[openstack-dev] [openstack-sdk-php] Use of final and private keywords to limit extending

Matthew Farina matt at mattfarina.com
Mon Jun 9 14:09:21 UTC 2014

If you don't mind I'd like to step back for a moment and talk about
the end users of this codebase and the types code it will be used in.

We're looking to make application developers successful in PHP. The
top 10% of PHP application developers aren't an issue. If they have an
SDK or not they will build amazing things. It's the long tail of app
devs. Many of these developers don't know things we might take for
granted, like dependency injection. A lot of them may writing
spaghetti procedural code. I use these examples because I've run into
them in the past couple months. We need to make these folks successful
in a cost effective and low barrier to entry manner.

When I've gotten into the world of closed source PHP (or any other
language for that matter) and work that's not in the popular space
I've seen many things that aren't clean or pretty. But, they work.

That means this SDK needs to be useful in the modern frameworks (which
vary widely on opinions) and in environments we may not like.

The other thing I'd like to talk about is the protected keyword. I use
this a lot. Using protected means an outside caller can't access the
method. Only other methods on the class or classes that extend it.
This is an easy way to have an API and internals.

Private is different. Private means it's part of the class but not
there for extended classes. It's not just about controlling the public
API for callers but not letting classes that extend this one have
access to the functionality.

Given the scope of who our users are...

- Any place we use the `final` scoping we need to explain how to
extend it properly. It's a teaching moment for someone who might not
come to a direction on what to do very quickly. Think about the long
tail of developers and projects, most of which are not open source.

Note, I said I'm not opposed to using final. It's an intentional
decision. For the kinds of things we're doing I can't see all to many
use cases for using final. We need to enable users to be successful
without controlling how they write applications because this is an
add-on to help them not a driver for their architecture.

- For scoping private and public APIs, `protected` is a better keyword
unless we are intending on blocking extension. If we block extension
we should explain how to handled overriding things that are likely to
happen in real world applications that are not ideally written or

At the end of the day, applications that successfully do what they
need to do while using OpenStack on the backend is what will make
OpenStack more successful. We need to help make it easy for the
developers, no matter how they choose to code, to be successful. I
find it useful to focus on end users and their practical cases over
the theory of how to design something.


On Fri, Jun 6, 2014 at 10:01 AM, Jamie Hannaford
<jamie.hannaford at rackspace.com> wrote:
> So this is an issue that’s been heavily discussed recently in the PHP
> community.
> Based on personal opinion, I heavily favor and use private properties in
> software I write. I haven’t, however, used the “final” keyword that much.
> But the more I read about and see it being used, the more inclined I am to
> use it in projects. Here’s a great overview of why it’s useful for public
> APIs: http://verraes.net/2014/05/final-classes-in-php/
> Here’s a tl;dr executive summary:
> - Open/Closed principle. It’s important to understand that “Open for
> extension”, does not mean “Open for inheritance”. Composition, strategies,
> callbacks, plugins, event listeners, … are all valid ways to extend without
> inheritance. And usually, they are much preferred to inheritance – hence the
> conventional recommendation in OOP to “favour composition over inheritance”.
> Inheritance creates more coupling, that can be hard to get rid of, and that
> can make understanding the code quite tough.
> - Providing an API is a responsibility: by allowing end-users to access
> features of our SDK, we need to give certain guarantees of stability or low
> change frequency. The behavior of classes should be deterministic - i.e. we
> should be able to trust that a class does a certain thing. There’s no trust
> whatsoever if that behavior can be edited and overridden from external code.
> - Future-proofing: the fewer behaviours and extension points we expose, the
> more freedom we have to change system internals. This is the idea behind
> encapsulation.
> You said that we should only use private and final keywords if there’s an
> overwhelming reason to do so. I completely disagree. I actually want to flip
> the proposition here: I think we should only use public keywords if we’re
> CERTAIN we want to encourage and allow the inheritance of that class. By
> making a class inheritable, you are saying to the outside world: this class
> is meant to be extended. And the majority of times this is not what we want.
> Sure there are times when inheritance may well be the best option - but you
> can support extension points in different, often better, ways. Declaring
> explicitly what the extension points are is part of the contract your code
> has with the rest of the system. Final classes help to enforce this
> contract.
> To summarize, we have nothing to lose by favoring private and final
> keywords. We gain the above advantages, and if we later decide to open up
> that class as an extension point we can remove the keywords without any
> issues. Should a valid reason come up to open it up, it will be easy to do
> so, because nothing depends on it being closed. On the other hand, if you
> start by making everything open or inheritable, it will be very hard to
> close it later.
> Jamie
> On June 5, 2014 at 6:24:52 PM, Matthew Farina (matt at mattfarina.com) wrote:
> Some recent reviews have started to include the use of the private
> keyword for methods and talk of using final on classes. I don't think
> we have consistent agreement on how we should do this.
> My take is that we should not use private or final unless we can
> articulate the design decision to intentionally do so.
> To limit public the public API for a class we can use protected.
> Moving from protected to private or the use of final should have a
> good reason.
> In open source software code is extended in ways we often don't think
> of up front. Using private and final limits how those things can
> happen. When we use them we are intentionally limiting extending so we
> should be able to articulate why we want to put that limitation in
> place.
> Given the reviews that have been put forth I think there is a
> different stance. If there is one please share it.
> - Matt
> Jamie Hannaford
> Software Developer III - CH
> Tel: +41434303908
> Mob: +41791009767
> Rackspace International GmbH a company registered in the Canton of Zurich,
> Switzerland (company identification number CH- whose
> registered office is at Pfingstweidstrasse 60, 8005 Zurich, Switzerland.
> Rackspace International GmbH privacy policy can be viewed at
> www.rackspace.co.uk/legal/swiss-privacy-policy
> -
> Rackspace Hosting Australia PTY LTD a company registered in the state of
> Victoria, Australia (company registered number ACN 153 275 524) whose
> registered office is at Suite 3, Level 7, 210 George Street, Sydney, NSW
> 2000, Australia. Rackspace Hosting Australia PTY LTD privacy policy can be
> viewed at www.rackspace.com.au/company/legal-privacy-statement.php
> -
> Rackspace US, Inc, 5000 Walzem Road, San Antonio, Texas 78218, United States
> of America
> Rackspace US, Inc privacy policy can be viewed at
> www.rackspace.com/information/legal/privacystatement
> -
> Rackspace Limited is a company registered in England & Wales (company
> registered number 03897010) whose registered office is at 5 Millington Road,
> Hyde Park Hayes, Middlesex UB3 4AZ.
> Rackspace Limited privacy policy can be viewed at
> www.rackspace.co.uk/legal/privacy-policy
> -
> Rackspace Benelux B.V. is a company registered in the Netherlands (company
> KvK nummer 34276327) whose registered office is at Teleportboulevard 110,
> 1043 EJ Amsterdam.
> Rackspace Benelux B.V privacy policy can be viewed at
> www.rackspace.nl/juridisch/privacy-policy
> -
> Rackspace Asia Limited is a company registered in Hong Kong (Company no:
> 1211294) whose registered office is at 9/F, Cambridge House, Taikoo Place,
> 979 King's Road, Quarry Bay, Hong Kong.
> Rackspace Asia Limited privacy policy can be viewed at
> www.rackspace.com.hk/company/legal-privacy-statement.php
> -
> This e-mail message (including any attachments or embedded documents) is
> intended for the exclusive and confidential use of the individual or entity
> to which this message is addressed, and unless otherwise expressly
> indicated, is confidential and privileged information of Rackspace. Any
> dissemination, distribution or copying of the enclosed material is
> prohibited. If you receive this transmission in error, please notify us
> immediately by e-mail at abuse at rackspace.com and delete the original
> message. Your cooperation is appreciated.

More information about the OpenStack-dev mailing list