[Tutor] (no subject)
Dave Angel
davea at ieee.org
Sat Oct 30 13:08:25 CEST 2010
On 2:59 PM, Alan Gauld wrote:
>
> "Steven D'Aprano" <steve at pearwood.info> wrote
>
>> is actually being executed. There are very few programming tasks
>> harder than trying to debug code that doesn't actually contain any
>> bugs, or contains bugs different from the ones you are seeing,
>> because the code you are actually executing is something different
>> from what you think you are executing.
>
> To illustrate with a true story (back in the days when you had to build
> and maintain your own compilers!):
>
> Take a C compiler source code and modify it so it produces faulty
> executable code but does not crash or otherwise report an error.
> Compile the now faulty compiler source code with the old (ie working)
> compiler.
> Fix the source code bug.
> Use the new (now broken) compiler to compile the now perfect source
> code to produce a broken compiler with a slightly different defect.
> Now use the resulting compiler to recompile the 'perfect' source code.
> Now figure out why none of your executables work as expected.
>
> That took us nearly 2 weeks to figure out... :-(
> (And made us very thankful for source code version control!)
>
> Alan G.
>
That sounds remarkably parallel to a speech given by Ken Thompson:
http://cm.bell-labs.com/who/ken/trust.html
though there the point was that a trojan could be inserted into a
compiler (or other programming tool) that would survive repair of the
source code. There has been at least one viruse which has been credited
to this approach.
http://www.symantec.com/connect/blogs/interesting-case-induc-virus
DaveA
More information about the Tutor
mailing list