Gregor N. Purdy <[EMAIL PROTECTED]> wrote: > Dan --
> Here's a first version that works with the regular core. > You have to explicitly define PARANOID, or the added code > won't get compiled. It IMHO should be a separate run core, which can be switched to, whenever safe execution is desired. Then we want to turn off some opcodes especially these, which would allow to escape from the safe core. Generally we need a classification of opcodes, so that we can disable e.g. all IO cops. WRT implementation: Putting the register range check in each opcode function just blows the core size. Its much simpler to have one central place to inspect the program code. I'd use the switched core (or better a safe switched core derived from it) as the base. Its a predereferenced core, so during safe prederef some of these checks can be done in advance. While its seems legitimate to check P and S registers for NULL, its suboptimal to generally disallow NULL registers. NULL PRegs are in use e.g. for C<dlfunc> and if the code allows execution of dlfunc (probably not but ...) a NULL value for the dl-handle is valid. And finally composite keys may have registers too. leo
