On Thu, Jan 31, 2013 at 3:24 PM, Jan Lehnardt <[email protected]> wrote:
> > On Jan 31, 2013, at 16:20 , Robert Newson <[email protected]> wrote: > > > Part of the difficulty in asserting the correctness of the sandbox is > > that important tests like "cannot read file", "cannot write file", > > "cannot open socket" cannot be written against SpiderMonkey (or, > > presumably, V8) as they simply don't provide those features. Node > > does, and that's the principal advantage of it over V8 as I understand > > things, but it is obviously silly to write a test suite on that basis. > > Excellent point. What ways of mitigating to we have? > > Can we construct a sandbox that only allows calling of functions that > we specify (has Jason done this?). > Right, you cannot mechanically prove a negative assertion ("Nothing could go wrong in this VM."). However surely you could test *something*. In that huge test suite, there is room for *some* kind of basic testing. To at least cover the easy stuff. That is an additional goal of this project: codify some ways to test out a sandbox, to assess how confident you can feel about it--to compare one runtime against another, directly. -- Iris Couch
