[LLVMdev] reading untrusted bitcode
Nick Lewycky
nicholas at mxc.ca
Tue Jun 23 20:35:13 PDT 2009
Eli Friedman wrote:
> On Sat, Jun 6, 2009 at 6:32 PM, Nick Lewycky<nicholas at mxc.ca> wrote:
>> Whose responsibility is it supposed to be to check types for legality?
>> The BCReader? Or perhaps the verifier?
>
> It's pretty easy to resolve using the rule "assertions should never
> trigger": if the bitcode reader triggers an assertion, it's a bug in
> the bitcode reader.
I asked Chris about this on IRC and he states that he doesn't want this
in the bitcode reader. If someone wants to verify their types then it
belongs in the Verifier.
The assertions should probably stay as they are, I don't see any benefit
to removing them. It turns out that you can construct such illegal types
even with the assertions we have. Consider:
-- a.ll --
%ty = type opaque
%foo = type <4 x %ty>
-- b.ll --
%ty = type label
Upon llvm-link'ing those, you end up with <4 x label> without triggering
any asserts. Disassembling the resulting .bc file will trigger an assert
though.
Nick
More information about the llvm-dev
mailing list