 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> That's a hilariously bad example
I was assuming you're smart enough to generalize what I'm saying here.
>> And you're either screwed, or you bypass the private part to
>> make it work knowing you'll break on the next release of the library.
>
> And exactly how would making the private members public help this?
If you could go thru the list of private variables and store the values,
then later reassign them to how they were, you're golden, yes?
>>> I disagree. There's no modularity if you can't enforce access rights.
>
>> And you can't enforce access rights in C++, because nothing prevents wild
>> pointers from clobbering anything in memory.
>
> You are nitpicking, and you know it.
No, I really don't understand. You seem to be arguing that a universal
naming convention isn't sufficient to say you have encapsulation, but a lack
of ability to keep others from changing your private variables by accident
is not a hindrance to encapsulation.
You seem to be saying that it's "unmodular" to say you can only violate
encapsulation on purpose via complex library routines intentionally designed
for metaprogramming, but it's modular to let people violate encapsulation by
accident?
> If you write normal, standard-conforming C++, you can perfectly well
> enforce access rights.
Um, no, really, you can't. How do you prevent me from corrupting your
private variables with a wild pointer?
class Alpha {
int abc = 0;
public: int get_abc() { return abc; }
}
You're telling me it's impossible for anyone to write code that would ever
make an instance of Alpha ever return anything but zero when calling
get_abc()? Really??
If I do
Alpha beta;
memset(&beta, 33, 4);
std::cout << beta.get_abc();
I'm still guaranteed to get a 0 printed? How did I violate the standard?
By "standard-conforming", do you mean "never accidentally have undefined
behavior, like using a pointer after you've freed it"?
And the standard that you don't access other instances variables that start
with an underline doesn't count as "standard-conforming"?
Note that if by "standard-conforming" you mean "never making a mistake",
it's not *your* code that makes the mistake. It's someone else's. So now
you're back to trusting everyone to not make mistakes in order to enforce
encapsulation, aren't you? You can't enforce it on your own.
I'm really trying to understand here, ya know. I'm trying to get my head
around it. Maybe I've just been away from compiled languages too long or
something.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> (If you use reflection to, for example, save the state of an object to
> a database to be retrieved later, haven't you kind of locked up the
> structure of that object? You can't make *any* changes whatsoever to it
> without breaking all the stored objects in the database. Doesn't sound
> very enhanceable to me.)
Actually, thinking about it, in this particular case of pushing something
out to a database, the usual method is to use reflection to create a class
based on the database schema, then instantiate objects and populate them
from the database. So changing the object means changing the schema, then
fixing the code that accesses the private variables of the resultant
instances so as to perform the business logic.
So your code for reading the schema might say "I'll create an object when
you read a row. That object will have a class whose name is row_xyz if the
table is named xyz. The fields will be col_abc and col_def if there are two
columns named abc and def. The types will map from SQL to C# (or whatever)
like so: ... I'll provide a routine called "load(...)" for each indexed
key, and one called "save()" that writes the object back and "del()" that
deletes the row from the database. You write the routines that use the
columns as you like."
So when you reorg the database using SQL, you automatically get a new class
without having to write all the code to generate SQL statements populated
with the values of private variables.
You could do this with a code generator, sure, but that's all reflection
stuff really is - using the compiler and runtime at runtime instead of just
compile time.
> If you trash memory, you are writing non-portable, non-standard-conforming
> code. All bets are off. If you want to write code like that
*I* don't write code like that at all. Others do, then blame me when their
bugs break the modularity of my code, making it misbehave. See the problem?
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> Darren New <dne### [at] san rrcom> wrote:
>>> (Well, at least not without some serious hacking.)
>
>> Running off the end of an array is "serious hacking"? I wouldn't think so.
>
> Now I'm completely puzzled. We are talking about public interfaces and
> private members, and you start suddenly talking running off the end of an
> array? I can't see *any* connection whatsoever between these two things.
I'm saying that C++ does not enforce that you don't change private instance
variables from outside the class.
There's a certain subset of valid C++ programs that don't change private
instance variables from outside the class, namely those that don't
accidentally invoke undefined behavior. And there's a valid subset of C#
programs that don't change instance variables from outside the class, namely
those that don't use the reflection libraries. Which do you think is harder
to inspect to see what type of program you have?
>>> I don't understand what you are saying. If a class in C++ does not expose
>>> a member array, then you can't get to that member array from the outside,
>
>> int * p = (int *) 0x123456;
>> *p = 27;
>
>> Find the bug in your code that's setting that member variable to 27.
>
> What member variable?
Whichever one my code just accidentally clobbered. If
>
>> How about
>> // Your code...
>> class xyz {
>> public: int[10] x;
>> private int y = 0;
>> }
>
>> // My code
>> xyz pdq;
>> pdq.x[10] = 27;
>
> You are accessing a public variable, not a private one.
Nope. Read it again. What exactly gets set to 27? Do you think there's a
good chance it might by y?
> It enforces it as long as you don't deliberately try to bypass the
> compiler checks.
No. It enforces as long as you don't *accidentally* bypass the compiler
checks at runtime. That's my point! You *can* accidentally bypass the
compiler checks.
> Deliberately hacking yourself around the compiler checks requires more
> malice than using a public member variable which simply "shouldn't" access.
>
> It sounds like you are saying "since you can't enforce the privacy of
> the members in all possible cases, then they might just as well be public".
> That's BS.
No. I'm saying that in many of these types of languages, including C#, you
can enforce the privacy except in cases where the caller goes to extreme
lengths to bypass that privacy. You don't seem to like the idea that
reflection violates encapsulation, but you seem perfectly happy with the
idea that out of bounds array indecies violate encapsulation, simply because
the standard doesn't say it enforces encapsulation in that case.
>> The compiler doesn't enforce the
>> encapsulation in C++ - it just gives warnings when you use a variable name
>> that's private.
>
> Warnings? Trying to access a private variable gives a compiler error.
Only if you do it in the obvious way. Or are you saying there's a
compile-time warning for calling memset() with too large a size?
>> Granted, if you don't *document* in a universal kind of way what's public
>> and what isn't, you're leaving yourself open to abuse.
>
> That's the great thing about language support for private sections: You
> don't *need* to document that they are private. The compiler will tell you.
Sure you do. You have to put "private:" in front of the private bits and
"public:" in front of the public bits. In Python, you put "export" in front
of the list of names of public functions, and you don't put "export" in
front of the list of names of private functions.
>> Or, in short, you can't protect against bad programmers
> So let's deliberately make bad code?
No. You're assuming the C++ programmers only write standard-conforming code
and never accidentally (or maliciously) bypass the type system with a
runtime bug like a dangling pointer.
Yet you assume the programmer will use reflection to bypass encapsulation
without understanding the drawbacks, or accidentally use a well-marked
private variable, and thus encapsulation is broken.
It's a bit of a double-standard there, I think. That's why I'm a bit
confused. I think I'm seeing what you're saying: I think you're saying
"Ideally, you can't bypass C++ private on purpose in a portable and
standards-conforming way, while C# et al give you a standard way of doing
so." In my experience, this isn't nearly as helpful a distinction as you
seem to have experienced.
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
>> You are accessing a public variable, not a private one.
>
> Nope. Read it again. What exactly gets set to 27? Do you think there's
> a good chance it might by y?
Or, to phrase it differently, do you know of any C++ compiler that won't
clobber y with that code? Given that the layout of the class is required to
match the layout of the corresponding C structure (no virtual methods),
the only real choices would see "clobber y", "dump core", or "do something
completely unrelated to the C++ memory model."
... just to clarify. :-)
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Nicolas Alvarez
Subject: Re: This is the sort of brokenness...
Date: 18 Mar 2009 21:49:22
Message: <49c1a4a1@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Don't write such BS. I am talking about experience. For example I have
> totally changed the internal implementation of this class of mine several
> times, and the public interface has always remained the same regardless,
> and thus the changes have never broken any existing code:
>
> http://warp.povusers.org/FunctionParser/
>
> And by "totally" I mean literally write everything from scratch. And
> no external code breaks. That's the nice thing about modularity. It allows
> me to do that safely.
Instead of using private:, you could just add an underscore to internal
variables. It's not like someone would end up using one of those without
even noticing, so you don't necessarily have to write long documentation
explaining it. If someone used your "private" members, and his code breaks
when you rewrite your implementation, he gets to keep the pieces.
I'm just saying languages with no compiler- or runtime-enforced data hiding
aren't that bad. I'm definitely not suggesting people just add an
underscore when they're using a language that *does* have real private
data.
Post a reply to this message
|
|
| |
| |
|
|
From: Nicolas Alvarez
Subject: Re: This is the sort of brokenness...
Date: 18 Mar 2009 21:52:44
Message: <49c1a56c@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> And if you don't prevent it, you are locking yourself out of ever trying
> to improve your module (without breaking tons of existing code).
Tons of existing code are intentionally accessing stuff they know is subject
to change?
Post a reply to this message
|
|
| |
| |
|
|
From: Nicolas Alvarez
Subject: Re: This is the sort of brokenness...
Date: 18 Mar 2009 21:57:04
Message: <49c1a670@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> nemesis <nam### [at] gmailcom> wrote:
>> Warp escreveu:
>> > And again, you are hacking on
>> > purpose, trying to bypass the compiler checks, rather than using those
>> > checks to catch your mistakes.
>
>> How this is any different from someone breaking a contract on purpose is
>> beyond me.
>
> It's different because if you do it by mistake, nothing will tell you.
If you're using an underscore-prefixed member in Python, you *know* it's
private. It's not "done by mistake".
Plus, those aren't in the documentation, so you'd have to read the source
code to figure out their names.
Post a reply to this message
|
|
| |
| |
|
|
From: Nicolas Alvarez
Subject: Re: This is the sort of brokenness...
Date: 18 Mar 2009 22:04:11
Message: <49c1a81b@news.povray.org>
|
|
|
| |
| |
|
|
Warp wrote:
> Why not? Having the compiler check for breaking of agreements (eg.
> "don't
> access these variables") is much better than oral agreements. The compiler
> is much better at catching mistakes than you are.
It's an underscore or something else clearly visible in the offending
(= private-data-using-) code, not an oral agreement.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nicolas Alvarez wrote:
> If you're using an underscore-prefixed member in Python, you *know* it's
> private. It's not "done by mistake".
Actually, to use C++ terminology, that makes it protected. Two underscores
makes it private. :-)
--
Darren New, San Diego CA, USA (PST)
My fortune cookie said, "You will soon be
unable to read this, even at arm's length."
Post a reply to this message
|
|
| |
| |
|
|
From: Nicolas Alvarez
Subject: Re: This is the sort of brokenness...
Date: 18 Mar 2009 22:06:52
Message: <49c1a8bb@news.povray.org>
|
|
|
| |
| |
|
|
Darren New wrote:
> Warp wrote:
>> I don't understand what you are saying. If a class in C++ does not
>> expose
>> a member array, then you can't get to that member array from the outside,
>
> int * p = (int *) 0x123456;
> *p = 27;
Undefined behavior.
> How about
> // Your code...
> class xyz {
> public: int[10] x;
> private int y = 0;
> }
>
> // My code
> xyz pdq;
> pdq.x[10] = 27;
Undefined behavior.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
