From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Thread: 103376,af0c6ea85f3ed92d
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.74.201 with SMTP id w9mr11294425pbv.0.1329641107424;
        Sun, 19 Feb 2012 00:45:07 -0800 (PST)
Path: 
 wr5ni42933pbc.0!nntp.google.com!news1.google.com!goblin1!goblin2!goblin.stu.neva.ru!aioe.org!.POSTED!not-for-mail
From: "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de>
Newsgroups: comp.lang.ada
Subject: Re: Arbitrary Sandbox
Date: Sun, 19 Feb 2012 09:45:05 +0100
Organization: cbb software GmbH
Message-ID: <18o3vqsl9uy2$.a3m68cg8ysro.dlg@40tude.net>
References: <bfeb9869-9323-4ad5-bdf8-af20593734ef@q8g2000pbb.googlegroups.com>
 <2aaee0a4-e820-4a75-bbaf-d9d09c366d2c@f5g2000yqm.googlegroups.com>
 <4da4bf75-e6c9-4c17-9072-ab6f533ed93f@vd8g2000pbc.googlegroups.com>
 <jh7739$9os$1@munin.nbi.dk>
 <203d63cf-42a9-49ef-82cd-943d77b5e438@c21g2000yqi.googlegroups.com>
 <jhh6qr$9av$1@munin.nbi.dk>
 <e10bf38c-3c48-4fa4-bb0a-e61211aee90d@f30g2000yqh.googlegroups.com>
 <193cr8xol0ysi.14p4cp2yxnb0r$.dlg@40tude.net>
 <op.v9veuwe6ule2fv@douda-yannick>
 <1jleu301thnd3$.s23priwn3ajb$.dlg@40tude.net>
 <wccobswc6ob.fsf@shell01.TheWorld.com>
Reply-To: mailbox@dmitry-kazakov.de
NNTP-Posting-Host: k6bLfp+V8ocDmE4Za47Puw.user.speranza.aioe.org
Mime-Version: 1.0
X-Complaints-To: abuse@aioe.org
User-Agent: 40tude_Dialog/2.0.15.1
X-Notice: Filtered by postfilter v. 0.8.2
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Date: 2012-02-19T09:45:05+01:00
List-Id: <comp.lang.ada>

On Sat, 18 Feb 2012 13:55:48 -0500, Robert A Duff wrote:

> "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> writes:
> 
>> I wonder what kind of architecture could require a safe implementation of
>> Ada, e.g. when private parts of packages and protected objects would be
>> mapped onto the memory physically inaccessible from public contexts.
> 
> The kind of architecture that is overly complicated
> and grossly inefficient.  Imagine a private type with
> discriminants.  The discriminant of each object is visible
> to clients; other components are not.  Or imagine a private
> extension of a (visible) record extension.  What about the
> fact that some portion (not all) of a child package has
> visibility on the private part (but not the body) of the
> parent package?
> 
> Why do work at run time that can be done at compile time?

Because it cannot (in presence of Unchecked_Conversion and similar stuff). 

> Implementing things in hardware doesn't magically make
> them free.

It makes them incomputable. In a secure environment you wanted certain 
things to become incomputable for non-trusted clients, e.g. reading user 
passwords.

> Putting high-level support for higher-level languages in hardware
> has been tried a number of times, and it's always been a bad idea.

Maybe so. But this is a different case, because memory protection and 
segmentation support is already there. Why no high-level language uses it?

-- 
Regards,
Dmitry A. Kazakov
http://www.dmitry-kazakov.de