[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] feature request: generate memory unsafe code



Perhaps for things like overflow, but not for memory safety.  I consider valgrind a dynamic tool, but it makes no guarantees about catching bugs.  I believe you've shown some examples where it misses certain cases.

-Chucky

On Wed, Jun 8, 2011 at 4:33 PM, John Regehr <regehr@cs.utah.edu> wrote:
Hi Chucky, I agree with your comment with respect to static analysis tools, but shouldn't all dynamic tools like yours find the same bugs?

John



On 6/8/11 2:31 PM, Chucky Ellison wrote:
I imagine you should be able to do the same kind of differential testing
you do for compilers.  Sadly, most analysis tools don't offer the kinds
of guarantees that compilers do, so it will be less "finding bugs" and
more "finding opportunities for growth".  Sign kcc up :)

-Chucky

On Wed, Jun 8, 2011 at 4:20 PM, John Regehr <regehr@cs.utah.edu
<mailto:regehr@cs.utah.edu>> wrote:

   This is a feature request I received, and also it's something I've
   wanted myself.

   The new feature is for Csmith to optionally ignore its safety
   analyses sometimes, in order to generate memory unsafety.  Obviously
   these features are turned off by default.  Probably there are three
   flags:

   - probability of ignoring possibly-null pointer when generating a
   dereference

   - probability of ignoring possibly-expired pointer when generating a
   dereference

   - probability of letting an array index go OOB

   The purpose of these features is to test static and dynamic memory
   safety checking tools.

   John