OCaml Planet

## October 23, 2014

### OCamlCore Forge News

Earlier today, I was connected while the Forge was under heavy load. This has often been the case before most of the recent reboot. This time I was able to identify the process causing the problem and stop it early. Unfortunately, an intruder was able to exploit shellshock through gitweb.cgi. This means that the attacker was able to run a process on the server as www-data for a few hours. I have studied the script used and it is a IRC server in Perl. I think the main goal of the server was to attack other computers. I am not sure that any files were compromised. The script has been removed and my security tool (rkhunter) cannot find any other problems. I have upgraded the system to squeeze-lts to fix the shellshock CVE. The following script can test the files, that have been uploaded to the forge, against what is currently on the server (see the link). AFAIK, none of my tarball have been changed. Please check your files as well and contact me if you find any problems. Sorry for the inconvenience Sylvain Le Gall Use this command to run the script: $> ocaml download-test.ml */dist/*.tar.gz https://forge.ocamlcore.org/frs/download.php/1478/download-test.ml ### OCaml Platform #### OPAM 1.2.0 Released We are very proud to announce the availability of OPAM 1.2.0. ### Upgrade from 1.1 Simply follow the usual instructions, using your preferred method (package from your distribution, binary, source, etc.) as documented on the homepage. NOTE: There are small changes to the internal repository format (~/.opam). It will be transparently updated on first run, but in case you might want to go back and have anything precious there, you're advised to back it up. ### Usability Lot of work has been put into providing a cleaner interface, with helpful behaviour and messages in case of errors. The documentation pages also have been largely rewritten for consistency and clarity. ### New features This is just the top of the list: • A extended and versatile opam pin command. See the Simplified packaging workflow • More expressive queries, see for example opam source • New metadata fields, including source repositories, bug-trackers, and finer control of package behaviour • An opam lint command to check the quality of packages For more detail, see the announcement for the beta, the full changelog, and the bug-tracker. ### Package format The package format has been extended to the benefit of both packagers and users. The repository already accepts packages in the 1.2 format, and this won't affect 1.1 users as a rewrite is done on the server for compatibility with 1.1. If you are hosting a repository, you may be interested in these administration scripts to quickly take advantage of the new features or retain compatibility. ## October 22, 2014 ### Sylvain Le Gall #### Release of OASIS 0.4.5 On behalf of Jacques-Pascal Deplaix I am happy to announce the release of OASIS v0.4.5. OASIS is a tool to help OCaml developers to integrate configure, build and install systems in their projects. It should help to create standard entry points in the source code build system, allowing external tools to analyse projects easily. This tool is freely inspired by Cabal which is the same kind of tool for Haskell. You can find the new release here and the changelog here. More information about OASIS in general on the OASIS website. Here is a quick summary of the important changes: • Build and install annotation files. • Use builtin bin_annot and annot tags. • Tag .mly files on the same basis as .ml and .mli files (required by menhir). • Remove 'program' constraint from C-dependencies. Currently, when a library has C-sources and e.g. an executable depends on that library, then changing the C-sources and running '-build' does not yield a rebuild of the library. By adding these dependencies (rather removing the constraint), it seems to work fine. • Some bug fixes Features: • no_automatic_syntax (alpha): Disable the automatic inclusion of -syntax camlp4o for packages that matches the internal heuristic (if a dependency ends with a .syntax or is a well known syntax). • compiled_setup_ml (alpha): Fix a bug using multiple arguments to the configure script. This new version is a small release to catch up with all the fixes/pull requests present in the VCS that have not yet been published. This should made the life of my dear contributors easier -- thanks again for being patient. I would like to thanks again the contributor for this release: Christopher Zimmermann, Jerome Vouillon, Tomohiro Matsuyama and Christoph Höger. Their help is greatly appreciated. ## October 21, 2014 ### Caml Weekly News ## October 19, 2014 ### Shayne Fletcher #### Tail-recursion ### Tail-recursion Stack overflow refers to a condition in the execution of a computer program whereby the stack pointer exceeds the address space allocated for the stack. The usual result of "blowing the stack" is swift and brutal abnormal termination of the program. The amount of memory allocated by the operating system for a given program's stack is finite and generally little can be done by the programmer to influence the amount that will be made available. The best the programmer can really do is to use what's given wisely. We can get a sense of the limits of the stack in practical terms with a program like the following. let rec range s e = if s >= e then [] else s :: range (s + 1) elet rec loop i = let n = 2.0 ** (i |> float_of_int) |> int_of_float in try let _ = range 0 n in loop (i + 1) with | Stack_overflow -> Printf.printf "Stack overflow at i = %d, n = %d\n" i n let () = loop 0 range is a function that produces the half-open range$\left[s, e\right)$- the ordered sequence$\left\{s, s + 1, s + 2, \dots, e - 2, e - 1\right\}$. Note that range is defined in terms of itself, that is, it is a recursive function. The idea is to use it in an unbounded loop to build sequences of increasing lengths of powers of$2$:${2^0, 2^1, 2^2, \dots}$. We set it off and when we encounter stack overflow, terminate the program gracefully reporting on the power of$2$found to give rise to the condition. In my case I found that I was able to make$\approx 2^{19} = 524,288$recursive calls to range before the stack limit was breached. That's very limiting. For realistic programs, one would hope to be able to produce sequences of lengths much greater than that! What can be done? The answer lies in the definition of range and that thing called tail-recursion. Specifically, range is not tail-recursive. To be a tail-recursive function, the last thing the function needs do is to make a recursive call to itself. That's not the case for range as written as the recursive call to itself is the second to last thing it does before it returns (the last thing it does is to 'cons' a value onto the list returned by the recursive call). Why being tail-recursive is helpful is that tail-calls can be implemented by the compiler without requiring the addition of a new "stack frame" to the stack. Instead, the current frame can be replaced in setting up the tail-call being modified as necessary and effectively the recursive call is made to be a simple jump. This is called tail-call elimination and its effect is to allow tail-recursive functions to circumvent stack overflow conditions. Here's a new definition for range, this time implemented with tail-calls. let range s e = let rec aux acc s e = if s >= e then acc else aux (s :: acc) (s + 1) e in List.rev (aux [] s e) With this definition for range I find I can build sequences of length up to around$\approx 2^{26} = 67,108,864$elements long without any sign of stack overflow which is a huge improvement! At around this point though, my sequence building capabilities start to be limited by the amount of physical memory present on my PC but that's a different story entirely. ## October 17, 2014 ### Erik de Castro Lopo #### Haskell : A neat trick for GHCi Just found a really nice little hack that makes working in the GHC interactive REPL a little easier and more convenient. First of all, I added the following line to my ~/.ghci file.  :set -DGHC_INTERACTIVE  All that line does is define a GHC_INTERACTIVE pre-processor symbol. Then in a file that I want to load into the REPL, I need to add this to the top of the file:  {-# LANGUAGE CPP #-}  and then in the file I can do things like:  #ifdef GHC_INTERACTIVE import Data.Aeson.Encode.Pretty prettyPrint :: Value -> IO () prettyPrint = LBS.putStrLn . encodePretty #endif  In this particular case, I'm working with some relatively large chunks of JSON and its useful to be able to pretty print them when I'm the REPL, but I have no need for that function when I compile that module into my project. ## October 16, 2014 ### WODI #### OCaml 4.02.1 released Windows binary builds for OCaml 4.02.1 are now available. Download links for the 32-bit and 64-bit build can be found in the download section. You can upgrade from an existing installation of OCaml 4.02.0 with godi_upgrade  or from source code with: godi_update godi_perform -rebuild -newer  The OCaml 4.02.0 builds are not longer maintained. If you still want to continue to use the binary builds for this OCaml version (or revert back to it), you have to change the repository address at /opt/wodi(32|64)/etc/godi.conf from GODI_BINPKG_SERVER=http://dl.arirux.de/7/binaries${MINGW_WORDSIZE}/


to

## October 15, 2014

### OCamlCore Forge News

#### OCaml Forge maintenance

Recently the OCaml forge has required a lot of hardware reboots. The server is probably near end of life and I need to upgrade the whole infrastructure to a recent server. Rackspace Cloud, as part of their developer support program, is kindly providing a new host for the forge. You may encounter a few more problems in the coming weeks, due to this migration. Ping me if anything is utterly wrong (sylvain ... le-gall.net).