Michael van der Gulik schrieb:
Hi all.
Is the policy of the VM makers (whoever they currently are) to prevent the VM from crashing, particularly when given malicious bytecodes?
This is a general question, mostly related to http://bugs.squeak.org/view.php?id=1395 which is now closed. Is it considered a bug if I can crash the VM with a maliciously crafted method?
Which direction would the Squeak community want to go in? Should we aim to have a VM that would never seg fault and dump core (or blue screen under Windows), regardless of what rubbish is fed to it? Doing extra sanity checks and bounds checking would possibly have a performance penalty.
At least the current VM can be easily crashed with invalid methods. It has neither dynamic bounds checks on temp, inst var or literal accesses nor static checks like the Java VM does. I am not a VM maker (although I played one a long time ago), so I can't speak for them, but given the dynamic nature of the Smalltalk environment it seems a bit difficult to design a Smalltalk VM that is absolutely safe against manipulation. Java does not allow many of the operations that make Smalltalk so powerful and malleable, making static checking much easier.
At the moment, I'd guess that a tamper-proof VM is not a primary goal for Squeak, although it would be nice to have one for certain applications.
Cheers, Hans-Martin