AdaCore Blog

Paul Butcher

Paul Butcher

Paul is a Senior Software Engineer and AdaCore’s Lead Engineer in the UK for HICLASS. His role is to facilitate the delivery of research, design and implementation for the UK aerospace sector. Prior to joining AdaCore Paul was a consultant software engineer for 10 years working for UK aerospace companies such as Leonardo Helicopters, BAE Systems, Thales UK and QinetiQ. Before becoming a consultant Paul worked on the Typhoon platform and safety critical software developments in the rail sector for BAE Systems and military UAVs for Thales UK. Paul graduated from the University of Portsmouth with a Bachelor's Degree with Honours in Computing and a Higher National Diploma in Software Engineering.

2 entries written by Paul Butcher

by Paul Butcher

Finding Vulnerabilities using Advanced Fuzz testing and AFLplusplus v3.0

Some of you may recall an AdaCore blog post written in 2017 by Thales engineer Lionel Matias titled "Leveraging Ada Run-Time Checks with Fuzz Testing in AFL". This insightful post took us on a journey of discovery as Lionel demonstrated how Ada programs, compiled using GNAT Pro and an adapted assembler pass can be subjected to advanced fuzz testing. In order to achieve this Lionel demonstrated how instrumentation of the generated assembly code around jump and label instructions, could be subjected to grey-box (path aware) fuzz testing (using the original AFL v2.52b as the fuzz engine). Lionel explained how applying the comprehensive spectrum of Ada runtime checks, in conjunction with Ada's strong typing and contract based programming, enhanced the capabilities of fuzz testing beyond the abilities of other languages. Ada's advanced runtime checking, for exceptions like overflows, and the scrutiny of Ada's design by contract assertions allow corner case bugs to be found whilst also utilising fuzz testing to verify functional correctness.