On Fri, Jul 4, 2014 at 3:16 PM, Jonathan S. Shapiro <[email protected]> wrote: > On Thu, Jul 3, 2014 at 7:56 PM, Matt Oliveri <[email protected]> wrote: >> How is strictly reducing permissions not controlling permissions? > > Sorry for the confusion. It *is* controlling permissions.
OK. > But if we know... > > ... > > ... Gosh, you didn't need to say all that. I read Mark Miller's thesis and most of erights.org, and loved it. This was just a terminological confusion, aside from the question of whether casts should control permissions. >> But they're not! You can downcast or reflect. That's exactly why my >> way is in fact the right way to think, if you're stuck with Java. > > Ah! We're hung up on the distinction between permission and authority. Really? Is it that important to distinguish the two? What I ultimately care about is authority, and whether I analyze that in terms of permissions or with more general-purpose semantic techniques shouldn't matter. > And I > was speaking from the perspective that the presence or absence of mandated > promiscuity in the language makes a difference. Since promiscuity is > language-mandated in Java, what you say makes good sense. We're getting closer, but I still don't really see why casts must be thought of as mandated promiscuity. Fundamentally, you just seem to be coming in assuming casts were _meant_ to control permissions, so that the fact that they don't is a design flaw. And fundamentally, I see no reason to see it that way. For me, casts are a harmless operation dealing with types, and the harm only comes in when you expect them to do something that they don't. Please see below. >> Yes, all of them are semantically equivalent to wrappers which >> *deliberately have the same object id as the original object*. If that >> is not a sign that the wrappers are meant to be ignored, I don't know >> what is. > > I guess I had not realized that about the object ID. So they broke EQ, and > rather badly at that. BARF! I can see reasons for doing that, but the > language shouldn't have mandated it. I'm afraid I disagree here too. Casts on object references are to move around in the subtype order. Each type an object has _necessarily_ only gives you partial information about the object's interface. That is, it gives a minimal set of public methods implemented; a lower bound on the permissions provided. If a type specified the exact interface of the object, subtyping would be trivialized, because adding more methods would get you an unrelated type. *Subtyping is fundamentally different from wrapping!* Java implements it with wrappers. Fine. But semantically, object subtyping is about the relation between multiple types of a fixed object. And because types provide only a lower bound on the permissions provided by the object, it is a mistake to think that changing types necessarily changes permissions. _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
