reminder that "safe" compiled languages (like JIT'd javascript) are only as safe as their compiler, and compilers are Really Buggy
-
-
Replying to @FioraAeterna
you can literally stalk compiler bug trackers and find exploit material already there, in the form of hundreds of past miscompilation bugs
3 replies 8 retweets 24 likes -
Replying to @FioraAeterna
compiler bugs -> compiled code no longer obeys expected invariants -> language may no longer be safe
7 replies 6 retweets 16 likes -
Replying to @FioraAeterna
I wonder at what point we'll be forced to switch to simpler, better-validated compilers when running potentially-malicious code (e.g. JS)
5 replies 3 retweets 5 likes -
Replying to @FioraAeterna
@FioraAeterna Or use an advanced compiler/JIT, but compile to bytecode and run it on a verifiable bytecode interpreter.1 reply 0 retweets 0 likes
@FioraAeterna This kills the low-level optimizing advantage of compiler/JIT, but maintains the high-level opt which is what matters.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.