Advice on "Comprehensive test suite"
pombredanne at nexb.com
Fri Mar 6 14:15:38 UTC 2015
On Thu, Mar 5, 2015 at 1:30 AM, Kai Zhao <loverszhao at gmail.com> wrote:
> I am Kai Zhao, and I am a third-year graduate student in Beijing
> University of Posts and Telecommunications, China.
Welcome to strace!
> I am eager to take the "Comprehensive test suite" project for I have related
> C/C++ : Strong (I have coded more than 100 thousand lines in
> two project)
> Fuzz Testing: My graduation project is about Fuzz Testing, and I have
> 2 year experience in Fuzz Testing, for my
> internships involves Fuzz Testing in industry
> security at Siemens from 2012 to 2014.
> Thank you for give me some advice on the project.
You seem to be experienced with fuzzing indeed.
I think there are two tracks that could be covered in this domain:
- fuzzing strace function calls at the unit level. Even though this
may be best covered by carefully hand crafted unit tests, a small dose
of fuzzing may help.
- fuzzing system calls and ensure that strace can keep up and trace
these alright (assuming the kernel would not crash..)
Looking at something like Dave Jones' trinity might help there.
PS: please do not post HTML to the list. Use only plain text.
List members will at best consider HTML as annoying and at worst as
plain rude and bad manners.
More information about the Strace-devel