COSCUP 2014 : open source compiler 戰國時代的軍備競賽

Embed Size (px)

DESCRIPTION

COSCUP 2014 : open source compiler 戰國時代的軍備競賽

Text of COSCUP 2014 : open source compiler 戰國時代的軍備競賽

  • Open Source Compiler COSCUP'2014 Date : July 19th, 2014 Kito Cheng kito.cheng@gmail.com
  • 2 Compiler Team
  • 3 Open Source Compiler
  • 4 yum update -ysudo apt-get upgrade Compiler?
  • 5
  • 6
  • 7
  • 8 Compiler
  • 9 Compiler Debug!
  • 10 GNU ld.bfd / ld.gold gdb as/objdump libstdc++ libgcc
  • 11 GNU LLVM ld.bfd / ld.gold lld / mclinker gdb lldb as/objdump MC layer in LLVM libstdc++ libc++ libgcc libcompiler-rt
  • 12 binutils vs MC Layer binutils Library , . LLVM MC Layer , assembler disassembler Library . Toolchain
  • 13 libstdc++ vs libc++ Linux C++ libstdc++
  • 14 libstdc++ vs libc++ Linux C++ libstdc++ std::string...
  • 15 libstdc++ vs libc++ Linux C++ libstdc++ std::string... libc++ !
  • 16 libstdc++ vs libc++ Linux C++ libstdc++ std::string... libc++ ! STLPort :
  • 17 libstdc++ vs libc++ Linux C++ libstdc++ std::string... libc++ ! STLPort : STLPort C++ Runtime Library
  • 18 VM/JIT New Programming Language /
  • 19 VM/JIT
  • 20 VM/JIT
  • 21 VM/JIT Kaffe VM : JIT Interpreter
  • 22 VM/JIT Kaffe VM : JIT Interpreter Just in time
  • 23 VM/JIT Kaffe VM : JIT Interpreter Just in time Just too late!
  • 24 Pyston FTLWebKits LLVM based JIT
  • 25 New Programming Language
  • 26 New Programming Language Native Execution ...
  • 27 New Programming Language Native Execution ... code gen
  • 28 New Programming Language Native Execution ... code gen C code Compiler
  • 29 New Programming Language Native Execution ... code gen C code Compiler Compiler
  • 30 New Programming Language GCC ...
  • 31 New Programming Language GCC ... , GCC IR - GIMPLE XD : GPLv3
  • 32 New Programming Language GCC ... , GCC IR - GIMPLE XD : GPLv3 LLVM !
  • 33 Rust
  • 34 / youcompleteme clang static analyzer
  • 35 in Compiler Address-sanitizer Undefined-sanitizer Thread-sanitizer
  • 36 Address-sanitizer :) Valgrind !
  • 37 int main(int argc, char **argv) { int stack_array[100]; stack_array[1] = 0; return stack_array[argc + 100]; // BOOM } ================================================================= ==28706==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff61e1f344 at pc 0x4a5dfb bp 0x7fff61e1f170 sp 0 READ of size 4 at 0x7fff61e1f344 thread T0 #0 0x4a5dfa in main /home/kito/test.cpp:4 #1 0x7ff11a8a1d64 in __libc_start_main (/lib64/libc.so.6+0x21d64) #2 0x404c98 (/home/kito/a.out+0x404c98) Address 0x7fff61e1f344 is located in stack of thread T0 at offset 436 in frame #0 0x4a5d29 in main /home/kito/test.cpp:1 This frame has 1 object(s): [32, 432) 'stack_array' 0x10006c3bbe60: 00 00 00 00 00 00 00 00[f4]f4 f3 f3 f3 f3 00 00 ... 0x10006c3bbeb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 ...
  • 38 ==12254==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000eff0 at pc 0x4a5db4 bp 0x7fff3ff57520 sp 0x7fff3ff57518 READ of size 4 at 0x60200000eff0 thread T0 #0 0x4a5db3 in main /home/kito/coscup2014/use-after-free.c:6 #1 0x3c52221d64 in __libc_start_main (/lib64/libc.so.6+0x3c52221d64) #2 0x404c98 (/home/kito/coscup2014/a.out+0x404c98) 0x60200000eff0 is located 0 bytes inside of 4-byte region [0x60200000eff0,0x60200000eff4) freed by thread T0 here: #0 0x476c79 in __interceptor_free /home/kito/gcc/gcc-src/libsanitizer/asan/asan_malloc_linux.cc:63 #1 0x4a5d7c in main /home/kito/coscup2014/use-after-free.c:5 #2 0x3c52221d64 in __libc_start_main (/lib64/libc.so.6+0x3c52221d64) previously allocated by thread T0 here: #0 0x476f19 in __interceptor_malloc /home/kito/gcc/gcc-src/libsanitizer/asan/asan_malloc_linux.cc:73 #1 0x4a5d2b in main /home/kito/coscup2014/use-after-free.c:3 #2 0x3c52221d64 in __libc_start_main (/lib64/libc.so.6+0x3c52221d64) #include int main() { int *a = malloc(sizeof(int)); *a = 100; free(a); return *a; }
  • 39 free/delete/delete[] int main() { int *arr = new int[10]; delete arr; return 0; } ================================================================= ==12421==ERROR: AddressSanitizer: alloc-dealloc-mismatch (operator new [] vs operator delete) on 0x60400000dfd0 #0 0x478219 in operator delete(void*) /home/kito/gcc/gcc-src/libsanitizer/asan/asan_new_delete.cc:85 #1 0x4a5efb in main /home/kito/coscup2014/mismatch-delete.cpp:3 #2 0x3c52221d64 in __libc_start_main (/lib64/libc.so.6+0x3c52221d64) #3 0x404e58 (/home/kito/coscup2014/a.out+0x404e58) 0x60400000dfd0 is located 0 bytes inside of 40-byte region [0x60400000dfd0,0x60400000dff8) allocated by thread T0 here: #0 0x477e29 in operator new[](unsigned long) /home/kito/gcc/gcc-src/libsanitizer/asan/asan_new_delete.cc:55 #1 0x4a5eeb in main /home/kito/coscup2014/mismatch-delete.cpp:2 #2 0x3c52221d64 in __libc_start_main (/lib64/libc.so.6+0x3c52221d64)
  • 40 Address-sanitizer Valgrind Address Sanitizer Heap Y Y Stack N Y N Y (free/delete) Y Y ( : ) N Y( ) Y N free/delete/delete[] Y Y 10x-30x 1.5x-3x
  • 41 Undefined-Sanitizer Undefined behavior
  • 42 Undefined-Sanitizer Undefined behavior k standard undefined behavior...
  • 43 Undefined-Sanitizer Undefined behavior k standard undefined behavior... c99 UB 1x
  • 44 Undefined-Sanitizer Undefined behavior k standard undefined behavior... c99 UB 1x Undefined behavior !!!!!
  • 45 Undefined-Sanitizer Undefined behavior k standard undefined behavior... c99 UB 1x Undefined behavior !!!!! UB...XD
  • 46 Divde by 0 int main(int argc, const char *argv[]){ return argc/0; } div0.cpp:2:14: runtime error: division by zero Floating point exception
  • 47 Deference Null pointer int main(int argc, const char *argv[]){ int *a = nullptr; return *a; } derefnull.cpp:3:11: runtime error: load of null pointer of type 'int' Segmentation fault
  • 48 Shift int main(int argc, const char *argv[]){ return argc >> 32; } shift.cpp:2:15: runtime error: shift exponent 32 is too large for 32-bit type 'int'
  • 49 Signed Integer Overflow #include int main(int argc, const char *argv[]){ int a = INT_MAX; return a + argc; } overflow.cpp:4:14: runtime error: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int'
  • 50 Thread-Sanitizer Race Condition ! Race Condition , Thread-Sanitizer .
  • 51 Race Condition #include #include int Global; void *Thread1(void *x) { Global++; return NULL; } void *Thread2(void *x) { Global--; return NULL; } int main() { pthread_t t[2]; pthread_create(&t[0], NULL, Thread1, NULL); pthread_create(&t[1], NULL, Thread2, NULL); pthread_join(t[0], NULL); pthread_join(t[1], NULL); }