From: Niklas Holsti <niklas.holsti@tidorum.invalid>
Subject: Re: Arbitrary Sandbox
Date: Sat, 18 Feb 2012 23:53:44 +0200
Date: 2012-02-18T23:53:44+02:00 [thread overview]
Message-ID: <9qakv8Fn6oU1@mid.individual.net> (raw)
In-Reply-To: <jhp0bh$fpn$1@speranza.aioe.org>
On 12-02-18 22:06 , tmoran@acm.org wrote:
>> I seem to remember that the Burroughs mainframe computers had rather
>> poor hardware-level protections. A buggy or malicious compiler could
>> generate code that had harmful effects that were not restricted to the
>> user running the code, if I remember correctly. A consequence was that
>> an ordinary user was not allowed to create a compiler; special
>> privileges were required to label a program as a "compiler" and thus let
>> it generate executable code.
>
> The Burroughs philosophy was to design hardware and software together,
> which included doing different kinds of checks in different, appropriate,
> places.
Right. I did not mean to be critical of Burroughs; it is one example of
dividing checks between SW and HW. Current systems have a different
division, which is better in some respects -- illegal code has limited
effects, so anyone can develop and experiment with compilers -- but
worse in other respects, such as less checks on pointer arithmetic.
> Bad code could be prevented by a correct compiler, so an
> arbitrary generator of bit streams couldn't call its output "executable
> code". Indexing out of range couldn't be prevented by a compiler, so it
> was checked at run time by hardware. And so forth.
Yes. The ideal is that all illegalities are detected at some level. But
today, in Ada and other languages, we have cases of erroneous execution,
undefined behaviour, and so on, that are not detected at all, and simply
lead to wrong results or weird crashes. I wish that hardware could
detect more of them.
> In five years supporting a B5500 at U of Wisconsin, I never saw a core
> dump caused by a compiler generating bad code. (Unfortunately, Burroughs
> added to their Algol "stream procedures" which were unchecked string
> operations - those were the source of most problems.)
No disagreement from me. I liked the Burroughs systems at the U of
Helsinki, and I don't remember hearing of any problems. (I was an
ordinary and minor user, not a sysadmin.)
But perhaps there would have been more problems if I and other students
in the compiler-implementation course had been allowed to run our
experimental compilers as real compilers, not just as MIXAL generators :-)
--
Niklas Holsti
Tidorum Ltd
niklas holsti tidorum fi
. @ .
next prev parent reply other threads:[~2012-02-18 21:53 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti [this message]
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran
2012-02-20 23:39 ` Robert A Duff
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox