lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On 26 October 2010 10:30, Philippe Lhoste <> wrote:
> On 26/10/2010 10:12, Jonathan Castello wrote:
>> It could potentially create new security holes.
> Works for Java, but then again, lot of work went there.
>> It might be possible to write a bulletproof bytecode verifier, but by
>> that point, what's the difference? You're still processing the code
>> before you run it.
> The idea was that such bytecode would be run by a native VM, at full speed,
> instead of being run by a VM powered by JavaScript powered by a real VM...
> Anyway, it was just wishful thinking.

It's certainly an attractive idea in theory. However after giving the
problem plenty of thought I concluded that it likely wouldn't be as
advantageous as it appears. Practically every operation in Lua would
need to be abstracted in Javascript. So for example you would have to
wrap every value, and have functions like add(luaval1, luaval2) to
handle things like metamethods and other Lua-specific mechanisms.

Suddenly producing an ugly script like this doesn't look as nice
compared to a clean VM implementation, so I headed in the latter
direction[1]. I'm breaking for work at the moment, but collaborators
welcome to help me finish :)