Comment by kortilla

1 year ago

That’s not correct. There is not a general solution to tell what any arbitrary program can do, but most code is boring stuff that is easy to reason about.

But a malicious actor can hide stuff that would be missed on a general casual inspection.

Most of the methods in https://www.ioccc.org/ would be missed via a casual code inspection, esp. if there weren't any initial suspicion that something is wrong about it.

  • Yes, but again, that doesn’t apply to the vast majority of code. My point is that saying you can’t know what code does “in general” is not true. We wouldn’t have code reviews if that were the case.