On Mon, Mar 21, 2011 at 7:23 PM, Stéphane Ducasse <[hidden email]> wrote:

This would be a nice little topic... this bytecode verifier.

Probably on top of Opal

The bytecode verifier must be in the VM.  If it is up in the image it can be side-stepped.  The VM is the ultimate executor of code and so it must apply verification.  It could be written in Smalltalk and verified in Smalltalk and then translated.  But it must be part of the VM and used by the VM before running any previously unverified method.

best,

Eliot

Indeed, Mariano's response made me want to scream: NOOOOO! :)

HOWEVER!, Thinking about it now, it's actually a very interesting proposal! What if we write this piece of software in Smalltak and give it to the VM as part of the VM definition. The VM decides what the application can see, so it might as well not give access to this smalltalk-written bytecode validator that it knows to be safe. If it's built by a separate classbuilder in a separate environment, it can be clearly separated, invulnerable to become: and other evil-doing. So, in short. It's written in Smalltalk (YAY!), but becomes part of the VM runtime, not of the image running on the VM. If we just make sure that we can write out image segments that the VM can use as part of its core (exactly what I do in Pinocchio incidentally), we can just develop and test it nicely in Pharo. Ain't that super-duper cool?