[cap-talk] Memory Safety
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Wed Aug 6 17:19:11 CDT 2008
[I agree with Mark's main points; this is just quibbling about a detail.]
Mark Miller wrote:
> I say "memory unsafe" rather than "type unsafe" above because the latter
> phrase should include any violation of the type system even if it doesn't
> allow violation of memory safety. For example, AFAIK, Haskell is memory
> safe. But Haskell is type-unsafe by virtue of the unconditional availability
> of unsafePerformIO.
I believe that also makes Haskell memory-unsafe (for the particular case of
unsafePerformIO, not because there is no distinction). From
<http://www.haskell.org/ghc/docs/latest/html/libraries/base/System-IO-Unsafe.html#v:unsafePerformIO>:
# test :: IORef [a]
# test = unsafePerformIO $ newIORef []
#
# main = do
# writeIORef test [42]
# bang <- readIORef test
# print (bang :: [Char])
#
# This program will core dump.
The core dump is due to a violation of memory safety: the program can
be modified to coerce any arbitrary value (42 in the example) to any
arbitrary type ([Char] in the example). This is not limited to a core
dump; it's fairly easily exploitable to do more imaginative things,
given an understanding of the Haskell implementation's memory layouts.
--
David-Sarah Hopwood
More information about the cap-talk
mailing list