From: "J-P. Rosen" <rosen@adalog.fr>
Subject: Re: Preventing type extensions
Date: Tue, 05 Oct 2010 19:02:27 +0200
Date: 2010-10-05T19:02:27+02:00 [thread overview]
Message-ID: <i8fln0$5gv$1@news.eternal-september.org> (raw)
In-Reply-To: <fda875ed-1583-4dbd-8ec2-556c0385716e@i5g2000yqe.googlegroups.com>
Le 30/09/2010 12:08, Cyrille a �crit :
>> Not at all, but I may not have clearly explained my line of reasoning.
>> 1) (Most important) I think that a method should really be a "method",
> sure a method should be a method. I think it won't be hard to have a
> general agreement on that ;-)
Well... nowadays, many people, and especially the new generation that
has been fed with Java, tends to call "method" every subprogram. I meant
"real methods".
> if there is no reason to use the other methods of the same tagged type
> in the method in question, there is no issue of redispatch anyway. if
> there are such uses and they are done through non-dispatching calls,
> then there are real vulnerabilities and they should be addressed.
> There is no way around that.
Not that fast. You gave convincing examples of that position. I gave (in
my tutorial) convincing examples where redispatching is definitely not
what you want.
My position here is that when redispatching is desired, in most cases,
there is a natural class-wide operation that could handle it. Often
enough to make it a general rule.
[...]
>> 3) I propose to enforce this strict separation, with the added benefit
>> that all dispatching calls are located in class-wide operations, and
>> thus reduce the coverage effort.
>
> what coverage effort? You seem to believe that "pessimistic testing"
> is mandatory... this is not the case in DO-178C as I explained in a
> former post.
Not mandatory, but one possible solution to coverage.
[...]
> The pattern you suggest (using those wrappers) doesn't address any
> vulnerabilities I am aware of and doesn't help much with coverage
> since there are other better ways to achieve the new related objective
> in the DO-178C.
Since DO-178C is not currently publicly available, I'd be delighted to
have pointers about those "new ways" (if they are different from the
other approaches of OOTiA). Or better, come to the workshop!
> but all this line of reasoning has been overtaken by events. Once
> again, "pessimistic" testing is not the preferred way to address the
> new objective. So trying to make "pessimistic" testing less painful is
> just not that interesting anymore.
Hmmm... pessimistic testing is certainly impractical for C++, but I
wonder if it applies to Ada as well.
>> To conclude about differentiating T and T'Class, the trick you suggest
>>> here is easily implementable in other OO languages. There is nothing
>>> magic in creating a wrapper around a given dispatching call and use
>>> this wrapper at each dispatch point.
Not at all, in other languages either a subprogram is a method (part of
the dispatch table), or it applies to a single type. Class-wide
operations are not dispatched, but still can be applied to a whole
hierarchy. OK, I dismiss "void *" parameters...
----
But my goal is not to force my particular views; the important point is
whether an appropriate profile could be defined for high reliability OO
Ada programs. Such a profile could give a definitive competitive
advantage to Ada in that area.
If you (or anyone else on this list, or even in outer space ;) ) have
good ideas about what to put in that profile, by all means, come to the
workshop, or make a proposal (private mail to me, I'll gather proposals).
--
---------------------------------------------------------
J-P. Rosen (rosen@adalog.fr)
Adalog a d�m�nag� / Adalog has moved:
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
Tel: +33 1 45 29 21 52, Fax: +33 1 45 29 25 00
next prev parent reply other threads:[~2010-10-05 17:02 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-12 10:18 Preventing type extensions Florian Weimer
2010-09-12 11:59 ` Ludovic Brenta
2010-09-12 12:53 ` Florian Weimer
2010-09-12 21:23 ` Maciej Sobczak
2010-09-13 5:32 ` Florian Weimer
2010-09-13 7:13 ` Dmitry A. Kazakov
2010-09-13 9:19 ` Georg Bauhaus
2010-09-13 9:42 ` Dmitry A. Kazakov
2010-09-13 10:23 ` Niklas Holsti
2010-09-13 12:55 ` Cyrille
2010-09-13 13:55 ` Dmitry A. Kazakov
2010-09-13 21:13 ` J-P. Rosen
2010-09-21 13:57 ` Cyrille
2010-09-21 14:19 ` Dmitry A. Kazakov
2010-09-21 14:44 ` Cyrille
2010-09-21 16:25 ` Dmitry A. Kazakov
2010-09-21 17:11 ` Georg Bauhaus
2010-09-21 18:11 ` Dmitry A. Kazakov
2010-09-23 20:00 ` Simon Wright
2010-09-23 20:49 ` Dmitry A. Kazakov
2010-09-24 9:10 ` Georg Bauhaus
2010-09-24 10:24 ` Dmitry A. Kazakov
2010-09-24 13:30 ` Niklas Holsti
2010-09-24 16:27 ` Dmitry A. Kazakov
2010-09-24 17:47 ` Niklas Holsti
2010-09-24 19:42 ` Dmitry A. Kazakov
2010-09-21 14:32 ` J-P. Rosen
2010-09-21 15:02 ` Cyrille
2010-09-21 15:26 ` J-P. Rosen
2010-09-21 16:18 ` Cyrille
2010-09-22 8:01 ` J-P. Rosen
2010-09-22 17:28 ` Cyrille
2010-09-22 19:30 ` Ludovic Brenta
2010-09-22 19:51 ` Florian Weimer
2010-09-22 20:14 ` Dmitry A. Kazakov
2010-09-22 20:25 ` Florian Weimer
2010-09-22 20:38 ` Dmitry A. Kazakov
2010-09-22 21:25 ` Vinzent Hoefler
2010-09-22 21:20 ` Georg Bauhaus
2010-09-22 20:16 ` Ludovic Brenta
2010-09-22 20:34 ` Florian Weimer
2010-09-22 22:45 ` Britt Snodgrass
2010-09-23 8:02 ` Ludovic Brenta
2010-09-23 16:51 ` Pascal Obry
2010-09-23 18:37 ` Florian Weimer
2010-09-23 18:55 ` Pascal Obry
2010-09-23 20:28 ` Ludovic Brenta
2010-09-24 9:20 ` Ludovic Brenta
2010-09-24 14:49 ` Simon Wright
2010-09-24 15:09 ` Ludovic Brenta
2010-09-24 16:21 ` Robert A Duff
2010-09-25 7:10 ` Pascal Obry
2010-09-25 12:03 ` Brian Drummond
2010-09-24 8:16 ` J-P. Rosen
2010-09-24 8:39 ` Cyrille
2010-09-24 9:27 ` Cyrille
2010-09-29 16:47 ` J-P. Rosen
2010-09-30 10:08 ` Cyrille
2010-10-05 17:02 ` J-P. Rosen [this message]
2010-10-08 7:50 ` Cyrille
2010-10-08 13:58 ` Cyrille
2010-10-08 20:12 ` Dmitry A. Kazakov
2010-10-11 7:57 ` Cyrille
2010-10-11 8:24 ` Dmitry A. Kazakov
2010-10-12 5:23 ` Shark8
2010-10-13 9:06 ` J-P. Rosen
2010-10-13 17:37 ` Cyrille
2010-10-13 18:50 ` Dmitry A. Kazakov
2010-09-21 14:50 ` (see below)
2010-09-21 17:37 ` Cyrille
2010-09-21 19:07 ` (see below)
2010-09-13 13:05 ` Dmitry A. Kazakov
2010-09-13 20:21 ` Niklas Holsti
2010-09-13 21:00 ` Dmitry A. Kazakov
2010-09-13 21:10 ` J-P. Rosen
2010-09-14 12:16 ` Niklas Holsti
2010-09-14 16:46 ` Dmitry A. Kazakov
2010-09-14 18:08 ` Niklas Holsti
2010-09-14 18:32 ` Niklas Holsti
2010-09-15 8:18 ` Dmitry A. Kazakov
2010-09-14 17:04 ` J-P. Rosen
2010-09-13 15:12 ` Securing type extensions (was: Preventing type extensions) Georg Bauhaus
2010-09-13 15:29 ` Securing type extensions Dmitry A. Kazakov
2010-09-13 17:23 ` Simon Wright
2010-09-13 20:22 ` Georg Bauhaus
2010-09-13 20:41 ` Dmitry A. Kazakov
2010-09-14 10:02 ` Georg Bauhaus
2010-09-14 12:22 ` Dmitry A. Kazakov
2010-09-14 21:18 ` Georg Bauhaus
2010-09-15 8:15 ` Dmitry A. Kazakov
2010-09-15 20:47 ` Georg Bauhaus
2010-09-16 7:47 ` Dmitry A. Kazakov
2010-09-16 11:52 ` Georg Bauhaus
2010-09-16 12:45 ` Dmitry A. Kazakov
2010-09-16 20:53 ` Georg Bauhaus
2010-09-16 21:37 ` Dmitry A. Kazakov
2010-09-17 8:45 ` Georg Bauhaus
2010-09-17 9:39 ` Dmitry A. Kazakov
2010-10-05 5:59 ` Randy Brukardt
2010-09-13 18:32 ` Preventing " Florian Weimer
2010-09-13 20:30 ` Dmitry A. Kazakov
2010-09-22 19:41 ` Florian Weimer
2010-09-22 20:34 ` Dmitry A. Kazakov
2010-09-22 21:10 ` Georg Bauhaus
2010-09-17 0:16 ` Shark8
2010-09-17 7:04 ` AdaMagica
2010-09-17 21:05 ` Shark8
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox