https://stackoverflow.com/questions/7237963/a-c-implementation-that-detects-undefined-behavior See compcert and frama-c
gcc flags -E stop after preprcoessor. #include literally includes header file -s output assembly (don’t assemble) -c output object file
- Wall -Werrer different warning flas https://stackoverflow.com/questions/399850/best-compiler-warning-level-for-c-c-compilers
-Wall -D_FORTIFY_SOURCE=2 -fsanitize=bounds fsanitize-undefined-trap-on-error -fstrict-flex-arrays
gcc -shared foo.o -o foo.so - makes a dynamically linkable file. You actually have to make a object file first before you do this
g++ is gcc with some appropriate flags set for C++
-lgsl is the same as
-l gsl and looks in system paths for a file called
libgsl.o. It automatically appends
lib. Very odd to my sensibilities.
-I is useful to help
Header files and prototypes actually become “code” in the sense they are entries in the object file.
The C preprocessor.
It can be run on its own
#includeliterally brings that file in.
""is a difference in what search path it uses an prioritizes.
#definemcpp is an alternative
It can be programmed. This is typically ill adviuced http://conal.net/blog/posts/the-c-language-is-purely-functional An amusing essay saying that cpp is a pureply function programminbg language
__COUNTER__ is an autoincrementing thing
There are things for string concatenation
An amusing essay that
make is logic programming language. It is true.
The file system is the database of sorts.
There is a default makefile that is included with every make invocation if you don’t turn it off.
Dynamic Bug detection technique SoK sanitizing for security. Really interesting.
https://github.com/google/sanitizers/wiki Address sanitizer ASAN memory snatizier -fsanitize=memory https://github.com/google/sanitizers ThreadSanitizier - detect race conditions UBSan undefine behavior sanitizer
valgrind SAFECode, and SoftBound
See also notes on CTF stuff and compilers
Shadow memory. mapping of memory to shadow memory where you can hold metadata. Guard pages - try to access an overflow and hit unmapped page, you’ll crash
fat pointers - make pointer a struct tagged pointer - use unused bits in pointer. 64 bits is too many. ALignment makes low bits unused
Shake https://www.microsoft.com/en-us/research/uploads/prod/2018/03/build-systems.pdf build systems a la carte
Stressing C compilers
Csmith undefined behavior canaries
DieHard error resitant allocator Ptmalloc mimalloc https://github.com/microsoft/mimalloc https://www.microsoft.com/en-us/research/uploads/prod/2019/06/mimalloc-tr-v1.pdf “The other allocators are Google’s tcmalloc (tc, tag:gperftools-2.8.1) used in Chrome, Facebook’s jemalloc (je, tag:5.2.1) by Jason Evans used in Firefox and FreeBSD, the Intel thread building blocks allocator (tbb, tag:v2020.3), rpmalloc (rp,tag:1.4.1) by Mattias Jansson, the original scalable Hoard (git:d880f72) allocator by Emery Berger , the memory compacting Mesh (git:67ff31a) allocator by Bobby Powers et al , and finally the default system allocator (glibc, 2.31) (based on PtMalloc2).” tcmalloc jemalloc tbb allocator rpmalloc hoard mesh
- First fit - scan linked list
- next fit - avoid having to scan head where you know you won’t find a good block
- best fit - scan entire list
Metadata is stored next to chunk
- free,in use flags
- pointers in free lists are often stored in same place user data would be
Top chunk, “the wilderness”
how debuggers work int3 and ptrace
help command. lots of stuff
- ni next instruction. next / nexti
- si step stepi
- info all-registers registers
- display $rax - always print rax. display/10i *$rip
- x/10i $pc - next 10 instructions
- x/10x $sp look at stack. x/s look at string
- list *$rip shows you a few lines before and after
- layout split asm src. tui disable. tui enable
https://twitter.com/moyix/status/1556037995169562624?s=20&t=yqv3psiW3ByDbnVTBLr_GA audit of list functions
https://man7.org/linux/man-pages/man7/queue.7.html instrusive linked list