Not logged in
Log in now
Create an account
Subscribe to LWN
Pencil, Pencil, and Pencil
Dividing the Linux desktop
LWN.net Weekly Edition for June 13, 2013
A report from pgCon 2013
Little things that matter in language design
22.214.171.124 Release notes
Posted Feb 23, 2010 0:27 UTC (Tue) by nix (subscriber, #2304)
What we really need is a better language. The surface for most of these
holes (null pointer dereference, integer and buffer overflow holes, at
least) could be reduced to that tiny subset of the kernel implemented in
assembler. Wire something like the pi calculus into the language and even
races would be automatically detectable. (Obviously we can't eliminate all
DoS attacks, ever, even with formally proven perfect hardware and an ideal
language. That class of holes will always be with us.)
But for better or worse Linux is written in C, dammit, so these holes will
keep on coming. Until we find a way to avoid all mistakes I don't see a
way to stop them, though sparse and friends can at least slow them down, a
bit. Blaming people for introducing holes when writing in a language like
this is like blaming people for tripping when walking backwards,
blindfolded, over rocky ground, in a blizzard, during an earthquake.
Posted Feb 23, 2010 6:36 UTC (Tue) by error27 (subscriber, #8346)
Posted Feb 23, 2010 21:55 UTC (Tue) by nix (subscriber, #2304)
So, yes, I was being excessively depressing.
Process calculus... will not eliminate bugs
Posted Feb 24, 2010 3:28 UTC (Wed) by dps (subscriber, #5725)
You could, of course, follow my PhD thesis and prove a general result about a class of systems and limit yourself to that class of system. You can even write frameworks which make it almost impossible to do anything else. (I could say more but wont.)
Unfortunately whatever you do there is the problem of arguing that the kernel code corresponds to the process calculus or has the things your general proof required.
99.98% of the time concurrency just adds locking and context switches and therefore reduces system performance. The best approach the other 0.02% of the time is a more difficult question.
Posted Feb 24, 2010 8:30 UTC (Wed) by nix (subscriber, #2304)
Unfortunately whatever you do there is the problem of arguing that the
kernel code corresponds to the process calculus or has the things your
general proof required.
I was musing on the theoretical bound when I should have been thinking
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds