ALLVM tools and documentation are available at:

Other closely related software systems previously produced by our research group are listed below.


Silhouette is a compiler-based defense against code-reuse attacks on embedded ARM systems that run a single bare-metal application. It guarantees the integrity of all application return addresses and also provides coarse-grained forward-edge control flow integrity. We have only tested Silhouette on ARMv7-M processors, but we see no major trouble porting Silhouette to other ARM M-profile processors.

LLVM Compiler Infrastructure

LLVM defines a virtual instruction set (also called LLVM) that serves as both a persistent code representation for programs and as the internal representation (IR) for a language- and target-independent compiler infrastructure.  The ALLVM project uses LLVM for the core representation of executable code components.  LLVM has been adopted by Apple as the primary system compiler in all MacOS, iOS and other Apple products.  It is used by Google extensively for both compilers and software development tools, as well as by a large number of other companies for major products.  Vikram Adve, Chris Lattner and Evan Cheng won the ACM Software System Award in 2014 for developing LLVM.  LLVM can be downloaded here.

Secure Virtual Architecture

SVA enables sophisticated compiler analyses and transformations to be applied to a commodity operating system.  SVA defines an extension of the LLVM IR called SVA-OS that provides operations required to support an OS, such saving and restoring processor state, initializing page tables, manipulating interrupt handlers, etc.  An OS is “ported” to SVA-OS, similar to porting to a traditional hardware architecture, except that SVA-OS is virtual (which, in fact, makes it far simpler); once ported, the OS kernel does not contain any assembly language instructions. The lack of explicitly assembly code, combined with the higher-level abstractions provided by SVA-OS, make it significantly easier for a compiler to analyze and monitor OS behavior.  More generally, SVA provides a unique combination of capabilities not available in any other system: the supervisory capabilities of a hypervisor combined with the sophisticated program analysis capabilities of a language-level virtual machine.  By leveraging these capabilities, SVA can be used to develop novel solutions to important software security problems.  For example, SVA has been used to enforce memory safety for a complete Linux kernel [SOSP 2007; Audience Choice Paper Award]; Control Flow Integrity for the FreeBSD kernel [IEEE S&P 2014]; and to guarantee application security even on a compromised or hostile OS [ASPLOS 2014].  John Criswell’s doctoral dissertation on SVA received an Honorable Mentions for both the ACM SIGOPS Dennis Ritchie Dissertation Award and an Hon Mention for the overall ACM Doctoral Dissertation Award.  Key components of the SVA system can be downloaded here.