Russell Fulton wrote: > [Aleph One: This is a little historical aside on the issue of bounds > checking] > > On Sat, 18 Jul 1998 00:51:55 +0000 Niall Smart <rotelat_private> wrote: > > > There are at least 3 ways to solve the problem of buffer overflows: > > > > 1) Use a language which doesn't involve manipulation of buffers at > > the language level, e.g. Java. > > > > 2) Use a compiler which will generate code such that it will > > never overflow a buffer, e.g. one of the Ada/Modula/Pascal > > compilers, or the hypothetical bounds checking C compiler. > > > > 3) Write programs which will never overflow their buffers. > > > > I will add another: > > 4) Use hardware that supports bounds checking. > > OK This isn't an option for most of us since most HW architectures that > we are currently stuck with don't implement bounds checking. Going back > a few years (mid 70's) we had a Burroughs B6700 which had a stack based > architechure and used a segmentent memory model. Each array or string > was allocated its own segment and was accessed through a descriptor > which held base address and bounds information. There was a hardware > index instruction which retrieved the data and performed the bounds > check potentially in parallel. (There were also hardware string copy > and compare operators). > > In those days FORTRAN ruled and we often had visiting staff trying to > run their programs on the B6700 only to have is spit it out with an > "INVALID INDEX" message. The usual response was "What's wrong with > your computer, this program is in use by 100s of people all over the > world and I have been using it for x years without problems". > > The more things change the more they stay the same. > > I have very fond memories of the B6700, it was by far the best machine > I ever worked on. > > Cheers, Russell. I cant completely agree. X86 family implements bound assembly instruction just for this. Gleb Ralka icrashat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:07:02 PDT