[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Tue Mar 4 02:57:06 EST 2014
On 2014-03-04, 02:28, Sampo Syreeni wrote:
> But couldn't you basically parse the program flow of the emitting
> application, and guidedly mutate around every decision point within it?
> That's still within the definition of fuzzing, if I'm not entirely
> mistaken.
There are two problems that I have personally encountered in practice:
1. Languages like C or C++ are de-facto unparseable without
preprocessing. Real-world C and C++ code is full of things like
#if A
while (X) {
#else
while (Y) {
#endif
...
}
So there actually isn't something that you could call *the* program
flow. Strictly speaking, the program flow exists only for a specific
compilation environment.
2. Especially C++ is so full of "decision points" that it's hard to get
even 100% branch coverage on unit tests for even the simplest of
classes. Try it. There's just too much going on behind the scenes. The
assembler output of g++ is eye-watering.
That means that the number of "decision points" is so large that you get
a combinatorial explosion if you want to get every combination.
Best,
Stephan
More information about the cryptography
mailing list