Tag Archives: donut

Penultimate donut post: the function compute() is safe
Pascal Cuoq on 19 September 2011

Do two jobs, and do them well In the previous post, I used the command: $ cat log? | grep \N " | sort | uniq This may be an inefficient way to get a list of unique lines containing "N ". The command sort does not know that it...

Read More

Probably safe donut
Pascal Cuoq on 17 September 2011

Introduction In the first post in the obfuscated animated donut series my colleague Anne pointed out that: The alarm about : assert \valid(". -~:;=!*#$@"+tmp_7); seems strange because the analysis tells us that tmp_7 ∈ [0..40] at this point... How can this be valid ? It is only safe to use...

Read More

Safe donut
Pascal Cuoq on 16 September 2011

This post documents the steps I followed in order to finish verifying function compute(), picking up from there. Previously on this blog In last episode we had found that some sub-cubes in the search space appeared to lead to dangerous value sets for variable N. These sets were: N ∈...

Read More

Donut gibberish
Pascal Cuoq on 7 August 2011

Hey, I left out one alarm last time: donut.c:15 ... out of bounds read. assert \valid(". -~:;=!*#$@"+tmp_7); This corresponds to ". -~:;=!*#$@"[N>0?N:0] in the obfuscated code. I wanted to have a blog post about this construct in particular because I was curious whether it would break the content management system's...

Read More

Animated donut: quickly sorting out alarms
Pascal Cuoq on 29 July 2011

This post follows that post. It is a brief survey of the alarms obtained when analyzing donut.c such as a programmer might do when ey is only trying to find bugs or in the context of verification as a first step to get an estimate on the difficulty of the...

Read More