This page is no longer maintained — Please continue to the home page at www.scala-lang.org

Re: Scala for Robocode

3 replies
Naftoli Gugenheim
Joined: 2008-12-17,
User offline. Last seen 42 years 45 weeks ago.

It does use reflection, at least in 2.7.x. I think also in 2.8 but less.

-------------------------------------
Pavel Šavara wrote:

Hello Scala people,

I'm developer of Robocode engine (programming contest game, used
mostly by students to learn Java). We would like to make Robocode
multilingual and Scala seems to be good match.
I'm looking for portion of help from Scala community or expert
enthusiast ;-) Let me briefly describe where we are, what we have and
what is the problem.

Status:
- In past 2 years we refactored robocode engine and made it extensible
with plugins.
- we are few days to release beta of .NET plugin, which allows robots
in CLR fight agains robots in JVM. Long story, see
http://zamboch.blogspot.com/2010/01/robocode-net-alpha-bits.html
- we have Scala plugin prototype here, the boring stuff is mostly done.
https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/plu...
- our users regularly ask for scala support
https://sourceforge.net/tracker/?func=detail&aid=2823587&group_id=37202&...
http://groups.google.com/group/robocode-developers/browse_thread/thread/...
- we have as well prototype of javascript with rhino. similar
problems. we are keen support more languages.

Johannes Rudolph
Joined: 2008-12-17,
User offline. Last seen 29 weeks 20 hours ago.
Re: Scala for Robocode

Scala code is compiled to normal class-files. The scala library is
then just another library. Scala has no native parts, so AFAIK Scala
would inherit all the security constraints from the library it is
build upon (i.e. the JRE).

As Naftoli told you, Scala uses reflection sometimes to implement
structural subtyping. As a user of Scala you can get around reflection
by avoiding structural types which doesn't constrain you too much. I'm
not sure how much structural types are used in Scala's library itself.

I don't know Robocode but I guess you could make use of Scala Actors.
Though, I'm not sure if there are particular security/reflection
concerns re the Actors library.

Johannes

On Mon, Feb 8, 2010 at 12:27 AM, Naftoli Gugenheim wrote:
> It does use reflection, at least in 2.7.x. I think also in 2.8 but less.
>
> -------------------------------------
> Pavel Šavara wrote:
>
> Hello Scala people,
>
> I'm developer of Robocode engine (programming contest game, used
> mostly by students to learn Java). We would like to make Robocode
> multilingual and Scala seems to be good match.
> I'm looking for portion of help from Scala community or expert
> enthusiast ;-) Let me briefly describe where we are, what we have and
> what is the problem.
>
> Status:
> - In past 2 years we refactored robocode engine and made it extensible
> with plugins.
> - we are few days to release beta of .NET plugin, which allows robots
> in CLR fight agains robots in JVM. Long story, see
>  http://zamboch.blogspot.com/2010/01/robocode-net-alpha-bits.html
> - we have Scala plugin prototype here, the boring stuff is mostly done.
>  https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/plugins/scala/
> - our users regularly ask for scala support
>  https://sourceforge.net/tracker/?func=detail&aid=2823587&group_id=37202&atid=419489
>  http://groups.google.com/group/robocode-developers/browse_thread/thread/351485511ccc6457#
> - we have as well prototype of javascript with rhino. similar
> problems. we are keen support more languages.
>

dcsobral
Joined: 2009-04-23,
User offline. Last seen 38 weeks 5 days ago.
Re: Scala for Robocode
Structural subtyping may appear in unexpected places. For instance:
implicit def intToHex(n: Int) = new { def toHex = "%x" format n }
If one were to call "toHex" on an Int, then, it would use reflection. However, the following doesn't use reflection:
class ToHex(n: Int) {  def toHex = "%x" format n}implicit def intToHex(n: Int) = new ToHex(n)
So the reflection thing may be tricky at times.

On Mon, Feb 8, 2010 at 5:05 AM, Johannes Rudolph <johannes [dot] rudolph [at] googlemail [dot] com> wrote:
Scala code is compiled to normal class-files. The scala library is
then just another library. Scala has no native parts, so AFAIK Scala
would inherit all the security constraints from the library it is
build upon (i.e. the JRE).

As Naftoli told you, Scala uses reflection sometimes to implement
structural subtyping. As a user of Scala you can get around reflection
by avoiding structural types which doesn't constrain you too much. I'm
not sure how much structural types are used in Scala's library itself.

I don't know Robocode but I guess you could make use of Scala Actors.
Though, I'm not sure if there are particular security/reflection
concerns re the Actors library.

Johannes

On Mon, Feb 8, 2010 at 12:27 AM, Naftoli Gugenheim <naftoligug [at] gmail [dot] com> wrote:
> It does use reflection, at least in 2.7.x. I think also in 2.8 but less.
>
> -------------------------------------
> Pavel Šavara<pavel [dot] savara [at] gmail [dot] com> wrote:
>
> Hello Scala people,
>
> I'm developer of Robocode engine (programming contest game, used
> mostly by students to learn Java). We would like to make Robocode
> multilingual and Scala seems to be good match.
> I'm looking for portion of help from Scala community or expert
> enthusiast ;-) Let me briefly describe where we are, what we have and
> what is the problem.
>
> Status:
> - In past 2 years we refactored robocode engine and made it extensible
> with plugins.
> - we are few days to release beta of .NET plugin, which allows robots
> in CLR fight agains robots in JVM. Long story, see
>  http://zamboch.blogspot.com/2010/01/robocode-net-alpha-bits.html
> - we have Scala plugin prototype here, the boring stuff is mostly done.
>  https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/plugins/scala/
> - our users regularly ask for scala support
>  https://sourceforge.net/tracker/?func=detail&aid=2823587&group_id=37202&atid=419489
>  http://groups.google.com/group/robocode-developers/browse_thread/thread/351485511ccc6457#
> - we have as well prototype of javascript with rhino. similar
> problems. we are keen support more languages.
>
> --- Security (mandatory problem) ---
> Because users are creative programmers, they may try to win battle
> different ways. As well robots are downloaded from online database
> where anyone could upload one. So gap in security may lead to security
> hole into users computer. Robots written in Java are running in
> restricted sandbox. Almost everything is prohibited [network, GUI,
> disk (limitted), threads (limitted), classloaders and reflection]. The
> sandbox is similar to browser applet. We use SecurityManager, custom
> ClassLoader per robot, etc ...
> https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/robocode.host/src/main/java/net/sf/robocode/host/security/
>
> There are two ways how to host Scala runtime in Robocode:
> 1) load it together with robot inside of sandbox. Pretty safe for us,
> preferred solution. But I wonder if that will damage Scala runtime
> abilities somehow. Does runtime use reflection ? generates classes at
> runtime ? Use threads to do some internal cleanup ? Access to
> JVM/internals ? If the runtime consumes some of restricted resources,
> how which/how ?
>
> 2) use Scala runtime as trusted code, outside the box, security on
> same level as JDK or Robocode Robot API. Visibility to (malicious)
> robot. Are the Scala runtime APIs safe ? Do methods they have security
> guards ? Is there any security audit for Scala runtime ? Is there any
> safe mode ? Which classes/packages must be visible to robot/which are
> just private implementation ? Is there any singleton in Scala runtime,
> which could be abused to communicate between robots ? Any
> concurency/threadpool/messaging which could simulate threads ?
>
> ?3) Is it easy to enumerate and isolate the part which must run in
> trusted scope from the rest ? Specific packages? classes ?
>
> --- Scala-way (optional problem) ---
> We are not scala experts, so it's not easy for us to create proper
> sample robots, to show Scala features. As well, we could make our API
> friendlier for Scala robot, but because we don't know the needs, we
> can't offer improvements. This discussion make sense only if we have
> solution for security.
>
>
> Dear scala experts, your motivation :-D
>  - Robocode have big user base and it's used in schools to teach
> people programming, so this is opportunity to spread Scala
>  - I believe that the task is easy, for someone who knows scala well
>  - I'll buy you a beer if you come to Prague
>
> Thanks for any pointers or help
> Pavel
>



--
Johannes

-----------------------------------------------
Johannes Rudolph
http://virtual-void.net



--
Daniel C. Sobral

I travel to the future all the time.
Pavel Šavara
Joined: 2010-02-08,
User offline. Last seen 42 years 45 weeks ago.
Re: Scala for Robocode

Guys,

thanks for your thoughts. I duplicated the question at
http://stackoverflow.com/questions/2263010/security-of-scala-runtime
in case you are interested in credits for (more specific) answer.

Thanks
Pavel

On Mon, Feb 8, 2010 at 11:41 AM, Daniel Sobral wrote:
> Structural subtyping may appear in unexpected places. For instance:
> implicit def intToHex(n: Int) = new { def toHex = "%x" format n }
> If one were to call "toHex" on an Int, then, it would use reflection.
> However, the following doesn't use reflection:
> class ToHex(n: Int) {
>   def toHex = "%x" format n
> }
> implicit def intToHex(n: Int) = new ToHex(n)
> So the reflection thing may be tricky at times.
>
> On Mon, Feb 8, 2010 at 5:05 AM, Johannes Rudolph
> wrote:
>>
>> Scala code is compiled to normal class-files. The scala library is
>> then just another library. Scala has no native parts, so AFAIK Scala
>> would inherit all the security constraints from the library it is
>> build upon (i.e. the JRE).
>>
>> As Naftoli told you, Scala uses reflection sometimes to implement
>> structural subtyping. As a user of Scala you can get around reflection
>> by avoiding structural types which doesn't constrain you too much. I'm
>> not sure how much structural types are used in Scala's library itself.
>>
>> I don't know Robocode but I guess you could make use of Scala Actors.
>> Though, I'm not sure if there are particular security/reflection
>> concerns re the Actors library.
>>
>> Johannes
>>
>> On Mon, Feb 8, 2010 at 12:27 AM, Naftoli Gugenheim
>> wrote:
>> > It does use reflection, at least in 2.7.x. I think also in 2.8 but less.
>> >
>> > -------------------------------------
>> > Pavel Šavara wrote:
>> >
>> > Hello Scala people,
>> >
>> > I'm developer of Robocode engine (programming contest game, used
>> > mostly by students to learn Java). We would like to make Robocode
>> > multilingual and Scala seems to be good match.
>> > I'm looking for portion of help from Scala community or expert
>> > enthusiast ;-) Let me briefly describe where we are, what we have and
>> > what is the problem.
>> >
>> > Status:
>> > - In past 2 years we refactored robocode engine and made it extensible
>> > with plugins.
>> > - we are few days to release beta of .NET plugin, which allows robots
>> > in CLR fight agains robots in JVM. Long story, see
>> >  http://zamboch.blogspot.com/2010/01/robocode-net-alpha-bits.html
>> > - we have Scala plugin prototype here, the boring stuff is mostly done.
>> >
>> >  https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/plugins/scala/
>> > - our users regularly ask for scala support
>> >
>> >  https://sourceforge.net/tracker/?func=detail&aid=2823587&group_id=37202&atid=419489
>> >
>> >  http://groups.google.com/group/robocode-developers/browse_thread/thread/351485511ccc6457#
>> > - we have as well prototype of javascript with rhino. similar
>> > problems. we are keen support more languages.
>> >
>> > --- Security (mandatory problem) ---
>> > Because users are creative programmers, they may try to win battle
>> > different ways. As well robots are downloaded from online database
>> > where anyone could upload one. So gap in security may lead to security
>> > hole into users computer. Robots written in Java are running in
>> > restricted sandbox. Almost everything is prohibited [network, GUI,
>> > disk (limitted), threads (limitted), classloaders and reflection]. The
>> > sandbox is similar to browser applet. We use SecurityManager, custom
>> > ClassLoader per robot, etc ...
>> >
>> > https://robocode.svn.sourceforge.net/svnroot/robocode/robocode/trunk/rob...
>> >
>> > There are two ways how to host Scala runtime in Robocode:
>> > 1) load it together with robot inside of sandbox. Pretty safe for us,
>> > preferred solution. But I wonder if that will damage Scala runtime
>> > abilities somehow. Does runtime use reflection ? generates classes at
>> > runtime ? Use threads to do some internal cleanup ? Access to
>> > JVM/internals ? If the runtime consumes some of restricted resources,
>> > how which/how ?
>> >
>> > 2) use Scala runtime as trusted code, outside the box, security on
>> > same level as JDK or Robocode Robot API. Visibility to (malicious)
>> > robot. Are the Scala runtime APIs safe ? Do methods they have security
>> > guards ? Is there any security audit for Scala runtime ? Is there any
>> > safe mode ? Which classes/packages must be visible to robot/which are
>> > just private implementation ? Is there any singleton in Scala runtime,
>> > which could be abused to communicate between robots ? Any
>> > concurency/threadpool/messaging which could simulate threads ?
>> >
>> > ?3) Is it easy to enumerate and isolate the part which must run in
>> > trusted scope from the rest ? Specific packages? classes ?
>> >
>> > --- Scala-way (optional problem) ---
>> > We are not scala experts, so it's not easy for us to create proper
>> > sample robots, to show Scala features. As well, we could make our API
>> > friendlier for Scala robot, but because we don't know the needs, we
>> > can't offer improvements. This discussion make sense only if we have
>> > solution for security.
>> >
>> >
>> > Dear scala experts, your motivation :-D
>> >  - Robocode have big user base and it's used in schools to teach
>> > people programming, so this is opportunity to spread Scala
>> >  - I believe that the task is easy, for someone who knows scala well
>> >  - I'll buy you a beer if you come to Prague
>> >
>> > Thanks for any pointers or help
>> > Pavel
>> >
>>
>>
>>
>> --
>> Johannes
>>
>> -----------------------------------------------
>> Johannes Rudolph
>> http://virtual-void.net
>
>
>
> --
> Daniel C. Sobral
>
> I travel to the future all the time.
>

Copyright © 2012 École Polytechnique Fédérale de Lausanne (EPFL), Lausanne, Switzerland