Menu
Search

Forums

Forum Index

June 22, 2022
Gravatar of forkitPosted by forkit
in reply to deadalnix		Reply
forkit
Gravatar of forkit
Posted in reply to deadalnix


Reply
On Wednesday, 22 June 2022 at 23:12:04 UTC, deadalnix wrote:
> On Wednesday, 22 June 2022 at 23:07:19 UTC, forkit wrote:
>> C'mon. I mean really. Are you seriously making an argument, that no benefit can come from 'private(this)'?
>
> forkit, let me introduce you to the concept of burden of proof.
>
> See, nobody has to make that case, so you have no need to strawman anyone. On the other hand, **YOU** have to make the case that there is a benefit.
>
> Every message in this thread that fail to do so bury the case one foot deeper. Say hello to the moles from me, will you?

google scholar.

search for: "benefits of program modularity"

I'm sure you'll find enough material to keep you busy for a long time.... hopefully ;-)
June 22, 2022
Gravatar of deadalnixPosted by deadalnix
in reply to forkit		Reply
deadalnix
Gravatar of deadalnix
Posted in reply to forkit


Reply
On Wednesday, 22 June 2022 at 23:26:11 UTC, forkit wrote:
> No evidence is required to back this up. Even a monkey brain should get it.

Ha, you finally convinced me!

Of the fact you are completely unable to come up with a concrete problem solved by this feature.
June 22, 2022
Gravatar of deadalnixPosted by deadalnix
in reply to user1234		Reply
deadalnix
Gravatar of deadalnix
Posted in reply to user1234


Reply

On Wednesday, 22 June 2022 at 23:31:28 UTC, user1234 wrote:

> 
struct VLA {
private:
    void* ptr;
    size_t length;
public:
    void setLength(size_t value);
}

struct Other {
    VLA vla;
    void imBad() {
        vla.length += 1; // now I may have faults or not when reading the vla
    }
}

This is a good starting point.

Yes, Other will be able to manipulate VLA's innard in this exemple. Now there are two questions that immediately come to mind:
1/ Should it be able to? From this limited example, it's hard to tell, but there is no need to be pedantic so we'll assume that yes it does. You'll note that this is not obvious per so, Other might be a view on the VLA for instance.
2/ If 1/ is true, then do they really belong in the same module?

I think 2/ is the question that is being skipped there, because the very characteristic of a module is to be the place where all the element it contains are implemented. If it is capital that Other is not exposed to the innard of VLA, then is it hard to defend that implementing them both together in the same place is the right design choice.

>

It's about being strict with yourself. What if I'm not really good, make stupid mistakes ? Now I have a security barrier, I can use private(this), the compiler helps me with an error.

While I do indeed believe that it is good to be strict with yourself, I do not believe the arguments extends to private(this) based on the sample provided. In fact, I had to correct said sample to add an explicit reference to vla.length instead of just length. The compiler is already helping you avoiding accessing the innard of another object by mistake, it has to be explicit. The proof is in the pudding, the code had to be modified for it to be explicit.

June 22, 2022
Gravatar of deadalnixPosted by deadalnix
in reply to forkit		Reply
deadalnix
Gravatar of deadalnix
Posted in reply to forkit


Reply
On Wednesday, 22 June 2022 at 23:35:01 UTC, forkit wrote:
> google scholar.
>
> search for: "benefits of program **modul**arity"
>
> I'm sure you'll find enough material to keep you busy for a long time.... hopefully ;-)

Emphasis is mine.
June 22, 2022
Gravatar of forkitPosted by forkit
in reply to deadalnix		Reply
forkit
Gravatar of forkit
Posted in reply to deadalnix


Reply
On Wednesday, 22 June 2022 at 23:37:30 UTC, deadalnix wrote:
> On Wednesday, 22 June 2022 at 23:26:11 UTC, forkit wrote:
>> No evidence is required to back this up. Even a monkey brain should get it.
>
> Ha, you finally convinced me!
>
> Of the fact you are completely unable to come up with a concrete problem solved by this feature.

I think Stroustrup summed it up (in 1987, and with examples) much better than I can:

" Data Abstraction Programming with modules leads to the centralization of all data of a type under the control of a type manager module."

https://www.researchgate.net/profile/Bjarne-Stroustrup/publication/221496180_What_is_Object-Oriented_Programming/links/0f3175393334f4f95b000000/What-is-Object-Oriented-Programming.pdf?origin=publication_detail
June 22, 2022
Gravatar of Paul BackusPosted by Paul Backus
in reply to user1234		Reply
Paul Backus
Gravatar of Paul Backus
Posted in reply to user1234


Reply

On Wednesday, 22 June 2022 at 23:31:28 UTC, user1234 wrote:

>

to be fair, I think that, to any example presented here, the answer will be "put the aggregate declaration in its own module". But let's try something simple:

struct VLA {
private:
    void* ptr;
    size_t length;
public:
    void setLength(size_t value);
}

struct Other {
    VLA vla;
    void imBad() {
        length += 1; // now I may have faults or not when reading the vla
    }
}

It's about being strict with yourself. What if I'm not really good, make stupid mistakes ? Now I have a security barrier, I can use private(this), the compiler helps me with an error.

As you point out, you can already create such a security barrier by splitting the code into separate modules.

Nobody denies that the ability to create more fine-grained security barriers has some utility in some situations. The question is, does it provide enough utility in enough situations to justify the addition of a new language feature?

Personally, I like to write small modules, and would probably put my VLA definition in its own module even if private(this) were available. So private(this) would not actually bring me any benefit in this situation.

(Also, because VLA's invariant is memory-safety related, I would get an additional security barrier by making its private members into @system variables. So the extra protection provided by private(this) would only be relevant in @system or @trusted code--which can bypass access controls anyway.)

June 23, 2022
Gravatar of forkitPosted by forkit
in reply to Paul Backus		Reply
forkit
Gravatar of forkit
Posted in reply to Paul Backus


Reply
On Wednesday, 22 June 2022 at 23:55:17 UTC, Paul Backus wrote:
>
> As you point out, you can already create such a security barrier by splitting the code into separate modules.
>
> Nobody denies that the ability to create more fine-grained security barriers has *some* utility in *some* situations. The question is, does it provide *enough* utility in *enough* situations to justify the addition of a new language feature?
>
> Personally, I like to write small modules, and would probably put my VLA definition in its own module even if `private(this)` were available. So `private(this)` would not actually bring me any benefit in this situation.

Is it a security barrier?

I think of it more as an encapsulation barrier.

Like my wall around my house. It's only secure as long as nobody tries to knock it down.

Also, let's not forget about 'choice' here.

the use of private(this) is the choice of the designer. always!

if it benefits you, choose to use it.

if it doesn't, don't use it.

but currently, D provides NO CHOICE, other than to put every class in its own module, so that it can be treated as a 'defacto' abstract data type.

Walter is already on the record as saying this is not an appropriate contraint to put on programmers.
June 23, 2022
Gravatar of Paul BackusPosted by Paul Backus
in reply to forkit		Reply
Paul Backus
Gravatar of Paul Backus
Posted in reply to forkit


Reply
On Wednesday, 22 June 2022 at 23:51:53 UTC, forkit wrote:
>
> I think Stroustrup summed it up (in 1987, and with examples) much better than I can:
>
> " Data Abstraction Programming with modules leads to the centralization of all data of a type under the control of a type manager module."
>
> https://www.researchgate.net/profile/Bjarne-Stroustrup/publication/221496180_What_is_Object-Oriented_Programming/links/0f3175393334f4f95b000000/What-is-Object-Oriented-Programming.pdf?origin=publication_detail

If you actually look at the quote in context, what Stroustrup is describing is essentially the PIMPL idiom, where the representation of an abstract data type is made entirely opaque to the code using it. This opaqueness is what leads to the shortcomings Stroustrup describes.

D's modules do not work like this, and thus do not suffer from those shortcomings.

Here is a link to a freely-available PDF of the linked paper, on Stroustrup's own website, for anyone else who would like to read it:

https://www.stroustrup.com/whatis.pdf
June 23, 2022
Gravatar of forkitPosted by forkit
in reply to Paul Backus		Reply
forkit
Gravatar of forkit
Posted in reply to Paul Backus


Reply
On Thursday, 23 June 2022 at 00:05:24 UTC, Paul Backus wrote:
>
> If you actually look at the quote in context, what Stroustrup is describing is essentially the PIMPL idiom, where the representation of an abstract data type is made entirely opaque to the code using it. This opaqueness is what leads to the shortcomings Stroustrup describes.
>
> D's modules do not work like this, and thus do not suffer from those shortcomings.
>
> Here is a link to a freely-available PDF of the linked paper, on Stroustrup's own website, for anyone else who would like to read it:
>
> https://www.stroustrup.com/whatis.pdf

so the paper is actually about the features needed to support the use of proper types, on which OOP techniques depend.

the success of both, depend on the design of the types.

the design of the types depend on the features available to define those types.

data hiding is an important feature in his argument (as are other features).

private(this) enables data hiding *within* a module.

you now have the tool needed to define an abstract data type *within* a module.

you are now longer constrained to one class-per-module.

you now have compiler your side, cause it too knows your intent.

it can enforce that intent

it can use that intent to potentially optimise (inline etc..)

it's completely optional to use.

I fail to see the downside (providing the syntax fits in well with the rest of the language, and doesn't stand out like a sore thumb).

once it's in, people will use it, or not, and all this fuss will be long forgotten....
June 23, 2022
Gravatar of forkitPosted by forkit
in reply to Paul Backus		Reply
forkit
Gravatar of forkit
Posted in reply to Paul Backus


Reply
On Thursday, 23 June 2022 at 00:05:24 UTC, Paul Backus wrote:
>

Also the argument from Mike, against this idea, was that you have access to the module. So why protect yourself from what you have access to.

I can use a similar arguement:

by having access to the module, you have the capacity to 'grant' yourself access, or not.

if you grant yourself access to use the internals of your type outside of that type (but within the same module), you're not protected from accidents.

if you don't grant yourself access, you are protected from accidents.

the argument that you have access to the module, and accidents won't happen, or 'just don't do it', is nonsensical.

any programmer knows, that accidents happen - sometimes far too often.

but you have access to the module, so you decide whether you want to be protected from accidents or not.

currently, there is one, and only one way to protect yourself in D.

that's to put every class in its own module.

even closely related classes -> each into their own module.

every abstract data type you define -> into its own module.

it's just a crazy imposition. no other language I've ever used imposes this onto me.
« First   ‹ Prev
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Next ›   Last »