[squeak-dev] FFI considered harmless (was: Loading FFI is broken)

Bert Freudenberg bert at freudenbergs.de
Tue Nov 19 20:00:29 UTC 2013


On 19.11.2013, at 12:35, Eliot Miranda <eliot.miranda at gmail.com> wrote:

> Hi All,
> 
>     this is an important discussion that is taking a religious tone that we should strive to avoid.

Let's call it philosophical, "religious" is just flame bait.

>  There are good arguments for plugins, namely security and encapsulation.  There are good arguments for an FFI, namely extensibility and platform compatibility.

Agreed.

> [... nice explanation snipped ...]

> A number of straw men have been raised against the FFI in this discussion.

No-one has been arguing against FFI in general. We agree an FFI is useful, and a more powerful FFI is better. We just (appear to) disagree on how widely it should be used.

> Bert asks "Suppose we add a new VM platform, like a VM running on JavaScript in the browser. Do you really want to re-implement all the C libraries utilized via FFI? Or rather a handful of primitives in your language of choice?".  First it is not clear that one *can* implement these primitives taking either approach.  If the platform, e.g. JavaScript in a browser, takes the Squeak plugin approach of preventing access to the platform except through a restricted set of facilities, then certain functionality will simply be off-limits, whether one has an FFI or not.  Second, reimplementing all the C libraries isn't obligatory.  If the platform provides an FFI one simply mates to its FFI and accesses the underlying libraries.  If it doesn't then that functionality is off-limits, but that doesn't mean the rest of the system doesn't work.

That's where we disagree. If basic functions in the system depend on FFI, and FFI is not available, then the system *does not work* at all. E.g., there are efforts in other Squeak forks to replace fundamental parts of the system (which currently rely on VM primitives) with FFI calls. That's what I am wary of.

One of the fundamental services of a virtual machine is providing a safe and complete environment for the system to function in. Plugins enrich that environment. But FFI pokes holes into that safe environment, reaching out of the virtual world into the "real" world. 

Indeed sometimes that is exactly what you need, namely to better interact with the specific host system you are running on. I'm simply saying that we need to clearly separate this from the base system, which should be as independent of the actual host platform as possible.

- Bert -



More information about the Squeak-dev mailing list