<div dir="ltr">Rafael,<div><br></div><div>I appreciate that your goals are to create a performant linker, quickly. I understand that and wouldn't want to slow you down unnecessarily, especially as I appreciate that I'm on the sidelines and not producing patches for LLD at the moment.</div><div><br></div><div>I also appreciate that LLD/ELF development has certainly picked up pace recently and we might actually have a functioning linker sometime soon. That is very exciting, and thankyou for all your work.</div><div><br></div><div>My worry is that the technical debt accrued will have to be paid off by someone at some point. At some point, someone will have to come along and make LLD robust ("enough", for some definition), and the current decision will make that person's job much harder.</div><div><br></div><div>I'm not asking for horrendously defensive programming - hell, a simple "FIXME" on every place where you deliberately dereference a non-bounds-checked pointer would be sufficient! Re-discovering this sort of thing is exponentially more difficult than taking a small amount of time when originally writing the code.</div><div><br></div><div>Just an opinion.</div><div><br></div><div>Cheers,</div><div><br></div><div>James</div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 22 Mar 2016 at 11:27 Rafael EspĂndola <<a href="mailto:llvm-dev@lists.llvm.org">llvm-dev@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">> Maybe not, but it's not impossible either - browsers manage to harden themselves against malicious input and they operate in a far hostile environment with many more input formats than we do.<br>
<br>
It is important to note how different they are. Both Firefox and<br>
Chromium have people working just to try to make them more secure.<br>
Compare that with LLVM: One week ago I pointed out that your patch<br>
(r263521) introduces a crash. It still hasn't been reverted or even<br>
acknowledge yet.<br>
<br>
<br>
> I'm not trying to shift your personal goal, or to direct the features that you choose to put your time into, but I am interested in project policy.<br>
<br>
Why do you care about policy that is not followed? A policy saying<br>
llvm should not crash on any input is as relevant as one that says<br>
that clang should keep bootstrapping in under one second.<br>
<br>
So, if we stick to reality, what we have is that lld (ELF and COFF)<br>
are already the most reliable parts of the toolchain. If not for Rui<br>
and I being upfront about it most people would not even know that you<br>
could crash it. So please, just let us keep working on the most<br>
reliable part of the toolchain.<br>
<br>
Cheers,<br>
Rafael<br>
_______________________________________________<br>
LLVM Developers mailing list<br>
<a href="mailto:llvm-dev@lists.llvm.org" target="_blank">llvm-dev@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev</a><br>
</blockquote></div>