Month: April 2013

  • Memory Safe C/C++: Time to Flip the Switch

    For a number of years I’ve been asking: If the cost of memory safety bugs in C/C++ codes is significant, and if solutions are available, why aren’t we using them in production systems? Here’s a previous blog post on the subject and a quick summary of the possible answers to my question: The cost of…

  • Reading Code

    Reading code is an important skill that doesn’t get enough emphasis in CS programs. There are three main aspects: the external view of the code: documentation, comments, APIs, white papers, information from developers, etc. the static view: reading the code like a book the dynamic view: reading the code as it executes, probably with help from…

  • Labyrinth Rims

    The Green River’s Labyrinth Canyon begins south of the town of Green River UT; the Labyrinth Rims refers to the area of BLM land on either side of this canyon. We spent four days in this somewhat isolated area of the San Rafael Desert without seeing any other people except for a group in the…

  • Fuzzers Need Taming

    [This post explains a paper that we recently made available; it’s going to be presented at PLDI 2013.] Random testing tools, or fuzzers, are excellent at finding bugs that human testers miss. A particularly important use case for fuzzing is finding exploitable bugs, and companies such as Google use clusters to do high-throughput fuzzing. Whether…

  • Stochastic Superoptimization

    “Stochastic Superoptimization” is a fancy way to say “randomized search for fast machine code.” It is also the title of a nice paper that was presented recently at ASPLOS. Before getting into the details, let’s look at some background. At first glance the term “superoptimization” sounds like nonsense because the optimum point is already the best one.…