bug-guile
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#11198: prefab structs in guile

From: Andy Wingo
Subject: bug#11198: prefab structs in guile
Date: Thu, 05 Jul 2012 23:06:56 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) 
On Thu 05 Jul 2012 22:57, address@hidden (Ludovic Courtès) writes:

> Andy Wingo <address@hidden> skribis:
>
>>   Then you would modify the reader to call out to (ice-9 prefab) with
>> the list after #s, e.g. the (foo ...) in #s(foo ...).  (ice-9 prefab)
>> would return the record, creating the RTD if needed.
>
> The problem with this is that one could precisely forge instances of a
> given record type, thereby breaking the type safety we currently have
> (each instance of a record type is genuine, in the sense of Rees’ “A
> Security kernel Based on the Lambda-Calculus”.)
>
> Does Racket address this somehow?

See:

  
http://docs.racket-lang.org/guide/define-struct.html?q=record&q=structs&q=records#(part._prefab-struct)

Specifically:

  Every prefab structure type is transparent—but even less abstract than
  a transparent type, because instances can be created without any
  access to a particular structure-type declaration or existing
  examples. Overall, the different options for structure types offer a
  spectrum of possibilities from more abstract to more convenient:

    Opaque (the default) : Instances cannot be inspected or forged without
    access to the structure-type declaration. As discussed in the next
    section, constructor guards and properties can be attached to the
    structure type to further protect or to specialize the behavior of its
    instances.

    Transparent : Anyone can inspect or create an instance without access
    to the structure-type declaration, which means that the value printer
    can show the content of an instance. All instance creation passes
    through a constructor guard, however, so that the content of an
    instance can be controlled, and the behavior of instances can be
    specialized through properties. Since the structure type is generated
    by its definition, instances cannot be manufactured simply through the
    name of the structure type, and therefore cannot be generated
    automatically by the expression reader.

    Prefab : Anyone can inspect or create an instance at any time, without
    prior access to a structure-type declaration or an example
    instance. Consequently, the expression reader can manufacture
    instances directly. The instance cannot have a constructor guard or
    properties.

  Since the expression reader can generate prefab instances, they are
  useful when convenient serialization is more important than
  abstraction. Opaque and transparent structures also can be serialized,
  however, if they are defined with define-serializable-struct as
  described in Datatypes and Serialization.

Andy
-- 
http://wingolog.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]