crashme(1) test operating environment software robustness




crashme is a very simple program that tests the operating environment's robustness by invoking random data as if it were a procedure. The standard signals are caught and handled with a setjmp back to a loop which will try again to produce a fault by executing random data. Some people call this stress testing.


The [NBYTES] should be an integer, specifying the size of the random data string in bytes. If given negative then the bytes are printed instead of being executed. If given with an explicit plus sign then the storage for the bytes is freshly malloc'ed each time. This can have an effect on machines with separate I and D cache mechanisms. The argument can also have a dot in it, X.Y, in which case Y is a increment for a pointer into the random data. The buffer is recalculated only when the pointer gets near the end of the data.

The are two magic values for [NBYTES] : A value of 81920 avoids malloc and returns a pointer to static data. This makes the operation of crashme more repeatable on architectures where malloc is designed to return unpredictable locations. A value of 1025 avoids a call that sets the protection of the data to READ+WRITE+EXEC.

The [SRAND] is an input seed to the random number generator, passed to srand.
The [NTRIES] is how many times to loop before exiting normally from the program.
The [NSUB] is optional, the number of vfork subprocesses running all at once. If negative run one after another. If given as a time hrs:mns:scs (hours, minutes, seconds) then one subprocess will be run to completion, followed by another, until the time limit has been reached. If this argument is given as the empty string or . then it is ignored.

When in sequential-subprocess mode there is a 30 second time limit on each subprocess. This is to allow the instruction-set-space random walk to continue when a process bashes itself into an infinite loop. For example, the ntrys can be bashed to a very large number with nbytes bashed to zero. (10 second limit on Windows NT).

The SRAND argument is incremented by one for each subprocess.

The [VERBOSE] arg is optional. 0 is the least verbose, 5 the most.


The CRASHLOG is the name of the file which the parent process opens in write mode and all child processes open in append mode. There is frequent flushing of the file but no locking, so the output may be interleaved. If the operating system crashes then this file might provide a short-cut to a more resent random number seed sequence to allow for quicker finding of the special case that caused the crash.

The CRASHPRNG can be set to RAND to use the system-provided rand function, or MT to use the Mersenne twister (default) as coded by Takuji Nishimura and Makoto Matsumoto, or VNSQ to use the author's kludge interpretation of Von Neumann's middle-square method.


This is a suggested test, to run it for a least an hour.

crashme +2000 666 100 1:00:00




When a signal is caught the number and nature of the signal is indicated. Setting the environment variable CRASHLOG will cause each subprocess to record the arguments it was given.


Not all signals are caught, and the state of the user program/process environment can be sufficiently damaged such that the program terminates before going through all [NTRIES] operations.

If the architecture uses some kind of procedure descriptor but no special code has been not been added to castaway() in crashme.c then the stress test will not be as potent as it would otherwise be.

Beware: This program can crash your computer if the operating system or hardware of same is buggy. User data may be lost.


2.8.5 6-AUG-2014