<div dir="ltr">hi joe,<div><br></div><div>thanks for chiming in. let me first put to rest your concern that we're submitting this to offload tedious merges. we genuinely think this is beneficial to the llvm community at large and think many people would use this feature. think of this as the next step after putting in aslr to stop malicious code execution. nobody who understands the purpose of aslr would argue that it is not of interest of the broader community; basically everybody who writes c/c++ (and does formally prove its absence of memory errors) should care. nop insertion is basically fine-grained code layout randomization so the relevance of aslr readily extends to our patch. </div>
<div><br></div><div>your work seems to protect against tampering and unauthorized copying. in that respect, i'm sure your product is much more powerful than what we're contributing. thus when focusing on drm applications, you may be right that our patch is of limited interest to the community, however, in the context of arbitrary code execution, our patch is broadly relevant imo.</div>
<div><br></div><div>cheers,</div><div>per</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jan 24, 2014 at 7:39 AM, Joe Abbey <span dir="ltr"><<a href="mailto:jabbey@arxan.com" target="_blank">jabbey@arxan.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Sean et al,<div><br></div><div>Thanks for pinging me to join the conversation. </div>
<div><br></div><div>I'm adding a few of my colleagues to the group as well. Aaron Lint has been using LLVM's disassembler for one of our products. He and Gordon Keiser have upstreamed a few backend fixes over the years. So this touches on an area where they have more expertise. I will briefly comment on the security side of things.</div>
<div><br></div><div>There is value in randomization of instruction layout, and we have built a successful product offering which goes beyond instruction randomization. At Arxan, we believe in defense in depth and randomization of program appearance and behavior. Our product's are based on Dr. Chang's research [1]. And of course, we've patented it [2].</div>
<div><br></div><div>This patch doesn't seem to add value to the broad LLVM community, and it feels more like offloading the tedious merges with an internal branch. I feel this pain on a weekly basis, but as of yet there's no clear way to "plugin" add-ons to the compiler framework. Though with the modular codebase, I suspect it would be trivial to write a framework which decouples internals and allows registration of machine code functions and the like.</div>
<div><br></div><div>I'd suggest the patch not go in, only because there isn't sufficient value in adding this code. The precedent of course makes it difficult for me and my team(s) to upstream similar patches. We try to keep our patches focused on broadly applicable code areas. This patch is not benefiting any x86 users, and at the same time not directly affecting them. However, there is a real cost in maintaining it, and it would be a shame if after 2015 it were ultimately reverted. Thus since the value seems to be limited, and the cost appears to exceed value, I suggest we err on the side of omission.</div>
<div><br></div><div>Sincerely,</div><div><br></div><div>Joe</div><div>
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;text-transform:none;white-space:normal;font-family:Helvetica;word-wrap:break-word;word-spacing:0px">
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;text-transform:none;white-space:normal;font-family:Helvetica;word-wrap:break-word;word-spacing:0px">
<div style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;font-weight:normal;line-height:normal;text-transform:none;white-space:normal;font-family:Helvetica;word-wrap:break-word;word-spacing:0px">
<div style="font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">
<div style="font-family:Helvetica;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">
<span style="border-collapse:separate;border-spacing:0px;font-size:9px"><div style="word-wrap:break-word"><font><span style><span style="border-collapse:separate;border-spacing:0px"><span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word">
<span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word">
<span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><font face="Verdana" color="#052090"><b>______________________________</b></font></div><div style="word-wrap:break-word"><font face="Verdana" color="#052090"><b>Joe Abbey</b></font></div>
<div style="word-wrap:break-word"><font face="Verdana" color="#052090">Senior Director of Product Development</font></div><div style="word-wrap:break-word"><font face="Verdana" color="#052090">Arxan Technologies</font></div>
<div style="word-wrap:break-word"><font><a href="mailto:jabbey@arxan.com" target="_blank"><font face="Verdana" color="#0433ff">jabbey@arxan.com</font></a><font style="font-family:Calibri,sans-serif"> </font></font><span style="border-collapse:separate;border-spacing:0px"><span><span style="border-collapse:separate;border-spacing:0px"><span style="border-collapse:separate;border-spacing:0px"><font face="Verdana"><a href="http://www.arxan.com/" style target="_blank"><font color="#ff9324">www.arxan.com</font></a></font></span></span></span></span></div>
</span></div></span></div></span></div></span></div></span></span></span><span style="border-collapse:separate;border-spacing:0px"><span style="font-variant:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><span style="border-collapse:separate;border-spacing:0px"><span style="border-collapse:separate;border-spacing:0px"><font face="Verdana"><div style="word-wrap:break-word">
<div style="word-wrap:break-word"><span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><span style="border-collapse:separate;border-spacing:0px"><div style="word-wrap:break-word"><span style="border-collapse:separate;border-spacing:0px"><div style="color:rgb(169,169,169);font-family:Verdana;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:-webkit-auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;word-wrap:break-word">
<font>Protecting the App Economy™</font></div></span></div></span></div></span></div></div></font></span></span></span></span></font></div></span></div></div></div></div></div>
</div>
<br><div><div>[1] <a href="http://dl.acm.org/citation.cfm?id=734775" target="_blank">http://dl.acm.org/citation.cfm?id=734775</a></div><div>[2] <a href="http://pimg-fpiw.uspto.gov/fdd/97/570/077/0.pdf" target="_blank">http://pimg-fpiw.uspto.gov/fdd/97/570/077/0.pdf</a></div>
<div><br></div></div></div></blockquote></div><br></div>