[clang] [compiler-rt] [llvm] [LFI] Introduce AArch64 LFI Target (PR #167061)
David Green via llvm-commits
llvm-commits at lists.llvm.org
Wed Nov 26 01:11:25 PST 2025
================
@@ -0,0 +1,387 @@
+=========================================
+Lightweight Fault Isolation (LFI) in LLVM
+=========================================
+
+.. contents::
+ :local:
+
+Introduction
+++++++++++++
+
+Lightweight Fault Isolation (LFI) is a compiler-based sandboxing technology for
+native code. Like WebAssembly and Native Client, LFI isolates sandboxed code in-process
+(i.e., in the same address space as a host application).
+
+LFI is designed from the ground up to sandbox existing code, such as C/C++
+libraries (including assembly code) and device drivers.
+
+LFI aims for the following goals:
+
+* Compatibility: LFI can be used to sandbox nearly all existing C/C++/assembly
+ libraries unmodified (they just need to be recompiled). Sandboxed libraries
+ work with existing system call interfaces, and are compatible with existing
+ development tools such as profilers, debuggers, and sanitizers.
+* Performance: LFI aims for minimal overhead vs. unsandboxed code.
+* Security: The LFI runtime and compiler elements aim to be simple and
+ verifiable when possible.
+* Usability: LFI aims to make it easy as possible to used retrofit sandboxing,
----------------
davemgreen wrote:
Maybe to use? or to be used for?
https://github.com/llvm/llvm-project/pull/167061
More information about the llvm-commits
mailing list