Frama-C Do two jobs, and do them well In the previous post, I used the command: $ cat log? | grep \N " | sort | uniq This may be an inefficient way to get a list of unique lines containing "N ". The command sort does not know that it...
Read MoreIntroduction In the first post in the obfuscated animated donut series my colleague Anne pointed out that: The alarm about : assert \valid(". -~:;=!*#$@"+tmp_7); seems strange because the analysis tells us that tmp_7 ∈ [0..40] at this point... How can this be valid ? It is only safe to use...
Read MoreThis post documents the steps I followed in order to finish verifying function compute(), picking up from there. Previously on this blog In last episode we had found that some sub-cubes in the search space appeared to lead to dangerous value sets for variable N. These sets were: N ∈...
Read MoreHey, I left out one alarm last time: donut.c:15 ... out of bounds read. assert \valid(". -~:;=!*#$@"+tmp_7); This corresponds to ". -~:;=!*#$@"[N>0?N:0] in the obfuscated code. I wanted to have a blog post about this construct in particular because I was curious whether it would break the content management system's...
Read MoreThis post follows that post. It is a brief survey of the alarms obtained when analyzing donut.c such as a programmer might do when ey is only trying to find bugs or in the context of verification as a first step to get an estimate on the difficulty of the...
Read More