Rybka 1.0 vs. Strelka

[bnemias]

The problem in CCC is that there are so many posts, and after just a few replies, everything shows up aligned on the right half of the page, which makes it easy to overlook something when it get lost in all the other posts. This is even in the wrong topic in fact...

That's because of avatars. It's wise to block them in one manner or another for that reason.

[bob]

If Christophe or any other commercial programer wanted the source code of Rybka 3 they'd disassemble it. It's not that hard.

Just to get the wordings correct ...

1) "Disassembling" (as also used by some others in this thread) only refers to converting the binary program into assembler instructions, like with the MSVC(++) command "dumpbin /disasm". What you mean is either "decompiling" or "reverse engineering".

2) You cannot obtain "the source code" of a binary via reverse engineering if the binary comes without a symbol table that usually contains (some of!) the identifiers the original author has chosen, and without further input. Since I only looked at the free R1.0beta exe I can only confirm absence of the symbol table for that version. But you can be 100% sure that the commercial versions have the symtable stripped off, too.

This just makes the source harder to read, just as if you went in with an editor and changed every variable name to something like a1111, a1112, a1113, etc...

3) So the reverse engineering is an ambiguous activity (i.e. there are many possible results being equivalent since they can be mapped to the same binary) which is in reality not fully automated, even if there might be some assisting tools for it. The reverse engineer has to assign identifiers to functions and (global/static) variables which are anonymous so far. And, what I personally consider to be the hardest job, he also has to deal quite a lot with local variables living either on the stack or in registers, and having no address that could simply be translated into an identifier.

But that requires that one believe that these two lines are different:

if (a1111 < a1110)
a1112 = a12000 * a120001;

if (rook_square < pawn_square)
score = rook_behind_passed_pawn * passed_pawn_rank;

That would delight programmers wanting to copy assignments in programming courses if all they need to do is change variable names. Those of us with more experience might well deduce that the above are identical, assuming at any instant in time all the variable values are the same, or they could be completely different if all the values are different. It can be done quite easily. There are even freeware programs that will tell you if the above are equivalent, code designed to "half-compile" sources to get rid of comments and variable name hangens to compare the semantics as opposed to syntax.

So I propose to be very careful with a statement that describes reverse engineering of a bare executable as being "not that hard".

Just as additional info: the R1.0beta exe is about 2.4MB large (32 bit version). Strelka 2.0 32bit exe has about 180kB IIRC. Although the huge difference probably comes from the fact that Strelka 2.0 does not use some huge table that R1.0beta had used, this is still a lot, so IMO it _is_ hard work.

This remains true even with the help of available open source where you can borrow some function names from.

Just my 2 cents!

Sven

[bob]

Sounds like witchhunting method. See if she floats. If she does, burn her for witchcraft, if she sinks, she drowns anyway.

See the source, if innocent, you get to see the source, if guilty you get to see the source. Commercial programmer loses either way, like the witch.

The onus of proof remains on the accusers. Period.

Wise words. Can I see Strelka as a legal engine now after all these discussions?

And toga, and Le Petite, and Voyager, and Bionic Impact, and who knows how many others?

[Marc Lacrosse]

Hmmm.

Vas just issued an interesting comment :

1. Strelka contains rybka code AND some other code
2. Rybka is and was not based on Fruit's code (there are similarities for commonly used ideas and algorithms but no Fruit code was used)
3. Maybe those parts of Strelka that are not made from disassembled rybka code do directly include code from fruit but this is not Vas' problem.

This is how I understand a post by Vas on his forum today (see exact copy at end.)

This explanation seems reasonable ...

From now on, only Ossipov (or someone having access to the real rybka code) will be able to tell the truth ...

With this statement it is in my eyes not interesting anymore to add demonstrations of similarities between strelka and Fruit, as long as at the same time there is no proof that the exposed code does not come from that part of strelka that has not been copied from dissassembled rybka ...

Marc

PS : Vas ' post at rybkachess today :

This discussion looks like a complete mess, I see wild statements like:

> --I noted earlier that the history initialization was different. Strelka and Rybka 1.0 are the same here, using memset(History, 256, 12 * 64 * sizeof(int)); But what I didn't notice is, 256 is out of range for an unsigned char. So that code is the same as Fruit's memset(History, 0, 12 * 64 * sizeof(int)); Why would Rybka 1.0 have 256? Is it the optimizer gone wild, or a deliberate attempt at obfuscation?


Maybe somebody can summarize the points.

Generally, code theft is easy to show - just show the two sections of identical code, side-by-side. There isn't much to debate in such cases. Rybka is of course original (with some accepted exceptions like bit scans & bit counters, etc). Strelka contains Rybka code. Whether Strelka also contains Fruit code, I don't know and don't really care.

Re. algorithms and structures - sure, you'll get a lot of similarity between programs. Take something like "modern move ordering" - by this, I mean hash move, non-losing captures (by MVV/LVA), killers, non-captures, and losing captures. The chance of two programmers settling on this independently is more or less zero.

Vas

[Sven]

This just makes the source harder to read, just as if you went in with an editor and changed every variable name to something like a1111, a1112, a1113, etc...
[...]
But that requires that one believe that these two lines are different:

Maybe my post could be misunderstood such that I would focus on choice of identifiers only. In fact, my point was just to show that reverse engineering is not an easy task in general, as opposed to what Terry wrote.

I have tried one of the most common free reverse engineering tools. I omit the name here to avoid advertising; maybe Rick Fadden used the same for his analysis that he posted here a few months ago. It is a great piece of software, but I think you still must be an assembler expert to work efficiently with it (I do not claim to be one), and even if you are, for me it looks as if you still have to work hard to get something that can be called a C source out of your binary, and that C source still compiles to the same original binary.

Of course you can create a different C source that has some common parts with the original binary but contains also a partial copy of another C source, where both worlds are put together somehow. Still hard work, I think.

Sven

[bob]

[snip]
No commercial company with half a brain will publish software claiming total rights over it if not true. That's the overpowering evidence one that R3 is clean. Chessbase won't licence it unless absolutely certain it's clean. That's overpowering evidence two. Say anything else and you play with fire. imo.

I think I have first hand experience on this and I know that you are wrong.

If you need examples, Verizon sued by BusyBox developers. Redhat v SCO, Sun v Microsoft. These occur all the time because major players push software that isn't "squeaky clean." So it's hard to use Chessbase's intelligence as proof of anything concerning Rybka 3.

Maybe. Reverse engineering Rybka 3 will prove whether or not it contains GPL code. Everything else is just speculative and damaging.

Enrique

No, not everything is speculative.
There's a mountain of evidence that strleka 2.0 has hundreds and hundreds of lines of code that are identical or equivilent to code found in fruit 2.1. (this comparison can be made even by a casual user...the two sets of source code are freely available). a detailed comparison was presented here:
http://64.68.157.89/forum/viewtopic.php ... ht=strelka

There is also evidence that strelka 2.0 (both source code and binary) is identical to rybka 1.0 beta.

In addition Vas has confirmed that Strelka is indeed his.

? I think the conclusion is not difficult to ascertain...
rybka 1.0 beta is a derivative of fruit 2.1

i volunteer to stir the shit....

What if there's a completely innocent explanation?

The only possible "innocent explanation" would be "OK, I started by modifying fruit and I have modified the important parts, but didn't realize that the other parts would represent a problem". If you take any two chess programs on the planet, and compare the source, you are not going to find even a hundred lines of code that match exactly, much less a thousand or more. Unless they have a common ancestry, that is.

From Rybka forum, Vas states:

Maybe somebody can summarize the points.

Generally, code theft is easy to show - just show the two sections of identical code, side-by-side. There isn't much to debate in such cases. Rybka is of course original (with some accepted exceptions like bit scans & bit counters, etc). Strelka contains Rybka code. Whether Strelka also contains Fruit code, I don't know and don't really care.

If you want to show a problem with Rybka, put it, Rybka side by side with Fruit.

Did you see Z's post doing just that???

[bob]

The only fly in this ointment is that Zach has done exactly that between Fruit and Rybka 1. His post is in this forum near the top (and is pretty short thread so it is easy to find).

[Terry McCracken]

The topic came up in another thread about the issue of comparing Strelka to Fruit vs. comparing Rybka 1.0 to Fruit. I am doing some disassembling of Rybka 1.0, so I will post the assembly that is equivalent to the last piece of code I had in Fruit. Just to let you know, this is by no means complete. I have filled in most of the function names and some of the variable names, but there is a lot left to do. This is just the result of a few day's work, more will come later.

Code: Select all

.text:0040BCA0 start_search    proc near               ; CODE XREF:
start_go+35F p
.text:0040BCA0
.text:0040BCA0 var_44C         = dword ptr -44Ch
.text:0040BCA0 var_440         = dword ptr -440h
.text:0040BCA0 undo            = dword ptr -40h
.text:0040BCA0 var_8           = dword ptr -8
.text:0040BCA0 num_moves       = dword ptr -4
.text:0040BCA0
.text:0040BCA0                 push    ebp
.text:0040BCA1                 mov     ebp, esp
.text:0040BCA3                 sub     esp, 440h
.text:0040BCA9                 push    ebx
.text:0040BCAA                 push    esi
.text:0040BCAB                 push    edi
.text:0040BCAC                 push    offset dword_669C60
.text:0040BCB1                 mov     dword_667A0C, -500
.text:0040BCBB                 mov     dword_667A10, 500
.text:0040BCC5                 call    evaluate
.text:0040BCCA                 add     esp, 4
.text:0040BCCD                 test    al, al
.text:0040BCCF                 jz      short loc_40BD25
.text:0040BCD1                 mov     ecx, dword_669C6C
.text:0040BCD7                 mov     eax, dword_669C68
.text:0040BCDC                 not     ecx
.text:0040BCDE                 push    ecx
.text:0040BCDF                 not     eax
.text:0040BCE1                 push    eax
.text:0040BCE2                 push    offset list_root
.text:0040BCE7                 call    gen_evasions
.text:0040BCEC                 mov     ecx, list_root
.text:0040BCF2                 add     esp, 12
.text:0040BCF5                 xor     eax, eax
.text:0040BCF7                 test    ecx, ecx
.text:0040BCF9                 jz      short loc_40BD15
.text:0040BCFB                 jmp     short loc_40BD00
.text:0040BCFB ;
---------------------------------------------------------------------------
.text:0040BCFD                 align 10h
.text:0040BD00
.text:0040BD00 loc_40BD00:                             ; CODE XREF:
start_search+5B j
.text:0040BD00                                         ; start_search+73 j
.text:0040BD00                 mov     list_root[eax*4], ecx
.text:0040BD07                 mov     ecx, dword_66BC78[eax*8]
.text:0040BD0E                 add     eax, 1
.text:0040BD11                 test    ecx, ecx
.text:0040BD13                 jnz     short loc_40BD00
.text:0040BD15
.text:0040BD15 loc_40BD15:                             ; CODE XREF:
start_search+59 j
.text:0040BD15                 mov     list_root[eax*4], 0
.text:0040BD20                 jmp     loc_40BDC2
.text:0040BD25 ;
---------------------------------------------------------------------------
.text:0040BD25
.text:0040BD25 loc_40BD25:                             ; CODE XREF:
start_search+2F j
.text:0040BD25                 mov     edx, dword_667B9C
.text:0040BD2B                 mov     eax, dword_667B98
.text:0040BD30                 mov     ecx, dword_667B94
.text:0040BD36                 push    edx
.text:0040BD37                 mov     edx, dword_667B90
.text:0040BD3D                 push    eax
.text:0040BD3E                 push    ecx
.text:0040BD3F                 push    edx
.text:0040BD40                 push    offset dword_66C070
.text:0040BD45                 mov     eax, offset list_root
.text:0040BD4A                 call    gen_captures
.text:0040BD4F                 xor     esi, esi
.text:0040BD51                 add     esp, 20
.text:0040BD54                 cmp     list_root, esi
.text:0040BD5A                 jz      short loc_40BD6D
.text:0040BD5C                 lea     esp, [esp+0]
.text:0040BD60
.text:0040BD60 loc_40BD60:                             ; CODE XREF:
start_search+CB j
.text:0040BD60                 add     esi, 1
.text:0040BD63                 cmp     list_root[esi*4], 0
.text:0040BD6B                 jnz     short loc_40BD60
.text:0040BD6D
.text:0040BD6D loc_40BD6D:                             ; CODE XREF:
start_search+BA j
.text:0040BD6D                 mov     eax, dword_669C6C
.text:0040BD72                 mov     ecx, dword_669C68
.text:0040BD78                 push    -1
.text:0040BD7A                 push    -1
.text:0040BD7C                 push    -1
.text:0040BD7E                 push    eax
.text:0040BD7F                 push    ecx
.text:0040BD80                 lea     edx, [ebp+var_440]
.text:0040BD86                 push    edx
.text:0040BD87                 call    gen_quiet_moves
.text:0040BD8C                 mov     eax, [ebp+var_440]
.text:0040BD92                 add     esp, 24
.text:0040BD95                 xor     ecx, ecx
.text:0040BD97                 test    eax, eax
.text:0040BD99                 jz      short loc_40BDB5
.text:0040BD9B                 lea     edx, ds:66BC70h[esi*4]
.text:0040BDA2
.text:0040BDA2 loc_40BDA2:                             ; CODE XREF:
start_search+113 j
.text:0040BDA2                 add     ecx, 1
.text:0040BDA5                 mov     [edx], eax
.text:0040BDA7                 mov     eax, [ebp+ecx*4+var_440]
.text:0040BDAE                 add     edx, 4
.text:0040BDB1                 test    eax, eax
.text:0040BDB3                 jnz     short loc_40BDA2
.text:0040BDB5
.text:0040BDB5 loc_40BDB5:                             ; CODE XREF:
start_search+F9 j
.text:0040BDB5                 add     ecx, esi
.text:0040BDB7                 mov     list_root[ecx*4], 0
.text:0040BDC2
.text:0040BDC2 loc_40BDC2:                             ; CODE XREF:
start_search+80 j
.text:0040BDC2                 mov     esi, list_root
.text:0040BDC8                 xor     edi, edi
.text:0040BDCA                 test    esi, esi
.text:0040BDCC                 mov     [ebp+num_moves], edi
.text:0040BDCF                 jz      short loc_40BE4C
.text:0040BDD1                 mov     [ebp+num_moves], offset list_root
.text:0040BDD8
.text:0040BDD8 loc_40BDD8:                             ; CODE XREF:
start_search+1A7 j
.text:0040BDD8                 lea     eax, [ebp+undo]
.text:0040BDDB                 push    eax
.text:0040BDDC                 push    esi
.text:0040BDDD                 call    make_move
.text:0040BDE2                 push    offset pos_info_entry
.text:0040BDE7                 call    evaluate
.text:0040BDEC                 mov     ecx, dword_667C20
.text:0040BDF2                 lea     edx, ds:0[ecx*8]
.text:0040BDF9                 mov     ecx, offset dword_667BF8
.text:0040BDFE                 sub     ecx, edx
.text:0040BE00                 mov     eax, [ecx]
.text:0040BE02                 mov     ecx, [ecx+4]
.text:0040BE05                 and     eax, pos_info_entry
.text:0040BE0B                 and     ecx, dword_669C84
.text:0040BE11                 add     esp, 0Ch
.text:0040BE14                 or      eax, ecx
.text:0040BE16                 jnz     short loc_40BE1C
.text:0040BE18                 mov     bl, 1
.text:0040BE1A                 jmp     short loc_40BE1E
.text:0040BE1C ;
---------------------------------------------------------------------------
.text:0040BE1C
.text:0040BE1C loc_40BE1C:                             ; CODE XREF:
start_search+176 j
.text:0040BE1C                 xor     bl, bl
.text:0040BE1E
.text:0040BE1E loc_40BE1E:                             ; CODE XREF:
start_search+17A j
.text:0040BE1E                 lea     eax, [ebp+undo]
.text:0040BE21                 push    eax
.text:0040BE22                 push    esi
.text:0040BE23                 call    unmake_move
.text:0040BE28                 add     esp, 8
.text:0040BE2B                 test    bl, bl
.text:0040BE2D                 jz      short loc_40BE39
.text:0040BE2F                 mov     list_root[edi*4], esi
.text:0040BE36                 add     edi, 1          ; num_moves++
.text:0040BE39
.text:0040BE39 loc_40BE39:                             ; CODE XREF:
start_search+18D j
.text:0040BE39                 mov     eax, [ebp+num_moves]
.text:0040BE3C                 mov     esi, [eax+4]
.text:0040BE3F                 add     eax, 4          ; i++
.text:0040BE42                 test    esi, esi        ; list_root[i].move!=0
.text:0040BE44                 mov     [ebp+num_moves], eax
.text:0040BE47                 jnz     short loc_40BDD8
.text:0040BE49                 mov     [ebp+num_moves], edi
.text:0040BE4C
.text:0040BE4C loc_40BE4C:                             ; CODE XREF:
start_search+12F j
.text:0040BE4C                 xor     esi, esi
.text:0040BE4E                 cmp     edi, 1          ; if (num_moves <= 1)
.text:0040BE51                 mov     list_root[edi*4], esi ;
list_root[num_moves].move = 0
.text:0040BE58                 ja      short loc_40BE64
.text:0040BE5A                 mov     G_max_depth, 4  ; max_depth = 4;
.text:0040BE64
.text:0040BE64 loc_40BE64:                             ; CODE XREF:
start_search+1B8 j
.text:0040BE64                 push    esi
.text:0040BE65                 push    offset dword_667A28
.text:0040BE6A                 call    setjmp
.text:0040BE6F                 add     esp, 8
.text:0040BE72                 test    eax, eax        ; if
(setjmp(jmp_buffer) != 0) return;
.text:0040BE74                 jz      short loc_40BE87
.text:0040BE76                 mov     eax, offset byte_664E08
.text:0040BE7B                 call    sub_4092E0
.text:0040BE80                 pop     edi
.text:0040BE81                 pop     esi
.text:0040BE82                 pop     ebx
.text:0040BE83                 mov     esp, ebp
.text:0040BE85                 pop     ebp
.text:0040BE86                 retn
.text:0040BE87 ;
---------------------------------------------------------------------------
.text:0040BE87
.text:0040BE87 loc_40BE87:                             ; CODE XREF:
start_search+1D4 j
.text:0040BE87                 call    ds:GetTickCount  ; start_timer
.text:0040BE8D                 mov     start_time, eax
.text:0040BE92                 mov     eax, dword_66C490
.text:0040BE97                 add     eax, 1          ; All of this
stuff is trans_inc_date
.text:0040BE9A                 and     eax, 3
.text:0040BE9D                 mov     ecx, eax
.text:0040BE9F                 cmp     ecx, esi
.text:0040BEA1                 mov     dword_66C490, eax
.text:0040BEA6                 jge     short loc_40BEAB
.text:0040BEA8                 add     ecx, 4
.text:0040BEAB
.text:0040BEAB loc_40BEAB:                             ; CODE XREF:
start_search+206 j
.text:0040BEAB                 add     ecx, 1
.text:0040BEAE                 shl     ecx, 8
.text:0040BEB1                 mov     dword_66C498, ecx
.text:0040BEB7                 lea     ecx, [eax-1]
.text:0040BEBA                 cmp     ecx, esi
.text:0040BEBC                 jge     short loc_40BEC1
.text:0040BEBE                 add     ecx, 4
.text:0040BEC1
.text:0040BEC1 loc_40BEC1:                             ; CODE XREF:
start_search+21C j
.text:0040BEC1                 add     ecx, 1
.text:0040BEC4                 shl     ecx, 8
.text:0040BEC7                 mov     dword_66C49C, ecx
.text:0040BECD                 lea     ecx, [eax-2]
.text:0040BED0                 cmp     ecx, esi
.text:0040BED2                 jge     short loc_40BED7
.text:0040BED4                 add     ecx, 4
.text:0040BED7
.text:0040BED7 loc_40BED7:                             ; CODE XREF:
start_search+232 j
.text:0040BED7                 add     ecx, 1
.text:0040BEDA                 shl     ecx, 8
.text:0040BEDD                 add     eax, -3
.text:0040BEE0                 cmp     eax, esi
.text:0040BEE2                 mov     dword_66C4A0, ecx
.text:0040BEE8                 jge     short loc_40BEED
.text:0040BEEA                 add     eax, 4
.text:0040BEED
.text:0040BEED loc_40BEED:                             ; CODE XREF:
start_search+248 j
.text:0040BEED                 add     eax, 1
.text:0040BEF0                 shl     eax, 8
.text:0040BEF3                 mov     dword_66C4A4, eax
.text:0040BEF8                 xor     eax, eax
.text:0040BEFA                 lea     ebx, [ebx+0]
.text:0040BF00
.text:0040BF00 loc_40BF00:                             ; CODE XREF:
start_search+274 j
.text:0040BF00                 mov     killer1[eax], esi ; (Pos_info + i)->killer1 = 0;
.text:0040BF06                 mov     killer2[eax], esi ; (Pos_info + i)->killer2 = 0;
.text:0040BF0C                 add     eax, 32
.text:0040BF0F                 cmp     eax, 8192
.text:0040BF14                 jb      short loc_40BF00
.text:0040BF16                 mov     eax, 256
.text:0040BF1B                 mov     ecx, 768
.text:0040BF20                 mov     edi, offset History
.text:0040BF25                 rep stosd               ;
memset(History, 256, 12 * 64 * sizeof(int));
.text:0040BF27                 mov     eax, dword_667C40
.text:0040BF2C                 and     eax, dword_66C488
.text:0040BF32                 mov     ecx, dword_667C44
.text:0040BF38                 shl     eax, 4
.text:0040BF3B                 add     eax, dword_66C480
.text:0040BF41                 cmp     [eax], ecx
.text:0040BF43                 jnz     short loc_40BF4F
.text:0040BF45                 movzx   edx, word ptr [eax+4]
.text:0040BF49                 mov     dword_66C478, edx
.text:0040BF4F
.text:0040BF4F loc_40BF4F:                             ; CODE XREF:
start_search+2A3 j
.text:0040BF4F                 cmp     [eax+10h], ecx
.text:0040BF52                 jnz     short loc_40BF5E
.text:0040BF54                 movzx   edx, word ptr [eax+14h]
.text:0040BF58                 mov     dword_66C478, edx
.text:0040BF5E
.text:0040BF5E loc_40BF5E:                             ; CODE XREF:
start_search+2B2 j
.text:0040BF5E                 cmp     [eax+20h], ecx
.text:0040BF61                 jnz     short loc_40BF6D
.text:0040BF63                 movzx   edx, word ptr [eax+24h]
.text:0040BF67                 mov     dword_66C478, edx
.text:0040BF6D
.text:0040BF6D loc_40BF6D:                             ; CODE XREF:
start_search+2C1 j
.text:0040BF6D                 cmp     [eax+30h], ecx
.text:0040BF70                 jnz     short loc_40BF7B
.text:0040BF72                 movzx   eax, word ptr [eax+34h]
.text:0040BF76                 mov     dword_66C478, eax
.text:0040BF7B
.text:0040BF7B loc_40BF7B:                             ; CODE XREF:
start_search+2D0 j
.text:0040BF7B                 mov     eax, [ebp+num_moves]
.text:0040BF7E                 cmp     eax, 2
.text:0040BF81                 jb      loc_40C039
.text:0040BF87                 add     eax, -1
.text:0040BF8A                 mov     [ebp+var_8], eax
.text:0040BF8D                 js      loc_40C039
.text:0040BF93
.text:0040BF93 loc_40BF93:                             ; CODE XREF:
start_search+393 j
.text:0040BF93                 lea     ebx, ds:0[eax*4]
.text:0040BF9A                 mov     edi, list_root[ebx]
.text:0040BFA0                 cmp     edi, dword_66C478
.text:0040BFA6                 lea     edx, dword_66C074[ebx]
.text:0040BFAC                 jnz     short loc_40BFB5
.text:0040BFAE                 mov     ecx, 7FFFFFFFh
.text:0040BFB3                 jmp     short loc_40BFE1
.text:0040BFB5 ;
---------------------------------------------------------------------------
.text:0040BFB5
.text:0040BFB5 loc_40BFB5:                             ; CODE XREF:
start_search+30C j
.text:0040BFB5                 mov     ecx, edi
.text:0040BFB7                 and     ecx, 63
.text:0040BFBA                 mov     ecx, dword_667A90[ecx*4]
.text:0040BFC1                 test    ecx, ecx
.text:0040BFC3                 jz      short loc_40BFDF
.text:0040BFC5                 mov     esi, edi
.text:0040BFC7                 shr     esi, 6
.text:0040BFCA                 and     esi, 63
.text:0040BFCD                 shl     ecx, 4
.text:0040BFD0                 sub     ecx, dword_667A90[esi*4]
.text:0040BFD7                 add     ecx, 2147483391
.text:0040BFDD                 jmp     short loc_40BFE1
.text:0040BFDF ;
---------------------------------------------------------------------------
.text:0040BFDF
.text:0040BFDF loc_40BFDF:                             ; CODE XREF:
start_search+323 j
.text:0040BFDF                 xor     ecx, ecx
.text:0040BFE1
.text:0040BFE1 loc_40BFE1:                             ; CODE XREF:
start_search+313 j
.text:0040BFE1                                         ; start_search+33D j
.text:0040BFE1                 cmp     ecx, [edx]
.text:0040BFE3                 mov     esi, eax
.text:0040BFE5                 jnb     short loc_40C01F
.text:0040BFE7                 mov     eax, ebx
.text:0040BFE9                 lea     esp, [esp+0]
.text:0040BFF0
.text:0040BFF0 loc_40BFF0:                             ; CODE XREF:
start_search+37A j
.text:0040BFF0                 mov     ebx, dword_66BC74[eax]
.text:0040BFF6                 mov     edx, [edx]
.text:0040BFF8                 mov     list_root[eax], ebx
.text:0040BFFE                 mov     dword_66C070[eax], edx
.text:0040C004                 add     esi, 1
.text:0040C007                 lea     eax, ds:0[esi*4]
.text:0040C00E                 cmp     ecx, dword_66C074[eax]
.text:0040C014                 lea     edx, dword_66C074[eax]
.text:0040C01A                 jb      short loc_40BFF0
.text:0040C01C                 mov     eax, [ebp+var_8]
.text:0040C01F
.text:0040C01F loc_40C01F:                             ; CODE XREF:
start_search+345 j
.text:0040C01F                 sub     eax, 1
.text:0040C022                 mov     list_root[esi*4], edi
.text:0040C029                 mov     dword_66C070[esi*4], ecx
.text:0040C030                 mov     [ebp+var_8], eax
.text:0040C033                 jns     loc_40BF93
.text:0040C039
.text:0040C039 loc_40C039:                             ; CODE XREF:
start_search+2E1 j
.text:0040C039                                         ; start_search+2ED j

The interesting thing that I found is that for this piece of code, Rybka 1.0 is more similar to Fruit than Strelka. Here are the differences:
--Setjmp is called after the move generation, as in Fruit
--Something very strange: whereas in Strelka a failed setjmp call simply results in a return, in Rybka 1.0 it involves a function call, like in Fruit (there it is search_update_current()). The weird part is, it appears to be calling parse_position(). That is what the "call sub_4092E0" is for. Why would Rybka 1.0 be parsing the position after a setjmp call?
--The timer is started after the setjmp call
--depth is limited to 4 when there's only 1 legal move (commented out in Strelka, as noted in the other thread).
--I noted earlier that the history initialization was different. Strelka and Rybka 1.0 are the same here, using memset(History, 256, 12 * 64 * sizeof(int)); But what I didn't notice is, 256 is out of range for an unsigned char. So that code is the same as Fruit's memset(History, 0, 12 * 64 * sizeof(int)); Why would Rybka 1.0 have 256? Is it the optimizer gone wild, or a deliberate attempt at obfuscation?

Maybe not Bob...it gets lost fairly quickly.

[bob]

I would say "look here, your honor:"

http://www.talkchess.com/forum/viewtopi ... 67&t=23118

[chrisw]

[snip]
No commercial company with half a brain will publish software claiming total rights over it if not true. That's the overpowering evidence one that R3 is clean. Chessbase won't licence it unless absolutely certain it's clean. That's overpowering evidence two. Say anything else and you play with fire. imo.

I think I have first hand experience on this and I know that you are wrong.

If you need examples, Verizon sued by BusyBox developers. Redhat v SCO, Sun v Microsoft. These occur all the time because major players push software that isn't "squeaky clean." So it's hard to use Chessbase's intelligence as proof of anything concerning Rybka 3.

Maybe. Reverse engineering Rybka 3 will prove whether or not it contains GPL code. Everything else is just speculative and damaging.

Enrique

No, not everything is speculative.
There's a mountain of evidence that strleka 2.0 has hundreds and hundreds of lines of code that are identical or equivilent to code found in fruit 2.1. (this comparison can be made even by a casual user...the two sets of source code are freely available). a detailed comparison was presented here:
http://64.68.157.89/forum/viewtopic.php ... ht=strelka

There is also evidence that strelka 2.0 (both source code and binary) is identical to rybka 1.0 beta.

In addition Vas has confirmed that Strelka is indeed his.

? I think the conclusion is not difficult to ascertain...
rybka 1.0 beta is a derivative of fruit 2.1

i volunteer to stir the shit....

What if there's a completely innocent explanation?

The only possible "innocent explanation" would be "OK, I started by modifying fruit and I have modified the important parts, but didn't realize that the other parts would represent a problem". If you take any two chess programs on the planet, and compare the source, you are not going to find even a hundred lines of code that match exactly, much less a thousand or more. Unless they have a common ancestry, that is.

From Rybka forum, Vas states:

Maybe somebody can summarize the points.

Generally, code theft is easy to show - just show the two sections of identical code, side-by-side. There isn't much to debate in such cases. Rybka is of course original (with some accepted exceptions like bit scans & bit counters, etc). Strelka contains Rybka code. Whether Strelka also contains Fruit code, I don't know and don't really care.

If you want to show a problem with Rybka, put it, Rybka side by side with Fruit.

Did you see Z's post doing just that???

Well, I can see a bunch of assembler mnemonics, then what? It's Rybka? Where's the Fruit? Then I can see five points in english text of which the last point has had to be withdrawn on challenge.

So exactly what is Zach's listing saying when translated from Egyptian hieroglyphics?

The judge will ask you to go away and come back with both Fruit and Rybka side by side so he can see the similarities for himself.

He'll also ask the other side to comment. We've not seen this yet either.