It shouldn't be difficult to verify the "well-formedness" of compiled methods without the overhead of a complete recompilation. As with Mathieu's suggestion, this can be done once at load-time so that there is no performance penalty at run-time.
It seems like ByteSurgeon (http://www.iam.unibe.ch/~scg/Research/ByteSurgeon/ ) might be the right tool for the task; perhaps someone more familiar with it can comment?
Josh
On Dec 28, 2007, at 3:22 PM, Mathieu Suen wrote:
Hi,
On Dec 28, 2007, at 10:41 PM, Michael van der Gulik wrote:
Hi all.
Is the policy of the VM makers (whoever they currently are) to prevent the VM from crashing, particularly when given malicious bytecodes?
Perhaps on way to solve the problem is to avoid loading bytecode, instead load the source code that is compiled with a trust compiler. In Smalltalk the bytecode can be easily decompile so if the intension is to hide the code it doesn't worth loadin bytecode.
This is a general question, mostly related to http://bugs.squeak.org/view.php?id=1395 which is now closed. Is it considered a bug if I can crash the VM with a maliciously crafted method?
Which direction would the Squeak community want to go in? Should we aim to have a VM that would never seg fault and dump core (or blue screen under Windows), regardless of what rubbish is fed to it? Doing extra sanity checks and bounds checking would possibly have a performance penalty.
Regards, Gulik.
-- http://people.squeakfoundation.org/person/mikevdg http://gulik.pbwiki.com/
Mth