[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: dostring and precompiled code
- From: oti@...
- Date: Mon, 05 Feb 2001 15:31:31 -0000
--- In lua-l@y..., "Cary O'Brien" <cobrien@R...> wrote:
> Another question (ok, I know 10 minutes with the source code and I
> could figure this out myself): are all sequences of bytecodes
> safe? At least in terms of keeping the interpreter running? No
> HCF or FOOF [1] instructions?
> [1] HCF - halt catch fire - an instruction on a particular single-
> chip micro that would turn on opposing output buffers. Chip would
> melt.
> [2] Pentium opcode that caused lockup.
You have to distinguish between a number of "safety" issues.
One is the "sandbox" issue: is a program running in the Lua VM able
to crash the host program? The most common cause is a memory access
violation (segfault), or an untrapped fatal signal (untrapped divide-
by-zero errors, for instance). I haven't examined the Lua VM source
code minutely, but from what I have seen it is safe in this respect.
Source code that exceeds array bounds, or tries a = 1/0 should not
crash the Lua host.
Then there is the question of whether a program running in the Lua VM
is able to halt the VM itself. For instance, a sequence of random
bytes interpreted as bytecode may cause the VM to grind to a halt and
refuse to continue execution. This can happen with Lua. This is not
neccessarily a problem if the host program is designed to handle the
possibility of invalid code being offered. This is not merely limited
to byte code; it applies to invalid or buggy source code too.
Finally there is the question of whether a Lua program can cause a
Denial of Service problem. For instance, causing an endless loop,
overutilising CPU resources, holding files open in write mode
unneccessarily, allocating ever-increasing number of objects,
blocking sockets, etc. The answer is, definitely. Solving this is a
lot more difficult, as the implementation has to be able to
differentiate between genuine loads and hostile attacks. I think the
only way to resolve this kind of problem satisfactorily is by careful
program design, and I don't think any one single fit-all solution
exists.
There may be other bugs in the Lua VM eg a random byte sequence that
results in the host machine turning into a purple crab, spitting on
you, and waddling away. Little can be done about this class of bugs,
other than hoping that Luis, Roberto or Waldemar fix it as soon as it
is sighted :-)
Cheers, Elliott
