[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] feature request: generate memory unsafe code

I imagine you should be able to do the same kind of differential testing you do for compilers.  Sadly, most analysis tools don't offer the kinds of guarantees that compilers do, so it will be less "finding bugs" and more "finding opportunities for growth".  Sign kcc up :)


On Wed, Jun 8, 2011 at 4:20 PM, John Regehr <regehr@cs.utah.edu> wrote:
This is a feature request I received, and also it's something I've
wanted myself.

The new feature is for Csmith to optionally ignore its safety analyses sometimes, in order to generate memory unsafety.  Obviously these features are turned off by default.  Probably there are three flags:

- probability of ignoring possibly-null pointer when generating a dereference

- probability of ignoring possibly-expired pointer when generating a dereference

- probability of letting an array index go OOB

The purpose of these features is to test static and dynamic memory safety checking tools.