[LLVMdev] How to stop

Vikram S. Adve vadve at cs.uiuc.edu
Sat Jun 6 11:41:44 PDT 2009 

There are 3 parts to what you are looking for, I think:

1) Isolating the driver from your application so that it cannot crash  
your app;

2) Preventing the driver from calling prohibited functions; and

3) Being able to use the same driver binary on all(?) OS'es and  
processor architectures.

LLVM itself cannot give you #3: you need to put many restrictions on  
the source program (e.g., limiting system headers; limiting pointer- 
integer conversions, etc.) to achieve that.

SAFECode (our project) gives you #1 and #2 if you can recompile the  
driver code along with the application.  If you're willing to adding  
some restrictions, you might be able to get those benefits compiling  
the driver alone but I'd have to think about it.

--Vikram
Associate Professor, Computer Science
University of Illinois at Urbana-Champaign
http://llvm.org/~vadve



On Jun 5, 2009, at 7:30 AM, Marcus Zetterquist wrote:

> Hi!
>
>
> Today we use Lua to let 3rd party developers add driver-like modules
> to our application.
>
> The advantages to using Lua compared to DLL:s etc. are that:
>
> 1) the same driver binary can be used on all OS:es and processor
> architectures etc.
>
> 2) We can provide a small API to the Lua drivers and they _cannot_
> call any other external functions.
>
> 3) A buggy driver cannot crash our application. (Almost true  
> statement.)
>
>
> I'm looking into using LLVM and the bitcode format for this instead.
> The additional, very important advantages are:
>
> 4) 3rd parties can port existing (huge amounts of) C / C++ code much
> easier - no need to rewrite all code in Lua.
>
> 5) Performance. We will use the LLVM JIT.
>
>
> Problem: I can't figure out how to do (2) with the LLVM JIT.
>
> It is very important that the driver does not have access to any other
> function in the application except those I provide. It's not OK for
> our application to abort if a driver calls an undefined function - I
> want to just disable _that driver_ in that event.
>
> I can use DisableSymbolSearching() but that causes application to
> abort for unknown symbols.
>
>
> Please advice!
>
>
> /Marcus
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

More information about the llvm-dev mailing list