[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [csmith-dev] Using csmith for generating focussed crashes

To: "Ali Shuja Siddiqui (alissidd)" <alissidd@cisco.com>, "csmith-dev@flux.utah.edu" <csmith-dev@flux.utah.edu>
Subject: Re: [csmith-dev] Using csmith for generating focussed crashes
From: John Regehr <regehr@cs.utah.edu>
Date: Fri, 11 Dec 2020 10:46:48 -0700
Cc: "Ivan Baev \(ibaev\)" <ibaev@cisco.com>
In-reply-to: <BN8PR11MB365230487D76756D0E377560CDCA0@BN8PR11MB3652.namprd11.prod.outlook.com>
List-archive: </listarchives/csmith-dev>
List-help: <mailto:csmith-dev-request@flux.utah.edu?subject=help>
List-id: Csmith Development Mailing List <csmith-dev.flux.utah.edu>
List-post: <mailto:csmith-dev@flux.utah.edu>
List-subscribe: <http://www.flux.utah.edu/mailman/listinfo/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=subscribe>
List-unsubscribe: <http://www.flux.utah.edu/mailman/options/csmith-dev>, <mailto:csmith-dev-request@flux.utah.edu?subject=unsubscribe>
References: <BN8PR11MB365293C833BAF776996EB232CDCB0@BN8PR11MB3652.namprd11.prod.outlook.com> <BN8PR11MB365230487D76756D0E377560CDCA0@BN8PR11MB3652.namprd11.prod.outlook.com>
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.16; rv:78.0) Gecko/20100101 Thunderbird/78.5.1

Hi Ali, I can think of several ways to make this happen. If Xuejun isavailable to help a bit, perhaps he can direct you to the correct spotto generate a null pointer access or OOB array use.

If he isn't available, then I would recommend just finding a spot in theCsmith source code where an array index is generated, and then 1% of thetime (or whatever), generate -1000 instead of whatever index Csmithwanted to generate. Of course not all such programs will crash, but someof them will.


John


On 12/11/20 9:27 AM, Ali Shuja Siddiqui (alissidd) wrote:

Hello,
In our team at Cisco, we are looking towards making testcases for ourcrash analysis tools. Csmith is a useful tool for generating code fortesting compilers. We are investigating different ways of generatingbinaries that would crash and result in a core dump. Csmith offers us agreat base for this purpose.
I would like your feedback to get an idea and pointers on how to modifyCsmith. Our goal is to generate C code using csmith that when compiledsuccessfully and executed may result in a crash. Please also let me knowof any known work that you may know of, already done in this regard.
Thank you,

Ali Shuja Siddiqui

Follow-Ups:
- Re: [csmith-dev] Using csmith for generating focussed crashes
  - From: "Ali Shuja Siddiqui (alissidd)" <alissidd@cisco.com>

References:
- [csmith-dev] Using csmith for generating focussed crashes
  - From: "Ali Shuja Siddiqui (alissidd)" <alissidd@cisco.com>

Prev by Date: [csmith-dev] Using csmith for generating focussed crashes
Next by Date: Re: [csmith-dev] Using csmith for generating focussed crashes
Previous by thread: [csmith-dev] Using csmith for generating focussed crashes
Next by thread: Re: [csmith-dev] Using csmith for generating focussed crashes
Index(es):
- Date
- Thread