1.2 KiB
1.2 KiB
basic ideas
- use a separate call stack to prevent ROP
- implement message passing
- integers as only internal data type
entry points and libraries
each module starts with the entry point, this avoids the need for a separate "entry pointer".
the entry point of the main module is what's initially called by the VM to start execution.
the entry point of library modules are called to build the library descriptor table,
which should leave an additional pointer on the stack which can be passed to call-r.
historic
signed pointers
Initially, this project tried to implement an idea of signed pointers, so that a party can verify that it authored a pointer (via HMAC, e.g. SipHash); but some problems remain, which make this impractical
- either it is insecure because the pointer is too small to store a resistant-enough hash
- thus, the pointer is so large that it gets unwieldly (e.g.
u128) - how to find out which node or process owns a pointer if you aren't that node (the hash only indicates if you own it or not, not who owns it)
- how to find out if the pointer is still valid (you need some hashmap or so to store that), but then you have basically reinvented file descriptors.