[squeak-dev] Instance variable access in superclasses.Michael van der Gulik mikevdg at gmail.comWed Nov 26 02:20:57 UTC 2008
Hi all. On Wed, Nov 26, 2008 at 12:49 PM, Ramon Leon <ramon.leon at allresnet.com>wrote: > > > > Hi all. > > > > What would people's reaction be if a class was prevented from > > being able to directly access its superclass's instance > > variables? > > I would object. I'm interested in why you'd object. Do you have a deeper reason than "it makes coding harder"? > > Is there any particular reason subclasses get access to > > superclass instance variables? I think it breaks encapsulation. > > > Then we have different definitions of encapsulation. To me encapsulation > means one object can not directly access the state of another object but > must use messages for communication. > > If class #B inherits from class #A an instance of class #B is only *one > object*; i.e. super is not another object but the same object as self and > thus the object should have direct access to *all* of its own instance > variables regardless of where they lie in the inheritance tree. I don't > think encapsulation was intended to protect an object from itself. That's > my 2 cents! > I'm referring to encapsulation of an implementation of something. If a superclass is an "implementation of something", a subclass is a user and extender of that "implementation of something". Allowing a subclass direct access to the innards of its superclass prevents that superclass from being able to protect its carefully guarded state from meddling by subclasses. This is relevant in the area of secure programming for my SecureSqueak project, although I can't think of a good example yet where it would really be a problem. Say you have a class with a carefully guarded secret in it. It would then be possible for untrusted, remotely loaded code to be a subclass of that class and then give out that secret. This makes several assumptions though: firstly that you can somehow create an instance of your subclass with that secret state (which is unlikely) and secondly that the remotely loaded code actually has access to the class and is able to become a subclass of it. Gulik. -- http://people.squeakfoundation.org/person/mikevdg http://gulik.pbwiki.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20081126/1fc9de94/attachment.htm
More information about the Squeak-dev mailing list |