dynamic loading of Caml bytecode

dynamic loading of Caml bytecode

[Michael Hicks]

I wonder if anyone could elaborate for me on the safety of dynamically
loaded Ocaml bytecode?  Is it possible to load bytecode that is not
well-formed or type-correct (thus resulting in a core-dump or other
misbehavior at runtime)?  I understand that interfaces are checked for
consistency using MD5 hashes, but I'm curious about the internal consistency
of the bytecode file itself.

Thanks,
Mike

-- 
Michael Hicks
Ph.D. Candidate, the University of Pennsylvania
http://www.cis.upenn.edu/~mwh            mailto://mwh@dsl.cis.upenn.edu
"People are often unreasonable, illogical, and self-centered;
Forgive them anyway." -- Mother Teresa

Re: dynamic loading of Caml bytecode

[Xavier Leroy]

> I wonder if anyone could elaborate for me on the safety of dynamically
> loaded Ocaml bytecode?  Is it possible to load bytecode that is not
> well-formed or type-correct (thus resulting in a core-dump or other
> misbehavior at runtime)?  I understand that interfaces are checked for
> consistency using MD5 hashes, but I'm curious about the internal consistency
> of the bytecode file itself.

Essentially no consistency checks are performed by the dynamic loader.
Just like the MD5-based interface consistency mechanism that you
mention, the whole dynamic loader assumes that its input has been
produced by a correct OCaml compiler and not modified since.  That's
why in the MMM design we had to rely on cryptographic signatures to
ensure the well-formedness of applet code.

- Xavier Leroy