Re: "Back with another one of those block rockin' beats"

[Ben Nagy <ben () iagu net>]

On Tue, Nov 2, 2010 at 11:18 AM, Michael Eddington <meddington () gmail com> wrote:
> I'm curious, how long does your coverage trace of winword.exe with a 20
> page or so word document take?  My own PIN based coverage tools take a
> long time (minutes), which makes doing coverage of 10,000 files take a
> while :)

Yep, also in the order of minutes (<2 for a reasonably simple, but not
trivial, document, probably more for bigger ones).

We have 64 cores available, though, with the current setup, which
makes it much less of an issue, since the problem parallelises well.
For this reason, we've done no speed optimisation at all. We could
improve the speed by tracing at a higher level (functions, for
example), and also by not instrumenting code in modules we don't care
about - only tracing in wwlib, mso and a few others for instance. I'm
hoping that a 'few tens of thousands' of files will put us at a point
where the average coverage return per new file is more or less nil.

We'll obtain and share some better metrics very soon. As Halvar
pointed out, obtaining the coverage is not, in itself, the hard bit.
The questions we're interested in are 'how much coverage do random
files give you', 'how many files is enough' and 'does it actually make
much difference'.

Cheers,

ben
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave