Mojo + NaCl prototype.

mojo/monacl/README

Index: mojo/monacl/README
diff --git a/mojo/monacl/README b/mojo/monacl/README
new file mode 100644
index 0000000000000000000000000000000000000000..65a2447e9f08c8f5dc08ee18ff042438fdf95cec
--- /dev/null
+++ b/mojo/monacl/README
@@ -0,0 +1,23 @@
+This is a prototype for plumbing Mojo into the NaCl sandbox.  It is
+currently insecure (see below), does not provide a stable ABI (IRT
+support must be added), and does not support Mojo functions that
+return pointers (for example, MojoMapBuffer).
+

[Mark Seaborn, 2014/09/10 23:19:20]

On naming: "monacl" is cutesy, but it's not necessarily obvious that "monacl" is
just "mojo + nacl".

Wouldn't "mojo/nacl" be more obvious, and more consistent with other directories
like "components/nacl"?

[Nick Bray (chromium), 2014/09/11 00:56:39]

Bulk moved.  Some instances of "monacl" not changed due to lack of better name.

+generator/interface.py contains a programmatic description of the
+stable Mojo interface.  This will need to be updated as the interface
+changes.  Run generator/generate_monacl_bindings.py to generate the
+bindings that plumb this interface into the NaCl sandbox.
+
+To test: Build "monacl_shell" and "monacl_test".  Run monacl_shell
+with the IRT as the first argument and the monacl_test as the second
+argument.  For example, to run a Debug 32-bit Intel build:
+
+  cd out/Debug
+  ./monacl_shell irt_core_newlib_x32.nexe monacl_test_newlib_x32.nexe
+
+Security TODO list:
+  Separate trusted and untrusted Mojo handles.
+  Validate and copy option structures.
+  Protect untrusted buffers passed into Mojo:
+    NaClVmIoWillStart/HasEnded.
+    Data races.

[Mark Seaborn, 2014/09/10 23:19:20]

What do you mean by "data races"?  Does this mean cases where trusted code
accesses untrusted address space without proper atomic/volatile qualifiers?

[Nick Bray (chromium), 2014/09/11 00:56:39]

Done.