Marcus Zetterquist
2009-Jun-05  12:33 UTC
[LLVMdev] How to stop symbol searching without aborting
Hi! Today we use Lua to let 3rd party developers add driver-like modules to our application. The advantages to using Lua compared to DLL:s etc. are that: 1) the same driver binary can be used on all OS:es and processor architectures etc. 2) We can provide a small API to the Lua drivers and they _cannot_ call any other external functions. 3) A buggy driver cannot crash our application. (Almost true statement.) I'm looking into using LLVM and the bitcode format for this instead. The additional, very important advantages are: 4) 3rd parties can port existing (huge amounts of) C / C++ code much easier - no need to rewrite all code in Lua. 5) Performance. We will use the LLVM JIT. Problem: I can't figure out how to do (2) with the LLVM JIT. It is very important that the driver does not have access to any other function in the application except those I provide. It's not OK for our application to abort if a driver calls an undefined function - I want to just disable _that driver_ in that event. I can use DisableSymbolSearching() but that causes application to abort for unknown symbols. Please advice! /Marcus
Óscar Fuentes
2009-Jun-05  17:09 UTC
[LLVMdev] How to stop symbol searching without aborting
Marcus Zetterquist <marcus.zetterquist at gmail.com> writes:> Today we use Lua to let 3rd party developers add driver-like modules > to our application. > > The advantages to using Lua compared to DLL:s etc. are that: > > 1) the same driver binary can be used on all OS:es and processor > architectures etc.[snip]> I'm looking into using LLVM and the bitcode format for this instead. > The additional, very important advantages are: > > 4) 3rd parties can port existing (huge amounts of) C / C++ code much > easier - no need to rewrite all code in Lua.AFAIK, LLVM code is not platform-independent. A C compiler that targets x86 will generate different LLVM bitcode than the same C compiler when it targets x86_64, for instance.> 5) Performance. We will use the LLVM JIT. > > > Problem: I can't figure out how to do (2) with the LLVM JIT. > > It is very important that the driver does not have access to any other > function in the application except those I provide. It's not OK for > our application to abort if a driver calls an undefined function - I > want to just disable _that driver_ in that event. > > I can use DisableSymbolSearching() but that causes application to > abort for unknown symbols.An LLVM program can call any address, valid or not. If the programmer figures out the address of one of those "forbidden" functions, he can call it. You may write some pass for detecting suspicious constructs and reject them, but solving the problem the right way looks very hard or impossible to me, mostly because you want to use LLVM code generated by a C/C++ compiler. -- Óscar
Cédric Venet
2009-Jun-05  20:05 UTC
[LLVMdev] How to stop symbol searching without aborting
> > An LLVM program can call any address, valid or not. If the programmer > figures out the address of one of those "forbidden" functions, he can > call it. You may write some pass for detecting suspicious constructs and > reject them, but solving the problem the right way looks very hard or > impossible to me, mostly because you want to use LLVM code generated by > a C/C++ compiler. >you may want to take a look at http://nativeclient.googlecode.com/svn/trunk/nacl/googleclient/native_client/documentation/nacl_paper.pdf The paper look promising. I didn't try there implementation http://code.google.com/p/nativeclient/ . The license is new BSD. Will it is currently developped for the web, it could be useful for any applications which does not trust its plugins. regards, Cédric
Robert G. Jakabosky
2009-Jun-08  13:34 UTC
[LLVMdev] How to stop symbol searching without aborting
Have you tried llvm-lua? It adds JIT & static compiling support to the Lua VM using LLVM as the backend. I just released version 1.0 about a week ago. The project website is here: http://code.google.com/p/llvm-lua/ On Friday 05, Marcus Zetterquist wrote:> Hi! > > > Today we use Lua to let 3rd party developers add driver-like modules > to our application. > > The advantages to using Lua compared to DLL:s etc. are that: > > 1) the same driver binary can be used on all OS:es and processor > architectures etc. > > 2) We can provide a small API to the Lua drivers and they _cannot_ > call any other external functions. > > 3) A buggy driver cannot crash our application. (Almost true statement.) > > > I'm looking into using LLVM and the bitcode format for this instead. > The additional, very important advantages are: > > 4) 3rd parties can port existing (huge amounts of) C / C++ code much > easier - no need to rewrite all code in Lua. > > 5) Performance. We will use the LLVM JIT. > > > Problem: I can't figure out how to do (2) with the LLVM JIT. > > It is very important that the driver does not have access to any other > function in the application except those I provide. It's not OK for > our application to abort if a driver calls an undefined function - I > want to just disable _that driver_ in that event. > > I can use DisableSymbolSearching() but that causes application to > abort for unknown symbols. > > > Please advice! > > > /Marcus > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev-- Robert G. Jakabosky
Alastair Lynn
2009-Jun-08  21:43 UTC
[LLVMdev] How to stop symbol searching without aborting
Hi Robert- I notice that llvm-lua requires LLVM 2.4 rather than anything recent - are there any plans to upgrade? Alastair On 8 Jun 2009, at 14:34, Robert G. Jakabosky wrote:> > Have you tried llvm-lua? It adds JIT & static compiling support to > the Lua VM > using LLVM as the backend. I just released version 1.0 about a week > ago. > > The project website is here: > http://code.google.com/p/llvm-lua/ > > On Friday 05, Marcus Zetterquist wrote: >> Hi! >> >> >> Today we use Lua to let 3rd party developers add driver-like modules >> to our application. >> >> The advantages to using Lua compared to DLL:s etc. are that: >> >> 1) the same driver binary can be used on all OS:es and processor >> architectures etc. >> >> 2) We can provide a small API to the Lua drivers and they _cannot_ >> call any other external functions. >> >> 3) A buggy driver cannot crash our application. (Almost true >> statement.) >> >> >> I'm looking into using LLVM and the bitcode format for this instead. >> The additional, very important advantages are: >> >> 4) 3rd parties can port existing (huge amounts of) C / C++ code much >> easier - no need to rewrite all code in Lua. >> >> 5) Performance. We will use the LLVM JIT. >> >> >> Problem: I can't figure out how to do (2) with the LLVM JIT. >> >> It is very important that the driver does not have access to any >> other >> function in the application except those I provide. It's not OK for >> our application to abort if a driver calls an undefined function - I >> want to just disable _that driver_ in that event. >> >> I can use DisableSymbolSearching() but that causes application to >> abort for unknown symbols. >> >> >> Please advice! >> >> >> /Marcus >> _______________________________________________ >> LLVM Developers mailing list >> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu >> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev > > > > -- > Robert G. Jakabosky > _______________________________________________ > LLVM Developers mailing list > LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu > http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev-------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3912 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20090608/98702b6d/attachment.bin>