Priorities

Laurent Martelli martelli@iie.cnam.fr
03 Jan 1999 15:13:13 +0100


>>>>> "Anders" == Anders Petersson <anders.petersson@mbox320.swipnet.se> writes:

    >>> Sounds like this type system provides the security, is that
    >>> so? But what if the binary code is altered - by mistake or on
    >>> purpose? And can all programming languages be used, or just
    >>> one?

My point of view is that type of parameters of a function is part of
the specs for that function. To me it's a special case of specs. If
you have a function `f' which takes one parameter `p' and you don't
specify the type of the parameter, it will checked at run time
depending on how you use the parameter (à la Smalltalk). But you can
provide a pre conditition whch says that p should be an integer. It
will allow the compiler/interpreter to optimise in the case it knows
the parameters you give fo f is an integer. But you could also say
that p should be positive and smaller than 50. In this case, the
compiler/interpreter can choose to store the parameter on 6 bits if it
thinks it is accurate. (Chances are it is more efficient to store it
on a multiple of 8 bits). 


    Anders> My version is: shit happens. No system (at least not ours)
    Anders> can to 100% assure that code is valid. 

Unless code is generated by the system from the specs. It should be
enough to have a few axioms that we know are valid. 

    Anders> It could be hardware failures or hackers. If someone
    Anders> alters the code so the program doesn't care for security,
    Anders> well, then you've got no security any more.  I don't
    Anders> believe in compile-time security.

    >>  Everything you do involves a typecheck.  Moving the mouse,
    >> typing text, running a program, deleting an object, etc.
    >> Nothing will happen unless the operation to be done and the
    >> object it is operating on match their types.  If they don't
    >> match, that is a type error.  All errors are type errors.
    >> There is a flexible system to describe what to do on type
    >> errors (each type error can have its own behavior, the user can
    >> customize, there can be defaults, etc).  Everything in the
    >> system has a type.  All types are explicitly defined...  much
    >> of what you do in programming languages today is just creating
    >> new types in my model.

I would rather say that every object as a meta-object describing what
it is. It is just a question of vocabulary, but when you are talking
about types, the temptation is great to think about flawed known
systems. In a more general way, I think that it is preferable to use
new words when we refer to new concepts, in order to avoid confusion. 

    Anders> There must certainly be other errors than type errors. How
    Anders> about communication failure, division by zero or missing
    Anders> hardware?

    >>> >Stability - The need for the components that the system is
    >>> composed of, to not >(be able) scrutinize the flow of run time
    >>> code.  This does allow for incorrect >object usage (if binary
    >>> is corrupted), as that is a logic bug, which
    Anders> should
    >>> >not take down the system.  As you say, this will probably
    >>> involve a
    Anders> typecheck
    >>> >system.
    >>> 
    >>> _Compile-time_ typecheck?
    >>  Good question.  Typechecks are done as soon as possible, but
    >> sometimes it can't be until runtime.  However there is a major
    >> difference in my system regarding the relationship between
    >> compiled and interpreted.  Everything is partially evaluated,
    >> and "compiled" is just one form an expression can be in.
    >> "interpreted" means compiling each sub-expression, then running
    >> its code, before compiling the next sub-expression.  If some
    >> sub-expressions have been compiled before the "compile"
    >> function can have its results (for that sub-expression)
    >> memoized (cached) so it looks like the expression was compiled
    >> again but it really just read the saved result of the last time
    >> it was compiled.  (done when storage is cheaper than the
    >> computation of recompiling that expression) Note that
    >> everything is an expression and the compiler is just a
    >> function.

    Anders> Umm... I think you will have to elaborate if you want me
    Anders> to understand. Or maybe this is as clear as it can get. I
    Anders> hope not, for all of us.

I am not I have understood what >> (?) meant, but my vision is that
compiled forms of the abstract specs of a procedure are just an
internal representation created by the compiler/interpreter in order
to gain efficiency. 

Laurent