lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 11/12/16 09:21 PM, Samuel Groß wrote:


Here's some food for thought: Let's say you write a Lua VM that turns Lua source code directly into x86 assembly.

1. How do you string.dump this? The easiest way would be to just dump the whole x86 assembly, and as far as I'm aware the Lua reference manual allows this. 2. When loading a raw x86 assembly bytecode, how do you validate it? Well, you can't, unless you include a whole static analysis framework in your VM, and even then you won't be able to validate that it's Lua - the "bytecode" could in theory use sockets or something.

Lua bytecode is not and has never been safe. Lua bytecode has always been implementation-defined. Don't rely on it, and don't trust it.

Disclaimer: these emails may be made public at any given time, with or without reason. If you don't agree with this, DO NOT REPLY.