Re: Today's thought

["Halvar Flake" <HalVar () gmx de>]

Hey Matt,

> I've never seen ObjRec other than over someone's shoulder, so I have no 
> idea how you implemented things there. I seem to recall we were talking 
> about detection of "size" bugs, and you were talking about backtracing. 
> I said that I preferred the PC-Lint approach of starting at the 
> allocators and coloring the dataflow moving forward, which seems like 
> more work at first, 

I roughly agree(d) up until this point.

> but after you do everything necessary for decent 
> backtracing one realises that coloring forward is about the same 
> computationally in the worst case.

Factually if you think
about inverse tracking a bit you will very quickly find that you cannot
sensibly do range analysis over a path without tracking forwards as well.

> The sticking point was that I said 
> either approach is quite limited without interfunction dataflow and 
> value tracking (which PC-Lint also does... sometimes). You then said 
> that value tracking wasn't useful, and I disagreed given my experience 
> with finding certain classes of bugs only in the presence of 
> interfunction value tracking. I don't remember the rest of the
> conversation.

This is where my memory differs. I did not, and would not ever, dispute
the fact that in order to deal with many situations involving structures
and indirection you want interprocedural dataflow. What I might have said
is that there are people that disagree with me on that opinion, such as
the Stanford Checker team at the time (as they mentioned in a paper that
they do not see the benefit is worth the cost). I might have also said that
doing the full forwards analysis could be computationally costly and 
mentioned the performance problems a certain product had at the time.

> I'm pretty sure I understood you clearly, since you were in disagreement 
> with what I was saying. Perhaps the confusion is in interfunction 

I was in disagreement with you comparing a LINT with something like
Coverity's checker (as architecturally they bear very little resemblance)
and I vaguely remember being surprised/annoyed/angry at what I perceived as
your inability to distinguish between the LINT, AST postprocessors and
the simulation approach taken by PreFix. 

> dataflow coloring versus actual value tracking and simulation versus 
> forward tracing instead of backtracing? Maybe you were just screwing 
> with me? Perhaps that conversation never happened and it was all a
> dream...

I don't screw with people -- it's massively dangerous in any
field to not tell exactly what you think: See the A.Selberg/P.Erdos
controversy as an example how such behaviour can backfire :-)

> In any event, I didn't intend to upset/insult you publically or 
> privately with my comments. Please accept my apologies :)

No problem. And please accept my apologies for sounding harsh in my
reply. The thing is that in the weird field we're in it is frightfully
easy to create "alternate realities/history" by mailing list posts.

Cheers,
Halvar

-- 
"Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen!
Jetzt aktivieren unter http://www.gmx.net/info

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave