Reference1:
Restricted C + Compiler = Safe language benefits with no garbage collection, no runtime checks.
Safe definition: define a software entity (module, thread, or a complete program) to be safe if:
not out of bound: never reference a memory location outside the data area by or for the entity.
no alien code execution: never executes instructions outside the code area created by the compiler and linker within that space.
Except dangling pointers, detect and prevent all other errors that could be prevented by a language with strong type safety.
Replace null ptr runtime check with hardware address space protection.
2 new + 2 previous
interprocedural algorithem: propagating constraints on integer variables & prove the safety of affine array reference on integer variables.
memory initialization using illegal address from hardware protection
escape analysis: prevent dangling ptrs to stack objects.
Complex/Unanalyzable array references are not allowed. (Or in future work, allowed with runtime checks added.)
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?