status | flip | authors | updated |
---|---|---|---|
approved |
262 |
Bastian Müller (bastian.mueller@flowfoundation.org) |
2024-04-15 |
This FLIP proposes to require access modifiers of members in the implementation of an interface to match the access modifiers of the interface, to avoid confusion and potential footguns.
Currently, the access modifier of a member in a type conforming to / implementing an interface must not be more restrictive than the access modifier of the member in the interface. That means an implementation may choose to use a more permissive access modifier than the interface.
This might be surprising to developers, as they might assume that the access modifier of the member
in the interface is a requirement / maximum, not just a minimum, especially when using
a non-public / non-entitled access modifier (e.g. access(contract)
, access(account)
).
Requiring access modifiers of members in the implementation to match the access modifiers of members given in the interface, should avoid confusion and potential footguns.
Developers will hopefully be no longer confused and won't make assumptions that might lead to security issues.
If an interface member has an access modifier, a composite type that conforms to it / implements the interface must use exactly the same access modifier.
This proposal adds a new restriction to Cadence which might impact existing code.
Even though the impact on code is likely low, including this proposal in Cadence 1.0 means that there is yet another breaking change, fairly late in the process of its release.
None
None
None
Very low.
The is is very easy to update the Cadence type checker to enforce access modifiers of members in implementations match those of interfaces.
Most effort will be spent on updating existing and adding new test cases.
For example, the following interface and composite type definitions are currently legal, but will be no longer valid:
access(all)
contract C1 {
access(all)
struct interface SI {
access(contract)
fun foo()
}
}
access(all)
contract C2 {
access(all)
struct S: C1.SI {
access(all)
// ^^^ invalid with this proposal,
// must be `contract`, like in interface SI
fun foo() {}
}
}
The proposed changes might break existing Cadence programs.
This change is planned to be included in Cadence 1.0, which already contains many other breaking changes.