Re: visibility vs. accessibility of protected symbols

Fri, 17 Feb 2012 11:05:28 -0800

On Friday, 17 February 2012 at 18:35:38 UTC, Jonathan M Davis wrote:
On Friday, February 17, 2012 09:03:32 Steven Schveighoffer wrote:
On Mon, 13 Feb 2012 21:05:35 -0500, Jonathan M Davis <jmdavisp...@gmx.com> 

wrote:
> On Tuesday, February 14, 2012 02:43:29 Timon Gehr wrote:
>> On 02/14/2012 02:16 AM, Jonathan M Davis wrote:
>> >> Well, not being able override what cannot be accesses is a >> quite basic >> requirement of security. Private members cannot be >> overriden in a 
>> different module.
> > Have you ever read up on NVI? That's how it's supposed to > work. The 
> whole idea
> is to have derived classes override functions without being > able to use 
> them.
> It makes it so that the public function is non-virtual and > contains 
> whatever
> stuff you want to guarantee is called before or after the > private 
> function,
> which is then virtual.
> > http://www.gotw.ca/publications/mill18.htm 


This does nothing to protect the implementation. You are 
deluding
yourself if you think you can stop a derived class from 
calling it's own
implementation! In this case, protected is good enough, and I 
like how
private is always non-virtual. As Timon says, it's good for 
security and

module encapsulation.



I know. That's part of why I'm arguing that protected is enough 
and that private shouldn't be virtual. But pretty much the 
whole point of doing NVI with private is the theory that you 
want to guarantee that the derived classes can't call the 
function. The fact that you can't actually guarantee that just 
makes the arguments for making private virtual for NVI that 
much weaker.



But Timon's arguments make it sound like he doesn't understand 
what NVI is, which was the point of my post.


- Jonathan M Davis



I understand what NVI is. It is just that private methods 
overridable from a different module don't have many merits, 
regardless of how NVI is apparently sometimes implemented in C++. 
The fact that C++ has overridable private methods is quite likely 
just a side-effect of wanting to give some kind of semantics to a 
method declared as both private and virtual. I could argue that 
it sounds like you don't understand what NVI is because you 
assume C++'s private virtual semantics are required for the 
implementation of NVI. ;)



As far as information hiding design goes, we certainly don't want 
to borrow heavily from C++. Its system is unsound.




























					Reply via email to