0

In the class diagram below you can see my current approach of the plugin/extension system. I want to offer the extensions an API for general/global things. But the exposed API should comprise just a subset of the actual functions of the referenced object. My first thought was to use an interface. The problem with that is that an evil plugin could downcast the interface to the internal class and mess things up. (Should I even care?) The second thought was to use the proxy pattern. Currently I use both of them. Which is not really necessary, I guess. But having binary compatbility in mind how can I reduce complexity here?

enter image description here

ManuelSchneid3r
  • 15,850
  • 12
  • 65
  • 103
  • BTW, what program did you use to make the UML? – Paolo M Sep 18 '15 at 12:20
  • Is this for an open-source project, or for a closed-source, binary-only project, where plugins are distributed in binary form only? If the latter, then an "evil plugin" needs to do some serious reverse-engineering to be able to downcast the object pointers you pass to the plugin. If it's an open-source project, there's really not much you can do about it. :) – Some programmer dude Sep 18 '15 at 12:21
  • @PaoloM UMLet. This is open source. – ManuelSchneid3r Sep 18 '15 at 12:25
  • 3
    Evil code that is running in same memory space with your code can do whatever, there are no protection against it in C++. Using unneeded proxies (from what evil code can still get pointers to real objects) just complicates your design and makes it more fragile that way. – Öö Tiib Sep 18 '15 at 12:46

2 Answers2

2

If you want plugins that can not somehow corrupt your program then you have to make those plugins as separate processes. Then plugins are running in separate memory space and communicate with your application over pipe or socket.

Öö Tiib
  • 10,809
  • 25
  • 44
1

Should I even care?

No. C++'s features are there to help you write correct software, not to protect you from malicious developers. It's not the language's job to do that. Your APIs should be designed for correctness, comprehensiveness and ease of use.

having binary compatbility in mind how can I reduce complexity here?

Create API classes that don't inherit from anything. Look at the Leap Motion C++ API for inspiration how to do it correctly.

Kuba hasn't forgotten Monica
  • 95,931
  • 16
  • 151
  • 313