I am writing code which is working like a state machine. So:
some functions are setting a specific state
others are allowed to be executed in a specific state.
(In reality it is a little more complex, but these are the basics, to keep it simple.)
Currently I use runtime assertions to check if a function is allowed in the current state. This is nice because it is kind of self documenting; moreover I can stop with the debugger on an assert and know where the error is. But the drawback is that it requires compiling the code, and that during testing I need to find custom inputs to fire the appropriate assertions.
Incidentally, I know that the Windows WDK provides annotations such as:
__drv_maxIRQL
__drv_setsIRQL
These annotations are statically checked using PreFAST, which can fire an error if necessary. This kind of static verification of code specifications is exactly what I need.
So the question is: are there any tools out there which provide similar functionality for programs specified in the form of state machines?
The Frama-C plug-in Aoraï does more or less exactly what you describe, for C programs, with the possibility of static verification. It does not rely on PreFAST but on comparable verification tools from the Frama-C platform.
Related
Suppose I have a source code directory, I want to run a script that would scan the code in the directory and return the languages, frameworks and libraries used in it. I've tried github/linguist, its a great tool which even Github uses to detect the programming languages used in a source code, however I am not able go beyond that and detect the framework exactly.
I even tried tools like it-depends, to fetch the dependencies but, its getting messed up.
Could someone help me out to figure out how I can do this stuff, with an existing tool or if have to make one such tool how should I approach it.
Thanks in Advance
This is, in the general case, impossible. The halting problem precludes any program from being able to compute, in finite time, what other programs may or may not do - including what dependencies it requires to run. Sure, you can make it work for some inputs - but never for all.
So you have to compromise:
which languages do you need to support? it-depends does not try to support Java, for example. Different languages have different ways of calling in dependencies from their source-code. For example, if working with C, you will want to look at #includes.
which build-chains to you need to support? parsing a standard Makefile for C is very different from, say, looking into a Maven pom.xml for Java. Additionally, build-chains can perform arbitrary computation -- and again, due to the halting problem, your dependency-detection program will not be able to "statically" figure out intended behavior. It is entirely possible to link against one library or another one (or none at all) depending on what is detected to exist. What should you output in this case?. For programs that have no documented build process, you simply cannot know their dependencies. Often, the build-process is human-documented but not machine-readable...
what do you consider a library/framework? long-lived libraries can evolve through many different versions, and the fact that one version is required and not another may not be explicit in the source-code. If a code-base depends on behavior found in only a specific, now superseded, version of a library, and no explicit mention of that version is found -- your dependency-detection program will have no way to know about it (unless you code in library-version-specific detection; which is doable, but on a case-by-case basis, and requires deep knowledge of differences between versions).
Therefore the answer to your question is that... it depends (they go into a fair amount of detail regarding limitations). For the specific case of Java + Maven, which is not covered by it-depends, you can use Maven itself, via mvn dependency:tree. Choose a subset of the problem instead of trying to solve it all at once.
I have not used libbpf in a while. Now, when I'm looking at the source code and examples, it looks to me that all API now is built around bpf_object while before it was based on program FD (at least on the user-facing level). I believe that fd is now hidden in bpf_object or such.
Of course it keeps backward compatibility and I still can use bpf_prog_load for example, however it looks like the preferred way of writing application code using libbpf is by bpf_object API?
Correct me if I'm wrong. Thanks!
Sounds mostly correct to me.
Low-Level Wrappers
If I remember correctly, the functions returning file descriptors in libbpf, mostly defined in tools/lib/bpf/bpf.c, have always been very low-level. This is the case for bpf_load_program() for example, which is no more than a wrapper around the bpf() system call for loading programs. Such functions are still available, but their use may be tedious for complex use cases.
bpf_prog_load()
Some more advanced functions have long been provided. bpf_prog_load(), that you mention, is one of them, but it returns an error code, not a file descriptor. It is still available as one option to load programs with the library.
bpf_object__*()
Although I don't think there are strict guidelines, I believe it is true that most example now use the bpf_object__*() function. One reason is that they provide a more consistent user experience, being organised around the manipulation of an object file to extract all the relevant bytecode and metadata, and then to load and attach the program. One other reason, I think, is that since this model has been favoured over the last releases, these functions have better support for recent eBPF features and the bpf_object__*() functions offer features that the older bpf_prog_load() workflow does not support.
Libbpf Evolves
At last, it's worth mentioning that libbpf's API is currently undergoing some review and will likely be reworked as part of a major v1.0 release. You may want to have a look at the work document linked in the announcement: Some bpf_object__ functions may be deprecated, and similarly there is currently a proposal to:
Deprecate bpf_prog_load() and bpf_prog_load_xattr() in favor of bpf_object__open_{mem, file}() and bpf_object__load() combo.
There is nothing certain yet regarding the v1.0 release, so I wouldn't worry too much about “deprecation” at the moment - I don't expect all functions to be removed just yet. But that's something you may want to consider when building your next applications.
I have an open-source GUI for which I've just implemented a very basic extension mechanism that allows the user to embed a snippet of Lisp (Guile) code in a document to allow certain functions to be customized. Currently the use case (my own) is that in a certain situation I just want a certain number to be divided by 10 automatically.
In principle this means that if someone uses my GUI, someone else can send them a document containing a Trojan horse attack in the form of malicious Guile code. This seems unlikely in reality due to my very small user base and the relevant social factors, but anyway I would like to protect against this by sandboxing the code.
Guile 2.2.1 has a sandboxing mechanism: https://www.gnu.org/software/guile/manual/html_node/Sandboxed-Evaluation.html However, this seems entirely focused on preventing excessive use of resources (and many users will not have such a current version of Guile, e.g., I don't right now).
Is it possible in a Guile program, after the interpreter has started up, to delete libraries such as POSIX so that any later code can't do things like read files? If so, then I could just have my GUI prepend the sandboxing code to the potentially untrusted code supplied by the document. My goal would basically be to ensure that the untrusted code would have to be 100% without side effects.
It seems like other people must have run into this issue before, since Guile has been promoted as a standard extension language for Linux.
EDIT: After coming across How to undefine a variable in Scheme? , it seems to me that I could probably create a new scope, override the definition of any dangerous function by doing a set! within that scope, and then execute the untrusted code within that scope. I suppose if I could read the entire symbol table somehow, I could do this kind of overriding on every function that isn't on a whitelist. This just seems clumsy and inefficient, and might depend on reading the symbol table using some implementation-specific mechanism. It also might be vulnerable to syntactical tricks, like if the untrusted code uses a ) to pop itself out of the scope of the sandbox.
I currently have the need to execute prolog code in an application I am making. I am aware that Apple probably never would allow something like this in the App Store, but that is not the intention either. This is more a private project that will never reach the App Store.
Purpose
In this case prolog is used to describe an object (like for example a telephone) and its properties. The object will be drawn with OpenGL using coordinates specified in the prolog script. The reason for using prolog is that I need the ability to query the program about some of the features this object has, and prolog eases this a lot. Bottom line: I "need" to query a prolog script from my app.
Possible solutions
Embed an already existing implementation written in C. I am unsure if this will even work.
Execute the prolog code on another machine and use the network to query prolog.
It seems that it is possible to run some sort Ruby VM inside the app (shinycocos uses this as far as I understand), could this be used to run one of the Ruby Prolog implementations?
Find some alternative to Prolog. This needs to give me some of the same possibilities I get with prolog.
Sadly, google gives me close to no results at all, so I have a feeling that I might be quite alone on this project. If anyone have any experience or clue at all, I would be very thankful.
Having faced similar difficulties calling prolog code, albeit in a different situation, I'd recommend checking out the castor c++ library. This allows you to write logic paradigm code in native c++ without needing to extend the language at all. As castor is a header only library it is easy to compile wherever c++ is available.
Castor website: http://www.mpprogramming.com/cpp/default.aspx
Half a year later, I would just like to provide some insight on this. I ended up writing a server with an interface to prolog in Java, accepting prolog calls through TCP. It works almost exactly like the live prolog interpreter SWI-prolog (among others) provides, and mostly works quite well. However, it is far from an optimal solution, as you can't call functions from inside prolog. You lose the possibility of having two-way communication.
If I were to start all over again, I would certainly have tried harder to compile one of the pure C implementations for iOS. I gave it a quick go, but my lack of experience stopped me from even removing all of the errors I got. Judging by the fact that you cannot have prolog running as a background process on a unmodified version of iOS as well, some major rewriting would have to be done. Because of this, one might just have to write a new implementation (perhaps inspired by some of the more lightweight ones out there) from scratch to get the perfect solution.
You can download SWI-Prolog's source code and compile it with XCODE for iOS platform. I've never done that, but it's certainly technically possible.
Once you do that, there are a lot of examples on how to run prolog code from C/C++, hence, you will be able to run prolog from Objective-C.
FYI, you can quite easily bi-directionally make calls between Java and SWI-Prolog if you use JPL:
http://www.swi-prolog.org/packages/jpl/
It is also fully re-entrant, so you can instantiate prolog code from java, which in turn instantiates java code etc...
I did this for a number of commercial projects a few years ago when I was required to connect a Prolog based Reasoning Engine to a lot of Java code.
It does use JNI (the Java Native Interface), so you need to be careful about how you compile and link to the native api. Though if you compile it appropriately for each platform you can make it work cross platform. I had it working on OS-X, Windows, Linux & Solaris.
I do not know if this has been tried but there is the possibility to use the combination of NodeJS for Mobile Apps & TauProlog:
https://code.janeasystems.com/nodejs-mobile
https://github.com/JaneaSystems/nodejs-mobile
and
http://tau-prolog.org/
Is there a general procedure for programming extensibility capability into your code?
I am wondering what the general procedure is for adding extension-type capability to a system you are writing so that functionality can be extended through some kind of plugin API rather than having to modify the core code of a system.
Do such things tend to be dependent on the language the system was written in, or is there a general method for allowing for this?
I've used event-based APIs for plugins in the past. You can insert hooks for plugins by dispatching events and providing access to the application state.
For example, if you were writing a blogging application, you might want to raise an event just before a new post is saved to the database, and provide the post HTML to the plugin to alter as needed.
This is generally something that you'll have to expose yourself, so yes, it will be dependent on the language your system is written in (though often it's possible to write wrappers for other languages as well).
If, for example, you had a program written in C, for Windows, plugins would be written for your program as DLLs. At runtime, you would manually load these DLLs, and expose some interface to them. For example, the DLLs might expose a gimme_the_interface() function which could accept a structure filled with function pointers. These function pointers would allow the DLL to make calls, register callbacks, etc.
If you were in C++, you would use the DLL system, except you would probably pass an object pointer instead of a struct, and the object would implement an interface which provided functionality (accomplishing the same thing as the struct, but less ugly). For Java, you would load class files on-demand instead of DLLs, but the basic idea would be the same.
In all cases, you'll need to define a standard interface between your code and the plugins, so that you can initialize the plugins, and so the plugins can interact with you.
P.S. If you'd like to see a good example of a C++ plugin system, check out the foobar2000 SDK. I haven't used it in quite a while, but it used to be really well done. I assume it still is.
I'm tempted to point you to the Design Patterns book for this generic question :p
Seriously, I think the answer is no. You can't write extensible code by default, it will be both hard to write/extend and awfully inefficient (Mozilla started with the idea of being very extensible, used XPCOM everywhere, and now they realized it was a mistake and started to remove it where it doesn't make sense).
what makes sense to do is to identify the pieces of your system that can be meaningfully extended and support a proper API for these cases (e.g. language support plug-ins in an editor). You'd use the relevant patterns, but the specific implementation depends on your platform/language choice.
IMO, it also helps to use a dynamic language - makes it possible to tweak the core code at run time (when absolutely necessary). I appreciated that Mozilla's extensibility works that way when writing Firefox extensions.
I think there are two aspects to your question:
The design of the system to be extendable (the design patterns, inversion of control and other architectural aspects) (http://www.martinfowler.com/articles/injection.html). And, at least to me, yes these patterns/techniques are platform/language independent and can be seen as a "general procedure".
Now, their implementation is language and platform dependend (for example in C/C++ you have the dynamic library stuff, etc.)
Several 'frameworks' have been developed to give you a programming environment that provides you pluggability/extensibility but as some other people mention, don't get too crazy making everything pluggable.
In the Java world a good specification to look is OSGi (http://en.wikipedia.org/wiki/OSGi) with several implementations the best one IMHO being Equinox (http://www.eclipse.org/equinox/)
Find out what minimum requrements you want to put on a plugin writer. Then make one or more Interfaces that the writer must implement for your code to know when and where to execute the code.
Make an API the writer can use to access some of the functionality in your code.
You could also make a base class the writer must inherit. This will make wiring up the API easier. Then use some kind of reflection to scan a directory, and load the classes you find that matches your requirements.
Some people also make a scripting language for their system, or implements an interpreter for a subset of an existing language. This is also a possible route to go.
Bottom line is: When you get the code to load, only your imagination should be able to stop you.
Good luck.
If you are using a compiled language such as C or C++, it may be a good idea to look at plugin support via scripting languages. Both Python and Lua are excellent languages that are used to script a large number of applications (Civ4 and blender use Python, Supreme Commander uses Lua, etc).
If you are using C++, check out the boost python library. Otherwise, python ships with headers that can be used in C, and does a fairly good job documenting the C/python API. The documentation seemed less complete for Lua, but I may not have been looking hard enough. Either way, you can offer a fairly solid scripting platform without a terrible amount of work. It still isn't trivial, but it provides you with a very good base to work from.