How to stop symbol searching without aborting

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

How to stop symbol searching without aborting

Marcus Zetterquist
Hi!


Today we use Lua to let 3rd party developers add driver-like modules  
to our application.

The advantages to using Lua compared to DLL:s etc. are that:

1) the same driver binary can be used on all OS:es and processor  
architectures etc.

2) We can provide a small API to the Lua drivers and they _cannot_  
call any other external functions.

3) A buggy driver cannot crash our application. (Almost true statement.)


I'm looking into using LLVM and the bitcode format for this instead.  
The additional, very important advantages are:

4) 3rd parties can port existing (huge amounts of) C / C++ code much  
easier - no need to rewrite all code in Lua.

5) Performance. We will use the LLVM JIT.


Problem: I can't figure out how to do (2) with the LLVM JIT.

It is very important that the driver does not have access to any other  
function in the application except those I provide. It's not OK for  
our application to abort if a driver calls an undefined function - I  
want to just disable _that driver_ in that event.

I can use DisableSymbolSearching() but that causes application to  
abort for unknown symbols.


Please advice!


/Marcus
_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Reply | Threaded
Open this post in threaded view
|

Re: How to stop symbol searching without aborting

Óscar Fuentes
Marcus Zetterquist <[hidden email]> writes:

> Today we use Lua to let 3rd party developers add driver-like modules  
> to our application.
>
> The advantages to using Lua compared to DLL:s etc. are that:
>
> 1) the same driver binary can be used on all OS:es and processor  
> architectures etc.

[snip]

> I'm looking into using LLVM and the bitcode format for this instead.  
> The additional, very important advantages are:
>
> 4) 3rd parties can port existing (huge amounts of) C / C++ code much  
> easier - no need to rewrite all code in Lua.

AFAIK, LLVM code is not platform-independent. A C compiler that targets
x86 will generate different LLVM bitcode than the same C compiler when
it targets x86_64, for instance.

> 5) Performance. We will use the LLVM JIT.
>
>
> Problem: I can't figure out how to do (2) with the LLVM JIT.
>
> It is very important that the driver does not have access to any other  
> function in the application except those I provide. It's not OK for  
> our application to abort if a driver calls an undefined function - I  
> want to just disable _that driver_ in that event.
>
> I can use DisableSymbolSearching() but that causes application to  
> abort for unknown symbols.

An LLVM program can call any address, valid or not. If the programmer
figures out the address of one of those "forbidden" functions, he can
call it. You may write some pass for detecting suspicious constructs and
reject them, but solving the problem the right way looks very hard or
impossible to me, mostly because you want to use LLVM code generated by
a C/C++ compiler.

--
Óscar

_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Reply | Threaded
Open this post in threaded view
|

Re: How to stop symbol searching without aborting

Cédric Venet-2

>
> An LLVM program can call any address, valid or not. If the programmer
> figures out the address of one of those "forbidden" functions, he can
> call it. You may write some pass for detecting suspicious constructs and
> reject them, but solving the problem the right way looks very hard or
> impossible to me, mostly because you want to use LLVM code generated by
> a C/C++ compiler.
>  

you may want to take a look at
 http://nativeclient.googlecode.com/svn/trunk/nacl/googleclient/native_client/documentation/nacl_paper.pdf
The paper look promising. I didn't try there implementation
http://code.google.com/p/nativeclient/ . The license is new BSD.
Will it is currently developped for the web, it could be useful for any
applications which does not trust its plugins.

regards,

Cédric

_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Reply | Threaded
Open this post in threaded view
|

Re: How to stop symbol searching without aborting

Robert G. Jakabosky
In reply to this post by Marcus Zetterquist

Have you tried llvm-lua?  It adds JIT & static compiling support to the Lua VM
using LLVM as the backend.  I just released version 1.0 about a week ago.

The project website is here:
http://code.google.com/p/llvm-lua/

On Friday 05, Marcus Zetterquist wrote:

> Hi!
>
>
> Today we use Lua to let 3rd party developers add driver-like modules
> to our application.
>
> The advantages to using Lua compared to DLL:s etc. are that:
>
> 1) the same driver binary can be used on all OS:es and processor
> architectures etc.
>
> 2) We can provide a small API to the Lua drivers and they _cannot_
> call any other external functions.
>
> 3) A buggy driver cannot crash our application. (Almost true statement.)
>
>
> I'm looking into using LLVM and the bitcode format for this instead.
> The additional, very important advantages are:
>
> 4) 3rd parties can port existing (huge amounts of) C / C++ code much
> easier - no need to rewrite all code in Lua.
>
> 5) Performance. We will use the LLVM JIT.
>
>
> Problem: I can't figure out how to do (2) with the LLVM JIT.
>
> It is very important that the driver does not have access to any other
> function in the application except those I provide. It's not OK for
> our application to abort if a driver calls an undefined function - I
> want to just disable _that driver_ in that event.
>
> I can use DisableSymbolSearching() but that causes application to
> abort for unknown symbols.
>
>
> Please advice!
>
>
> /Marcus
> _______________________________________________
> LLVM Developers mailing list
> [hidden email]         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev



--
Robert G. Jakabosky
_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Reply | Threaded
Open this post in threaded view
|

Re: How to stop symbol searching without aborting

Alistair Lynn
Hi Robert-

I notice that llvm-lua requires LLVM 2.4 rather than anything recent -  
are there any plans to upgrade?

Alastair

On 8 Jun 2009, at 14:34, Robert G. Jakabosky wrote:

>
> Have you tried llvm-lua?  It adds JIT & static compiling support to  
> the Lua VM
> using LLVM as the backend.  I just released version 1.0 about a week  
> ago.
>
> The project website is here:
> http://code.google.com/p/llvm-lua/
>
> On Friday 05, Marcus Zetterquist wrote:
>> Hi!
>>
>>
>> Today we use Lua to let 3rd party developers add driver-like modules
>> to our application.
>>
>> The advantages to using Lua compared to DLL:s etc. are that:
>>
>> 1) the same driver binary can be used on all OS:es and processor
>> architectures etc.
>>
>> 2) We can provide a small API to the Lua drivers and they _cannot_
>> call any other external functions.
>>
>> 3) A buggy driver cannot crash our application. (Almost true  
>> statement.)
>>
>>
>> I'm looking into using LLVM and the bitcode format for this instead.
>> The additional, very important advantages are:
>>
>> 4) 3rd parties can port existing (huge amounts of) C / C++ code much
>> easier - no need to rewrite all code in Lua.
>>
>> 5) Performance. We will use the LLVM JIT.
>>
>>
>> Problem: I can't figure out how to do (2) with the LLVM JIT.
>>
>> It is very important that the driver does not have access to any  
>> other
>> function in the application except those I provide. It's not OK for
>> our application to abort if a driver calls an undefined function - I
>> want to just disable _that driver_ in that event.
>>
>> I can use DisableSymbolSearching() but that causes application to
>> abort for unknown symbols.
>>
>>
>> Please advice!
>>
>>
>> /Marcus
>> _______________________________________________
>> LLVM Developers mailing list
>> [hidden email]         http://llvm.cs.uiuc.edu
>> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
>
>
> --
> Robert G. Jakabosky
> _______________________________________________
> LLVM Developers mailing list
> [hidden email]         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to stop symbol searching without aborting

Robert G. Jakabosky

On Monday 08, Alastair Lynn wrote:
> Hi Robert-
>
> I notice that llvm-lua requires LLVM 2.4 rather than anything recent -
> are there any plans to upgrade?

Sorry I forgot to update the projects home page.
Version 1.0 will work with LLVM 2.5 and should still work with 2.4 (I haven't
tested against 2.4 recently so it might not work any more).  Also there is a
branch "llvm-svn" that works with the SVN copy of LLVM as of a few days ago.


--
Robert G. Jakabosky
_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev