v1.1: Sandbox configuration
This release is about sandboxing. I have spent some time this past few weeks fuzzing and tinkering with sandbox safety. I have also removed a bunch of code that was not used a lot, reducing attack surface. Some effort has been made to use pointers less. For example, an execute segment is now required at all times, passed only by reference. Instead of a null-check, the default execute segment is an empty segment. I've also added more modes to the fuzzer in an attempt to fuzz APIs I consider part of (or potentially part of) a safe sandboxing configuration. More fuzzing is needed, of course, but I'm happy with the progress.
The C API has been getting some improvements too. There is now enough API to make function calls into the guest programs.
What's Changed
- The C API has expanded to cover VM function calls
- Added SECURITY.md which documents a safe sandbox configuration
- Added a Nelua example program
- 32- and 64-bit can be individually disabled in CMake in order to reduce build times
- A new tiny templated ELF header has replaced the old long version
- Added a benchmark against Luau
PRs
- Pass instruction counters in registers to simulate() by @fwsGonzo in #110
- Use templates for ELF parsing, and remove the large C header by @fwsGonzo in #111
- Use registers for counters when entering and leaving binary translation by @fwsGonzo in #114
- Make instantiation of 32- and 64-bit ISAs a CMake option by @fwsGonzo in #115
- Pass PC as register to simulate() and next_exec_seg() by @fwsGonzo in #116
- Make reordering bytecodes easier by @fwsGonzo in #120
- Reorganize members, add alignment hints, move atomics to Memory by @fwsGonzo in #121
- Add C API functions related to VM calls by @fwsGonzo in #123
- Simplify memory helper functions, removing memview and foreach by @fwsGonzo in #124
Full Changelog: v1.0...v1.1