Month: September 2013

  • Fuzzer Puzzle

    A recent post on the CERT/CC blog says: … BFF 2.7 and FOE 2.1 do have an optional feature that in our testing drastically increases the number of uniquely-crashing test cases: crasher recycling. When enabled, the frameworks will add [a] uniquely-crashing test case back into the pool of seed files for further fuzzing. When crashing…

  • Levels of Fuzzing

    Differential Testing for Software is one of my favorite papers about software testing: it is one of the few pre-delta-debugging papers to describe automated test-case reduction and it contains many pieces of wisdom about software testing in general and random testing in particular. One of them outlines a hierarchy of test case generation strategies: For…

  • Guidelines for Research on Finding Bugs

    There’s a lot of research being done on finding bugs in software systems. I do some of it myself. Finding bugs is attractive because it is a deep problem, because it’s probably useful work, and because — at least for some people — finding bugs is highly entertaining. This piece contains a few thoughts about…

  • Are Compilers Getting More or Less Reliable?

    Earlier this summer, Miod Vallat of the OpenBSD project posted some thoughts about compiler reliability. His thesis is that in the good old days of GCC 2.5 through 2.7, the compiler pretty much just worked and you could trust it to emit correct code. Subsequently, the level of code churn in GCC increased for several…

  • Jay

    Jay Lepreau died five years ago today; I wanted to share a few thoughts about him. In spring 2000 I had a year of school left. Sarah had graduated and gotten several job offers; Utah was one of them. This seemed like a bit of an odd choice for us except that Jay flew me…

  • Great Salt Lake Desert Road Trip

    A few weeks ago, Matthew Flatt and I took a short road trip to the area west of the Great Salt Lake. We arrived at the Bonneville Salt Flats before dawn. Unexpectedly, there were plenty of people out on the playa; it turned out to be “Speed Week” where drivers from all over the world…

  • Counting to 4 Billion Really Fast

    Before teaching today I wrote a silly program to make sure that the bitwise complement of any 32-bit value is equal to one less than the two’s complement negation of that value: When the program terminated without any perceptible delay, I figured there was a bug, but nope: the code is good. It turns out…

  • FizzBuzz Bugs

    It is said that an overwhelming majority of applicants for some programming jobs fail the FizzBuzz test. As part of a simple warmup exercise, I asked my computer systems class (a required course for CS majors, usually taken in the 3rd year) to implement FizzBuzz in C. The problem statement was, I think, the standard…