Greats Bugs in History

Transcription

1 Semidoctus, 23 November 2016 Semidoctus, 23 November / 1/

2 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion Semidoctus, 23 November / 2/

3 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion Semidoctus, 23 November / 3/

4 What s a bug? Definition (Bug) Unexpected behavior in a program. Semidoctus, 23 November / 4/

5 What s a bug? Definition (Bug) Unexpected behavior in a program. It s not a bug, it s a feature! ( Maybe from Microsoft Word for Windows maintenance team.) Semidoctus, 23 November / 4/

6 Different kinds of unexpected behaviors Expected by who? Kinds of bugs The end user? Misbug The programmer? Undocumented feature One of the programmers? ( cheat codes!) The manager? Easter egg Actual bug Backdoor 5/ Semidoctus, 23 November /

7 First bugs in history Semidoctus, 23 November / 6/

8 but the concept predated! Thomas Edison, 1878 [ ] then difficulties arise this thing gives out and it is then that Bugs as such little faults and difficulties are called [ ] Journal of the Royal Aeronautical Society, 1945 [ ] through the stage of type test and flight test and debugging right through to later development of the engine to higher powers and efficiency. Semidoctus, 23 November / 7/

9 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion Semidoctus, 23 November / 8/

10 Semidoctus, 23 November / 9/

11 Anatomy of an octet Most (young enough) computer scientists would say: Computers don t work like this! 10/ Semidoctus, 23 November /

12 Anatomy of an octet Most (young enough) computer scientists would say: Computers don t work like this! Let s look at an octet 8 bits, values 0 to / Semidoctus, 23 November /

13 Anatomy of an octet Most (young enough) computer scientists would say: Computers don t work like this! Let s look at an octet 8 bits, values 0 to decimal digits: first (0-9) and second (0-9) Binary-Coded Decimal 10/ Semidoctus, 23 November /

14 Binary-Coded Decimal And one would say: But that s stupid! Especially at a time when memory was expensive! 11/ Semidoctus, 23 November /

15 Binary-Coded Decimal And one would say: But that s stupid! Especially at a time when memory was expensive! 11/ Semidoctus, 23 November /

16 Binary-Coded Decimal II BCD originated in OS/360 (years 1960 s) It became a tradition In first versions of Windows (years 1990 s) Arithmetic overflow on Y2K 12/ Semidoctus, 23 November /

17 What are the consequences? Oh, come on, it was nothing. True, the media overstated the problem a lot. 13/ Semidoctus, 23 November /

18 What are the consequences? Oh, come on, it was nothing. True, the media overstated the problem a lot. But still Hospital software incorrectly calculated age of mothers = wrong diagnosis of down syndrome in children SMS in wrong order in some mobile phones 1 January Incorrect leap year handling 13/ Semidoctus, 23 November /

19 But today it s fixed, right? Most Unix systems store times as # seconds ellapsed since 1970/01/01 00:00 UTC. 14/ Semidoctus, 23 November /

20 But today it s fixed, right? Most Unix systems store times as # seconds ellapsed since 1970/01/01 00:00 UTC. Many computers still store integers over 32 bits What could possibly go wrong? Make the calculation 14/ Semidoctus, 23 November /

21 But today it s fixed, right? Most Unix systems store times as # seconds ellapsed since 1970/01/01 00:00 UTC. Many computers still store integers over 32 bits What could possibly go wrong? Make the calculation See you on 19 January 2038, 03:14:08 UTC! 14/ Semidoctus, 23 November /

22 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion 15/ Semidoctus, 23 November /

23 Ariane 5 On June, 1996, the Ariane 5 rocket crashes, with all its equipments and crew. Acceleration of Ariane 5 is 5 Ariane 4 Acceleration variable overflows Blind reusing of old code The code wasn t supposed to be here! Presentation by Jean-Jacques Levy 16/ Semidoctus, 23 November /

24 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion 17/ Semidoctus, 23 November /

25 The worst security bug ever OpenSSL: a cryptography layer Extremely widespread Bug allows to reveal the computer s memory Possibly known in advance! Discovered 1 April / Semidoctus, 23 November /

26 How Heartbleed Works 19/ Semidoctus, 23 November /

27 How Heartbleed Works 20/ Semidoctus, 23 November /

28 The Heartbleed buzz The bug existed for years = some people new it? Easily leaks passwords, private numbers (It happened) Also attacks the clients No traces! Once again, OpenSSL was extremely widespread 21/ Semidoctus, 23 November /

29 The Heartbleed buzz The bug existed for years = some people new it? Easily leaks passwords, private numbers (It happened) Also attacks the clients No traces! Once again, OpenSSL was extremely widespread Turns out the code of OpenSSL was a mess The faulty code shouldn t have been there in the first place 21/ Semidoctus, 23 November /

30 22/ Semidoctus, 23 November /

31 23/ Semidoctus, 23 November /

32 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion 24/ Semidoctus, 23 November /

33 A Public Relations affair 13 June 1994: Thomas Nicely ( his name) finds some computation about prime numbers wrong 24 October 1994: reports the problem to Intel (Intel admits problem was known since May!) 1 7 November 1994: story spreads on the Internet and specialized press 21 November 1994: CNN Coverage 25/ Semidoctus, 23 November /

34 A Public Relations affair 13 June 1994: Thomas Nicely ( his name) finds some computation about prime numbers wrong 24 October 1994: reports the problem to Intel (Intel admits problem was known since May!) 1 7 November 1994: story spreads on the Internet and specialized press 21 November 1994: CNN Coverage = Long battle between Intel and IBM about the severity of the bug = Intel first refunds CPUs to whom asks, then recall them all 25/ Semidoctus, 23 November /

35 How do you discover such a bug? Tom Nicely was doing number theory calculations. A bug in my code? A bug in some library? A bug in the compiler? A bug in other hardware? 26/ Semidoctus, 23 November /

36 How do you discover such a bug? Tom Nicely was doing number theory calculations. A bug in my code? A bug in some library? A bug in the compiler? A bug in other hardware? Tested in C, C++, Basic Tested on different computers ( different hardware) Tested in stock software: Excel Tested with disabled FPU (At the time, most CPUs used emulation for floating-point numbers!) 26/ Semidoctus, 23 November /

37 Was it bad? Computations of x (1/x) or 1/(1/x) gave results between 200 and 3000 but really not often. 1 chance in 10 billion to get the 9 th digit wrong 1 chance in 360 billion to get the 4 th digit wrong 27/ Semidoctus, 23 November /

38 Where does the error come from? Faster division algorithm: produces 2 bits per iteration (instead of one). Uses a lookup table (extremely common). Some cells of the lookup table were not filled. 7/2, 13/8, 1/2, 1/2, 3/2, 3 7/2, 7/4, 1/2, 1/2, 7/4, 7/2 4, 2, 3/4, 1/2, 2, 4 9/2, 9/4, 3/4, 1/2, 2, 4 9/2, 5/2, 1, 3/4, 9/4, 9/2 5, 5/2, 1, 1, 5/2, 5 11/2, 11/4, 1, 1, 5/2, 5 11/2, 3, 1, 1, 3, 11/2 28/ Semidoctus, 23 November /

39 The Division Algorithm P N D D 2 n for i {31,..., 0} If P 0 then q[i] +1, P 2P D Else q[i] 1, P 2P + D For N = numerator, D = denominator, and q = quotient. Gives results in a strange +1/ 1 encoding Renormalization necessary Lookup table: normalize on the way and get 2 bits at a time 29/ Semidoctus, 23 November /

40 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion 30/ Semidoctus, 23 November /

41 The 500-mile bug 31/ Semidoctus, 23 November /

42 Plan 1 Introduction: what s a bug? 2 The Y2K Bug 3 The case of Ariane 5 4 Heartbleed 5 The Intel Division Bug mile s 7 Conclusion 32/ Semidoctus, 23 November /

43 Conclusion Bug severity overstated by the media By contrast, analysts understate their gravity Few studies afterwards Usually very low-level stuff Thank you for your attention! / Semidoctus, 23 November 2016 /