[[license text="""
Copyright © 2007 Free Software Foundation, Inc.

Permission is granted to copy, distribute and/or modify this document under the
terms of the GNU Free Documentation License, Version 1.2 or any later version
published by the Free Software Foundation; with no Invariant Sections, no
Front-Cover Texts, and no Back-Cover Texts.  A copy of the license is included
in the section entitled [[GNU_Free_Documentation_License|/fdl.txt]].

By contributing to this page, you agree to assign copyright for your
contribution to the Free Software Foundation.  The Free Software Foundation
promises to always use either a verbatim copying license or a free
documentation license when publishing your contribution.  We grant you back all
your rights under copyright, including the rights to copy, modify, and
redistribute your contributions.
"""]]

SFI stands for Software-Based Fault Isolation.  SFI is an [[isolation]]
technique described by Wahbe et al. in their 1993 paper [Effcient
Software-Based Fault Isolation](http://citeseer.ist.psu.edu/wahbe93efficient.html).
Instead of running code is a separate process, untrusted code
is loaded into into the host's address space, part of the address
space is reserved to the application and referred to as its fault
domain, and the code is rewritten such that it cannot modify or jump
to addresses outside of its fault domain.