[LLVMdev] failure mode of invalid (debug info) metadata

David Blaikie dblaikie at gmail.com
Tue Mar 12 13:38:43 PDT 2013


Currently the debug info metadata handling is a bit loose - LLVM
accepts pretty much anything that looks roughly like the desired
schema & is lazily resilient to some differences (see, for example,
llvm::DIDescriptor::get*Field functions (lib/IR/DebugInfo.cpp:81)).

I made some parts of debug info handling more pedantic about the
structure (requiring a certain number of metadata operands, checking
the validity of debug info contexts) & now can infinitely recurse for
sufficiently incorrect debug info metadata.

So I'm wondering what LLVM's guarantees are or should be here. It
seems there's two possibilities:

1) LLVM should have well defined behavior over any metadata values
(anything that passes the current IR verifier, I assume - though I
don't know a great deal about what's covered by the verifier)

2) LLVM should grow metadata verification to the IR verifier & have
well defined behavior only over metadata that passes such verification
(in this case we can have UB (infinite recursion, out of bounds, etc)
in debug info metadata handling by verifying it all up-front)

Are there other positions? Is there a clear precedent/reason to choose
one of the above choices? (I'd be inclined towards (2) but not sure if
this violates some important principles of LLVM)



More information about the llvm-dev mailing list