Re: Preventing type extensions

["J-P. Rosen" <rosen@adalog.fr>]

Le 24/09/2010 11:27, Cyrille a �crit :
> On Sep 24, 10:39 am, Cyrille <co...@eu.adacore.com> wrote:
>> OK, I kind of supposed you had something like that in mind. Many years
>> ago, we proposed a similar idea in a few papers, See for instancehttp://www.adacore.com/wp-content/uploads/2006/03/Certification_OO_Ad....
>> Another one written by Franco G. is even mentioned in Chelinsky's FAA
>> study on OO (seehttp://www.tc.faa.gov/its/worldpac/techrpt/ar0717.pdf).
>> The study is worth reading by the way... We had more automatic
>> translation in mind at the time but the idea is the same.
>> doing this
Thanks for the pointers, but they seem to be quite close to what I am
suggesting

> Suggesting to do such a transformation manually at the source code
> level as you do is particularly dubious since it is in the category of
> program transformations whose only purpose is to circumvent specific
> verifications. 
Not at all, but I may not have clearly explained my line of reasoning.
1) (Most important) I think that a method should really be a "method",
i.e. an abstract operation that is implemented in different ways by
different objects belonging to a class; i.e. all drawable objects have a
"paint" method, but each objet has its own way, its own /method/, of
painting itself. Since this is closely linked to a single member of a
class, there is no reason to redispatch in such a method.

2) There is often a need to provide higher level operations, that are
/not/ methods, but that are generally implemented by a combination of
methods: Move=Erase, change position, Draw. Having these as class-wide
operations rather than redispatching methods guarantees that the same
behaviour is obtained for all members of the class.

3) I propose to enforce this strict separation, with the added benefit
that all dispatching calls are located in class-wide operations, and
thus reduce the coverage effort.

4) (this is the topic of my previous messages) If in some cases there is
a real need for redispatching, it is still possible to follow this
pattern by subcontracting the dispatching to a class-wide operation that
does nothing else. But this should be a rare exception.

There is no question of cheating, or maybe you consider that the
patterns for programming under the Ravenscar profile are a way of
cheating with the restrictions. The idea here is the same: provide a
well defined pattern to ease certification.

In some cases this pattern will make things more difficult? Sure.
Everything is simpler if you don't need certification ;-)

Note that this is quite close to Franco's approach, except that I don't
rely on a specific implementation, thus preserving portability.

[...]

> To conclude about differentiating T and T'Class, the trick you suggest
> here is easily implementable in other OO languages. There is nothing
> magic in creating a wrapper around a given dispatching call and use
> this wrapper at each dispatch point. 
The benefit of class-wide operations is that they are easily
recognizable, and therefore my proposed pattern is easily checkable by
tools (read: will appear in AdaControl as soon as I get around to it).

I don't think it would be as easy in other languages to ensure that the
profile is followed.

-- 
---------------------------------------------------------
           J-P. Rosen (rosen@adalog.fr)
Adalog a d�m�nag� / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00