-
Burning in a Module with Random Unit Testing
Sometimes a class or subsystem makes us uneasy; when something goes wrong in our software, we’ll immediately suspect the shady module is somehow involved. Often this code needs to be scrapped or at least refactored, but other times it’s just immature and needs to be burned in. Randomized unit testing can help with this burn-in process,…
-
Slightly More Sensible Signed Left-Shifts in C11 and C++11
Left-shift of signed integers in C99, C11, and C++11 is difficult to use because shifting a 1 bit into or past the sign bit (assuming two’s complement, of course) is an undefined behavior. Many medium and large C and C++ programs do this. For example, many codes use 1<<31 for INT_MIN. IOC can detect this…
-
The Central Limit Theorem Makes Random Testing Hard
I believe that the central limit theorem provides a partial explanation for why it can be very difficult to create an effective random tester for a software system. Random testing is carpet bombing for software: the more of the system you can hit, the better it works. The central limit theorem, however, tells us that…
-
1500+ Bugs from One Fuzzer
This metabug links to all of the defects found in Firefox’s JavaScript engine by jsfunfuzz. The surprise here isn’t that bugs were found, but rather that more than 1500 bugs were found in a single language runtime by a single test case generator. I’m interested in exactly what is going on here. One possibility would be…
-
PLDI in Beijing
[nggallery id=53] PLDI 2012 was in Beijing earlier this week. Unfortunately I had only one full day to be a tourist; it would have been nice to bail out of the conference for another half day to see more stuff but that didn’t end up happening. My student Yang Chen went to college in Beijing and…
-
Announcing C-Reduce: A Better Test-Case Reducer for C/C++ Compiler Debugging
Test-case reduction means taking a large input to a computer program (for compiler debugging, the input is itself a program) and turning it into a much smaller input that still triggers the bug. It is a very important part of the debugging process. Delta, an excellent open-source implementation of the delta debugging algorithm ddmin, has been the test-case reduction…
-
Street Fighting Computer Science
One of my favorite recent books is Street Fighting Mathematics: a collection of techniques and heuristics for rapidly and roughly estimating the solutions to problems that may be very difficult to solve exactly. The book is important because estimation is incredibly useful for understanding the world and because our education system does not do a very…
-
Academic Bug-Finding Projects in the Long Run
A number of computer science researchers, including me, have made careers out of creating tools that automate, at least partially, the process of finding bugs in computer programs. Recent work like this can be found in almost any good systemsy conference proceedings such as SOSP, OSDI, ASPLOS, ICSE, or PLDI. Examples go back many years,…
-
Damn You, Zork II
Some significant part of my middle school years (age 11-14, roughly) was spent struggling with a couple of text adventure games and none of them was more tantalizing or frustrating than Zork II. In particular, the bank and baseball maze parts of this game completely stopped me, despite my large piles of notes and countless…
-
Recording a Class at Udacity
A good chunk of my time between the end of Spring semester and now was spent recording a class on software testing at Udacity. This piece isn’t a coherent essay but rather some random impressions and thoughts. The main questions are: What is an online course supposed to look like? How can we keep students…