Proposal for Protected Types

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Proposal for Protected Types
From: "Peter Hill" <corwin@...>
Date: Thu, 20 Dec 2001 14:31:10 +0800

[Disclaimer: I'm new to Lua (and the list) so appologies if I say something
stupid.
Is there a list FAQ to avoid such faux-pas?]

....

PROPOSAL FOR PROTECTED TYPES

In Lua the basic types, being inherently tied with storage, are protected.

Ie (type : storage):
- numbers : small item that fits on the stack.
- strings : arbitrary byte chunk in string heap.
- tables : container object, holding references to other objects that the
  garbage-collector can see.
- etc

Because Lua is embedded these memory-accessing types MUST be protected to
prevent a Lua program attacking the host program. By "protected" I mean that
the "type" field of the object can't be changed by the program. If it could
it would lead to a severe memory disaster!

Otoh, user defined types (tagged items) are not protected from such accesses
as tags may be changed at will. This is passable because the host program is
still safe... but it can be annoying if a critical module (eg, database
storage) has been debugged and another module accidentaly passes it some
badly tagged data. The host program may even pre-compile such modules with a
"lua_dostring(?)" command and wish them to be secure.

Could such security be granted without compromising Lua's simplicity?
I suggest the following simple change:  Add a new basic type "tag".

An object of type "tag" will contain a tag number (just like the normal
"number" type) but, being an inbuilt type, it will be "protected". Ie, the
program can't just convert any old integer into a tag... only the "newtag()"
function can produce tags.

The program can then create a secure type by wrapping its functions in a
block. Eg:

-- MODULE DEFINITION FOR RATIONALS
do
local rational_tag = newtag()

function RATIONAL_MAKE(a,b)
local rat = {numerator=a, denominator=b}
settag(rat,%rational_tag)
return rat
end

function RATIONAL_IS(a)
return tagged(a,%rational_tag)
// Note: "tagged()" is a new function that confims an object's tag matches
the one given.
end

function RATIONAL_ADD(a,b)
if tagged(a,%rational_tag) and tagged(b,%rational_tag) then
..blah..
else
return nil
end

end

-- MODULE USAGE
local p=RATIONAL_MAKE(11,22)
local q=RATIONAL_MAKE(33,44)
local r = RATIONAL_ADD(p,q)


Any comments?

*cheers*
Peter Hill

Prev by Date: Re: Integers, Modulus
Next by Date: Re: about the next version
Previous by thread: Re: doubt about gc
Next by thread: Re: Proposal for Protected Types
Index(es):
- Date
- Thread