[LLVMdev] Adding diversity for security (and testing)

Stephen Crane sjcrane at uci.edu
Mon Aug 26 13:38:29 PDT 2013


Hi Nadav,

Thanks for your interest!


On 08/26/2013 11:51 AM, Nadav Rotem wrote:
> Which scheduler did you modify ? The plan is to disable the 
> SelectionDAG scheduler and move to the MI Scheduler soon. Also, have 
> you looked at randomizing register-allocation ?
Yes, we modified the SelectionDAG scheduler. This was before the MI 
scheduler was around, but we will look into porting our ideas over to 
the new scheduler.

Register allocation randomization is in fact another of our existing 
transformations. We thought we would propose just a few simple 
transforms initially, but we can certainly include register 
randomization as well if there is enough interest.

>> We would also include a secure random number generator which links
>> against OpenSSL. This would of course be an optional module disabled
>> by default, but is necessary so the randomization is cryptographically
>> secure and useful in security applications.
> I am not sure why you need this feature.   You can provide LLVM with a SEED value that can be controlled from the command line.  A wrapper (such as a build-script) can control this value.
We do in fact seed the RNG with a command line parameter (we reuse the 
-frandom-seed param that gcc implemented). However, we need some 
reproducible, cryptographically secure source of randomness for the each 
random decision made during our transformations. We have found that the 
system randomness (/dev/random) is insufficient for this purpose since 
reproducible builds (given the secret seed) are preferable. The only way 
to provide this reproducible stream of randomness is to have a 
process-specific RNG, which we implement on top of OpenSSL for simplicity.

> Please make sure that the LLVM nightly test suite passes with 
> randomization enabled.

Of course. Our patched version currently passes the existing test suite 
on x86_64, and after adding additional tests we will certainly make sure 
that the final patch passes the latest test suite.


Thanks,
Stephen



More information about the llvm-dev mailing list