Also JVM, ART, .NET verifiers show how complexity hard is to write bytecode verifiers and that is with bytecode that was designed for verification to start with.
I’m not sure how true that is. I seem to remember that some of the problems in JVM bytecode verification are due to a wrong design and not shared by e.g. WASM, and I’m under the impression that (if you don’t try for the absolute best performance and streaming) WASM verification is fairly straightforward. Also, eBPF should probably also fall into the “designed for verification” category, so I can’t figure out what your point is here.