[e-lang] Bug in Guard-based Auditor design

Kevin Reid kpreid at mac.com
Sun Mar 23 11:59:47 EDT 2008 

On Mar 23, 2008, at 11:55, Mark Miller wrote:

> E-lang'ers, I'm posting this message now despite lack of context. It
> relates to the guard-based-auditing design that Kevin, Dean, and I
> have been discussing, and which Kevin is writing up at
> <http://wiki.erights.org/wiki/Guard-based_auditing>. Hopefully, enough
> context will appear soon for this to start to make sense.

I have now updated the wiki page, partially; I will review my design  
notes more thoroughly later.

The particular context is that in the current 'extends' sugar, there  
is no way to specify a guard on the 'super' variable for the benefit  
of auditors.

> I don't think it works to have
>
>    def foo extends bar { ...
>
> expand to
>
>    { def &&super := &&bar
>       def foo { ...

This && assignment was my suggested fix; it copies the exact binding  
of 'bar' to 'super', including the guard-for-auditing-purposes.

> since it changes the value-level meaning too much. Currently, if bar
> is a var and is reassigned after super is initialized, super is
> unaffected. With this translation change, super will track the
> reassignment of bar. This is too surprising.


Just do this, and maybe have the compiler optimize it out...

def &&super := __snapshotBinding(&&bar)


def __snapshotBinding(binding :CoercedSlot) {
   return switch (def slot := binding[]) {
     match f :FinalSlot ? (f == slot) {
       binding
     }
     match v :VarSlot ? (v == slot) {
       # Optional, extra credit
       unsafeMakeCoercedSlot(FinalSlot[v.getGuard()], v.getValue())
     }
     match anySlot {
       makeCoercedSlot(any, makeFinalSlot(anySlot[]), null)
     }
   }
}

Interesting thought: if we were doing things such that the *slot*  
contained the guard-for-auditing-purposes, then the second case could  
be Aa new operation "v.snapshot()", yielding a CoercedSlot. But since  
the guard-tracking is at a separate layer, that can't happen as  
directly. If we were to do it, it would be in two parts:

     <varSlot 1 :int>
   .snapshot() =>
     <coercedSlot 1 :int>
   .promote() =>
     <coercedSlot <finalSlot 1> :FinalSlot[int]>

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>

More information about the e-lang mailing list