[LLVMdev] JIT crash takes down host-application

Nick Lewycky nicholas at mxc.ca
Sun Jul 18 11:17:20 PDT 2010

Frank Fuchs wrote:
> Hi,
> I'm doing some tests concerning the embedding of LLVM and clan in my application.
> Now I stumbled across the following ... which disturbs me. If the jitted program crashes,
> like e.g. if it contains an assert(0==1) or calls an external function which cannot be resolved,
> the hosting app goes down as well. There seems no error catch.
> Can this anyhow be circumvented?


LLVM JIT is not a secure VM like Java. Programs running under the JIT 
are free to make any memory operation or function call that the 
enclosing program could, even _exit(). You can try to restrict function 
calls by removing the name resolution:


and/or installing your own (see InstallLazyFunctionCreator), but 
ultimately they're the same process/task from the point of view of the 
operating system and there's no "llvm security model" or anything like that.

If you're very determined, you could create an LLVM IR transformation 
pass which checks every load/store/call and verifies that it's safe, and 
if it's not verifiable at compile time makes it call back into your 
program at runtime to do the check and proceed only if it is.

Or if you don't need it to be in the same process, don't put it there 
and let the OS handle the rest.


More information about the llvm-dev mailing list