From owner-freebsd-questions Tue Aug 19 05:11:10 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id FAA01224 for questions-outgoing; Tue, 19 Aug 1997 05:11:10 -0700 (PDT) Received: from adelphi.physics.adelaide.edu.au (adelphi.physics.adelaide.edu.au [129.127.36.247]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id FAA01166 for ; Tue, 19 Aug 1997 05:10:34 -0700 (PDT) Received: from bragg by adelphi.physics.adelaide.edu.au (5.65/AndrewR-930902) id AA28740; Tue, 19 Aug 1997 21:40:08 +0930 From: Kristian Kennaway Received: by bragg; (5.65/1.1.8.2/05Aug95-0227PM) id AA00353; Tue, 19 Aug 1997 21:40:08 +0930 Message-Id: <9708191210.AA00353@bragg> Subject: 'Fuzz testing' as method of debugging To: freebsd-questions@freebsd.org (FreeBSD Questions) Date: Tue, 19 Aug 1997 21:40:08 +0930 (CST) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Has anyone turned an eye towards conducting a systematic 'Fuzz test' of some of the various FreeBSD utilities, as outlined in the paper at http://www.cs.wisc.edu/~bart/fuzz/fuzz.html ? Basically, this method involves feeding the utility a stream of randomly-generated data, and trying to get it to crash - according to the authors, it may be a simple way to track down otherwise elusive buffer overrun or memory mismanagement bugs in the code. According to the results of the study, which was conducted several years ago now, Linux performed significantly better (ie less utilities of those tested spontaneously crashing. as opposed to exiting with a graceful error message) than all of the commercial Unices they tested. It would be interesting to see how FreeBSD fared in this regard, if only from the point of view of curiosity. What do people think? Kris