Sergey Bronnikov
@estet
Followers
589
Following
850
Media
621
Statuses
7K
Buidling @TarantoolDB. I make software suck less: software quality, testing, and verification. Writing to @openbsdnow and https://t.co/ccSm1xODGX.
Joined December 2007
Видеозапись доклада "Винил снова в моде, или История дискового движка в Tarantool" https://t.co/uLTGzTQ9O3
0
1
1
Just got the first actual PyPy JIT optimizer bug that Z3 found! And it spits out a nice example of values that show the miscompilation. The bug is again about integer overflow, but this time it is in the common subexpression elimination (CSE) logic.
@johnregehr And the first bugs are rolling in! I hooked up our random trace IR generator with the optimizer and the tiny Z3 equivalence checker. Found and fix three of them now. Amusingly the bugs were all assertion failures in the optimizer, so that we didn't even reach Z3.
1
2
15
I'm trying to reflect on bugs that I find, particularly those that I introduced myself. Will add them to this thread:
2
5
22
Now blog post by @cfbolz: 'Finding Simple Rewrite Rules for the JIT with Z3' How to use the Z3 API to find simple rewrites of integer operations, such as x & 0 -> 0 https://t.co/mbEGj8r04k
pypy.org
In June I was at the PLDI conference in Copenhagen to present a paper I co-authored with Max Bernstein. I also finally met John Regehr, who I'd been talking on social media for ages but had never met.
0
10
36
A distributed systems reliability glossary https://t.co/aQzBFOXGvr
antithesis.com
A list of key concepts for building and testing reliable distributed systems, with basic definitions and deep references.
0
0
0
Sharing slides and video for my keynote at OSS EU'24: "Securing the software commons: Standards, Automation, and AI for a Resilient Open Source Future" Slides: https://t.co/XmMfjeo6QX Video:
1
9
38
I'm happy to announce the release of a new open-source library we've been working on: Go library for structure-aware fuzzing, designed as an analogue to libprotobuf-mutator. Fuzz your gRPC APIs and integrate into SSDLC. https://t.co/fVUYuaVaGF
#fuzzing #go #grpc #ssdlc
github.com
This is a go-protobuf-mutator library for random value mutations. This is a Go equivalent of libprotobuf-mutator, which is implemented in C++. - yandex-cloud/go-protobuf-mutator
0
1
1
I’ve posted a mid-year update for my GCC translation validation tool, smtgcc, to the GCC mailing list: https://t.co/J1FlZYAdlu
0
2
11
Видеозапись моего доклада на PHDays 2025 "Фаззинг как основа эффективной разработки на примере LuaJIT" https://t.co/ioIbP5xXSx Слайды:
0
0
2
There's been a recent addition to the list, thanks to @estet. A bug in a preliminary version of a Software Transactional Memory (STM) algorithm.
0
2
4
"Model Checking Futexes", to be presented at SPIN, part of @ETAPSconf, in April. Joint with Hugues Evrard. Shows how model checking can be used to understand the mind-blowing (for me!) subtleties of futex-based synchronisation primitives. https://t.co/ksLWLA3nAI
0
4
11
Excited to present new(?) approach to #fuzzing where one doesn't need to write fuzz functions. Wanna fuzz all binaries on github - no problem. Just give the fuzzer binaries to test. No false positives & 100% fidelity. Blender: whole-program fuzzing: https://t.co/K0ZQw2L1As
7
66
217
Выложили видео моего доклада про реализацию поддержки фаззинга Lua-скриптов, чтобы тестировать сервер приложений в СУБД Tarantool. https://t.co/4zwk3HJ50D
0
1
3
My blog post about #fuzzing #go project golang/image: https://t.co/36RtuAMlBR 0. Changing existing fuzz target to find new bugs. 1. Approach for code coverage collection after fuzzing with go-fuzz libFuzzer. 2. Go panic triage with #casr. 3. Fix:
github.com
OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software. - ispras/oss-sydr-fuzz
0
4
5
This tweet is for FUZZING enthusiasts !! Our research group at NUS ( https://t.co/JCVXCHKLRK) is looking for practitioners and researchers to take this survey about software testing: https://t.co/AP3KNPcM3F We'll donate $5 USD to Doctors Without Borders (up to 100 responses)!
lnkd.in
This link will take you to a page that’s not on LinkedIn
0
10
20
Announcing Semgrep’s beta support for Rust https://t.co/Ao4Z8S9zSh
semgrep.dev
Programming language, or cult following?
0
1
2
luzer: A coverage-guided, native Lua fuzzing engine by @estet
https://t.co/A3oRrZjnOr
#lua #programming #security #testing
https://t.co/t1H0Nhn4rP
github.com
A coverage-guided, native Lua fuzzing engine. Contribute to ligurio/luzer development by creating an account on GitHub.
0
2
4
Fuzzilli ( https://t.co/5dt002FZht), the great coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language built by @5aelo, is finally documented in a paper. You can find the paper at
ndss-symposium.org
Fascinating discussion ongoing in Fuzzing session at #NDSS23: FUZZILLI: Fuzzing for JavaScript JIT Compiler Vulnerabilities.
1
27
83
We’re seeking an OCaml software engineer to develop the software ecosystem and smart contract language of an open-source blockchain platform. Learn more:
serokell.io
We’re seeking an OCaml software engineer to develop the software ecosystem of an open-source blockchain platform and its smart contract language. Apply and get a remote job at Serokell.
0
6
17