From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 X-Received: by 10.182.186.73 with SMTP id fi9mr3130837obc.48.1384383092350; Wed, 13 Nov 2013 14:51:32 -0800 (PST) X-Received: by 10.50.171.169 with SMTP id av9mr562194igc.11.1384383092191; Wed, 13 Nov 2013 14:51:32 -0800 (PST) Path: border1.nntp.dca3.giganews.com!backlog3.nntp.dca3.giganews.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!i2no24424612qav.0!news-out.google.com!9ni26651qaf.0!nntp.google.com!i2no24424601qav.0!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Wed, 13 Nov 2013 14:51:31 -0800 (PST) In-Reply-To: <7f8741ff-7585-487e-89bd-f941847df21e@googlegroups.com> Complaints-To: groups-abuse@google.com Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=97.117.192.41; posting-account=x5rpZwoAAABMN2XPwcebPWPkebpwQNJG NNTP-Posting-Host: 97.117.192.41 References: <61b58fde-2542-485a-a5e8-c7041ad822bd@googlegroups.com> <7f8741ff-7585-487e-89bd-f941847df21e@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: Subject: Re: ANN: PLplot plotting library with Ada bindings From: Jerry Injection-Date: Wed, 13 Nov 2013 22:51:32 +0000 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Original-Bytes: 5709 Xref: number.nntp.dca.giganews.com comp.lang.ada:183868 Date: 2013-11-13T14:51:31-08:00 List-Id: On Tuesday, November 12, 2013 8:27:37 AM UTC-7, Graham Stark wrote: > Hi Jerry, >=20 > That looks really interesting. >=20 > I'm looking for a plotter routine that could be used safely inside the AW= S web server, so I can implement a 'callback' chart server (currently I hav= e one written in Java).=20 >=20 > Could this be used for that? Some simple tests suggest to me that it isn'= t thread safe. The Initialize_PLplot and associated procedures to set file= names, etc, seem to set global variables somewhere. Is there some trick I'm= missing? >=20 > It does make lovely looking charts. >=20 >=20 >=20 > thanks very much for this. >=20 > Graham Hi Graham, Thanks for your interest in PLplot. I don't know how to answer your questio= n about thread safety so I put it to the PLplot developmenet list. There ar= e two responses so far, from Alan and Hezekiah. Jerry =3D=3D=3D=3D Alan =3D=3D=3D=3D To answer the question at hand, I am virtually positive PLplot is not threa= d safe, but you should wait for Andrew's response for the definitive view o= n that, especially the question of what would need to be done to make PLplo= t thread safe and ideally a plan for getting there. Just as important as thread safety in my option is security. If I were a we= bserver designer interested in safe plotting, then it is important to ackno= wledge that plotting software by its very nature is inherently insecure; th= e problem is that plotting software has lots of different user input channe= ls (titles, text annotations, legends, colorbars, etc.,) that could be the = source of potential buffer overflows or other intrusion possibilities. We d= o make some concious decisions for PLplot development to avoid obvious secu= rity issues, but at the same time security is not our primary interest and = certainly not a fundamentally important area of expertise for us. And I am = sure that is the case for developers of other plotting software as well; we= are all primarily interested in making pretty pictures ("lovely looking ch= arts") rather than designing secure software. :-) So for any plot software including PLplot, the web designer should filter d= own the possible user input channels as much as possible (ideally no user-c= ontrolled input text allowed at all). After that, a full security audit (on= ly possible with open-source plotting software such as PLplot) should be do= ne of what is left to target by a malicious user after such filtering. And = we would certainly be happy to accept patches that were the result of any s= uch audit. =3D=3D=3D=3D=3D=3D=3D=3D Hezekiah =3D=3D=3D=3D=3D=3D=3D=3D PLplot is not thread safe. While you can use PLplot in a threaded program, = only one thread per process may interact with PLplot at a given time. This = limitation holds even if you are working with multiple plot streams in a si= ngle process. Regarding Alan's follow-up - while it is possible to make PLplot thread-saf= e, the changes required are invasive and pervasive. They are all good chang= es to make! But there is a lot to be done and the result is a completely ba= ckwards-incompatible API. The three big pieces required are: a) All PLplot functions will need to explicitly operate on a given plstream= value representing the affected plot stream. This requires adding an addit= ional stream argument to all PLplot functions and removing any global state= from plot streams.=20 b) Remove all of the globals used through the PLplot code base in the actua= l plotting logic. One example is the contour/shading routines which use sev= eral global variables to track their state.=20 c) Confirm/ensure that each of our output devices can be and are used in a = thread-safe manner. Each of these big pieces is made up of several smaller chunks. (a) is where= the API breakage would come in. It is also likely the simplest (simple bei= ng relative here!) to complete. (b) could be pretty hairy as the logic in t= he contouring routines in particular is tricky to translate to something wh= ich doesn't use globals. (c) should be attainable for at least the Cairo, Q= t and built-in output drivers (SVG, PS, null). I would be happy to help in = putting together a plan for this work. Unfortunately my PLplot time is very= limited these days so it's unlikely I'll be able to provide much developme= nt assistance.