BLOG ON CAMLCITY.ORG: GS

Why the concept is not good enough - by Gerd Stolpmann, 2014-07-04

In the upcoming release 4.02 of the OCaml programming language, the type string can be made immutable by a compiler switch. Although this won't be the default yet, this should be seen as the announcement of a quite disruptive change in the language. Eventually this will be the default in a future version. In this article I explain why I disagree with this particular plan, and which modifications would be better.

Of course, the fact that string is mutable doesn't fit well into a functional language. Nevertheless, it has been seen as acceptable for a long time, probably because the developers of OCaml did not pay much attention to strings, and felt that the benefits of a somewhat cleaner concept wouldn't outweigh the practical disadvantages of immutable strings. Apparently, this attitude changed, and we will see a new bytes type in OCaml-4.02. This type is accompanied by a Bytes module with library functions supporting it. The compiler was also extended so that string and bytes can be used interchangably by default. If, however, the -safe-strings switch is set on the command-line, the compiler sees string and bytes as two completely separate types.

This is a disruptive change (if enabled): Almost all code bases will need modifications in order to be compatible with the new concept. Although this will often be trivial, there are also harder cases where strings are frequently used as buffers. Before discussing that a bit more in detail, let me point out why such disruptive changes are so problematic. So far there was an implicit guarantee that your code will be compatible to new compiler versions if you stick to the well-established parts of the language and avoid experimental additions. I have in deed code that was developed for OCaml-1.03 (the first version I checked out), and that code still runs. Especially in a commercial context this is a highly appreciated feature, because this protects the investment in the code base. As I'm trying to sell OCaml to companies in my carreer this is a point that bothers me. Giving up this history of excellent backward compatibility is something we shouldn't do easily, and if so, only if we get something highly valuable back. (Of course, if you only look at the open source and academic use of OCaml, you'll put less emphasis on the compatibility point, but it's also not completely unimportant there.)

The problem

I'm fully aware that immutable strings fix some problems (the worst probably: so far even string literals can be mutated, which can be very surprising). However, creating a completely new type bytes comes also with some disadvantages:

Lack of generic accessor functions: There is String.get and there is Bytes.get . The shorthand s.[k] is now restricted to strings. This is mostly a stylistic problem.

and there is . The shorthand is now restricted to strings. This is mostly a stylistic problem. The conversion of string to bytes and vice versa requires a copy: Bytes.of_string , and Bytes.to_string . You have to pay a performance penalty.

, and . You have to pay a performance penalty. In practical programming, there is sometimes no clear conceptual distinction between string data that are read-only and those that require mutation. For example, if you add data to a buffer, the data may come from a string or from another buffer. So how do you type such an add function?

Lexing

bytes

Lexing

val from_channel : in_channel -> lexbuf val from_string : string -> lexbuf val from_function : (string -> int -> int) -> lexbuf

val from_bytes : bytes -> lexbuf val from_bytes_function : (bytes -> int -> int) -> lexbuf

bytes

from_channel

bytes

let from_channel ch = from_bytes_function (Pervasives.input ch)

bytes

string

string

bytes

from_string

from_bytes

This latter point is, in my opinion, the biggest problem. Let's assume we wanted to reimplement themodule of the standard library in pure OCaml without resorting to unsafe coding (currently it's done in C). This module implements the lexing buffer that backs the lexers generated with ocamllex. We now have to usefor the core of this buffer. There are three functions infor creating new buffers:The first observation is that we'll better offer two more constructors to the users of this module:So why do we need the ability to read from, i.e. copy from one buffer to the other? We could just be a bad host and don't offer these functions to the users of the module. However, it's unavoidable anyway for, because I/O buffers are of courseSo whenever we implement buffers that also include I/O capabilities, it is likely that we need to handle both theand thecase. This is not only a problem for the interface design. Becauseandare completely separated, we need two different implementations:andcannot share much code.

This is the ironical part of the new concept: Although it tries to make the handling of strings more sound and safe, the immediate consequence in reality is that code needs to be duplicated because of missing polymorphisms. Any half-way intelligent programmer will of course fall back to unsafe functions for casting bytes to strings and vice versa ( Bytes.unsafe_to_string and Bytes.unsafe_of_string ), and this only means that the new -safe-strings option will be a driving force for using unsafe language features.

Let's look at three modifications of the concept. Is there some easy fix?

Idea 1: string as a supertype of bytes

We just allow that bytes can officially be coerced to string :

let s = (b : bytes :> string)

Of course, this weakens the immutability property: string may now be a read-only interface for a bytes buffer, and this buffer can be mutated, and this mutation can be observed through the string type:

let mutable_string() = let b = Bytes.make 1 'X' in let s = (b :> string) in (s, Bytes.set 0) let (s, set) = mutable_string() (* s is now "X" *) let () = set 'Y' (* s is now "Y" *)

Nevertheless, this concept is not meaningless. In particular, if a function takes a string argument, it is guaranteed that the string isn't modified. Also, string literals are immutable. Only when a function returns a string, we cannot be sure that the string isn't modified by a side effect.

This variation of the concept also solves the polymorphism problem we explained at the example of the Lexing module: It is now sufficient when we implement Lexing.from_string , because bytes can always be coerced to string :

let from_bytes s = from_string (s :> string)

Idea 2: Add a read-only type stringlike

Some people may feel uncomfortable with the implication of Idea 1 that the immutability of string can be easily circumvented. This can be avoided with a variation: Add a third type stringlike as the common supertype of both string and bytes . So we allow:

let sl1 = (s : string :> stringlike) let sl2 = (b : bytes :> stringlike)

stringlike

string

string

string is considered as absolutely immutable (there is no way to coerce bytes to string )

is considered as absolutely immutable (there is no way to coerce to ) stringlike is seen as the read-only API for either string or bytes , and it is allowed to mutate a stringlike behind the back of this API

Of course,doesn't implement mutators (like). It is nevertheless different from

stringlike is especially interesting for interfaces that need to be compatible to both string and bytes . In the Lexing example, we would just define

val from_stringlike : stringlike -> lexbuf val from_stringlike_function : (stringlike -> int -> int) -> lexbuf

let from_string s = from_stringlike (s :> stringlike) let from_bytes b = from_stringlike (b :> bytes)

Idea 3: Base bytes on bigarrays

and then reduce the other constructors to just these two, e.g.These other constructors are now only defined for the convenience of the user.

This idea doesn't fix any of the mentioned problems. Instead, the thinking is: If we already accept the incompatibility between string and bytes , let's at least do in a way so that we get the maximum out of it. Especially for I/O buffers, bigarrays are way better suited than strings:

I/O primitives can directly pass the bigarrays to the operating system (no need for an intermediate buffer as it is currently the case for Unix.read and Unix.write )

and ) Bigarrays support the slicing of buffers (i.e. you can reference subbuffers directly)

Bigarrays can be aligned to page boundaries (which is accelerated for some operating systems when used for I/O)

So let's define:

type bytes = (char,Bigarray.int8_unsigned_elt,Bigarray.c_layout) Bigarray.Array1.t

Sure, there is now no way to unsafely cast strings to bytes and vice versa anymore, but arguably we shouldn't prefer a design over the other only for it's unsafety.

Regarding stringlike , it is in deed possible to define it, but there is some runtime cost. As string and bytes have now different representations, any accessor function for stringlike would have to check at runtime whether it is backed by a string or by bytes . At least, this check is very cheap.

Conclusion

string

bytes

bytes

stringlike

I hope it has become clear that the current plan is not far reaching enough, as the programmer would have to choose between bad alternatives: either pay a runtime penalty for additional copying and accept that some code needs to be duplicated, or use unsafe coercion betweenand. The latter is not desirable, of course, but it is surely the task of the language (designer) to make sound and safe string handling an attractive option. I've presented three ideas that would all improve the concept in some respect. In particular, the combination of the ideas 2 and 3 seems to be very attractive: backby bigarrays, and provide ansupertype for easing the programming of application buffers.