[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Stefan Reich <stefan.reich.maker.of.eye@...>
- Date: Tue, 1 Nov 2011 15:34:41 +0000
On Tue, Nov 1, 2011 at 3:03 PM, Jorge <firstname.lastname@example.org> wrote:
> Sorry it came trough as a being nasty, it wasn't the intention.
Ah... no prob, you cleared it up now.
> There are inherent limits to what can be done with automatic
> verification. You should define the scope of what you want to verify and
> check its feasibility, before you put it on your feature list and start
> throwing resources at it.
> The effort needed do satisfy different level of correctness grown very
> fast, and jumps to infinite surprisingly fast.
OK... let's see what we know and what we might not know for sure yet.
1. We know that unexploitable bytecode exists. See the examples in my
last mail: one-instruction assembly etc.
2. Lua is a fairly simple language. Not maximally simple, but with,
overall, a nicely limited number of constructs.
So my assumption is that Lua supports safe bytecode already - or can
be made to support safe bytecode. By adding checks to the VM, adding a
verifier - or, if we have to, changing the bytecode format.
Having safe bytecode is absolutely crucial to the idea I want to realize.
I used to define my own VMs in earlier projects ("Imaginary
Microcomputers" et al). This solved the safety problem right away -
but what was missing was a toolchain and developers who know how to
program for the VM.
Lua has a solid toolchain and enthusiastic developers en masse. Now we
just need to harden it sufficiently - and it will be a perfect basis
for a world of mobile code.
I can hardly stress enough the range of new possibilities this will enable.
The mobile code revolution is one that is still strangely lacking from
computer science - and I believe it is imminent.
I think we can be at the forefront of that revolution with Lua - if we
combine our skills and make it ready to do the job.