Tunes
Francois-Rene Rideau
rideau@nef.ens.fr
Thu, 5 Dec 1996 14:28:50 +0100 (MET)
[Notes:
* To Mr. Hamdani:
I'm forwarding this reply to the Tunes mailing list.
* To Tunes project members:
if I'm missing something, saying anything wrong,
misrepresenting the goal of the project,
as you see it is, or as you see it should be,
please do correct me.
]
> Dear Sir,
> After reading you examples, I still do not get the
> main concept (Perhaps the example is too complex).
> Do you have short, small example and explain
> the main advantage of Tunes?
> Please use plain english, not technical term.
> Best regards
> (Hamdani)
> PS: I have degree in CS.
Well, perhaps the draft document for my WhyNewOS article
contains more ideas.
Let me try to sum up the main ideas.
I feel my explanations are not as simple as they should,
but I find no other way...
The main focus of Tunes is semantic-based reflection.
* semantic-based means that the system will only do operations
that preserve the *meaning* of objects, rather than their representation.
For instance, people trying to optimize programs are prone to
introducing bugs, all the more when optimizing for parallel architectures,
where things become ununderstandable.
If the development tools were guaranteed to preserve the meaning
during program transformations, developers would write the
program specification once and for all, and later optimize
the programs while being sure that everything's safe.
Newer programming techniques (better GCs, distribution of objects,
dynamic partial evaluation, etc) could all be safely experimented.
Such guarantees are given in the form of logical (mathematical) proofs,
that the system can check, and that can be required by objects.
You don't have to rely on informal specifications checked by humans
with lots of red tape (or simply unchecked):
see the $10^9 worth crash of the Ariane V spacecraft recently,
due to a software bug that formal proof checking would have pin-pointed.
* Reflection means that you can dynamically manipulate objects
that manipulate other objects, and modify the system.
It means that you can dynamically optimize your programs,
adapt the system to your needs, define new implementation strategies
and proof tactics, create sublanguages for specific uses, etc.
It means the same language can be extended
so as to efficiently do everything one wants,
which allows you not to have hundreds of crippled
application-specific languages
that can't communicate with each other.
Yet this Reflection being semantic-based,
you are guaranteed that all such manipulations are safe,
that people using different extensions won't be stopped or fooled
by *syntactical* clashes between the extensions,
but can safely interchange meaningful data.
Reflection is also the only way that
the proof system itself be proven correct, etc,
with the set of axioms (that we know can never be empty) decreasing,
rather than increasing.
Ultimately, the whole of the system will
have been proven correct with respect to a small list of axioms
that can be trusted for being small enough and having been
thoroughly tested by all the hackers in the world,
this proof system kernel being widely used free software.
Note that because a software system can't be more reliable
than the underlying OS implementation, TUNES will eventually
have to be a full OS: there's no point in having proven-correct software,
if that software is to run on top of buggy Windows95.
Also note that using minimal simple MISC hardware
will allow to feasibly prove the hardware correct
with respect to the physical model,
whereas CISC hardware requires you to trust bloated designs,
where you never know if there ain't a hidden bug (see pentium bugs).
Tunes also promotes
* orthogonal persistence
[i.e. the user doesn't have to care
about explicitly saving/restoring data files and session state anymore,
while the programmer is relieved from
explicitly browsing file systems and checking file formats],
* consistent distribution of objects
[you don't have to manually manage stale links as with the WWW,
or adequacy of several versions of a "same" software product],
* fine-grained programming
[you don't have to rewrite the whole of Word
to support your national language,
or re-buy all of a business administration tool
to support the new tax computation method and declaration form],
* decoupled user interface
[the interface is produced separately from the actual algorithms,
so that it is fairly trivial to replace a Graphical UI
by a Voice UI (for the blind or for screenless portable computers),
or a tactile UI (for the blind),
or eye-blinking UI (for paralyzed persons,
or silent interface in a submarine),
or a network interface (for remote users), etc].
All in all, this makes you
the master of the computer rather than its slave,
and frees you from the status of hostage of your current
software supplier as is the case currently
[I know lots of people in various business who are bound
to stay with the same lame software,
because they can't upgrade it,
and they can't change to another, incompatible, supplier]
The philosophical idea is that computers are a way to exchange
and manipulate information;
and information basically has two aspects: Liberty, and Security.
Security is being able to to know what you have,
and be sure that you won't be suddenly deprived from it,
so you can build upon it. It is being sure that contracts
that were agreed upon will be fulfilled.
Liberty is being able, in the limit of previously agreed contracts,
to do what you want, to be able to devise new contracts with exactly
what you want inside, and never be forced to sign more than you would.
Systems that don't allow you to express the contract you want,
by not letting you write what you like and agree with whom you like
(in the limits defined by former contracts) are stupid unfree systems.
Systems that do allow you to express the contract you want,
but have no way to enforce it, or have "exception" clauses
that at times will void your rights, are ineffective unsecure systems.
Systems that enforce contracts that you don't want,
or add clauses that you object to are fascist unfree systems.
Well, Tunes tries to be a free, secure system:
people define arbitrary object specifications (contracts),
thanks to a maximally expressive language;
as guarantees to these contracts, proofs are given
that will be checked by the system.
Of course, if a proof was not given to you,
you can always run the program by explicitly admitting part of the proof.
But then you will have knowingly taken a risk,
and chosen to lessen your security;
at no time may the system do that silently in your back.
YOU control what you have, you know what you are given,
and are free to refuse a contract without sufficient warrantee.
I hope I have been understandable.
Tell me if anything wasn't clear.
I'd really not like my ideas to be ignored
just because I can't explain them well enough...
== Fare' -- rideau@ens.fr -- Franc,ois-Rene' Rideau -- DDa(.ng-Vu~ Ba^n ==
Join the TUNES project for a computing system based on computing freedom !
TUNES is a Useful, Not Expedient System
URL: "http://www.eleves.ens.fr:8080/home/rideau/Tunes/"