On Mon, Mar 29, 2010 at 03:05:18AM +0200, Darren Reed wrote:
> Mateusz,
>
> Now that NetBSD has dtrace (FBT) for the kernel, have you thought
> about how you might use write mode in dtrace to simulate failure?
>
> Is there value in introducing specific dtrace probes (once we have
> SDT probes) to
Mateusz,
Now that NetBSD has dtrace (FBT) for the kernel, have you thought
about how you might use write mode in dtrace to simulate failure?
Is there value in introducing specific dtrace probes (once we have
SDT probes) to support fuzzing?
Are further changes required, such as allowing longer sl
On Sat, Mar 20, 2010 at 08:53:12PM +0200, Mateusz Kocielski wrote:
> 2010/3/20 Thor Lancelot Simon :
> > What is the benefit of this when compared to existing static-analysis
> > tools such as Coverity Scan, splint, or the Clang static analyzer? Will
> > this cover any cases they don't? If so, wh
Hello,
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
> (Eg.
>
> int foo() { char d[10]; int i; i = 5; return d[i] }
>
> will be translate into:
>
> int foo() { char d[10]; int i; int _x; i = 5; _x = i; if ( _x < 0 ||
> _x > 9 ) ERROR();
> return d[_x]; }
> )
I've se
On Sat, Mar 20, 2010 at 06:38:57PM -0500, David Young wrote:
> On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
> > 4. What are my main goals?
> >
> > * write syscall/libc fuzzer
> > * develop additional tools to fuzzer environment
> > * cover as much project code as possible dur
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
> As a part of my work I would like to write a translator for C language and a
> small library. Their goal would be to detect integer overflows, stack
> overflows,
> problems with static array indexing, etc (when such occur during
On Sat, Mar 20, 2010 at 08:53:12PM +0200, Mateusz Kocielski wrote:
> 2010/3/20 Thor Lancelot Simon :
> > What is the benefit of this when compared to existing static-analysis
> > tools such as Coverity Scan, splint, or the Clang static analyzer? ?Will
> > this cover any cases they don't? ?If so, wh
On Sat, Mar 20, 2010 at 07:35:47PM +, David Holland wrote:
> On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
> >> As a part of my work I would like to write a translator for C
> >> language and a small library. Their goal would be to detect
> >> integer overflows, stack
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
> 4. What are my main goals?
>
> * write syscall/libc fuzzer
> * develop additional tools to fuzzer environment
> * cover as much project code as possible during testing
Mateusz,
I'm going to seize on one of your goals, sorry. :-
On Mar 20, 2010, at 3:35 PM, David Holland wrote:
> On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
>>> As a part of my work I would like to write a translator for C
>>> language and a small library. Their goal would be to detect
>>> integer overflows, stack overflows, proble
On Sat, Mar 20, 2010 at 03:40:33PM -0400, Elad Efrat wrote:
If not, I don't think this adds any benefit to your proposal and
is likely to simply be a distraction; I'd urge you in that case
to drop it.
>>>
>>> Strongly seconded. There are so many great ways to improve NetBSD and
On Sat, Mar 20, 2010 at 3:24 PM, David Holland wrote:
> On Sat, Mar 20, 2010 at 01:54:49PM -0400, Elad Efrat wrote:
>> Thor Lancelot Simon wrote:
>>> If not, I don't think this adds any benefit to your proposal and is likely
>>> to simply be a distraction; I'd urge you in that case to drop it.
>>
On Sat, Mar 20, 2010 at 7:35 PM, David Holland wrote:
> [... description of translator ...]
>
> AIUI from chat, the idea is to increase the probability that if the
> testing causes something bogus to happen, the bogus behavior will
> result in an easily identifiable abort.
>
> This seems like a va
On Sat, Mar 20, 2010 at 12:40:12PM -0400, Thor Lancelot Simon wrote:
>> As a part of my work I would like to write a translator for C
>> language and a small library. Their goal would be to detect
>> integer overflows, stack overflows, problems with static array
>> indexing, etc (when such occu
On Sat, Mar 20, 2010 at 01:54:49PM -0400, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
>> If not, I don't think this adds any benefit to your proposal and is likely
>> to simply be a distraction; I'd urge you in that case to drop it.
>
> Strongly seconded. There are so many great ways to improve
2010/3/20 Thor Lancelot Simon :
> What is the benefit of this when compared to existing static-analysis
> tools such as Coverity Scan, splint, or the Clang static analyzer? Will
> this cover any cases they don't? If so, which ones?
Undecidability is the limit for static-analysis. Consider follow
On Sat, Mar 20, 2010 at 2:31 PM, Jordan Gordeev wrote:
> On 3/20/10 7:54 PM, Elad Efrat wrote:
>>
>> Strongly seconded. There are so many great ways to improve NetBSD and
>> wasting time and money on fuzzing is about as suboptimal as it gets.
>
> Please, list some of them.
Sure.
We need to finis
On 3/20/10 7:54 PM, Elad Efrat wrote:
Strongly seconded. There are so many great ways to improve NetBSD and
wasting time and money on fuzzing is about as suboptimal as it gets.
Please, list some of them.
On Sat, 20 Mar 2010, Mateusz Kocielski wrote:
...your ideas?
Reminds me of 1991's crashme: http://crashme.codeplex.com/
The idea sounds more like a research project to me...
- Hubert
Thor Lancelot Simon wrote:
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
As a part of my work I would like to write a translator for C language and a
small library. Their goal would be to detect integer overflows, stack overflows,
problems with static array indexing, etc (wh
On Sat, Mar 20, 2010 at 05:32:28PM +0200, Mateusz Kocielski wrote:
>
> As a part of my work I would like to write a translator for C language and a
> small library. Their goal would be to detect integer overflows, stack
> overflows,
> problems with static array indexing, etc (when such occur duri
On Sat, Mar 20, 2010 at 3:32 PM, Mateusz Kocielski
wrote:
> Hi,
>
> My proposal is to write syscall/libc fuzzer, i've written down my thoughts,
> please let me know what you think about it. I would appreciate your feedback.
> I'm open for any ideas or comments.
>
> 1. What is fuzzing?
>
> Fuzz tes
Hi,
My proposal is to write syscall/libc fuzzer, i've written down my thoughts,
please let me know what you think about it. I would appreciate your feedback.
I'm open for any ideas or comments.
1. What is fuzzing?
Fuzz testing is a software testing technique that provides random/invalid data
to
23 matches
Mail list logo
