Removing access to parts of memeory

[Kasper Middelboe Petersen]

Hello,

I'm working on a CSP library. I have channels and communicate messages
between processes using these. I would really like to be able to
enforce the concepts of CSP by removing accesss to variables for one
process as its passed trough a channel to another somehow. I'm looking
for any ideas as to how to actually do this.

Just to examplify what I mean:

I have two processes, p1 and p2. They share a channel c of a datatype
d which p1 writes to and p2 reads from.

Now d could be very simple like a bool or int in which case copying
wouldnt be a real problem thus leaving p2 with its own copy of the
message that p1 does not in anyway have access to.

However more often than not it would be a larger datastructure which
would be passed as a pointer to avoid the overhead of copying. In this
case p1 ofcause passes a pointer trough the channel instead. Problem
is this means you have no problem accessing the same object from p1
after its send to p2 as the pointer remains valid.

My question is, anyone have any ideas how to invalidate the pointer p1
has after its been send to p2? I'm willing to take some performane
hits all though not so much as to having to force a copy on every
channel communication.


/Kasper

 

[Victor Bazarov]

I'm working on a CSP library.

Is is supposed to be common knowledge as to what it contains or what
it's for? I'm asking because I have no idea what it is...

> I have channels and communicate messages
between processes using these. I would really like to be able to
enforce the concepts of CSP by removing accesss to variables for one
process as its passed trough a channel to another somehow. I'm looking
for any ideas as to how to actually do this.

Just to examplify what I mean:

I have two processes, p1 and p2. They share a channel c of a datatype
d which p1 writes to and p2 reads from.

Now d could be very simple like a bool or int in which case copying
wouldnt be a real problem thus leaving p2 with its own copy of the
message that p1 does not in anyway have access to.

However more often than not it would be a larger datastructure which
would be passed as a pointer to avoid the overhead of copying. In this
case p1 ofcause passes a pointer trough the channel instead. Problem
is this means you have no problem accessing the same object from p1
after its send to p2 as the pointer remains valid.

Huh? When you pass an address from one process to another, you got no
problem? That's interesting and must be very much platform-specific.
On the OS I use (and program for), a pointer is useless in another
process since they exist in "protected memory", i.e. the memory of one
process is only available to that process...

My question is, anyone have any ideas how to invalidate the pointer p1
has after its been send to p2? I'm willing to take some performane
hits all though not so much as to having to force a copy on every
channel communication.

What do you mean by "to invalidate"? Set the pointer to NULL and it
becomes invalid, if that's what you're after.

V

 

[Alf P. Steinbach /Usenet]

* Kasper Middelboe Petersen, on 01.10.2010 20:39:

Hello,

I'm working on a CSP library.

Which of the acronyms at <url: http://acronyms.tfd.com/Csp> is *your* "CSP"?

OK, I'll make an educated guess, that you're talking about Concurrent Sequential
Processes in the sense of Hoare.

I have channels and communicate messages
between processes using these. I would really like to be able to
enforce the concepts of CSP by removing accesss to variables for one
process as its passed trough a channel to another somehow.

Which concept is that?

I'm looking
for any ideas as to how to actually do this.

It's unclear what you mean by "removing access to variables".

Just to examplify what I mean:

I have two processes, p1 and p2. They share a channel c of a datatype
d which p1 writes to and p2 reads from.

Now d could be very simple like a bool or int in which case copying
wouldnt be a real problem thus leaving p2 with its own copy of the
message that p1 does not in anyway have access to.

However more often than not it would be a larger datastructure which
would be passed as a pointer to avoid the overhead of copying. In this
case p1 ofcause passes a pointer trough the channel instead. Problem
is this means you have no problem accessing the same object from p1
after its send to p2 as the pointer remains valid.

It appears you're talking about a data structure placed in shared memory, or,
you're talking about threads, not processes.

My question is, anyone have any ideas how to invalidate the pointer p1
has after its been send to p2? I'm willing to take some performane
hits all though not so much as to having to force a copy on every
channel communication.

Before thinking about performance, try to implement something that works.

I think you'll find that the performance problems you're envisioning are not
relevant, but that other performance problems are.


Cheers & hth.,

- Alf

 

[Kasper Middelboe Petersen]

* Kasper Middelboe Petersen, on 01.10.2010 20:39:



Which of the acronyms at <url:http://acronyms.tfd.com/Csp> is *your* "CSP"?

OK, I'll make an educated guess, that you're talking about Concurrent Sequential
Processes in the sense of Hoare.

Correct. And sorry meant to put in a link but forgot about it.

Which concept is that?

That the way to share information is by passing messages, not by using
shared memory (and not get tempted to use shared memory because it is
possible).

It's unclear what you mean by "removing access to variables".





It appears you're talking about a data structure placed in shared memory, or,
you're talking about threads, not processes.

In my case the abstraction "process" it is implemented using threads.
But either way both p1 and p2 have access to the same object after the
communication unless a copy is taken.

Before thinking about performance, try to implement something that works.

I think you'll find that the performance problems you're envisioning are not
relevant, but that other performance problems are.

I'm not too concerned with performance more than I do not want to get
something to work thats doomed beforeahnd. I'll rather just accept the
shared memory and leave it to whoever is using the library to not
screw themselves over by using it.

The faster the channels are the easier it is to write code that has
good utilization as you won't get slapped in the face everytime you
try to communicate.


/Kasper

 

[Kasper Middelboe Petersen]

Is is supposed to be common knowledge as to what it contains or what
it's for?  I'm asking because I have no idea what it is...

 > I have channels and communicate messages





Huh?  When you pass an address from one process to another, you got no
problem?  That's interesting and must be very much platform-specific.
On the OS I use (and program for), a pointer is useless in another
process since they exist in "protected memory", i.e. the memory of one
process is only available to that process...

The "process" is an abstraction. I've implemented them using threads.
In either case to communicate an object over a channel it would have
to placed in shared memeory.

What do you mean by "to invalidate"?  Set the pointer to NULL and it
becomes invalid, if that's what you're after.

I want to "unshare" the memeory after a communication so that p1
wouldnt be able to access the data it "passed on" to p2. It's to force
people to use channels and not use shared memory.

If I force the writing process to pass its message by reference I
guess I could set its message to NULL. I'm using templates for the
datatypes tough - is there anyway to set a datatype T to NULL
genericly for all datatypes?


/Kasper

 

[Öö Tiib]

Forgot the link - <url:http://en.wikipedia.org/wiki/Communicating_sequential_processes>.
Sorry.

By that link it looks like you are creating another language.

For interprocess communication people use things like ACE or CORBA or
Boost.Interprocess. Why you do not use something from these things?

I want to "unshare" the memeory after a communication so that p1
wouldnt be able to access the data it "passed on" to p2. It's to force
people to use channels and not use shared memory.

The C++ programs in windows and unix memory is protected by process
boundary. C++ itself does not talk about virtual memory (nor its
protection). So if you want to have memory protected between modules
you have to put the modules into different processes (relatively
simple) or write platform specific code (relatively hard).

You can of course use some silly way ... like write some sort of smart
pointers that check current thread id on attempt to dereference and
throw if it is wrong. On such case you also have to ensure that every
part of code uses only such smart pointers to achieve it being
effective.

If I force the writing process to pass its message by reference I
guess I could set its message to NULL. I'm using templates for the
datatypes tough - is there anyway to set a datatype T to NULL
genericly for all datatypes?

What are you asking here? There is "generic" std::auto_ptr<T> ... it
sets itself to NULL if you assign it to (or construct from it) another
auto_ptr<T>.

 

[Stuart Redmann]

On 1 Okt., Kasper Middelboe Petersen wrote:

[snip]

My question is, anyone have any ideas how to invalidate the pointer p1
has after its been send to p2? I'm willing to take some performane
hits all though not so much as to having to force a copy on every
channel communication.

I would choose the approach that Öö labeled as the "silly" way: Force
the user to use some special pointer class which is aware of the
thread context (ideally it should know when the underlying buffer has
been sent so that it forbids the sender to manipulate the buffer
afterwards). IOW, you'll will have to implement your own version of
"shared memory" with all the security aspects that you need.

Regards,
Stuart

 

[James Kanze]

I'm working on a CSP library. I have channels and communicate
messages between processes using these. I would really like to
be able to enforce the concepts of CSP by removing accesss to
variables for one process as its passed trough a channel to
another somehow. I'm looking for any ideas as to how to
actually do this.

The usual solution is to use auto_ptr. It has the disadvantage
that it requires everything to be allocated dynamically, but
once you've passed the auto_ptr to the channel (or anywhere
else), the original auto_ptr cannot be used.

 

[James Kanze]

* Kasper Middelboe Petersen, on 01.10.2010 20:39:

Which of the acronyms at <url:http://acronyms.tfd.com/Csp> is *your* "CSP"?

OK, I'll make an educated guess, that you're talking about
Concurrent Sequential Processes in the sense of Hoare.

That would seem rather obvious (and I find it surprising that
people with your experience, or that of Victor, aren't familiar
with the acronym).

Which concept is that?

The concept of CSP. Basically, that a "job" consists of a set
of data and a sequence of steps, each step being handled by
a separate "process" (a process in CSP would typically be
a thread today). And only one process has access to the data of
the job.

It's unclear what you mean by "removing access to variables".

It appears you're talking about a data structure placed in
shared memory, or, you're talking about threads, not
processes.

He's talking about the processes in CSP, not the processes in
Windows or in Unix. Processes in CSP are typically implemented
as threads; they could be implemented as processes, using shared
memory, but in that case, the solution to his problem is
obvious: unmap the shared memory from the process which has
passed the data on. (This is actually not a bad idea: maintain
all pertinent data in files which are mmap'ed. The channel
interface unmaps the file, and sends its name by some other
means, maybe a pipe, to the next process, which mmap's it.)

Before thinking about performance, try to implement something that works.

I think you'll find that the performance problems you're
envisioning are not relevant, but that other performance
problems are.

Independently of performance... Having to pass complex data
through a serial channel involves marshalling, which is a lot of
additional complexity.

For a large scale, industrial application, I'd certainly look
into the mmap'ed solution, with custom allocators so that
I could use things like std::vector in the client data. But
such a solution is a lot of work, and just using auto_ptr at the
channel interface has been sufficient in numerous applications
I've written.

 

[Victor Bazarov]

* Kasper Middelboe Petersen, on 01.10.2010 20:39:

Which of the acronyms at<url:http://acronyms.tfd.com/Csp> is *your* "CSP"?

OK, I'll make an educated guess, that you're talking about
Concurrent Sequential Processes in the sense of Hoare.

That would seem rather obvious (and I find it surprising that
people with your experience, or that of Victor, aren't familiar
with the acronym). [..]

You presume way too much.

V