
Goto Fail, Heartbleed, and Unit Testing Culture - wheresvic1
https://martinfowler.com/articles/testing-culture.html
======
0db532a0
Are there any tools that you can just run on binaries to find unreachable
code?

~~~
zimpenfish
(I'm no mathematician/logician/expert but) wouldn't that be akin to solving
the Halting Problem for that binary? You could simulate it, I suppose, but
you'd have to simulate every possible input (presumably "loads") and possibly
the entire state of the machine as well (if it interacts with the outside
world to any great extent.)

Simplest plan is probably to simulate the binary and throw a combination of
valid and fuzzed inputs to get an idea of which paths are taken; then you
-might- be able to figure out what combination of inputs and events could lead
to the bits you've not hit already.

~~~
0db532a0
These things exist for languages like C. In my imagination, completely unbased
in real experience, it would not be too much harder to do for ASM. Just look
at the comparisons, calls and jumps.

~~~
zimpenfish
> These things exist for languages like C.

Isn't that at the compiler level rather than binary though? It's definitely a
lot easier when you're compiling, yes!

~~~
0db532a0
It is at the compiler level, but there is no reason that the same methods
cannot be applied to binaries. Here's a paper I found from 2004 on static
analysis of x86 executables:
[http://pages.cs.wisc.edu/~bgogul/Research/Papers/cc04.pdf](http://pages.cs.wisc.edu/~bgogul/Research/Papers/cc04.pdf).

