There is already Luau if you need a sandbox. Neither Lua nor LuaJIT are sandboxes. There is also my libriscv project if you need a low latency sandbox, without JIT.
I haven't mentioned sandboxes and don't need them. As an example, Love integrates LuaJIT, but the JIT is disabled in i-platforms. As is mentioned by LuaJIT:
> Note: the JIT compiler is disabled for iOS, because regular iOS Apps are not allowed to generate code at runtime. You'll only get the performance of the LuaJIT interpreter on iOS. This is still faster than plain Lua, but much slower than the JIT compiler. Please complain to Apple, not me. Or use Android. :-p
So to return to my original comment, the improvement that I'm seeing here is a faster _interpreter_, which is something advertised on the luajit-remake repo.
Looks like LuaJIT is still going to be faster, because Deegen requires runtime code generation, thus executable + writable pages, which iOS platform does not allow.
Maybe we have different definitions of “sandbox”, but I thought the Lua interpreter was one? That is, isn’t it safe (or can be made safe) to embed the interpreter within an application and use it to run untrusted Lua code?
There is a lot of information there, but it doesn't seem to be able to handle resource exhaustion, execution time limits or even give any guarantees. It does indicate that it's possible to use as a sandbox, and has a decent example of the most restrictive setup. But I would for example compare it with Luau's SECURITY.md.
> Luau provides a safe sandbox that scripts can not escape from, short of vulnerabilities in custom C functions exposed by the host. This includes the virtual machine and builtin libraries. Notably this currently does not include the work-in-progress native code generation facilities.
> Any source code can not result in memory safety errors or crashes during its compilation or execution. Violations of memory safety are considered vulnerabilities.
> Note that Luau does not provide termination guarantees - some code may exhaust CPU or RAM resources on the system during compilation or execution.
So, even luau will have trouble with untrusted code, but it does give certain guarantees, and writes specifically about what is not covered. I think that's fair. And then libriscv.
> libriscv provides a safe sandbox that guests can not escape from, short of vulnerabilities in custom system calls installed by the host. This includes the virtual machine and the native helper libraries. Do not use binary translation in production at this time. Do not use linux filesystem or socket system calls in production at this time.
> libriscv provides termination guarantees and default resource limits - code should not be able to exhaust CPU or RAM resources on the system during initialization or execution. If blocking calls are used during system calls, use socket timeouts or timers + signals to cancel.
So, it is possible to provide limits while still running fast. I imagine many WebAssembly emulators can give the same guarantees.
See: http://lua-users.org/lists/lua-l/2011-02/msg01582.html
I'm not sure what you mean by code generation constraints though.