>>38
I suppose it has "something" to do with it.
What you linked to discusses how to statically (i.e. by analyzing the program text prove the resulting output "cannot" address memory outside the allocated range) i.e. the discussion is about how to eliminate run time bounds checking (exactly what I would say is a bad idea if you care about security).
In the short history of computers there's been two kinds of people:
1. The kind that put a clear division between programming a computer, and using the computer (henceforth "the static" people) (think about the word "application", a computer is
"applied", when it is used you are using an application of the computer (this is a fundamentally static world view word!)) and,
2. the kind that place no such division: using the computer
is programming the computer (henceforth "the dynamic" people).
Now, the static people will obviously place great utility on proving things apriori about a program (i.e. from the known relationship between program text, compiler, instruction set, and machine). This is because in the static world, a computer program defines all a machine can possibly do during its run: When a machine is not programmable while it is running, then
every single possible thing that can happen during a it's run can be proved apriori by proving the properties of the program, the compiler, the machine language, and the machine; it's just a question of effort.
Now by contrast, the dynamic people, although also recognizing and placing much utility on apriori proofs, know that such proofs can't completely describe all the possibile actions of a machine during its run, because things can change. The only things you can really know at run-time are the properties you prove at run-time (and only at the time you have proved them!).
If the static world view holds, and a computer really can't be programmed at run time, then security just boils down to proving that your program can't do any wrong by analyzing the program text. On the other hand, if a computer can be programmed at run time, then that is not enough, and security must be enforced (at some resource cost!) at run time.
Thankfully, the static world view does not hold. The computer I own is still programmable, while it is running. The programs I run on it can indeed be modified while my computer is running. My computer lives in the dynamic world.
However my computer is also an insane asylum. It is inhabited by a bunch of loony programs and programming languages that, unable to cope with reality, like to pretend they are living in a static world. The machine itself is schizophrenic and has multiple personalities (modes) that like to pretend they can e.g. make sure a program that doesn't modify itself or other programs at runtime (HAHAHA).
This is why computers today are so fundamentally insecure: Denial. The static people are in denial of reality. When faced with what is actually required to make the static world view true (that computers are not programmable while they run!) they either agree that this would be a good idea, or because being normal people who love computers, they recoil in horror. However unfortunately many of thos latter group are so traumatized they collapse inward, and denial sets in. There's also a number of people who have never given this any thought.
But that essentially is the choice: abandon the run-time programmable computer, or abandon any notions that security can be proved statically.