I imagine you should be able to do the same kind of differential testing
you do for compilers. Sadly, most analysis tools don't offer the kinds
of guarantees that compilers do, so it will be less "finding bugs" and
more "finding opportunities for growth". Sign kcc up :)
-Chucky
On Wed, Jun 8, 2011 at 4:20 PM, John Regehr <
regehr@cs.utah.edu
<mailto:
regehr@cs.utah.edu>> wrote:
This is a feature request I received, and also it's something I've
wanted myself.
The new feature is for Csmith to optionally ignore its safety
analyses sometimes, in order to generate memory unsafety. Obviously
these features are turned off by default. Probably there are three
flags:
- probability of ignoring possibly-null pointer when generating a
dereference
- probability of ignoring possibly-expired pointer when generating a
dereference
- probability of letting an array index go OOB
The purpose of these features is to test static and dynamic memory
safety checking tools.
John