> NaCl does it [code verification] for x86 at machine code level (again with full ANSI C support but with coarser granularity and bigger speed loss).
and Cyberax countered:
> And NaCl still relies on hardware memory protection to contain untrusted code, so it's just a clever way to implement lightweight virtualization on x86. Qemu or VMWare both do similar tricks as well.
If any of you two has pointers to how exactly NaCl (or Qemu or VMWare) achieves to prevent "compartementalized" code within a process from accessing the enclosing rest of the code/data, I'd be interested and thankful to see those pointers (I've checked a bit the nativeclient docu but didn't see anything at first glance).