[e-lang] Prize and Milestone as mutable state idioms

[David Wagner]

Tyler Close writes:
>Monty reported this as well. I'm kind of stuck a bit here. Normally, I
>try to provide such documentation for the public APIs intended to be
>called by users of the library and don't for other classes. It's just
>a workload issue. Problem is, in a security review, it's almost like
>every class is public and needs to be well understood by the user
>(security reviewer).

OK, understood.  I think in a security review I would have figured
it out.  If I had gotten to this ValueWriter, it's probably because
I was looking at something that called it, and I think I would have
gotten a better sense of the intended use of this class.

>With the Prize and Milestone classes, I was working on a hypothesis
>that it might be possible to standardize different coding idioms that
>make it possible for a reviewer to understand code with much less
>documentation. Like pushing the ideas embodied in the Joe-E verifier
>further up the semantic stack. The Prize and Milestone classes are an
>admittedly modest start in that direction, but that was the idea. Seem
>plausible?

Sounds plausible, and I find the idea very appealing.  I don't know
if we'll reach "much less documentation" but in some areas less
documentation might suffice.