[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [csmith-dev] feature request: generate memory unsafe code
On Wed, Jun 8, 2011 at 11:37 PM, Chucky Ellison <firstname.lastname@example.org> wrote:
> Perhaps for things like overflow, but not for memory safety. I consider
> valgrind a dynamic tool, but it makes no guarantees about catching bugs. I
> believe you've shown some examples where it misses certain cases.
Valgrind is handicapped because it works at the level of object code.
There is simply no excuse for a dynamic tool based on source-level
instrumentation not to be complete (i.e. to identify all bugs within
the tool's scope that lie on a trace it is executed on).
Examples of such tools (among many) are CCured
(http://hal.cs.berkeley.edu/ccured/ ), Fail-safe C
(https://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html ) and MSCC
Some approaches are more resilient than others with respect to
low-level code that makes assumption about the memory layout, but we
are talking about the kind of code that KCC does not always handle