Frama-C The recent posts on extremely minor undefined behaviors in zlib neatly tie in with a discussion on John Regehr's blog about the future-proofitude of C and C++. Another insightful post in this regard is this one by Derek Jones. Derek claims that the situation is different for proprietary compilers with...
Read MoreRobert Graham, of the blog Errata Security, predicts that “vulnerabilities in Acrobat Reader Adobe Flash and Java today […] will be announced and patched in 2013”. As fate would have it he could safely have included Internet Explorer 8 in his list of software products used by millions to process...
Read MoreA remark I have not heard about the last two posts is the following. Pascal, how can you, in your last post claim that formal verification would have found the bug in your decimal-to-floating-point function? This is the kind of outrageous claim you rant against in your penultimate post! Formal...
Read MoreAn old rant: misusing Ariane 5 in motivation slides I was lucky to be an intern and then a PhD student at INRIA, while it was still called “INRIA” (it is now called “Inria”). This was about when researchers at INRIA and elsewhere were taken to task to understand the...
Read MoreBruce Schneier is, among other things, the author of the blog Schneier on Security. He is also one of the co-authors of the Skein cryptographic hash function the SHA-3 contestant being verified in Frama-C's value analysis tutorial in the manual and then on this blog. I feel silly introducing him...
Read More