[LLVMdev] reading untrusted bitcode

Nick Lewycky nicholas at mxc.ca
Sat Jun 6 22:17:37 PDT 2009

Eli Friedman wrote:
> On Sat, Jun 6, 2009 at 6:32 PM, Nick Lewycky<nicholas at mxc.ca> wrote:
>> Whose responsibility is it supposed to be to check types for legality?
>> The BCReader? Or perhaps the verifier?
> It's pretty easy to resolve using the rule "assertions should never
> trigger": if the bitcode reader triggers an assertion, it's a bug in
> the bitcode reader.

And now, arguments for the other side:

   1. Reading untrusted bytecode is a theoretical use case (I don't know 
of anyone who does it and I'm not planning to either) and bytecode 
reader performance is critical for your LTO times (which is a real use 
case and one I do care about).
   2. If you put it in the verifier instead you can detect errors from 
direct C++ API users as well.

Do you want to keep your position or switch? ;-)


More information about the llvm-dev mailing list