@SoniEx2 There are a number of options. I haven't looked at WASM in enough detail, but it is possible it provides the right logical restrictions underneath the languages implemented on it. Similarly, there was a C guest on Open Genera.

It isn't strictly necessary to use a bytecode VM to achieve those results, but it requires the language not having direct access semantics or the compiler ignoring that and still emulating things atop safe constructs instead (C thinking it's doing memory accesses while it's just accessing a dynamically-checked array implemented in Common Lisp, for example).

Of course one caveat I didn't mention in my original post is that no matter the theoretical soundness & resulting logical security, hardware side-channels can completely blow it, so it is still no license to just execute arbitrary code (such as proprietary malware).