A question about private types

A question about private types

[Mike H]

... Or, at lest, I expect the answer to be about private types.

My instinct is that the package below is vulnerable to erroneous use
because the "Address" component of "Cell_type" can be changed. I suspect
that this vulnerability could be removed if "Grid_index_type" is made
read only. I have attempted to make it a private type but it then
becomes non-discrete and can no longer be used as a parameter in
functions such as "Line_of".

Help please! And, preferably, in a form where the new source code is
sufficiently transparent to be understood when doing a "walk-through"
with a C++ speaker.

-- ==================================================
-- This package attempts to provide type-safe elementary procedures for
-- use in a problem domain in which a linear array of 81 records is to
be
-- mapped to, or from, 9 lines of 9, 9 columns of 9 or 9 blocks of 3x3
--
-----------------------------------------------------------------------
package Sudoku_types is

   type Status_type is (Predefined, Solved, Not_solved);
   subtype Cell_value is Character range '0'..'9';
   Space : constant Cell_value := '0';
   subtype Candidate is Cell_Value range '1'..'9';
   type Candidature is Array (Candidate) of Boolean;
   subtype Count_range is Integer range 0..9;

   type Cell_Data is
      record
         Status           : Status_type := Not_solved;
         Content         : Cell_value    := Space;
         Candidates    : Count_range := 9;
         Is_candidate  : Candidature  := (others => true);
      end record;

   type Grid_index_type is range 1 .. 81;

   -- to simplify mapping in either direction each cell contains its own
   -- (home) address within the grid
   type Cell_type is
      record
         Address : Grid_index_type;  -- ========== vulnerable?
         Data      : Cell_data;
      end record;
   type Grid_type is array (Grid_index_type) of Cell_type;

   -- Seed each cell with its own "home" address and set the data to
   -- default values
   procedure Initialise (Grid : in out Grid_type);

   -- ===================================================
   -- A line, column or block of the grid may be mapped onto a vector
   type Vector_index_range is range 0..9;
   subtype Vector_index  is Vector_index_range range 1..9;
   type Vector_type is array (Vector_index) of Cell_type;

   -- ===================================================
   -- Lines
   type Line_number is range 1..9;
   function Line_of (G : in Grid_index_type) return Line_number;
   function Line (L : in Line_number;
                  Grid : in Grid_type) return Vector_type;

   -- ===================================================
   -- Columns
   type Column_number is range 1..9;
   function Column_of (G : in Grid_index_type) return Column_number;
   --  etc., etc. ..........

   end Sudoku_types;

-- 
Knowledge is knowing a tomato is a fruit
Wisdom in knowing not to put it in the fruit salad.
Mike ;-)

Re: A question about private types

[Adam Beneschan]

On Thursday, June 12, 2014 8:03:05 AM UTC-7, Mike H wrote:
> ... Or, at lest, I expect the answer to be about private types.

> My instinct is that the package below is vulnerable to erroneous use
> because the "Address" component of "Cell_type" can be changed. I suspect
> that this vulnerability could be removed if "Grid_index_type" is made
> read only. I have attempted to make it a private type but it then
> becomes non-discrete and can no longer be used as a parameter in
> functions such as "Line_of".
> 
> Help please! And, preferably, in a form where the new source code is
> sufficiently transparent to be understood when doing a "walk-through"
> with a C++ speaker.

If you want to prevent clients from modifying the "Address" of a Cell_Type, the answer is to make Cell_Type (not Grid_Index_Type) private, and add procedures/functions for retrieving the fields from Cell_Type that you want to give them permission to retrieve, and for setting the fields that you want to give them permission to set.

By the way, I don't understand this:
  
> I have attempted to make [Grid_Index_Type] a private type but it then 
> becomes non-discrete and can no longer be used as a parameter in 
> functions such as "Line_of".

Making Grid_Index_Type private would cause problems for your Grid_Type definition (although you might be able to use Ada 2012's user-defined indexing features to get around it).  But why would Grid_Index_Type no longer be usable as a parameter to Line_Of?  I'm asking this just in case you have some misunderstanding about the language that needs to be corrected.

                              -- Adam

Re: A question about private types

[Jeffrey Carter]

On 06/12/2014 08:03 AM, Mike H wrote:
>
> My instinct is that the package below is vulnerable to erroneous use
> because the "Address" component of "Cell_type" can be changed. I suspect
> that this vulnerability could be removed if "Grid_index_type" is made
> read only. I have attempted to make it a private type but it then
> becomes non-discrete and can no longer be used as a parameter in
> functions such as "Line_of".

There's no reason a function can't have a parameter of a private type.

>
>     type Grid_index_type is range 1 .. 81;
>
>     -- to simplify mapping in either direction each cell contains its own
>     -- (home) address within the grid
>     type Cell_type is
>        record
>           Address : Grid_index_type;  -- ========== vulnerable?
>           Data      : Cell_data;
>        end record;
>     type Grid_type is array (Grid_index_type) of Cell_type;

A private type can't be used as an array index as you're doing here, however. 
Perhaps that's really what you're complaining about.

Even if Grid_Index_Type were private, Address could still be changed.

Address would be harder to change if it were a discriminant:

type Cell_Type (Address: Grid_Index_Type := Some_Initial_Value) is record
     Data : Cell_Data;
end record;

The default is needed for Cell_Type to be definite and so usable as the 
component type of an array type. You can still change Address by assigning to 
the whole record.

If that's not good enough, I'd make Cell_Type limited private, and provide 
Address and Data functions and a Set procedure that takes a Cell_Data.

-- 
Jeff Carter
"My mind is a raging torrent, flooded with rivulets of
thought, cascading into a waterfall of creative alternatives."
Blazing Saddles
89

Re: A question about private types

[Mike H]

In message <lncnhn$e4i$1@dont-email.me>, Jeffrey Carter 
<spam.jrcarter.not@spam.not.acm.org> writes
>A private type can't be used as an array index as you're doing here, 
>however. Perhaps that's really what you're complaining about.
>
>Even if Grid_Index_Type were private, Address could still be changed.
>
>Address would be harder to change if it were a discriminant:
>
>type Cell_Type (Address: Grid_Index_Type := Some_Initial_Value) is record
>    Data : Cell_Data;
>end record;
>
Thanks, perhaps I'll take a closer look at that. It may also solve a 
second niggling worry. If Grid_index_type is a subtype of some type that 
is range 0..81 then Some_initial_value = 0 could be used to flag an 
un-initialised grid.
-- 
Time flies like an arrow. Fruit flies like a banana.
Mike