[Aleph One: This is a little historical aside on the issue of bounds checking] On Sat, 18 Jul 1998 00:51:55 +0000 Niall Smart <rotelat_private> wrote: > There are at least 3 ways to solve the problem of buffer overflows: > > 1) Use a language which doesn't involve manipulation of buffers at > the language level, e.g. Java. > > 2) Use a compiler which will generate code such that it will > never overflow a buffer, e.g. one of the Ada/Modula/Pascal > compilers, or the hypothetical bounds checking C compiler. > > 3) Write programs which will never overflow their buffers. > I will add another: 4) Use hardware that supports bounds checking. OK This isn't an option for most of us since most HW architectures that we are currently stuck with don't implement bounds checking. Going back a few years (mid 70's) we had a Burroughs B6700 which had a stack based architechure and used a segmentent memory model. Each array or string was allocated its own segment and was accessed through a descriptor which held base address and bounds information. There was a hardware index instruction which retrieved the data and performed the bounds check potentially in parallel. (There were also hardware string copy and compare operators). In those days FORTRAN ruled and we often had visiting staff trying to run their programs on the B6700 only to have is spit it out with an "INVALID INDEX" message. The usual response was "What's wrong with your computer, this program is in use by 100s of people all over the world and I have been using it for x years without problems". The more things change the more they stay the same. I have very fond memories of the B6700, it was by far the best machine I ever worked on. Cheers, Russell.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:47 PDT