lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Thu, Jul 10, 2014 at 10:56:46PM -0400, Jay Carlson wrote:
> On Jul 10, 2014 10:10 PM, "Steven Degutis" <> wrote:
> > I understand where you're coming from in wanting
> > more flexibility in the API and in Lua itself. I especially understand
> > it having written a few ObjC bridges myself, being no stranger to
> > NSInvocation and family.
> >
> > I'm also quite disillusioned about such bridges in the first place,
> > having come to the same conclusion that Apple apparently has (as
> > they've deprecated all bridges and made NSInvocation inaccessible via
> > Swift), namely that bridges between even mildly disparate programming
> > languages are inherently broken and should be avoided except in the
> > rarest of prototypical cases.
> Do you think discouraging NSInvocation is to make static analysis easier?
> If so, would this have an impact on the App Store control process?

I would guess that NSInvocation generates code at run-time, and does so in a
way that makes it too easy for attack code to leverage. In other words, it's
a gigantic hole in the W^X memory protection scheme.

Java, LuaJIT, and similar environments also generate code at run-time, but
they don't do so in a way that can be easily manipulated by code running
inside the interpreters.