Sorry about the broken links on the website and in the clamav-faq manual pages. Our web dev team is actively working on integrating the newly remodeled user manual into the website.
The bytecode interpreter was nonfunctional for a long time but was fixed a few years ago. This is why LLVM was prioritized over the bytecode compiler. Functionally, from an outside perspective, the feature set of using bytecode interpreter vs LLVM is the same. The cost/benefit analysis of LLVM-JIT vs Interpreter hinges on whether or not executing native code is sufficiently faster than interpreting the bytecodes to outweigh the cost of JIT compilation. Our bytecode signatures themselves are relatively small and are relatively few, so the advantage of executing native code vs the time lost JIT compiling the bytecode is, I'm told, negligible. The developers who did the initial benchmarking on the subject have since left the team and while I've been told that the performance is "about the same", I don't have any figures to back up that up. If anyone out there decides to do additional research on the subject, do note that bytecode functions are only executed for certain file types, so benchmark findings will vary by file type. The TL;DR is that we're not aware of any significant advantage of using LLVM over the bytecode interpreter at this time. Regarding the reason for only supporting older versions of LLVM: It takes time to update to use newer APIs. The LLVM project has been moving pretty fast and we simply haven't prioritized dev and test time towards updating our LLVM support. In fact, Debian provides a patch to ClamAV to support LLVM 3.7-3.9, but we haven't had the time to properly integrate and test it. Because the bytecode interpreter is working so well, we're focusing our efforts on other tasks. Regards, Micah Micah Snyder ClamAV Development Talos Cisco Systems, Inc. On Dec 11, 2018, at 10:05 AM, J.R. <themadbea...@gmail.com<mailto:themadbea...@gmail.com>> wrote: I've googled to no end, but haven't been able to come up with anything except a few snips mentioning LLVM and bytecode here and there... I'm curious exactly what the benefit would be to use LLVM, is there much of a performance gain over the built-in (non-llvm) bytecode interpreter? Is it an expanded feature set? Why the limitation of using only such old versions of LLVM? The last time I looked at the manual it only mentioned compilation options, and that's it... The current link to the ClamAV manual is broken on the website too, fyi... :( Not complaining, just curious... _______________________________________________ clamav-users mailing list email@example.com<mailto:firstname.lastname@example.org> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list email@example.com http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml