[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Reporting 1.2K crashes

On Tue, Jun 25, 2013 at 1:28 PM, Alexandre Rebert wrote:

> We found the bugs using Mayhem [1], an automatic bug finding system
> that we've been developing in David Brumley's research lab for a
> couple of years. We recently ran Mayhem on almost all ELF binaries of
> Debian Wheezy (~23K binaries) [2], and it reported thousands of
> crashes.

Interesting project. Have you considered adding Mayhem to Debian so
that it may be added to the usual battery of tests some developers run
before uploads? Here is what I run:

http://wiki.debian.org/HowToPackageForDebian#Check_points_for_any_package

Are you aware of the firehose project and format that Fedora and some
Debian folks have been working on? It is a standard machine-readable
format for defect finding tools to report their findings so that sites
like the Debian PTS can report those to developers.

https://lists.fedoraproject.org/pipermail/devel/2012-December/175232.html
http://lists.fedoraproject.org/pipermail/firehose-devel/2013-February/000001.html
https://github.com/fedora-static-analysis/firehose
https://fedoraproject.org/wiki/StaticAnalysis

There are slow movements towards running various QA tools over the
whole Debian archive, if the above two items were addressed, Mayhem
could be included among the tools.

http://qa.debian.org/daca/

We should probably have a QA BoF at DebConf13 about this stuff.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise
Reply to: