Found deep optimization bugs unlikely to be uncovered by other means
Very cool.
The slides don't make it clear whether the various bugs discovered ended up being covered by unit tests in the regular LLVM suite.
Does anybody remember in the mid 90s there was a 'crashme' program that could be used to fuzz test the Linux kernel? I recall looking for it again about 5 years ago and couldn't find references to it. Did that technique fall out of use?
I don't know specifically about the `crashme` tool but I can say that fuzzing is not a technique that has gone out of vogue. In fact it is standard security practice for finding ill defined behavior in programs for buffer overflows and other nasties. When you read the exacerbated cries of the security researchers who have been sitting on a critical IE/Firefox/Whatever bug they almost always scream something to the effect of "Why didn't they just use a fuzzer, it's easy to find these problems that way -- that's how I did it." I would like to give props to Google, their security teams have been diligent in running static analysis and fuzzing tools against their code (white box[1][2]/black box testing[3])
As always, Wikipedia is a great source for information on this one[4] and I can personally testify to OWASP's fuzzer if you're going after webpages (my last local OWASP that I went to was on fuzzing and was REALLY interesting)
Dave Jones has been fuzzing Linux system calls recently; here's one LWN article about the topic: http://lwn.net/Articles/414273/ . There are also some posts about more bugs he's discovered this way on his blog.
Very cool.
The slides don't make it clear whether the various bugs discovered ended up being covered by unit tests in the regular LLVM suite.
Does anybody remember in the mid 90s there was a 'crashme' program that could be used to fuzz test the Linux kernel? I recall looking for it again about 5 years ago and couldn't find references to it. Did that technique fall out of use?