The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.
I guess other people do the same thing.
Position Causes Stockfish and Komodo To Crash
Moderators: hgm, Rebel, chrisw
-
- Posts: 12541
- Joined: Wed Mar 08, 2006 8:57 pm
- Location: Redmond, WA USA
Re: Position Causes Stockfish and Komodo To Crash
Taking ideas is not a vice, it is a virtue. We have another word for this. It is called learning.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.
-
- Posts: 2488
- Joined: Tue Aug 30, 2016 8:19 pm
- Full name: Rasmus Althoff
Re: Position Causes Stockfish and Komodo To Crash
No, I'm just doing what is standard best practice in software engineering, as Bob also mentioned. Input validation has been standard practice for decades.
Bad software engineering isn't acceptable. It's just that, as evidenced in this thread, many engine programmers don't care. I bet these same people would be annoyed if every other piece of software had the same sloppy input handling and would crash - browsers, word processors, spreadsheet calculators, you name it. One bad key stroke and crash.A typical UCI engine can do funny stuff on malicious input. You have to accept that
Rasmus Althoff
https://www.ct800.net
https://www.ct800.net
-
- Posts: 2488
- Joined: Tue Aug 30, 2016 8:19 pm
- Full name: Rasmus Althoff
Re: Position Causes Stockfish and Komodo To Crash
Also, the argument just doesn't wash that if we can't guarantee perfect security, we don't need to care at all and can be outright sloppy. Just like people do lock their house doors although any door can be opened by a sufficiently equipped and experienced burglar.
Rasmus Althoff
https://www.ct800.net
https://www.ct800.net
-
- Posts: 300
- Joined: Mon Apr 30, 2018 11:51 pm
-
- Posts: 5566
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Position Causes Stockfish and Komodo To Crash
You should by now be aware of the crucial difference.Ras wrote: ↑Tue Dec 15, 2020 11:13 amNo, I'm just doing what is standard best practice in software engineering, as Bob also mentioned. Input validation has been standard practice for decades.
Bad software engineering isn't acceptable. It's just that, as evidenced in this thread, many engine programmers don't care. I bet these same people would be annoyed if every other piece of software had the same sloppy input handling and would crash - browsers, word processors, spreadsheet calculators, you name it. One bad key stroke and crash.A typical UCI engine can do funny stuff on malicious input. You have to accept that
-
- Posts: 5566
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Position Causes Stockfish and Komodo To Crash
There is no need to lock every door in your house if you can rely on the front door being locked. The doors that are accessible by random people over which you have no control. A UCI engine is not meant to be used as the front door. Using one as your front door anyway is negligent.Ras wrote: ↑Tue Dec 15, 2020 11:51 am Also, the argument just doesn't wash that if we can't guarantee perfect security, we don't need to care at all and can be outright sloppy. Just like people do lock their house doors although any door can be opened by a sufficiently equipped and experienced burglar.
Again, UCI was meant to make it as easy as possible to implement a chess engine.
-
- Posts: 5566
- Joined: Tue Feb 28, 2012 11:56 pm
Re: Position Causes Stockfish and Komodo To Crash
And that's what you should do because those 20 patches aren't going to make Stockfish safe to operate on untrusted data anyway.Dann Corbit wrote: ↑Tue Dec 15, 2020 7:08 am The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.
-
- Posts: 12541
- Joined: Wed Mar 08, 2006 8:57 pm
- Location: Redmond, WA USA
Re: Position Causes Stockfish and Komodo To Crash
I am not looking for perfect software. Nobody is.syzygy wrote: ↑Wed Dec 16, 2020 12:53 amAnd that's what you should do because those 20 patches aren't going to make Stockfish safe to operate on untrusted data anyway.Dann Corbit wrote: ↑Tue Dec 15, 2020 7:08 am The more secure you make it, the more secure it is.
It is not only the crashes I would fix.
But I use a lot of engines derived from stockfish and I already make about 20 patches with every release.
So instead of doing 20 patches each on ten engines I cleanse the data.
I am simply looking for better software.
A huge percentage of EPD positions are written by humans. Those positions get fed into engines.
Engine writers are some strange sort of fish, who do not want to check the quality of the data.
*shrug*
Taking ideas is not a vice, it is a virtue. We have another word for this. It is called learning.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.
But sharing ideas is an even greater virtue. We have another word for this. It is called teaching.
-
- Posts: 2488
- Joined: Tue Aug 30, 2016 8:19 pm
- Full name: Rasmus Althoff
Re: Position Causes Stockfish and Komodo To Crash
For one's own program, the external interfaces are the house doors. If everyone relies on someone else to catch things, nobody will do that. Also, there are valid reasons why a GUI transmits FENs that not all engines can deal with, like positions with more than 9 queens.
It was designed as easy protocol - but that is no argument for a sloppy implementation and omitting even basics of good software engineering. I'm not sure where everyone is coming from, but in my environment, that wouldn't pass a professional code review because robustness with inputs is always a general requirement.Again, UCI was meant to make it as easy as possible to implement a chess engine.
Rasmus Althoff
https://www.ct800.net
https://www.ct800.net
-
- Posts: 2272
- Joined: Mon Sep 29, 2008 1:50 am
Re: Position Causes Stockfish and Komodo To Crash
A lot of software is designed to be invoked through wrapper programs which present a friendly interface to the user (e.g. a compiler toolchain, or the kernel of a computer algebra system). But no one would accept the underlying "worker" programs to crash when presented with invalid input.
Imagine the Linux kernel crashing after a system call with invalid arguments...
Imagine the Linux kernel crashing after a system call with invalid arguments...
Ideas=science. Simplification=engineering.
Without ideas there is nothing to simplify.
Without ideas there is nothing to simplify.