[clamav-users] Question about LLVM...
Micah Snyder (micasnyd)
micasnyd at cisco.com
Tue Dec 11 12:59:05 EST 2018
Sorry about the broken links on the website and in the clamav-faq manual pages. Our web dev team is actively working on integrating the newly remodeled user manual into the website.
The bytecode interpreter was nonfunctional for a long time but was fixed a few years ago. This is why LLVM was prioritized over the bytecode compiler.
Functionally, from an outside perspective, the feature set of using bytecode interpreter vs LLVM is the same. The cost/benefit analysis of LLVM-JIT vs Interpreter hinges on whether or not executing native code is sufficiently faster than interpreting the bytecodes to outweigh the cost of JIT compilation. Our bytecode signatures themselves are relatively small and are relatively few, so the advantage of executing native code vs the time lost JIT compiling the bytecode is, I'm told, negligible. The developers who did the initial benchmarking on the subject have since left the team and while I've been told that the performance is "about the same", I don't have any figures to back up that up. If anyone out there decides to do additional research on the subject, do note that bytecode functions are only executed for certain file types, so benchmark findings will vary by file type.
The TL;DR is that we're not aware of any significant advantage of using LLVM over the bytecode interpreter at this time.
Regarding the reason for only supporting older versions of LLVM: It takes time to update to use newer APIs. The LLVM project has been moving pretty fast and we simply haven't prioritized dev and test time towards updating our LLVM support. In fact, Debian provides a patch to ClamAV to support LLVM 3.7-3.9, but we haven't had the time to properly integrate and test it. Because the bytecode interpreter is working so well, we're focusing our efforts on other tasks.
Cisco Systems, Inc.
On Dec 11, 2018, at 10:05 AM, J.R. <themadbeaker at gmail.com<mailto:themadbeaker at gmail.com>> wrote:
I've googled to no end, but haven't been able to come up with anything
except a few snips mentioning LLVM and bytecode here and there...
I'm curious exactly what the benefit would be to use LLVM, is there
much of a performance gain over the built-in (non-llvm) bytecode
interpreter? Is it an expanded feature set? Why the limitation of
using only such old versions of LLVM?
The last time I looked at the manual it only mentioned compilation
options, and that's it... The current link to the ClamAV manual is
broken on the website too, fyi... :(
Not complaining, just curious...
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
Help us build a comprehensive ClamAV guide:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the clamav-users