Brendan Eich wrote:
Google Native Client [2] is a leading CFI-enforcing compiler and
runtime system. Anyone know of better? MSR had Xax [3] but it seems
defunct.
devd (Devdatta Akhawe, whom I had not met yet) on #developers corrected
me: NaCl does SFI, not CFI. SFI goes way back,
R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient
software-based fault isolation. ACM SIGOPS Operating
Systems Review, 27(5):203–216, 1993.
The CFI and NaCl papers have all the refs.
SFI is for securing arbitrary native code. Hence brson's bug, but the
Pepper mismatch is a problem, and the overhead for IA64 and ARM, even
ignoring PNaCl, is no picnic.
CFI could be done more cheaply in a managed language like Rust, maybe.
/be
_______________________________________________
dev-servo mailing list
dev-servo@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-servo
