On Tuesday 23 March 2004 17:11, Dan Sugalski wrote: > At 3:43 PM +0100 3/23/04, Jens Rieks wrote: > >On Tuesday 23 March 2004 14:49, Gay, Jerry wrote: > >> > - do we expect to have more then 32 different classes? > >> > >> i see 13 operator classes currently, though my tree may be out of date > > > >I think we should limit the number of unique IDs available at runtime to > > 32. > > We ought to limit it to 0, actually. :) These classifications are all > compile-time things as they affect the code the preprocessor emits. I > don't think there's much use for the meta-information to be there at > runtime and I certainly don't think it should be *used* at runtime... After thinking a bit more about it, it seems undesireable to do hint group modifications at runtime. They should be declared at compiletime, and I think they can be very useful to maintain system security when running untrusted code.
It can be implemented as per-interpreter (or eventually runloop?) hints, to be able to disallow things like creating new/altering existing classes, loading of bytecode, disabling IO OPs and such things. A "query_hint" OP can be used to check at runtime if file access or network usage is permitted, for example. For security reasons, it should only be possible to test whether a feature is available, and to disable features. Either completely (until the interpreter exists) or for the current scope (handled like warnings?). It can be implemented as an (32bit) integer in the interpreter structure. Only a bit test against a predefined mask is needed to check if an instruction is allowed in a given context. "if( interpreter->hints & Parrot_hint_base_io )" The code for it can be spread out automatically for OPs belonging to a specific hints group. It is not necessary for base_core OPs, since it makes no sense to disable them. Other OPs (i.e. open) are doing rather complex things, a single bit test is not going to slow them down very much. Maybe its even enough to implement it for the slow/secure core. I belive that this will help to maintain the system's security when running untrusted code. jens
