[cap-talk] cap-talk Digest, Vol 66, Issue 45
Leo Meyerovich
lmeyerov at eecs.berkeley.edu
Sat Sep 26 18:08:20 PDT 2009
Memory safety is a property; managed code is when we use a particular
mechanism for achieving it.
For an alternative mechanism, memory safety can be statically verified
with region types. No runtime checks would be necessary.
There are a lot of was to achieve it. Singularity's ownership types and
protocols, region types, dependent types, process isolation, binary
translation, etc. There's a variety of reasons for picking different
ones: the program domain, verification needs, performance vs.
expressiveness constraints, and granularity of safety, etc. all impact
where you should look. Finally, process isolation with a VM-per-process
has historically been the way to go (and often another VM underneath it
all). The research community, security nuts, and performance nuts hate
generally this architecture, but there have been proven QoS, hardening,
robustness, separation of concerns, etc. benefits.
- Leo
[[sorry for not responding to the individual message; I get the list as
a digest and haven't figured out individual responses yet]]
More information about the cap-talk
mailing list