[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] feature request: generate memory unsafe code

On Wed, Jun 8, 2011 at 11:37 PM, Chucky Ellison <celliso2@illinois.edu> wrote:
> Perhaps for things like overflow, but not for memory safety.  I consider
> valgrind a dynamic tool, but it makes no guarantees about catching bugs.  I
> believe you've shown some examples where it misses certain cases.

Valgrind is handicapped because it works at the level of object code.
There is simply no excuse for a dynamic tool based on source-level
instrumentation not to be complete (i.e. to identify all bugs within
the tool's scope that lie on a trace it is executed on).
Examples of such tools (among many) are CCured
(http://hal.cs.berkeley.edu/ccured/ ), Fail-safe C
(https://staff.aist.go.jp/y.oiwa/FailSafeC/index-en.html ) and MSCC
(http://www.seclab.cs.sunysb.edu/mscc/ ).
Some approaches are more resilient than others with respect to
low-level code that makes assumption about the memory layout, but we
are talking about the kind of code that KCC does not always handle