[cap-talk] "Composite", was "Same" key

[David Hopwood]

James A. Donald wrote:
> David Hopwood wrote:
>
>  > However, this is a separate question to whether we
>  > need an agreed terminology for describing abstractions
>  > made up of multiple objects that share state. We
>  > clearly do need this.
> 
> No we don't.
> 
> Repeating in different words:  We do not need a word for
> the general pattern, for the general pattern is not
> useful.  We need, and have, words for particular cases
> of this pattern that *are* useful.
[...]
> "Inheritance" and "aggregation", "Is a", and "has a",
> are two useful patterns.  I do not see any value in
> having a more general terminology that refers to both
> useful patterns and dangerously bad programming the same
> word.

I don't agree: for the purpose of security analysis, I think that we
do need a word that covers sharing of state between objects in general,
including cases that are "good" from a modularity and/or security point
of view, and cases that are "bad". That is, before we have analysed any
particular case in detail, we need to be able to say that it is a case
where state is being shared.

Note that, although the analysis of objects described as abstractions is
context-dependent and somewhat subjective, it is much *less* subjective
than identifying patterns according to their usefulness. Alias analysis
can be done semi-automatically (e.g. see
<http://www.stanford.edu/~bhackett/hackett06aliasing.pdf> or
Google 'type alias analysis'), whereas being able to identify "useful" vs
"bad" programming patterns semi-automatically is well beyond the state of
the art (even assuming we had collected objective evidence about which
patterns are bad).

I also don't agree with the implication that "useful patterns" and
"dangerously bad programming" are mutually exclusive: a pattern that
is useful in some cases can be dangerously bad in others. This
particularly applies to inheritance, BTW.

-- 
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>