Handmade Network»Forums
65 posts
Use C as a scripting language?

I've been thinking about letting users make scripts for my project. What I'd like to do, is let them write and compile game scripts in C, as this would make it very easy to develop. The thing I'm concerned about, is a user could put something nasty in the script, and share it with my program. I can't think of a way to stop users doing that, unless I make a custom script language, probably visual.

Is this something devs worry about? Is it a bad idea to use C for this?

Mārtiņš Možeiko
2443 posts / 2 projects
Use C as a scripting language?
Edited by Mārtiņš Možeiko on

Technically that is possible, but it will require custom compiler that can do proper sandboxing & validating all memory accesses & indirect calls/jumps. That plus whitelisting what external calls that are allowed.

For example how it was done read internals of Google NaCl (Native Client):
https://en.wikipedia.org/wiki/Google_Native_Client
https://developer.chrome.com/docs/native-client/overview/
https://developer.chrome.com/docs/native-client/reference/sandbox_internals/x86-64-sandbox/

That was attempt to bring native code plugins into browser in secure manner. It is super super hard to do that correctly. It had many bugs compromising security. Eventually wasm won over it and Google deprecated NaCl.

So unless you're expert in compiler development & codegen and can spend a lot of time on this. I would strongly NOT recommend loading any natively compiled code if you need to guard against arbitrary code execution.

188 posts / 1 project
Use C as a scripting language?

The worst part of using C dynamically is having to bundle a compiler that is very much tied to the operating system and hardware. The user's code might also fail to compile due to differences between operating systems, updates to the compiler, et cetera.

Would be easier to just bundle a dynamic link library for own use as (.dll/.so) and find it in a folder dynamically using (FindFirstFileW, FindNextFileW, FindClose) on MS-Windows and (opendir, readdir) on Posix.

If both speed and security is important, you can create a virtual machine using complex instructions for anything that is computationally heavy. This is how OpenCV works with Python. Not the most cache effective nor powerful solution, but a lot faster than a scripted loop with memory bound checks for every little element.

If it's just to drive the story in a game using 100 virtual instructions per second, then don't worry about the performance.

4 posts / 1 project
Use C as a scripting language?

May I suggest... Javascript? It's a pretty simple scripting language with C syntax.

I started out with my own simple script interpreter, then tried Lua (because it's easy to embed) but I didn't care for the syntax, then realized I was overlooking the elephant in the room: JS. I was so sick and tired of webdev, I forgot that JS itself is alright. I'm using MuJS, a little embedded JS engine with a Lua-like API and an unrestrictive license. It's used in PDF readers so security is a priority.

188 posts / 1 project
Use C as a scripting language?
Replying to synthnostate (#26681)

Yes, the root problem with Javascript in browsers is that old bugs in how it is interpreted remains from the oldest implementations, in order to not break backwards compatibility. Even Batch would be okay if it wasn't for the super buggy implementation of cmd.exe trying to emulate every bug from the 1980s. Just need a fresh dialect, preferrably with the grammar and exception handling formally defined.

Victor Gallet
2 posts
Use C as a scripting language?

Actually dynamically hot reloading (compiling into memory then run) c code is really really easy with the amazing TCC compiler library. Like 2-3 functions, at max, and you are good to go. You don't get the most optimized code, but it's clearly WAY faster than any scripting languages out there, because it's still compiled to assembly instructions. It works well on windows/linux, which are the most usefull plateforms anyway, to develop for at the moment.

Mārtiņš Možeiko
2443 posts / 2 projects
Use C as a scripting language?
Edited by Mārtiņš Možeiko on
Replying to Elkantor (#26925)

I don't think anybody claims that dynamically implementing hot reloading is hard as functionality - even without tcc it is as simple as invoking compiler and reloading dll file. The problem as OP is asking is how to guarantee security/isolation/sandboxing. Because you can never be sure about bugs in code you're trying to run, either malicious or accidental - which could take down your whole process if you're just executing as part of your process without any extra precautions. That is reason why NaCl existed, and why wasm exists.

Victor Gallet
2 posts
Use C as a scripting language?
Replying to mmozeiko (#26926)

Oh yeah, sorry, I didn't catch this point. The best solution would be to get a sandbox process, as casey mentionned in one of his stream, direclty from the OS. But yeah... Not a simple problem. Anyway, sorry for the spam

4 posts
Use C as a scripting language?
Replying to Elkantor (#26925)

Elkantor, can you please expand on that hot reload + TCC? How would you do that?

Mārtiņš Možeiko
2443 posts / 2 projects
Use C as a scripting language?
Replying to escalioth (#26929)

Look at libtcc.h file - it has small amount of function to compile code from string and lookup function in result that you can call. tests/libtcc_test.c file contains standalone example for it.

4 posts
Use C as a scripting language?
Replying to mmozeiko (#26930)

Thank you!

Gaurav Gautam
84 posts
Use C as a scripting language?
Replying to escalioth (#26931)

I know you have already found a solution (namely the low privilege process spawning). However, since someone suggested using javascript and webassembly wasn't metioned I would like to draw your attention to this on the off chance that you are overlooking this. https://wasmer.io/

This is a runtime for webassembly that can be easily embedded in any program. It claims to sandbox everything and give you ways to punch holes in the sandbox for the things you want to allow access. And you can then support any language that compiles to webassembly not just C. I don't know how fast it will be but I assume it should be possible to be as fast as the most optimized javascript at least. Its also opensource so you can really just look into the source if you find any fundamental perf issues.