[swift-evolution] Swift evolution proposal: introduce typeprivate access control level

Daniel Leping daniel at crossroadlabs.xyz
Fri Dec 2 06:27:26 CST 2016


Folks, it really gets intense (and I really like it, while not being
satisfied with current system) and looks like reconsidering from scratch.
To make the further communication productive let's first bring the bigger
picture into context.

Let's bring some history first.

Initially Swift adapted the model from Obj-C. The main argument from Apple
was compatibility and "it's not bad, just different; try to adapt". There
was a blog article about it on Apple's site. Sorry don't have a link.

Well, anyways, with Swift 3 it no longer is as simple as it is in Obj-C.
New modifiers were introduced by request. I feel it's good and means
everybody agrees Obj-C modifiers aren't sufficient for Swift. What I mean,
initial arguments should apply no more and I hope Apple will not be too
rigid with current status.

What I mean, though, the new introductions of access modifiers feel quite
some "patchy".

Let's bring the discussion to why we need access control into the first
place. As for me it is:
1. Possibility to provide a clean, safe API from middleware (frameworks)
2. While working as a team on a single project, restrict others from misuse
of your APIs.

The other breakdown is what types of APIs we might have:
1. Simple "allocate and use"
2. APIs that require some kind of inheritance, protocol implementations,
overriding, etc.

I'm not pretending these lists are complete, so please feel free to add
your use cases.

As a framework developer I personally suffer quite some from inability to
have protected (or any alternative) methods in protocols. It comes from
absence of multiple inheritance (which I'm completely fine with) and
inability to fully replace it with protocols.

One of the simple examples would be: you need an API that requires
overriding? Make it accessible for ancestors only (even in protocols).
Despite the argument "ancestors can open it to public" (there are a lot of
dangerous things to do) it makes the API much more clean and hides
implementation complexity. Otherwise you just have to explain it in the doc
"please don't call this method, it's an internal" which feels wrong.

So, what I suggest:
1. Keep public/open which is cool
2. Add protected which should solve the inheritance issue
3. Add "inner" which is a bit wider than protected and allows to access
members from extension
4. Keep internal, but make it an "additional marker" which keeps anything
from being visible outside of the module. I mean like a member can be at
the same time protected and internal
5. Apply the very same thing to protocols (I know it's controversial; still
I believe the language should be consistent and solid. The same rules
should apply everywhere). It will add more flexibility for API devs (keep
in mind we don't have other way of multiple inheritance)
6. Please add your use cases

It is not a replacement of proposal with fine grained tunable custom
modifiers, but rather a try to rethink from scratch what we need
considering we are already far from the initial concept.


On Fri, 2 Dec 2016 at 13:36 Gonçalo Alvarez Peixoto via swift-evolution <
swift-evolution at swift.org> wrote:

> @Adrian
>
> I do agree with you when you state "But instead of introducing even more
> access modifiers we probably should fix some of the existing ones". As I
> mentioned in the proposal, typeprivate level could somehow
> replace fileprivate which, in my opinion, falls short in promoting good
> design practices. While I'm sure that's not it's intent, it surely creates
> conditions for some dodgy patterns to emerge.
>
> Also, would you be so kind to provide an example where typepublic would be
> useful? Maybe you're thinking of allowing member access to subclasses?
> Would that fall into a possible "protected" realm?
>
> I agree we should handle protocol access control as well. In fact, I
> believe protocols in general should be subject of focus if we're to promote
> a protocol oriented programming environment. I believe there's some aspects
> within protocol usage which also lack robustness which lead, for instance,
> to type erasure solutions, which in my opinion feel like some somehow hacky.
> Still, I believe there's so much we can add to protocol access control
> level, one can actually build a proposal out of it (I'd gladly take part of
> this discussion as well!), otherwise we'd be adding so much more to this
> proposal's intent than what it's essence demands: a way to access private
> members on extensions placed on separate files.
>
> @Rien
>
> "And the funny thing is, we don’t actually _need_ access control levels."
> I tend do disagree. I believe we do profit from access control levels in
> many many ways. One does profit from clearer and safer API communication. I
> assume you consider that's vital as well since you do suggest a finer
> grained list of access control levels.
>
> "I consider it dangerous by default to open up a scope just because
> another class needs occasional".
> Couldn't agree more!
>
> Best,
> Gonçalo
>
>
>
>
> 2016-12-02 10:43 GMT+00:00 Adrian Zubarev via swift-evolution <
> swift-evolution at swift.org>:
>
> There is some really deep talk going on here again. But instead of
> introducing even more access modifiers we probably should fix some of the
> existing ones.
>
> Don’t get me wrong, I understand what the authors of the proposal are
> trying to introduce to the language, but even if such a proposal would be
> accepted, there will be people who would beg for typepublic access
> modifier.
>
> I tried to get some attention from the community after we introduced open
> to the language, because we literally created an inconsistent area for
> protocols.
>
> Now we have open vs public classes, where open means you can subclass
> your type from module A in module B, and public prevents this.
>
> What’s up with protocols?
>
> (protocol) conforming == abstract subtyping (classes)
>
> Fixing this area would prevent the API user from using protocols which are
> public but not meant to be used there (at least not to be conformed to),
> because there was some implementation artifact that prevented the framework
> author from hiding such a protocol.
>
> Something like “hands off from _SomeName protocols” could be enforced by
> the language rather than some convention, which some API users might not
> even read.
>
> That said, some hacks like this should be prevented:
>
> struct A : _ExpressibleByBuiltinIntegerLiteral {
>     init(_builtinIntegerLiteral value: _MaxBuiltinIntegerType) {}
> }
>
> struct B : ExpressibleByIntegerLiteral {
>     init(integerLiteral value: A) {
>         print(type(of: value))
>     }
> }
>
> let b: B = 42 // prints "A"
>
> We introduced an exclusive access modifier for classes which is really odd
> to be honest. We should extend it to protocols as well.
>
> In Module A:
>
>    - open protocol X - can be conformed to from module B
>    - public protocol Y - cannot be confronted to from module B, but
>    instead might be used as an interface
>
>
>
> --
> Adrian Zubarev
> Sent with Airmail
>
> Am 2. Dezember 2016 um 09:56:49, Rien via swift-evolution (
> swift-evolution at swift.org) schrieb:
>
> And the funny thing is, we don’t actually _need_ access control levels.
>
> The only purpose of access control is to enhance security/reliability by
> imposing restrictions on other programmers (API users).
>
> It seems to me that in almost all discussions the arguments are mostly
> backwards: i.e. formulated from the perspective of the API users. Maybe
> because just about all programmers are API users of the OS-API? Anyway…
>
> What I would like to see is a complete overhaul of the access control and
> rewrite it entirely from the perspective of the API provider.
> I.e. give a more fine grained control to the API writer in the sense that
> he can specify exactly which other piece of code has access. I consider it
> dangerous by default to open up a scope just because another class needs
> occasional access. (i.e. give -for example- module access just because
> there is 1 other class in the module that needs that access. Inadvertently
> opening up access to all other classes in that module.)
>
> An access control list could do just that. Perhaps something like:
>
> access(type, MyFriendClass(get))
>
> The above would provide access to the entire type (but not any children)
> and read-only from MyFriendClass.
>
> A quick -off the cuff- list of access levels:
>
> local: access only to local scope (default)
> type: Only the type in which it is defined (no children)
> child: The type and its children
> <type-name>: Access is granted to the type named
> file: Access is limited to this file only
> <file-name>: Access is granted to the named file
> module: Access is granted to the entire module
> <module-name>: Access is granted to the module with the given name
> public: Access is granted to everybody
>
> Further access specification could be made possible through the use of the
> dot-notation:
>
> <type-name>.<function-name>
> <file-name>.<class-name | function-name>
> <module-name>.<class-name>.<function-name>
>
> Read/write control through a parameter passing notation:
>
> <type-name>.<function-name>([[get],][set])
>
> Examples:
>
> access(type) var count: Int // entire type can read/write
> access(type(get), type.incrementer) var count: Int // Entire type can
> read, only the incrementer function has read/write
> access(module, FriendType, public(get)) var count: Int // Entire module
> can read/write, FriendType can read/write, others can only read
>
> Regards,
> Rien
>
> Site: http://balancingrock.nl
> Blog: http://swiftrien.blogspot.com
> Github: http://github.com/Swiftrien
> Project: http://swiftfire.nl
>
>
>
>
> > On 01 Dec 2016, at 21:38, Brandon Knope via swift-evolution <
> swift-evolution at swift.org> wrote:
> >
> > Is anyone starting to think the current access control model will become
> more burdensome over time?
> >
> > People will want to add and subtract to it for years to come...which
> tells me it's not very flexible. I'm beginning to feel like it is an old
> style model trying to fit into a modern language.
> >
> > For example, fileprivate and private encourage stuffing a lot of code
> into one file just to use that access control level. If you want to break
> this into more manageable chunks you have to make it internal or move it
> into a new module which is very complicated to do in Xcode (I.e requiring a
> new target like a framework).
> >
> > This keeps leading me back to having submodules or creating modules on
> demand. I think that would open up this system to great complexity.
> >
> > Want to keep something private to a specific class but private to
> anything outside of it? Make it internal to the same "submodule".
> >
> > I think we could keep tacking on things to access control, but I don't
> think it is really solving everyone's needs. I think a more flexible system
> would allow people to adapt it to their needs instead of structuring
> everything around a rigid system that forces you to do it swift's way.
> >
> > On Nov 29, 2016, at 10:24 AM, Gonçalo Alvarez Peixoto via
> swift-evolution <swift-evolution at swift.org> wrote:
> >
> >> Hello, everyone!
> >>
> >> I would like to introduce a new proposal to swift evolution, but first
> I would love to run it by all of you so I get everyone's feedback and
> enrich it.
> >>
> >> This proposal consists of introducing a new typeprivate access control
> level which allows for members to be accessed in all extensions of a given
> type, whether lying within or in another file.
> >>
> >> You'll find the proposal draft in:
> >>
> https://github.com/goncaloalvarez/swift-evolution/blob/master/proposals/NNNN-introduce-typeprivate-access-control-level.md
> >>
> >> Thanks in advance for taking the time to evaluate the proposal.
> >>
> >> Best regards,
> >> Gonçalo
> >> _______________________________________________
> >> swift-evolution mailing list
> >> swift-evolution at swift.org
> >> https://lists.swift.org/mailman/listinfo/swift-evolution
> > _______________________________________________
> > swift-evolution mailing list
> > swift-evolution at swift.org
> > https://lists.swift.org/mailman/listinfo/swift-evolution
>
> _______________________________________________
> swift-evolution mailing list
> swift-evolution at swift.org
> https://lists.swift.org/mailman/listinfo/swift-evolution
>
>
> _______________________________________________
> swift-evolution mailing list
> swift-evolution at swift.org
> https://lists.swift.org/mailman/listinfo/swift-evolution
>
>
> _______________________________________________
> swift-evolution mailing list
> swift-evolution at swift.org
> https://lists.swift.org/mailman/listinfo/swift-evolution
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.swift.org/pipermail/swift-evolution/attachments/20161202/674c1594/attachment.html>


More information about the swift-evolution mailing list