tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [gsoc] syscall/libc fuzzer proposal

On Sat, Mar 20, 2010 at 07:35:47PM +0000, David Holland wrote:
> On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
>  >> As a part of my work I would like to write a translator for C
>  >> language and a small library. Their goal would be to detect
>  >> integer overflows, stack overflows, problems with static array
>  >> indexing, etc (when such occur during the program execution). It
>  >> will enable me to uncover more bugs in the software.
>  > 
>  > What is the benefit of this when compared to existing static-analysis
>  > tools such as Coverity Scan, splint, or the Clang static analyzer?  Will
>  > this cover any cases they don't?  If so, which ones?
> AIUI from chat, the idea is to increase the probability that if the
> testing causes something bogus to happen, the bogus behavior will
> result in an easily identifiable abort.

Again, I would like to understand why such an abort would be more
"easily identifiable" by some newly written tool than by one of the
ones I listed above, which have been around for a long time.

Home | Main Index | Thread Index | Old Index