Position Causes Stockfish and Komodo To Crash

Discussion of chess software programming and technical issues.

Moderators: hgm, Dann Corbit, Harvey Williamson

Forum rules
This textbox is used to restore diagrams posted with the [d] tag before the upgrade.
Post Reply
Dann Corbit
Posts: 11978
Joined: Wed Mar 08, 2006 7:57 pm
Location: Redmond, WA USA
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Dann Corbit » Tue Dec 15, 2020 6:08 am

The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.

I guess other people do the same thing.
Taking ideas is not a vice, it is a virtue. We have another word for this. It is called learning.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.

Ras
Posts: 1745
Joined: Tue Aug 30, 2016 6:19 pm
Full name: Rasmus Althoff
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Ras » Tue Dec 15, 2020 10:13 am

syzygy wrote:
Tue Dec 15, 2020 4:07 am
But then you're still advocating for a false sense of security.
No, I'm just doing what is standard best practice in software engineering, as Bob also mentioned. Input validation has been standard practice for decades.
A typical UCI engine can do funny stuff on malicious input. You have to accept that
Bad software engineering isn't acceptable. It's just that, as evidenced in this thread, many engine programmers don't care. I bet these same people would be annoyed if every other piece of software had the same sloppy input handling and would crash - browsers, word processors, spreadsheet calculators, you name it. One bad key stroke and crash.
Rasmus Althoff
https://www.ct800.net

Ras
Posts: 1745
Joined: Tue Aug 30, 2016 6:19 pm
Full name: Rasmus Althoff
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Ras » Tue Dec 15, 2020 10:51 am

Also, the argument just doesn't wash that if we can't guarantee perfect security, we don't need to care at all and can be outright sloppy. Just like people do lock their house doors although any door can be opened by a sufficiently equipped and experienced burglar.
Rasmus Althoff
https://www.ct800.net

Sesse
Posts: 274
Joined: Mon Apr 30, 2018 9:51 pm
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Sesse » Tue Dec 15, 2020 11:56 am

syzygy wrote:
Tue Dec 15, 2020 4:07 am
[But then you're still advocating for a false sense of security.
Or perhaps just for increased reliability, which is related to security but not the same.

syzygy
Posts: 4902
Joined: Tue Feb 28, 2012 10:56 pm

Re: Position Causes Stockfish and Komodo To Crash

Post by syzygy » Tue Dec 15, 2020 11:42 pm

Ras wrote:
Tue Dec 15, 2020 10:13 am
syzygy wrote:
Tue Dec 15, 2020 4:07 am
But then you're still advocating for a false sense of security.
No, I'm just doing what is standard best practice in software engineering, as Bob also mentioned. Input validation has been standard practice for decades.
A typical UCI engine can do funny stuff on malicious input. You have to accept that
Bad software engineering isn't acceptable. It's just that, as evidenced in this thread, many engine programmers don't care. I bet these same people would be annoyed if every other piece of software had the same sloppy input handling and would crash - browsers, word processors, spreadsheet calculators, you name it. One bad key stroke and crash.
You should by now be aware of the crucial difference.

syzygy
Posts: 4902
Joined: Tue Feb 28, 2012 10:56 pm

Re: Position Causes Stockfish and Komodo To Crash

Post by syzygy » Tue Dec 15, 2020 11:48 pm

Ras wrote:
Tue Dec 15, 2020 10:51 am
Also, the argument just doesn't wash that if we can't guarantee perfect security, we don't need to care at all and can be outright sloppy. Just like people do lock their house doors although any door can be opened by a sufficiently equipped and experienced burglar.
There is no need to lock every door in your house if you can rely on the front door being locked. The doors that are accessible by random people over which you have no control. A UCI engine is not meant to be used as the front door. Using one as your front door anyway is negligent.

Again, UCI was meant to make it as easy as possible to implement a chess engine.

syzygy
Posts: 4902
Joined: Tue Feb 28, 2012 10:56 pm

Re: Position Causes Stockfish and Komodo To Crash

Post by syzygy » Tue Dec 15, 2020 11:53 pm

Dann Corbit wrote:
Tue Dec 15, 2020 6:08 am
The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.
And that's what you should do because those 20 patches aren't going to make Stockfish safe to operate on untrusted data anyway.

Dann Corbit
Posts: 11978
Joined: Wed Mar 08, 2006 7:57 pm
Location: Redmond, WA USA
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Dann Corbit » Wed Dec 16, 2020 5:19 am

syzygy wrote:
Tue Dec 15, 2020 11:53 pm
Dann Corbit wrote:
Tue Dec 15, 2020 6:08 am
The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.
And that's what you should do because those 20 patches aren't going to make Stockfish safe to operate on untrusted data anyway.
I am not looking for perfect software. Nobody is.
I am simply looking for better software.

A huge percentage of EPD positions are written by humans. Those positions get fed into engines.
Engine writers are some strange sort of fish, who do not want to check the quality of the data.
*shrug*
Taking ideas is not a vice, it is a virtue. We have another word for this. It is called learning.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.

Ras
Posts: 1745
Joined: Tue Aug 30, 2016 6:19 pm
Full name: Rasmus Althoff
Contact:

Re: Position Causes Stockfish and Komodo To Crash

Post by Ras » Wed Dec 16, 2020 6:57 am

syzygy wrote:
Tue Dec 15, 2020 11:48 pm
There is no need to lock every door in your house if you can rely on the front door being locked.
For one's own program, the external interfaces are the house doors. If everyone relies on someone else to catch things, nobody will do that. Also, there are valid reasons why a GUI transmits FENs that not all engines can deal with, like positions with more than 9 queens.
Again, UCI was meant to make it as easy as possible to implement a chess engine.
It was designed as easy protocol - but that is no argument for a sloppy implementation and omitting even basics of good software engineering. I'm not sure where everyone is coming from, but in my environment, that wouldn't pass a professional code review because robustness with inputs is always a general requirement.
Rasmus Althoff
https://www.ct800.net

Michel
Posts: 2159
Joined: Sun Sep 28, 2008 11:50 pm

Re: Position Causes Stockfish and Komodo To Crash

Post by Michel » Wed Dec 16, 2020 9:37 am

A lot of software is designed to be invoked through wrapper programs which present a friendly interface to the user (e.g. a compiler toolchain, or the kernel of a computer algebra system). But no one would accept the underlying "worker" programs to crash when presented with invalid input.

Imagine the Linux kernel crashing after a system call with invalid arguments...
Ideas=science. Simplification=engineering.
Without ideas there is nothing to simplify.

Post Reply