From 21f192318becf470619ff91dd98375af334856d4 Mon Sep 17 00:00:00 2001 From: Tony Garnock-Jones Date: Wed, 8 May 2013 08:24:32 -0400 Subject: [PATCH] Pictures and a little more text --- marketplace/scribblings/background.scrbl | 61 +++++++----- marketplace/scribblings/concepts.scrbl | 17 ++-- marketplace/scribblings/prelude.inc | 7 ++ marketplace/scribblings/vm-pictures.rkt | 113 +++++++++++++++++++++++ 4 files changed, 165 insertions(+), 33 deletions(-) create mode 100644 marketplace/scribblings/vm-pictures.rkt diff --git a/marketplace/scribblings/background.scrbl b/marketplace/scribblings/background.scrbl index 03a3523..729ebe4 100644 --- a/marketplace/scribblings/background.scrbl +++ b/marketplace/scribblings/background.scrbl @@ -66,14 +66,20 @@ Programs can handle exceptions to @emph{contain} partial failure: Partial failures interact with shared, mutable state in unpredictable ways, especially in larger programs that combine stateful subprograms. -Programmers often ignore issues of security and trust between -subprograms within a larger program. Most programming languages -entirely lack any means of securely isolating subprograms from each -other, leading to predictable failures. Even memory-safe languages -such as Racket, Java and .NET only offer weak techniques for securely -composing mutually suspicious subprograms. Techniques such as avoiding -@emph{ambient authority} and using @emph{object capabilities} to -compose subprograms +@note{For a good overview of PL-based approaches to security and +trust, see Mark S. Miller's +"@hyperlink["http://www.erights.org/talks/thesis/markm-thesis.pdf"]{Robust +composition: Towards a unified approach to access control and +concurrency control}" and Jonathan A. Rees's +"@hyperlink["http://dspace.mit.edu/bitstream/handle/1721.1/5944/AIM-1564.pdf"]{A +Security Kernel Based on the Lambda-Calculus}".} Programmers often +ignore issues of security and trust between subprograms within a +larger program. Most programming languages entirely lack any means of +securely isolating subprograms from each other, leading to predictable +failures. Even memory-safe languages such as Racket, Java and .NET +only offer weak techniques for securely composing mutually suspicious +subprograms. Techniques such as avoiding @emph{ambient authority} and +using @emph{object capabilities} to compose subprograms TODO ^ @@ -81,22 +87,29 @@ TODO ^ Programs which engage in I/O are very obviously part of a network: -@racketblock[(define username (read-line)) - (printf "Hello, ~a!\n" username)] +@racketblock[(define (greet-user) + (define username (read-line)) + (define greeting (format "Hello, ~a!\n" username)) + (display greeting) + (newline)) + (greet-user)] -But look closely! There is a difference here between the kind of communication +Here, the network has two components: the program, and the user at the +terminal. -This program is more obviously composed of a number of moving pieces: +But look closely! There is a difference here between the kind of +communication between this program and its @emph{peer} and the +communication @emph{internal} to the program itself. Portions of the +program relay information from the outside world, translating it to +and from an internal representation as they go, while other portions +perform computations on the relayed information. -@interaction[(let ((b (box 3))) - (set-box! b (+ (unbox b) 4)) - (unbox b))] - -@interaction[(define (add-three-to b) - (set-box! b (+ (unbox b) 3))) - (define (add-four-to b) - (set-box! b (+ (unbox b) 4))) - (define my-box (box 0)) - (add-three-to my-box) - (add-four-to my-box) - (unbox my-box)] +@vm-figure[(vm (vm-label "Operating System") + (network-label "") + (process "User") + (process-space) + (vm (vm-label "Program") + (network-label "") + (process "Read line") + (process "Format greeting") + (process "Print greeting")))] diff --git a/marketplace/scribblings/concepts.scrbl b/marketplace/scribblings/concepts.scrbl index 08dd6ac..a2e10fb 100644 --- a/marketplace/scribblings/concepts.scrbl +++ b/marketplace/scribblings/concepts.scrbl @@ -4,16 +4,15 @@ @title{Concepts} -We integrate ideas from both distributed systems -and virtualized operating system designs to obtain a novel -architecture of nested virtual machines. Each nested layer is equipped with -its own publish/subscribe network that also propagates information -about the (dis)appearance of services. +Marketplace integrates ideas from both distributed systems and +virtualized operating system designs to obtain an architecture of +nested @emph{virtual machines}. Each nested layer is equipped with its +own publish/subscribe network that also propagates @emph{presence} +information about the (dis)appearance of services. -The result suggests a @emph{ -marketplace} metaphor, where communicating programs exist in a -noisy, crowded, even chaotic context, rather than in a quiet place -systematically going through their inboxes. +The result suggests a @emph{marketplace} metaphor, where communicating +programs exist in a noisy, crowded, even chaotic context, rather than +in a quiet place systematically going through their inboxes. @section{What is a process, what are event handlers?} diff --git a/marketplace/scribblings/prelude.inc b/marketplace/scribblings/prelude.inc index d43f082..27547b8 100644 --- a/marketplace/scribblings/prelude.inc +++ b/marketplace/scribblings/prelude.inc @@ -2,6 +2,10 @@ (require scribble/racket scribble/eval scriblib/footnote + + slideshow/pict + "vm-pictures.rkt" + (for-syntax racket) (for-label typed/racket/base)) @@ -17,3 +21,6 @@ desc ...)] [(_ t d desc ...) #`(defthing #:kind "type" t d desc ...)]))) + +(define (vm-figure p) + (centered (to-element (render (scale p 1.2) #:target 'pict)))) diff --git a/marketplace/scribblings/vm-pictures.rkt b/marketplace/scribblings/vm-pictures.rkt new file mode 100644 index 0000000..03ba84d --- /dev/null +++ b/marketplace/scribblings/vm-pictures.rkt @@ -0,0 +1,113 @@ +#lang racket/base + +(require (only-in racket/math pi)) +(require slideshow/pict) +(require file/convertible) + +(provide (all-defined-out)) + +(define default-process-height 98) + +(define default-font (make-parameter 'roman)) + +(define final-border (make-parameter 1)) + +(define process-angle (make-parameter 90)) +(define process-width (make-parameter 24)) +(define process-corner (make-parameter 6)) +(define process-height (make-parameter default-process-height)) +(define process-gap (make-parameter 6)) +(define process-fill-color (make-parameter "white")) + +(define PROCESS-SHADED (list #xdd #xdd #xdd)) + +(define leg-offset (make-parameter 4)) +(define leg-width (make-parameter 2)) +(define leg-spot-width (make-parameter 4)) + +(define (default-leg-height) + (/ (network-height) 2)) + +(define (meta-leg-height) + (+ (default-leg-height) (vm-height) (network-height))) + +(define network-height (make-parameter 12)) +(define vm-height (make-parameter 27)) +(define process-label-size (make-parameter 12)) +(define network-label-size (make-parameter 9)) +(define vm-label-size (make-parameter 12)) +(define ellipsis-size (make-parameter 24)) + +(define (process label) + (cb-superimpose + (colorize (filled-rounded-rectangle (process-width) (process-height) (process-corner)) + (process-fill-color)) + (rounded-rectangle (process-width) (process-height) (process-corner)) + (vc-append (text label (default-font) (process-label-size) (d2r (process-angle))) + (blank (/ (- (process-width) (process-label-size)) 2))))) + +(define (process-group . ps) + (apply hb-append (process-gap) ps)) + +(define (process-space [n 1]) + (blank (+ (* (- n 1) (/ (process-width) 2)) + (- (/ (process-width) 2) (* 2 (process-gap)))) (process-height))) + +(define (vm-label str) + (text str (default-font) (vm-label-size) (d2r 0))) + +(define (network-label str) + (text str (default-font) (network-label-size) (d2r 0))) + +(define (vm label net-label . ps) + (define ps-pict (apply process-group ps)) + (define label-width (max (pict-width label) (pict-width net-label))) + (define width (max (+ label-width (* 2 (max (vm-label-size) (network-label-size)))) + (pict-width ps-pict))) + (vl-append ps-pict + (cb-superimpose (colorize (filled-rectangle width (network-height)) + (process-fill-color)) + (rectangle width (network-height)) + net-label) + (cc-superimpose (colorize (filled-rectangle width (vm-height)) + (process-fill-color)) + (rectangle width (vm-height)) + label))) + +(define (process-ellipsis) + (cc-superimpose (text ". . ." (default-font) (ellipsis-size) 0) + (blank 0 (process-height)))) + +(define (d2r d) + (* pi (/ d 180.0))) + +(define (leg p offset height) + (define x (+ (/ (pict-width p) 2) (* offset (leg-offset)))) + (define y (pict-height p)) + (define leg-pict (vc-append (vline (leg-width) (- height (/ (leg-spot-width) 2))) + (disk (leg-spot-width) #:draw-border? #f))) + (pin-over p (- x (/ (pict-width leg-pict) 2)) y leg-pict)) + +(define (relay-legs p) + (leg (leg p 1 (default-leg-height)) -1 (meta-leg-height))) + +(define (local-leg p) + (leg p 0 (default-leg-height))) + +(define (render p #:target [target (string->symbol (or (getenv "VM_PICTURES_TARGET") "eps"))]) + (define final-pict (cc-superimpose (blank (+ (pict-width p) (* 2 (final-border))) + (+ (pict-height p) (* 2 (final-border)))) + (panorama p))) + (case target + [(pict) + final-pict] + [(screen) + ;; FFS. This connects to the display even if you don't use it. + ;; (local-require racket/gui/base) + ;; (show-pict final-pict 800 600) + (log-error "You need to uncomment a couple of lines in vm-pictures.rkt") + (void)] + [(png) + (display (convert final-pict 'png-bytes))] + [(eps) + (display (convert final-pict 'eps-bytes))]))