Re: [gsoc] syscall/libc fuzzer proposal

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: [gsoc] syscall/libc fuzzer proposal
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sat, 20 Mar 2010 19:35:47 +0000

On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
 >> As a part of my work I would like to write a translator for C
 >> language and a small library. Their goal would be to detect
 >> integer overflows, stack overflows, problems with static array
 >> indexing, etc (when such occur during the program execution). It
 >> will enable me to uncover more bugs in the software.
 > 
 > What is the benefit of this when compared to existing static-analysis
 > tools such as Coverity Scan, splint, or the Clang static analyzer?  Will
 > this cover any cases they don't?  If so, which ones?

AIUI from chat, the idea is to increase the probability that if the
testing causes something bogus to happen, the bogus behavior will
result in an easily identifiable abort.

This seems like a valid line of reasoning; all the same, implementing
such a tool is a fairly big (and annoying) pile of grunt work. Plus
various variations on it have been done before. (Some of which might
be worth looking into, actually.)

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Thor Lancelot Simon
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Steven Bellovin
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Julio Merino

References:
- [gsoc] syscall/libc fuzzer proposal
  - From: Mateusz Kocielski
- Re: [gsoc] syscall/libc fuzzer proposal
  - From: Thor Lancelot Simon

Prev by Date: Re: [gsoc] syscall/libc fuzzer proposal
Next by Date: Re: [gsoc] syscall/libc fuzzer proposal
Previous by Thread: Re: [gsoc] syscall/libc fuzzer proposal
Next by Thread: Re: [gsoc] syscall/libc fuzzer proposal
Indexes:

Home | Main Index | Thread Index | Old Index