$30 off During Our Annual Pro Sale. View Details »

seccamp2018でセルフホストCコンパイラをつくった

Ushitora Anqou
September 22, 2018
Programming
9
4.8k

 seccamp2018でセルフホストCコンパイラをつくった

セキュリティ・キャンプ全国大会2018でセルフホストCコンパイラをつくりました。キャンプが終わった後にアセンブラとリンカと標準ライブラリを作りました。

Ushitora Anqou

September 22, 2018
Tweet

More Decks by Ushitora Anqou

See All by Ushitora Anqou
Oblivious Online Monitoring for Safety LTL Specification via Fully Homomorphic Encryption
anqou
1
740
F*でプログラムの正しさを証明する
anqou
1
950
「自作CPUでサイゼリヤ問題」を支える技術
anqou
2
280
ぼくのかんがえたさいきょうのマリオAI
anqou
1
460
10ステップで作るお手軽インタプリタ開発
anqou
3
830

Other Decks in Programming

See All in Programming
エンジニアもUIを作るならユーザーについて知ろう!
ohakutsu
1
130
From Spring Boot 2 to Spring Boot 3 with Java 21 and Jakarta EE
ivargrimstad
0
140
BigQuery のデータ品質やデータ活用を高める Dataplex 等の活用
mot_techtalk
5
1k
エンジニアだけでスポンサーブースを出したら大変なことになった
zakky21
1
480
MVP開発をするための要求の詰め方/How to think about requirements for MVP development
misatokii
0
150
カスタマーサポートの信頼性向上 〜社内ツールにおけるSRE活動〜 - NIFTY Tech Day 2023
niftycorp
0
120
Comment choisir les « bons » composants open source ? (Capitole du Libre 2023)
pylapp
0
110
JSConfjp2023 Storybook駆動開発の再現性と効率化
kinocoboy2
1
2.1k
​고군분투 LLM 프로덕트 적용기: Blind Prompting 부터 Agent까지
huffon
2
1.2k
JakartaEE_for_Spring_OttawaJUG-2023.pdf
ivargrimstad
0
190
Visually experience the beauty of mathematics with p5.js
clown0082
0
1.6k
緊急SOS!KubernetesのCompletedな10万Jobぜんぶ消す
tk3fftk
3
370

Featured

See All Featured
Embracing the Ebb and Flow
colly
77
3.9k
In The Pink: A Labor of Love
frogandcode
135
21k
From Idea to $5000 a Month in 5 Months
shpigford
376
45k
Adopting Sorbet at Scale
ufuk
66
8.2k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
152
14k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
Infographics Made Easy
chrislema
236
17k
How to Ace a Technical Interview
jacobian
272
22k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
GraphQLとの向き合い方2022年版
quramy
26
12k
Designing for humans not robots
tammielis
246
24k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
177
10k

Transcript

  1. #seccamp2018 Ͱηϧϑϗε
    τ C ίϯύΠϥΛͭͬͨ͘
    ࠡ ᲒᲶ @ushitora anqou
    1

    View Slide

  2. ͲΜͳͻͱ
    ࠡ ᲒᲶʢ͏͠ͱΒ ͋Μ͜͏ʣ
    • Twitter: @ushitora anqou
    • ීஈ͸ C++Ͱ༡ΜͩΓ༡͹ΕͨΓɻ
    • constexpr Ͱ NN ͱ͔ॻ͖·ͨ͠ɻ
    GitHub ʹ͋ΔͷͰελʔ͍ͩ͘͞ɻ
    • Kernel ΋ VM ΋Θ͔Γ·ͤΜɻษڧ͠
    ·͢ɻ
    2

    View Slide

  3. seccamp ͬͯͳʹ
    ηΩϡϦςΟɾΩϟϯϓશࠃେձ 2018
    • 8 ݄ 14 ೔ʙ18 ೔ @౦ژ౎෎தࢢ
    • IPA ओ࠵ͷ߹॓ܗࣜͷษڧձ
    • ʮY-II C ίϯύΠϥΛࣗ࡞ͯ͠ΈΑ
    ͏ʂʯθϛʹࢀՃ
    • ߨࢣ͸ Rui ͞Μͱ hikalium ͞Μ
    3

    View Slide

  4. Y-II ͷ໨ඪ
    4

    View Slide

  5. ೔ఔ
    Day N ΍Δ͜ͱ
    Day 1 ։ձࣜͱ͔ʢ։ൃͳ͠ʣ
    Day 2 ։ൃ
    Day 3 ։ൃ
    Day 4 ։ൃ
    Day 5 ดձࣜͱ͔ʢ։ൃͳ͠ʣ
    7 ݄ͷ಄͔Βࣄલֶशͱͯ͠։ൃΛ࢝ΊΔɻ
    5

    View Slide

  6. Day 0

    View Slide

  7. Day 0 ηϧϑϗετͰ͖ͨ
    6

    View Slide

  8. ͓͡͞Μͳʹͨ͠ͷ
    ηϧϑϗετͷ x86-64 ޲͚ C ίϯύΠϥ
    aqcc Λॻ͍ͨɻ
    • System V AMD64 ABI ४ڌɻ
    • C ϓϩάϥϜΛಡΈࠐΈΞηϯϒϦΛ
    ग़ྗɻ
    7

    View Slide

  9. ηϧϑϗετ
    ࣗ෼ࣗ਎ΛίϯύΠϧͰ͖Δɻ
    • aqcc ͸ C ݴޠͰॻ͔Ε͍ͯΔɻ
    • aqcc ͸ C ݴޠίϯύΠϥͰ͋Δɻ
    • Ώ͑ʹ aqcc ͸ aqcc ͰίϯύΠϧͰ
    ͖Δɻ
    8

    View Slide

  10. ηϧϑϗετ
    seccamp ࠷ऴ೔·Ͱʹ 6 ਓத 3 ਓ͕ୡ੒ɻ
    9

    View Slide

  11. ͭ͘Γ͔ͨ
    10

    View Slide

  12. ͭ͘Γ͔ͨ
    ΍Δ͚ͩ
    10

    View Slide

  13. ͭ͘Γ͔ͨ
    11

    View Slide

  14. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    11

    View Slide

  15. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    11

    View Slide

  16. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    11

    View Slide

  17. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    • Ţœŕͱͳͬͨ AST ΛݩʹΞηϯϒϦΛ
    ੜ੒͢Δɻ
    11

    View Slide

  18. ͭ͘Γ͔ͨ
    • ೖྗจࣈྻΛτʔΫϯྻʹ෼ׂ͢Δɻ
    • τʔΫϯྻΛղऍ͠ந৅ߏจ໦
    ʢASTʣʹ͢Δɻ
    • ҙຯղੳΛߦ͍ AST ΛŢœŕͱ͢Δɻ
    • Ţœŕͱͳͬͨ AST ΛݩʹΞηϯϒϦΛ
    ੜ੒͢Δɻ
    • ੜ੒ͨ͠ΞηϯϒϦΛ͍͍ײ͡ʹ࠷ద
    Խ͢Δɻ
    11

    View Slide

  19. ͭΒ͔ͬͨͱ͜Ζ
    • ΞηϯϒϦ͕෼͔Βͳ͍ɻ
    • ΞηϯϒϦΛॻ͘ͷ͸ॳΊͯɻ
    • lea ͬͯͳʹɻ
    • C ͷݴޠ࢓༷͕෼͔Βͳ͍ɻ
    • C ͷݴޠ࢓༷ΛಡΉͷ͸ʢ΄΅ʣॳΊͯɻ
    • ൚੔਺֦ுͬͯͳʹɻ
    12

    View Slide

  20. C ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ϙΠϯλ͕ΩϞ͍ʂ
    • int* p, q; ͷ q ͸ int
    • ؔ਺એݴ͕ΩϞ͍ʂ
    • int foo(); ͱ int foo(){...} ͱ
    int foo; ͷ۠ผɻ
    • Մม௕Ҿ਺͕ΩϞ͍ʂ
    • va list ͱ͔ va start() ͱ͔ɻ
    • va list ͷఆٛͱ͔஌ͬͯ·͢ʁ
    13

    View Slide

  21. ଓɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • switch ͕ΩϞ͍ʂ
    • if-else ͱ͍͏ΑΓ΋࣮࣭ goto
    switch (1) {
    int a = 2;
    case 3:
    1; int b = 5;
    break;
    case 1:
    a = 1; b = 0;
    default:
    printf("%d␣%d", a, b); // 1 0
    }
    14

    View Slide

  22. ଓʑɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ߏ଄ମఆ͕ٛΩϞ͍ʂ
    • ߏ଄ମఆٛ΋ int ΋ type-specifier ͳͷ
    Ͱಉ͡ͱ͜Ζʹॻ͚Δɻ
    struct hogehoge {
    int piyopiyo;
    } foobar ();
    int foobar ();
    15

    View Slide

  23. ଓʑɾC ݴޠ࢓༷ͷ͕͜͜ΩϞ͍ʂ
    • ߏ଄ମఆ͕ٛΩϞ͍ʂ
    • ߏ଄ମఆٛ΋ int ΋ type-specifier ͳͷ
    Ͱಉ͡ͱ͜Ζʹॻ͚Δɻ
    struct hogehoge {
    int piyopiyo;
    };
    int;
    15

    View Slide

  24. ΠϯΫϦϝϯλϧͳ։ൃ
    • ੔਺ 1 ݸΛฦ͢ʮ͸Γ΅ͯ C ίϯύΠ
    ϥʯ͔Βελʔτɻ
    • ঃʑʹػೳΛ଍͢ɻҰؾʹ࡞Βͳ͍ɻ
    • Rui ͞ΜͷςΩετ΍ Slackɾhangout
    Ͱॿ͚͍͍ͯͨͩͨɻ
    16

    View Slide

  25. DAY 2
    17

    View Slide

  26. DAY 2
    ΍Δ͜ͱ͕ͳ͍
    17

    View Slide

  27. ͳʹΛ͠Α͏͔
    ίʔυੜ੒ͷํࣜΛม͑Α͏ɻ
    • ελοΫϚγϯ
    • ݱঢ়ͷ࣮૷ɻ
    • ϨδελϚγϯ
    • ͬͪ͜ʹ͍ͨ͠ɻ
    18

    View Slide

  28. ελοΫϚγϯ
    • શͯͷ໋ྩ͸ελοΫΛհͯ͠ૢ࡞Λ
    ͢Δɻ
    • ελοΫ͸ϝϞϦ্ʹ͋ΔͷͰ஗͍ɻ
    19

    View Slide

  29. ϨδελϚγϯ
    • શͯͷ໋ྩ͸ϨδελΛհͯ͠ૢ࡞Λ
    ͢Δɻ
    • Ϩδελ͸ CPU ʹ͋ΔͷͰ଎͍ɻ
    20

    View Slide

  30. Ͳ͏΍Δͷ
    ࢖͑ΔϨδελ
    • ؔ਺ͷҾ਺ʹ࢖͏Ϩδελ΍γϑτԋ
    ࢉͳͲɺಛघͳ༻్Ͱ࢖ΘΕΔϨδε
    λΛආ͚Δɻ
    • r10, r11, r12, r13, r14, r15 ͕
    ࢖͑Δɻ
    21

    View Slide

  31. ϨδελϚγϯͷͭ͘Γ͔ͨ
    • ॲཧͷ࢝·ΓͱऴΘΓͰ push, pop
    ͢Δ୅ΘΓʹɺϨδελ͔Β৘ใΛ
    ҾͬுͬͨΓऔ͖ͬͯͨΓ͢Δɻ
    • AST ͷ༿ϊʔυ͔Βίʔυੜ੒͢Δͱ
    ͖ʹɺσʔλΛ֨ೲͨ͠ϨδελΛ਌
    ʹฦ͢ɻ
    22

    View Slide

  32. View Slide

  33. DAY 3 ϨδελϚγϯʹͳͬͨ
    23

    View Slide

  34. ŰƅŲŔŖŵƃţͷܭଌ
    ϨδελϚγϯͷ aqcc (2142d05) ͷιʔ
    είʔυΛશͯ࿈݁͠ɺ͜ΕΛίϯύΠϧ
    ͢Δ࣌ؒΛ perf ίϚϯυͰଌఆ͢Δɻ
    24

    View Slide

  35. ŰƅŲŔŖŵƃţ
    ελοΫϚγϯ (85ee93c)
    • gcc -O2
    0.09287 ± 0.00187 seconds
    • aqcc
    0.40217 ± 0.00277 seconds
    ໿ 4.3 ഒ
    25

    View Slide

  36. ŰƅŲŔŖŵƃţ
    ϨδελϚγϯ (2142d05)
    • gcc -O2
    0.090094 ± 0.000310 seconds
    • aqcc
    0.21281 ± 0.00286 seconds
    ໿ 2.3 ഒ
    26

    View Slide

  37. ͭΒ͔ͬͨͱ͜Ζ
    σόοά͕ͱʹ͔ͭ͘Β͍ɻ
    • gcc ͰͷιʔείϯύΠϧ͸Ͱ͖Δɻ
    • ίϯύΠϧͨ͠ίϯύΠϥͰͷιʔε
    ίϯύΠϧ͕Ͱ͖ͳ͍ɻ
    27

    View Slide

  38. ͭΒ͔ͬͨͱ͜Ζ
    28

    View Slide

  39. ͭΒ͔ͬͨͱ͜Ζ
    29

    View Slide

  40. ͭΒ͔ͬͨͱ͜Ζ
    • σόοά৘ใ͕ͳ͍ʂ
    • མ͍ͪͯΔͱ͜Ζʹόά͕͋ΔΘ͚
    ͡Όͳ͍ʂ
    29

    View Slide

  41. ͭΒ͔ͬͨͱ͜Ζ
    ؒҧ͍͑ͯͨͷ͸ɺϨδελୀආͰͨ͠ɻ
    • ؔ਺ݺͼग़࣌͠ʹอଘ͢΂͖Ϩδελ
    ΛҰͭ๨Ε͍ͯͨɻ
    • ΘΓͱΈΜͳܦݧ͢Δಓɻ
    30

    View Slide

  42. ŰƅŲŔŖŵƃţʢ࠶ܝʣ
    ϨδελϚγϯ (2142d05)
    • gcc -O2
    0.090094 ± 0.000310 seconds
    • aqcc
    0.21281 ± 0.00286 seconds
    ໿ 2.3 ഒ
    31

    View Slide

  43. 2.3 ⇒ 2 ഒʹ͍ͨ͠ʂ
    ग़ྗ͢ΔΞηϯϒϦΛ࠷దԽ͢Δɻ
    ४උ
    • ग़ྗίʔυΛه߸ʢstruct Codeʣʹ
    ஔ͖׵͑Δɻ
    • ͦΕ·Ͱ͸จࣈྻͰѻ͍ͬͯͨɻ
    • େྔʹॻ͖׵͑Δ΂͖৔ॴ͕͋Δɻ
    • ͱͯ΋ͭΒ͍ɻ
    32

    View Slide

  44. 2.3 ⇒ 2 ഒʹ͍ͨ͠ʂ
    ग़ྗ͢ΔΞηϯϒϦΛ࠷దԽ͢Δɻ
    • ఆ਺஋৞ΈࠐΈ
    • a = 1 + 5 * 8 + 1;
    =⇒ a = 42;
    • AST Λ෦෼తʹΠϯλϓϦτ͢Ε͹
    ྑ͍ɻ
    32

    View Slide

  45. ଓɾ࠷దԽ
    • dead code elimination
    ҙຯͷͳ͍ίʔυ͸ੜ੒͠ͳ͍Α͏ʹ
    ͢Δɻ
    • propagation
    mov (%rax), %r11
    =⇒ mov -8(%rbp), %r11
    ૊Έ߹Θ͍͍ͤͯײ͡ʹ࠷దԽ͢Δɻ
    33

    View Slide

  46. ݁Ռ
    34

    View Slide

  47. ݁Ռ
    όάͬͨ
    34

    View Slide

  48. ݁Ռ
    όάͬͨ
    seccamp ऴྃ
    34

    View Slide

  49. ؼΓͷ৽װઢ
    propagation ͷࡍʹϨδελͷґଘؔ܎Λม
    ߋ͢Δ͜ͱΛ๨Ε͍ͯͨɻ
    35

    View Slide

  50. ଓଓɾ࠷దԽ
    • ؔ਺ͷதͰ࢖͍ͬͯΔϨδελ͚ͩΛ
    ୀආ͢Δ
    • r12, r13, r14, r15 ͸ callee-saved.
    • ؔ਺๯಄Ͱ push ͠ऴΘΓͰ pop.
    • શͯΛอଘ͢Δͱ͕͔͔࣌ؒΔɻ
    • ॻ͖׵͑Δ΋ͷ͚ͩͰྑ͍ɻ
    36

    View Slide

  51. ŰƅŲŔŖŵƃţ
    ࠷దԽͨ͠ aqcc(4fcc2d3)
    37

    View Slide

  52. ŰƅŲŔŖŵƃţ
    ࠷దԽͨ͠ aqcc(4fcc2d3)
    • gcc -O2
    0.13015 ± 0.00126 seconds
    • aqcc
    0.24342 ± 0.00108 seconds
    ໿ 1.87 ഒ
    37

    View Slide

  53. Φν͕ͳ͍
    38

    View Slide

  54. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    39

    View Slide

  55. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    % gcc -c test.s -o test.o
    • Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    39

    View Slide

  56. ౰વͷؼ݁
    40

    View Slide

  57. ౰વͷؼ݁
    ͦ͏ͩ
    ΞηϯϒϥΛ
    ͭ͘Ζ͏
    40

    View Slide

  58. View Slide

  59. View Slide

  60. Ξηϯϒϥ

    View Slide

  61. Ξηϯϒϥͭͬͨ͘
    43

    View Slide

  62. Ξηϯϒϥͷͭ͘Γ͔ͨ
    44

    View Slide

  63. Ξηϯϒϥͷͭ͘Γ͔ͨ
    ΍Δ͚ͩ
    44

    View Slide

  64. Ξηϯϒϥͱ͸
    ΞηϯϒϦΛΦϒδΣΫτϑΝΠϧʹม׵
    ͢Δɻ
    • χʔϞχοΫΛΦϖίʔυʹม׵
    ͢Δɻ
    • ඞཁͳγϯϘϧ৘ใͳͲΛ·ͱΊͯ
    ELF ʹ͢Δɻ
    45

    View Slide

  65. MOV ໋ྩ
    mov %eax, %edx
    46

    View Slide

  66. MOV ໋ྩ
    mov %eax, %edx =⇒ 89 c2
    Opcode Instruction
    89 /r MOV r/m32,r32
    46

    View Slide

  67. MOV ໋ྩ
    mov %eax, %edx =⇒ 89 c2
    Opcode Instruction
    89 /r MOV r/m32,r32
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    1 1 0 0 0 0 1 0
    46

    View Slide

  68. MOV ໋ྩ
    mov %rax, %rdx
    47

    View Slide

  69. MOV ໋ྩ
    mov %rax, %rdx =⇒ 48 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    47

    View Slide

  70. MOV ໋ྩ
    mov %rax, %rdx =⇒ 48 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    7 6 5 4 3 2 1 0
    REX Prefix 0 1 0 0 W R X B
    0 1 0 0 1 0 0 0
    47

    View Slide

  71. MOV ໋ྩ
    mov %r8, %r10
    48

    View Slide

  72. MOV ໋ྩ
    mov %r8, %r10 =⇒ 4d 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    48

    View Slide

  73. MOV ໋ྩ
    mov %r8, %r10 =⇒ 4d 89 c2
    Opcode Instruction
    REX.W + 89 /r MOV r/m64,r64
    7 6 5 4 3 2 1 0
    REX Prefix 0 1 0 0 W R X B
    0 1 0 0 1 1 0 1
    48

    View Slide

  74. MOV ໋ྩ
    mov %eax, (%rdx)
    49

    View Slide

  75. MOV ໋ྩ
    mov %eax, (%rdx)
    =⇒ 89 02
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 0 0 0 0 0 1 0
    49

    View Slide

  76. MOV ໋ྩ
    mov %eax, -4(%rdx)
    =⇒ 89 42 fc
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 0 1 0
    50

    View Slide

  77. MOV ໋ྩ
    mov %eax, -4(%rbp)
    =⇒ 89 45 fc
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 1 0 1
    51

    View Slide

  78. MOV ໋ྩ
    mov %eax, (%rbp)
    =⇒ 89 45 00
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 1 0 0 0 1 0 1
    52

    View Slide

  79. MOV ໋ྩ
    mov %eax, -4(%rip)
    =⇒ 89 05 fc ff ff ff
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    0 0 0 0 0 1 0 1
    53

    View Slide

  80. ·ͱΊ
    inst mod r/m code
    (%rdx) 00 010 89 02
    -4(%rdx) 01 010 89 42 fc
    -4(%rbp) 01 101 89 45 fc
    (%rbp) 01 101 89 45 00
    -4(%rip) 00 101 89 05 fc ff ff ff
    ͱͯ΋ͭΒ͍ɻ
    54

    View Slide

  81. MOV ໋ྩ
    mov %eax, -400(%r11)
    55

    View Slide

  82. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    7 6 5 4 3 2 1 0
    ModR/M mod reg r/m
    1 0 0 0 0 0 1 1
    55

    View Slide

  83. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    56

    View Slide

  84. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    56

    View Slide

  85. MOV ໋ྩ
    mov %eax, -400(%r11)
    =⇒ 41 89 83 70 fe ff ff
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    7 6 5 4 3 2 1 0
    SIB scale index base
    0 0 1 0 0 1 0 0
    56

    View Slide

  86. MOV ໋ྩ
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    scale = 20 = 1 index = %rsp
    base = %r12 disp = -400
    ͜ͷͱ͖ scale × index + base + disp
    57

    View Slide

  87. MOV ໋ྩ
    mov %eax, -400(%r12)
    =⇒ 41 89 84 24 70 fe ff ff
    scale = 20 = 1 index = %rsp
    base = %r12 disp = -400
    ͜ͷͱ͖ scale × index + base + disp
    ͨͩ͠ index = %rsp =⇒ scale = 0
    57

    View Slide

  88. ݁ہ
    n(%r12) ͷͱ͖ʹ 24 ΛຒΊࠐΊ͹͍͍ɻ
    if (mod == 2 && rm == 4)
    emit_byte(modrm(0, 4, 4));
    ίϝϯτ͕ඞཁ
    58

    View Slide

  89. // ͜ͷߦΛফ͢ͱམͪΔɻ
    ΧʔΰɾΧϧτɾϓϩάϥϛϯάͱ͸
    ࣮ࡍͷ໨తʹ͸໾ʹཱͨͳ͍ίʔυ΍ϓϩάϥϜ
    ߏ଄ΛّࣜతʹؚΊ͓ͯ͘ϓϩάϥϛϯάͷελ
    ΠϧͰ͋Δɻ(Wikipedia ΑΓൈਮ)
    59

    View Slide

  90. // ͜ͷߦΛফ͢ͱམͪΔɻ
    ΧʔΰɾΧϧτɾϓϩάϥϛϯάͱ͸
    ࣮ࡍͷ໨తʹ͸໾ʹཱͨͳ͍ίʔυ΍ϓϩάϥϜ
    ߏ଄ΛّࣜతʹؚΊ͓ͯ͘ϓϩάϥϛϯάͷελ
    ΠϧͰ͋Δɻ(Wikipedia ΑΓൈਮ)
    // ...
    // That ’s why this line is needed.
    // NOT CARGO CULT PROGRAMMING !!
    if (mod == 2 && rm == 4)
    emit_byte(modrm(0, 4, 4));
    59

    View Slide

  91. ΞηϯϒϥͭΒ͍
    • ELF ෼͔ΒΜɻ
    • gas ͸೥਺Λײͤ͡͞Δίʔυɻ
    • aqcc ʹ long ͕ແ͍ɻ
    emit qword(
    0x20, 0x00, 0x00, 0x00,
    0x01, 0x00, 0x00, 0x00);
    gas ͷग़ྗ΍ʰϦϯΧɾϩʔμ࣮ફ։ൃς
    ΫχοΫʱΛ΋ͱʹௐ੔ɻ
    60

    View Slide

  92. aqcc ͰίϯύΠϧʢ࠶ܝʣ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c > test.s
    • ίϯύΠϧ
    % gcc -c test.s -o test.o
    • Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    61

    View Slide

  93. aqcc ͰίϯύΠϧ
    test.c ΛίϯύΠϧ͍ͨ͠ɻ
    % ./aqcc test.c test.o
    • ίϯύΠϧ&Ξηϯϒϧ
    % gcc test.o -o test all.o
    • ϦϯΫ
    62

    View Slide

  94. ࣗ໌ͳ༠ಋ
    63

    View Slide

  95. ࣗ໌ͳ༠ಋ
    ͦ͏ͩ
    ϦϯΧΛ
    ͭ͘Ζ͏
    63

    View Slide

  96. View Slide

  97. View Slide

  98. ϦϯΧͭͬͨ͘
    66

    View Slide

  99. ϦϯΧͭͬͨ͘
    C ඪ४ϥΠϒϥϦ΋࡞ͬͨɻ
    66

    View Slide

  100. View Slide

  101. ͳʹ΍ͬͨͷ
    ϦϯΧΛॻ͖͔ͨͬͨɻ
    • ϦϯΧͷσβΠϯ͸ʰϦϯΧɾϩʔμ
    ࣮ફ։ൃςΫχοΫʱΛ͞Βʹ؆୯ʹ
    ͨ͠΋ͷɻ
    • glibc Α͘Θ͔ΒΜɻ
    • aqcc Ͱ࢖༻͢Δඪ४ϥΠϒϥϦؔ਺͸
    ߴʑ༗ݶݸɻ=⇒ ΍Δ͚ͩ
    68

    View Slide

  102. malloc(3) Λ࣮૷
    aqcc ͸ malloc() ͢Δ͕ free() ͠ͳ͍ɻ
    69

    View Slide

  103. malloc(3) Λ࣮૷
    aqcc ͸ malloc() ͢Δ͕ free() ͠ͳ͍ɻ
    char *p = brk (0);
    int size = 0x32000000;
    char *q = brk(p + size );
    ...
    if (malloc_remaining_size < size)
    return NULL;
    69

    View Slide

  104. aqcc ͷϝϞϦޮ཰
    • ίϯύΠϧ͚ͩͳΒແ໰୊ɻ
    • ϦϯΫ͚ͩͳΒແ໰୊ɻ (e.g., lld)
    • ίϯύΠϧɾΞηϯϒϧɾϦϯΫͩͱ
    ϝϞϦΛ৯ͬͯͭΒ͍ɻ
    Ͳ͏͢Δʁ
    70

    View Slide

  105. ݴྶ.in
    71

    View Slide

  106. ໊ݴ
    ๻͸ϗϯϞϊͷϓϩάϥϚͰ͸͋Γ·ͤΜ
    ͔Βɺ΍͚ͬͭ࢓ࣄͰ͢ΑɻϗϯϞϊͷϓ
    ϩάϥϚ͸ɺ
    ʮಈ͍ͯΔΑ͏ʹݟ͑Δ͚Ͳɺ
    ϝϞϦϦʔΫͩΒ͚͡Όͳ͍͔ɻ௚͢ඞཁ
    ͕͋Δ͔΋ͶʯͳΜͯݴ͏Ͱ͠ΐ͏ʁ ๻
    ͳΒɺ10 ϦΫΤετ͝ͱʹ Apache Λ࠶ى
    ಈ͠·͢Ͷɻ
    72

    View Slide

  107. ໊ݴ
    ๻͸ϗϯϞϊͷϓϩάϥϚͰ͸͋Γ·ͤΜ
    ͔Βɺ΍͚ͬͭ࢓ࣄͰ͢ΑɻϗϯϞϊͷϓ
    ϩάϥϚ͸ɺ
    ʮಈ͍ͯΔΑ͏ʹݟ͑Δ͚Ͳɺ
    ϝϞϦϦʔΫͩΒ͚͡Όͳ͍͔ɻ௚͢ඞཁ
    ͕͋Δ͔΋ͶʯͳΜͯݴ͏Ͱ͠ΐ͏ʁ ๻
    ͳΒɺ10 ϦΫΤετ͝ͱʹ Apache Λ࠶ى
    ಈ͠·͢Ͷɻ
    ʕʕ ϥεϚεɾϥʔυϑ (PHP ։ൃऀ)
    72

    View Slide

  108. ػೳΛ෼ׂ
    • ./aqcc cs main.c main.s
    ίϯύΠϧ
    • ./aqcc so main.s main.o
    Ξηϯϒϧ
    • ./aqcc oe main.o main.exe
    ϦϯΫ
    खͰଧͭͷ͸গʑ໘౗ɻ
    73

    View Slide

  109. γΣϧεΫϦϓτΛॻ͘
    • ./aqcc main.c -o main.exe
    =⇒ ݸผͷػೳΛదٓݺͿɻ
    gcc ͬΆ͔͚͘Δʂ
    74

    View Slide

  110. ·ͱΊ
    75

    View Slide

  111. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    75

    View Slide

  112. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    75

    View Slide

  113. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    75

    View Slide

  114. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    • ඪ४ϥΠϒϥϦ =⇒ ΍Δ͚ͩ
    75

    View Slide

  115. ·ͱΊ
    • ίϯύΠϥ =⇒ ΍Δ͚ͩ
    • Ξηϯϒϥ =⇒ ΍Δ͚ͩ
    • ϦϯΧ =⇒ ΍Δ͚ͩ
    • ඪ४ϥΠϒϥϦ =⇒ ΍Δ͚ͩ
    ʊਓਓਓਓਓਓਓਓਓਓਓਓਓʊ
    ʼɹ΍Δ͚ͩπʔϧνΣΠϯɹʻ
    ʉ Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y^Y ʉ
    75

    View Slide

  116. ͝ਗ਼ௌ
    ͋Γ͕ͱ͏͟͝
    ͍·ͨ͠ɻ
    76

    View Slide

  117. ࢀߟจݙ
    • ʮ௨৴༻ޠͷجૅ஌ࣝʯ
    https://www.wdic.org/
    • ʰϦϯΧɾϩʔμ࣮ફ։ൃςΫχοΫʱ
    ࡔҪ ߂྄ɺCQ ग़൛ࣾɺ2010
    • ݴྶ.in
    http://www.kotodama.in/
    77

    View Slide

  118. ࢀߟจݙ
    • IntelR
    ⃝ 64 and IA-32 Architectures
    Software Developer Manuals
    https://software.intel.com/
    en-us/articles/intel-sdm
    • N1548 Committee Draft Š December
    2, 2010 ISO/IEC 9899:201x
    http://www.open-std.org/jtc1/
    sc22/wg14/www/docs/n1548.pdf 78

    View Slide