Caveats when writing Tier 3 (WristOS) apps

Even if you are Lua guru, there are some pitfalls when developing Tier 3 apps.

Don't Modify the Messages

It's very dangerous to modify a message after it has been sent. After all, messages are just ordinary Lua tables and you can easily make a mistake and modify the message before it reaches the receiver which results in extremely hard to find bugs. You should always create the messages in the instant they are to be sent and refrain from storing and modifying them.

Don't do this:

local msg = {type = "temperature", city = "Prague", celsius = 27}
dynawa.message.send (msg) --This is bad
msg.city = "Budapest" --This is very bad!
dynawa.message.send (msg)

Do this:

dynawa.message.send {type = "temperature", city = "Prague", celsius = 27}
dynawa.message.send {type = "temperature", city = "Budapest", celsius = 27}

There is No Security

WristOS is inherently insecure system. Any app, written by anyone, can access and manipulate any structures in memory or on SD card. If your app stores or manipulates sensitive data, you must make sure you can trust other apps installed on your hardware.

Pseudo-Sandboxing

Don't use global variables in the typical Lua sense. If you write "mydata = something" instead of "local mydata = something" by mistake and someone else makes the same mistake in his app, that's a recipe for disaster!

To prevent this, there is a simple protection built in WristOS which raises an error if you try to assign to a new variable without using the "local" keyword. That means most of task variables should be local and visible only to their respective task.

For values that should be accessible to all tasks of single app, you should use the predefined Lua table called "my.globals". For all tasks of the same app, this refers to the same table.

If you absolutely, positively, have to create a global variable called "var", you can do it by writing "_G.val = something". But you must be absolutely sure no other app ever wants to create the same variable.

Use Only the WristOS API functions for WristOS Apps

Because of the inherent Lua insecurity and because WristOS itself was developedcreated as a Tier 2 application, your WristOS apps can easily access and call all functions defined in main.bin boot image's Dynawa Lua API. In many cases, you shouldn't do that! For example, although your app could directly call dynawa.bitmap.display() function, you should always do the actual display updates using the "display_bitmap" messages provided by WristOS. As a general rule: If you can accomplish similar result using either Dynawa library Tier 2 functions or WristOS (Tier 3) messages, always use WristOS messages!
Comments