Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2
From: Mike Pall <mikelu-1012@...>
Date: Wed, 15 Dec 2010 16:54:29 +0100

Peter Cawley wrote:
> From my experience of trying to abuse Lua bytecode, I've decided to
> attack the other side of the problem, and attempt to write a module
> which verifies Lua 5.2 bytecode as non-malicious.

I tried it on a few moderately complex Lua files and the result is
a bit depressing ...

Ok, so loading (unverified) bytecode is substantially faster than
parsing Lua source code (around 6x). But the verifier seriously
slows things down: verifying + loading bytecode is only about 20%
faster than parsing Lua source code.

[For comparison: the LuaJIT parser is about 50% faster than the
Lua parser for the same Lua source code.]

<blasphemy>
Maybe Java and Flash should have used faster parsers rather than
trying to fix their bytecode verifiers for the last 15 years? ;-)
</blasphemy>

--Mike

Follow-Ups:
- Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2, Tony Finch
- Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2, Peter Cawley

References:
- [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2, Peter Cawley

Prev by Date: Re: Detecting read or write access in __index metamethod
Next by Date: Re: Lua binding compare-and-contrast
Previous by thread: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2
Next by thread: Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2
Index(es):
- Date
- Thread