It shouldn't be difficult to verify the "well-formedness" of compiled  
methods without the overhead of a complete recompilation.    As with  
Mathieu's suggestion, this can be done once at load-time so that there  
is no performance penalty at run-time.

It seems like ByteSurgeon (http://www.iam.unibe.ch/~scg/Research/ByteSurgeon/ 
) might be the right tool for the task; perhaps someone more familiar  
with it can comment?

Josh


On Dec 28, 2007, at 3:22 PM, Mathieu Suen wrote:

> Hi,
>
> On Dec 28, 2007, at 10:41 PM, Michael van der Gulik wrote:
>
>> Hi all.
>>
>> Is the policy of the VM makers (whoever they currently are) to  
>> prevent the VM from crashing, particularly when given malicious  
>> bytecodes?
>
> Perhaps on way to solve the problem is to avoid loading bytecode,  
> instead load the source code that is compiled with a trust compiler.
> In Smalltalk the bytecode can be easily decompile so if the  
> intension is to hide the code it doesn't worth loadin bytecode.
>
>>
>>
>> This is a general question, mostly related to http://bugs.squeak.org/view.php?id=1395 
>>  which is now closed. Is it considered a bug if I can crash the VM  
>> with a maliciously crafted method?
>>
>> Which direction would the Squeak community want to go in? Should we  
>> aim to have a VM that would never seg fault and dump core (or blue  
>> screen under Windows), regardless of what rubbish is fed to it?  
>> Doing extra sanity checks and bounds checking would possibly have a  
>> performance penalty.
>>
>> Regards,
>> Gulik.
>>
>> -- 
>> http://people.squeakfoundation.org/person/mikevdg
>> http://gulik.pbwiki.com/
>
> 	Mth
>
>
>
>