It’s possible you didn’t mean it this way, but it’s important to avoid a
common confusion. LLVM IR provides no security. None whatsoever. Code in
LLVM IR has the same level of arbitrary memory access and access to the
enclosing system as C code does. In fact, if anything, LLVM probably
makes the security story worse.
It is possible to use LLVM within an independent sandbox, and various people
are doing that, but that’s not a unique property of LLVM.
No, I have simply been evaluating LLVM from he perspective of a common, intermediate format for execution. Security would be implemented in terms of the services / APIs that would be made available to the execution context.
I think there’s no question that a lot of people want something like this.
However, there are a bunch of challenges. Some of the big ones include:
How are objects (as in object-oriented programming) going to work? Do you
envision the platform providing a generic object model that all high-level
languages will share, or do you envision every language framework building
its own object model on top of a set of primitive operations? This question,
and questions which follow it, will determine what kinds of languages can
be ported to the platform, as well as play a large role in determining how
hard it’ll be to make them run efficiently, and how much cross-language
interoperability you can have.
Also, how is GC going to work? How is concurrency going to work? How is
security going to work? How are third-party libraries going to work?
These are some of the big important questions which will form the overall
shape of your design. And it turns out that LLVM itself doesn’t provide
any significant help on any of them. So while LLVM may be a useful tool
in the implementation stage, it’s probably not where you want to start
in the design stage for your project.
All valid points. The interpreter layer, whether it uses LLVM or not, is but one layer of the concept, and one that sits on top of an equally important service layer. But in putting together a stack, I like to take a holistic approach.
But as it stands, earlier comments were on the mark about LLVM and its viability for JIT interpreters. Tracing JIT interpreters have been demonstrating impressive benchmarks over LLVM implementations, often in excess of 30%. Furthermore, the work on a few of these tracing JIT engines has been well architected, and language independent. The problem of enabling a common tooling interface for supported languages still exists, but that appears minor to the concern of performance.
I really want to thank those of you who took the time to respond, your input has been invaluable.