doc: formalize non-const reference usage in C++ style guide

[addaleax]

Split out from #23028 by request from @refack. I’ve added people who approved the other PR as reviewers on the commit. I’m also moving the tsc-agenda label over here, assuming @refack’s objection stands.

---

We generally avoid using non-const references if not necessary. This
formalizes this rules by writing them down in the C++ style guide.

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• documentation is changed or added
• commit message follows commit guidelines

[nodejs-github-bot]

@addaleax build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/1056/pipeline

[refack]

Hoping we can discuss this further, and find middle ground.

[refack]

_{Quoting from previous PR:}

I believe non-const reference has been established as the tool to use for idiomatic iterative mutation in "modern" C++ (C++11 and higher).

I'm taking the lead of the C++ ISO committee and the STL designers who decided to use references, and value semantics ahead of pointers. Case in point begin and end return iterators that are convertible to references and not pointers. So to mutate a collection with an STL algorithm, you can only use non-const references:

std::vector<int> nums{3, 4, 2, 8, 15, 267};
std::for_each(nums.begin(), nums.end(), [](int &n){ n++; });

From the C++CG:

• P.3: Express intent

...

for (const auto& x : v) { /* do something with the value of x */ }

Now, there is no explicit mention of the iteration mechanism, and the loop operates on a reference to const elements so that accidental modification cannot happen. If modification is desired, say so:

for (auto& x : v) { /* modify x */ }

With code that came up in a code review in our repo, it was presented with a common classical way to do mutation without a reference:

for (std::string::size_type i = 0; i < name.size(); ++i) {
  if (name[i] == '_') 
    name[i] = '-';
}

Compared this with the C++11 idiomatic (read "this is iterating using a reference because the intent is to modify").

for (auto& i : name) {
  if (i == '_') 
    i = '-';
}

So essentially IMHO having "no non-const references" rule, means "no idiomatic mutations".

From a personal perspective, I also agree with a few more arguments in favor of non-const reference:

1. They can't be uninitialized.
2. They can't be null, so they fit perfectly to the use case of a variable is not allowed to be null.
3. They clearly express non-ownership, while with pointers there is still doubt.
4. They provide the compiler with more optimization opportunities (unless the compiler can to prove you don't need a pointer, it will have to allocate space for it).
5. IMHO they are simpler to understand. Grokking pointers requires always keeping another level of indirection in mind.

BTW, both guides do have limits, spesificly WRT to function arguments:

• Google Reference Arguments - All parameters passed by lvalue reference must be labeled const.
• F.16: For “in” parameters, pass cheaply-copied types by value and others by reference to const
• F.17: For “in-out” parameters, pass by reference to non-const

[refack]

P.S. Using as more standard guidelines will allow us to introduce automatic tools (MSVS and clang-tidy) to analyse, and point out non conforming code.

[targos]

@refack would you be for making the rule more specific? i.e. only avoid non-const references in function parameters?

[refack]

P.S. I forget to mention the thing that is most important to me: learning material.
All the materials I've encountered use non-const references, and explain their idiomatic meaning. (Just a quick example of something I just read 1).

IMHO it is immensely important for our code and guidance to be in line with the available learning material, to allow the inclusion of newcomers (or relearning late comers like myself)

[refack]

would you be for making the rule more specific? i.e. only avoid non-const references in function parameters

Yes. Something like "non const reference function argument means in/out parameter. Avoid in/out parameters" reads very clear and sound to me.

[addaleax]

would you be for making the rule more specific? i.e. only avoid non-const references in function parameters

Yes. Something like "non const reference function argument means in/out parameter. Avoid in/out parameters" reads very clear and sound to me.

I’m heavily -1 on that. For in/out, we should keep using pointers, since it’s otherwise completely invisible at the call site that it’s an in/out parameter.

From a personal perspective, I also agree with a few more arguments in favor of non-const reference:

1. They can't be uninitialized.

That’s true, yes – It’s a feature that pointers lack.

2. They can't be null, so they fit perfectly to the use case of a variable is not allowed to be null.

I don’t understand this – they are references, not variables themselves in the classical sense? Whatever the reference refers to could still be some kind of null/default value.

3. They clearly express non-ownership, while with pointers there is still doubt.

That’s fair, although we are slowly moving a lot of our C++ code to use smart pointers, which means that on the reverse side regular pointers would typically be non-owning pointers.

4. They provide the compiler with more optimization opportunities (unless the compiler can to prove you don't need a pointer, it will have to allocate space for it).

I doubt that, esp. the “have to allocate space for it”. Under the hood, references are pointers, and code using one type should always compile to the same assembly as code using the other type. Can you provide a reference for this claim?

5. IMHO they are simpler to understand. Grokking pointers requires always keeping another level of indirection in mind.

Hm – not sure I can judge this well myself, but I’m surprised by that since they are essentially the same concept, up to minor differences (no arrays using references, no default value).

@refack It’s not that I don’t understand or don’t see your points – I have used references in my C++ code a lot more before coming to the Node.js world, and had to get used to the change myself. I fully acknowledge that that took a bit of learning when writing C++ code (with a lot of other things as well, such as variable/function naming conventions etc.).

However, I’m also carrying my reviewer hat a lot of the time, and since Node.js is a mature software which millions of people use in their daily lives, I tend to value readability and more easily visible correctness higher than the ease of writing code. That’s a tradeoff, and it’s fair to stand on either side of it.

Compared this with the C++11 idiomatic (read "this is iterating using a reference because the intent is to modify").

for (auto& i : name) {
  if (i == '_') 
    i = '-';
}

Note that I’m not saying that I’m for categorically excluding these types of constructs. However, I still hold my opinion that this code obscures the fact that name is being modified, and that’s a good example of what we’re trying to avoid.

[addaleax]

@nodejs/tsc PTAL

[joyeecheung]

Personally in cases like this I'd prefer to use a normal int here and return references because it's more memory-efficient (and if this is storing a pointer to mutate it the ownership seems to be pretty hard to figure out..)...maybe a member object with a made-up class here would be clearer? Or a unique_ptr since that's what we generally try to refactor to? (Or a shared_ptr but we don't seem to use it much in our codebase and try to restructure the ownership towards a unique_ptr)

[addaleax]

👍 … How about e9f8406?

[ofrobots]

LGTM.

See also additional rationale in https://google.github.io/styleguide/cppguide.html#Reference_Arguments, which is followed by V8 and Chromium.

[Trott]

It would seem like the reason for applying the tsc-agenda label is to request a vote to override the objection. I'm not sure if there's more to discuss here first or if it's time to have a vote. If and when vote time comes, this is outside my area of expertise so I abstain and defer to other knowledgable TSC folks.

If we're voting, here's how it looks so far:

YES:

1. @addaleax
2. @apapirovski
3. @danbev
4. @jasnell
5. @joyeecheung
6. @ofrobots
7. @targos

NO:
No one yet

ABSTAIN:

1. @cjihrig
2. @gabrielschulhof
3. @mcollina
4. @MylesBorins
5. @rvagg
6. @Trott

UPDATE: This passes. (19 TSC members w/ 6 abstentions = 7 votes required to pass.)

[thefourtheye]

Nit: object

[addaleax]

@thefourtheye Thanks for catching, done!

[thefourtheye]

Nit: double be

[mcollina]

I abstain.

[MylesBorins]

I abstain

[refack]

@addaleax can we converge on "no non-const references as arguments in APIs"?

---

Avoid defining APIs with non-const reference arguments

In general, non-const references should only be used when they don't hurt readability, or if they are required by external APIs (e.g. std::for_each)

Non-const references arguments make most sense as in/out parameters [F.11]. The in/out parameter pattern is non-optimal, and should be avoided. If the parameter is a regular (in) parameter, it should be const. If in/out semantics is necessary, use a pointer as per the Google style guide.

[addaleax]

@refack But this isn’t just about functions/methods…

Non-const references arguments make most sense as in/out parameters [F.11]. The in/out parameter pattern is non-optimal, and should be avoided. If the parameter is a regular (in) parameter, it should be const. If in/out semantics is necessary, use a pointer as per the Google style guide.

This seems a bit confusing – why would we first mention that one thing makes sense, and then that we don’t do that because the Google style guide overrides it?

[refack]

But this isn’t just about functions/methods…

I'm looking for some compromise on your part...
Let's document the parts that have consensus.

[addaleax]

@refack I’d prefer to avoid having this exact same discussion again about the other parts, though.

Do you agree with the examples in this PR?

[refack]

That's why I asked for a compromise...

I don't see anything in the examples code that conflicts with the paragraph I suggested. I don't agree with the comments and the generalization that "A pointer is almost always a better choice."
AFAICT Modern C++ moves away from the classical C paradigm that "pointers are always better". And as I see it pointers and references are two equally valuable language constract that each have their own idioms, and should be used when appropriate.

[addaleax]

That's why I asked for a compromise...

As far as I can tell, that comment asked for documenting this in the style guide for only a subset of the use cases – That’s not really what a compromise is. (And, to mention it again: This PR documents current, existing rules.)

I don't see anything in the examples code that conflicts with the paragraph I suggested.

Yes, but your suggestion would leave the question open for a wide range of use cases (e.g. local reference variables). Those cases would otherwise be pointed out during reviews, which is less than helpful if we can also document them in our style guide for.

And as I see it pointers and references are two equally valuable language constract that each have their own idioms, and should be used when appropriate.

They both have advantages and disadvantages, so, yes, of course this depends on the use case. The big disadvantage of references, and how that can be mitigated, is mentioned here in the PR text.

If you want, I can add something like “If you use non-const references, e.g. because of an external API that uses them, consider adding a comment that indicates which objects can be modified through them.”

[sam-github]

@addaleax and @refack (and most of the c++ world?) agree that non-const ref args are to be avoided. @addaleax had a short paragraph elaborating why, @refack had a longer more detailed paragraph covering the same territory. More detail doesn't seem bad. I genuinely don't understand what's going on here.

"If in/out semantics is required, it is advised to use a pointer instead" and "a pointer is almost always a better choice" say the same thing, since in/out semantics is almost always why a ref arg is not const.

[addaleax]

@sam-github The difference here is that @refack’s text only refers to function arguments, while we currently have this as a more general rule that also applies to e.g. local variables or class members.

[sam-github]

Reviewed the comment thread again, and I don't see that difference in opinion. The only example Rafael showed of sane non-const refs was a for loop, which you have an example of in your code and also list as a reasonable use. If you amend your text to explicitly list the ways in which non-const refs are sometimes used, and which ones are OK (not many), and what they should be replaced with I think it would be more useful to readers of the style guide. Maybe you would disagree on some specific usage, but I don't see any specific disagreements in this thread (other than on how to express the guidance in english text).

[refack]

(And, to mention it again: This PR documents current, existing rules.)

Since this rule is more lore then cannon (in that it is not written down nor linted for), and since C++11 is a modernization of the language. I see this as an excellent chance to improve our rules set. Or more correctly not canonize an outdated rule.

[refack]

Even V8 deviate from this rule (listing points just from the V8 public API):

node/deps/v8/include/v8.h

Lines 3398 to 3399 in c1b9be5

	V8_WARN_UNUSED_RESULT Maybe<bool> DefineProperty(
	Local<Context> context, Local<Name> key, PropertyDescriptor& descriptor);

[addaleax]

Even V8 deviate from this rule (listing points just from the V8 public API):

… which is why they explicitly mention this in the doc comment.

[refack]

Lite CI (Doc only change): https://ci.nodejs.org/job/node-test-pull-request-lite-pipeline/1285/

[addaleax]

Landed in 5550510