[Vm-dev] Pre-Spur -> Spur transition

Ken.Dickey Ken.Dickey at whidbey.com
Mon Nov 23 01:15:42 UTC 2015


On Mon, 23 Nov 2015 04:01:29 -0800
Eliot Miranda <eliot.miranda at gmail.com> wrote:

> Perhaps some time we can discuss what's necessary to get Cog VMs running on Chromebooks.  Is it a matter of doing the entry into machine code appropriately or is there a deal breaker or...?

I was fortunate to got a chunk of time with Tim at the recent Nanaimo Camp Smalltalk to look at this.


The short answer is that we are blocked and no easy workaround is apparent.


The gist is that Chrome OS uses compsec to trap kernel calls, randomizes code placement, uses guard pages, and does 'NX' protection of writable pages.  Chrome OS is serious about security (JIT Spraying et al).

I had thought that Google's V8 JavaScript VM was JIT'ing here but the public source indicates that they disallow JIT on Chromebooks. 

There is evidence in internal discussions of a test/prototype "safe JIT" V8 and some people seem to be working on rubrics/rules under which JIT would be allowed.  Basically what is required is the ability to run a checker over the JIT which can automatically check references to preclude code attacks.  Doing this cheaply enough computationally to keep the performance gains of JIT is a real challenge.

I am able to run small JIT samples and a "stackless JIT" (sljit) on a Chromebook, but have not had the time to discover the specific breakage-line/trip-point causing the Segfault.

My current take is that I need to get a RasPi to use Cog or build a custom Chrome OS kernel.   Not a general solution.  8^(

I think it best to wait until a public code solution appears for V8.  Other than that it is experimenting with threaded code and related.  Not worth your time right now.

Thanks for your interest, and thanks especially for your great work on the VM!!
-KenD
================================ Of Note:

"Exploiting and Protecting Dynamic Code Generation"

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwjguP_RxJ3JAhXQT4gKHS2VAUYQFggeMAA&url=http%3A%2F%2Fwenke.gtisc.gatech.edu%2Fpapers%2Fsdcg.pdf&usg=AFQjCNF52_QFDuMcP05WvfeHNi2wUK-yHg&sig2=8SzTcWKA7VBubmzdzJmIiA


Google's "Safe Self-Modifying Code" patent: (Patent! Ack!! 8^{)

https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0ahUKEwilmsKlxZ3JAhVRKYgKHfXgDOMQFgg5MAM&url=http%3A%2F%2Fwww.google.com%2Fpatents%2FUS8850574&usg=AFQjCNHTAbYqbvqy80Edcww1YDsgUvoKMQ&sig2=FK01uFZEn778RNmRm7iz4A

================================


More information about the Vm-dev mailing list