Literature references and annotations by Dick Grune, email@example.com.
Last update: Wed Mar 21 12:38:57 2012.
These references and annotations were originally intended
for personal use and are presented here only in the hope
that they may be useful to others.
There is no claim to completeness or even correctness.
Each annotation represents my understanding of the text
at the moment I wrote the annotation.
No guarantees given; comments and content criticism welcome.
A Bug Hunter's Diary,
No Starch Press,
Almost exactly what the title says: 7 reports of finding, exploiting and
reporting bugs in famous pieces of commercial software, for example Sun
Solaris, the FFmpeg multimedia library, and Active X.
Each report consists of four parts: how the bug was smoked out, how it was
exploited to gain kernel mode control of the machine, how it was remedied, and
what lessons were learned.
To someone who is more interested in preventing the bugs from creeping in in
the first place the book gives plenty of insight too.
Lessons learned: 1. almost all bugs are memory abuse; 2. check all incoming
date; 3. beware of implicit data conversions and casts.
Appendix A gives extensive bug hunting tips, and by holding them to a mirror
they turn into bug prevention tips.
Small gripe: it is a pity that the time lines are not to scale.
Generalized algorithmic debugging and testing,
in ACM SIGPLAN '91 Conf. Programming Language Design and Implementation,
ACM SIGPLAN Notices,
A system is described in which the programmer is led to the bug by
repeatedly answering questions about the correctness of procedure returns