[LLVMdev] Using the unused "version" field in the bitcode wrapper (redux)
Robinson, Paul
Paul_Robinson at playstation.sony.com
Tue Nov 25 15:29:41 PST 2014
Where is the testing that proves all this works? Patches welcome…
Now, I've known QA people who break software in two minutes as naturally as breathing; I do not have that skill. Given that I came up with *anything* in two minutes, I am not filled with confidence.
Right now I'm in the middle of un-borking my bots in the wake of the upstream "improvements" to GetSVN.cmake, but I will see what else I can do.
--paulr
From: Sean Silva [mailto:chisophugis at gmail.com]
Sent: Tuesday, November 25, 2014 2:38 PM
To: Robinson, Paul
Cc: Yung, Douglas; llvmdev at cs.uiuc.edu; Reid Kleckner; Bruce Hoult
Subject: RE: [LLVMdev] Using the unused "version" field in the bitcode wrapper (redux)
On Nov 25, 2014 11:59 AM, "Robinson, Paul" <Paul_Robinson at playstation.sony.com<mailto:Paul_Robinson at playstation.sony.com>> wrote:
>
> The fundamental problem is that IR has never been treated as "user input" before. It has always been an ephemeral format, and if some component comes along and sees something it doesn't recognize, that is ipso facto a compiler bug, not a user input error, and it's perfectly okay to crash on a compiler bug. Changing that fundamental assumption would be pretty pervasive.
Sorry, but this is at variance to my experience. In my experience, the fundamental assumption is that we should never crash on bad user input. And LLVM as a library definitely considers bitcode as "user input".
Of course, -disable-verify and similar voids that warranty.
>
>
>
> I will say that the bitcode reader itself is pretty good about identifying bitcode it doesn't recognize; it's the components deeper inside LLVM that are more worrisome.
Could you give a couple examples? It sounds like you are talking about a systemic problem, but so far only one example has been presented.
-- Sean Silva
>
> --paulr
>
>
>
> From: Reid Kleckner [mailto:rnk at google.com<mailto:rnk at google.com>]
> Sent: Tuesday, November 25, 2014 11:43 AM
> To: Sean Silva
> Cc: Robinson, Paul; Bruce Hoult; llvmdev at cs.uiuc.edu<mailto:llvmdev at cs.uiuc.edu>; Yung, Douglas
>
> Subject: Re: [LLVMdev] Using the unused "version" field in the bitcode wrapper (redux)
>
>
>
> On Mon, Nov 24, 2014 at 9:41 PM, Sean Silva <chisophugis at gmail.com<mailto:chisophugis at gmail.com>> wrote:
>>
>> I fail to see why all that re-engineering effort IS "required" to support the use-cases we've provided, and why future-proofing a large body of software that quite honestly was never designed for it and has genuinely very few reasons why it should be.
>>
>>
>>
>> If we're going to support bitcode as a long-term storage format, everything that pulls information out of bitcode MUST be future-proofed. Doing it piece by piece is a LOT of engineering effort to make LLVM user-friendly in this way; it was never intended to have that degree of self-defense.
>
>
>
> I don't understand what you mean by "future-proofed" in this context. If you mean "never crash on bad user input", then your point doesn't make sense to me. LLVM is engineered to never crash on bad user input in the same sense that it is engineered to correctly compile code; neither is allowed, and if either happens it is a bug.
>
>
>
> This is true, but we can say from experience that there are a lot of these kinds of bugs and it will take a lot of effort to fix them all. Personally, I think this worth doing. We should be using the new diagnostic handler on the LLVMContext, and most of LLVM should have a way of returning without exploding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20141125/b22d13e9/attachment.html>
More information about the llvm-dev
mailing list