On Thu 05 Jul 2012 22:57, l...@gnu.org (Ludovic Courtès) writes: > Andy Wingo <wi...@pobox.com> skribis: > >> Then you would modify the reader to call out to (ice-9 prefab) with >> the list after #s, e.g. the (foo ...) in #s(foo ...). (ice-9 prefab) >> would return the record, creating the RTD if needed. > > The problem with this is that one could precisely forge instances of a > given record type, thereby breaking the type safety we currently have > (each instance of a record type is genuine, in the sense of Rees’ “A > Security kernel Based on the Lambda-Calculus”.) > > Does Racket address this somehow?
See: http://docs.racket-lang.org/guide/define-struct.html?q=record&q=structs&q=records#(part._prefab-struct) Specifically: Every prefab structure type is transparent—but even less abstract than a transparent type, because instances can be created without any access to a particular structure-type declaration or existing examples. Overall, the different options for structure types offer a spectrum of possibilities from more abstract to more convenient: Opaque (the default) : Instances cannot be inspected or forged without access to the structure-type declaration. As discussed in the next section, constructor guards and properties can be attached to the structure type to further protect or to specialize the behavior of its instances. Transparent : Anyone can inspect or create an instance without access to the structure-type declaration, which means that the value printer can show the content of an instance. All instance creation passes through a constructor guard, however, so that the content of an instance can be controlled, and the behavior of instances can be specialized through properties. Since the structure type is generated by its definition, instances cannot be manufactured simply through the name of the structure type, and therefore cannot be generated automatically by the expression reader. Prefab : Anyone can inspect or create an instance at any time, without prior access to a structure-type declaration or an example instance. Consequently, the expression reader can manufacture instances directly. The instance cannot have a constructor guard or properties. Since the expression reader can generate prefab instances, they are useful when convenient serialization is more important than abstraction. Opaque and transparent structures also can be serialized, however, if they are defined with define-serializable-struct as described in Datatypes and Serialization. Andy -- http://wingolog.org/
