Self-securing, serializable systems

[void4]

This is one possibility of implementing a system that provides the functionality described in https://github.com/void4/notes/issues/56

1. Create a virtual machine that has the usual arithmetic, control flow and memory access instructions. Executable code and all other data structures necessary to resume the full runtime state (instruction pointer, resource meters etc.) should be readable like regular memory (homoiconicity). Furthermore, control flow cannot be completely arbitrary (TODO: describe why, jumps into core program).

2. Create a initial program that accepts extensions to itself (object data and code), where object code is transpiled in a way that all ordinary memory access instructions are replaced by calls to this core program, which then checks access rights at runtime (like a normal ocap-kernel does).

The system image is thus only modified from the inside, and by enforcing executable code to be sanitized by the core object, it is cap-secure, with the core object still having the capability to serialize the entire system state.

---

Another possibility is to implement a VM with a variably restricted instruction set, with memory access instructions only accessible within a privileged mode, which can be jumped into with a CPU-like interrupt mechanism. The domain separation will still have to be implemented within the core program.