[Q] Scripting Languages OO features
Richard A. O'Keefe
ok at cs.otago.ac.nz
Mon May 26 22:13:40 UTC 2003
Marco Paga <mail at marco-paga.de> wrote:
The author Cai Ziegler says the following (translated): "In
nearly every scripting language the principle of secret (I mean
that you can make something private) is broken. Because scripts
are not compiled, and the source can be read and edited, it is
easy for everybody to change the modifiers of methods from
protected or private to to public."
He is confusing two different things:
(a) The encapsulation of objects from EACH OTHER.
(b) The encapsulation of sources from PEOPLE.
His observation about changing method scope applies every bit as strongly
to compiled languages such as C++ and even Ada. Amongst commonly used
languages, Ada is about as strict as they come. (It's the only programming
language I've ever used where you may have any number of *incompatible*
integer types, so that for example row subscripts and column subscripts
for a matrix _can't_ be mixed up.) But even in Ada, if you can modify
the sources, you can break into anything.
He has also forgotten that in real operating systems you can have files
which are readable but NOT editable and that it is standard practice,
at least amongst the more careful programmers, to give scripts just such
protection.
So, even Ada does not and cannot protect sources from sufficiently
authorised people. (Thank goodness for that. Otherwise we'd never
be able to fix anything.) On the other hand, the possibility of
a sufficiently authorised person modifying the sources does NOT mean
that the objects are not adequately protected from each other.
(Of course, it doesn't mean they are, either.)
Every Squeaker has the source and can add instance var accessors
to the classes whereever it is interesting for her. So why is
it a problem in PHP and not in Squeak?
(1) If scripts are owned by one identity and run by another identity
which only has permission to read, not to modify, the sources,
then it ISN'T a problem in PHP.
(2) Who said it isn't a problem in Squeak? In Squeak it's worse, because
anything a programmer can do through the Browser, a program can do.
Nothing in Squeak stops me writing a method in my own class which
copies all of the methods in String to Object.
In the early days of Pop-2 at Edinburgh, which was also an "open"
system in the sense that the system was implemented in itself and
could be modified easily, I'm told there was a game: delete as
much of the system as you can while still being able to log out.
Occasionally, a modification to Squeak will break the (sadly,
unstated) system invariants enough to bring the whole system down
in steaming rubble. I've had this happen to me a couple of times.
Too bad.
In Pop-2, Interlisp-D, Smalltalk, &c the system is theoretically
so wide open that you could drive a coach and four through every corner.
It's not much of a problem in practice because by and large people don't
WANT to do bad things. (Except occasionally when someone wants to
bring out the coach and four and grab the arguments of an ancestral
method as an array, or something like that.)
To put it another way, the "forces" which protect a Squeak programmer
are not language mechanisms so much as *social* forces; books which
explain in detail what constitutes good Smalltalk style, the desire
to have the respect of one's fellow Smalltalkers, the desire not to
look a drooling idiot amidst the steaming rubble of your image...
More information about the Squeak-dev
mailing list
|