From: Robert A Duff <bobduff@shell01.TheWorld.com>
Subject: Re: Arbitrary Sandbox
Date: Mon, 20 Feb 2012 18:39:01 -0500
Date: 2012-02-20T18:39:01-05:00 [thread overview]
Message-ID: <wccr4xpnkh6.fsf@shell01.TheWorld.com> (raw)
In-Reply-To: jhpgr1$ord$1@speranza.aioe.org
tmoran@acm.org writes:
>> I've never used a Burroughs machine, but it seems to me that a design
>> that requires compilers to run in a privileged mode is just wrong.
>> A goal is to avoid having too much code in privileged mode, and
>> compilers are complicated beasts.
>
> There was no "privileged mode" or "user mode". Files on disk had
> various security privileges, and one possibility was "this is a code
> file" while another possibility was "this is a compiler and it's
> allowed to create a file with 'code file' security".
OK, thanks for the clarification -- as I said, I never used one of
those machines. But I think it amounts to more-or-less the same thing
-- a design that requires compilers to have special privileges
is a bad idea, whether you call that a "mode" or a "per-file privilege
attribute" or whatever.
>... I imagine the Burroughs compiler writers lived under the
> same situation, except that they could work in the daytime on their
> own "development" machine.
The ones I was talking about _shared_ a machine. So rebooting it
disrupted the entire project, not just one programmer.
>...I suspect that's the way compiler writers
> work today, each with his own (rebootable) development machine
I'm a compiler writer, and yes, I have my own rebootable development
machine. But compiler bugs don't require rebooting. Operating system
kernel bugs do, but that's inevitable, and it's a good reason to
keep the kernel small.
> Most OS changes did not causes crashes, just undesirable behavior.
> Most compiler bugs don't cause machine crashes, just program errors.
> Since the B5500 had segments with descriptors and hardware checked
> indexing, a bad program would more likely generate a fault ("exception")
> than crash the whole system.
OK.
> BTW, the only real problem we had with bad user programs was one grad
> student who had heard about "virtual memory" and wrote his program to use
> large arrays. Unfortunately he accessed them column-wise, while they were
> stored row-wise, so his program swapped horribly. In 1970 it would have
> taken a very smart compiler indeed to prevent that problem.
That problem still exists. I've seen cases recently, on both windows
and linux, where a rogue program swapped horribly, and put the system
in a state where it won't listen to the keyboard or mouse, so I can't
kill the program. It seems to me it's possible to design an OS that
wouldn't do that.
> We've spent the last half-century making computers faster, with modest,
> or sometimes negative, progress on preventing or catching software bugs,
> so the number of executed bugs/second must be orders of magnitude larger.
Certainly true. There are also a lot more car wrecks nowadays than
there were 100 years ago. ;-)
- Bob
next prev parent reply other threads:[~2012-02-20 23:39 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-09 23:47 Arbitrary Sandbox Rob Shea
2012-02-10 0:10 ` Rob Shea
2012-02-10 2:01 ` Tez
2012-02-10 2:21 ` Rob Shea
2012-02-10 2:47 ` Tez
2012-02-10 4:11 ` Shark8
2012-02-13 2:23 ` BrianG
2012-02-10 4:17 ` tmoran
2012-02-10 4:41 ` Rob Shea
2012-02-10 6:15 ` Jeffrey Carter
2012-02-10 6:18 ` Rob Shea
2012-02-10 19:39 ` Jeffrey Carter
2012-02-10 6:19 ` Thomas Løcke
2012-02-10 9:32 ` Rob Shea
2012-02-10 10:09 ` Thomas Løcke
2012-02-10 11:39 ` Ludovic Brenta
2012-02-10 12:05 ` Brian Drummond
2012-02-11 10:32 ` Maciej Sobczak
2012-02-11 11:39 ` Dmitry A. Kazakov
2012-02-11 21:15 ` Maciej Sobczak
2012-02-11 21:38 ` Dmitry A. Kazakov
2012-02-11 23:05 ` Rob Shea
2012-02-13 2:10 ` Tez
2012-02-13 9:08 ` Yannick Duchêne (Hibou57)
2012-02-13 16:28 ` Pascal Obry
2012-02-10 9:47 ` Georg Bauhaus
2012-02-10 11:45 ` Erich
2012-02-10 11:48 ` Ludovic Brenta
2012-02-11 6:11 ` Rob Shea
2012-02-12 2:10 ` Randy Brukardt
2012-02-12 8:40 ` björn lundin
2012-02-14 0:26 ` Shark8
2012-02-15 21:07 ` Randy Brukardt
2012-02-15 22:10 ` Yannick Duchêne (Hibou57)
2012-02-18 4:47 ` Shark8
2012-02-18 8:26 ` Dmitry A. Kazakov
2012-02-18 10:45 ` Yannick Duchêne (Hibou57)
2012-02-18 11:31 ` Dmitry A. Kazakov
2012-02-18 11:58 ` Niklas Holsti
2012-02-18 12:57 ` Yannick Duchêne (Hibou57)
2012-02-18 18:55 ` Robert A Duff
2012-02-18 19:24 ` Niklas Holsti
2012-02-18 20:06 ` tmoran
2012-02-18 21:53 ` Niklas Holsti
2012-02-18 22:58 ` Robert A Duff
2012-02-19 0:47 ` tmoran
2012-02-20 23:39 ` Robert A Duff [this message]
2012-02-21 3:29 ` tmoran
2012-02-21 17:17 ` tmoran
2012-02-21 21:03 ` Robert A Duff
2012-03-06 0:52 ` Randy Brukardt
2012-02-20 22:52 ` Adam Beneschan
2012-02-18 23:03 ` BrianG
2012-02-19 8:45 ` Dmitry A. Kazakov
2012-02-20 23:27 ` Robert A Duff
2012-02-21 8:36 ` Dmitry A. Kazakov
2012-02-21 9:59 ` Simon Wright
2012-02-21 10:59 ` Dmitry A. Kazakov
2012-02-21 17:25 ` Robert A Duff
2012-02-21 18:53 ` Dmitry A. Kazakov
2012-02-21 21:19 ` Robert A Duff
2012-02-22 8:24 ` Dmitry A. Kazakov
2012-02-21 21:25 ` Yannick Duchêne (Hibou57)
2012-02-22 8:26 ` Dmitry A. Kazakov
2012-02-21 8:47 ` Georg Bauhaus
2012-02-21 16:58 ` Robert A Duff
2012-03-06 1:06 ` Randy Brukardt
2012-03-07 5:43 ` Yannick Duchêne (Hibou57)
2012-03-07 13:05 ` Robert A Duff
2012-03-07 19:32 ` tmoran
2012-03-07 20:24 ` Dmitry A. Kazakov
2012-03-08 0:50 ` Robert A Duff
2012-03-08 1:50 ` tmoran
2012-03-08 11:01 ` Brian Drummond
2012-03-08 1:01 ` Shark8
2012-03-08 1:33 ` Randy Brukardt
2012-02-20 20:52 ` Tero Koskinen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox