2010-11-14

oop with frameworks

10.23: adda/oop/the 3 layers:
. Padlipsky, author of
The Elements of Networking Style:
"(If you know what you're doing,
three layers is enough...)

. oop'ing needs only 3 layers,
not endless inheritance ?
that reminds how I saw oop as simply
a layer under structured programming: [11.14:
the 1980's structured paradigm meant that
programs could create vocabularies with functions;
but they could create class types
like the native types that were provide
where there was the use of binary ideograms
and implicit coercions among related types .
. the types were provided,
then you built your vocabulary of functions
on top of those types .]
. at that time,
I had not yet thought about frameworks ...

. one place where many levels of
inheritance can be appreciated,
is within the system it was modeled after:
biological classifications of animals
involving inherited features or behaviors .

. I would say the 3rd layer of Padlipsky's oop
is the type cluster, just as type Number is
for the numeric subtypes {R,Q,N,Z,C};
notice the Number type.class is not abstract;
it has the code that handles binary operations, [11.14:
and diff's in operand subtype;
eg, you don't coerce an int to rational
if the rational's value happens to be integral .]
. objects can interact with each other based on
having context menu's which include
recognized submenu's .
. this is programming to interfaces,
and doesn't involve the impl'inheritance
that is usually associcated with oop .

. in summary, the 3 layers of oop are:
#1: a type having an interface to share;
#2: a type claiming to adopt a shared interface;
#3: an app that instantiates interface adopters .

. frameworks are a sort of
structured programming with generics;
you can think of generics as a
layer under stuctured code,
parallel with type.classes .
[11.14:
. a structure library
gives you a language of functions
which you may compose in various ways;
ie, the library is an employee,
and you're the exec .
. a framework library takes the exec' seat
letting you customize its decisions
with your own structure library .
. a datatype is like a structure library
but it's purpose is to control modifications
to the obj's it will create .]

the various uses of double-colon

 10.2: news.adda/dstr/:: as conversion in Axiom:
 The :: is used here to change from one kind of object
 (here, a rational number) to another (a floating-point number).
r::Float .
. the aldor.lang` tutorial shows
the same is true of aldor.lang  too .

10.13: news.adda/dstr/use of :: or misparsing javascript:

var anchors = $x('//h3/font/b[text()="[PDF]"]/parent::*/parent::*/a')
... I may be misparsing;
this could be separating places by a colon,
but the things being separated are colon-terminated tags .

10.14: news.adda/[perl`::]:
Perl's Win32::GuiTest module
10.18: mathforum.org:
. it is not a bad thing to have your module name
include two colons, as in the name
Text::Wrap.
When this module is installed,
it will be placed in a directory named Text
under the root library directory.
The module code itself will be in a file called Wrap.pm .
This helps keep the library directory more organized.
In addition, the :: naming convention
can also indicate class hierarchies,
although it does not have to.
11.14: keyword double-colon:

. it's the scope resolution operator
in php and c++, eg, class::function
. c++'s default class is the global space:
::global -- found outside any function block .
. that way the function's block can shadow a global's name,
and then still access that global .

. the php`err.msg's call "(::) a Paamayim Nekudotayim,
(Hebrew for double colon).

gnu`make`::
Double-colon rules are explicit rules
handled differently from ordinary rules
when the same target appears in
more than one rule.
Pattern rules with double-colons
have an entirely different meaning:
if the rules are of type double-colon,
each of them is independent of the others.
. the cases where double-colon rules really make sense
are those where the order of executing the recipes
would not matter.
. they provide a mechanism for the rare cases
in which the method used to update a target
differs depending on which prerequisite files
caused the update .
HP OpenVMS`DECset`DIGITAL Module Management System`
. "(::) means additionally_depends_on .

ipv6 email syntax:
. it can have 8 words (16bit values)
separated by colons;
a double colon means missing values,
assumed to be zero .
the bible of SMTP, RFC 5321:
“The “::” represents at least 2 zero words.
the bible of IPv6, RFC 4291:
“The use of “::” indicates one or more zero words .”
RFC 5952 :
The symbol “::” MUST NOT be used for just one zero word .

"(::) is a contraction over four indices,
-- like when a colon means
a tensor contraction involving 2 indices .

a font for an audiovisual within dialog:
. everything was fine ::click:: . oh .

universal mvc`controller for mac

10.7: adda/automator built-in:
. noticing that mac.automator's library
had no 3rd-party app's,
I realized that app scriptability
was like the gui automation:
it should be baked right in .
. most app's can be engineered to be
bot-friendly first, and then wrapped in a gui
that is human-friendly;
the app maker doesn't have to deal with
graphics at all, just basic data structures
that the system is known to have graphics for .
. this is the way to pervasive app scriptability;
I'm wondering what it is about mac app's
that prevents the system
from seeing and using operations bots can reuse .
. it might have to do with
app developers' privacy and control issues .

roll-your-own heap systems

10.5: news.adda/app'based heaps more vulnerable:

Adobe Reader's Custom Memory Management: a Heap of Trouble
Research and Analysis: Haifei Li
Contributor and Editor: Guillaume Lovet
 a PDF-specific exploitation research
 focusing on the custom heap management on Adobe Reader.
summary:

. I filed this note under adda
because that is my C code generator,
the basis of addx,
whose design includes rolling its own
heap mgt system .
. this paper was pointing out that
the modern OS has a secure heap due to
randomization -- a feature I hadn't planned
to incorporate into the addx mem system .
"(performance sometimes
being the enemy of security,
this custom heap management system
makes it significantly easier
to exploit heap corruption flaws
in a solid and reliable way.
Coupled with the recent developments in
DEP(data execution prevention) protection bypass,
this makes heap corruption exploitation
possible across very many setups )
. if malware can overwrite your heap,
then it helps to have a hardened heap
(like what would typically be provided
by your platform's os).
. questions I had were
how are these happening ?
here's their skeletal answer:
"( Heap corruption flaws are initiated by
(Heap overflow, use after free,
integer overflow, etc...);
the two main ways to exploit these flaws:
# overwrite some app-provided data in the heap;
# corrupting Heap mgt system's internals
(eg: block headers, etc...)
so as to make the system itself
overwrite "interesting" data;
for instance, during blocks unlinking operations,
where several pointers are updated.)
. how is malware there in the first place
waiting for a priv'escalation?
. if you prevented all these:
(Heap overflow, use after free,
integer overflow);
what else is there?
is it that functions don't check inputs?
"(many PDF vulnerabilities out there
are structure-based ones, (i.e. file format))
or can malware jump in the middle of your code?
aren't you cooked already?
[11.14:
. their crashing data becomes code
because it's overwriting your code:
the heap pointers you use
for going to your own code .]

programming in-the-large with c

8.5: news.adda/translate/info'hiding n type-safe linking:

2007 CMod Modular Information Hiding
and Type Safe Linking for C

CMod, provides a sound module system for C;
it works by enforcing a set of rules that are
based on principles of modular reasoning
and on current programming practice.

CMod's rules safely enforce the convention
that .h header files are module interfaces
and .c source files are module implementations.
Although this convention is well known,
developing CMod's rules revealed many subtleties
to applying the basic pattern correctly.
CMod's rules have been proven formally
to enforce both information hiding
and type-safe linking.

2010-11-12

a doctor with good bed-side manners

11.6: adde/a doctor with good bed-side manners:

. a recent discussion about hypervisors
was discussing sophisticated ways to handle
extreme but transient mem'space shortages .
when multitasking several app's,
. the main approach should be
good bed-side manners:

. a study of why doctors get sued discovered
that, of the doctors who were sued the least,
what they had in common was
having good bed-side manners
(I would imagine that this would include
being honest with self and patient
with what they can expect,
and what their other options are).
. for a computer OS, that means
when a memory shortage comes up,
the OS is:
# making time to dialog with users:
(explaining why this app is bogged down
by the extent of its workload,
not getting the mem or cpu it needs,
what library components it's using
-- details that can be provided
only when the system is managed:
ie, the algorithm is compiled in a way
that keeps the os in charge,
and in the know).

# always keeping up with all user input:
(ie, the gui is on the highest priority thread;
the ability to take and display user input
is never frozen, and the input is always backed
by the os itself, a buggy app can't lose it .)
--
. this kind of control can get expensive,
and combining it with high-performance app's
might require networking 2 boxes or cores:
one for the user`interface,
and the other for app's to stay on task;
[11.9: but,
if 2 boxes are not available,
adda's translation should be providing
true multitasking by embedding into app's
frequent calls to the gui coroutine,
which then gives the os a chance to
stay in touch with the user .]

loop`count attribute

11.9: adda/cstr/loop`count attribute:
. this is a language add-on
that can simplify control var's:
instead of having to
declare and init' a loop var in the head,
and then increment it in the body,
now,
every loop understands "(loop`count),
or "(LOOPLABEL`count) .
. labels are good for nested loops:
when you're in the inner one,
and you want the count of the outer one,
you'll then need a label for the outer one .

timer controls

11.9: adda/co/timer controls:
. the addx app has timers that can
count elapsed time, or addx cycles:
ie, how many times has addx been called
to handle user interaction and concurrencies
-- that should be happening every 10..1000 cpu cycles?
. the ideal counter could tell an app
how much cpu time it's been given;
but,
. addx will usually be running as an app
on a multitasking system,
so it may not be easy to get addx`time
(ie, the amount of cpu time addx has received).
[11.11:
. if the platform can't provide a process`time
and addx is getting task-switched a lot,
then getting addx`time could be expensive:
. it can approximate the {suspend, resume}-times
by tracking the clock at a rate that is
significantly faster than it's being multitasked .]
uses:
. timers can be used in a loop`head
for if the algorithm is not sure to converge,
the timer can help it exit anyway .
. if a loop exits,
and its countdown timer is zero
then control knows its loop can't find
a converging solution .
. the loop can also use (~timer? raise failed),
or some other form of reporting .

rapid compile times

11.10: adda/translation/rapid compile times:
. during r&d people want quick compiles
(that's what inspired google to create Go.lang);
whereas, one problem with adda
is that in making the lang
easy for the user, and feature-rich,
its compiler might take a long time
trying to figure out what the user wants .
[11.12:
. one remedy for this is integration with adde,
which calls the compiler to attempt tentative translations,
and compiling in sections,
so that if a routine compiles,
and just one line is modified,
only that one line needs to be recompiled .]
. adda can also speed compiles by skipping c,
and translating to addm (the virtual machine).
. addm can do all the safety checks as needed,
rather than at compile-time .

handling multi-inheritance interface clashes

11.10: adda/oop/multi-inherit:
. suppose 2 interfaces have the same subprogram name?
you can qualify it with type ownership,
eg, aTYPE`f;
or it can be implied by the call's other items:
it's the intersection of the types associated with
the subprogram, and all its operands;
eg, subprog"add is in types {number, string, multi-set}
int is a number,
beast is either in {number, behaviors};
so the type-intersection of (2 + beast)
is number, hence it eval's to (2+616) .

library mgt

11.9: adda/lib mgt/multiple lib's:

. a lib is an obj file that does lib mgt;
you declare it in a folder,
and then anything compiled from within that folder
is registered in and by that lib,
if a project folder doesn't have a lib,
the compiler searches up the folder hierarchy,
and beyond the acct's db:
the node's lib, intranet's lib,
and finally the std, built into the compiler .
. at each level, a diff shows
how your lib is a modification of
the lib it inherits from .

. lib's can easily share items with other lib's:
their items are just links to the acct's db,
modified entries simply switch the link
from targeting the share
to that of a private lib .

. adda assumes you want a lib
placed in the top of your acct`fs (your home dir)
-- with no localized lib's,
and all compilation units shared .

. if you want to make sure you don't
link to anything except locals;
create a new empty lib in your project folder,
and inherit null .

. you can inherit from another lib
either by copy or link:
(linking to the lib means your lib
grows with that lib,
copying means you copy all the current items)
. various ways of partial inheritance:
# undo some of an inheritance
# inherit specific components of a lib .

foreign lib heads-up wrapper:
. program's compiled by adda are
user-friendly because all code is
sprinkled with embedded calls to gui mgt
for ensured responsiveness .
. since adda language is translated to ansi c,
it can link to foreign lib's
(ones that adda didn't compile).
. adda puts a wrapper around
calls to foreign code,
reminding  the user that
some potentially intrusive code
is about to run,
the reminder would have some option checkboxes:
# ok to always proceed without warning?
# for any foreign lib?, whitelist... warnlist... .
# want a dashboard light indicating
when the system is running foreign code? .

. if there's some way to know
when the user is annoyed,
and it may be due to the system being unresponsive,
that will never happen when addx is running adda code,
so then remind them it's because
a given foreign function is not releasing control .

. one way to insure more integration
is by being able to insert gui-relief calls
at the c code level,
rather than in adda code .
11.12:
. but that still leaves code that can't be trusted;
it is impossible to convert arbitrary c
to safe c, in every case,
because the arbitrary c wants to do things
that safe c would never do!
but, adda should at least attempt it,
at least in some advanced version;
otherwise,
. adda should tell the user
when a foreign lib can't be coverted by adda,
and explain why adda generates c code,
rather than reusing c code:
it's more trustworthy even if not more efficient;
because, it's sure not to crash the app,
and not have vulnerabilities that could be
used by malware seeking to smash the stack or heap .
11.11:
. when users add a foreign lib to their acct,
they should be reminded of the risks,
and should identify the source
with a {project name, url, author name}
so that if there are problems with it,
addx can meaningfully show users
which lib is involved .

exception mgt

11.9: adda/exception mgt/intro:
. we expect some errors;
because, we'd like to
use some software before having to
formally verify its correctness,
so, we compensate
by finding ways to limit damage:

# isolation:
. modules should never crash other modules:
we can verify a microvisor or microkernel,
and it enforces the firewalls between processes .
. addx should be such a microkernel design;
[11.12: just as the app doesn't have
direct access to the user (it's the mvc`model
while adde is the view&controller )
it also has no direct access to the machine:
all c-level activity is handled by addx|addm .]

# regularly yielding to the gui coroutine:
. a critical priority of addx
is never letting the gui be unresponsive;
this is done by having adda embedding calls to addx
at every place in a subrogram that could
mean more than a milisec of cpu time:
# inside every function call,
# inside every loop .
. this is cooperative multi-tasking with
system-enforced coroutine yielding
for paravirtualizing true multi-tasking .

# regular reporting to supervisor:
. getting a regular progress report
will limit waiting on the down employee .
. employees can be waiting on
down service providers;
loops can be waiting on a terminal condition
that never arrives;
as when there's unexpected input;
mutual recursions (eg, f->g->h->f)
are another form of looping;
deadlocks can cause indefinite waiting,
but those can be avoided by
proper use of concurrency,
and by not locking resources
(using queues instead).
. a subprogram can be waiting because of
a failure to establish dialog with the user
(eg, if the system allows a window to be
always on top,
then dialog windows may be hidden from view).
. all threads are periodically tested for
whether they're waiting for a job offer,
for a {service, resource},
or are performing a service;
in which case,
addx measures how long ago the thread
produced its latest progress report .
. the progress reports read like a narrative
that a human would appreciate;
to make these reports quick,
msg's are encoded, so that each msg
is represented by some value in a byte (0...255)
(or a 16-bit integer if this subprogram had
more than 256 msg's).

# blackbox recorder:
. it tells us what was going on
just before a crash .
. it saves the progress reports,
and the recent call chain .

# a debug mode:
. when users' tools are not working well,
some users may like to see what's wrong
by using developers' visualization tools;
eg,
a freezing problem can be illustrated
as a looping call chain:
. the tool collects all the recent calls
(saved by the blackbox recorder)
then tries to find a recursion,
and shows the list of calls that are repeated .

11.8: sci.adda/exception mgt/reporting#loop count approximations:
[11.11: obs:
. it would be better to use progress reporting .]
. if adda can't statically figure out
when a loop won't terminate,
it should remind coders to give
approximate loop counts;
then the run-time can use that how?
sci:
. before the loop entry,
adda sets the counter, and a limit,
then has the scheduler check the limit .
. scheduler doesn't have to check all the time;
but if 2sec's go by,
nearly all loops are done by then,
if there is no limit given,
it starts giving it more cpu time if it can,
so the real time is compressed,
if another sec goes by
and there's other jobs to do,
then it starts getting starved ?
it could be doing a huge job!

eiffel vs ada

11.10: adda/lang/eiffel vs ada
Tucker Taft:
. pre- and post-conditions can be
fairly easily and efficiently included in Ada code.
Invariants seem difficult to emulate directly in Ada.
If you're really interested in the
formal use of assertions with Ada,
maybe Anna is a solution for you.

. although I like the assertion stuff in Eiffel,
I think the language has a number of "inelegant" aspects.
For example:
# exception handlers only at
the top level of a routine,
with the only way to "handle" an exception
being by retrying the whole routine.
# No way to return from a routine in the middle.
This makes it a pain in the neck
to search through a list for something in a loop,
and then return immediately
when you find what you want.
(I have never found the addition of
extra boolean control variable
a help to the understanding of an algorithm.)
# Namespace control
handled by a separate sublanguage,
and no real higher level concept of
"module" or "subsystem."
An obscure notation like "!!" (construction).
being used for an important and frequent operation;
# No way to conveniently "use" another abstraction
without inheriting from it.
# No strong distinctions between
integer types used for array indexing.
# Using the same operator ":="
for both (aliasing) pointer assignment,
and for value assignment,
depending on whether the type is "expanded."
(Simula's solution was far preferable, IMHO).
-- And most critically:
# No separate interface for an abstraction.
You can view an interface by running a tool,
but this misses completely the importance of
having a physical module that represents the interface,
and acts as a contract between
the specifier or user of an abstraction
and its implementor.
In Eiffel, one might not even be truly aware
when one is changing the interface to an abstraction,
because there is no particular physical separation
between interface and implementation.
I consider many of the above problems quite serious,
with some of them being real throwbacks
to the old style of programming languages
where there were no well defined
interfaces or modules.
Hence,
I cringe a bit when people say
that Eiffel is the "most elegant" OOP
and that they would use it
if only it were practical to do so.
In many ways,
I think Ada is much better human-engineered than Eiffel,
with important things like range constraints
built into the language
in a way that makes them convenient to use.
Although general assertions are nice,
they don't give you the kind of
line-by-line consistency checks
that Ada can give you.
To summarize --
Although Eiffel certainly has a number of nice features,
I don't consider it ready for prime time
as far as building and maintaining large systems
with large numbers of programmers.
And from a human engineering point of view,
I think Ada is significantly better.
jhc0033:
Eiffel targets a largely similar audience of
"correctness-oriented" programmers that Ada does.
However, it took some digging around
(no introductions to the language mention it)
to discover that Eiffel has a gap in its type system.
Guess what, type theory is a branch of math,
and OOP is a spiritual following.
I know what takes precedence in my book.
The Eiffel community's attitude is basically:
"we'll just pretend 2+2=5 because we can
use it to justify some teachings".
Ludovic Brenta:
I evaluated Eiffel too when I read Bertrand Meyer's
Object-Oriented Software Construction book.
The two things I dislike the most about Eiffel
are the lack of range constraints on numeric types
and the fact that almost all contract checks
are deferred to run-time.
Helmut
- Ada has a built in concurrency model (like java)
and Eiffel does not.
In Eiffel there is SCOOP
(simple concurrent object oriented programming)
which tries to integrate concurrency into the language.
But there is not yet any Eiffel compiler available
which implementes SCOOP.
- Eiffel has "Design by Contract"
which is a very powerful mechanism to get your SW right.
Using assertions in your code appropriately,
you are able to catch a bug much closer to it's origin
than without DbC.
DbC opens up the road for a verifying compiler
(i.e. a compiler which can at compile time
verify if contracts are not broken).
I don't understand why the promotors of Eiffel
haven't made the language more complete
in terms of standardization,
standard libraries and concurrency.

Pascal Obry:
Ada even supports a Ravenscar profile
(where no dead-lock can occurs)
usable for high-critical systems.
1995 oop: programing by extension and dynamic dispatching
2005 oop: protected/tasking interface that can be inherited.
helmut:

The ECMA Eiffel language specification is a well written document
(it is a language specification document
and not a document for the Eiffel user).
It lacks only in the area of
void safety, initialization
and covariant redefinitions (catcalls).
The problem:
It has not been updated since june 2006.
I.e. it reflects a status which has never been implemented
(and will probably never be implemented,
not even by EiffelStudio).
Eiffel`author Bertrand Meyer provoked by Ada.

(Yannick Duchêne) a écrit :
I talk to him (back in 1990 or 1991) one time:
the Eiffel inventor hates Ada .
Adam:
. It appears that Meyer has some criticisms of Ada,
but I couldn't find anything that would indicate
that he hates it.
His Eiffel site has an article about the Ariane 5 crash,
but he said there that
the language couldn't really be blamed
because the problem could have been caught
using Ada's exception mechanism
if the programmers had used it properly.