[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How much do we care about undefined behavior triggered by invalid by
|
From: |
Tom Tromey |
|
Subject: |
Re: How much do we care about undefined behavior triggered by invalid bytecode? |
|
Date: |
Thu, 24 May 2018 18:30:07 -0600 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
>>>>> "Paul" == Paul Eggert <address@hidden> writes:
Paul> We could fix this problem by verifying that a series of bytecodes
Paul> cannot make Emacs crash, before allowing the bytecodes to be
Paul> executed. But wouldn't that be a reasonably large project?
FWIW on my more experiment JIT branch, I have a small bytecode verifier.
I needed it for the JIT, so it only does what I needed there, namely:
* Checking that the bytecode doesn't fall off the end
* Checking that the stack doesn't over- or underflow
* Checking that the stack depth at any given PC is a constant
* Checking that only valid opcodes are used
* Checking that the hash table given to Bswitch has only integer PC
values and that they are in range
I don't know how hard it would be to extract this from the JIT. Not too
bad maybe.
The other issue would be when to run it. Maybe it would work to do it
the first time a bit of bytecode is executed.
Tom