visibility vs. accessibility of protected symbols

Timon Gehr timon.gehr at gmx.ch
Fri Feb 17 11:02:53 PST 2012 

On Friday, 17 February 2012 at 18:35:38 UTC, Jonathan M Davis 
wrote:
> On Friday, February 17, 2012 09:03:32 Steven Schveighoffer 
> wrote:
>> On Mon, 13 Feb 2012 21:05:35 -0500, Jonathan M Davis 
>> <jmdavisProg at gmx.com>
>> 
>> wrote:
>> > On Tuesday, February 14, 2012 02:43:29 Timon Gehr wrote:
>> >> On 02/14/2012 02:16 AM, Jonathan M Davis wrote:
>> >> 
>> >> Well, not being able override what cannot be accesses is a 
>> >> quite basic
>> >> requirement of security. Private members cannot be 
>> >> overriden in a
>> >> different module.
>> > 
>> > Have you ever read up on NVI? That's how it's supposed to 
>> > work. The
>> > whole idea
>> > is to have derived classes override functions without being 
>> > able to use
>> > them.
>> > It makes it so that the public function is non-virtual and 
>> > contains
>> > whatever
>> > stuff you want to guarantee is called before or after the 
>> > private
>> > function,
>> > which is then virtual.
>> > 
>> > http://www.gotw.ca/publications/mill18.htm
>> 
>> This does nothing to protect the implementation. You are 
>> deluding
>> yourself if you think you can stop a derived class from 
>> calling it's own
>> implementation! In this case, protected is good enough, and I 
>> like how
>> private is always non-virtual. As Timon says, it's good for 
>> security and
>> module encapsulation.
>
> I know. That's part of why I'm arguing that protected is enough 
> and that private shouldn't be virtual. But pretty much the 
> whole point of doing NVI with private is the theory that you 
> want to guarantee that the derived classes can't call the 
> function. The fact that you can't actually guarantee that just 
> makes the arguments for making private virtual for NVI that 
> much weaker.
>
> But Timon's arguments make it sound like he doesn't understand 
> what NVI is, which was the point of my post.
>
> - Jonathan M Davis

I understand what NVI is. It is just that private methods 
overridable from a different module don't have many merits, 
regardless of how NVI is apparently sometimes implemented in C++. 
The fact that C++ has overridable private methods is quite likely 
just a side-effect of wanting to give some kind of semantics to a 
method declared as both private and virtual. I could argue that 
it sounds like you don't understand what NVI is because you 
assume C++'s private virtual semantics are required for the 
implementation of NVI. ;)

As far as information hiding design goes, we certainly don't want 
to borrow heavily from C++. Its system is unsound.

More information about the Digitalmars-d mailing list