[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE-2017-14482 - Red Hat Customer Portal

From: Emanuel Berg
Subject: Re: CVE-2017-14482 - Red Hat Customer Portal
Date: Sun, 24 Sep 2017 08:47:35 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (gnu/linux)

Mario Castelán Castro wrote:

> You seem to be confused, verifying that
> a program is correct *requires* a model.
> Verifying the model is a different and
> separate task.

A very, very small fraction of programmers will
ever care to (or indeed be able to) create
a model of the program just to verify the model
and then verify that the model is in agreement
with the program - this is just insane to ask
of anyone, and it isn't realistic one bit to
ever be a practical alternative.

> Random testing is very inefficient because
> most inputs are garbage and are treated
> uniformly by the program under test.
> For example, feeding random input to
> a compiler will result almost surely in only
> ill-formed programs

To a compiler - ? This can be done with simple
shell tools that perform basic computation!

> But like I said, testing is fundamentally
> flawed. Testing can tell you that a program
> is defective, but not that a program is free
> from defects!

That's an intellectual excercise university
buffs do on toy/demo programs. But here, it is
not programming theory for space-fleet cadets
anymore, but a whole different domain, which
I like to call "reality".

underground experts united

reply via email to

[Prev in Thread] Current Thread [Next in Thread]