Re: Lua in-kernel (lbuf library)

To: Terry Moore <tmm%mcci.com@localhost>
Subject: Re: Lua in-kernel (lbuf library)
From: Alexander Nasonov <alnsn%yandex.ru@localhost>
Date: Sat, 19 Oct 2013 13:02:47 +0100

Terry Moore wrote:
> Just to clarify a bit....
> 
> > Indeed, we started with Lua because AWK was not embeddable and because of
> > the 1-origin issue. 
> 
> We thought, mistakenly, that a language that didn't look very much like C
> would cause fewer problems because of the 0-origin / 1-origin difference.
> Apparently, however, it's a deeper habit of thought. Ditto for the string
> escape sequences. Apparently the '[' and ']' for indexing, and the '\' for
> character escapes, trigger very deeply seated patterns.

While I agree that 0-1 switch is mentally hard [*] but if you often need
to access arrays by index in Lua code then you either solving a wrong
problem of doing something a wrong way.

Lua is designed to be a glue language. If you need arrays (as opposite
to collections which can be iterated over with ipairs/pairs/iterators),
then you're likely doing low-level C stuff in Lua.

Data structures in kernel are often organized as linked lists. To
iterate from Lua, you probably want to write an iterator and also
a lookup function.

Lets say you want to iterate over all "ps" processes from ddb (if gdb
has python support, why can't we have a cooler thing?). You do this:

ddb> lua on
ddb> for p in processes:match("ps") do print(p.pid) end
906
2245
4935
...
ddb> =processes:find(1).path
"/sbin/init"
ddb> lua off

You can do a lot without ever accessing elements by integer indices.

> Based on our experience, it seems risky to use Lua to implement code that
> interoperates with kernel-like C code in security-critical contexts. We
> found this risk to be insurmountable. Engineers who are used to zero-origin
> code, and who are looking at zero-origin code for reference, will make
> zero-origin mistakes. 

Again, don't do C stuff in Lua. However, there is a different kind of
risk when developing security code in Lua: it's the layers of Lua
itselft. Any complex layer introduces a non-neglidgible risk.

[*] I found it out while developing mixed Lua-C module which could also
    detect LuaJIT and use its zero-based FFI structures.

Alex

Follow-Ups:
- Re: Lua in-kernel (lbuf library)
  - From: Marc Balmer

References:
- Lua in-kernel (lbuf library)
  - From: Lourival Vieira Neto
- Re: Lua in-kernel (lbuf library)
  - From: Christoph Badura
- Re: Lua in-kernel (lbuf library)
  - From: Lourival Vieira Neto
- Re: Lua in-kernel (lbuf library)
  - From: Marc Balmer
- Re: Lua in-kernel (lbuf library)
  - From: Aleksej Saushev
- RE: Lua in-kernel (lbuf library)
  - From: Terry Moore
- Re: Lua in-kernel (lbuf library)
  - From: Mindaugas Rasiukevicius
- RE: Lua in-kernel (lbuf library)
  - From: Terry Moore
- RE: Lua in-kernel (lbuf library)
  - From: Terry Moore

Prev by Date: Re: Why do we need lua in-tree again? Yet another call for actual evidence, please. (was Re: Moving Lua source codes)
Next by Date: Re: Lua in-kernel (lbuf library)
Previous by Thread: RE: Lua in-kernel (lbuf library)
Next by Thread: Re: Lua in-kernel (lbuf library)
Indexes:

Home | Main Index | Thread Index | Old Index