[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [DotGNU]Running mono-compiled/non-verifiable apps
From: |
Rhys Weatherley |
Subject: |
Re: [DotGNU]Running mono-compiled/non-verifiable apps |
Date: |
Tue, 25 Feb 2003 22:19:40 +1000 |
User-agent: |
KMail/1.4.3 |
On Tuesday 25 February 2003 10:02 pm, Fergus Henderson wrote:
> If so, this behaviour is wrong. The .NET ECMA spec defines two notions,
> "verifiable" and "valid", and allows the execution of "unverifiable" code,
> provided that it is "valid". Of course it is usually not safe to run
> untrusted code unless it has been verified. But it should be possible
> to execute code which is unverifiable but trusted.
Errr ... let's back up a bit Fergus.
What I call the "verifier" does both ECMA validity testing and full-blown ECMA
verifiability testing. The "unsafeAllowed" flag to "_ILVerify" is used to
switch between these two modes. I called it a "verifier" before I realised
the distinction in the spec.
Validity checking still performs some type-verification, and is a necessary
pre-condition for CVM code generation. e.g. "add" can be used on numeric and
pointer types in the "valid" mode, but not object references. In the
"verify" mode, some pointer adds are also disallowed. These checks *must* be
performed regardless and my "verifier" supports both modes for this reason.
The particular problem being reported by Marcus is a failure of validity
checks (all programs executed from disk are checked for validity, not
verifiability, at present). This is unrelated to the terminology mismatch
between pnet and ECMA.
Cheers,
Rhys.