tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [gsoc] syscall/libc fuzzer proposal



Thor Lancelot Simon wrote:
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
As a part of my work I would like to write a translator for C language and a
small library. Their goal would be to detect integer overflows, stack overflows,
problems with static array indexing, etc (when such occur during the program
execution). It will enable me to uncover more bugs in the software.

What is the benefit of this when compared to existing static-analysis
tools such as Coverity Scan, splint, or the Clang static analyzer?  Will
this cover any cases they don't?  If so, which ones?

If not, I don't think this adds any benefit to your proposal and is likely
to simply be a distraction; I'd urge you in that case to drop it.

Strongly seconded. There are so many great ways to improve NetBSD and
wasting time and money on fuzzing is about as suboptimal as it gets.

-e.



Home | Main Index | Thread Index | Old Index