Re: [DotGNU]Running mono-compiled/non-verifiable apps

[Rhys Weatherley]

On Tuesday 25 February 2003 10:02 pm, Fergus Henderson wrote:

> If so, this behaviour is wrong.  The .NET ECMA spec defines two notions,
> "verifiable" and "valid", and allows the execution of "unverifiable" code,
> provided that it is "valid".  Of course it is usually not safe to run
> untrusted code unless it has been verified.  But it should be possible
> to execute code which is unverifiable but trusted.

Errr ... let's back up a bit Fergus.

What I call the "verifier" does both ECMA validity testing and full-blown ECMA 
verifiability testing.  The "unsafeAllowed" flag to "_ILVerify" is used to 
switch between these two modes.  I called it a "verifier" before I realised 
the distinction in the spec.

Validity checking still performs some type-verification, and is a necessary 
pre-condition for CVM code generation.  e.g. "add" can be used on numeric and 
pointer types in the "valid" mode, but not object references.  In the 
"verify" mode, some pointer adds are also disallowed.  These checks *must* be 
performed regardless and my "verifier" supports both modes for this reason.

The particular problem being reported by Marcus is a failure of validity 
checks (all programs executed from disk are checked for validity, not 
verifiability, at present).  This is unrelated to the terminology mismatch 
between pnet and ECMA.

Cheers,

Rhys.