[cap-talk] Capabilities for immutable data
David Barbour
dmbarbour at gmail.com
Fri Feb 18 21:14:15 PST 2011
On Fri, Feb 18, 2011 at 6:38 PM, Sandro Magi <naasking at higherlogics.com> wrote:
> I should have linked to my long post on the issue on LtU, Confused
> Deputies in Programming Languages:
>
> http://lambda-the-ultimate.org/node/2706
>
> confused deputies can occur with certain abstract data types.
> Alan's example in Java demonstrates this, and I translated that
> example to OCaml's module language, and this problem doesn't
> seem to require side-effects of any sort.
ADTs fundamentally are used for rights amplification patterns. You
bring an ADT value together with a capability for operations on it,
and presto: you have more rights than you would with either alone. (I
use ADTs for precisely this purpose - model first-class ADTs with
sealers/unsealers. But the flavor is slightly different because I
divide the manipulation caps to different chunks of the application.)
The particular example you raise here would be trivially fixed with a
slightly different organization of types (Log, Output, Compiler).
Insofar as you want to use types instead of capabilities, the problem
is easily resolved. But it isn't clear how it would have been a
problem at all with a pure system. Perhaps you need to clarify.
More information about the cap-talk
mailing list