How to stop

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to stop

Marcus Zetterquist
Hi!


Today we use Lua to let 3rd party developers add driver-like modules  
to our application.

The advantages to using Lua compared to DLL:s etc. are that:

1) the same driver binary can be used on all OS:es and processor  
architectures etc.

2) We can provide a small API to the Lua drivers and they _cannot_  
call any other external functions.

3) A buggy driver cannot crash our application. (Almost true statement.)


I'm looking into using LLVM and the bitcode format for this instead.  
The additional, very important advantages are:

4) 3rd parties can port existing (huge amounts of) C / C++ code much  
easier - no need to rewrite all code in Lua.

5) Performance. We will use the LLVM JIT.


Problem: I can't figure out how to do (2) with the LLVM JIT.

It is very important that the driver does not have access to any other  
function in the application except those I provide. It's not OK for  
our application to abort if a driver calls an undefined function - I  
want to just disable _that driver_ in that event.

I can use DisableSymbolSearching() but that causes application to  
abort for unknown symbols.


Please advice!


/Marcus

_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
Reply | Threaded
Open this post in threaded view
|

Re: How to stop

Vikram S. Adve-2
There are 3 parts to what you are looking for, I think:

1) Isolating the driver from your application so that it cannot crash  
your app;

2) Preventing the driver from calling prohibited functions; and

3) Being able to use the same driver binary on all(?) OS'es and  
processor architectures.

LLVM itself cannot give you #3: you need to put many restrictions on  
the source program (e.g., limiting system headers; limiting pointer-
integer conversions, etc.) to achieve that.

SAFECode (our project) gives you #1 and #2 if you can recompile the  
driver code along with the application.  If you're willing to adding  
some restrictions, you might be able to get those benefits compiling  
the driver alone but I'd have to think about it.

--Vikram
Associate Professor, Computer Science
University of Illinois at Urbana-Champaign
http://llvm.org/~vadve



On Jun 5, 2009, at 7:30 AM, Marcus Zetterquist wrote:

> Hi!
>
>
> Today we use Lua to let 3rd party developers add driver-like modules
> to our application.
>
> The advantages to using Lua compared to DLL:s etc. are that:
>
> 1) the same driver binary can be used on all OS:es and processor
> architectures etc.
>
> 2) We can provide a small API to the Lua drivers and they _cannot_
> call any other external functions.
>
> 3) A buggy driver cannot crash our application. (Almost true  
> statement.)
>
>
> I'm looking into using LLVM and the bitcode format for this instead.
> The additional, very important advantages are:
>
> 4) 3rd parties can port existing (huge amounts of) C / C++ code much
> easier - no need to rewrite all code in Lua.
>
> 5) Performance. We will use the LLVM JIT.
>
>
> Problem: I can't figure out how to do (2) with the LLVM JIT.
>
> It is very important that the driver does not have access to any other
> function in the application except those I provide. It's not OK for
> our application to abort if a driver calls an undefined function - I
> want to just disable _that driver_ in that event.
>
> I can use DisableSymbolSearching() but that causes application to
> abort for unknown symbols.
>
>
> Please advice!
>
>
> /Marcus
>
> _______________________________________________
> LLVM Developers mailing list
> [hidden email]         http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev

_______________________________________________
LLVM Developers mailing list
[hidden email]         http://llvm.cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev