rustc_codegen_cranelift icon indicating copy to clipboard operation
rustc_codegen_cranelift copied to clipboard

Published 20 hours ago verified publisher icon rust-lang

Add a sandboxed mode

Open bjorn3 opened this issue 4 years ago • 1 comments

All memory accesses will use a Cranelift heap, just like for web assembly. In addition only explicitly allowed function calls will be allowed. This sandbox mode will not be available when using cg_clif directly as codegen backend, but only when using the jit mode (and maybe in the future aot mode) with a future api exported by librustc_codegen_cranelift.

bjorn3 avatar Jan 14 '21 12:01 bjorn3

This would be useful for a program to have plugns that can be hot-swapped safely.

bjorn3 avatar Jan 14 '21 12:01 bjorn3

This is non-trivial to implement due to libc and other crates using a lot of system api's. See miri for how much code it needs. Embedding wasm is probably more useful anyway.

bjorn3 avatar Sep 01 '22 15:09 bjorn3