[7346] in bugtraq
Re: Bounds checking - historical aside
daemon@ATHENA.MIT.EDU (Gleb Ralka)
Wed Jul 22 14:38:29 1998
Date: Tue, 21 Jul 1998 15:12:27 -0400
Reply-To: Gleb Ralka <icrash@ACORNWORLD.NET>
From: Gleb Ralka <icrash@ACORNWORLD.NET>
To: BUGTRAQ@NETSPACE.ORG
Russell Fulton wrote:
> [Aleph One: This is a little historical aside on the issue of bounds
> checking]
>
> On Sat, 18 Jul 1998 00:51:55 +0000 Niall Smart <rotel@indigo.ie> wrote:
>
> > There are at least 3 ways to solve the problem of buffer overflows:
> >
> > 1) Use a language which doesn't involve manipulation of buffers at
> > the language level, e.g. Java.
> >
> > 2) Use a compiler which will generate code such that it will
> > never overflow a buffer, e.g. one of the Ada/Modula/Pascal
> > compilers, or the hypothetical bounds checking C compiler.
> >
> > 3) Write programs which will never overflow their buffers.
> >
>
> I will add another:
>
> 4) Use hardware that supports bounds checking.
>
> OK This isn't an option for most of us since most HW architectures that
> we are currently stuck with don't implement bounds checking. Going back
> a few years (mid 70's) we had a Burroughs B6700 which had a stack based
> architechure and used a segmentent memory model. Each array or string
> was allocated its own segment and was accessed through a descriptor
> which held base address and bounds information. There was a hardware
> index instruction which retrieved the data and performed the bounds
> check potentially in parallel. (There were also hardware string copy
> and compare operators).
>
> In those days FORTRAN ruled and we often had visiting staff trying to
> run their programs on the B6700 only to have is spit it out with an
> "INVALID INDEX" message. The usual response was "What's wrong with
> your computer, this program is in use by 100s of people all over the
> world and I have been using it for x years without problems".
>
> The more things change the more they stay the same.
>
> I have very fond memories of the B6700, it was by far the best machine
> I ever worked on.
>
> Cheers, Russell.
I cant completely agree. X86 family implements bound assembly instruction
just for this.
Gleb Ralka
icrash@acornworld.net
