3.19: adda/exceptions/security through instruction restrictions:
. my style of exceptions has been
having the raiser call the caller's handler;
but, if the caller's code can be corrupted,
then the exception raiser could be exploited .
. it's fun to think about a perfect language,
one that's not corruptable;
but it's safer to have layers of security,
and not depend on a perfect language system .
. say the exception raiser is in ROM
(as it is a library routine)
but the exception handler has a jump instruction
that bypasses a safety guard;
what could save us is a VM that knows when it is
inside an exception handler,
and never executes a jump in such situations .