i'm really confused. is software fault isolation the same as sandboxing? or they are different? everywhere i read that sandboxing means that we can run an untrusted code without affecting other programs or host. ok but how? do they do this by memory isolation? i mean when a program can access only on its own memory and can't access other memories we call that sandbox?
Sandboxing allows you to run untrusted code, as you said. There are different levels of sandboxes. Memory isolation - so what operating system is doing can be treated as one kind of sandbox. However programs still can share the same libraries and files. So there is Docker, that allows isolating those. But two processes run on separate docker containers, are still running on the same physical machine. So there is virtualization that can be treated as yet higher level of sandbox.
Sandbox is connected to isolating something that is run in sandbox from host system or other applications run on host system.
However software fault isolation means finding (isolating) fault or detecting fault. There is practice when debugging software to provide smallest possible code that reproduce the problem. So engineer who will work on fixing problem, can quickly find root cause because number of possibilities are smaller when he or she sees problem "isolated".
Sandboxes may be used to isolate problems, especially when working on dangerous, virus codes or systems that can destabilize host system that you are performing fault isolation from.