Can language level regions be used to support compartmentalisations?

[SaiVK]

Hello Everyone
I am Sai, working at the Indian Institute of Technology Madras. My work revolves around compartmentalization and memory safety issues. I am interested to know more about Verona:
Can anyone explain to me what Verona intends to achieve by this: Can language level regions be used to support compartmentalisations?

Thanking you
Sai

[davidchisnall]

Hi @SaiVK. Sorry for the delay getting back to you, I was on holiday last week.

This is, indeed, one of the goals for regions. We want to have a fully type-safe and concurrency-safe language that remains safe in the presence of foreign code. This requires that we have language-level abstractions for managing unsafe code.

The foreign code design doc explains how we expect to map instances of unsafe libraries into objects in regions, with one region per compartment. The process-based sandboxing experiment contains code to surface this abstraction on top of existing OS processes. We expect to be able to use SFI (e.g. from a WebAssembly runtime) and CHERI to support the same abstractions and are also interested in non-process MMU-based mechanisms. We have some of our Morello systems designated for this work.

This is also something that we're interested in working with academic collaborators on. Please let me know if you have more questions that aren't answered by the above links or if you want to schedule a call to discuss some of this.

[SaiVK]

Thank you so much @davidchisnall for clarifying my query. I will look into the foreign-code doc as you had suggested.

Thanking you
-Sai