State-of-the-art binary code analysis tools
A few days ago I was working on the x86 IDA module. The goal was to have it recognize jump tables for 64-bit processors. This is routine: we have to add new instruction idioms to the analysis engine from time to time to keep up with new compilers. I was typing in the patterns and hoping that the tests would […]
There is no such thing as a bug free software. Today I stumbled on this: http://googleresearch.blogspot.com/2006/06/extra-extra-read-all-about-it-nearly.html This is an unfortunate and sad truth about programming: regardless of our efforts, software will have bugs; it will crash, it will burn, it will fail. At the same time there is a hope: http://alloy.mit.edu/ We desperately need code verification tools like […]
Quite busy week, sorry for being silent. I wanted to talk about an annoyance I discovered with all my C/C++ compilers. Here is quite interesting presentation from Halvar Flake: Attacks on uninitialized local variables After reading it I wanted to verify my compilers and created a small C file. I wanted to check if the compilers would warn […]
FOSDEM did not deceive me at all – just the contrary. There were many interesting things and the talk I liked the most was about valgrind. The very obvious idea after it was “why not develop a security scanner on the top of valgrind?”. Valgrind is a framework to develop simulation-based tools, and MemCheck is […]
Textbooks on software engineering prescribe to check preconditions at the beginning of a function. This is a really good idea: the sooner we detect that the input data or environment does not match our expectations, the easier it is to trace and debug the application. A nice function with precondition checking refuses to “work” if […]
The last week Ero Carrera in his blog linked to this spectacular site: