From mboxrd@z Thu Jan 1 00:00:00 1970 Received: (from weis@localhost) by pauillac.inria.fr (8.7.6/8.7.3) id QAA03438 for caml-redistribution; Sun, 7 Dec 1997 16:45:32 +0100 (MET) Received: from concorde.inria.fr (concorde.inria.fr [192.93.2.39]) by pauillac.inria.fr (8.7.6/8.7.3) with ESMTP id XAA05217 for ; Fri, 5 Dec 1997 23:12:21 +0100 (MET) Received: from madiran.inria.fr (root@madiran.inria.fr [128.93.8.77]) by concorde.inria.fr (8.8.7/8.8.5) with ESMTP id XAA08749; Fri, 5 Dec 1997 23:12:18 +0100 (MET) Received: from madiran.inria.fr (localhost.inria.fr [127.0.0.1]) by madiran.inria.fr (8.8.5/8.6.6) with ESMTP id XAA01729; Fri, 5 Dec 1997 23:12:16 +0100 Message-Id: <199712052212.XAA01729@madiran.inria.fr> X-Mailer: exmh version 1.6.9 05/05/96 From: Francois Rouaix To: Scott Alexander Cc: caml-list@inria.fr Subject: Re: module thinning in Caml 1.06 In-reply-to: Your message of "Thu, 04 Dec 1997 15:10:18 EST." <199712042010.PAA24468@codex.cis.upenn.edu> Reply-To: Francois.Rouaix@inria.fr Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Fri, 05 Dec 1997 23:12:16 +0100 Sender: weis Hi, > Safeunix.mli: > type sockaddr = Unix.sockaddr = > Under 1.05, if I then compiled a module which opens Safeunix, Safeunix > would be in its list of required interfaces (as reported by objinfo), > but Unix would not. Under 1.06, Unix is now a required interface, so I > am unable to link. The definition of "the list of required interfaces", implicitly guaranteeing type-safe linking, has varied quite a lot in version 1.03, 1.05 and 1.06. The full details of the story behind this are tedious. It seems, however, that we have now reached a stable point where the computation of this list is well understood and indeed guarantees type-safe linking (including with Dynlink); this was not necessarily the case in previous versions of OCaml... >>From a practical point of view, when one wants to do "safe dynamic linking" in the presence of possibly hostile bytecode, there is now only one way to go: 1- write safe*.mli interfaces WITHOUT any reference to the original signatures, and in particular WITHOUT type equality constraints. The idea of using equality constraints was that you could build "towers" of safe libraries, ie that you could write module Unix : SafeUnix module Foo : SafeFoo where Foo would open Unix and SafeFoo would open SafeUnix. The compiler had to know that SafeUnix.t = Unix.t in order to accept that Foo : SafeFoo, if type t was used in the signature of Foo and exported in SafeFoo. This doesn't work anymore, as you noticed, and it will never work like before if we want to keep guaranteeing type safe linking. If you have only one single safe*.ml, there is no need to write equality constraints anyway. This is just type abstraction (albeit with explicit type definitions). If you have multiple safe libraries, then you should: 2- catenate all safe*.mli into one single safe.mli interface (and proceed similarly for .ml files). Compile this single safe module, and make it available for dynlinked files. Remember that you can keep as much module hierarchy as you need. This is how the applet system is built in the current version of MMM (due to be released RSN, BTW). There is a single large safe module build with safestd (abstraction of Pervasives), safetk and friends, safestr, safeunix, safeapplets, etc... The applet opens Safe, and finds inside Tk, Str, Unix (the thinned versions), etc... Hope it helps, (and I realize this may be a bit confusing for the reader who has probably never encountered this problem) --f