PGP source code
Charles Lindsey
Charles Lindsey <chl at clw.cs.man.ac.uk>
Mon, 3 Sep 2001 10:09:00 +0100 (BST)
On Sun, 02 Sep 2001 17:38:32 +0100
Ben Laurie <ben@algroup.co.uk> said...
>
> Charles Lindsey wrote:
> >
> > Actually, the main reason I would want to compile it would be to verify
> > that the result was the same binary as I had already obtainrd (legally)
> > from NAI. (How easy is it to do that check in practice?)
>
> In my experience, impossible - the problem being that parts of the
> binary (padding, typically) tend to be from uninitialised data.
I don't think that makes it impossible - just difficult. What you
need to show is that everything present in the source code is present
(and correct) in the binary. Where the source code says "here be an
uninitialized array", you don't care what is in the binary.
Other things that can be different arise from 'date of compilation'
and suchlike embedded in the source code; different order of assembly
of segments by the loader, thus jumps will apparently go to different
places; different optimizations performed by the two compilers (which
may be different versions of the same compiler); different register
allocations by the two compilations; and so on.
These problems are all in principle solvable. My question was whether
this problem had been looked at at all, and whether there were tools
around to do it.
For example, if you had binary 1, and used my compiler to produce
binary2, and then used a decompiler on binary1 and binary2 to procude
pseudo-source1 and pseudo-source2, and then tried to compare the two
pseudo-sources, would that be an easier task?
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5