In my game (that is also written in C#) I want 开发者_JAVA技巧to include some kind of customization support. Speed is a great concern as I plan to offload major parts of the gameplay to scripts. As a result I choose to use C# for scripting ingame events and stuff. Users should also be able to write scripts and addons for the game in C#. (I know that C# is NOT a scripting language btw.)
I will provide the users with a (static) class that contains all the functions needed to interact with the game. The users will also be able to provide the code as source (the game will compile it in that case). Compiled user "scripts" can / will also be transmitted to other players in some cases. For example a user can build in scripted traps in his home or whatever.
Here are my questions:
Security
How can I ensure that the provided code is forced to ONLY call stuff of the provided API (class) ? To prevent cheating with scripts, malicious activities...
Is there a way to maybe run the compiled code(s) in a sort of VM or low-trust environment ??
Speed
Will this approach be fast enough ? (Calling functions from up to 100 custom assemblys every or every second frame). Any tips on this?
Maybe it's possible to get a speed advantage by compiling all user content into one big assembly or whatever ??
Size
How can I make the compiled code small in size (besides compressing it) ? Because players might need to download tens of scripts...
Is there a way to strip stuff that isn't absolute necessary ? Like debug information or classnames and the likes...
Runtime compilation is fairly new to me (That's why I ask here). So it would be nice to have some major beginner mistakes and / or security concerns pointed out.
Edit:
Just for clarification: A user plugin/script or whatever you would like to call it will be a class (also written in C#) that has to implement specific functions like "GetAddonInfo", "Init", "Update" ... Just like a normal C# class that is derived from my abstract "Addon" class.
You want to take a look at this rework of an old Microsoft example project
http://terrarium2.codeplex.com/
It basically does everything you want.
Compiles code into DLLs and runs them in the environemnt
Checks for allowed API calls.
etc.
Version 2 was re-written to make use of web services and a number of other features. From your question it sounds like you might be more interested in Terrarium 1. However, I can't seem to track it down so you may have to "settle" for the more complicated 2.0 release.
Look into MEF and MAF -- they are both frameworks designed to add C# and VB scripting to existing applications. You can create an appdomain for your scripts and then use code access security to severely restrict what those scripts can do.
This question might help.
Choosing between MEF and MAF (System.AddIn)
精彩评论