Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

What's really surprising is that arrays never made it to the instruction sets of CPUs where the bounds checking could have been done in hardware and be essentially free.


But they did, just not on the ones that cloned PDP-11 architecture.

Burroughs B5000, 1961

http://www.smecc.org/The%20Architecture%20%20of%20the%20Burr...

Nowadays sold by Unisys and known as ClearPath.

Just one example, there were other architectures with similar features.


The 80286 (and above) were segmented architectures where automatic bounds checking of each segment (which could hold an array, or code for that matter) was done invisibly in hardware. The segmented nature of the 80286 (or even the 8088, predecessor of the 80286, which had segments but no automatic checks) was ... not universally liked (mainly because of a 64K limit, but even when the 80386 upped that, not many systems took advantage of it).

The Intel 432 (developed in the very early 80s) had automatic bounds checking. The architecture as a whole failed because it was too complex, too slow, and too buggy to be viable.


x86 has the BOUND instruction that checks an index against a lower and upper bound and raises an exception on failure. It has been a very slow microcoded instruction for a long time,thus practically unused (which lead to a catch-22 as intel never saw fit to improve it). IIRC it was removed in AMD64.


Yes, but now C exploits are so widespread that they created the MPX instructions.

The problem being not everyone can use them, of course.

Also to give another example, SPARC V9 has something similar.

However even if processor support was widespread, it requires willingness to turn on those compiler switches.

Which is something that goes against the culture in the C community of performance at all costs.


Sure, I wasn't making any judgement on its utility.

BOUND would have been great for compiling any language with built-in bound checking (I wouldn't be surprised if it was made with pascal in mind, same ENTER with nesting level > 1).

MPX was specifically designed for the C family languages, but it has a fairly high cost, we will have to see whether it gets widespread.

Re culture, aren't there quite a bit of high profile projects that are compiled with hardening by default ? At least firefox comes to mind.


Yes, but Mozilla cares enough about security that they created Rust.

Also although C++ shares the same flaws as C, due to the compatibility, the overall culture is a bit different.

There are the C expats that basically use it as C with Classes, and there there are the Ada/Pascal/ML expats that take advantage of the type system and standard library to write safer code.

The problem with security is that most projects tend to have a mix of those cultures, and also there is no control over 3rd party binary libraries.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: