Ticket #1500 (new RFC) — at Version 1
API to tell which opcode group an opcode is in
Reported by: | dukeleto | Owned by: | dukeleto |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | core | Version: | 2.1.0 |
Severity: | medium | Keywords: | |
Cc: | Language: | ||
Patch status: | Platform: | all |
Description (last modified by dukeleto) (diff)
I am currently hacking on PL/Parrot and one of the very important features that we need is disallowing certain operations, most notably file I/O. The motivation for this is that you do not want a stored procedure written in PIR to be able to modify the database via disk operations.
I talked with chromatic in #parrot about needing some security subsystem features and he agreed that we need an API for telling if an opcode is in a particular opcode group. This is talked about in PDD18 if you want to get the full background.
For instance, take the open opcode:
inline op open(out PMC, in STR, in STR) :filesys_open { /* etc... */ }
It is defined to be in the "filesys_open" opcode group. Currently there is no way to tell if a certain opcode is in a given group. The information does not seem to make it into op_info_t, but it is in lib/Parrot/OpLib/core.pm . I propose a public C API that will consist of at least these three functions:
Parrot_sec_opcode_is_in_group(string opcode_name, string group_name)
This function would take an opcode name and opcode group name as argument and return true if the opcode is in the group, false otherwise.
Parrot_sec_opcodes_in_group(string opcode_group)
This function takes a string argument of an opcode group name and returns a ResizableStringArray containing all opcodes in that group.
Parrot_sec_groups_containing_opcode(string opcode_name)
This function takes a string argument of an opcode name and returns a ResizableStringArray listing all groups that contain the given opcode name.
Once an API in C is available to accomplish these things, then it should be straight forward to access this information from PIR.