Received: from sog-mx-1.v43.ch3.sourceforge.com ([172.29.43.191] helo=mx.sourceforge.net) by sfs-ml-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Uz1S8-0000Xg-B2 for bitcoin-development@lists.sourceforge.net; Tue, 16 Jul 2013 09:21:48 +0000 Received-SPF: pass (sog-mx-1.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.214.179 as permitted sender) client-ip=209.85.214.179; envelope-from=mh.in.england@gmail.com; helo=mail-ob0-f179.google.com; Received: from mail-ob0-f179.google.com ([209.85.214.179]) by sog-mx-1.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Uz1S6-0008Ej-D5 for bitcoin-development@lists.sourceforge.net; Tue, 16 Jul 2013 09:21:48 +0000 Received: by mail-ob0-f179.google.com with SMTP id xk17so473984obc.24 for ; Tue, 16 Jul 2013 02:21:41 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.99.42 with SMTP id en10mr688862oeb.85.1373966500948; Tue, 16 Jul 2013 02:21:40 -0700 (PDT) Sender: mh.in.england@gmail.com Received: by 10.76.23.36 with HTTP; Tue, 16 Jul 2013 02:21:40 -0700 (PDT) In-Reply-To: <2BDA0943-22BB-4405-9AF0-86FB41FD04A6@include7.ch> References: <3E7894A0-06F3-453D-87F8-975A244EBACF@include7.ch> <2BDA0943-22BB-4405-9AF0-86FB41FD04A6@include7.ch> Date: Tue, 16 Jul 2013 11:21:40 +0200 X-Google-Sender-Auth: O7fJJChmqu0PB-5OcMtV0ipoZ7E Message-ID: From: Mike Hearn To: Jonas Schnelli Content-Type: multipart/alternative; boundary=047d7b33d26a38f0a504e19d8134 X-Spam-Score: -0.5 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mh.in.england[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Uz1S6-0008Ej-D5 Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Introducing BitcoinKit.framework X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jul 2013 09:21:48 -0000 --047d7b33d26a38f0a504e19d8134 Content-Type: text/plain; charset=UTF-8 > Clear. Your right. C++ would give us more flexibility (other platforms) > and also android compatibility (through NDK). > I'm a bit confused I'm afraid. bitcoinj already runs SPV wallets on Android on top of Dalvik. In fact that's what it's designed for. The NDK is not necessary to work with Bitcoin at any point. > That's a great idea. > Let me look into the quality of j2c's output. > There's an example of what it looks like here: https://code.google.com/a/eclipselabs.org/p/j2c/wiki/Examples If you're serious about playing with j2c let me know. It's an amazing piece of work BUT it was written for fun, and as such isn't really documented at all. It took me a little while to figure out how to make it work properly. I'm now fixing bugs in it and making various improvements along with filling out the native stubs (a.k.a. portability layer). If you want to catch up to where I'm at, I can send you some notes because otherwise you might waste a lot of time on blind alleys. The main things be aware of so far are: - Lots of explicit null pointer checks are generated. The reason is that the output is meant to be entirely portable, so Jacek doesn't want to rely on platform specific stuff like signals or SEH. Simplest solution is just to disable npc() generation entirely because normal C++ libraries just segfault if a null pointer gets in the wrong place, they don't throw exceptions. Losing the Java behaviour would not be a downgrade for people used to C++. - Array accesses don't seem to be properly bounds-checked. That's a part of the Java security model - bitcoinj is written on the assumption that buffer and heap overflows aren't possible because they're caught by the runtime. If those checks go missing then it'd likely become possible to hack your program by exploiting buffer overflows. So that needs to be fixed. - Generated code doesn't use the STL of course, it can't because the Java library has more features than the STL. However as the way j2c works is you transpile your code alongside a copy of the (open source) Java class library, you can go in and modify the generated code for java::lang::String or java::util::List and so on to add helper methods for converting to various other forms. On Linux you'd have implicit c'tors to go back and forth between std::string, on MacOS X you'd have conversions for NSString, you could add code for QStrings or raw C strings too. Once the code has been generated you can extend or patch it to make the API more convenient. - Obviously, the resulting code requires the Boehm GC because there are no explicit delete calls anywhere. This is a safety feature though, it avoids use-after-free and double-free bugs that can create security holes. - The code generator doesn't do dependency tracing, so you end up with generated code that isn't used anywhere. It's up to the linker to do a dead code elimination pass. Otherwise the resulting binaries can be huge. --047d7b33d26a38f0a504e19d8134 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

=
Clear. Your right. C++ would give = us more flexibility (other platforms) and also android compatibility (throu= gh NDK).

I'm a bit confused= I'm afraid. bitcoinj already runs SPV wallets on Android on top of Dal= vik. In fact that's what it's designed for. The NDK is not necessar= y to work with Bitcoin at any point.
=C2=A0
=
That's a great idea.
Let me look into the quality of j2c's output.

There's an example of what it looks like = here:


If you're serious about playing with j2c let = me know. It's an amazing piece of work BUT it was written for fun, and = as such isn't really documented at all. It took me a little while to fi= gure out how to make it work properly. I'm now fixing bugs in it and ma= king various improvements along with filling out the native stubs (a.k.a. p= ortability layer). If you want to catch up to where I'm at, I can send = you some notes because otherwise you might waste a lot of time on blind all= eys.

The main things be aware of so far are:
    <= li>Lots of explicit null pointer checks are generated. The reason is that t= he output is meant to be entirely portable, so Jacek doesn't want to re= ly on platform specific stuff like signals or SEH. Simplest solution is jus= t to disable npc() generation entirely because normal C++ libraries just se= gfault if a null pointer gets in the wrong place, they don't throw exce= ptions. Losing the Java behaviour would not be a downgrade for people used = to C++.

  • Array accesses don't seem to be properly bounds-checked. T= hat's a part of the Java security model - bitcoinj is written on the as= sumption that buffer and heap overflows aren't possible because they= 9;re caught by the runtime. If those checks go missing then it'd likely= become possible to hack your program by exploiting buffer overflows. So th= at needs to be fixed.

  • Generated code doesn't use the STL of course, it can't= because the Java library has more features than the STL. However as the wa= y j2c works is you transpile your code alongside a copy of the (open source= ) Java class library, you can go in and modify the generated code for java:= :lang::String or java::util::List and so on to add helper methods for conve= rting to various other forms. On Linux you'd have implicit c'tors t= o go back and forth between std::string, on MacOS X you'd have conversi= ons for NSString, you could add code for QStrings or raw C strings too. Onc= e the code has been generated you can extend or patch it to make the API mo= re convenient.

  • Obviously, the resulting code requires the Boehm GC because th= ere are no explicit delete calls anywhere. This is a safety feature though,= it avoids use-after-free and double-free bugs that can create security hol= es.

  • The code generator doesn't do dependency tracing, so you e= nd up with generated code that isn't used anywhere. It's up to the = linker to do a dead code elimination pass. Otherwise the resulting binaries= can be huge.

--047d7b33d26a38f0a504e19d8134--