[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [gsoc] syscall/libc fuzzer proposal
On Sat, Mar 20, 2010 at 07:35:47PM +0000, David Holland wrote:
> On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
> >> As a part of my work I would like to write a translator for C
> >> language and a small library. Their goal would be to detect
> >> integer overflows, stack overflows, problems with static array
> >> indexing, etc (when such occur during the program execution). It
> >> will enable me to uncover more bugs in the software.
> > What is the benefit of this when compared to existing static-analysis
> > tools such as Coverity Scan, splint, or the Clang static analyzer? Will
> > this cover any cases they don't? If so, which ones?
> AIUI from chat, the idea is to increase the probability that if the
> testing causes something bogus to happen, the bogus behavior will
> result in an easily identifiable abort.
Again, I would like to understand why such an abort would be more
"easily identifiable" by some newly written tool than by one of the
ones I listed above, which have been around for a long time.
Main Index |
Thread Index |