Re: [gsoc] syscall/libc fuzzer proposal

To: Mateusz Kocielski <m.kocielski%gmail.com@localhost>
Subject: Re: [gsoc] syscall/libc fuzzer proposal
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sat, 20 Mar 2010 12:40:12 -0400

On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
> 
> As a part of my work I would like to write a translator for C language and a
> small library. Their goal would be to detect integer overflows, stack 
> overflows,
> problems with static array indexing, etc (when such occur during the program
> execution). It will enable me to uncover more bugs in the software.

What is the benefit of this when compared to existing static-analysis
tools such as Coverity Scan, splint, or the Clang static analyzer?  Will
this cover any cases they don't?  If so, which ones?

If not, I don't think this adds any benefit to your proposal and is likely
to simply be a distraction; I'd urge you in that case to drop it.

Thor

Follow-Ups:
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: David Holland
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Mateusz Kocielski
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Elad Efrat

References:
- [gsoc] syscall/libc fuzzer proposal
  - From: Mateusz Kocielski

Prev by Date: Re: config(5) break down
Next by Date: Re: config(5) break down
Previous by Thread: Re: [gsoc] syscall/libc fuzzer proposal
Next by Thread: Re: [gsoc] syscall/libc fuzzer proposal
Indexes:

Home | Main Index | Thread Index | Old Index