[Vm-dev] Re: SegmentationFault in with OmniBrowser

Philippe Marschall philippe.marschall at gmail.com
Tue May 22 18:21:06 UTC 2007 

2007/5/22, John M McIntosh <johnmci at smalltalkconsulting.com>:
>
> Well a CPU is a bytecode reader in a sense too. When I was working on
> a 68K assembler interface for Ian's squeak compiler I was surprised
> to see
> many instructions could be created that were not covered in the op
> code manual. Also I recall in the days of VirtualPC that team
> discovered certain
> i386 machine sequences which would effectively crash the microcode,
> anyone recall what that "bug" was.  Certainly I remember patchs being
> loaded on
> my linux box to prevent the problem from happening, once it had been
> leaked to the internet.
>
>
> Lastly if this verify is so perfect, why the Java exploits I read
> about from time to time?

Sandbox violations. I think they have been around since Java exists. I
think most update releases fix one of them and you only hear about
them once they are fixed. I don't know if .Net is any better in this
area.

Cheers
Philippe

> On May 22, 2007, at 11:03 AM, tim Rowledge wrote:
>
> >
> > On 22-May-07, at 10:56 AM, Philippe Marschall wrote:
> >
> >
> >>
> >> Java has a bytecode verifyer to prevent these problems with zero
> >> runtime cost (if you don't count class loading). Squeak could have
> >> the
> >> same.
> > Absolutely irrelevant to the problem in question. Smalltalk has a
> > 'bytecode verifier' too - it's called the compiler. It too makes
> > sure the bytecodes are suitable as it 'loads' them.
> >
> > The problem is that if some *other* tool is generating bytecodes it
> > can make 'bad' ones that will stomp over other objects. Just as in
> > java you could etc etc. At least, I assume java could have a tool
> > to generate bytecodes and run them? I wouldn't really know, never
> > having had anything to do with it.
> >
> >
> > tim
> > --
> > tim Rowledge; tim at rowledge.org; http://www.rowledge.org/tim
> > Gotta run, the cat's caught in the printer.
> >
> >
>
> --
> ========================================================================
> ===
> John M. McIntosh <johnmci at smalltalkconsulting.com>
> Corporate Smalltalk Consulting Ltd.  http://www.smalltalkconsulting.com
> ========================================================================
> ===
>
>
>

More information about the Vm-dev mailing list