-
Status of Software Testing
The other day I received a query from some software engineering researchers who are compiling sort of a survey paper about the status of software testing research; here are the questions, with my answers. I’m interested to hear what the rest of you think about this stuff. What do you think are the most significant…
-
Writing Solid Code Week 2
First, I wanted to thank everyone for the great discussion on the post about week 1. My single favorite thing about blogging is the discussion and involvement that these posts sometimes generate. During week 2 we worked on issues relating to the triangle classifier. As several commenters predicted, getting correct results using floating point code…
-
Writing Solid Code Week 1
This semester I’m teaching a new undergraduate course called Writing Solid Code. The idea is to take a lot of lessons I’ve learned on this subject — testing, debugging, defensive coding, code reviews, etc. — and try to teach it. Since I don’t have any slides or even any lecture notes that are good enough…
-
Finding Wrong-Code Bugs in the Wild
Compiler developers already have some decent ways to find bugs: a self-hosting compiler won’t bootstrap if it’s too buggy any serious compiler has a test suite commercial compiler validation suites are available random testcase generators like Csmith and CCG can expose subtle bugs Of course, these tests don’t find all of the bugs. The remaining bugs…
-
C-Reduce and Frama-C
Yesterday Pascal wrote a nice article addressing practical issues in automated testcase reduction. One issue is that C-Reduce tends to give you what you asked for instead of what you really wanted. Of course, this problem is a common one when performing algorithmic searches. Beyond computer science, the same problem comes up in basically every…
-
Informative Assertion Failures
The other day a student was asking me how to make assertion failures in software more informative. I told him there are two pretty easy ways to do this. First, define a customized assert that takes two arguments: the predicate and also a description. For example, in the Botan crypto library we see lines like…
-
Safe, Efficient, and Portable Rotate in C/C++
Rotating a computer integer is just like shifting, except that when a bit falls off one end of the register, it is used to fill the vacated bit position at the other end. Rotate is used in encryption and decryption, so we want it to be fast. The obvious C/C++ code for left rotate is:…
-
Integer Undefined Behaviors in Open Source Crypto Libraries
Crypto libraries should be beyond reproach. This post investigates integer-related undefined behaviors found in crypto code written in C/C++. Undefined behavior (UB) is bad because according to the standards, it destroys the meaning of any program that executes it. In practice, over the last decade compilers have become pretty smart about exploiting integer undefined behaviors…
-
A New Compiler Fuzzing Paper
Google Scholar’s recommendation engine has turned out to be a great resource for learning about new papers. Recently this paper about compiler fuzzing turned up in my feed and I was hooked after noticing that they claim to find a lot more compiler bugs during a 12-hour fuzzing run than Csmith can find. The work…
-
Producing Good Software From Academia
Writing and maintaining good software from academia isn’t easy. I’ve been thinking about this because last week my student Yang Chen defended his thesis. While I’m of course very happy for him, I’m also depressed since Yang’s departure will somewhat decimate the capacity of my group to rapidly produce good code. Yang looked over my…