[Q] Scripting Languages OO features

Richard A. O'Keefe ok at cs.otago.ac.nz
Mon May 26 22:13:40 UTC 2003


Marco Paga <mail at marco-paga.de> wrote:
	The author Cai Ziegler says the following (translated): "In
	nearly every scripting language the principle of secret (I mean
	that you can make something private) is broken.  Because scripts
	are not compiled, and the source can be read and edited, it is
	easy for everybody to change the modifiers of methods from
	protected or private to to public."

He is confusing two different things:
(a) The encapsulation of objects from EACH OTHER.
(b) The encapsulation of sources from PEOPLE.

His observation about changing method scope applies every bit as strongly
to compiled languages such as C++ and even Ada.  Amongst commonly used
languages, Ada is about as strict as they come.  (It's the only programming
language I've ever used where you may have any number of *incompatible*
integer types, so that for example row subscripts and column subscripts
for a matrix _can't_ be mixed up.)  But even in Ada, if you can modify
the sources, you can break into anything.

He has also forgotten that in real operating systems you can have files
which are readable but NOT editable and that it is standard practice,
at least amongst the more careful programmers, to give scripts just such
protection.

So, even Ada does not and cannot protect sources from sufficiently
authorised people.  (Thank goodness for that.  Otherwise we'd never
be able to fix anything.)  On the other hand, the possibility of
a sufficiently authorised person modifying the sources does NOT mean
that the objects are not adequately protected from each other.
(Of course, it doesn't mean they are, either.)

	Every Squeaker has the source and can add instance var accessors
	to the classes whereever it is interesting for her.  So why is
	it a problem in PHP and not in Squeak?

(1) If scripts are owned by one identity and run by another identity
    which only has permission to read, not to modify, the sources,
    then it ISN'T a problem in PHP.

(2) Who said it isn't a problem in Squeak?  In Squeak it's worse, because
    anything a programmer can do through the Browser, a program can do.
    Nothing in Squeak stops me writing a method in my own class which
    copies all of the methods in String to Object.

    In the early days of Pop-2 at Edinburgh, which was also an "open"
    system in the sense that the system was implemented in itself and
    could be modified easily, I'm told there was a game:  delete as
    much of the system as you can while still being able to log out.

    Occasionally, a modification to Squeak will break the (sadly,
    unstated) system invariants enough to bring the whole system down
    in steaming rubble.  I've had this happen to me a couple of times.
    Too bad.

In Pop-2, Interlisp-D, Smalltalk, &c the system is theoretically
so wide open that you could drive a coach and four through every corner.
It's not much of a problem in practice because by and large people don't
WANT to do bad things.  (Except occasionally when someone wants to
bring out the coach and four and grab the arguments of an ancestral
method as an array, or something like that.)

To put it another way, the "forces" which protect a Squeak programmer
are not language mechanisms so much as *social* forces; books which
explain in detail what constitutes good Smalltalk style, the desire
to have the respect of one's fellow Smalltalkers, the desire not to
look a drooling idiot amidst the steaming rubble of your image...



More information about the Squeak-dev mailing list