[LLVMdev] reading untrusted bitcode

Nick Lewycky nicholas at mxc.ca
Tue Jun 23 20:35:13 PDT 2009

Eli Friedman wrote:
> On Sat, Jun 6, 2009 at 6:32 PM, Nick Lewycky<nicholas at mxc.ca> wrote:
>> Whose responsibility is it supposed to be to check types for legality?
>> The BCReader? Or perhaps the verifier?
> It's pretty easy to resolve using the rule "assertions should never
> trigger": if the bitcode reader triggers an assertion, it's a bug in
> the bitcode reader.

I asked Chris about this on IRC and he states that he doesn't want this 
in the bitcode reader. If someone wants to verify their types then it 
belongs in the Verifier.

The assertions should probably stay as they are, I don't see any benefit 
to removing them. It turns out that you can construct such illegal types 
even with the assertions we have. Consider:

-- a.ll --
%ty = type opaque
%foo = type <4 x %ty>

-- b.ll --
%ty = type label

Upon llvm-link'ing those, you end up with <4 x label> without triggering 
any asserts. Disassembling the resulting .bc file will trigger an assert 


More information about the llvm-dev mailing list