[Cryptography] The GOTO Squirrel! [was GOTO Considered Harmful]

Stephan Neuhaus stephan.neuhaus at tik.ee.ethz.ch
Tue Mar 4 02:57:06 EST 2014

On 2014-03-04, 02:28, Sampo Syreeni wrote:
> But couldn't you basically parse the program flow of the emitting
> application, and guidedly mutate around every decision point within it?
> That's still within the definition of fuzzing, if I'm not entirely
> mistaken.

There are two problems that I have personally encountered in practice:

1. Languages like C or C++ are de-facto unparseable without
preprocessing. Real-world C and C++ code is full of things like

#if A
  while (X) {
  while (Y) {

So there actually isn't something that you could call *the* program
flow. Strictly speaking, the program flow exists only for a specific
compilation environment.

2. Especially C++ is so full of "decision points" that it's hard to get
even 100% branch coverage on unit tests for even the simplest of
classes. Try it. There's just too much going on behind the scenes. The
assembler output of g++ is eye-watering.

That means that the number of "decision points" is so large that you get
a combinatorial explosion if you want to get every combination.



More information about the cryptography mailing list