[Date Prev][Date Next][Thread Prev][Thread Next]
- Subject: Re: Bytecode: Safe or not? / luac manual
- From: Paul Hudson <phudson@...>
- Date: Tue, 1 Nov 2011 15:42:34 +0000
>1. We know that unexploitable bytecode exists. See the examples in my
last mail: one-instruction assembly etc.
>2. Lua is a fairly simple language. Not maximally simple, but with,
overall, a nicely limited number of constructs.
You've not really defined this yet, though:
> You should define the scope of what you want to verify and
> check its feasibility, before you put it on your feature list and start
> throwing resources at it.
Lua is more than powerful enough to have the halting-problem - you can't tell if some bytecode you receive will terminate or not. As a consequence, you can't say (in general) whether any arbitary point in that code will be reached (or not reached).
This is what Jorge means by defining what you mean by "safe". Depending on your definition, it may feasible to assess "safety" or it may be very difficult or even impossible.
> The mobile code revolution is one that is still strangely lacking from
Not really. See here, for instance: http://en.wikipedia.org/wiki/Mobile_agent
It's not really the silver bullet you seem to hope it will be.
Not really. See