Squeak VM stability?

Hans-Martin Mosner hmm at heeg.de
Fri Dec 28 22:27:02 UTC 2007


Michael van der Gulik schrieb:
> Hi all.
>
> Is the policy of the VM makers (whoever they currently are) to prevent
> the VM from crashing, particularly when given malicious bytecodes?
>
> This is a general question, mostly related to
> http://bugs.squeak.org/view.php?id=1395 which is now closed. Is it
> considered a bug if I can crash the VM with a maliciously crafted method?
>
> Which direction would the Squeak community want to go in? Should we
> aim to have a VM that would never seg fault and dump core (or blue
> screen under Windows), regardless of what rubbish is fed to it? Doing
> extra sanity checks and bounds checking would possibly have a
> performance penalty.
At least the current VM can be easily crashed with invalid methods. It
has neither dynamic bounds checks on temp, inst var or literal accesses
nor static checks like the Java VM does.
I am not a VM maker (although I played one a long time ago), so I can't
speak for them, but given the dynamic nature of the Smalltalk
environment it seems a bit difficult to design a Smalltalk VM that is
absolutely safe against manipulation. Java does not allow many of the
operations that make Smalltalk so powerful and malleable, making static
checking much easier.

At the moment, I'd guess that a tamper-proof VM is not a primary goal
for Squeak, although it would be nice to have one for certain applications.

Cheers,
Hans-Martin




More information about the Squeak-dev mailing list