From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,af0c6ea85f3ed92d
X-Google-NewGroupId: yes
X-Google-Attributes: gida07f3367d7,domainid0,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Received: by 10.68.213.68 with SMTP id nq4mr10420140pbc.2.1329605903455;
        Sat, 18 Feb 2012 14:58:23 -0800 (PST)
Path: 
 wr5ni41333pbc.0!nntp.google.com!news1.google.com!news2.google.com!news.glorb.com!solaris.cc.vt.edu!news.vt.edu!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: Arbitrary Sandbox
Date: Sat, 18 Feb 2012 17:58:22 -0500
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wccehtru4tt.fsf@shell01.TheWorld.com>
References: <9qac7gFk0nU1@mid.individual.net> <jhp0bh$fpn$1@speranza.aioe.org>
 <9qakv8Fn6oU1@mid.individual.net>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
X-Trace: pcls6.std.com 1329605903 3228 192.74.137.71 (18 Feb 2012 22:58:23
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Sat, 18 Feb 2012 22:58:23 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:Hb3gE3AoZfHWnoJpzClgSSzdRuk=
Content-Type: text/plain; charset=us-ascii
Date: 2012-02-18T17:58:22-05:00
List-Id: <comp.lang.ada>

Niklas Holsti <niklas.holsti@tidorum.invalid> writes:

> Right. I did not mean to be critical of Burroughs; it is one example of
> dividing checks between SW and HW.

I've never used a Burroughs machine, but it seems to me that a design
that requires compilers to run in a privileged mode is just wrong.
A goal is to avoid having too much code in privileged mode, and
compilers are complicated beasts.

I talked to some folks who wrote a compiler (I don't remember which
language, might have been Ada) for one of those machines, and they said
it was a nightmare, because when there's a bug, instead of the compiler
crashing, or the compiler-generated program crashing, the entire system
would crash.  This was a multi-user system, so one minor mistake by one
member of the compiler team disrupts the work of the whole team.

> Yes. The ideal is that all illegalities are detected at some level. But
> today, in Ada and other languages, we have cases of erroneous execution,
> undefined behaviour, and so on, that are not detected at all, and simply
> lead to wrong results or weird crashes. I wish that hardware could
> detect more of them.

I wish software would detect more of them.  ;-)

- Bob