V8 upgrades and what they mean for versioning

[wraithan]

In the Initial Release issue @indutny says that the API shielding the users from V8 C++ API has been rejected. This lack of a shield + @mikeal's start of that thread here where it is stated that V8 will be merged as fast as possible when V8 releases brings up a very concrete problem.

The choices come down to the following if a shield is not developed for users to use. When V8 releases backwards incompatible changes to their C++ API:

1. iojs will have to increment its major as V8 is considered a blessed part of the API and iojs is hard conforming to semver.
2. iojs releases backwards incompatible API changes in minor/patch versions because V8 is not considered part of the blessed API.

Both of which have major consequences on the community who is trying to use iojs as a platform to build things on top of. The last solution, and one that makes even more sense in the world of faster releases and semver, is to protect the users and provide a stable API they can build against. The V8 API can still be there, but now there is a safe way for developers to write binary packages.

I understand that rvagg/nan exists and is even blessed. And perhaps that is the solution that core developers are alright with accepting and consider the V8 API not part of the API that iojs presents for its users. But that decision should be made official and communicated to the community that they are playing with fire if they touch the V8 API directly.

[mikeal]

We did actually discuss this in another thread. Basically, if we're on a weekly release cycle and v8 makes a breaking change that means that we bump the major version that week.

[wraithan]

@mikeal I see, was this done in the node-forward repo? I've not kept up with every issue there. The initial release thread appeared to have just shrugged off the question with folks talking about rvagg/nan. And @indutny said that he "couldn't really say anything on this topic yet" which sounded to me like this wasn't something that was decided.

If you know it happened on node-forward or something, I can go looking there. But nothing on this repo appears to set that standard.

[mikeal]

you know, I can't recall where the thread was, probably a good reason to just have this talk again :)

how i see it is, we're gonna follow semver now. if we take deps that changes backward or forward compatibility then we have to increment that semver number accordingly. staying on top of those changes will be a challenge but I think it's a worthy one.

[soareschen]

-1. Wouldn't that cause dependency hell similar to peerDependencies?

Let's say npm package A is pure JS and package B uses native V8 API. All packages initially support io.js 1.0.0. Then assume that V8 API changes while the io.js JS API remain unchanged, the major version still bumps to 2.0.0. It is reasonable to require B to update their native code, but to A it is really minor version update of io.js and no update should be required. And if package maintainer of A do not update their package.json, a project that require both A and B would face dependency hell problem even when there really isn't one.

I thought the rationale behind semver is so that future npm packages can have dependency to certain version of io.js. That in turn allows io.js to make breaking changes in major version update while preventing outdated npm packages from being accidentally installed. The purpose of semver would be defeated if all pure JS npm packages ended up specifying that they can run on io.js version *.*.*.

I'd propose to have two or more version numbers come with every io.js release. We can have for example one version number for io.js JS APIs and another version number for V8 APIs. Then npm packages that contain native code can specify dependency to the V8 version in their package.json independent of the JS API version.

Taking this approach further, perhaps we can have separate versioning for different subsystems in io.js, such as libuv.js. Issue #9 already state that we'd like io.js to be split into smaller interdependent subprojects. It make sense to let these subsystems evolve independently and allow npm packages to have dependency to specific subsystems. Though in such case, the main version number of io.js would be mostly symbolic and is rarely needed for dependency management.

[jezell]

I get that v8 extensions are super powerful, but it's kind of lame that they are the only way to call into a C lib. Maybe it's just me, but I've always thought it was a really big hassle just to call an shared library compared to something like cgo or pinvoke in C#. Why can't there be a nice clean standard solution for shared C library invocation that ships with node and can be configured without writing a bunch of C++ code yourself? IMO, requiring everyone to learn the internals of v8 just to call a function on a C lib makes native extensions a lot more brittle than they need to be and is really painful.

Does it really have to be 100x more complicated than PInvoke?

[DllImport("msvcrt.dll")]
public static extern int puts([MarshalAs(UnmanagedType.LPStr)] string m);

And cgo?

// #include <stdio.h>
import "C"

C.puts("blah")

[wraithan]

1. Yes
2. C++
3. v1.0.0

On Mon, Dec 8, 2014, 07:19 Michael Caine notifications@github.com wrote:

Hello!

I am pleased to see your valuable contribution to this project. Would you
please mind answering a couple of questions to help me classify this
submission
and/or gather required information for the core team members?
Questions:

1. Issue-only Does this issue happen in core, or in some user-space
   module from npm or other source? Please ensure that the test case that
   reproduces this problem is not using any external dependencies. If the
   error is not reproducible with just core modules - it is most likely not a
   io.js problem. Expected: yes
2. Which part of core do you think it might be related to? One of:
   debugger, http, assert, buffer, child_process, cluster, crypto, dgram, dns,
   domain, events, fs, http, https, module, net, os, path, querystring,
   readline, repl, smalloc, stream, timers, tls, url, util, vm, zlib, c++,
   docs, other (label)
3. Which versions of io.js do you think are affected by this? One of:
   v0.10, v0.12, v1.0.0 (label)

Please provide the answers in an ordered list like this:

1. Answer for the first question
2. Answer for the second question
3. ...

Note that I am just a bot with a limited human-reply parsing abilities,
so please be very careful with numbers and don't skip the questions!

In case of success I will say: ...summoning the core team devs!.

In case of validation problem I will say: Sorry, but something is not
right
here:.

Truly yours,
Caine.
Responsibilities

1. indutny: crypto, tls, https, child_process, c++
2. trevnorris: buffer, http, https, smalloc
3. bnoordhuis: http, cluster, child_process, dgram

—
Reply to this email directly or view it on GitHub
#47 (comment).

[wraithan]

Oh, the bot reply is gone, replied via email and didn't see it got deleted

[bnoordhuis]

@jezell Something like js-ctypes might make an acceptable addition to core but it's going to be a lot of work. You are welcome to give it a try.

[ruimarinho]

Is there any formal plan to keep iojs up-to-date with the latest (or latest-1) version of V8? The last upgrade seems to have been to 3.30.37, which is the latest version in the 3.30.x series. In case there is another 3.30.x release, would that translate to a patch version in iojs?

[rvagg]

@ruimarinho that will depend on the nature of the V8 upgrades .. Google aren't exactly masters of versioning so I suspect decisions will be reactive rather than carefully planned on our part. If there is a breaking API change from V8 then that'll warrant a major version bump from io.js, if there are feature additions then likely just a minor bump.

[ruimarinho]

Ok, fair enough. Is the plan to stick to 0.30.x on iojs 1.0.0?

[rvagg]

I don't follow V8 development closely but I don't believe there will be another release soon enough to make it in to our 1.0.0 schedule, we're aiming to have an alpha release in a week or two from now.

[ruimarinho]

3.30 has been a huge step already 🙏 since node 0.12 will stay at 0.26, so 3.31 may be too much to ask for. V8 3.31 does ship with a stable implementation of a considerable number of new ES6 features by default (numeric literals, block scoping, classes, object literals extensions and templates).

[ruimarinho]

Out of curiosity, I've just compiled the results of iojs (head) which includes the most recent v8 update and that alone translates into a nice 28% bump on the ES6 compat-table.

[YurySolovyov]

looks like 3.32.1 has been branched, so latest-not-in-dev would be 3.31.74 not sure if it can be called stable though

[ruimarinho]

3.31.74.1 is already on Chrome's dev channel, so it looks like it will be the one moving onto beta and stable. @bnoordhuis, any chance of an upgrade to 3.31 being considered by the TC?

[bnoordhuis]

@ruimarinho I intend to bring it up at the TC meeting tonight.

[bnoordhuis]

PR: #243

[rvagg]

@ruimarinho care to run those es6-compat tests again with #243 merged?

[ruimarinho]

@rvagg: already did (compat-table/compat-table#388)! Do you want me to crosslink with this issue on the commit for future reference? (Edit: mentioned crosslink on commit message).

[rvagg]

thanks @ruimarinho, this is a Big Deal ™️ for io.js ®️

[ruimarinho]

Indeed, that is a game-changer for me and many other developers for sure! It'd also be interesting to see how benchmarks compare against each milestone (previous 3.30.31 upgrade and joyent/0.12.x which is on 3.26).

[ruimarinho]

Added an issue for a dedicated resource on ES6 (#251).