[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] feature request: generate memory unsafe code

Hi Chucky, I agree with your comment with respect to static analysis tools, but shouldn't all dynamic tools like yours find the same bugs?


On 6/8/11 2:31 PM, Chucky Ellison wrote:
I imagine you should be able to do the same kind of differential testing
you do for compilers.  Sadly, most analysis tools don't offer the kinds
of guarantees that compilers do, so it will be less "finding bugs" and
more "finding opportunities for growth".  Sign kcc up :)


On Wed, Jun 8, 2011 at 4:20 PM, John Regehr <regehr@cs.utah.edu
<mailto:regehr@cs.utah.edu>> wrote:

    This is a feature request I received, and also it's something I've
    wanted myself.

    The new feature is for Csmith to optionally ignore its safety
    analyses sometimes, in order to generate memory unsafety.  Obviously
    these features are turned off by default.  Probably there are three

    - probability of ignoring possibly-null pointer when generating a

    - probability of ignoring possibly-expired pointer when generating a

    - probability of letting an array index go OOB

    The purpose of these features is to test static and dynamic memory
    safety checking tools.