Sanitizing and fuzzing your C/C++ code for security and stability
Kostya Serebryany
Abstract:
The talk will give an overview of various dynamic testing tools for C and C++. The sanitizers (AddressSanitizer, etc) allow you to find memory corruption bugs, races, uses of uninitialized memory, leaks, and more. libFuzzer is a coverage-guided evolutionary fuzzing engine -- it finds inputs that touch the darkest corners of your code.
All these tools are opensource and are part of the LLVM compiler tool chain: clang.llvm.org/docs/AddressSanitizer.html clang.llvm.org/docs/ThreadSanitizer.html clang.llvm.org/docs/MemorySanitizer.html clang.llvm.org/docs/LeakSanitizer.html clang.llvm.org/docs/UndefinedBehaviorSanitizer.html llvm.org/docs/LibFuzzer.html
Bio:
Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a M.S. from msu.ru. https://research.google.com/pubs/KonstantinSerebryany.html