A lightweight sandbox runtime for short-lived scripts and constrained execution
Posted by TomatoKindly7082@reddit | programming | View on Reddit | 4 comments
I’ve been experimenting with a lightweight sandbox runtime designed for short-lived scripts.
The project started from a simple question:
most existing runtimes are built for humans writing long-lived applications, but what would a runtime look like if it was optimized for disposable/generated scripts instead?
Some things I’ve been exploring:
- low startup latency
- restricted execution
- opcode execution limits
- restartable arena-style memory
- lightweight orchestration around existing ecosystems instead of replacing them
Right now I’m mostly trying to understand the tradeoffs around:
- sandboxing untrusted/generated code
- limiting runaway execution
- keeping startup/memory overhead low
- and whether this model is actually useful in practice
The goal isn’t to replace Python or JavaScript, but to experiment with a smaller execution layer for ephemeral scripts.
I’d genuinely appreciate feedback from people interested in runtimes, interpreters, sandboxing, or systems programming — especially criticism around the design decisions and limitations.
programming-ModTeam@reddit
r/programming is not a place to post your project, get feedback, ask for help, or promote your startup.
Technical write-ups on what makes a project technically challenging, interesting, or educational are allowed and encouraged, but just a link to a GitHub page or a list of features is not allowed.
The technical write-up must be the focus of the post, not just a tickbox-checking exercise to get us to allow it. This is a technical subreddit.
We don't care what you built, we care how you build it.
lood9phee2Ri@reddit
Laypeople (including/especially corporate executives unfortunately) do not understand this. They think it's like a perfect logical movie AI and that, because a computer did it, it must be writing correct code.
TomatoKindly7082@reddit (OP)
I understand your point. You’re saying that AI-generated code may not always be reliable, and users can easily over-trust its output.
In my design, I also start from that assumption, which is why I introduce control mechanisms and error-reduction layers when executing AI-generated code.
At the current stage, I think AI can already produce reasonably good short code snippets. I’m focusing on reducing the risk when running them in real environments and enabling the system to recover or retry when errors occur.
I believe that in the future, AI will be strongest at generating small pieces of code, which is why I built Autolang as a bet on the future of programming. This assumption could turn out to be either right or wrong - what do you think?
lood9phee2Ri@reddit
I dunno, I don't mean to be discouraging but e.g. container or full kvm micro-vm (*) based sandboxing/confinement is of course completely language-agnostic, and can still spin up quite fast.
Current models are trained on the heaps of existing language gargage code online. Getting them to spit out python or javascript sorta works in part because they have massive amounts of those specifically to rip-off in their training set. I see you suggesting putting your entire language reference prefixed in the context of course (or you could post-train/finetune it into a model), it's not a hard objection, just a point.
(* I don't trust non-krun (i.e containers in a kvm micro-vm) container runtimes not to be a bit too porous for my liking, and llms probably have some container escape vulns in their training sets too haha. Not that kvm can't have escape vulns but you're getting into much rarer territory ).