crashme - test operating environment software robustness
[NBYTES] [SRAND] [NTRYS] [NSUB] [VERBOSE]
is a very simple program that tests the operating environment's
robustness by invoking random data as if it were a procedure. The standard
signals are caught and handled with a setjmp back to a loop which will try
again to produce a fault by executing random data. Some people call this
- The [NBYTES] should be an integer, specifying the
size of the random data string in bytes. If given negative then the bytes
are printed instead of being executed. If given with an explicit plus sign
then the storage for the bytes is freshly malloc'ed each time. This can
have an effect on machines with separate I and D cache mechanisms. The
argument can also have a dot in it, X.Y, in which case Y is a increment
for a pointer into the random data. The buffer is recalculated only when
the pointer gets near the end of the data.
The are two magic values for [NBYTES] : A value of 81920 avoids
malloc and returns a pointer to static data. This makes the operation of
crashme more repeatable on architectures where malloc is designed to
return unpredictable locations. A value of 1025 avoids a call that sets
the protection of the data to READ+WRITE+EXEC.
- The [SRAND] is an input seed to the random number
generator, passed to srand.
- The [NTRIES] is how many times to loop before
exiting normally from the program.
- The [NSUB] is optional, the number of vfork
subprocesses running all at once. If negative run one after another. If
given as a time hrs:mns:scs (hours, minutes, seconds) then one subprocess
will be run to completion, followed by another, until the time limit has
been reached. If this argument is given as the empty string or . then it
When in sequential-subprocess mode there is a 30 second time limit on each
subprocess. This is to allow the instruction-set-space random walk to
continue when a process bashes itself into an infinite loop. For example,
the ntrys can be bashed to a very large number with nbytes bashed to zero.
(10 second limit on Windows NT).
The SRAND argument is incremented by one for each subprocess.
- The [VERBOSE] arg is optional. 0 is the least
verbose, 5 the most.
- The CRASHLOG is the name of the file which the
parent process opens in write mode and all child processes open in append
mode. There is frequent flushing of the file but no locking, so the output
may be interleaved. If the operating system crashes then this file might
provide a short-cut to a more resent random number seed sequence to allow
for quicker finding of the special case that caused the crash.
- The CRASHPRNG can be set to RAND to use the
system-provided rand function, or MT to use the Mersenne twister (default)
as coded by Takuji Nishimura and Makoto Matsumoto, or VNSQ to use the
author's kludge interpretation of Von Neumann's middle-square method.
This is a suggested test, to run it for a least an hour.
crashme +2000 666 100 1:00:00
When a signal is caught the number and nature of the signal is indicated.
Setting the environment variable CRASHLOG will cause each subprocess to record
the arguments it was given.
Not all signals are caught, and the state of the user program/process
environment can be sufficiently damaged such that the program terminates
before going through all [NTRIES] operations.
If the architecture uses some kind of procedure descriptor but no special code
has been not been added to castaway() in crashme.c then the stress test will
not be as potent as it would otherwise be.
Beware: This program can crash your computer if the operating system or hardware
of same is buggy. User data may be lost.
George J Carrette. GJC@alum.mit.edu