Oppinion on 'least priviledge', 'const correctness', etc.
in [General Programming]
|
Prev: Simple Hack TO Get $1500 To Your PayPal Account.
Next: Const correctness (was Re: Oppinion on 'least priviledge', 'constcorrectness', etc.)
From: Alexander on 20 Jul 2010 09:00 Wherever I find something on the topic, these are considered positive. Why? I only find it time-consuming. Could you respond (preferably on comp.programming) why it can be considered as such, but motivated, that is without responses like "it's good software engineering practice", "it's just better", etc... I'm a learner, and I think now is the best time to shape out practices and priorities.
From: Francesco S. Carta on 20 Jul 2010 09:36 Alexander <alvatov(a)gmail.com>, on 20/07/2010 06:00:45, wrote: > Wherever I find something on the topic, these are considered positive. > Why? I only find it time-consuming. Could you respond (preferably on > comp.programming) why it can be considered as such, but motivated, > that is without responses like "it's good software engineering > practice", "it's just better", etc... I'm a learner, and I think now > is the best time to shape out practices and priorities. I'll stick to a practical example in C++, if something in my code isn't clear to you please bring it to comp.lang.c++ again. In C++, const-correctness is not just positive but necessary wherever you need to instantiate a class, pass it somewhere as a constant object or (or reference, or pointer) and _then_ call some member function on it: //------- #include <iostream> using namespace std; class Sloppy { public: Sloppy(int i) : data(i) {} // the following does not change // the class' data, but it could // as it is not declared const int get_data() { return data; } private: int data; }; class Good { public: Good(int i) : data(i) {} // the following could not change the class' data // even if it wanted, because it is declared const int get_data() const { return data; } private: int data; }; // the following function takes a // non const reference and can call // whatever member function on it template<class T> void normal_param(T& t) { cout << t.get_data() << endl; } // the following function takes a const reference // and can call only const member functions on it template<class T> void const_param(const T& t) { cout << t.get_data() << endl; } int main() { Good good(42); Sloppy sloppy(78); // the following three compile fine normal_param(good); normal_param(sloppy); const_param(good); // the following chokes the compiler // so that we know we're doing something weird const_param(sloppy); } //------- I don't know about "least privilege", I'll look it up. As an aside, if you want people to follow-up on a particular group you can set it so in your newsreader, if really needed. Cheers, Francesco -- FSC - http://userscripts.org/scripts/show/59948 http://fscode.altervista.org - http://sardinias.com
From: Christian Hackl on 20 Jul 2010 11:43 Alexander ha scritto: > Wherever I find something on the topic, these are considered positive. The C++ FAQ explains the benefits of const correctness: http://www.parashift.com/c++-faq-lite/const-correctness.html#faq-18.2 Const correctness makes ordinary type safety even stronger because it restricts what you can do with an object. All arguments in favour of ordinary type safety apply also to const correctness. (followup-to comp.lang.c++) -- Christian Hackl hacki(a)sbox.tugraz.at Milano 2008/2009 -- L'Italia chiam�, s�!
From: Öö Tiib on 20 Jul 2010 12:29 On 20 juuli, 16:00, Alexander <alva...(a)gmail.com> wrote: > Wherever I find something on the topic, these are considered positive. > Why? I only find it time-consuming. I have heard them named as "principle of minimal privilege" and "const correctness". Illustrative example: Imagine that you play classical click-around, find-items, combine-and-use-them-to-proceed adventure game. You need to use 5 items for winning it but the game throws at you 80 red herring items too. Some of the items may lead you to wrong, useless places or into inescapable situations (that game does not indicate any way). Fun to click and try to combine them all and to use everywhere and then to reload earlier saves and to retry? No. Most like it be better if game does not give red herrings to them at all or gave lot less than possible. So "more" is not always "better". Same is with access restrictions in computer science. Anyone writing module or class interfaces should take good care about it being sufficient and complete for its purpose. It is done for protecting the users of interface from need to know about various red herrings and wrong places. Best is to give to user *only* such information and resources and access that they need for legitimate usage purposes. Also it is important to give them *everything* that they need for legitimate usage purposes, otherwise they start to ask questions like "is this game winnable at all". ;) Of course it is initially time consuming for interface designer to carefully arrange that access but it saves lot of time of the innocent users of the interface. Also it gets easier when you have habit to do it. If you write it all by yourself you may initially think that you are the user yourself (and so not innocent) and so it does not apply and habit is not needed. Wrong. Let me display why you are wrong there too. Why you write it at all? Usually it is done for fame and/or big bucks. What is goal-reaching indicator? Popularity and/or commercial success. Have you faced (however limited) popularity or commercial success? It is terrible thing. The list of bugs and feature requests may grow to hundreds or thousands despite how good effort you put up. You will see it is hard, when you are lucky enough. Lets say you manage alone? During maintenance your product grows over 100 000 lines of code easily in less than 5 years heroic maintenance. 100 000 lines is about the spot where you start to forget things why you wrote that or that. Finally you are player yourself with full of red herrings puzzle. You need to maintain it and hate it at same time. You can not possibly manage alone. Now comes last point. Writing interfaces lousily is bad habit. Others do not like it. It is very hard to find allies. Very precious few can navigate in 100 000 lines of one-man spaghetti. None of these precious few lacks better offers or opportunities than to join you. Also it is very hard for you to get rid of your bad habits (you have worked by them for 5 years say). > Could you respond (preferably on > comp.programming) why it can be considered as such, but motivated, > that is without responses like "it's good software engineering > practice", "it's just better", etc... I'm a learner, and I think now > is the best time to shape out practices and priorities. Why you cross posted to several groups? Post into every group individually if you need different opinions. There are lot more languages. Each is different. For example java does not have language elements dedicated for const correctness at all i think. However ... general reasons why principle of minimal privileges is good to follow are lot older than C++ or java. I think most good developers have habit to limit access to their modules internals in one way or other.
From: Richard Heathfield on 20 Jul 2010 12:36
Alexander wrote: > Wherever I find something on the topic, these are considered positive. > Why? I only find it time-consuming. Could you respond (preferably on > comp.programming) why it can be considered as such, but motivated, > that is without responses like "it's good software engineering > practice", "it's just better", etc... I'm a learner, and I think now > is the best time to shape out practices and priorities. The more power you have, the easier it is to screw things up. That's why we have admin accounts and user accounts - we use the admin account when we must, and we're *really careful* when we do, but we use the user account most of the time because mistakes are less costly. const-correctness: If an object is const-qualified, a function can't change its value. Consequently, it can't screw up the value. So we only give functions write access to objects when we really need to (and then we're *really careful* to ensure that they only write appropriate values to those objects that are not const). Least privilege: same reasoning as above (especially the admin/user parallel). The less power you accord to a function/program/whatever, the less it can screw things up. So, as far as is practical, you only give the minimum privileges necessary to accomplish the task at hand. -- Richard Heathfield <http://www.cpax.org.uk> Email: -http://www. +rjh@ "Usenet is a strange place" - dmr 29 July 1999 Sig line vacant - apply within |