want the object to be mutable with only the Object.ID field being immutable.


package mypkg

type ConfVar struct {
   A int
   B string
}

var pkgVar ConfVar

func PkgVar() *const ConfVar {
   return &const pkgVar
}

Second issue: pkgVar remains mutable within the package, which might not be desirable.

package mypkg

type ConfVar struct {
  A int
  B string
}

var PkgVar = immut ConfVar{
  A: 42,
  B: "foo",
}

Read-only types would guaranteemypkg.PkgVar to be immutable since it cannot be written to from both within and from outside of the package.

@jfcg
Copy link

@jfcg jfcg commented Mar 25, 2021

type Object struct { ID immut uint64 }

type Factory struct { counter uint64 }

func (f *Factory) NewObject() *Object {
  f.counter++
  return &Object {ID: f.counter} // No pointers, no allocations
}

This is an oversimplified example. I know that we could just return *const instead, but we might want the object to be mutable with only the Object.ID field being immutable.

This case (or similar ones) does not even need read-only pointers, let alone full blown immutability:

type Object struct {
    id uint64
    Data string
}
func (o *Object) ID() uint64 {
    return o.id
}

Methods are perfectly fine and even they can be optimized out by compilers.

Second issue: pkgVar remains mutable within the package, which might not be desirable.

It is actually by design (for example). Only the package can update its confguration variables, sounds pretty straightforward to me.

package mypkg

type ConfVar struct {
  A int
  B string
}

var PkgVar = immut ConfVar{
  A: 42,
  B: "foo",
}

Read-only types would guaranteemypkg.PkgVar to be immutable since it cannot be written to from both within and from outside of the package.

What advantages do always-immutable variables have over typed constants?

Can you think of a real example where full blown immutability delivers undisputed advantage that struct methods, functions and read-only pointers cannot?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet