[e-lang] Safe compile-time evaluation

[Kevin Reid]

Another issue with constant folding:

Is it allowable for an E compiler to hang due to code like:

   if (false_but_not_statically_known) {
     __loop(thunk implements DeepFrozen { true })
   }

(Exempting __loop is insufficient since user code might behave  
similarly.)

If not, how shall we avoid it? What I've thought of so far:

1. Have a rubber-stamp auditor to mark objects[*] as allowing  
constant-folding for calls to them.

   1a. ...and make it available in the safeScope, which puts us where  
we started with malicious code, but avoids accidental hangs.

   1b. ...and make it available in the privilegedScope, which  
prevents unprivileged code from taking advantage of constant folding.

   1c. ...and the safeScope provides an auditor which approves  
(sufficiently straightforward) methods that provably terminate.

2. Evaluate constant calls with an interpreter with execution time/ 
step-count limits. (This smaller-than-vat-granularity  
interruptibility would be safe since the objects it operates on are  
confined.)

    Unlike option 1, this needs no explicit code to enable folding.

    Disadvantage: Requires the ability to interpret execution  
involving objects which are already existant (not necessarily in the  
form of E expressions) for any expression which is to be folded.

Anything else?



[*] Given Selfless auditors, this can be made specific to a certain  
subset of messages to an object.

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>