linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Richard B. Johnson" <root@chaos.analogic.com>
To: John Bradford <john@grabjohn.com>
Cc: clemens-dated-1063627487.e072@endorphin.org,
	joern@wohnheim.fh-wedel.de,
	Linux kernel <linux-kernel@vger.kernel.org>
Subject: Re: nasm over gas?
Date: Fri, 5 Sep 2003 09:20:09 -0400 (EDT)	[thread overview]
Message-ID: <Pine.LNX.4.53.0309050830430.11980@chaos> (raw)
In-Reply-To: <200309051225.h85CPOYr000323@81-2-122-30.bradfords.org.uk>

On Fri, 5 Sep 2003, John Bradford wrote:

> > > Are there any buffer overflows or other security holes?
> > > How can you be sure about it?
> >
> > How can you be sure? Mathematical program verification applies quite badly
> > to assembler.
>
> The point is, if somebody does find a bug they will want to
> re-assemble with Gas after they've fixed it.
>
> > > If your code fails on any one of these questions, forget about it.  If
> > > it survives them, post your results and have someone else verify them.
> >
> > I'm sorry, your critique is too generel to be useful.
>
> It's not, all the time the argument is not against the assembler code,
> but rather against $assembler!=Gas.
>
> John.

All assemblers suck. However, they are exceeding useful. The
code ends up being exactly what you write. Usually one only
needs to learn one assembler per platform. It was a real shock
for me to have to learn GAS, it was "backwards", seemed to
think everything was a '68000, and basically sucked. However,
once I learned how to use it, it became a useful tool. In
a mini-'C' library I wrote for a project, the total sharable
runtime-library size is:

crt.so: ELF 32-bit LSB shared object, Intel 80386, version 1, stripped
-rwxr-xr-x   1 root     root        77896 Aug 20 2000 assembly/crt.so
-rw-r--r--   1 root     root         1448 Aug 20 2000 assembly/start.o

This includes most of the string stuff and the 'C' interface to
Linux.

The test of code that works in the 'real' world is called
regression-testing. Basically, you run the stuff. You execute
all "known" possible execution paths. If it works, it works.
If it doesn't, you fix it until it does. Seeding with faults
to see if your regression test picks it up, as is proposed
by a bunch of different testing methods, is absurd whether it's
written in assembly or C#. It doesn't matter what the
language is. You need to test procedures as "black-boxes" with
specified inputs and outputs. You also have to violate the
input specifications and show that an error, so created, doesn't
propagate. Such an error need not crash or kill the system, but
it must be detected so that invalid output doesn't occur.

Error-checkers like Lint, that use a specific langage such as 'C',
can provide the programmer with a false sense of security. You
end up with 'perfect' code with all the unwanted return-values
cast to "void", but the logic remains wrong and will fail once
the high-bit in an integer is set. So, in some sense, writing
procedures in assembly is "safer". You know what the code will
do before you run it. If you don't, stay away from assembly.

Cheers,
Dick Johnson
Penguin : Linux version 2.4.22 on an i686 machine (794.73 BogoMips).
            Note 96.31% of all statistics are fiction.



  parent reply	other threads:[~2003-09-05 13:19 UTC|newest]

Thread overview: 54+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-09-05 12:25 nasm over gas? John Bradford
2003-09-05 12:25 ` Fruhwirth Clemens
2003-09-06 22:08   ` Herbert Poetzl
2003-09-07 20:40     ` Fruhwirth Clemens
2003-09-05 13:20 ` Richard B. Johnson [this message]
     [not found] <tt0q.6Rc.17@gated-at.bofh.it>
     [not found] ` <tt0r.6Rc.19@gated-at.bofh.it>
     [not found]   ` <tt0r.6Rc.21@gated-at.bofh.it>
     [not found]     ` <tt0r.6Rc.23@gated-at.bofh.it>
     [not found]       ` <tt0r.6Rc.25@gated-at.bofh.it>
     [not found]         ` <tt0q.6Rc.15@gated-at.bofh.it>
     [not found]           ` <tyCN.6RD.13@gated-at.bofh.it>
2003-09-08 20:08             ` Ihar 'Philips' Filipau
     [not found] <snJB.8dk.25@gated-at.bofh.it>
     [not found] ` <snTm.8qD.41@gated-at.bofh.it>
     [not found]   ` <sTpW.18Z.19@gated-at.bofh.it>
     [not found]     ` <teE5.2XZ.9@gated-at.bofh.it>
2003-09-08 12:07       ` Ihar 'Philips' Filipau
     [not found] <rZQN.83u.21@gated-at.bofh.it>
     [not found] ` <saVL.7lR.1@gated-at.bofh.it>
     [not found]   ` <soFo.16a.1@gated-at.bofh.it>
     [not found]     ` <ssJa.6M6.25@gated-at.bofh.it>
     [not found]       ` <tcVB.rs.3@gated-at.bofh.it>
2003-09-08 12:03         ` Ihar 'Philips' Filipau
2003-09-08 13:53           ` Richard B. Johnson
2003-09-08 16:10             ` Jamie Lokier
2003-09-08 16:17           ` Jamie Lokier
2003-09-08 16:45             ` Ihar 'Philips' Filipau
2003-09-08 16:58               ` Jamie Lokier
2003-09-08 17:59           ` William Lee Irwin III
  -- strict thread matches above, loose matches on Subject: below --
2003-09-05 13:57 John Bradford
2003-09-05 15:39 ` Mehmet Ceyran
2003-09-06 20:24   ` David B. Stevens
2003-09-05 12:21 John Bradford
2003-09-04 10:42 Fruhwirth Clemens
2003-09-04 12:32 ` Antonio Vargas
2003-09-04 13:44 ` Yann Droneaud
2003-09-04 14:05   ` Richard B. Johnson
2003-09-04 14:21     ` Sean Neakums
2003-09-04 14:33       ` Richard B. Johnson
2003-09-04 15:09         ` Yann Droneaud
2003-09-04 14:55     ` Yann Droneaud
2003-09-05 21:16       ` George Anzinger
2003-09-04 14:57   ` Michael Frank
2003-09-04 15:43     ` Fruhwirth Clemens
2003-09-04 22:28     ` insecure
2003-09-05 12:59       ` Michael Frank
2003-09-05 17:28         ` insecure
2003-09-05 17:45           ` Jörn Engel
2003-09-06 17:18             ` insecure
2003-09-07 18:49           ` Eric W. Biederman
2003-09-07 19:30             ` Jamie Lokier
2003-09-09 21:37               ` insecure
2003-09-09 21:34             ` insecure
2003-09-11 11:07               ` Ricardo Bugalho
2003-09-12 15:26                 ` insecure
2003-09-12 17:27                   ` Ricardo Bugalho
2003-09-12 22:17                     ` Jörn Engel
2003-09-13 19:25                       ` Jamie Lokier
2003-09-13 19:51                         ` Jörn Engel
2003-09-11 14:03               ` Eric W. Biederman
2003-09-11 17:05                 ` Jamie Lokier
2003-09-09 20:56           ` Pavel Machek
2003-09-05 13:27       ` Jesse Pollard
2003-09-05 23:51     ` Aaron Lehmann
2003-09-06  1:41       ` Valdis.Kletnieks
2003-09-04 14:56 ` Yann Droneaud
2003-09-05 11:42 ` Jörn Engel
2003-09-05 12:04   ` Fruhwirth Clemens
2003-09-05 12:37     ` Jörn Engel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Pine.LNX.4.53.0309050830430.11980@chaos \
    --to=root@chaos.analogic.com \
    --cc=clemens-dated-1063627487.e072@endorphin.org \
    --cc=joern@wohnheim.fh-wedel.de \
    --cc=john@grabjohn.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).