strictly-bounded evaluation

[Richard Gibson]

I mentioned CEL on the call as being designed for strictly-bounded evaluation, commonly for predicates but also capable of producing data structures.

• "Use CEL for things like list filters for API calls, validation constraints on protocol buffers, and authorization rules for API requests."
• Overview: "CEL was designed specifically to be safe for executing user code… because CEL prevents behavior that would make it less performant, it evaluates safely in nanoseconds or microseconds."
• Performance Limits: "The macros other than has() are the only avenue for exponential behavior. This can be curtailed by the implementation allowing applications to set limits on the recursion or chaining of macros, or disable them entirely."

With expressions like 'tacocat'.startsWith('taco'), account.balance >= transaction.withdrawal, and common.GeoPoint{ latitude: 10.0, longitude: -5.5 }, it's easy to see how even a host-language debugger would not hinder comprehension.

And at a much lower level, there's also eBPF evaluating arbitrary statically-verified definitely-terminating programs in the context of an IETF-standardized virtual machine hosted by the Linux kernel.