[Tutor] (no subject)
davea at ieee.org
Sat Oct 30 13:08:25 CEST 2010
On 2:59 PM, Alan Gauld wrote:
> "Steven D'Aprano" <steve at pearwood.info> wrote
>> is actually being executed. There are very few programming tasks
>> harder than trying to debug code that doesn't actually contain any
>> bugs, or contains bugs different from the ones you are seeing,
>> because the code you are actually executing is something different
>> from what you think you are executing.
> To illustrate with a true story (back in the days when you had to build
> and maintain your own compilers!):
> Take a C compiler source code and modify it so it produces faulty
> executable code but does not crash or otherwise report an error.
> Compile the now faulty compiler source code with the old (ie working)
> Fix the source code bug.
> Use the new (now broken) compiler to compile the now perfect source
> code to produce a broken compiler with a slightly different defect.
> Now use the resulting compiler to recompile the 'perfect' source code.
> Now figure out why none of your executables work as expected.
> That took us nearly 2 weeks to figure out... :-(
> (And made us very thankful for source code version control!)
> Alan G.
That sounds remarkably parallel to a speech given by Ken Thompson:
though there the point was that a trojan could be inserted into a
compiler (or other programming tool) that would survive repair of the
source code. There has been at least one viruse which has been credited
to this approach.
More information about the Tutor