Show HN: Online C/C++ to assembly visualizer [Weekend Project]
assembly.ynh.ioLLVM has a similar page: http://llvm.org/demo
you can compile C/C++ to LLVM IR and also 32 or 64 bit intel assembler. you can also see the effects of different optimizations, etc
Side by side would be a better layout like: http://gcc.godbolt.org/
Nice project. Will be more useful if there is an explanation of code generated. For example, making the various assembly instructions clickable and displaying information about them. Also a tiny bit of explanation about code and data sections might be of help too :)
Ok added to the todo list
You don't filter out CPP macro's. I would skip that and only allow C code. Or run this thing in a proper jail because at the moment:
- doing an include #include "/dev/random" will block the thread. - including "/etc/passwd" is also possible although I don't see a direct way to turn this into password disclosure.
Seriously; even if it's a weekend project, letting people run all kinds of potentially bad code on your machine is never a good idea. Even though you don't run the binaries yourself there's so many ways to mess around with a compiler. You just don't know what's going to happen.
chroot would probably be sufficient. Barring some sort of code execution vuln in the compiler you can only load stuff off of the filesystem.
Having the actual CPP available is nice because some bits of libc are only macros.
I have now added some basic macro detection
#define x "/etc/passwd" #include x
I have now fixed it. But I think there must be an other way to make it safe. Maybe a sandbox
This is part of your /etc/shadow file:
We can still read /etc/ssh/ssh_host_rsa_key, etc.root:censoredEdit: removed hash, sorry
Saying "you can read /etc/shadow by doing X, Y, and Z" is okay -- it's a permanent record there was a flaw. Saying "here's your root password hash" is not ok; even once the flaw is fixed, that hash is still floating around out there. I'd take advantage of the edit period and remove that from your comment; it's just not cool. The OP should definitely change the root password on the box regardless.
Well one easy way to increase security would for this to stop running as root.
Please, don't ever run your application code as root. Less so when it's facing the Internet.
No problem I think I could fix it.
Can you show us how you read the content of the file. Just want to learn more
If it's a server used for other things, definitely a sandbox. gcc's not exactly security hardend. Best one (novel solution, though the code's old and shit) I've come across: https://pts-mini-gpl.googlecode.com/svn/trunk/uevalrun/doc/u...
I have now used a the wrapper by gcc-explorer https://github.com/mattgodbolt/gcc-explorer/blob/master/c-pr...
I could have made the same comment. Good project, could be useful to me. A peace of asm documentation would be tasty.
This could be a great educational tool! It could be used to teach Introductory Computer Organization at the college level.
I have a suggestion:
- Would you be able to separate the web interface, so that it could used to display Java -> JVM assembly, or any other language. Basically, so that it would be re-usable.
- Putting this up on GitHub would be great.
Finally, great work for just a weekend!
The code is available on github https://github.com/ynh/cpp-to-assembly
Definitely interesting! Lots of us unix people would just run objdump -d for a quick ASM extraction, but this is probably much friendlier to the user just starting to learn C/ASM.
Overall, Good Job!
Silently fails if you make a syntax error. I accidentally pasted this without newlines and at first I thought it wasn't responding:
#include <stdio.h>int main() { printf("Hello World"); }Can i recommend adding -masm=intel to your gcc flags? I know AT&T syntax is the default for gcc and gas, but not why. Intel syntax seems clearer to read and is used by most assembly tutorials.
OK I will let the user choose between both syntax
This really removes any hurdle I might have of inspecting the assembly code due to sheer laziness of opening up my Visual Studio and start debugging. Awesome work. If you add some type of interactivity to the generated assembly, it can be made more visual.
I love it!
My only suggestion right now is to have it so you can have the assembly on the left or right side. Maybe it's just me, but my focus seems to be on the left side more than the right.
Since this is a focused on assembly it seems, wouldn't you want the focus on the assembly, not the C? It could be different for different people though.
In the hello world example, no matter what text you put there, the assembly is the same. Where does the string content go?
Static data in the binary.
Very neat! Suggestion: add a 'flags' field where you can specify stuff like -std=c99 and any other flags you might need for your code to compile, and a horizontal rule or something like that after every line of input code.
If you do the 'flags' thing make sure you filter it to avoid escapes to the underlying shell.
Error: Command failed: /tmp/test969394043.c:1:0: fatal error: can’t open /root/assembler/ccMEBJ3B.s for writing: Permission denied compilation terminated. The bug is not reproducible, so it is likely a hardware or OS problem.
Really.
Just fixed
Error: Command failed: /bin/sh: 1: c-preload/compiler-wrapper: Permission denied
I'm getting this too.
Fixed
Interesting project. As an improvement to the UI, you can consider adding syntax highlighting to the editor. Take a look at ACE editor (http://ace.ajax.org/).
Try this on iPad. Generated assembly looks very bad in terms of layout.
Apple safari browser? Is it also the case with opera or Chrome on the iPad?
I would guess it will be the same, Chrome on iPad is basically just an iOS webkit wrapper
And you can't load any of the examples
It'd be nice to make, e.g. the for loop clickable, so that it "stuck" and you could scroll down and see where it ended.
As it is now, as soon as you move your mouse, it unhighlights.
Does anyone have a link to a good beginner's guide explaining the output?
Can't you add a function for memorizing the code written?
Thank you!
Yes I could add some thing like a permanent link creator.
don't work really - some guidance on use might be acceptable. does it need to be a whole program? my snippets give confusing errors about variable identifiers not being types o_0
It must be a valid c/c++ program. Just wrap your code in a function
excellent -- my unsolicited advice is for you to ping some professors and TAs who teach low-level programming to get them interested in using this in their teaching.