> Eventually I can imagine writing the JIT in Rust and using some kind of > certified > compilation to guard against compiler bugs.
I haven't really followed this topic; do you really think this would be a feasible approach to a production JS engine? I appreciate that we'd only have to certify that the jit code was safe, not correct, but that still doesn't seem significantly easier given the complexity of jit techniques required to achieve competitive JS performance. > For now, just get it right :-). It seems like a scary-large proportion of security sensitive bugs come out of the JS engine (and it's not because we don't care :). > Sure, the JS JIT will have to be part of the TCB for now. If the certified-compilation scheme doesn't work out (this eventuality seeming rather likely IMHO), it seems like making this TCB assumption early on would lead us to make some bad architectural decisions that would be difficult to fix later (a story we know all to well :). _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo
