[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] Using csmith for generating focussed crashes

Hi Ali, I can think of several ways to make this happen. If Xuejun is available to help a bit, perhaps he can direct you to the correct spot to generate a null pointer access or OOB array use.

If he isn't available, then I would recommend just finding a spot in the Csmith source code where an array index is generated, and then 1% of the time (or whatever), generate -1000 instead of whatever index Csmith wanted to generate. Of course not all such programs will crash, but some of them will.


On 12/11/20 9:27 AM, Ali Shuja Siddiqui (alissidd) wrote:

In our team at Cisco, we are looking towards making testcases for our crash analysis tools. Csmith is a useful tool for generating code for testing compilers. We are investigating different ways of generating binaries that would crash and result in a core dump. Csmith offers us a great base for this purpose.

I would like your feedback to get an idea and pointers on how to modify Csmith. Our goal is to generate C code using csmith that when compiled successfully and executed may result in a crash. Please also let me know of any known work that you may know of, already done in this regard.

Thank you,

Ali Shuja Siddiqui