Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!sdd.hp.com!spool.mu.edu!agate!forney.berkeley.edu!jbuck
From: jbuck@forney.berkeley.edu (Joe Buck)
Newsgroups: comp.lang.c++
Subject: Re: Public vs Private header files in C++
Message-ID: <1991Jun3.182909.21539@agate.berkeley.edu>
Date: 3 Jun 91 18:29:09 GMT
Article-I.D.: agate.1991Jun3.182909.21539
References: <5243@servax0.essex.ac.uk>
Sender: root@agate.berkeley.edu (Charlie Root)
Reply-To: jbuck@forney.berkeley.edu (Joe Buck)
Organization: University of California, Berkeley
Lines: 67

In article <5243@servax0.essex.ac.uk>, whisd@sersun1.essex.ac.uk (Whiteside S D B) writes:
|> Modula-2, for example, provides a separate "public" interface to the user's
|> of a module. The "definition module" is like a header file - it shows
|> what functions are available to the user, but it need not show private
|> functions nor the design of the data structures it uses.
|> 
|> In C++ you have private/public/protected members, but the header file
|> must contain reference to all these things, regardless of whether the
|> user needs to see them or not.
|> 
|> This means:
|> i) security might be compromised: it's possible for the user to "hack" into
|> the data structures

Stroustrup said something about this: the member access system is designed
to protect against accidents, not maliciousness.  Someone determined to
defeat the type system wouldn't find it much harder to do with Modula-2.

|> ii) when implementation-specific features are changed (such as, in a recent
|> case with me, where I wanted a different sized array in my class) which 
|> do not change the semantics of the class, the user has to be recompiled as
|> it has access to the same information as the class itself.

There are several ways to get around this.  You can have pointers or references
to class objects even with incomplete type definitions; if you'd used a pointer
rather than an array in your class you could have had the same semantics and
not required recompilation.  Example:

class FooGuts;

class Foo {
private:
	FooGuts *guts;
public:
	// a buncha members here
};

There's a cost to this: an additional level of indirection.

|> iii) The user is burdened with too much detail when using the header file
|> as a documentation aid.

I don't think headers should be relied on for documentation; they aren't
sufficient for some purposes and provide too much detail for others.

|> Can these be overcome with existing C++ constructs? Or would a change in the
|> language allowing "incomplete" class declarations for public header files
|> be needed?

How could you perform separate compilation with an incomplete class declaration?
If I say

#include "Foo.h"

...
	Foo bar;

I have to know, at minimum, how big Foo is to allocate the space for it.
If there are inline functions I must know a lot more.

|> Thanks for any comments.
|> 
|> Simon Whiteside

--
Joe Buck
jbuck@galileo.berkeley.edu	 {uunet,ucbvax}!galileo.berkeley.edu!jbuck