On Jan 10, 2013, at 14:21 , Justin Holewinski <justin.holewinski at gmail.com> wrote:> That's a very nice start! Do you plan on sandboxing the execution? It seems like just blindly executing the compiled code could easily crash the application if you have bad IR. I know that's a bit more advanced, but it would be nice to have some documentation on ways to sandbox the execution for this kind of scenario.Thanks! I worried about what might happen in the case of bad or rogue code. Are you referring to OS X's sandboxing capabilities, or something LLVM supports? I agree blindly executing code is possibly a bad idea, although the intent is that someone creates a DSL, and so the DSL's code generator would constrain what could really be done. That is, the DSL would not allow the user to arbitrarily execute hosting code, but rather the DSL's runtime could call hosting code. Does that make sense? -- Rick
On Thu, Jan 10, 2013 at 5:28 PM, Rick Mann <rmann at latencyzero.com> wrote:> > On Jan 10, 2013, at 14:21 , Justin Holewinski <justin.holewinski at gmail.com> > wrote: > > > That's a very nice start! Do you plan on sandboxing the execution? It > seems like just blindly executing the compiled code could easily crash the > application if you have bad IR. I know that's a bit more advanced, but it > would be nice to have some documentation on ways to sandbox the execution > for this kind of scenario. > > Thanks! I worried about what might happen in the case of bad or rogue > code. Are you referring to OS X's sandboxing capabilities, or something > LLVM supports? I agree blindly executing code is possibly a bad idea, > although the intent is that someone creates a DSL, and so the DSL's code > generator would constrain what could really be done. That is, the DSL would > not allow the user to arbitrarily execute hosting code, but rather the > DSL's runtime could call hosting code. Does that make sense? >You can get as advanced as you want. I was mainly referring to something simple like running the generated code in a separate process so a seg fault won't bring down the entire application.> > > -- > Rick > > > >-- Thanks, Justin Holewinski -------------- next part -------------- An HTML attachment was scrubbed... URL: <lists.llvm.org/pipermail/llvm-dev/attachments/20130110/c2ae1e33/attachment.html>
On Jan 10, 2013, at 14:33 , Justin Holewinski <justin.holewinski at gmail.com> wrote:> You can get as advanced as you want. I was mainly referring to something simple like running the generated code in a separate process so a seg fault won't bring down the entire application.Ah, I see what you're getting at. I'll mention something about that, but probably won't actually do it for the How-To. It adds a whole level of indirection and complexity to call back into the host app. But it's a good consideration. -- Rick