From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Tom Tromey Newsgroups: gmane.emacs.devel Subject: Re: How much do we care about undefined behavior triggered by invalid bytecode? Date: Thu, 24 May 2018 18:30:07 -0600 Message-ID: <87h8mw1ss0.fsf@tromey.com> References: <2f400c58-1214-d442-f3a9-30b5c7d73863@cs.ucla.edu> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: blaine.gmane.org 1527208145 17883 195.159.176.226 (25 May 2018 00:29:05 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Fri, 25 May 2018 00:29:05 +0000 (UTC) User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) Cc: Philipp Stephani , Noam Postavsky , Emacs developers To: Paul Eggert Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri May 25 02:29:01 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fM0bM-0004Vj-6D for ged-emacs-devel@m.gmane.org; Fri, 25 May 2018 02:29:00 +0200 Original-Received: from localhost ([::1]:41226 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fM0dT-00011k-BE for ged-emacs-devel@m.gmane.org; Thu, 24 May 2018 20:31:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54098) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fM0ck-00010I-64 for emacs-devel@gnu.org; Thu, 24 May 2018 20:30:27 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fM0cg-0008Sj-17 for emacs-devel@gnu.org; Thu, 24 May 2018 20:30:26 -0400 Original-Received: from gateway30.websitewelcome.com ([192.185.145.3]:36724) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fM0cf-0008EF-PO for emacs-devel@gnu.org; Thu, 24 May 2018 20:30:21 -0400 Original-Received: from cm15.websitewelcome.com (cm15.websitewelcome.com [100.42.49.9]) by gateway30.websitewelcome.com (Postfix) with ESMTP id CCCB16464 for ; Thu, 24 May 2018 19:30:08 -0500 (CDT) Original-Received: from box5379.bluehost.com ([162.241.216.53]) by cmsmtp with SMTP id M0cSflHg0bXuJM0cSf2cL0; Thu, 24 May 2018 19:30:08 -0500 X-Authority-Reason: nr=8 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=tromey.com; s=default; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jOcqPrpphnSdMVlZYTU3Uag8OIjHLn6TS69reTyjCaU=; b=QZ9HBDG1KRuM+v2lHMgG9VcgUZ xWvucdRCSNupjBIupcJQvetythhW1kY/HL45EwYf83iZaXZg8HS6hDllyGw42wjh1orFHq1qDiIB8 AaWKGph8dMMEe+mE7HFK/TwqY; Original-Received: from 174-29-44-154.hlrn.qwest.net ([174.29.44.154]:38184 helo=bapiya) by box5379.bluehost.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89_1) (envelope-from ) id 1fM0cS-002BgQ-D3; Thu, 24 May 2018 19:30:08 -0500 X-Attribution: Tom In-Reply-To: <2f400c58-1214-d442-f3a9-30b5c7d73863@cs.ucla.edu> (Paul Eggert's message of "Tue, 22 May 2018 07:51:07 -0700") X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - box5379.bluehost.com X-AntiAbuse: Original Domain - gnu.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - tromey.com X-BWhitelist: no X-Source-IP: 174.29.44.154 X-Source-L: No X-Exim-ID: 1fM0cS-002BgQ-D3 X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: 174-29-44-154.hlrn.qwest.net (bapiya) [174.29.44.154]:38184 X-Source-Auth: tom+tromey.com X-Email-Count: 4 X-Source-Cap: ZWx5bnJvYmk7ZWx5bnJvYmk7Ym94NTM3OS5ibHVlaG9zdC5jb20= X-Local-Domain: yes X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 192.185.145.3 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:225686 Archived-At: >>>>> "Paul" == Paul Eggert writes: Paul> We could fix this problem by verifying that a series of bytecodes Paul> cannot make Emacs crash, before allowing the bytecodes to be Paul> executed. But wouldn't that be a reasonably large project? FWIW on my more experiment JIT branch, I have a small bytecode verifier. I needed it for the JIT, so it only does what I needed there, namely: * Checking that the bytecode doesn't fall off the end * Checking that the stack doesn't over- or underflow * Checking that the stack depth at any given PC is a constant * Checking that only valid opcodes are used * Checking that the hash table given to Bswitch has only integer PC values and that they are in range I don't know how hard it would be to extract this from the JIT. Not too bad maybe. The other issue would be when to run it. Maybe it would work to do it the first time a bit of bytecode is executed. Tom