Death of antivirus software imminent

Leichter, Jerry leichter_jerrold at emc.com
Mon Jan 7 11:20:51 EST 2008 

| Jerry,
| 
| It is always possible that I misunderstand the McCabe
| score which may come from the fact that so many build
| environments compute it along with producing the binary,
| i.e., independent of human eyeballs.  If complexity
| scoring requires human eyeballs or the presence of the
| designer's flow charts, then will we ever get meaningful
| numbers (sans artificial intelilgence) for code we did
| not write ourselves?  [...yes, this parallels the many
| arguments about how can you trust crypto code you didn't
| write, either...]
| 
| If McCabe scoring is your area, do you agree with the
| rule that a McCabe score of <10 is essential -- an argument
| that I am quoting from some NASA spec I read a while ago
| and can dig up again if that turns out to be necessary.
It's not really my area, sorry.  I'm just looking at this from
a very general point of view.  The point of McCabe and similar
measures is to point you to areas likely to contain bugs, or
that are likely to be particularly costly to implement.  Since
it's *humans* who actually implement (and produced bugs), a
meaningful measure can't depend on things that human beings
don't see.  This kind of analysis can be very powerful.  Everyone
has heard of Galileo's experiment dropping balls of different
weights and proving they hit the ground at the same time - but how
many people are aware of his theoretical argument that this must
be the case?  It's very simple:  Suppose a 2lb ball drops faster
than a 1lb ball.  Take the 2lb ball and pull it into a dumbell
shape, with (almost) 1lb at each end, but the ends very close
together.  Presumably, it still drops at the speed of a 2lb
ball.  Now pull the halves apart a bit at a time, gradually
thining out the connecting segment.  Eventually, you have two
1lb ball connected by a thread.  Does that drop at the speed
of the individual 1lb balls, or at the speed of a 2lb ball?
Clearly, it has to be both - the 1lb and 2lb balls must drop
at the *same* speed!

I pretty sure the build environments that give you McCabe measures
automatically are pulling the information from the control
flow analysis in compiler front ends.  This is where basic
blocks and the edges connecting them are first extracted.
Computing McCabe is trivial at this point - and the structure
it is computed on will correspond pretty directly to what a
human being would have perceived.  As various optimizations
are applied, the structure will change - and there is no
reason to believe that the McCabe measure won't change along
the way, since preserving McCabe is hardly a goal of optimizing
transformations.

| Always ready for re-education, but wary of the best
| being the enemy of the good,
|
| --dan
							-- Jerry

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list