[LLVMdev] JIT crash takes down host-application
Nick Lewycky
nicholas at mxc.ca
Sun Jul 18 11:17:20 PDT 2010
Frank Fuchs wrote:
> Hi,
>
> I'm doing some tests concerning the embedding of LLVM and clan in my application.
> Now I stumbled across the following ... which disturbs me. If the jitted program crashes,
> like e.g. if it contains an assert(0==1) or calls an external function which cannot be resolved,
> the hosting app goes down as well. There seems no error catch.
>
> Can this anyhow be circumvented?
Fork?
LLVM JIT is not a secure VM like Java. Programs running under the JIT
are free to make any memory operation or function call that the
enclosing program could, even _exit(). You can try to restrict function
calls by removing the name resolution:
http://llvm.org/doxygen/classllvm_1_1ExecutionEngine.html#af062585affb7cd16bab9867b706ea460
and/or installing your own (see InstallLazyFunctionCreator), but
ultimately they're the same process/task from the point of view of the
operating system and there's no "llvm security model" or anything like that.
If you're very determined, you could create an LLVM IR transformation
pass which checks every load/store/call and verifies that it's safe, and
if it's not verifiable at compile time makes it call back into your
program at runtime to do the check and proceed only if it is.
Or if you don't need it to be in the same process, don't put it there
and let the OS handle the rest.
Nick
More information about the llvm-dev
mailing list