[clug] Anti-Virus Software

Hal Ashburner hal.ashburner at gmail.com
Tue Jun 22 05:05:14 MDT 2010

On 22/Jun/10 8:50 PM, Sam Couter wrote:
> Ivan Miljenovic<ivan.miljenovic at gmail.com>  wrote:
>> Also, people at NICTA have proven an L4 kernel correct and secure (not
>> used anywhere yet though).
> I think they also assumed the compiler is generating correct code. And
> the compiler is software, which as we know will always contain bugs...
Proved the C matched the spec, the spec was written in Haskell iirc. The 
spec itself could easily contain bugs as much as the output of the C 
once run through a compiler.
Then we know whatever cpu it's running on also contains bugs. So you 
don't have guarantees about the partitioning of memory while that's the 
case which it will be for the foreseeable.

Then you look at L4 which really doesn't do very much at all. Partition 
memory and do coopertative IPC between threads is about the extent of 
it. So you need to implement rather a lot to run a program or a device 
driver which is all going to be unproven. Then mathematicians aren't 
programmers so when a bug is found how the hell do you fix it. Ah but 
there are no bugs because it's been proven that some C and some Haskell 
are theoretically equivalent.

So I did some L4 stuff for NICTA but never understood the point of that 
project. But I'm sure there's lots in this world I don't understand.

More information about the linux mailing list