[Python-Dev] Is core dump always a bug? Advice requested

Michel Pelletier michel at dialnetwork.com
Wed May 12 16:13:27 EDT 2004


> > If arbitrary branching patterns are allowed, then in order to ensure
> > absence of stack overflow/underflow, etc., it will be necessary to do
> > things like proving that certain loops can't execute more than a
> > certain number of times. This smells halting-problem-complete to me.
>
> I think it would only need to check that any path through the loop has a no
> net effect on stack depth -- before branching back to the beginning of the
> loop, it must pop everything it pushed.

The ASM Java bytecode generation API has a similar flow control algorithm to 
determine the maximum stack size for java bytecode.  

http://asm.objectweb.org/

It uses the visitor pattern to visit classes, methods and instructions during 
bytecode generation that construct a control flow graph that is used at class 
generation time to calculate the maximum local variables and stack depth for 
methods (see Label.java and CodeWriter.java in their WebCVS). 

his information is embedded into the class, and is used at JVM verification 
time when the bytecode is reanalyzed to ensure that the numbers match the 
actual behavior of the bytecode.

I've seen a lot of concern about bytecode hacking crashing the interpreter, 
but the Java VM Spec goes further to state that there is a risk of 
exploitation.  I stared at ceval for a while to see if I could pick up such a 
hole.  It hurt.

I hear Phillip Eby when he says that anyone sending bytecode over the wire 
agent-fasion "darn well better" write their own bytecode verifier.  But in a 
world of massive paralleism and dynamic computing, that might not seem like 
such a bad feature to offer stock.

Would there be an interest in at least a PEP to consider a bytecode verifier?  
I'd be willing to take it on, but my experience is limited to JVM bytecode 
and verification.

-Michel




More information about the Python-Dev mailing list