[swift-evolution] [swift-evolution-announce] [Review #2] SE-0117: Default classes to be non-subclassable publicly

Peter Livesey pdlivesey at gmail.com
Tue Jul 19 18:46:37 CDT 2016


---- "Yes. It is a real problem. If you vend a library for long enough and
make some change to a class that you never intended to be subclassed,  you
are likely to find out that you have broken client code."

Ok, so the problem here is that you forgot to think if this makes sense to
subclass or not. I don't see how this proposal makes people do this? This
proposal doesn't fix this bug? It just changes a default.

---- `final` is not the same as sealed. `final` classes are sealed but
sealed classes are not necessarily final.

This highlights my point. Why? Why do we need this distinction? If a class
can be subclassed, then it can. If it can't, it can't.

----- What happens when you ship the library and no-one can subclass
anything, even the types you intended for them to subclass? Do you not have
or ship any tests or demo code which uses the library as a dependency?

I feel like this boils down to - if someone finds a bug, you're forced to
fix it. Yes, that's true. But again, this happens with or without this
proposal. It seems like this proposal is then saying:
Let's make things as restrictive as possible by default so that when
developers make mistakes, their APIs will be backwards compatible? As in,
adding final isn't backwards compatible, but adding open is?
This maybe leads to your last point. I just think this is such a narrow use
case for the language.

---- "Because it is  foreign code. Code that you don't control. You say
'not every module is 3rd party.' true. You control that and can easily open
classes in the module because you control it. In opening it yourself, you
are deciding and explicitly stating that it should be open. This again
speaks to point #2."

This I think is the big one. Currently, we put the responsibility on the
API developer to remember to use final. If they forget, then developers
have their options open. With the new model, if they forget, developers
have no options. It seems to me like:

1. If developers remember to write good APIs every time, then both models
are equivalent.
2. If developers forget then:

With this proposal: consumers are screwed until the library is fixed, but
the change is backwards compatible.
Without this proposal: consumers are fine to choose what to do (and maybe
make mistakes), but the change could be backwards incompatible.

To me, consumers not being screwed > changes being backwards compatible. If
the API designer has a bad API, then sure, some backwards incompatible
things may happen. I don't think we should design for APIs being
incorrectly written, which I think we are doing.

On Tue, Jul 19, 2016 at 4:12 PM T.J. Usiyan <griotspeak at gmail.com> wrote:

> On Tue, Jul 19, 2016 at 6:26 PM, Peter Livesey via swift-evolution <
> swift-evolution at swift.org> wrote:
>
>> I'm new to this thread, but I've read every email so far. There are a few
>> things I find confusing with the proposal, so I'll try to sum up what I see
>> so far:
>>
>> 1. I don't understand what problem this solves?
>>
>> It seems like for 3rd party libraries only, we are afraid that people
>> will subclass things when they shouldn't? Is this a real problem?
>>
> Yes. It is a real problem. If you vend a library for long enough and make
> some change to a class that you never intended to be subclassed,  you are
> likely to find out that you have broken client code.
>
>
>>
>> What are people frustrated by? Are 3rd party developers frustrated that
>> they can't specify this? But they can already - with final?
>>
>
> `final` is not the same as sealed. `final` classes are sealed but sealed
> classes are not necessarily final.
>
>
>> Are consumers frustrated that they're allowed to subclass when they
>> shouldn't? I can't imagine anyone wanting either of these things.
>>
>
> I have been frustrated by having trouble correctly subclassing something
> only to find out that I shouldn't have tried. Yes, read the documentation,
> but documentation can often be subtle with 'don't  subclass this'
>
>
>>
>> 2. It seems that a consistent argument is that this 'forces developers to
>> think about it'.
>>
>> I don't understand this at all. It's not a required keyword, so why does
>> it force me to do anything? I leave it out - there's no error, no reminder,
>> no forcing.
>>
>
> What happens when you ship the library and no-one can subclass anything,
> even the types you intended for them to subclass? Do you not have or ship
> any tests or demo code which uses the library as a dependency?
>
>
>> 3. It's a crazy specific and complex rule:
>>
>> "You can't subclass it only if it's public and only if it's in a
>> different module. Unless it's testable, then it's ok." Not only does this
>> make many assumptions about the roles of modules (not all modules are 3rd
>> party libraries), but it's a crazy rule for people to memorize. It
>> definitely violates the rule of least surprise in my opinion and I bet most
>> people running into this error will think: "What is this?".
>>
>
> I memorized it from the first. Foreign public code must explicitly trust
> me for this to happen.
>
> `@testable` is it's own skeleton key. This is not new. Why can I see
> `internal members? `@testable`.
>
>
>
>
>>
>> 4. Please can we keep swift simple
>>
>> Swift has ~94 keywords so far (I know, that's not the best way to measure
>> complexity of a language), but does this problem really warrant it's own
>> keyword? Swift is beautiful because of how it balances power and
>> complexity. These types of rules add so much complexity for very little
>> benefit.
>>
>
> The core of swift is simple. You can teach basics up to intermediate
> concepts pretty quickly. Advanced swift is already complex for great
> reason. The added complexity especially beneficial because it will force a
> conversation about this decision.
> relatively new swift developer: "Why can't I subclass anything from this
> module that I wrote?"
> me: "because you haven't explicitly stated what should be subclassed and
> what shouldn't"
> This speaks directly to point #2.
>
>
>
>
>
>
>>
>> 5. If you think subclassing is dangerous by default, turn it off by
>> default.
>>
>> Why are we special casing 3rd party libraries?
>>
> Because it is  foreign code. Code that you don't control. You say 'not
> every module is 3rd party.' true. You control that and can easily open
> classes in the module because you control it. In opening it yourself, you
> are deciding and explicitly stating that it should be open. This again
> speaks to point #2.
>
>
>
>> Since when does a language assume how it's being consumed?
>>
> Choosing to make something a module is an attempt to separate off some bit
> of logic. The walls are a decision. If you control it all and you are
> bothered by the wall, put it in the same module.
>
>
>> Again, this goes back to the assumption that all modules are 3rd party
>> libraries with well thought out APIs. I don't think this is true at all…
>>
> "Abandon all hope, ye who enter?" How is it wrong to try to make this a
> reality?
>
>
>> If we truly believe that subclassing is dangerous unless the class is
>> designed for it, then lets do it everywhere, not just for public classes. I
>> don't think I'd vote for this, but I will admit it at least has consistency
>> and simplicity.
>>
>
> So… the only way that you would consider this change is if we changed it
> to be obviously less useful and, because it wouldn't be useful with that
> change, it is not a good change?
>
>
>> Summary
>>
>> I think it's dangerous for a language to assume how code is written and
>> used.
>>
>
> I think that it is the job of the language's maintainers to guide use of
> the language.
>
>
>> This proposal assumes that classes are written in a certain way, and code
>> is consumed in a certain way.
>>
>
> This proposal steers the writers and consumers of code written toward an
> envisioned 'golden path'.
>
>
>> I think Swift should stay flexible while allowing for people to be
>> expressive (e.g. the final keyword is AWESOME).
>>
> sealed-by-default does not reduce that flexibility. It increases it.
> "oops, I have to open a class that I already shipped " <- entirely
> possible to do without breaking compatibility after adoption of this
> proposal
> "oops. I have to seal a class that I already shipped" <- not possible to
> do without breaking compatibility.
>
>
>
>> The pros here seem to suggest that we'll fix a bunch of bugs where
>> subclassing was done by mistake. The cons seem to be that it shackles
>> developers when people forget to add this keyword (which will happen a
>> lot...because there are 94 others to remember how to use correctly).
>>
>
> Do we really believe that we cannot and will not teach our developers to
> do something? "abandon all hope" indeed. Developers who ship APIs without
> audits, without demo code or tests which call this out, and–finally–without
> listening to clients who complain about this are not really a great metric,
> are they?
>
>
>
>
>>
>>
>> On Tue, Jul 19, 2016 at 2:17 PM Goffredo Marocchi via swift-evolution <
>> swift-evolution at swift.org> wrote:
>>
>>>
>>>
>>> Sent from my iPhone
>>>
>>> On 19 Jul 2016, at 21:41, David Owens II <david at owensd.io> wrote:
>>>
>>>
>>> On Jul 19, 2016, at 11:37 AM, L. Mihalkovic via swift-evolution <
>>> swift-evolution at swift.org> wrote:
>>>
>>>
>>>
>>> Regards
>>> (From mobile)
>>>
>>> On Jul 19, 2016, at 8:19 PM, Goffredo Marocchi via swift-evolution <
>>> swift-evolution at swift.org> wrote:
>>>
>>>
>>> Sent from my iPhone
>>>
>>> <off-topic>
>>> Cocoa currently hides the boilerplate for all of these wonderful
>>> constructs behind amazingly effective runtime acrobatics. This fits
>>> perfectly into Objective-C, and it also works very well in Swift. But such
>>> features could be in better harmony with Swift's unique set of language
>>> constructs if their boilerplate was hidden behind amazingly effective
>>> **compile-time** acrobatics instead.
>>>
>>> Such compile-time acrobatics are hard to perform today, and it is
>>> possible that the ability to create such systems will forever remain an
>>> advanced skill, just like forging runtime magic requires advanced skills in
>>> Objective-C.
>>>
>>>
>>> ... rantish...
>>>
>>> I am still not convinced that even the best compiler can fully replace
>>> what a powerful runtime can provide no matter the acrobatics you put in in
>>> terms of compiler introduced utility code/constructs or the code analysis
>>> efforts you can put in at compile time
>>>
>>>
>>> That is a fact back by some interesting papers. By it is also true that
>>> one cannot always be used in place of the other.
>>>
>>>
>>> While it is true that the compiler cannot fully replace everything, it
>>> can help with many types of errors that are hard to catch at runtime.
>>>
>>> I’ll reiterate this again: this proposal does *not* prevent Swift from
>>> building language mechanism to allow for this type of behavior though. The
>>> fact is, Swift APIs are heavily value or value semantics so the lack of
>>> inheritance on classes is not going to be the primary reason you cannot
>>> monkey patch something.
>>>
>>> What this proposal does say is this: there is no “safe” way to achieve
>>> this type of behavior that the API authors either intentionally left out or
>>> left out because of an omission.
>>>
>>> If you are subclassing a class in Swift, under this proposal, you can be
>>> sure of one thing: the author explicitly made it so you’d be able to. We
>>> can argue if they did so with diligence, but that’s mostly immaterial to
>>> the discussion.
>>>
>>> The fact is, in order to allow monkey patching, Swift is going to need
>>> to answer many questions that it still has yet to answer, such as how
>>> reflection is really going to work. However, with these more restrictive
>>> defaults, it’s possible to extend the language to provide runtime monkey
>>> patching that can be more easily audited both in source code and at
>>> runtime. Instead of API authors just seeing crashes in their libraries and
>>> not realizing that someone swizzled a method, we would now be able to mark
>>> who did the swizzling and which functions were actually swizzled.
>>>
>>> An example of how this *could* look would be something like this:
>>>
>>> struct Person { /* This is defined in module A */
>>>     // a bunch of fields
>>>     var birthDate: Date { get set }
>>>
>>>     func calculateAge() -> Int { return 12; }
>>> }
>>>
>>> Obviously there is a bug in `calculateAge`. How could we fix it? Well,
>>> in your app framework (or some other target as needed) as we don’t have the
>>> ability to fix module A directly:
>>>
>>> extension Person {
>>>     @replaceMethodImplementation func calculateAge() -> Int { /* better
>>> implementation */ }
>>> }
>>>
>>> This would require support within the Swift language and tooling. For
>>> one, we’d need the non-optimized code to be distributed so that code within
>>> module A used this new implementation of `calculateAge`. However, this is
>>> the direction I’d much rather see Swift go. The ability to annotate code
>>> properly as monkey patches so we can audit them, track them, version them,
>>> and identify them clearly both at compile time and runtime.
>>>
>>> I’m all for Swift getting the right underlying model. After that, we can
>>> address a better way to provide the necessary means to monkey patch and
>>> change behavior, but first the fundamentals need to be nailed properly.
>>>
>>>
>>> Agreed, but we need to get ourselves some metrics and not to be afraid
>>> to considered annoying non true believers :). As more coders use Swift in
>>> their apps for some portions or the entirety of their codebase, are we
>>> seeing less bugs? When will it be proper to collect the data in a
>>> productive non biased way? I think it'll be very interesting as more stats
>>> are available other than LOC ones.
>>>
>>> We desire to have Swift run in all possible scenarios, complex video
>>> games included, and being a heavily value type based language with many
>>> built-in components using CoW semantics (sizeable in memory copies when
>>> some coders may forget it will happen). There is a reason why academia and
>>> a lot of coders back then we're pushing people towards reference types and
>>> pass by reference semantics and away from how C dealt with big structs and
>>> function pointers to achieve similar features.
>>>
>>>
>>> -David
>>>
>>> _______________________________________________
>>> swift-evolution mailing list
>>> swift-evolution at swift.org
>>> https://lists.swift.org/mailman/listinfo/swift-evolution
>>>
>>
>> _______________________________________________
>> swift-evolution mailing list
>> swift-evolution at swift.org
>> https://lists.swift.org/mailman/listinfo/swift-evolution
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20160719/a4c18a73/attachment.html>


More information about the swift-evolution mailing list