Hacker News new | past | comments | ask | show | jobs | submit login

What are your thoughts re: adding memory protection to C? (in other words: add a distinction between "pointer bytes" and "raw data bytes" and some rules regarding pointer assignment, arithmetic, and dereferencing that serve to treat the pointer bytes as protected memory of a "3rd space" that sits between kernel space and user space; thereby ensuring that a program can only obtain a pointer to either a stack location (with restrictions) or heap location that points to a byte in an allocated segment of memory?)



I've actually been building a teaching VM with these properties. You can't take the address of arbitrary values (so there's no distinction between lvalues and rvalues), there's no pointer arithmetic (instead you have type-safe primitives for record access and array indexing), all arrays (including strings) know their length and bounds-check accesses, and unions behave more like sum types, always knowing precisely what type they have stored. All these constraints ensure you can never convert a number to an address, or generate an address to an illegal value. More info about the goal and rationale: http://akkartik.name/post/mu; http://github.com/akkartik/mu.

I also recently found out about http://eigenstate.org/myrddin which seems more mature with very similar goals/aesthetics. I've been digging into it a fair bit.

Finally, on the extreme other end of the spectrum, there's Rust.


You should call this system "Java". <g>


Some compilers have options for separating call stack and function stack. So an under or overflow of a char buf[] can't corrupt return stack frame.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: