Blog

An interesting SSL implementation bug: CVE-2013-5914
Pascal Cuoq on 23 February 2014

SSL in the news SSL is a protocol for point-to-point confidential and authenticated communication over an insecure medium. It is the protocol behind HTTPS, among many other uses. In an Internet-connected system, the SSL implementation stands at the frontier between the system and the hostile outside world. For this reason,...

Read More

Assertions
Pascal Cuoq on 4 February 2014

Jesse Ruderman on assertions and fuzzing Jesse Ruderman has published a blog post on assertions and how they complement fuzzing. Key quote: “Fuzzers make things go wrong. Assertions make sure we find out.” Readers of this blog are accustomed to me talking about differential testing where a reference result (say...

Read More

Bear-joke security is dead
Pascal Cuoq on 24 January 2014

Likely, you have heard this one before: Two campers are surprised by an angry bear. One of them starts putting on eir running shoes. Surprised the other exclaims “What are you doing Alex? You can't outrun a bear!” To which Alex replies: “I don't have to outrun the bear. I...

Read More

Post-conditions and names of arguments
Pascal Cuoq on 17 January 2014

In an ACSL post-condition, any reference to the name of one of the function's arguments is assumed to refer to the initial value of the argument. /* ensures arg == 1; */ void f(int arg) { arg = 1; } For instance, in function f above, Frama-C's value analysis plug-in...

Read More

Improving the world for 2014, one programmer at a time
Pascal Cuoq on 20 December 2013

I move that all computing devices be equipped with a small explosive charge, set to explode when someone refers someone else to Goldberg's What Every Computer Scientist Should Know About Floating-Point Arithmetic without the referrer emself having read it. It would not have to be lethal. I could be content...

Read More