Running the “Reflections on Trusting Trust” Compiler
https://research.swtch.com/nih [research.swtch.com]
2023-10-26 19:09
tags:
c
compiler
development
programming
retro
security
turtles
unix
In October 1983, 40 years ago this week, Ken Thompson chose supply chain security as the topic for his Turing award lecture, although the specific term wasn’t used back then. (The field of computer science was still young and small enough that the ACM conference where Ken spoke was the “Annual Conference on Computers.”) Ken’s lecture was later published in Communications of the ACM under the title “Reflections on Trusting Trust.” It is a classic paper, and a short one (3 pages); if you haven’t read it yet, you should. This post will still be here when you get back.
In the lecture, Ken explains in three steps how to modify a C compiler binary to insert a backdoor when compiling the “login” program, leaving no trace in the source code. In this post, we will run the backdoored compiler using Ken’s actual code. But first, a brief summary of the important parts of the lecture.
source: L
Go & Versioning
https://research.swtch.com/vgo [research.swtch.com]
2018-03-22 19:00
tags:
development
go
programming
swtools
vapor
We need to add package versioning to Go. More precisely, we need to add the concept of package versions to the working vocabulary of both Go developers and our tools, so that they can all be precise when talking to each other about exactly which program should be built, run, or analyzed. The go command needs to be able to tell developers exactly which versions of which packages are in a particular build, and vice versa.
source: trivium
Glob Matching Can Be Simple And Fast Too
https://research.swtch.com/glob [research.swtch.com]
2017-04-24 15:56
tags:
c
compsci
perf
programming
Unless it’s accidentally exponential.
source: HN
Lock-Free Bugs
https://research.swtch.com/lockfree [research.swtch.com]
2017-01-04 08:21
tags:
c
concurrency
development
investigation
programming
systems
To me, the most interesting bugs are the ones that reveal fundamental, subtle misunderstandings about the way a program works.
A very good post looking at the interaction between locks and free(). (Not bugs in lockfree algorithms.)
source: L
Version SAT
https://research.swtch.com/version-sat [research.swtch.com]
2016-12-13 16:41
tags:
compsci
math
swtools
This post gives a proof of NP-completeness for version selection, looks at how existing package managers cope, and briefly discusses possible approaches to avoid an NP-complete task.