<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 06/15/11 05:05, Mariano Martinez Peck wrote:
<blockquote
cite="mid:BANLkTinfyqZaV=CA9j0-19SbE93y6GCJpw@mail.gmail.com"
type="cite"><br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
and lastly but not less, you have found 2 security problems in
the VM<br>
(may be just one, ok).<br>
<br>
The first one is at a language level, where you can break the<br>
encapsulation of objects by executing an arbitrary
CompiledMethod in any<br>
object.<br>
</blockquote>
<div><br>
Yes, but this is already possible with some other primitives
;)<br>
</div>
</div>
</blockquote>
It'd be very interesting to build a list of those primitives, what
others<br>
do you have in mind? In any case, I think there is a subtle
difference<br>
between a bytecode and a primitive. A primitive can be effectively<br>
stopped at language level, by not exposing a method, or
discretionary<br>
exposing it, or not making reachable the object implementing it. A<br>
bytecode is different, and has to be checked by the interpreter-jit<br>
(runtime environment in general). Well, I think<br>
<br>
<blockquote
cite="mid:BANLkTinfyqZaV=CA9j0-19SbE93y6GCJpw@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<div><br>
What I wonder, and what I would really like to know is the
reason why NOT to check bounds. Is all about speed?<br>
</div>
</div>
<br>
</blockquote>
I think yes, it is speed: if every bytecode had to check it, it'd be
a<br>
strong degradation of performance. A more complex implementation<br>
could have a /bytecode verifier/, to check, when then native code is<br>
emitted, if the structure of the receiver, in this case, is suitable
for<br>
the code. In an interpreter similar checks could be done, once the<br>
first time a method is going to be activated in a certain receiver<br>
(if instance methods are not possible in the system, this could be<br>
cached per class, otherwise some little more complex checks have<br>
to be implemented.<br>
<br>
As a note, the Java VM and the Flash VM, at least, have strong
bytecode<br>
verifiers specifically for security reasons.<br>
<br>
gera<br>
<br>
<br>
<blockquote
cite="mid:BANLkTinfyqZaV=CA9j0-19SbE93y6GCJpw@mail.gmail.com"
type="cite">Thanks<br>
<br clear="all">
<br>
-- <br>
Mariano<br>
<a moz-do-not-send="true" href="http://marianopeck.wordpress.com"
target="_blank">http://marianopeck.wordpress.com</a><br>
<br>
</blockquote>
<br>
</body>
</html>