Re: Help on Untrusted Code?

Trent Waddington <>
26 Apr 2000 02:35:36 -0400

          From comp.compilers

Related articles
Help on Untrusted Code? (2000-04-14)
Re: Help on Untrusted Code? (2000-04-25)
Re: Help on Untrusted Code? (Trent Waddington) (2000-04-26)
Re: Help on Untrusted Code? (2000-05-01)
Re: Help on Untrusted Code? (Allyn Dimock) (2000-05-04)
| List of all articles for this month |

From: Trent Waddington <>
Newsgroups: comp.compilers
Date: 26 Apr 2000 02:35:36 -0400
Organization: University of Queensland
References: 00-04-099 00-04-161
Keywords: code

: I think talking about trusted code requires a clear idea of what you
: trust it to do. I trust a C compiler to not send mail to my enemies
: each time I compile a C program. Trusting the generated code to not
: overstep array bounds is a different issue.

The problem of trusting a compiler is indeed a valid question as was
demonstrated by Ken Thompson
( The only real
way to "trust" a compiler is to verify the output it produces with a
reverse engineering tool. Today, the best tool one can expect to
aquire is a debugger and the task is anything but simple, involving
the decoding of thousands of lines of assembly language for even your
most simple (functional) programs. A better tool would be a
resourcable interactive decompiler that could produce some similar
(admittedly low level and without comments or variable names
preserved) source code to the original input to the compiler. An
equalily valid suggestion is to assist a decompilation tool with the
original source.. the tool would look for descrepencies in the binary
from the source. These sorts of tools would also be very helpful for
discovering the buffer overflows that you have described in binary
only distrobutions (it is often the users of software who care more
about security than the vendors) and legacy code.

Unfortunately, little research has been done into development of such
tools and even less academic research into these issues has been
funded. I direct interested parties to the University of Queensland
Binary Translation project (
which is essentially a resourcable decompiler to (very) low level C
which is then fed through a C compiler to migrate binaries between
different (mainly unix variant) platforms.

Trent Waddington

Post a followup to this message

Return to the comp.compilers page.
Search the comp.compilers archives again.