Dailydave mailing list archives
Re: The value of knowing reverse engineering
From: Chad Loder <dailydave () loder us>
Date: Wed, 22 Feb 2006 18:31:31 -0800
On Wed, Feb 22, 2006 at 07:43:35AM +0000, Matt Hargett wrote:
Alexander Sotirov wrote:halvar () gmx de wrote:now with all the discussion about GCC's security features, I can quip in a bit more than one line. Rolf and me are having long discussions after having had crazy problems with GCC's code generation over the time -- Rolf really wants to get rid of GCC for our products, and I can't blame him. The amusing thing is that I think that reverse engineers and developers are an almost disjoint set, because apparently developers just 'live' with broken code generation, and many RE's don't develop enough to notice broken compilers.I've been following GCC development for a while, and I have the impression that they are pretty good about fixing wrong code generation bugs. From the discussions on the GCC mailing list it seems that these bugs usually get assigned highest priority and are resolved quickly.This is my experience also -- I really like the way Mark Mitchell has been managing things so far given the resource and time constraints.
Oh come on! gcc devotes 99% of its time figuring out how to eat invalid and nonstandard code. gcc will happily eat just about any piece of crap code one could throw at it without so much as a warning. It happily compiles code that has never been and will never be legal C according to any standard. One never knows what sort of magic stuff it's going to emit. And then the gcc people make things worse by adding their own pet gcc-isms to the C language without thinking through how they are going to be parsed properly by *any* LALR parser, including gcc itself! So developers continue to write garbage code, and gcc continues to do its magic, and nobody really knows or cares what gets emitted. Oh...and don't even get me started on buggy builtins, which IMHO remains a big unexplored security risk. So forgive me for being totally underwhelmed by the new security features which are being layered on top of this hopelessly bloated thing that gets bigger and and nastier with every release. Bah.
Current thread:
- The value of knowing reverse engineering halvar (Feb 21)
- Re: The value of knowing reverse engineering Alexander Sotirov (Feb 22)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 22)
- Re: The value of knowing reverse engineering Chad Loder (Feb 22)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 23)
- Re: The value of knowing reverse engineering Chad Loder (Feb 23)
- Re: The value of knowing reverse engineering Matt Hargett (Feb 22)
- Re: The value of knowing reverse engineering Alexander Sotirov (Feb 22)