[LLVMdev] reading untrusted bitcode
nicholas at mxc.ca
Sat Jun 6 22:17:37 PDT 2009
Eli Friedman wrote:
> On Sat, Jun 6, 2009 at 6:32 PM, Nick Lewycky<nicholas at mxc.ca> wrote:
>> Whose responsibility is it supposed to be to check types for legality?
>> The BCReader? Or perhaps the verifier?
> It's pretty easy to resolve using the rule "assertions should never
> trigger": if the bitcode reader triggers an assertion, it's a bug in
> the bitcode reader.
And now, arguments for the other side:
1. Reading untrusted bytecode is a theoretical use case (I don't know
of anyone who does it and I'm not planning to either) and bytecode
reader performance is critical for your LTO times (which is a real use
case and one I do care about).
2. If you put it in the verifier instead you can detect errors from
direct C++ API users as well.
Do you want to keep your position or switch? ;-)
More information about the llvm-dev