I’m an old linker-internals guy from Solaris and am
interested in following up on Jessie Frazelle’s challenge to generate
seccomp syscall-filters from static analyses of Go gode:
By moving the filter generation to build time it should be possible to ensure that all of the relevant code is examined. Go doesn’t use the C library for its system calls; instead, it generates its own assembly that calls into the kernel. That process can be hijacked and used to collect information on which system calls the program needs; generation of the filter should then be easy. [`https://lwn.net/Articles/745820/ ]
Are there any classic papers or blogs on the (SSA) internal representation of Go?