Uninformed: Informative Information for the Uninformed

Vol 5» 2006.Sep


For the mere sake of simple illustration, several tools have been created for testing our code coverage theories. Some of the test cases have been exaggerated and are not real world examples. This testing implementation is broken down into three parts: Part I includes sending garbage to the device driver with dumb fuzzing; Part II will include smarter fuzzing; Part III is a breakdown of how an intelligent level of fuzzing helps improve code coverage while testing. First, a very simple device driver named pluto.sys was created for the purpose of this paper. It contains several blocks of code with decision based branching that will be fuzzed. The fuzzer will send iterations of random data to pluto.sys. After fuzzing has completed, a post-analysis tool will review executed code blocks within the driver. Part II will contain the same process as Part I, however, it will include an updated fuzzer based on our Part I post-analysis that will allow the driver to call into a previously unexecuted code region. Part III uses the data collected in Parts I and II as illustrative example of a proof of a beneficiary code coverage thesis.