Isn't this pretty much what Java does, but with less effort required on the part of the code producer than proof-carrying code? So JavaOS is an OS which has the capabilities you're inquiring about.
The jvm takes the bytecodes when it loads them and runs them through a theorem-prover to verify that the code doesn't do anything illegal, and when the code gets run, the Java security model works so that any attempt by the code to access system resources is checked by the security manager before being permitted.
When you combine this with the fact that, as of jdk1.2, developers can easily create custom privileges for their apps and then can require mobile code which requires those privileges to be signed by a trusted party, you get a system that seems to me to be much more powerful and easy to use than the one in the paper on proof-carrying code.
My question of you is, having designed a template/generic framework for C++, what advice do you have for the people at JavaSoft who are currently designing one for Java?
Most of your examples could be replaced either by inline functions: #define MAX(x, y) ((x > y) ? x : y) // can be replaced with tempate<class T> inline T& max(T& x,T& y) { return ((x > y) ? x : y); }
BTW please don't take this as a flame, but the MAX macro impl you've shown is incorrect and dangerous. Example: MAX(getc(),getc()).
Your BEGIN_SYNCHRONIZED/END_SYNCHRONIZED construct could be replaced like so:
{ Synchronized sync(x); // crit section here }
Where the constructor of class Synchronized performed the stuff in BEGIN_SYNCHRONIZED and the destructor of class Synchronized performed the stuff in END_SYNCHRONIZED. Note that you would be able to remove your try-catch stuff, because whenever there was an exception thrown inside the critical section, the desctructor of the sync object would be called. Note that the BEGIN_SYNCHRONIZED/END_SYNCHRONIZED macros can also lead to inadvertant errors if the x passed to the BEGIN is different from the x passed to the END.
I will agree that there are certain cases where macros are actually useful -- take the assert macro, for instance. But as your examples have shown so well, in most cases where people use macros, there is some other language feature in C++ that they can use. And not only that, but the other language feature is safer and less error-prone.
Here's another way I've seen it implemented. Basically, your vector is implemented via a resizeable array of T* that points to the blocks where the T's are actually stored. Note that there may be more than one T in each block, although of course the block size has to be some constant that is the same for all blocks in a particular vector instance. One notable difference between this and the regular STL vector impl is that this unusual impl alloys you to have long-lived references/pointers to items contained in the vector. Additionally, this vector impl can be less expensive by a substantial constant factor for vectors that contain complex objects and need to grow quickly -- since when the standard STL vector outgrows its capacity, it requires you to perform a copy constructor and a destructor for each item in the vector. But this impl merely requires you to copy the value of a pointer from one memory location to another. Additionally, this vector impl may be a lifesaver if the space taken up by the objects you wish to put in the vector comes perilously close to exhausing your virtual memory. These may seem like minute tradeoffs, but depending on the requirements of your application, their importance can grow very quickly.
One thing that an operator renew[] would require is a "mover" on classes that you wished to renew[]. I.E. just like some classes have constructors and/or destructors, you'd need to have an operator that moved the class in question. The problem this "mover" addresses is a common problem moving from C to C++ and from structs to classes. You see, realloc's primary use is that it can allocate a new heap area, move bytes from the old to the new, and deallocate the old. But operator renew[] would be moving objects, not bytes. And moving objects is not something that is currently directly supported by C++. Such an operation could, in most cases, be implemented as a copy-constructor call followed by an explicit destructor. But not all classes that you might want to renew[] are going to have copy constructors. In these cases, you want some sort-of move operator. Note that this is something which is totally doable in the current C++ language. In fact, I actually wanted to to do something like this in a project once -- I had some non-copyable-constructable objects that I wanted to put into a vector. And so I ended up hacking a version of the STL vector class such that it used:
template void move(C& src,C& dest) { new(&dest) C(src); src.~C(); }
to add/relocate objects in the vector in stead of copy/delete. The above implementation was, of course, the default impl, but of course any class or set of classes could specialize this. Another interesting aspect of this would be that a "move" operator such as this, in a garbage-collected version of C++, would integrate well with copy-collection.
So all that said, I'd love to hear what Stroustrup thinks of this. Is this something useful and worth standardizing, or just an idea that a particular app happenned to find useful?
If Victor doesn't sue them for patent infringement, does that open the doors for a Microsoft or a Sun to come in and use it 'illegally' without paying a license?"
I doubt this is will be a problem. Anybody remember Unisys and GIF's?
Actually, I generally find that when I try to develop using this model, it takes one more iteration of throwing the code and design away and redoing it before I have something I'm reasonably happy with.
C'mon, get real! There's one VERY important difference between Sir Dystic and the Melissa guy. Sir Dystic (so far as we know) just wrote the code (and is open-sourcing it too:^). The Melissa guy EXECUTED the code. Do you seriously think that if the Melissa guy had just put up a web-site and put the source for Melissa onto that web-site that he would have been arrested? He might have received a lot of criticism, sure. But you can't be arrested for merely exercising your first amendment rights.
It's the difference between teaching a course on how to use firearms and going out on the street and firing an AK-47 into a crowd. You might disagree with me and say that it's more like handing out guns to felons than teaching them how to use guns, but I say that the equivalent of handing out guns to felons would be not only giving them back orifice but also giving them a delivery system (i.e. an exploit). Of course, there is a nifty little tutorial on the CDC web-site on how to write a stack buffer overflow exploit. But maybe that's the equivalent of teaching a course on how to build your own gun...:^)
Yes, it's not an oxymoron. I happen to be both without any cognitive dissonance. There are two key things to realize here. One is that, as John Stuart Mill says, there should only be laws restricting things that a societal consensus believes to be harmful to others. The other is that as Christians our first priority should be changing the hearts and minds of others (i.e. building consenus), not making laws. For instance, on the abortion issue, our priorities should be (a) trying to build a national consensus that abortion really does kill an unborn human and that it's not right and (b) offering as much support to unwed mothers as we can, be it prenatal care, adoption services, whatever.
So what does this mean for censorship? I don't believe in censorship of any sort for adults. Well, ok, we should censor subliminal messages -- if you want to try and manipulate me, I want to know about it -- and you should be liable afterwards in a court of law for any slander or libel you commit. But I do believe there are some things we should censor/forbid for children, especially young children. Pornography and drugs come to mind. Children simply do not have the wisdom to make informed decisions for themselves on tricky issues such as these. Pornography and drugs -- alchohol, cigarettes, and illegal varieties -- are extremely dangerous for young minds because the pleasure is immediate, but the dangers are far from obvious. I want as much of a chance as possible to educate my children on the dangers before they even have a chance to be exposed. Even so, friends, school-mates, and society in general will probably see to it that they'll both have seen porno and been offered drugs by the time they're 15 or 16. But hopefully by then I'll have had enough time to educate them on the dangers so that they know what to do. If not, then I'll be in big trouble when they move out on their own:^(
But I certainly don't want to have my kids exposed to porno because some wacko is downloading it in a public area of my local library. Moreover, while I will try to be there to do the educating and censoring myself, I'd like to believe that public institutions such as libraries and schools would, if not help me out, at least not work against me. My suggestion to libraries would be to have a public computer area where porno was not allowed and a private, uncensored area. And as far as implementing the no-porno area, I would discourage the use of filtering software -- which as many others have stated filters out useful information such as breast cancer research -- and encourage a policy of revoking/suspending a patron's access should they attempt to view material determined by a librarian to be pornographic while they are in the no-porno area.
Having read your post, I have to disagree with several of the things you're saying. Having moved from Houston (8 years) to Austin (1 year), I think I have some pretty solid grounds for disagreeing.
(1) You say Austin costs more than Houston.
Some things are more expensive, yes. But as for housing prices in Austing being more expensive than in Houston, that's a big lie. Admittedly, a house on the edge of town in Austin is a bit more expensive than a house on the edge of town in Houston. But you're forgetting that the edge of town in Austin is about 15 minutes from downtown, whereas the edge of town in Houston is about 45. For a home that's comparably far from town, Austin is actually cheaper than Houston. We just bought a 1700-square-foot home in an upscale area of SouthWest Austin, 15 minutes from work, with very good public sdhools, for easily less than $150k. I challenge you to find a comparable inner-loop home in Houston for anywhere close. My family and I did look in Houston, and I can assure you it's not going to happen. We would have had to wait another couple years before we could have afforded to make a reasonable downpayment on a home in Houston. And we would still probably have had to worry about private school. HISD is reasonably good, as far as big-city school districts go, but I'm much happier with the schools to which my children will be going in Austin.
I will agree, however, that restaurant food is a bit more expensive and not quite as good in Austin. Of course, Houston has one of the most diverse and competetive dining scenes I've ever seen. Since Houston is a major international port city, though, this should come as no surprise.
As far as your comments about HL&P, I disagree. I've always found Houston Lighting and Power to be a very good power company with very reasonable prices. Right now, my Austin-area community's electric company is Pedernales Electric Cooperative, and I find their prices to be comparable with HL&P.
(2) You say you can't get a decent-paying job in Austin.
I actually got both a raise and stock options in my start-up for moving to Austin. If I had wanted to go to a startup in Houston, I would have needed to take a pay-cut. During the last down-turn in the oil industry, I looked for jobs in both Austin and Houston, and found that the Austin companies were a LOT more eager to talk to me. In order to get the Houston companies off their butts, I had to pester them, tell them I was getting offers from Austin companies, etc. Now I'm a software developer, not a sysadmin or a dba, so that may make a difference. Austin is definitely more of a developer's town than an admin's town. If you want to do any interesting development in Houston, you need to work at an oil-company research lab (I did). But the rest is a lot of vb, glorified dba, legacy middleware interfacing. Nice-paying work, if you can stand it.
(3) You say Austin is the home of the rip-off.
You try and find a good mechanic anywhere. It wasn't easy in Houston, and it wasn't easy in Austin. As for the power company, I haven't encountered any of the brown-outs that you complain about. Nor have I had any run-ins with druggies or encountered any of the rude service you complain about. My insurance rates actually went down a fair bit when I moved to Austin. Houston has one of the highest car-insurance rates in the country because of all the unlicensed, uninsured drivers, the red-light-running, etc.
As far as cultural events and such, Houston does have more and bigger festivals. But Houston doesn't have a music scene to compare with Austin's. The Houston Symphony may be better, but what's it going to be like after Eschenbach leaves at the end of this season? Without Eschenbach, they'll probably sink back to being just decent competition from the students at Rice's Sheperd School.
(4) You say Austin is racist.
Austin is not as culturally diverse as Houston -- it's not exactly the international port city that Houston is. But as far as racist, I'd pick Austin any day over Atlanta, St. Louis, you name-em. And if you think Houston isn't racist, go visit Kingwood or Southside Place.
(5) Things you forgot.
You forgot to mention that Houston has NO interesting nature nearby and the summers get pretty hellacious and humid. Austin summers are almost as hot, but a LOT less humid. And the nature is beautiful. The hills and cedar, the bluebonnets, all the parks. It's just no competition. In Houston, you either have to drive an hour or two to the beach, or go an hour out of town to see what? Pristine swamp? Save it. Houston has nothing like the hill country.
Also, you have forgotten to mention the problems with working in the oil industry. I got out of the oil industry because I was tired of dealing with the constant cyclical ups-and-downs -- and management's idiotically short-signed reactions to them. Everyone I know who is over 40 and working in the oil industry is just trying to make it past enough layoff cycles that they can retire. They wish they'd gotten out of oil ten years ago while they still had a reasonable shot at starting something new and going somewhere with it. And I'm not knocking the people I worked with -- they were great people. But they were trapped in a lousy industry. I'd much rather be working in an industry like e-commerce where growth is the focus in stead of cost-cutting, and where people are looked at by upper management as valuable contributors rather than expenses. And if you live in Houston and want to do cool development stuff like e-commerce, games, or compiler technologies, you've pretty much got to go to Austin.
In summary, are you sure you're not a troll? The picture you paint looks a little bit like Austin and a little like Houston, but not enough that I'd recognize either of the cities you describe as either Austin or Houston if you hadn't told me up front.
Slashdot Mirror
Isn't this pretty much what Java does, but with less effort required on the part of the code producer than proof-carrying code? So JavaOS is an OS which has the capabilities you're inquiring about.
The jvm takes the bytecodes when it loads them and runs them through a theorem-prover to verify that the code doesn't do anything illegal, and when the code gets run, the Java security model works so that any attempt by the code to access system resources is checked by the security manager before being permitted.
When you combine this with the fact that, as of jdk1.2, developers can easily create custom privileges for their apps and then can require mobile code which requires those privileges to be signed by a trusted party, you get a system that seems to me to be much more powerful and easy to use than the one in the paper on proof-carrying code.
My question of you is, having designed a template/generic framework for C++, what advice do you have for the people at JavaSoft who are currently designing one for Java?
BTW please don't take this as a flame, but the MAX macro impl you've shown is incorrect and dangerous. Example: MAX(getc(),getc()).
Your BEGIN_SYNCHRONIZED/END_SYNCHRONIZED construct could be replaced like so:
{ Synchronized sync(x);Where the constructor of class Synchronized performed the stuff in BEGIN_SYNCHRONIZED and the destructor of class Synchronized performed the stuff in END_SYNCHRONIZED. Note that you would be able to remove your try-catch stuff, because whenever there was an exception thrown inside the critical section, the desctructor of the sync object would be called. Note that the BEGIN_SYNCHRONIZED/END_SYNCHRONIZED macros can also lead to inadvertant errors if the x passed to the BEGIN is different from the x passed to the END.
I will agree that there are certain cases where macros are actually useful -- take the assert macro, for instance. But as your examples have shown so well, in most cases where people use macros, there is some other language feature in C++ that they can use. And not only that, but the other language feature is safer and less error-prone.
Here's another way I've seen it implemented. Basically, your vector is implemented via a resizeable array of T* that points to the blocks where the T's are actually stored. Note that there may be more than one T in each block, although of course the block size has to be some constant that is the same for all blocks in a particular vector instance. One notable difference between this and the regular STL vector impl is that this unusual impl alloys you to have long-lived references/pointers to items contained in the vector. Additionally, this vector impl can be less expensive by a substantial constant factor for vectors that contain complex objects and need to grow quickly -- since when the standard STL vector outgrows its capacity, it requires you to perform a copy constructor and a destructor for each item in the vector. But this impl merely requires you to copy the value of a pointer from one memory location to another. Additionally, this vector impl may be a lifesaver if the space taken up by the objects you wish to put in the vector comes perilously close to exhausing your virtual memory. These may seem like minute tradeoffs, but depending on the requirements of your application, their importance can grow very quickly.
So all that said, I'd love to hear what Stroustrup thinks of this. Is this something useful and worth standardizing, or just an idea that a particular app happenned to find useful?
I doubt this is will be a problem. Anybody remember Unisys and GIF's?
Actually, I generally find that when I try to develop using this model, it takes one more iteration of throwing the code and design away and redoing it before I have something I'm reasonably happy with.
So if you release BO2K under GPL, does this mean that if you infect someone's machine then you have to offer to give them the source :^)
C'mon, get real! There's one VERY important difference between Sir Dystic and the Melissa guy. Sir Dystic (so far as we know) just wrote the code (and is open-sourcing it too :^). The Melissa guy EXECUTED the code. Do you seriously think that if the Melissa guy had just put up a web-site and put the source for Melissa onto that web-site that he would have been arrested? He might have received a lot of criticism, sure. But you can't be arrested for merely exercising your first amendment rights.
It's the difference between teaching a course on how to use firearms and going out on the street and firing an AK-47 into a crowd. You might disagree with me and say that it's more like handing out guns to felons than teaching them how to use guns, but I say that the equivalent of handing out guns to felons would be not only giving them back orifice but also giving them a delivery system (i.e. an exploit). Of course, there is a nifty little tutorial on the CDC web-site on how to write a stack buffer overflow exploit. But maybe that's the equivalent of teaching a course on how to build your own gun... :^)
Yes, it's not an oxymoron. I happen to be both without any cognitive dissonance. There are two key things to realize here. One is that, as John Stuart Mill says, there should only be laws restricting things that a societal consensus believes to be harmful to others. The other is that as Christians our first priority should be changing the hearts and minds of others (i.e. building consenus), not making laws. For instance, on the abortion issue, our priorities should be (a) trying to build a national consensus that abortion really does kill an unborn human and that it's not right and (b) offering as much support to unwed mothers as we can, be it prenatal care, adoption services, whatever.
So what does this mean for censorship? I don't believe in censorship of any sort for adults. Well, ok, we should censor subliminal messages -- if you want to try and manipulate me, I want to know about it -- and you should be liable afterwards in a court of law for any slander or libel you commit. But I do believe there are some things we should censor/forbid for children, especially young children. Pornography and drugs come to mind. Children simply do not have the wisdom to make informed decisions for themselves on tricky issues such as these. Pornography and drugs -- alchohol, cigarettes, and illegal varieties -- are extremely dangerous for young minds because the pleasure is immediate, but the dangers are far from obvious. I want as much of a chance as possible to educate my children on the dangers before they even have a chance to be exposed. Even so, friends, school-mates, and society in general will probably see to it that they'll both have seen porno and been offered drugs by the time they're 15 or 16. But hopefully by then I'll have had enough time to educate them on the dangers so that they know what to do. If not, then I'll be in big trouble when they move out on their own :^(
But I certainly don't want to have my kids exposed to porno because some wacko is downloading it in a public area of my local library. Moreover, while I will try to be there to do the educating and censoring myself, I'd like to believe that public institutions such as libraries and schools would, if not help me out, at least not work against me. My suggestion to libraries would be to have a public computer area where porno was not allowed and a private, uncensored area. And as far as implementing the no-porno area, I would discourage the use of filtering software -- which as many others have stated filters out useful information such as breast cancer research -- and encourage a policy of revoking/suspending a patron's access should they attempt to view material determined by a librarian to be pornographic while they are in the no-porno area.
Having read your post, I have to disagree with several of the things you're saying. Having moved from Houston (8 years) to Austin (1 year), I think I have some pretty solid grounds for disagreeing.
(1) You say Austin costs more than Houston.
Some things are more expensive, yes. But as for housing prices in Austing being more expensive than in Houston, that's a big lie. Admittedly, a house on the edge of town in Austin is a bit more expensive than a house on the edge of town in Houston. But you're forgetting that the edge of town in Austin is about 15 minutes from downtown, whereas the edge of town in Houston is about 45. For a home that's comparably far from town, Austin is actually cheaper than Houston. We just bought a 1700-square-foot home in an upscale area of SouthWest Austin, 15 minutes from work, with very good public sdhools, for easily less than $150k. I challenge you to find a comparable inner-loop home in Houston for anywhere close. My family and I did look in Houston, and I can assure you it's not going to happen. We would have had to wait another couple years before we could have afforded to make a reasonable downpayment on a home in Houston. And we would still probably have had to worry about private school. HISD is reasonably good, as far as big-city school districts go, but I'm much happier with the schools to which my children will be going in Austin.
I will agree, however, that restaurant food is a bit more expensive and not quite as good in Austin. Of course, Houston has one of the most diverse and competetive dining scenes I've ever seen. Since Houston is a major international port city, though, this should come as no surprise.
As far as your comments about HL&P, I disagree. I've always found Houston Lighting and Power to be a very good power company with very reasonable prices. Right now, my Austin-area community's electric company is Pedernales Electric Cooperative, and I find their prices to be comparable with HL&P.
(2) You say you can't get a decent-paying job in Austin.
I actually got both a raise and stock options in my start-up for moving to Austin. If I had wanted to go to a startup in Houston, I would have needed to take a pay-cut. During the last down-turn in the oil industry, I looked for jobs in both Austin and Houston, and found that the Austin companies were a LOT more eager to talk to me. In order to get the Houston companies off their butts, I had to pester them, tell them I was getting offers from Austin companies, etc. Now I'm a software developer, not a sysadmin or a dba, so that may make a difference. Austin is definitely more of a developer's town than an admin's town. If you want to do any interesting development in Houston, you need to work at an oil-company research lab (I did). But the rest is a lot of vb, glorified dba, legacy middleware interfacing. Nice-paying work, if you can stand it.
(3) You say Austin is the home of the rip-off.
You try and find a good mechanic anywhere. It wasn't easy in Houston, and it wasn't easy in Austin. As for the power company, I haven't encountered any of the brown-outs that you complain about. Nor have I had any run-ins with druggies or encountered any of the rude service you complain about. My insurance rates actually went down a fair bit when I moved to Austin. Houston has one of the highest car-insurance rates in the country because of all the unlicensed, uninsured drivers, the red-light-running, etc.
As far as cultural events and such, Houston does have more and bigger festivals. But Houston doesn't have a music scene to compare with Austin's. The Houston Symphony may be better, but what's it going to be like after Eschenbach leaves at the end of this season? Without Eschenbach, they'll probably sink back to being just decent competition from the students at Rice's Sheperd School.
(4) You say Austin is racist.
Austin is not as culturally diverse as Houston -- it's not exactly the international port city that Houston is. But as far as racist, I'd pick Austin any day over Atlanta, St. Louis, you name-em. And if you think Houston isn't racist, go visit Kingwood or Southside Place.
(5) Things you forgot.
You forgot to mention that Houston has NO interesting nature nearby and the summers get pretty hellacious and humid. Austin summers are almost as hot, but a LOT less humid. And the nature is beautiful. The hills and cedar, the bluebonnets, all the parks. It's just no competition. In Houston, you either have to drive an hour or two to the beach, or go an hour out of town to see what? Pristine swamp? Save it. Houston has nothing like the hill country.
Also, you have forgotten to mention the problems with working in the oil industry. I got out of the oil industry because I was tired of dealing with the constant cyclical ups-and-downs -- and management's idiotically short-signed reactions to them. Everyone I know who is over 40 and working in the oil industry is just trying to make it past enough layoff cycles that they can retire. They wish they'd gotten out of oil ten years ago while they still had a reasonable shot at starting something new and going somewhere with it. And I'm not knocking the people I worked with -- they were great people. But they were trapped in a lousy industry. I'd much rather be working in an industry like e-commerce where growth is the focus in stead of cost-cutting, and where people are looked at by upper management as valuable contributors rather than expenses. And if you live in Houston and want to do cool development stuff like e-commerce, games, or compiler technologies, you've pretty much got to go to Austin.
In summary, are you sure you're not a troll? The picture you paint looks a little bit like Austin and a little like Houston, but not enough that I'd recognize either of the cities you describe as either Austin or Houston if you hadn't told me up front.