[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#11198: prefab structs in guile
From: |
Andy Wingo |
Subject: |
bug#11198: prefab structs in guile |
Date: |
Thu, 05 Jul 2012 23:06:56 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) |
On Thu 05 Jul 2012 22:57, address@hidden (Ludovic Courtès) writes:
> Andy Wingo <address@hidden> skribis:
>
>> Then you would modify the reader to call out to (ice-9 prefab) with
>> the list after #s, e.g. the (foo ...) in #s(foo ...). (ice-9 prefab)
>> would return the record, creating the RTD if needed.
>
> The problem with this is that one could precisely forge instances of a
> given record type, thereby breaking the type safety we currently have
> (each instance of a record type is genuine, in the sense of Rees’ “A
> Security kernel Based on the Lambda-Calculus”.)
>
> Does Racket address this somehow?
See:
http://docs.racket-lang.org/guide/define-struct.html?q=record&q=structs&q=records#(part._prefab-struct)
Specifically:
Every prefab structure type is transparent—but even less abstract than
a transparent type, because instances can be created without any
access to a particular structure-type declaration or existing
examples. Overall, the different options for structure types offer a
spectrum of possibilities from more abstract to more convenient:
Opaque (the default) : Instances cannot be inspected or forged without
access to the structure-type declaration. As discussed in the next
section, constructor guards and properties can be attached to the
structure type to further protect or to specialize the behavior of its
instances.
Transparent : Anyone can inspect or create an instance without access
to the structure-type declaration, which means that the value printer
can show the content of an instance. All instance creation passes
through a constructor guard, however, so that the content of an
instance can be controlled, and the behavior of instances can be
specialized through properties. Since the structure type is generated
by its definition, instances cannot be manufactured simply through the
name of the structure type, and therefore cannot be generated
automatically by the expression reader.
Prefab : Anyone can inspect or create an instance at any time, without
prior access to a structure-type declaration or an example
instance. Consequently, the expression reader can manufacture
instances directly. The instance cannot have a constructor guard or
properties.
Since the expression reader can generate prefab instances, they are
useful when convenient serialization is more important than
abstraction. Opaque and transparent structures also can be serialized,
however, if they are defined with define-serializable-struct as
described in Datatypes and Serialization.
Andy
--
http://wingolog.org/