safe bytecode
Message-Id: https://www.5snb.club/w/safe-bytecode/
Linked-From: wiki.
safe bytecode
function level isolation
each function can only access its local variables and cannot mess with the stack
protection against hostile code, it must be safe to execute without Bad Shit Happening
capability secure, resources are passed in as arguments. not a pure language, (mutable) references exist. single threaded. no reachable non-determinism or UB, the behaviour of everything is fully specified, at the cost of performance.
stack sizes are declared upfront. main doesn’t start if it can possibly use too much stack. either don’t have recursive calls or require them to have a const counter that decrements by one, so rec_100 can call rec_99 and so on
CPU time and memory is a resource that can be metered out
use a fuel system. 1 fuel is 1 operation, and operations should generally take a constant amount of time (if one doesn’t then maybe make it use more fuel)
if you run out of fuel, abort the operation.
maybe only allow fuel limits across actors, and a given actor is killed if it runs out of fuel
so an actor is like a thread and has local state as needed, and it costs a given amount of fuel to spawn
the spawner of an actor can kill it, reclaiming fuel
fuel is checked for every operation that goes “backwards” in the instruction stream.