|
|
Status at 6th January 2008:
Almost all pages here have now moved to the new site. You will get best results from the new site if you browse with Internet Explorer and have scripting enabled. For an explanation, read the new site’s Browser Advice. This old site will eventually disappear. Please update any links that you keep. |
You are at the home page of a small web site that has grown out of an academic interest in studying what software actually does. The thesis here is that software can be subjected feasibly to a process analogous to literary criticism. Much as a literary critic may read the text of a novel sufficiently closely to discern weaknesses in the plot or to make out in-jokes contrived for the special enjoyment of the author’s friends, so may a software analyst study the instructions of a program sufficiently closely to spot errors in the code and to learn of features that the program’s manufacturer does not disclose.
We are all familiar with the work of literary critics. Most of us are comfortable with it, though authors and their publishers are sometimes less so. Most of us do not need, and ordinarily would not want, that the critic should be helped by the author. Yet with software, the craft of analysis is so undeveloped that even among experts in computer science, only very few expect that useful analysis is possible without help from the manufacturer and specifically without access to the source code. This notion has become especially well established at the hands of those who promote open-source licensing.
I say that whatever the merits of publishing software with or without its source code, we can and ought do better at developing techniques for examining software without its source code. The community is failed while the industry cannot provide some practicable means of independent inspection.
The aim at this site is to show that useful work is at least within reach, albeit as one man’s lone exercise. For more on the methods of analysis, the reasons for developing them, and some thoughts on why anyone should care, see Motivation and Application.
At this site, you can get free samples. Indeed, this site exists primarily to supply these free samples as a way of encouraging your attention. Although the samples are not generally intended to be important in themselves, they are meant to demonstrate that my particular methods of software analysis can produce practical results.
Although it is not necessary that one who works at analysing software should be a programmer or have trained as a programmer (and, indeed, I did not), it is almost certainly not possible to become proficient at analysing software without also becoming at least competent at many of the skills required for programming, and it is surely not possible to do any useful software analysis without producing information that may in turn be useful to programmers. Most of the programming samples are documentation of some sort, typically of system interfaces or of programming tools.
There are also notes on problems that have arisen in my ordinary use of a computer and which I happen to have studied as if for a commercial problem. Closely related are notes on features that have tumbled out of other analysis and which look like they might be useful to know. Again, no claim is made that the subjects of any of these application notes are important in themselves. The notes are meant just as indications that software analysis can produce practical results, even when no help is available from the manufacturer of whatever software shows the problem.
A special case is made for problems of network security, particularly of Internet security. These are not problems that have arisen in ordinary use, at least not for me. Instead, the subjects of these security notes were brought to my attention by others, though not commercially. Again, the primary reason for presenting these notes here is to demonstrate the deductive power that is available from careful analysis of software even without reference to the manufacturer.
Inevitably, there are a few pages of personal comment.
The commercially significant work associated with this site is the analysis of DOS and Windows system code before specific programming problems are even imagined (let alone met in any sort of real world). As a consequence of this analysis, many questions about the behaviour of these systems can be answered quickly and authoritatively—and if the information needed for the answer is not already known, it is probably within easy reach. For many larger programming problems, you can get reliable advice on a design that you expect your own programmers to implement or you can get a solution coded efficiently for you. To consider sponsoring research or getting it applied to your particular needs, see Services and Fees.
Copyright © 1997-2008. Geoff Chappell. All rights reserved.
[Home][Programming Samples][Application Notes][Security Notes][Editorial][Consultation][Contacts]
