[LLVMdev] Using the unused "version" field in the bitcode wrapper (redux)

Sean Silva chisophugis at gmail.com
Tue Nov 25 14:38:07 PST 2014 

On Nov 25, 2014 11:59 AM, "Robinson, Paul" <
Paul_Robinson at playstation.sony.com> wrote:
>
> The fundamental problem is that IR has never been treated as "user input"
before.  It has always been an ephemeral format, and if some component
comes along and sees something it doesn't recognize, that is ipso facto a
compiler bug, not a user input error, and it's perfectly okay to crash on a
compiler bug.  Changing that fundamental assumption would be pretty
pervasive.

Sorry, but this is at variance to my experience. In my experience, the
fundamental assumption is that we should never crash on bad user input. And
LLVM as a library definitely considers bitcode as "user input".

Of course, -disable-verify and similar voids that warranty.

>
>
>
> I will say that the bitcode reader itself is pretty good about
identifying bitcode it doesn't recognize; it's the components deeper inside
LLVM that are more worrisome.

Could you give a couple examples? It sounds like you are talking about a
systemic problem, but so far only one example has been presented.

-- Sean Silva

>
> --paulr
>
>
>
> From: Reid Kleckner [mailto:rnk at google.com]
> Sent: Tuesday, November 25, 2014 11:43 AM
> To: Sean Silva
> Cc: Robinson, Paul; Bruce Hoult; llvmdev at cs.uiuc.edu; Yung, Douglas
>
> Subject: Re: [LLVMdev] Using the unused "version" field in the bitcode
wrapper (redux)
>
>
>
> On Mon, Nov 24, 2014 at 9:41 PM, Sean Silva <chisophugis at gmail.com> wrote:
>>
>> I fail to see why all that re-engineering effort IS "required" to
support the use-cases we've provided, and why future-proofing a large body
of software that quite honestly was never designed for it and has genuinely
very few reasons why it should be.
>>
>>
>>
>> If we're going to support bitcode as a long-term storage format,
everything that pulls information out of bitcode MUST be future-proofed.
Doing it piece by piece is a LOT of engineering effort to make LLVM
user-friendly in this way; it was never intended to have that degree of
self-defense.
>
>
>
> I don't understand what you mean by "future-proofed" in this context. If
you mean "never crash on bad user input", then your point doesn't make
sense to me. LLVM is engineered to never crash on bad user input in the
same sense that it is engineered to correctly compile code; neither is
allowed, and if either happens it is a bug.
>
>
>
> This is true, but we can say from experience that there are a lot of
these kinds of bugs and it will take a lot of effort to fix them all.
Personally, I think this worth doing. We should be using the new diagnostic
handler on the LLVMContext, and most of LLVM should have a way of returning
without exploding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20141125/b864321d/attachment.html>

More information about the llvm-dev mailing list