Dailydave: RE: Today's thought

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

RE: Today's thought

From: "Chris Eagle" <cseagle () redshift com>
Date: Thu, 27 May 2004 03:48:53 -0700

Halvar et al wrote:

Hey all,

There are a lot of companies getting funding right now that do source
code analysis, varying from fancy regexp matching on gcc's preprocessor
output to real AST generation and inspection. No interfunction value
tracking (similar to code coverage in that people underestimate its'
usefulness in these scenarios) yet, as far as I know, though.


IIRC Coverity has interfunction value tracking -- if you hook at the AST
layer in GCC, it should not be _that_ hard
to pull off, and I am quite surprised that @stake's product doesn't seem
to do it (as far as I can infer from the examples they showed). Ahwell,
there's going to be v2 soon I assume.


Dave failed to mention that he was quoted in this article:

http://news.com.com/Will+code+check+tools+yield+worm-proof+software%3F/2100-
1002_3-5220488.html?tag=nefd.lede

Coverity and @stake cited as well.

Chris

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Today's thought Dave Aitel (May 25)
- Re: Today's thought Halvar Flake (May 25)
- Re: Today's thought Matt Hargett (May 26)
  - Re: Today's thought Halvar Flake (May 26)
    - RE: Today's thought Chris Eagle (May 27)
    - Re: Today's thought Dave Aitel (May 27)
    - Re: Today's thought Dave Aitel (May 27)
    - Re: Today's thought Matt Hargett (May 27)
    - Re: Today's thought Halvar Flake (May 27)
    - Re: Today's thought Matt Hargett (May 29)