using C++ to exploit the C++ that is building the C++
today you’re going to segfault your compiler.
Modern Compilers themselves are Turing-Complete.
Few understand this.
No…not that they translate Turing complete languages into machine code; that’s a given.
The *process of compilation itself* is a universal computer.
Compilers have a stack. They allocate memory. They execute instructions.
The practical application is what we call “Shifting the Cost”. You can spend developer CPU cycles (compiler evaluation) to save user time (executing the binary).
C++ is the only mainstream language where this matters at scale.
Of course, it’s easy to abuse…often accidentally. Compilers (somewhat) default to assuming you aren’t trying to destroy them.
As a programmer, it’s actually pretty easy to attack your own toolchain.
Which brings us back to the title:
We can use C++ (source code).
To exploit the C++ (compiler internals).
That is building the C++ (output binary).
C++20 introduced consteval, which forces code to execute at compile time.
What if we got recursive?
Like, really recursive.
It’s just too fun to make little “compile bombs”:
// compile_bomb.cpp
#include <iostream>
consteval int fibonacci(int n) {
if (n <= 1) {
return n;
}
return fibonacci(n - 1) + fibonacci(n - 2);
}
int main() {
constexpr int result = fibonacci(10000000);
std::cout << result << std::endl;
return 0;
}By default, the compiler protects itself and aborts the calculation:
g++ -std=c++20 compile_bomb.cpp -o compile_bomb
# Compiler aborts: "constexpr evaluation depth exceeds maximum"But if you remove the guardrails:
g++ -std=c++20 -fconstexpr-depth=10000000 compile_bomb.cpp -o compile_bombNow clang trusts us (oops):
Don’t worry, no binary was harmed in the making of this crash.
...because no binary was ever created.
I’m not doing anything clever; that’s kind of the point. It’s the simplest possible example I could make.
The point to remember is compile-time is a computer in of itself.
Sometimes it’s worth it to murder the compiler.
...there’s a lot of interesting ideas you can make of that.







Well you got me beat. I merely used my <cough>magic</cough> touch to find a (reproducible) way to get a CAD program to segfault, yesterday. Now *this*, on the other hand, is hardcore and badass.
What led you down this particular rabbit hole? Mostly curious as to the thought process that led you there.
If anyone is looking for more ways to crash LLVM, Google's OSS Fuzz project maintains a handy database: https://issues.oss-fuzz.com/issues?q=project:llvm%20status:open