ErlHive Safe Erlang Reloaded

550 views

Published on

Published in: Technology, Art & Photos
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
550
On SlideShare
0
From Embeds
0
Number of Embeds
22
Actions
Shares
0
Downloads
11
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

ErlHive Safe Erlang Reloaded

  1. 1. ErlHive Safe Erlang Reloaded An angle on community web development Ulf Wiger, Ericsson AB
  2. 2. The Goal <ul><li>Web-based multi-user information management </li></ul><ul><li>Blog, forum, wiki, chat, access control, ... </li></ul><ul><li>What set of abstractions could allow us to treat these as convenient building blocks? </li></ul><ul><li>Extensible and safe </li></ul>
  3. 3. The Frustration <ul><li>Installed and tested lots of blogs, wikis and forums </li></ul><ul><li>Surprisingly difficult </li></ul><ul><li>Not particularly modular </li></ul><ul><li>Picky about perl/python/php/mysql versions </li></ul><ul><li>Esp. multi-user versions worked poorly </li></ul><ul><li>Obvious room for improvement </li></ul><ul><li>But with Erlang, lots of assembly required also. </li></ul>
  4. 4. The Tuple Store <ul><li>Joe Armstrong’s idea </li></ul><ul><li>A simple on-line database for web development </li></ul><ul><li>Storing objects, sets and streams per user </li></ul><ul><li>Joe wrote the front-end </li></ul><ul><li>I wrote the back-end </li></ul>Authentication, etc. tuple store DB HTTP
  5. 5. Stored modules extend the vision Authentication, etc. erlhive DB Public code and data Private code and data Safe, web-based community web application development User A User E
  6. 6. Back-end Concepts <ul><li>Each account contains: </li></ul><ul><ul><li>Variable declarations (scalars, arrays, streams, and modules) </li></ul></ul><ul><ul><li>Areas (public and private) </li></ul></ul>
  7. 7. Classes of Variable <ul><li>Scalar – can be of any type (a type grammar exists and is enforced) </li></ul><ul><li>Array – an associative array (ordered set) </li></ul><ul><li>Stream – like an inbox (append, lookup, delete) </li></ul><ul><li>Module – a safe-compiled Erlang module </li></ul>
  8. 8. Access control <ul><li>Data and code in the private area accessible only to the owner </li></ul><ul><li>The owner’s public modules can call the owner’s private modules </li></ul>In the public area: Read/call Read/write/delete/call Modules Append Append/read/delete Streams Read Read/write/delete Scalars & arrays Other Users Owner
  9. 9. Safe code execution <ul><li>Only side-effects allowed are through the erlhive API </li></ul><ul><li>Allow calls to modules/functions known to be safe (lists, ordsets, calendar, etc.) </li></ul><ul><li>No spawn, send, receive, link, etc. </li></ul><ul><li>Meta calls filtered at run-time (and possibly blocked) </li></ul><ul><li>Everything runs in mnesia transactions </li></ul><ul><li>Otherwise, no restrictions </li></ul>
  10. 10. Code example -module(ex3_joe). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ..., {ex3_pub, erlhive.ulf.ex3_pub:f() }]. -module(ex3_pub). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, {time, calendar:universal_time()}, {caller, erlhive.user:caller() }, {from_module, erlhive.user:from_module() }, {owner, erlhive.user:owner() }, {ex3_priv, ex3_priv:f() }]. -module(ex3_priv). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ...]. Owned by user <<”ulf”>> Owned by user <<”joe”>> 1> erlhive:with_user( <<”ulf”>>, fun(M) -> M:set_variable(ex3_pub, [{class, module},{area, public}]), M:store_module(ex3_pub, ”-module(ex3_pub). ...”) end).
  11. 11. Code example -module(ex3_joe). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ..., {ex3_pub, erlhive.ulf.ex3_pub:f() }]. -module(ex3_pub). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, {time, calendar:universal_time()}, {caller, erlhive.user:caller() }, {from_module, erlhive.user:from_module() }, {owner, erlhive.user:owner() }, {ex3_priv, ex3_priv:f() }]. -module(ex3_priv). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ...]. Package syntax for calling other users’ modules ” Meta functions” for introspection
  12. 12. Execution -module(ex3_joe). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ..., {ex3_pub, erlhive.ulf.ex3_pub:f() }]. -module(ex3_pub). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, {time, calendar:universal_time()}, {caller, erlhive.user:caller() }, {from_module, erlhive.user:from_module() }, {owner, erlhive.user:owner() }, {ex3_priv, ex3_priv:f() }]. -module(ex3_priv). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ...]. 2> erlhive:with_user( <<”joe”>>, fun(M) -> M:apply(erlhive.joe.ex3_joe, f, []) end). [{’?MODULE’, ’erlhive.joe.ex3_joe’}, {caller, <<”joe”>>}, {from_module, ’erlhive.user’}, {owner, <<”joe”>>}, {ex3_pub, [{’?MODULE’, ’erlhive.ulf.ex3_pub’}, {time, {{2006,11,9},{16,53,17}}, {caller, <<”joe”>>}, {owner, <<”ulf”>>}, {ex3_priv, [{’?MODULE’, ’erlhive.ulf.ex3_priv’}, {caller, <<”ulf”>>}, {from_module, ’erlhive.ulf.ex3_pub’}, {owner, <<”ulf”>>}]}]}]
  13. 13. Execution -module(ex3_joe). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ..., {ex3_pub, erlhive.ulf.ex3_pub:f() }]. -module(ex3_pub). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, {caller, erlhive.user:caller() }, {from_module, erlhive.user:from_module() }, {owner, erlhive.user:owner() }, {ex3_priv, ex3_priv:f() }]. -module(ex3_priv). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ...]. 2> erlhive:with_user( <<”joe”>>, fun(M) -> M:apply(erlhive.ulf.ex3_priv, f, []) end). ** exited: {aborted, {{undef,[{{’erlhive.ulf.ex3_priv’, <<”joe”>>, ’erlhive.user’}, f, 0}, {erlhive,with_watchdog,1}, ...]}, ...} Cannot call another user’s private modules. Restricted calls appear as undefs.
  14. 14. Profiling -module(ex3_joe). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ..., {ex3_pub, erlhive.ulf.ex3_pub:f() }]. -module(ex3_pub). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, {caller, erlhive.user:caller() }, {from_module, erlhive.user:from_module() }, {owner, erlhive.user:owner() }, {ex3_priv, ex3_priv:f() }]. -module(ex3_priv). -export([f/0]). f() -> [{’?MODULE’, ?MODULE}, ...]. 2> erlhive:profile( <<”joe”>>, fun(M) -> M:apply(ex3_joe, f, []) end). { [{’?MODULE’,’erlhive.joe.ex3_joe’}, ...], [{trace,<0.403.0>,call,{erlhive_user,apply,4}}, {trace,<0.403.0>,call,{’erlhive.joe.ex3_joe’,f,1}}, {trace,<0.403.0>,call,{’erlhive.ulf.ex3_pub’,f,1}}, {trace,<0.403.0>,return_to,{’erlhive.ulf.ex3_pub’,f,1}}, {trace ,<0.403.0>,return_to,{’erlhive.ulf.ex3_pub’,f,1}}]} A censored call trace. Can be followed by a specific trace on ’visible’ modules. (work in progress...)
  15. 15. Status <ul><li>Beta version at Sourceforge http://www.sourceforge.net/projects/erlhive </li></ul><ul><li>Authenticating web server front-end </li></ul><ul><li>Components </li></ul><ul><ul><li>Simple web-based management front-end </li></ul></ul><ul><ul><li>Blog with threaded comments </li></ul></ul><ul><ul><li>Wiki code syntax library </li></ul></ul><ul><ul><li>Role-Based Access Control library </li></ul></ul><ul><li>Any day now! </li></ul>
  16. 16. Questions?

×