Idiomatic Use of Self and Aliasing

biosbob · July 12, 2024, 4:05pm

so putting aside the nuances of aliasing, this thread raises a more fundamental question i have about struct arguments – in particular the idiomatic use of self…

consider the following struct which exposes a getter/setter pair:

const Thing = struct {
    const Self = @This();
    _data: u8,
    pub fn getData(self: Self) u8 {
        return self._data;
    }
    pub fn setData(self: *Self, d: u8) void {
        self._data = d;
    }
};

my actual use-case is far more complex, needless to say… but i’ll sometimes find that i need to declare getData(self: *Self) to get things working; or i’ll sometimes go further and declare self: *const Self, etc… i compile everything for releaseSmall…

if i understand the intent behind the compiler’s choice in passing a struct by value or reference, wouldn’t self: Self and self: *const Self mean the same thing??? even more subtle, would the compiler actually choose to pass a Thing instance to getData by value – even if i declared the parameter as *const Self???

said another way, is the choice to pass by copy or reference a two-way street in the case of getData???

LucasSantos91 · July 12, 2024, 6:02pm

Sometimes yes, but not always. Consider this:

var store: *const usize = undefined;
fn useStored() void{
  const value = store.*;
  // use value.
}
fn doStore1(ptr: *const usize) void{
  store = ptr;
}
fn doStore2(value: usize) void{
  store = &ptr;
}

In this snippet, we store a pointer to be used later. doStore1 does the correct thing, but doStore2 has undefined behavior. Sometimes you actually need to point to something, in this cases, the pointer is mandatory.
In the vast majority of cases, the value will be read and used immediately, so taking the parameter as either pointer or value would work. In such cases, Zig prefers that we pass by value, as it enables more optimizations, but it can result in the aliasing issue.

Theoretically, it could. As far as I know, parameter reference optimization is currently implemented in one way, that is, it transforms values into references, but not the other way. Someone could implement what you’re saying, but in order to do this transformation, the compiler would have to analyse the code and prove that the reference isn’t necessary, which would be quite expensive and would rarely pay off.

AndrewCodeDev · July 12, 2024, 6:05pm

Context - moved from solved thread: Copy or reference?

biosbob · July 12, 2024, 6:28pm

@LucasSantos91 – so in my example with “getters” and “setters”, i should prefer self: Self for the former and self: *Self for the latter… this seems to align with the current design/implementation of the compiler…

but correct me if i’m wrong, a “small” struct that the compiler elects to pass by value can still contain a (readonly) pointer referencing (readwrite) memory…

my use-case involves “box-ing” scalar values (including pointers/slices) into single-field structs that are trivially copied via registers… methods on these “smart box structs” can often enforce stricter semantics that simply exposing the boxed value…

mnemnion · July 12, 2024, 6:47pm

LucasSantos91:

fn doStore1(ptr: *const usize) void{
  store = ptr;
}
fn doStore2(value: usize) void{
  store = &value;
}
In this snippet, we store a pointer to be used later. doStore1 does the correct thing, but doStore2 has undefined behavior.

[I edited doStore2 to what I infer you meant by it].

I think it would be a good goal to make this specific thing a compiler error: any pointer to a reference parameter which escapes the function the parameter is passed into should be illegal. I don’t know how good the compiler’s escape analysis is, but it should be possible for cases which aren’t insane, like the old integer-and-back trick where you deserve whatever problems you’ve caused yourself.

I do see some problems with covering every case, because passing the value parameter down the stack, as a *const T, should be legal. Separately, a *const T parameter escaping the function should also be legal. Put those things together and congratulations, you have aliasing issues. Zig will always be a sharp object, though: each of those operations is valuable separately, and detecting all cases where they’re combined into UB might be hard (meaning, slow).

Still, I see no reason to allow a pointer-to-reference-parameter to directly escape the scope or travel up the stack via return values. That code is a priori incorrect and there’s no reason it should compile (I’m open to counterexamples).

LucasSantos91 · July 12, 2024, 7:21pm

Yes, but that is a different aliasing that what we were discussing. What you’re refering to is the classic aliasing that happens in shallow copy vs deep copy.

LucasSantos91 · July 12, 2024, 7:25pm

That is proposed.

mnemnion · July 12, 2024, 7:30pm

Similar enough that it’s probably not worth having a separate tracking issue, sure. Pointer-to-reference-parameter is a subtly different kind of wrong from pointer-to-stack-variable, but they have the same feature of being safe to pass down stack (assuming nothing keeps that address) but undefined to capture out-of-scope or to pass up the stack.

The same kind of analysis would be needed to identify either, so one issue is fine here I reckon.

david_vanderson · July 12, 2024, 11:23pm

This bit me a few times, and I tried hacking zig to enforce not copying when using the “a.foo()” syntax. My takeaway was that it probably would prevent a narrow class of bugs, but they weren’t as prevalent as I expected, and it makes certain idioms more awkward.

You can read my trip down the rabbit hole (I recommend reading the proposal and my final comment at the end):

github.com/ziglang/zig

Proposal: a.foo() syntax requires foo's first argument be a pointer

opened 06:48PM - 21 Oct 22 UTC

closed 12:19AM - 02 Nov 22 UTC

david-vanderson

proposal

When calling ```obj.foo()``` we expect foo to operate on obj, not on a copy of o…bj. I propose that calling a function using the ```obj.foo()``` syntax be a compile error if foo's first argument is not a pointer. Message could be something like ```error: calling function with dot syntax requires first argument of function to be pointer``` **Rationale** Any member function that accepts the struct by-val as the first argument is a foot-gun: ```zig pub fn foo(self: Self) bar { // is self a const pointer or a copy? return self.internal_stuff.func(); // sometimes works, other times silently fails due to copied self } ``` You want this instead: ```zig pub fn foo(self: *const Self) bar { // self is pointer (with or without const as needed) return self.internal_stuff.func(); // always works } ``` I've made this mistake myself, seen it in zig libs, and now even many places in the zig std lib. I'll send PRs for the ones I've found. **Motivation** I'm using [TinyVG](https://tinyvg.tech/) to render icons in a [gui library](https://github.com/david-vanderson/gui). When switching zig to stage2, a few of the icons started rendering nonsense. Eventually I submitted a repo of what I thought was a stage2 bug as #13244. @nektro and @Vexu quickly pointed out the real problem was accidentally passing a copy of self, which stage2 does more often (at least for now?). This is a place where code can be working (due to the compiler choosing to pass a const pointer) and then break on a minor compiler upgrade or struct change (which causes the compiler to switch to passing a copy). This is also hard to figure out because passing a copy often works by accident. If the struct contains only pointers and other copyable fields (Allocator?) then operating on a copy can either work or appear to work. I'll try to implement this and see how it goes. **Downsides** If you have a small copyable struct like a 2d Point, you have to choose either: - ```pub fn add(a: Point, b: Point) Point {}``` and call it like ```Point.add(a, b)``` or - ```pub fn add(a: *const Point, b: Point) Point {}``` and call it like ```a.add(b) or Point.add(&a, b)```