Write Tracking for Nim (Part 2)

7 years ago I wrote how Nim would get “write tracking” as an alternative to adding const to Nim’s type system. This year it finally made it into Nim nightly! Since then the feature was reimplemented and all the details how it works did change.

My special thanks go to Clyybber who simplified my initial proposal (see https://github.com/nim-lang/RFCs/issues/234) so that this feature could be added to Nim without any new pragma at all! Quite an achievement.

Status quo

Nim already has a strong notion of immutability, every parameter that does not use the var T type modifier is immutable. In fact, Nim’s parameter passing semantics continue to be one of my favorite features of the language and are a hidden gem. Nim gets the defaults exactly right. However, as usual, pointers complicate matters. This code compiles without any warning:

type
  Node = ref object
    data: string
    next: Node

func count(n: Node): int =
  result = 0
  var it = n
  while it != nil:
    inc result
    it = it.next
  # nasty code here:
  n.data = "mutated!"

The reason is that while n itself is a parameter and immutable, n.data remains mutable due to the pointer indirection! This is sometimes called “shallow immutability”.

As a reminder, the func x(args) notation is a shortcut for proc x(args) {.noSideEffect.}.

Flawed idea: const T

The problem of adding const to a type system is that it’s inconvenient. To see why, let us imagine that a const type modifier would be added to Nim. proc p(param: const T) then would mean that no location reachable from param is allowed to be mutated by p. This is sometimes called “deep immutability”.

So far, so good:

func p(n: const Node) =
  # does not compile:
  n.data = "mutated!"

But our count example has a problem:

type
  Node = ref object
    data: string
    next: Node # note: this is not 'const Node' as some operations
               # on singly linked lists really can mutate this field.

func count(n: const Node): int =
  result = 0
  var it: const Node = n
  while it != nil:
    inc result
    it = it.next
    #  ^ this would require an implicit conversion from 'Node' to 'const Node'!

The type of the next field is Node and not const Node and so the naive iteration over a singly linked list does not work. Now you can argue that the iteration mechanism should be hidden inside an iterator anyway where we can also hide the dangerous looking but benign type conversion.

Unfortunately there are many more examples where these type conversions would come up. In fact, for many simple operations like id or select what to use as the return type is problematic:

func select(cond: bool; a, b: const Node): Node =
  result = if cond: a else: b
  # type mismatch: cannot convert from 'const Node' to 'Node'

proc mutate(a, b: Node) =
  let x = select(false, a, b)
  x.data = "mutated!"

Since this doesn’t compile, let’s try a different variant:

func select(cond: bool; a, b: const Node): const Node =
  result = if cond: a else: b

proc mutate(a, b: Node) =
  let x = Node(select(false, a, b))
  #        ^  convert back to a mutable node
  x.data = "mutated!"

The problem with this solution is that it shouldn’t be select’s business to decide for me that the selected node cannot be mutated afterwards, that’s the caller’s choice to make. These problems are not unique to Nim, for instance in C++ you cannot pass a vector<string> to a vector<const string>.

Idea: Mutation is an effect

There is a better way to model deep immutability. What we really want to say is that select does not mutate any node passed to it, the dangerous pattern to watch out for is something like x.field = value or x[] = value, stores to the heap. (Here “heap” means the heap according to formal semantics, I’m not talking about the heap-vs-stack memory region that a typical language implementation uses.)

If we attach an effect like storeEffect to patterns like param.field = value we can effectively communicate the dangerous operations via Nim’s existing effect system. Now Clyybber’s brilliant insight was that this effect can be incorporated into the existing noSideEffect effect! No new effect is required, we simply tweak the language definition!

noSideEffect in Nim means “does not access a global or thread-local variable nor does it call a routine that does”. We add another criterion to what it means to have a “side effect”:

Mutating an object reachable from a parameter does count as a side effect.

There is a new experimental mode written as {.experimental: "strictFuncs".} to enable this stricter interpretation of what a “side effect” means.

Here is how it looks in practice:

{.experimental: "strictFuncs".}

type
  Node = ref object
    data: string
    next: Node

func count(n: Node): int =
  result = 0
  var it = n
  while it != nil:
    inc result
    it = it.next
  # does not compile anymore!
  n.data = "mutated!"
  #  Error: 'count' can have side effects
  # an object reachable from 'n' is potentially mutated

As usual, the devil is in the details. Any algorithm that we use should be smart enough to detect hidden mutations ia local aliases:

{.experimental: "strictFuncs".}

type
  Node = ref object
    data: string
    next: Node

func p(n: Node) =
  let x = n
  let y = x
  y.data = "mutated!"

And indeed the compiler is smart:

func p(n: Node) =
  # Error: 'p' can have side effects
  # an object reachable from 'n' is potentially mutated
  let x = n
  let y = x # is the statement that connected the mutation to the parameter
  y.data = "mutated!" #  the mutation is here

It is not fooled by function calls either:

func id(n: Node): Node = n

func p(n: Node) =
  let x = id n
  let y = id x
  y.data = "mutated!"

Internally the compiler constructs an abstract graph and looks for subgraphs that are both mutated and “connected” to an input parameter. The analysis does not depend on the control flow, two locations a are connected if there is a pattern like a = f(b) in the source code.

Mutability via var

Some mutations remain to be allowed and do not count as a “side” effect:

func add*[T](s: var seq[T]; x: sink T) =
  # valid: mutates 's'.
  let oldLen = s.len
  setLen s, oldLen + 1
  s[oldLen] = x

The idea here is that no matter what T is instantiated with, x should be deeply immutable, but the seq s is mutated. Mutations to var T parameters remain valid.

Summary

“strict” funcs are an answer to a long standing design question, fit Nim’s existing design in a most natural way (“hey, this is the definition of side effect that I always had in mind!”) and can enable Nim’s optimizer to be more effective.

If you use Nim devel (1.3.x) this feature is already available to you and can be accessed via {.experimental: "strictFuncs".} in your source code or via --experimental:strictFuncs on the command line. Please try it out and give us your feedback!