Upgrade to Pro — share decks privately, control downloads, hide ads and more …

seccamp2018でセルフホストCコンパイラをつくった

Ushitora Anqou
September 22, 2018
Programming
9
4.6k

 seccamp2018でセルフホストCコンパイラをつくった

セキュリティ・キャンプ全国大会2018でセルフホストCコンパイラをつくりました。キャンプが終わった後にアセンブラとリンカと標準ライブラリを作りました。

Ushitora Anqou

September 22, 2018
Tweet

More Decks by Ushitora Anqou

See All by Ushitora Anqou
Oblivious Online Monitoring for Safety LTL Specification via Fully Homomorphic Encryption
anqou
1
680
F*でプログラムの正しさを証明する
anqou
1
920
「自作CPUでサイゼリヤ問題」を支える技術
anqou
2
260
ぼくのかんがえたさいきょうのマリオAI
anqou
1
430
10ステップで作るお手軽インタプリタ開発
anqou
3
800

Other Decks in Programming

See All in Programming
Mackerel のアクセシビリティ改善事例
azukiazusa1
0
160
Implementing "++" operator, stepping into parse.y
coe401_
3
6.2k
スクラムマスターを目指すためにギャルになってみた話
kinocoboy2
7
2.4k
Jetpack Compose Debugging to fix performance problems
yucamm124
0
260
フロントエンド刷新をプロジェクトとして進める際に気をつけていること
koba04
1
1.2k
ユニットテスト実行を 45% 高速化した Repository テスト戦略 / Repository Test Strategy Speeds up Unit Test
yukana
2
100
Github CopilotとChatGPTを使って感じた使い分けの糸口 / JavaDo #22
gishi_yama
0
170
Swagger Codegenで楽にSwiftのModelを生成する / Easily generate Swift Models with Swagger Codegen
naokimrmt
0
140
ユニットテストを学んだ次に知りたかったApple標準APIに対するテストのやり方
ojun9
1
200
OpenSearchを使って ごちクルの検索画面を爆速にする
konpay
0
150
CloudWatchLogsが個人情報保護の盲点になっていませんか?
shoheihosaka
0
160
SpringIO_19-05-2023.pdf
ancaghenade
0
120

Featured

See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
270
12k
How to Ace a Technical Interview
jacobian
271
22k
Facilitating Awesome Meetings
lara
35
4.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
13
1.4k
Building Applications with DynamoDB
mza
86
5.1k
What's in a price? How to price your products and services
michaelherold
234
10k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
183
15k
Three Pipe Problems
jasonvnalue
89
9.1k
Agile that works and the tools we love
rasmusluckow
322
20k
Done Done
chrislema
178
15k
Writing Fast Ruby
sferik
613
58k
How GitHub (no longer) Works
holman
299
140k

Transcript

  1. #seccamp2018 Ͱηϧϑϗε
    τ C ίϯύΠϥΛͭͬͨ͘
    ࠡ ᲒᲶ @ushitora anqou
    1

    View Slide

  2. ͲΜͳͻͱ
    ࠡ ᲒᲶʢ͏͠ͱΒ ͋Μ͜͏ʣ
    • Twitter: @ushitora anqou
    • ීஈ͸ C++Ͱ༡ΜͩΓ༡͹ΕͨΓɻ
    • constexpr Ͱ NN ͱ͔ॻ͖·ͨ͠ɻ
    GitHub ʹ͋ΔͷͰελʔ͍ͩ͘͞ɻ
    • Kernel ΋ VM ΋Θ͔Γ·ͤΜɻษڧ͠
    ·͢ɻ
    2

    View Slide

  3. seccamp ͬͯͳʹ
    ηΩϡϦςΟɾΩϟϯϓશࠃେձ 2018
    • 8 ݄ 14 ೔ʙ18 ೔ @౦ژ౎෎தࢢ
    • IPA ओ࠵ͷ߹॓ܗࣜͷษڧձ
    • ʮY-II C ίϯύΠϥΛࣗ࡞ͯ͠ΈΑ
    ͏ʂʯθϛʹࢀՃ
    • ߨࢣ͸ Rui ͞Μͱ hikalium ͞Μ
    3

    View Slide

  4. Y-II ͷ໨ඪ
    4

    View Slide

  5. ೔ఔ
    Day N ΍Δ͜ͱ
    Day 1 ։ձࣜͱ͔ʢ։ൃͳ͠ʣ
    Day 2 ։ൃ
    Day 3 ։ൃ
    Day 4 ։ൃ
    Day 5 ดձࣜͱ͔ʢ։ൃͳ͠ʣ
    7 ݄ͷ಄͔Βࣄલֶशͱͯ͠։ൃΛ࢝ΊΔɻ
    5

    View Slide

  6. Day 0

    View Slide

  7. Day 0 ηϧϑϗετͰ͖ͨ
    6

    View Slide

  8. ͓͡͞Μͳʹͨ͠ͷ
    ηϧϑϗετͷ x86-64 ޲͚ C ίϯύΠϥ
    aqcc Λॻ͍ͨɻ
    • System V AMD64 ABI ४ڌɻ
    • C ϓϩάϥϜΛಡΈࠐΈΞηϯϒϦΛ
    ग़ྗɻ
    7

    View Slide

  9. ηϧϑϗετ
    ࣗ෼ࣗ਎ΛίϯύΠϧͰ͖Δɻ
    • aqcc ͸ C ݴޠͰॻ͔Ε͍ͯΔɻ
    • aqcc ͸ C ݴޠίϯύΠϥͰ͋Δɻ
    • Ώ͑ʹ aqcc ͸ aqcc ͰίϯύΠϧͰ
    ͖Δɻ
    8

    View Slide

  10. ηϧϑϗετ
    seccamp ࠷ऴ೔·Ͱʹ 6 ਓத 3 ਓ͕ୡ੒ɻ
    9

    View Slide

  11. ͭ͘Γ͔ͨ
    10

    View Slide

  12. ͭ͘Γ͔ͨ
    ΍Δ͚ͩ
    10

    View Slide

  13. ͭ͘Γ͔ͨ
    11

    View Slide

  14. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    11

    View Slide

  15. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    11

    View Slide

  16. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    11

    View Slide

  17. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    • Ţœŕͱͳͬͨ AST ΛݩʹΞηϯϒϦΛ
    ੜ੒͢Δɻ
    11

    View Slide

  18. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    • Ţœŕͱͳͬͨ AST ΛݩʹΞηϯϒϦΛ
    ੜ੒͢Δɻ
    • ੜ੒ͨ͠ΞηϯϒϦΛ͍͍ײ͡ʹ࠷ద
    Խ͢Δɻ
    11

    View Slide

  19. ͭΒ͔ͬͨͱ͜Ζ
    • ΞηϯϒϦ͕෼͔Βͳ͍ɻ
    • ΞηϯϒϦΛॻ͘ͷ͸ॳΊͯɻ
    • lea ͬͯͳʹɻ
    • C ͷݴޠ࢓༷͕෼͔Βͳ͍ɻ
    • C ͷݴޠ࢓༷ΛಡΉͷ͸ʢ΄΅ʣॳΊͯɻ
    • ൚੔਺֦ுͬͯͳʹɻ
    12

    View Slide

  20. C ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ϙΠϯλ͕ΩϞ͍ʂ
    • int* p, q; ͷ q ͸ int
    • ؔ਺એݴ͕ΩϞ͍ʂ
    • int foo(); ͱ int foo(){...} ͱ
    int foo; ͷ۠ผɻ
    • Մม௕Ҿ਺͕ΩϞ͍ʂ
    • va list ͱ͔ va start() ͱ͔ɻ
    • va list ͷఆٛͱ͔஌ͬͯ·͢ʁ
    13

    View Slide

  21. ଓɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • switch ͕ΩϞ͍ʂ
    • if-else ͱ͍͏ΑΓ΋࣮࣭ goto
    switch (1) {
    int a = 2;
    case 3:
    1; int b = 5;
    break;
    case 1:
    a = 1; b = 0;
    default:
    printf("%d␣%d", a, b); // 1 0
    }
    14

    View Slide

  22. ଓʑɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ߏ଄ମఆ͕ٛΩϞ͍ʂ
    • ߏ଄ମఆٛ΋ int ΋ type-specifier ͳͷ
    Ͱಉ͡ͱ͜Ζʹॻ͚Δɻ
    struct hogehoge {
    int piyopiyo;
    } foobar ();
    int foobar ();
    15

    View Slide

  23. ଓʑɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ߏ଄ମఆ͕ٛΩϞ͍ʂ
    • ߏ଄ମఆٛ΋ int ΋ type-specifier ͳͷ
    Ͱಉ͡ͱ͜Ζʹॻ͚Δɻ
    struct hogehoge {
    int piyopiyo;
    };
    int;
    15

    View Slide

  24. ΠϯΫϦϝϯλϧͳ։ൃ
    • ੔਺ 1 ݸΛฦ͢ʮ͸Γ΅ͯ C ίϯύΠ
    ϥʯ͔Βελʔτɻ
    • ঃʑʹػೳΛ଍͢ɻҰؾʹ࡞Βͳ͍ɻ
    • Rui ͞ΜͷςΩετ΍ Slackɾhangout
    Ͱॿ͚͍͍ͯͨͩͨɻ
    16

    View Slide

  25. DAY 2
    17

    View Slide

  26. DAY 2
    ΍Δ͜ͱ͕ͳ͍
    17

    View Slide

  27. ͳʹΛ͠Α͏͔
    ίʔυੜ੒ͷํࣜΛม͑Α͏ɻ
    • ελοΫϚγϯ
    • ݱঢ়ͷ࣮૷ɻ
    • ϨδελϚγϯ
    • ͬͪ͜ʹ͍ͨ͠ɻ
    18

    View Slide

  28. ελοΫϚγϯ
    • શͯͷ໋ྩ͸ελοΫΛհͯ͠ૢ࡞Λ
    ͢Δɻ
    • ελοΫ͸ϝϞϦ্ʹ͋ΔͷͰ஗͍ɻ
    19

    View Slide

  29. ϨδελϚγϯ
    • શͯͷ໋ྩ͸ϨδελΛհͯ͠ૢ࡞Λ
    ͢Δɻ
    • Ϩδελ͸ CPU ʹ͋ΔͷͰ଎͍ɻ
    20

    View Slide

  30. Ͳ͏΍Δͷ
    ࢖͑ΔϨδελ
    • ؔ਺ͷҾ਺ʹ࢖͏Ϩδελ΍γϑτԋ
    ࢉͳͲɺಛघͳ༻్Ͱ࢖ΘΕΔϨδε
    λΛආ͚Δɻ
    • r10, r11, r12, r13, r14, r15 ͕
    ࢖͑Δɻ
    21

    View Slide

  31. ϨδελϚγϯͷͭ͘Γ͔ͨ
    • ॲཧͷ࢝·ΓͱऴΘΓͰ push, pop
    ͢Δ୅ΘΓʹɺϨδελ͔Β৘ใΛ
    ҾͬுͬͨΓऔ͖ͬͯͨΓ͢Δɻ
    • AST ͷ༿ϊʔυ͔Βίʔυੜ੒͢Δͱ
    ͖ʹɺσʔλΛ֨ೲͨ͠ϨδελΛ਌
    ʹฦ͢ɻ
    22

    View Slide

  32. View Slide

  33. DAY 3 ϨδελϚγϯʹͳͬͨ
    23

    View Slide

  34. ŰƅŲŔŖŵƃţͷܭଌ
    ϨδελϚγϯͷ aqcc (2142d05) ͷιʔ
    είʔυΛશͯ࿈݁͠ɺ͜ΕΛίϯύΠϧ
    ͢Δ࣌ؒΛ perf ίϚϯυͰଌఆ͢Δɻ
    24

    View Slide

  35. ŰƅŲŔŖŵƃţ
    ελοΫϚγϯ (85ee93c)
    • gcc -O2
    0.09287 ± 0.00187 seconds
    • aqcc
    0.40217 ± 0.00277 seconds
    ໿ 4.3 ഒ
    25

    View Slide

  36. ŰƅŲŔŖŵƃţ
    ϨδελϚγϯ (2142d05)
    • gcc -O2
    0.090094 ± 0.000310 seconds
    • aqcc
    0.21281 ± 0.00286 seconds
    ໿ 2.3 ഒ
    26

    View Slide

  37. ͭΒ͔ͬͨͱ͜Ζ
    σόοά͕ͱʹ͔ͭ͘Β͍ɻ
    • gcc ͰͷιʔείϯύΠϧ͸Ͱ͖Δɻ
    • ίϯύΠϧͨ͠ίϯύΠϥͰͷιʔε
    ίϯύΠϧ͕Ͱ͖ͳ͍ɻ
    27

    View Slide

  38. ͭΒ͔ͬͨͱ͜Ζ
    28

    View Slide

  39. ͭΒ͔ͬͨͱ͜Ζ
    29

    View Slide

  40. ͭΒ͔ͬͨͱ͜Ζ
    • σόοά৘ใ͕ͳ͍ʂ
    • མ͍ͪͯΔͱ͜Ζʹόά͕͋ΔΘ͚
    ͡Όͳ͍ʂ
    29

    View Slide

  41. ͭΒ͔ͬͨͱ͜Ζ
    ؒҧ͍͑ͯͨͷ͸ɺϨδελୀආͰͨ͠ɻ
    • ؔ਺ݺͼग़࣌͠ʹอଘ͢΂͖Ϩδελ
    ΛҰͭ๨Ε͍ͯͨɻ
    • ΘΓͱΈΜͳܦݧ͢Δಓɻ
    30

    View Slide

  42. ŰƅŲŔŖŵƃţʢ࠶ܝʣ
    ϨδελϚγϯ (2142d05)
    • gcc -O2
    0.090094 ± 0.000310 seconds
    • aqcc
    0.21281 ± 0.00286 seconds
    ໿ 2.3 ഒ
    31

    View Slide

  43. 2.3 ⇒ 2 ഒʹ͍ͨ͠ʂ
    ग़ྗ͢ΔΞηϯϒϦΛ࠷దԽ͢Δɻ
    ४උ
    • ग़ྗίʔυΛه߸ʢstruct Codeʣʹ
    ஔ͖׵͑Δɻ
    • ͦΕ·Ͱ͸จࣈྻͰѻ͍ͬͯͨɻ
    • େྔʹॻ͖׵͑Δ΂͖৔ॴ͕͋Δɻ
    • ͱͯ΋ͭΒ͍ɻ
    32

    View Slide

  44. 2.3 ⇒ 2 ഒʹ͍ͨ͠ʂ
    ग़ྗ͢ΔΞηϯϒϦΛ࠷దԽ͢Δɻ
    • ఆ਺஋৞ΈࠐΈ
    • a = 1 + 5 * 8 + 1;
    =⇒ a = 42;
    • AST Λ෦෼తʹΠϯλϓϦτ͢Ε͹
    ྑ͍ɻ
    32

    View Slide

  45. ଓɾ࠷దԽ
    • dead code elimination
    ҙຯͷͳ͍ίʔυ͸ੜ੒͠ͳ͍Α͏ʹ
    ͢Δɻ
    • propagation
    mov (%rax), %r11
    =⇒ mov -8(%rbp), %r11
    ૊Έ߹Θ͍͍ͤͯײ͡ʹ࠷దԽ͢Δɻ
    33

    View Slide

  46. ݁Ռ
    34

    View Slide

  47. ݁Ռ
    όάͬͨ
    34

    View Slide

  48. ݁Ռ
    όάͬͨ
    seccamp ऴྃ
    34

    View Slide

  49. ؼΓͷ৽װઢ
    propagation ͷࡍʹϨδελͷґଘؔ܎Λม
    ߋ͢Δ͜ͱΛ๨Ε͍ͯͨɻ
    35

    View Slide

  50. ଓଓɾ࠷దԽ
    • ؔ਺ͷதͰ࢖͍ͬͯΔϨδελ͚ͩΛ
    ୀආ͢Δ
    • r12, r13, r14, r15 ͸ callee-saved.
    • ؔ਺๯಄Ͱ push ͠ऴΘΓͰ pop.
    • શͯΛอଘ͢Δͱ͕͔͔࣌ؒΔɻ
    • ॻ͖׵͑Δ΋ͷ͚ͩͰྑ͍ɻ
    36

    View Slide

  51. ŰƅŲŔŖŵƃţ
    ࠷దԽͨ͠ aqcc(4fcc2d3)
    37

    View Slide

  52. ŰƅŲŔŖŵƃţ
    ࠷దԽͨ͠ aqcc(4fcc2d3)
    • gcc -O2
    0.13015 ± 0.00126 seconds
    • aqcc
    0.24342 ± 0.00108 seconds
    ໿ 1.87 ഒ
    37

    View Slide

  53. Φν͕ͳ͍
    38

    View Slide

  54. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    39

    View Slide

  55. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    % gcc -c test.s -o test.o
    • Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    39

    View Slide

  56. ౰વͷؼ݁
    40

    View Slide

  57. ౰વͷؼ݁
    ͦ͏ͩ
    ΞηϯϒϥΛ
    ͭ͘Ζ͏
    40

    View Slide

  58. View Slide

  59. View Slide

  60. Ξηϯϒϥ

    View Slide

  61. Ξηϯϒϥͭͬͨ͘
    43

    View Slide

  62. Ξηϯϒϥͷͭ͘Γ͔ͨ
    44

    View Slide

  63. Ξηϯϒϥͷͭ͘Γ͔ͨ
    ΍Δ͚ͩ
    44

    View Slide

  64. Ξηϯϒϥͱ͸
    ΞηϯϒϦΛΦϒδΣΫτϑΝΠϧʹม׵
    ͢Δɻ
    • χʔϞχοΫΛΦϖίʔυʹม׵
    ͢Δɻ
    • ඞཁͳγϯϘϧ৘ใͳͲΛ·ͱΊͯ
    ELF ʹ͢Δɻ
    45

    View Slide

  65. MOV ໋ྩ
    mov %eax, %edx
    46

    View Slide

  66. MOV ໋ྩ
    mov %eax, %edx =⇒ 89 c2
    Opcode Instruction
    89 /r MOV r/m32,r32
    46

    View Slide

  67. MOV ໋ྩ
    mov %eax, %edx =⇒ 89 c2
    Opcode Instruction
    89 /r MOV r/m32,r32
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    1 1 0 0 0 0 1 0
    46

    View Slide

  68. MOV ໋ྩ
    mov %rax, %rdx
    47

    View Slide

  69. MOV ໋ྩ
    mov %rax, %rdx =⇒ 48 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    47

    View Slide

  70. MOV ໋ྩ
    mov %rax, %rdx =⇒ 48 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    7 6 5 4 3 2 1 0
    REX Prefix 0 1 0 0 W R X B
    0 1 0 0 1 0 0 0
    47

    View Slide

  71. MOV ໋ྩ
    mov %r8, %r10
    48

    View Slide

  72. MOV ໋ྩ
    mov %r8, %r10 =⇒ 4d 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    48

    View Slide

  73. MOV ໋ྩ
    mov %r8, %r10 =⇒ 4d 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    7 6 5 4 3 2 1 0
    REX Prefix 0 1 0 0 W R X B
    0 1 0 0 1 1 0 1
    48

    View Slide

  74. MOV ໋ྩ
    mov %eax, (%rdx)
    49

    View Slide

  75. MOV ໋ྩ
    mov %eax, (%rdx)
    =⇒ 89 02
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 0 0 0 0 0 1 0
    49

    View Slide

  76. MOV ໋ྩ
    mov %eax, -4(%rdx)
    =⇒ 89 42 fc
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 0 1 0
    50

    View Slide

  77. MOV ໋ྩ
    mov %eax, -4(%rbp)
    =⇒ 89 45 fc
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 1 0 1
    51

    View Slide

  78. MOV ໋ྩ
    mov %eax, (%rbp)
    =⇒ 89 45 00
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 1 0 1
    52

    View Slide

  79. MOV ໋ྩ
    mov %eax, -4(%rip)
    =⇒ 89 05 fc ff ff ff
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 0 0 0 0 1 0 1
    53

    View Slide

  80. ·ͱΊ
    inst mod r/m code
    (%rdx) 00 010 89 02
    -4(%rdx) 01 010 89 42 fc
    -4(%rbp) 01 101 89 45 fc
    (%rbp) 01 101 89 45 00
    -4(%rip) 00 101 89 05 fc ff ff ff
    ͱͯ΋ͭΒ͍ɻ
    54

    View Slide

  81. MOV ໋ྩ
    mov %eax, -400(%r11)
    55

    View Slide

  82. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    1 0 0 0 0 0 1 1
    55

    View Slide

  83. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    56

    View Slide

  84. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    56

    View Slide

  85. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    7 6 5 4 3 2 1 0
    SIB scale index base
    0 0 1 0 0 1 0 0
    56

    View Slide

  86. MOV ໋ྩ
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    scale = 20 = 1 index = %rsp
    base = %r12 disp = -400
    ͜ͷͱ͖ scale × index + base + disp
    57

    View Slide

  87. MOV ໋ྩ
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    scale = 20 = 1 index = %rsp
    base = %r12 disp = -400
    ͜ͷͱ͖ scale × index + base + disp
    ͨͩ͠ index = %rsp =⇒ scale = 0
    57

    View Slide

  88. ݁ہ
    n(%r12) ͷͱ͖ʹ 24 ΛຒΊࠐΊ͹͍͍ɻ
    if (mod == 2 && rm == 4)
    emit_byte(modrm(0, 4, 4));
    ίϝϯτ͕ඞཁ
    58

    View Slide

  89. // ͜ͷߦΛফ͢ͱམͪΔɻ
    ΧʔΰɾΧϧτɾϓϩάϥϛϯάͱ͸
    ࣮ࡍͷ໨తʹ͸໾ʹཱͨͳ͍ίʔυ΍ϓϩάϥϜ
    ߏ଄ΛّࣜతʹؚΊ͓ͯ͘ϓϩάϥϛϯάͷελ
    ΠϧͰ͋Δɻ(Wikipedia ΑΓൈਮ)
    59

    View Slide

  90. // ͜ͷߦΛফ͢ͱམͪΔɻ
    ΧʔΰɾΧϧτɾϓϩάϥϛϯάͱ͸
    ࣮ࡍͷ໨తʹ͸໾ʹཱͨͳ͍ίʔυ΍ϓϩάϥϜ
    ߏ଄ΛّࣜతʹؚΊ͓ͯ͘ϓϩάϥϛϯάͷελ
    ΠϧͰ͋Δɻ(Wikipedia ΑΓൈਮ)
    // ...
    // That ’s why this line is needed.
    // NOT CARGO CULT PROGRAMMING !!
    if (mod == 2 && rm == 4)
    emit_byte(modrm(0, 4, 4));
    59

    View Slide

  91. ΞηϯϒϥͭΒ͍
    • ELF ෼͔ΒΜɻ
    • gas ͸೥਺Λײͤ͡͞Δίʔυɻ
    • aqcc ʹ long ͕ແ͍ɻ
    emit qword(
    0x20, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00);
    gas ͷग़ྗ΍ʰϦϯΧɾϩʔμ࣮ફ։ൃς
    ΫχοΫʱΛ΋ͱʹௐ੔ɻ
    60

    View Slide

  92. aqcc ͰίϯύΠϧʢ࠶ܝʣ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    % gcc -c test.s -o test.o
    • Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    61

    View Slide

  93. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c test.o
    • ίϯύΠϧ&Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    62

    View Slide

  94. ࣗ໌ͳ༠ಋ
    63

    View Slide

  95. ࣗ໌ͳ༠ಋ
    ͦ͏ͩ
    ϦϯΧΛ
    ͭ͘Ζ͏
    63

    View Slide

  96. View Slide

  97. View Slide

  98. ϦϯΧͭͬͨ͘
    66

    View Slide

  99. ϦϯΧͭͬͨ͘
    C ඪ४ϥΠϒϥϦ΋࡞ͬͨɻ
    66

    View Slide

  100. View Slide

  101. ͳʹ΍ͬͨͷ
    ϦϯΧΛॻ͖͔ͨͬͨɻ
    • ϦϯΧͷσβΠϯ͸ʰϦϯΧɾϩʔμ
    ࣮ફ։ൃςΫχοΫʱΛ͞Βʹ؆୯ʹ
    ͨ͠΋ͷɻ
    • glibc Α͘Θ͔ΒΜɻ
    • aqcc Ͱ࢖༻͢Δඪ४ϥΠϒϥϦؔ਺͸
    ߴʑ༗ݶݸɻ=⇒ ΍Δ͚ͩ
    68

    View Slide

  102. malloc(3) Λ࣮૷
    aqcc ͸ malloc() ͢Δ͕ free() ͠ͳ͍ɻ
    69

    View Slide

  103. malloc(3) Λ࣮૷
    aqcc ͸ malloc() ͢Δ͕ free() ͠ͳ͍ɻ
    char *p = brk (0);
    int size = 0x32000000;
    char *q = brk(p + size );
    ...
    if (malloc_remaining_size < size)
    return NULL;
    69

    View Slide

  104. aqcc ͷϝϞϦޮ཰
    • ίϯύΠϧ͚ͩͳΒແ໰୊ɻ
    • ϦϯΫ͚ͩͳΒແ໰୊ɻ (e.g., lld)
    • ίϯύΠϧɾΞηϯϒϧɾϦϯΫͩͱ
    ϝϞϦΛ৯ͬͯͭΒ͍ɻ
    Ͳ͏͢Δʁ
    70

    View Slide

  105. ݴྶ.in
    71

    View Slide

  106. ໊ݴ
    ๻͸ϗϯϞϊͷϓϩάϥϚͰ͸͋Γ·ͤΜ
    ͔Βɺ΍͚ͬͭ࢓ࣄͰ͢ΑɻϗϯϞϊͷϓ
    ϩάϥϚ͸ɺ
    ʮಈ͍ͯΔΑ͏ʹݟ͑Δ͚Ͳɺ
    ϝϞϦϦʔΫͩΒ͚͡Όͳ͍͔ɻ௚͢ඞཁ
    ͕͋Δ͔΋ͶʯͳΜͯݴ͏Ͱ͠ΐ͏ʁ ๻
    ͳΒɺ10 ϦΫΤετ͝ͱʹ Apache Λ࠶ى
    ಈ͠·͢Ͷɻ
    72

    View Slide

  107. ໊ݴ
    ๻͸ϗϯϞϊͷϓϩάϥϚͰ͸͋Γ·ͤΜ
    ͔Βɺ΍͚ͬͭ࢓ࣄͰ͢ΑɻϗϯϞϊͷϓ
    ϩάϥϚ͸ɺ
    ʮಈ͍ͯΔΑ͏ʹݟ͑Δ͚Ͳɺ
    ϝϞϦϦʔΫͩΒ͚͡Όͳ͍͔ɻ௚͢ඞཁ
    ͕͋Δ͔΋ͶʯͳΜͯݴ͏Ͱ͠ΐ͏ʁ ๻
    ͳΒɺ10 ϦΫΤετ͝ͱʹ Apache Λ࠶ى
    ಈ͠·͢Ͷɻ
    ʕʕ ϥεϚεɾϥʔυϑ (PHP ։ൃऀ)
    72

    View Slide

  108. ػೳΛ෼ׂ
    • ./aqcc cs main.c main.s
    ίϯύΠϧ
    • ./aqcc so main.s main.o
    Ξηϯϒϧ
    • ./aqcc oe main.o main.exe
    ϦϯΫ
    खͰଧͭͷ͸গʑ໘౗ɻ
    73

    View Slide

  109. γΣϧεΫϦϓτΛॻ͘
    • ./aqcc main.c -o main.exe
    =⇒ ݸผͷػೳΛదٓݺͿɻ
    gcc ͬΆ͔͚͘Δʂ
    74

    View Slide

  110. ·ͱΊ
    75

    View Slide

  111. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    75

    View Slide

  112. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    75

    View Slide

  113. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    75

    View Slide

  114. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    • ඪ४ϥΠϒϥϦ =⇒ ΍Δ͚ͩ
    75

    View Slide

  115. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    • ඪ४ϥΠϒϥϦ =⇒ ΍Δ͚ͩ
    ʊਓਓਓਓਓਓਓਓਓਓਓਓਓʊ
    ʼɹ΍Δ͚ͩπʔϧνΣΠϯɹʻ
    ʉ Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y ʉ
    75

    View Slide

  116. ͝ਗ਼ௌ
    ͋Γ͕ͱ͏͟͝
    ͍·ͨ͠ɻ
    76

    View Slide

  117. ࢀߟจݙ
    • ʮ௨৴༻ޠͷجૅ஌ࣝʯ
    https://www.wdic.org/
    • ʰϦϯΧɾϩʔμ࣮ફ։ൃςΫχοΫʱ
    ࡔҪ ߂྄ɺCQ ग़൛ࣾɺ2010
    • ݴྶ.in
    http://www.kotodama.in/
    77

    View Slide

  118. ࢀߟจݙ
    • IntelR
    ⃝ 64 and IA-32 Architectures
    Software Developer Manuals
    https://software.intel.com/
    en-us/articles/intel-sdm
    • N1548 Committee Draft Š December
    2, 2010 ISO/IEC 9899:201x
    http://www.open-std.org/jtc1/
    sc22/wg14/www/docs/n1548.pdf 78

    View Slide