delorie.com/archives/browse.cgi | search |
On Sat, 2015-02-07 at 11:20 -0500, Jason White wrote: > In the Lua virtual machine I added a protected mode for reading "data" > files where I disabled all instructions not related to pushing > constants to the stack. > > What does this mean? In this mode, a Lua file is not an executable > script; there are no functions, no function calls, no if statements or > for loops. The only thing that is allowed is the definition of > variables which are easily read out by a program. (Look at the example > program I linked to, it implements all this) Sadly I don't have time to get to far into this, and whilst probably important for the future - is not something I've got any time to contribute to. I'm currently taking time out from the PCB+GL and 3D stuff I want to get merged in order to fix some polygon bugs that are raising their ugly heads. (Long-standing bugs, but perhaps more commonly seen now due to the nm core coordinate switch). Regarding the language.. Sand-boxing for security is great, but doesn't address the (IMO) undesirability of a turing complete config / data file. By the time you've pared down the language to the point it sounds you have, IE. a non-turing complete "language" used for its input file parser. It hardly seems that we would be "using" the underlying language at all; you are merely borrowing its syntax for variable assignment, and using its interpreter to avoid writing your own file parser. A similar thing (I think) would be S-Expressions, which most scheme / lisp environments would be able to read very naturally, and without execution. There is also JSON / JSONP and Javascript. Peter -- Peter Clifton <peter DOT clifton AT clifton-electronics DOT co DOT uk> Clifton Electronics
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |