[cap-talk] C vs. Safety

Valerio Bellizzomi devbox at selnet.org
Thu Aug 7 15:29:40 CDT 2008 

On 07/08/2008, at 18.44, Baldur Johannsson wrote:

>>> Hmm... isnt static safety as unsolvable as the famous halting problem?
>>> That is the question: does program p ever do anything unsafe?
>>
>> It is certainly NOT as unsolvable as the halting problem.
>>
>You are correct.
>If we imagine the possible controlflow of an program as an graph then
>clearly programs that have indeterminable loops (example: while (true)
>{ doSomething(); })
>are cyclic graphs while programs that dont have such loop are acyclic
>graphs.
>But that is whole another oiltanker of worms.

The while (true) guarantees that the loop runs forever, it is not
indeterminable, we know that it is an infinite loop.



>
>>> and what exactly is safety in this context, please?
>>
>> Thanks. By safety, here, I mean "type safety", and therefore "memory
>> reference safety".
>>
>as far as I understand typing is that it is mostly about typing of
datums.
>What is datum typing about most generally?
>I would say which operations on datums of certain type are allowed and
>other
>constrictions.
>
>Unforgable memory reference is nothing more, in my eyes, than an type of
>datum, an pointer (which is nothing more than an virtual memory address),
> that cant be converted from other types of datums, especially literal
>datums.
>
>>
>> There are many safety properties that cannot be statically checked.
Type
>> safety *can* be statically checked for a suitably designed language.
>>
>> Safety is different from security, but safety is generally a
>> precondition to security in any language-based security scheme,
>>  because language-based security tends to rest on the type system,
>I agree with that.
>>  which in turn guards the integrity of the virtual machine.
>> A program that can violate the type system can compromise the
>> virtual machine, and can therefore  violate any other safety property
>> we might care to name.
>>
>Depends if the virtual machine runs the program directly on the same
>substrate
>as itself runs or if it runs the program by interpreting each
>instruction of the program.
>
>The latter can be done on any hardware but its cost is many vm
>instructions per each
>program instruction so the former is preferred due to speed.
>
>-Baldur
>ps. if this message doesnt make any sense then I must apologize as it
>was very late when
>I wrote it. So dont hesitate ask for clarifications.
>_______________________________________________
>cap-talk mailing list
>cap-talk at mail.eros-os.org
>http://www.eros-os.org/mailman/listinfo/cap-talk

More information about the cap-talk mailing list