govaluate
2020-01-26
I’m the author of govaluate, an expression parser that has reached 1k stars on github recently. I admit to being an awful maintainer, and haven’t paid nearly enough attention to it, so i didn’t actually notice it passed 1k stars until just recently.
It occurred to me that this is one of the more impactful things I’ve ever done, and in a fit of narcissism I decided to write down how it came about.
Background
In 2014 I was hired to work at Comcast, as a devops engineer. I was pretty psyched. But soon it became clear that the processes and technology in place were abysmally bad; monitoring was nonexistant, Ruby was used liberally, and what wasn’t Ruby was a Java application stuck into a mandatory SEDA spring-based nightmare framework. It was a mess.
I was tasked with putting together a general way for a service developer to be able to specify what monitoring they wanted to have. Having only dealt with cold and expressionless monitoring systems like SCOM and SiteScope before, and knowing my audience was all developers, I decided I wanted to have something I could just write an expression for. My goal was to have a file where you’d just write
ERR: disk_used >= 95
WARN: requests_per_second > 9000
ERR: some_indicator == "bad" && other_indicator != "good"
and the monitoring system would just keep everything in an in-memory map, and evaluate those expressions every "tick" and alert if any of them came back "false". That’s ultimately what i wanted.
I’d never heard of an "expression parser" before, but I found one called bc-expressions (the ‘bc’ stands for "bandcamp", the company where it was written) which is so obscure i can’t even find the library by googling anymore. It was a recursive descent parser written by hand which did exactly what i wanted. So i used it in the monitoring system, which was about the best thing about the whole system. But I was unhappy with it.
Shortly thereafter, I went to gophercon 2015 (easily the coolest tech con i’ve ever been to). Due to some kind of booking mishap, I got booked into a top-floor corner suite at the hotel, which had more square footage (and tasteful furniture) than my apartment. While there, I got caught up in the spirit of "screw everything that came before, we know how to write good software, let’s just do it". After the first day, I got myself back to the hotel room, and decided I was going to work on something I’d really wanted for a long time - a full-featured, fast, and good expression parser. You can actually see when this happened in the commit history for the library - I’d tinkered with the idea in December 2014, but it wasn’t until June 2015 (the conference) that I actually created a working version.
Writing one
The biggest thing that bugged me about bc-expressions was the speed. It was dog slow. It would simply walk through a string, parsing it as it went, to execute an expression. Nobody accuses recursive descent parsers of being ultra fast, but you know how many string ops and allocs have to get done just to decide that foo > bar? It was maddeningly inefficient. The monitoring agent i was writing had to live on the same box it was monitoring - it could not be slow or bulky. The first thing about govaluate was that it was going to have a "compile" phase, where you created an expression and all the complicated parsing happened then. During execution, it was all switch statements on integer constants. Quite fast, if not perfect. I don’t have access to the benchmarks anymore (I don’t work at comcast) but the difference in execution in all provided cases was roughly two orders of magnitude better for my library.
Not having a compile phase also meant that you couldn’t check the syntax of an expression in bc-expressions until it actually ran. For my users, this meant they had to check in a file of rules, and if they made a typo, it would appear much later - when the expression was actually being used on real machines. There was no way to vet an expression before putting it into the wild. Since most of the expressions they wrote were populated by their application data, you’d have to… put fake data in and run the monitoring daemon? There wasn’t a good answer. Govaluate took the compilation step seriously, meaning that you could vet before you deployed.
There was also the lack of operators. As can be seen, I added more over time. Regex, bitwise, exponential, unary, ternaries, null coalescence - it’s all there. It even parses dates for comparison. govaluate even does functions, albeit poorly and in a way that I’m deeply unhappy with. I’ve had a local fork since 2016 that would correctly handle function calls, but due to a couple failing tests that I never sat down to figure out, it’s been dormant for years.
Users
Listen, this is a total puff piece, so I might as well brag about who uses it. Casbin was the first major library to go big by using my expressions - it put them front and center. If you read their docs, it becomes clear that its’ author and I had a very similar vision for how users should be able to write rules for systems.
More strangely to me, govaluate underpins Hyperledger Fabric’s chaincode policy system, which is in the critical path for defining certificate authorities in Fabric. Seriously it’s terrifying that something I wrote when I was 24 in a hotel room in Denver is now used in military medical academies and blockchain certificate authorities.
The repo even gets cloned thousands of times per day.
Notice those drops? Those are weekends. People mostly clone this when they’re at work. Probably CI/CD toolchains doing builds. About once every 10 minutes someone clones the repo. I know that’s not a lot, compared to other larger libraries, but it’s still weird to think about.
Middle Kingdom
The strangest thing about the library, to this day, has been who adopted it. Github parses out the Referer header from visitors and clone requests, and shows it to you in the "Insights" (previously "trends") tab in the repo. Here’s what it looks like today;
Lot of chinese traffic, right? In the early days, a few chinese universities (including a lot of traffic from the Fourth Military Medical Academy) latched onto it. I expect an instructor probably included it as a dependency in some course packet, and students incidentally pulled it when compiling the example, or something. But even now, there’s a variety of traffic straight from China. I haven’t reached out to other authors of similar libraries, but other authors of similarly popular libraries haven’t had the same traffic, so it beats me why mine is so popular in the middle kingdom.
Status
I mostly write this because, while the library does everything quite well, I feel a little guilty for not doing much to maintain it. It’s 2020 at time of writing, and I realize that the library is almost 6 years old. The last time I really put effort into it was four years ago. It is what it is, and while it feels like i’m being a bad steward by not working on it, it’s also not meant to be worked on. It does its job, and that’s enough. It got a thousand stars without me promoting it (except, i believe exactly two reddit posts which didn’t get any upvotes).
So, here’s to the 20’s. And to any of my Chinese users of the fourth military medical academy, I really hope you’re not using this to create biological weapons or something.
