Posts by fg_swe

Re: Oh IT Man

The modern Wild Weasel is the ECR Tornado and the EF18 GROWLER.

Apparently the USAF and RAF currently dont do this role, but this can change in a blink of an eye.

Oh IT Man

You think you know all when you know nothing.

In Viet Nam, russian made and operated SAMs were masterpieces of control and radio electronics then.

They blew something lin the order of 50% of US fighters and bombers out of the sky.

Read up on Wild Weasel if you want to know why they did not shoot 100% of US planes.

Re: Singularity OS

All of the WNT kernel had serious memory error exploits, including the TruType font subsystem they dragged into the kernel. Visit a "bad" website with poisoned fonts, have a kernel exploit !

Re: Unisys MCP Algol Heap Memory

Unisys implemented lots of software in Algol, including compilers. I fail to see how they could have done that without heap memory.

And I can imagine that they built heap memory management into the OS. Essentially you declare a pointer, dereference it and MCP will allocate the object/array "on the fly". MCP experts please correct me if I am wrong.

They can then run mark+sweep in the MCP system, just like the JVM does.

https://www.informit.com/articles/article.aspx?p=1671636&seqNum=3

Unisys is not bound to limit themselves to the official Algol standard.

Automotive and Aerospace Software Safety

I hasten to add that modern software engineering processes (ASPICE, V-Modell etc) have several lines of defense against software engineering errors. Auto drivers do not have to worry too much, neither do AIRBUS passengers or pilots.

First, there is thorough documentation, secondly thorough design steps. Thirdly, upwards the V, there is a cascade of Unit, Software and HIL Test batteries. Even if we did not use static checkers, these comprehensive test efforts would most likely find dangerous bugs.

AIRBUS likewise has a an almost perfect record in both JÄGER90 and commercial airplanes since A310 and later. Not a single loss of aircraft due to flight control software and hardware !

They have even more measures in place, including the use of SPARK Ada. Much better than C.

Re: Android runs better when covered in Rust

As long as the p........ improve practical computer science, we should applaud them ;-)

Yeah, Rambling

I currently write code for automotive software, some of which is ASIL-B. I worked on electric/electronic power steerings, which are up to ASIL-D. All in C plus static checkers such as PC Lint and PolySpace. Both tools typically find plenty of issues(index errors, integer under/overflows,...) in the code of experienced engineers. Maybe your car contains this code and your life depends on it.

Apple Swift was inspired by my language

http://sappeur.ddnss.de

Even though Apple made serious shortcuts on efficient Reference Counting (all Swift ARC is MT safe, which is both inefficient and enabling one type of error).

If you want to see some of my source code, please feel free to look here

http://gauss.ddnss.de

Re: But

A) In many cases (e.g. for loops), the index checking of a Rust, Java or Sappeur program could be turned into an O(1) operation.

B) I was referring to: obtaining a pointer into the middle of an array, then incrementing or decrementing w/o any sanity check of the runtime system or the compiler.

B2) I have seen plenty of that cr4p, because some people did not know STL and abused an MFC integer array to store pointers. Oh yeah, and void* pointers and lots of other obscenities.

C) Multicore CPUs are now standard, even in laptops of the $1000 range. In the datacenter, we have multithreading since 1998 or so. Even the world of auto now uses multicore MCUs for demanding things like video processing.

Unisys MCP Algol Heap Memory

From

https://en.wikipedia.org/wiki/Burroughs_large_systems_descriptors

"Also, low-level memory allocation system calls such as the malloc class of calls of C and Unix are not needed – arrays are automatically allocated as used. This saves the programmer the great burden of filling programs with the error-prone activity of memory management, which is crucial in mainframe applications."

They do not need "new" or "malloc", as the CPU+OS will handle dynamic memory allocation and freeing !

In other words, the whole idea of explicit memory allocation is not the only viable one.

Yeah

When you don't write totally memory-error free C++ code, you do Perfect Braking, correct ?

Also when two wheels are on ice and the other two on concrete, you operate each wheel's brake independently using four finger switches ?

Re: Static C++ Checkers

There are very few languages which model multithreading in the type system. Sappeur is one of the first to do so.

Re: Real World

The quick+dirty Huawei stuff is especially dangerous, because it is coded in C and C++.

I was responding to your claim that telephone software would be somehow more robust. Maybe that was a feature of the past.

From the Trenches

https://groups.google.com/g/comp.sys.unisys/c/5apvpaA2fZs

Burroughs Algol Mainframes

https://www.digm.com/UNITE/2019/2019-Origins-Burroughs-Algol.pdf

Definitely a much better concept than C+Unix and the IBM/360 world of untyped memory. But alas, cheaper often wins over better. At least initially.

Really ?

Please have a look at the Algol mainframes. They definitely have very interesting memory safety features.

https://www.theregister.com/2020/05/15/algol_60_at_60/

https://en.wikipedia.org/wiki/Burroughs_large_systems_descriptors

Real World

In the real world, engineering managers are in most cases not the best+brightest engineers. Rather, they know how to "herd cats". Social skills.

If "all other engineering managers" use C, they will do that too. Regardless of the consequences.

In other words, improvements of software security and safety will come from engineers+scientists, not managers.

Modern day telephone software apparently is quick+dirty stuff, which is why the phone network now has one-day-crashes per three years or so. A long time ago, they aimed for "5 minutes in 30 years". The days of ISDN.

https://www.softwaretestingnews.co.uk/21345-2-gchq-director-huaweis-engineering-very-shoddy/

But

Both have very similar memory safety issues:

A) unchecked array access

B) funny raw pointer stuff

B2) super funny pointer casting (e.g. int to pointer)

C) lots of problems from a lack of proper multithreading safety model in the type system

Algol "heap" keyword

Look it up. It is comparable to Java's new. Implementations would use a mark+sweep collector to reclaim the memory after use.

Dornier 31

I never said it was cheap. But it still has the best performance of all planes in its class. And also the best safety record. Only slavery is cheap.

FALSE

You bring up the "good software engineers don't produce memory errors" argument once more. In reality, even the most seasoned engineers then and now have Covid 3333(a.k.a. "flu"), a fight with their wife, trouble with a teenage kid or the like. Bang, memory error.

It has happened in ALL major systems from HP/UX kernel to VxWorks TCP/IP stack. In between, WNT, Linux kernel, Unix user land, Solaris make, g++, YOU NAME IT.

Singularity OS

Microsoft already had it running in the labs, but decided not to offer it as a product. It could have threatened their millions-of-lines-of-C++-code hairball WNT.

https://www.microsoft.com/en-us/research/project/singularity/?from=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fprojects%2Fsingularity

Unsafe Sections

Obviously, unsafe code sections should be

A) Minimized

B) Ideally only in low-level libraries (e.g. file access, sockets, specialized I/O such as reading an A/D converter)

C) Thoroughly reviewed by senior engineers

Engineering is never about 100% risk avoidance, but about minimizing and controlling risk. Those who want religious perfection should go into a monastery and better shut up for the rest of their (sorry) life.

Memory Safety and Crashing

Note that a deterministic crash, which stops the program and yields a debuggable core file is much more useful than the "undefined behavior" stuff you can get from the equivalent C++ program:

A) silent compromise by a cybernetic attacker. Reconnaissance of secret data, commandeering of the program and the attached system.

B) a "mysterious" crash much later, in a totally unrelated code module, because a bug in module A affected the memory of module F.

C) "mysterious" crashes in dozens of unrelated pieces of code due to one multithreading error destroying the heap basically at random

Memory Safety is NOT about perfection, but about Containing Bugs Where They Occur.

Static C++ Checkers

Are you sure these static checkers are as complete as the Rust or the Sappeur compiler ? For example, will they detect unsafe multithreading under all conditions ?

Most of these checkers are heuristic tools with lots of value, but definitely not as complete and strict as the compiler of a memory safe language.

Mr Stroustrup makes similar claims, but I still miss a description of how he intends to achieve similar safety with a C++ compiler and some static checker bandaids.

Male Cow Stuff

You claim that seasoned software engineers using C++ never had trouble with memory errors. Which could only mean that rookies worked on WNT, Linux Kernel, Unix kernels, Solaris make, Unix Userland tools, yacc and lots of other widely used programs. Because ALL of them had serious memory errors, which were often discovered decades after their creation.

Remember the HP/UX Ping of Death ?

Remember the exploitable memory errors in the TCP/IP stack of VxWorks ?

Remember how lots of memory errors were found in "well aged" Unix user land tools the first time they were executed under valgrind ?

Then you claim that "SoftICE" would be of help to detect memory errors. I cannot see how.

Conclusion: you have a nice life off C and C++ development and you don't want to learn anything new. So you blasted out some lies and half-truths.

Re: Lying Cheating

I assume this is good old F.U.D. propaganda, completely devoid of substance.

"50 Year Old"

We Swabians have a 50 year old aircraft in the museum, which is still better than anything else in this class:

https://www.youtube.com/watch?v=x3YueCf1JeI

Higher payload, higher speed, better range than the V22. Killed no-one, while the V22 killed more than 40 airmen(not due to enemy fire !).

Re: Algol Mainframes ?

Also See

https://retrocomputing.stackexchange.com/questions/7953/first-language-with-c-like-memory-management

https://news.ycombinator.com/item?id=5349354

https://rosettacode.org/wiki/Memory_allocation#ALGOL_68

https://twitter.com/enf/status/1049453387492679682

https://www.dcs.gla.ac.uk/~wpc/hi/heaps.pdf

It looks like the Algol standard never specified how to collect garbage, though.

A comment from an Algol mainframe programmer would definitely be useful in this discussion.

Algol Mainframes ?

If that would be true, how could the Algol Mainframes of ICL, Burroughs and IPMCE be useful computers at all ?

How did they manage without heap memory ?

I must concede I do not have first-hand knowledge of Algol, but from what I can read they did have several memory safety features such as index checking and hardware memory typing.

ABS Brake

"ABS Brakes make driving much more safe, but you can still kill yourself by reckless driving"

Re: ANSWER

Acoording to his Wiki page, he also sold a 14000000 mansion for 100 to his wife. Typical.behaviour of a criminal who fears being hit with a compensation claim.

Thats the NATO problem: the bankers were allowed to morph into bankrobbers.

Re: "Telefax"

Arguably, Japan is more powerful than the EU, if they only add nuclear weapons to their arsenal. In computing, they are ahead !

Referring to C++ Compiler

I was asking how a C++ Compiler would do this. I think it cannot, because C++ does not have a memory safety system bolted-on.

Something like a

g++ --memorysafe

switch. That switch would more or less turn the g++ into a SAPPEUR compiler. No more raw pointers, no more handing over arbirtrary pointers to thread functions, no more MT unsafe global data structures etc.

Re: Well

Thanks. That is what I am saying for years now.