On April 16, 2014 at 15:34 jason.iannone@gmail.com (Jason Iannone) wrote:
I can't cite chapter and verse but I seem to remember this zeroing problem was solved decades ago by just introducing a bit which said this chunk of memory or disk is new (to this process) and not zeroed but if there's any attempt to actually access it then read it back as if it were filled with zeros, or alternatively zero it.
Those were my words. I was talking about kernel memory/disk management. And then Jason Iannone...
Isn't that a result of the language? Low level languages give that power to the author rather than assuming any responsibility. Hacker News had a fairly in-depth discussion regarding the nature of C with some convincing opinions as to why it's not exactly the right tool to build this sort of system with. The gist, forcing the author of a monster like OpenSSL to manage memory is a problem.
This is a potentially huge discussion with many dimensions. A library like openssl is intended to fit into a huge software ecosystem much of which is already written in C. Writing it in another language (other than perhaps C++) would require a cross-language API or similar (e.g., IPC) which introduces other issues. So, oftentimes you use a three-prong plug because you are faced with three-prong receptacles and rebuilding the entire building to a new standard just isn't practical even if you believe the result presents a potential shock hazard. And, if I may editorialize, there's a reason most of that ecosystem is built in C, it's not only legacy. Other languages have their own shortcomings, you can't just consider one aspect. -- -Barry Shein The World | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool & Die | Public Access Internet | SINCE 1989 *oo*