Rusky wrote:
I didn't figure it was necessary- there are plenty of systems that already solve the problem in various ways, and many more that solve parts of the problem. But so you don't think I'm being mysterious again, I'll elaborate.
To verify a program is memory safe you need to ensure that it never access memory it does not own. This is an extremely well-solved problem- most languages in use today accomplish it, and you even brought one up as an example. VM languages like Java or C#, scripting languages like Javascript or Python, statically verified languages like the safe subset of Rust, etc.
Then, in order for the OS to verify it, it needs to accept applications only in some form that still retains the necessary information for that analysis, of which I already listed several examples- source, AST, CFG, bytecode, etc.) This has also been done to death- browsers do it, Android does it, research OSes based on Java and C# do it, etc.
Like I said from the start, it's a tradeoff: you give up the flexibility of distributing apps in any format you like, and gain the ability for the OS to control exactly what code is allowed to run. You can run that code however you like- whether you interpret it or JIT-compile it or generate machine code on installation, the OS is still in control.
Thanks, that makes a lot more sense.