What are the robustness guarantees for the Luau compiler? #1274
-
|
It sounds like the Luau VM has pretty strong robustness guarantees, e.g. if it is passed valid bytecode, then execution is sandboxed - it can't write over random memory etc. Combined with the interrupt callbacks and supplying my own memory allocation function, the execution is bounded in both space (memory) and time (CPU usage). Are there similar guarantees for the Luau compiler? I want to be able to pass it untrusted (user-controlled) source code without crashing or exhausting resources. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Our compiler should not have any security issues and should never produce invalid bytecode. But we cannot guarantee the resource exhaustion. |
Beta Was this translation helpful? Give feedback.
Our compiler should not have any security issues and should never produce invalid bytecode.
But we cannot guarantee the resource exhaustion.
While we shouldn't have unbounded memory use issues, we can take a lot of time compiling scripts that are specifically constructed for a DoS attack.