News aggregator

State of secure coding in Haskell?

Haskell on Reddit - Sun, 05/04/2014 - 5:05am

Recently, I've been forced to study a bit of software security. Everyone who has ever done so probably knows how frustrating that can be - pretty much every tool for building programs seems either broken or beyond repair.

Static checking and fuzzing seem to be the state of art in C and Java side of the fence. What is the status of such tools in Haskell? Are there taint tracking tools or other static analysers beyond the type system? Or any recommended libraries specially aimed for secure programming? (I'd guess that quickcheck covers pretty much everything you'd use fuzzing for. And without the nasty difficulty of devising oracles.)

(As an example why I feel such tools are necessary, both the snap tutorial and the example in scotty docs present code with an obvious xss vulnerability without any warning sticker attached.)

submitted by aleator
[link] [4 comments]
Categories: Incoming News

What's the best way to get involved with open source Haskell projects?

Haskell on Reddit - Sun, 05/04/2014 - 4:44am

Hi. I've been learning Haskell for a while now and I feel like a good way to practice would be to get involved with some open source projects. I was wondering if anyone knew the best way to start getting involved. Are there any projects which are welcoming to people who may not be the best Haskell programmers or is there a particular project you know that could do with a hand?

Thanks and sorry if this is in the wrong place. I originally posted this to /r/haskellquestions but there were no replies. Thanks

submitted by hailmattyhall
[link] [5 comments]
Categories: Incoming News

Edward Z. Yang: The cost of weak pointers and finalizers in GHC

Planet Haskell - Sun, 05/04/2014 - 2:55am

Weak pointers and finalizers are a very convenient feature for many types of programs. Weak pointers are useful for implementing memotables and solving certain classes of memory leaks, while finalizers are useful for fitting "allocate/deallocate" memory models into a garbage-collected language. Of course, these features don’t come for free, and so one might wonder what the cost of utilizing these two (closely related) features are in GHC. In this blog post, I want to explain how weak pointers and finalizers are implemented in the GHC runtime system and characterize what extra overheads you incur by using them. These post assumes some basic knowledge about how the runtime system and copying garbage collection work.

The userland API

The API for weak pointers is in System.Mem.Weak; in its full generality, a weak pointer consists of a key and a value, with the property that if the key is alive, then the value is considered alive. (A "simple" weak reference is simply one where the key and value are the same.) A weak pointer can also optionally be associated with a finalizer, which is run when the object is garbage collected. Haskell finalizers are not guaranteed to run.

Foreign pointers in Foreign.ForeignPtr also have a the capability to attach a C finalizer; i.e. a function pointer that might get run during garbage collection. As it turns out, these finalizers are also implemented using weak pointers, but C finalizers are treated differently from Haskell finalizers.

Representation of weak pointers

A weak pointer is a special type of object with the following layout:

typedef struct _StgWeak { /* Weak v */ StgHeader header; StgClosure *cfinalizers; StgClosure *key; StgClosure *value; /* v */ StgClosure *finalizer; struct _StgWeak *link; } StgWeak;

As we can see, we have pointers to the key and value, as well as separate pointers for a single Haskell finalizer (just a normal closure) and C finalizers (which have the type StgCFinalizerList). There is also a link field for linking weak pointers together. In fact, when the weak pointer is created, it is added to the nursery's list of weak pointers (aptly named weak_ptr_list). This list is global, so we do have to take out a global lock when a new weak pointer is allocated.

Garbage collecting weak pointers

Pop quiz! When we do a (minor) garbage collection on weak pointers, which of the fields in StgWeak are considered pointers, and which fields are considered non-pointers? The correct answer is: only the first field is considered a “pointer”; the rest are treated as non-pointers by normal GC. This is actually what you would expect: if we handled the key and value fields as normal pointer fields during GC, then they wouldn’t be weak at all.

Once garbage collection has been completed (modulo all of the weak references), we then go through the weak pointer list and check if the keys are alive. If they are, then the values and finalizers should be considered alive, so we mark them as live, and head back and do more garbage collection. This process will continue as long as we keep discovering new weak pointers to process; however, this will only occur when the key and the value are different (if they are the same, then the key must have already been processed by the GC). Live weak pointers are removed from the "old" list and placed into the new list of live weak pointers, for the next time.

Once there are no more newly discovered live pointers, the list of dead pointers is collected together, and the finalizers are scheduled (scheduleFinalizers). C finalizers are run on the spot during GC, while Haskell finalizers are batched together into a list and then shunted off to a freshly created thread to be run.

That's it! There are some details for how to handle liveness of finalizers (which are heap objects too, so even if an object is dead we have to keep the finalizer alive for one more GC) and threads (a finalizer for a weak pointer can keep a thread alive).

Tallying up the costs

To summarize, here are the extra costs of a weak pointer:

  1. Allocating a weak pointer requires taking a global lock (this could be fixed) and costs six words (fairly hefty as far as Haskell heap objects tend to go.)
  2. During each minor GC, processing weak pointers takes time linear to the size of the weak pointer lists for all of the generations being collected. Furthermore, this process involves traversing a linked list, so data locality will not be very good. This process may happen more than once, although once it is determined that a weak pointer is live, it is not processed again. The cost of redoing GC when a weak pointer is found to be live is simply the cost of synchronizing all parallel GC threads together.
  3. The number of times you have to switch between GC'ing and processing weak pointers depends on the structure of the heap. Take a heap and add a special "weak link" from a key to its dependent weak value. Then we can classify objects by the minimum number of weak links we must traverse from a root to reach the object: call this the "weak distance". Supposing that a given weak pointer's weak distance is n, then we spend O(n) time processing that weak pointer during minor GC. The maximum weak distance constitutes how many times we need to redo the GC.

In short, weak pointers are reasonably cheap when they are not deeply nested: you only pay the cost of traversing a linked list of all of the pointers you have allocated once per garbage collection. In the pessimal case (a chain of weak links, where the value of each weak pointer was not considered reachable until we discovered its key is live in the previous iteration), we can spend quadratic time processing weak pointers.

Categories: Offsite Blogs

Suppose there is a function, `foo :: T -> T` that is probably too complex for a human to program. What can a Haskeller do?

Haskell on Reddit - Sun, 05/04/2014 - 1:41am

Suppose that you want to write a function for a type T, foo :: T -> T, that is considerably complex for a human to program. Suppose it is purposely made so. You can generate infinitely many valid input-output pairs, but you can not code that function itself. Is there anything you can do?

(I've been thinking in genetic programming libraries and similars...)

submitted by SrPeixinho
[link] [4 comments]
Categories: Incoming News

[Question] Composable events: Applicative and Alternative

Haskell on Reddit - Sat, 05/03/2014 - 11:20pm

For a game I am making, I am using events that the player can program. For example, the player can register a callback that will be triggered when a new player arrives. He can also program some forms (with buttons, checkboxes, textboxes...) to appear on the Web GUI. The problem is those events are not composable: he has to create and handle them one by one.

So I'm thinking of making those events composable by making them an instance of Applicative and Alternative. For Applicative, this makes events composable very much like in Applicative-Functors and Reform. I can build neat composed events such as (full program below):

onInputMyRecord :: Event MyRecord onInputMyRecord = MyRecord <$> onInputText <*> onInputCheckbox

For Alternative, I haven't seen any example of it on the net. The idea is that the first event that fires is used to build the alternative:

onInputMyAlternative :: Event Bool onInputMyAlternative = (const True <$> onInputButton) <|> (const False <$> onInputButton)

Have you heard about a similar implementation? It seems pretty useful. Maybe in FRP frameworks?

Here is an example program:

{-# LANGUAGE GADTs #-} module ComposableEvents where import Control.Applicative import Data.Time import Data.Traversable type PlayerNumber = Int data Event a where OnInputText :: PlayerNumber -> Event String -- A textbox will be created for the player. When filled, this event will fire and return the result OnInputCheckbox :: PlayerNumber -> Event Bool -- Idem with a checkbox OnInputButton :: PlayerNumber -> Event () -- Idem with a button OnTime :: UTCTime -> Event () -- time event EventSum :: Event a -> Event a -> Event a -- The first event to fire will be returned EventProduct :: Event (a -> b) -> Event a -> Event b -- both events should fire, and then the result is returned Fmap :: (a -> b) -> Event a -> Event b -- transforms the value returned by an event. Pure :: a -> Event a -- Create a fake event. The result is useable with no delay. Empty :: Event a -- An event that is never fired. instance Functor Event where fmap = Fmap instance Applicative Event where pure = Pure (<*>) = EventProduct instance Alternative Event where (<|>) = EventSum empty = Empty onInputText = OnInputText onInputCheckbox = OnInputCheckbox onInputButton = OnInputButton onTime = OnTime -- A product type data MyRecord = MyRecord String Bool -- A sum type data MyAlternative = A | B -- Using the Applicative instance, we can build a product type from two separate event results. -- The event callback should be called only when all two events have fired. onInputMyRecord :: Event MyRecord onInputMyRecord = MyRecord <$> onInputText 1 <*> onInputCheckbox 1 -- other possible implementation (given a monad instance) -- onInputMyRecord' = do -- s <- onInputText -- b <- onInputCheckbox -- return $ MyRecord s b -- Using the Alternative instance, we build a sum type. -- The event callback should be called when the first event have fired. onInputMyAlternative :: Event MyAlternative onInputMyAlternative = (const A <$> onInputButton 1) <|> (const B <$> onInputButton 1) allPlayers = [1 .. 10] -- Now complex events can be created, such as voting systems: voteEvent :: UTCTime -> Event ([Maybe Bool]) voteEvent time = sequenceA $ map (singleVote time) allPlayers singleVote :: UTCTime -> PlayerNumber -> Event (Maybe Bool) singleVote timeLimit pn = (Just <$> onInputCheckbox pn) <|> (const Nothing <$> onTime timeLimit) vote :: UTCTime -> Event Bool vote timeLimit = unanimity <$> (voteEvent timeLimit) unanimity :: [Maybe Bool] -> Bool unanimity = all (== Just True) --Evaluation --evalEvent :: Event a -> State Game a --evalEvent = undefined

With this DSL, I can create complex events such as time limited votes very neatly...
There is much left to do for a full implem: the way to register callbacks on complex events, the evaluator and the event manager.
Any pointers to similar works?

PS: I copied this example also in https://github.com/cdupont/Nomyx-design/blob/master/ComposableEvents.hs.

submitted by kaukau
[link] [2 comments]
Categories: Incoming News

How can I desugar a code snippet?

Haskell on Reddit - Sat, 05/03/2014 - 11:14pm

Is there a compiler option or other tools can help me to see the desugared version source code?

submitted by cakebunny
[link] [1 comment]
Categories: Incoming News

Spire Language Development Blog

del.icio.us/haskell - Sat, 05/03/2014 - 9:05pm
Categories: Offsite Blogs

Spire Language Development Blog

del.icio.us/haskell - Sat, 05/03/2014 - 9:05pm
Categories: Offsite Blogs

Composable events: Applicative and Alternative

haskell-cafe - Sat, 05/03/2014 - 7:02pm
Hi Cafe!! For my game Nomyx, I am using events that the player can program. For example, the player can register a callback that will be triggered when a new player arrives. He can also program some forms (with buttons, checkboxes, textboxes...) to appear on the Web GUI. The problem is those events are not composable: he has to create and handle them one by one. So I'm thinking of making those events composable by making them an instance of Applicative and Alternative. For Applicative, this makes events composable very much like in Applicative-Functors and Reform. I can build neat composed events such as (full program below): onInputMyRecord :: Event MyRecord onInputMyRecord = MyRecord <$> onInputText <*> onInputCheckbox For Alternative, I haven't seen any example of it on the net. The idea is that the first event that fires is used to build the alternative: onInputMyAlternative :: Event Bool onInputMyAlternative = (const True <$> onInputButton) <|> (const False <$> onInputButton) Here is an example pr
Categories: Offsite Discussion

Parallel Voronoi in Haskell

del.icio.us/haskell - Sat, 05/03/2014 - 6:34pm
Categories: Offsite Blogs

Parallel Voronoi in Haskell

del.icio.us/haskell - Sat, 05/03/2014 - 6:34pm
Categories: Offsite Blogs

jasani.org

del.icio.us/haskell - Sat, 05/03/2014 - 4:26pm
Categories: Offsite Blogs

jasani.org

del.icio.us/haskell - Sat, 05/03/2014 - 4:26pm
Categories: Offsite Blogs

cabal repl fails with GHC 7.8.2

haskell-cafe - Sat, 05/03/2014 - 3:13pm
I have a package for which "cabal repl" works fine with cabal version 1.20 and GHC 7.6.3. The package has a lot of FFI bindings and uses hsc2hs, so getting a REPL without "cabal repl" is a pain. The package also comes with the C sources that get linked in. But with GHC 7.8.2, "cabal repl" fails with: Loading object (static) dist/build/decnumber/src/decDouble.o ... /usr/bin/ld: dist/build/decnumber/src/decDouble.o: relocation R_X86_64_32S against `DPD2BIN' can not be used when making a shared object; recompile with -fPIC Any idea on how to fix this? "cabal build" and "cabal install" work fine and I can even build and execute a test binary against the library. It seems the problem is just with "cabal repl". Thanks. Omari
Categories: Offsite Discussion