|
| 1 | +--- |
| 2 | +RFC: 0005 |
| 3 | +Author: Joey Fish |
| 4 | +Status: Draft |
| 5 | +Version: 1.0 |
| 6 | +Area: Implementing typed IPC. |
| 7 | +--- |
| 8 | + |
| 9 | +# Typed Interprocess communication |
| 10 | + |
| 11 | +Currently PowerShell does not have an efficient means of IPC, as the architecture [of unstructured/semi-structured text-based systems] itself forces extraneous computation, making long-chains highly inneffient and often error-prone. |
| 12 | + |
| 13 | +## Motivation |
| 14 | + |
| 15 | +As we know from prior experience languages like PHP the usage of text as an interface is inherently error-prone (which is often a key in security-vulnerabilities), even moreso when the implementation of the producer are not available to the consumer thus forcing an *ad hock* reverse-engineered solution. |
| 16 | + |
| 17 | +A solution to this problem could be achieved through the use of a “typed stream” rather than untyped text. Another consideration is if the data passes through several processes/transforms and has to be serialized/deserialized [from text] a lot of unnecessary processing is being forced into the process — while this may be negligible in many cases it definitely adds up when dealing with large amounts of data and/or long chains of processes where the deserialize/serialize must be used. |
| 18 | + |
| 19 | +Note: A more complete motivation is outlined in the blog-post “[Architecture Design Facilitating a Command-line Interface](http://edward.fish/index.php/2016/04/23/architecture-design-facilitating-a-command-line-interface/)”, this is merely the IPC portion. |
| 20 | + |
| 21 | +## Specification |
| 22 | + |
| 23 | +This RFC proposes the following: |
| 24 | + |
| 25 | +0. The 'Text' of a command-line input be separated out from processing/data. |
| 26 | + * This will likely require some modification to how parameters and switches are handled. |
| 27 | + * This ensures that, from the commandlet-side, the actual data is not intermixed w/ switches. |
| 28 | + * The actual separation of data and switches/parameters will be in a forthcoming RFC. (RFC-0006) |
| 29 | +0. The underlying type-system be extensible, so that types in one program can be used in another w/o having a common/shared source-file. |
| 30 | + * The system could use ASN.1 — Microsoft already has an OID: [1.2.840.113556](http://oid-info.com/get/1.2.840.113556) |
| 31 | + * I would recommend adding a 5TH subtree: Types (5) |
| 32 | + * Under which the following subtrees would reside: |
| 33 | + 0. CLR — Tree containing the base-types of the CLR, could have subtrees for various .NET languages. |
| 34 | + 0. Operating System — Tree containing OS-types. (E.G. HWnd.) |
| 35 | + 0. Interface — Tree containing types for various external systems. |
| 36 | + * e.g. a type for TCP-connections or other items which are commonly implemented as Integers but not technically integers; or things like “Little-endian, 16-bit value, unsigned” and “Little-endian, 16-bit value, signed”. |
| 37 | + 0. User — Defined for user-added types. |
| 38 | + * This could also be [or contain] an “undefined” tree where anything below is system-dependant. While that would defeat the much of the usage of the OID-system, it would allow a sort of “type-registry” for the user’s system. (Not recommended, but a possibility nonetheless.) |
| 39 | +0. The system should provide for efficient transmission and be reliable (complete serialize/deserialize roundtrip). |
| 40 | + * ASN.1 has the advantage that proper, unambiguous message-passing (in our case typed information) is efficient. |
| 41 | +0. The system should provide for error-checked values. |
| 42 | + * Error-checked values can have intermediate error-checking optimized away. |
| 43 | + * E.G. Given functions A, B, C, and D that take a single Positive parameter and return a Positive result, A(B(C(D( x )))) only needs to check that x is in Positive. (Assuming that none of them raise an exception.) |
| 44 | + * ASN.1 type-definitions can be easily error-checked via constraints. |
| 45 | + * If a general type-registry (e.g. using the OID arcs as outlined above) is used, constraints could be included either explicitly or implicitly (e.g. Interface.Big-endian.32-bit.signed). |
| 46 | + * Microsoft's R & D have had very good results from formal-methods (see “[Safe to the Last Instruction: Automated Verification of a Type-Safe Operating System](https://www.microsoft.com/en-us/research/publication/safe-to-the-last-instruction-automated-verification-of-a-type-safe-operating-system/)”), which use a more generalized view [that of considering properties] to ensure correctness. |
| 47 | + |
| 48 | +## Alternate Proposals and Considerations |
| 49 | + |
| 50 | +Invariably someone will suggest something like JSON as a solution to this problem; there are, however, serious issues with using JSON: |
| 51 | + |
| 52 | +0. JSON does not provide a means to check/enforce constraints, meaning that all clients will have to manually implement the check. |
| 53 | +0. JSON does not provide a means to check/enforce a structure, meaning that all clients will have to manually implement the check. |
| 54 | +0. Because of #2 JSON is unsuitable for transmitting records ("structs"), because of #1 JSON is unsuitable for transmitting objects (essentially stateful records). |
| 55 | +0. Because of #3 JSON is unsuitable for seralizing/deserializing complex/compound types such as are used in .NET. |
| 56 | + |
| 57 | +Viable alternitives would include: |
| 58 | + |
| 59 | +* The Wulf, Lamb, Nestor [Interface Description Language](http://repository.cmu.edu/compsci/2412/); see also [Snodgrass’s book](https://www.amazon.com/Interface-Description-Language-Definition-Principles/dp/0716781980) ISBN 0716781980. |
| 60 | + * Possibly w/ updated syntax to be more in-line with Ada-2012/SPARK-2014; see example #1 below. |
| 61 | +* IBM's [SOM](https://en.wikipedia.org/wiki/IBM_System_Object_Model) |
| 62 | +* COM/DCOM — This is not recommended, but there already exists an OID tree for [UUIDs](http://www.oid-info.com/get/2.25). |
| 63 | + |
| 64 | +Altering the underlying architecture for IPC is a big change, and likely to break compatibility; however the benefits of the change – efficiency of transmitting values, ensuring that values are correct, and increased reliability – are quite desirable in a system. |
| 65 | + |
| 66 | +-------- |
| 67 | + |
| 68 | +Example 1: |
| 69 | + |
| 70 | + Type Id_String is new String; |
| 71 | + |
| 72 | + -- SSN format: ###-##-#### |
| 73 | + Subtype Social_Security_Number is ID_String(1..11) |
| 74 | + with Dynamic_Predicate => |
| 75 | + (for all Index in Social_Security_Number'Range => |
| 76 | + (case Index is |
| 77 | + when 4|7 => Social_Security_Number(Index) = '-', |
| 78 | + when others => Social_Security_Number(Index) in '0'..'9' |
| 79 | + ) |
| 80 | + ); |
| 81 | + |
| 82 | + -- EIN format: ##-####### |
| 83 | + Subtype EIN is ID_String(1..10) |
| 84 | + with Dynamic_Predicate => |
| 85 | + (for all Index in EIN'Range => |
| 86 | + (case Index is |
| 87 | + when 3 => EIN(Index) = '-', |
| 88 | + when others => EIN(Index) in '0'..'9' |
| 89 | + ) |
| 90 | + ); |
| 91 | + |
| 92 | + -- Tax_ID: A string guarenteed to be an SSN or EIN. |
| 93 | + -- SSN (###-##-####) |
| 94 | + -- EIN (##-#######) |
| 95 | + Subtype Tax_ID is ID_String |
| 96 | + with Dynamic_Predicate => |
| 97 | + (Tax_ID in Social_Security_Number) or |
| 98 | + (Tax_ID in EIN); |
| 99 | + |
0 commit comments