numeric bugs and security bugs

David G. Hough at validgh dgh
Fri Dec 9 10:32:56 PST 1994


Although most of the flamage in comp.sys.intel is directed at Intel, I think
most people knowledgeable about numerical issues know that none of the 
chip and system vendors would be comfortable with that degree of scrutiny,
but more intensive scrutiny is part of the price of success for a large
installed base.    In that sense it's like Unix security bugs; the Unix
versions with the largest installed base have the most users and the most
crackers probing their defenses, and hence the largest collection of known
problems and corresponding patches.   Yet none of their competitors has been
bold enough to suggest that they have far less than their share of 
unreported security problems.

Similarly the whole world will soon discover every aspect of the Pentium
bug, if any remain undiscovered, but that should be a caution to all the
users of all the computers, rather than reason for Intel's competitors to
boast.   This is not just Intel's problem, but an industry problem.
Intel is correct to observe that all sufficiently complex processors
either have bugs - deviations from their explicit or implicit specifications -
or are too complex to prove to be bug-free.    Maybe in analogy to CERT,
an appropriate neutral institution should
examine allegations of defective behavior and disseminate patches and
workarounds as warranted.    Whether that happens or not, it seems to be
a good time to be in the correctness/performance evaluation business.
Unfortunately the name Failure Analysis Associates
has already been taken by an outfit
in Palo Alto that often is retained by corporate clients in product 
liability disputes.

In the case of the Pentium bug, most of the concerned public could put
their minds at ease by turning off the floating-point hardware in their
systems.    I heard that Compaq is providing a Windows program to do that.
If they turn off the hardware and suffer a noticeable slowdown, then they
were really floating-point-intensive users after all and are warranted in
seeking a replacement part.



More information about the Numeric-interest mailing list