[mercury-users] C Interface (was Circular lists)
Tyson Dowd
trd at cs.mu.oz.au
Fri Nov 28 14:02:01 AEDT 1997
On 27-Nov-1997, Richard A. O'Keefe <ok at cs.rmit.edu.au> wrote:
> Merely defining _checkable_ code and devising algorithms to check such
> code sounds like a fairly substantial project.
>
> It sounds like you'll be pretty much restricted to checking what
> could be called "pure C". But "pure C" doesn't let you do anything you
> can't do in Mercury anyway. We *need* the C interface to do things like
> I/O, networking, IPC, graphics, pointer-manipulation, etc.
>
> This is a straw man. You are attacking something I am not proposing.
> How many times do I have to say that I accept that if the foreign code
> breaks the rules of the foreign language, all bets are off?
> What I'm asking about is whether there is or could be `middle-level'
> *interface* where safe use of the *INTERFACE* can be checked on the
> assumption that the rest of the foreign code is doing legal things according
> to the rules of the foreign language.
And I have proposed that it would be a good course of action to create
(or enhance) the C interface so that it can provide an environment where
you can't do anything but be correct (except if you break the rules
of the foreign language). So the C compiler can tell you if you are
breaking the rules. It would then be relatively easy to invoke the C
compiler with all warnings enabled in the code that someone else writes.
We already do some static checks of C code (the names of all the input
and output variables must be mentioned in the C code). Checks of this
nature would be OK to do, but I don't think anyone is willing to parse C
code to find out whether you are doing something unsafe. From your
first posts it sounded like this is what you wanted, but I think you
were just being terse.
>
> The Quintus interface, with *NO* access to Prolog data structures or control
> from C, was entirely adequate to do I/O, networking, IPC, &c. I believe a
> lower level access *to C structures* was provided to Prolog about the time
> I left. Peter Schachte can comment on this, because he implemented it.
> But Prolog access to C data structures is not the same as C access to
> Prolog data structures.
>
> What I'm getting at is really incredibly simple: a subset of the interface
> that can be used to pass some subset of *C* data structures between Mercury
> and C, where an amazingly simple tool can say "yes, you have used no
> interface features outside that subset".
>
> You can do _all_ of I/O, networking, IPC, and graphics with an interface
> subset like that.
>
> The other thing we need the C interface for is accessing large libraries
> of pre-written code, and it's almost certain that any large amount of
> code will not be checkable.
>
> Again, that's because you are talking about checking everything the foreign
> code is doing, while I was only asking that safe use of the INTERFACE be
> checked. And by "checkable code", I meant code where THAT check is easy,
> and all I meant was using suitably crafted macros instead of powerful
> primitives.
>
I don't know why it looks like we are arguing. Except for the details,
we seem to be in compelete agreement. I think calling it a 'tool' made
it sound like you wanted a theorem prover. If this was our
misunderstanding, then we'll let it die now.
>
> Yes, it will still be possible for foreign code to do arbitrary damage
> IF it breaks the foreign language rules, but I was never asking for arbitrary
> code checks, only interface checks. The point is to check that nobody is
> _deliberately_ doing dangerous things without leaving bright flashing warning
> signs nearby.
Well, the other possiblity for leaving warning signs is to use `impure'
declarations (which are being worked on). These would allow you to
write Mercury code that relies on C code that is impure, but eventually
when you put enough of the code together, it is pure.
> I've got to leave this thread because I'm catching a plane on Saturday and
> leaving Melbourne permanently. I'll be off the air until January.
That's cheating. You can't leave a thread dangling like this!
--
Tyson Dowd #
# Linux versus Windows is a
trd at cs.mu.oz.au # Win lose situation.
http://www.cs.mu.oz.au/~trd #
More information about the users
mailing list