From: tmoran@acm.org
Subject: Re: Arbitrary Sandbox
Date: Sun, 19 Feb 2012 00:47:29 +0000 (UTC)
Date: 2012-02-19T00:47:29+00:00 [thread overview]
Message-ID: <jhpgr1$ord$1@speranza.aioe.org> (raw)
In-Reply-To: wccehtru4tt.fsf@shell01.TheWorld.com
> I've never used a Burroughs machine, but it seems to me that a design
> that requires compilers to run in a privileged mode is just wrong.
> A goal is to avoid having too much code in privileged mode, and
> compilers are complicated beasts.
There was no "privileged mode" or "user mode". Files on disk had
various security privileges, and one possibility was "this is a code
file" while another possibility was "this is a compiler and it's
allowed to create a file with 'code file' security".
> I talked to some folks who wrote a compiler (I don't remember which
> language, might have been Ada) for one of those machines, and they said
> it was a nightmare, because when there's a bug, instead of the compiler
> crashing, or the compiler-generated program crashing, the entire system
> would crash. This was a multi-user system, so one minor mistake by one
> member of the compiler team disrupts the work of the whole team.
The B5500 came out in the early sixties. It was one of the first
designed for multiprogramming and time sharing. It still was capable of
"batch" operation, in which crashing the machine meant crashing your job,
which was the only one on the machine. When we tested new OS changes at
UW, we did it at night, after all the batch jobs were done and the
time-sharing users were gone. If an OS change caused a crash, we
rebooted. I imagine the Burroughs compiler writers lived under the
same situation, except that they could work in the daytime on their
own "development" machine. I suspect that's the way compiler writers
work today, each with his own (rebootable) development machine
Most OS changes did not causes crashes, just undesirable behavior.
Most compiler bugs don't cause machine crashes, just program errors.
Since the B5500 had segments with descriptors and hardware checked
indexing, a bad program would more likely generate a fault ("exception")
than crash the whole system.
BTW, the only real problem we had with bad user programs was one grad
student who had heard about "virtual memory" and wrote his program to use
large arrays. Unfortunately he accessed them column-wise, while they were
stored row-wise, so his program swapped horribly. In 1970 it would have
taken a very smart compiler indeed to prevent that problem.
We've spent the last half-century making computers faster, with modest,
or sometimes negative, progress on preventing or catching software bugs,
so the number of executed bugs/second must be orders of magnitude larger.
next prev parent reply other threads:[~2012-02-19 0:47 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran [this message]
2012-02-20 23:39 ` Robert A Duff
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox