-
Draft Paper about Integer Overflow
Last Spring I had a lucky conversation. I was chatting with Vikram Adve, while visiting the University of Illinois, and we realized that we working on very similar projects — figuring out what to do about integer overflow bugs in C and C++ programs. Additionally, Vikram’s student Will and my student Peng had independently created…
-
Hacked
As people probably noticed, lately someone hacked my WordPress installation and turned this blog into a pharmaceutical link farm. I asked Dreamhost for help and they sent me sort of a friendly “have fun fixing that!” message, but they did run an automated scan indicating that something was wrong with my wp-config.php file. Sure enough,…
-
Overflows in SafeInt
Update from Friday 9/23: The SafeInt developers have already uploaded a new version that fixes the problems described in this post. Nice! I have a minor obsession with undefined behaviors in C and C++. Lately I was tracking down some integer overflows in Firefox — of which there are quite a few — and some…
-
Better Random Testing by Leaving Features Out
[I wrote this post, but it describes joint work, principally with Alex Groce at Oregon State.] This piece is about a research result that I think is genuinely surprising — a rare thing. The motivating problem is the difficulty of tuning a fuzz tester, or random test case generator. People like to talk trash about…
-
Google House
Although I use Google Earth fairly often, I generally leave “3D buildings” turned off since my machines tend to have the crappiest possible graphics cards. But the other day I randomly turned it on and was surprised to find that Salt Lake City is now heavily populated with building models, even including some residential neighborhoods.…
-
Fuzzing Linux Kernel Modules?
I’ve been thinking about what would be the best way to fuzz-test a Linux kernel module, for example a filesystem. Of course this can be done in the context of a live kernel, but for a variety of reasons I’d prefer to run the LKM in user space. At the source level, the interface to…
-
Online University
Yesterday someone in my department’s main office got a request from a student to receive credit for taking the now-infamous free online AI course from Stanford. It is routine for a university to award transfer credit for a course taken at a different school, but this case is trickier since a student taking the AI…
-
Mt Nebo
Over Labor Day weekend I climbed Mount Nebo, highest point in the Wasatch Range at 11,929′, with Dave Hanscom and Bill Stenquist. Dave has run me into the ground before and Bill came close to winning the Wasatch 100 a couple of times — so I should have known something was up when we met…
-
A Fire Upon The Deep — Retrospective and E-book
Over the last few weeks I read A Fire Upon The Deep, surely one of the top five works of computer science fiction. The proximate reason for the re-read was the upcoming release of a sequel, Children of the Sky, which I am impatiently awaiting. I read the “special edition” which contains about 1500 of…