From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,af0c6ea85f3ed92d X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Received: by 10.68.136.40 with SMTP id px8mr15995888pbb.1.1329781142561; Mon, 20 Feb 2012 15:39:02 -0800 (PST) Path: wr5ni49166pbc.0!nntp.google.com!news1.google.com!news2.google.com!border1.nntp.dca.giganews.com!nntp.giganews.com!nx02.iad01.newshosting.com!newshosting.com!news-out.readnews.com!transit3.readnews.com!panix!newsfeed-00.mathworks.com!nntp.TheWorld.com!not-for-mail From: Robert A Duff Newsgroups: comp.lang.ada Subject: Re: Arbitrary Sandbox Date: Mon, 20 Feb 2012 18:39:01 -0500 Organization: The World Public Access UNIX, Brookline, MA Message-ID: References: NNTP-Posting-Host: shell01.theworld.com Mime-Version: 1.0 X-Trace: pcls6.std.com 1329781142 11153 192.74.137.71 (20 Feb 2012 23:39:02 GMT) X-Complaints-To: abuse@TheWorld.com NNTP-Posting-Date: Mon, 20 Feb 2012 23:39:02 +0000 (UTC) User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix) Cancel-Lock: sha1:7YIA5YPujLdZBb7uUpTw1PWt/50= Content-Type: text/plain; charset=us-ascii Date: 2012-02-20T18:39:01-05:00 List-Id: tmoran@acm.org writes: >> I've never used a Burroughs machine, but it seems to me that a design >> that requires compilers to run in a privileged mode is just wrong. >> A goal is to avoid having too much code in privileged mode, and >> compilers are complicated beasts. > > There was no "privileged mode" or "user mode". Files on disk had > various security privileges, and one possibility was "this is a code > file" while another possibility was "this is a compiler and it's > allowed to create a file with 'code file' security". OK, thanks for the clarification -- as I said, I never used one of those machines. But I think it amounts to more-or-less the same thing -- a design that requires compilers to have special privileges is a bad idea, whether you call that a "mode" or a "per-file privilege attribute" or whatever. >... I imagine the Burroughs compiler writers lived under the > same situation, except that they could work in the daytime on their > own "development" machine. The ones I was talking about _shared_ a machine. So rebooting it disrupted the entire project, not just one programmer. >...I suspect that's the way compiler writers > work today, each with his own (rebootable) development machine I'm a compiler writer, and yes, I have my own rebootable development machine. But compiler bugs don't require rebooting. Operating system kernel bugs do, but that's inevitable, and it's a good reason to keep the kernel small. > Most OS changes did not causes crashes, just undesirable behavior. > Most compiler bugs don't cause machine crashes, just program errors. > Since the B5500 had segments with descriptors and hardware checked > indexing, a bad program would more likely generate a fault ("exception") > than crash the whole system. OK. > BTW, the only real problem we had with bad user programs was one grad > student who had heard about "virtual memory" and wrote his program to use > large arrays. Unfortunately he accessed them column-wise, while they were > stored row-wise, so his program swapped horribly. In 1970 it would have > taken a very smart compiler indeed to prevent that problem. That problem still exists. I've seen cases recently, on both windows and linux, where a rogue program swapped horribly, and put the system in a state where it won't listen to the keyboard or mouse, so I can't kill the program. It seems to me it's possible to design an OS that wouldn't do that. > We've spent the last half-century making computers faster, with modest, > or sometimes negative, progress on preventing or catching software bugs, > so the number of executed bugs/second must be orders of magnitude larger. Certainly true. There are also a lot more car wrecks nowadays than there were 100 years ago. ;-) - Bob