danzin<p>Here's how lafleur works:</p><p>Starts from a corpus of seed files (generated by fusi)l. It runs each file and parses the JIT debug output to record micro ops (UOPs) and edges between them.</p><p>Then it applies mutations to these files and when a mutation results in a new UOP or edge, it adds the mutated file to the corpus.</p><p>All the while, it monitors the execution of these files for crashes.</p><p>And it's smart about which file to mutate next.</p><p>Simple, eh?</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a></p>
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.
Administered by:
Server stats:
293active users
veganism.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0-alpha.5
#fuzzer
0 posts · 0 participants · 0 posts today
danzin<p>One obvious thing from fuzzing the CPython JIT with the lafleur fuzzer is that finding crashes is much lower probability than fuzzing CPython with fusil.</p><p>Whenever fusil found a crash, it would find hits for it again and again pretty quickly.</p><p>With lafleur, we only got 3 hits (2 issues) in thousands of fuzzing hours.</p><p>I'm throwing more compute at it, but maybe we'll need to improve the core ideas to get better results.</p><p><a href="https://github.com/devdanzin/lafleur" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/devdanzin/lafleur</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a></p>
danzin<p>Reviewed the 3 PRs we got for lafleur: <a href="https://github.com/devdanzin/lafleur/pulls?q=is%3Apr" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/devdanzin/lafleur/p</span><span class="invisible">ulls?q=is%3Apr</span></a></p><p>All 3 marked as "good first issue". They've clear signs of being created by or with help from AI, like tentative code ("# do this in case... ") and removing docstrings. </p><p>Merged one and gave feedback on 2, including tips on how to get AI to fix their issues.</p><p>I might get unfollows for this, but I welcome AI generated code as long as it's good enough. In fact, AI made this project viable.</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a> <a href="https://mastodon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
danzin<p>Busy day, good day: the new CPython fuzzer lafleur found its first 2 crashes this morning! </p><p>Happiness only marred by the bad job I did reducing the testcases and making the reports reproducible. Thanks Brandt Bucher and and Ken Jin for the patience! Next bug reports will be more polished and reliable.</p><p>Also, we got 3 new PRs for the fuzzer but I didn't have time to review them, will have to leave that for tomorrow.</p><p><a href="https://github.com/devdanzin/lafleur/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/devdanzin/lafleur/</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a></p>
danzin<p>Launching a new project on a Sunday night: lafleur, a CPython JIT fuzzer.</p><p><a href="https://github.com/devdanzin/lafleur" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/devdanzin/lafleur</span><span class="invisible"></span></a></p><p>It's a feedback driven fuzzer (using JIT debug output) with corpus prioritization and JIT-targeted AST-based mutations. Calling it "evolutionary" may be a stretch, but sounds good.</p><p>It's also a fuzzer that so far hasn't found any crashes or bugs. Still working on that ;)</p><p>If you want to understand how it works, there is a good amount of docs.</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/Fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fuzzer</span></a> <a href="https://mastodon.social/tags/Fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fuzzing</span></a> <a href="https://mastodon.social/tags/JIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JIT</span></a></p>
danzin<p>Trying real hard to build a fuzzer targeting the CPython JIT, lots of features implemented but not a single crash or bug discovered so far.</p><p>Such is life when hunting for crashes in robust code.</p><p>This weekend I'll be spinning off a new fuzzer that grew from fusil. Wish me luck 🙂</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/JIT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JIT</span></a> <a href="https://mastodon.social/tags/Fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fuzzer</span></a> <a href="https://mastodon.social/tags/Fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fuzzing</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a> <a href="https://mastodon.social/tags/lafleur" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lafleur</span></a></p>
danzin<p>Happy to share the results of a fuzzing campaign targeting CPython that ran from Oct 2024 to May 2025. Using the fusil fuzzer, the goal was to find crashes and improve CPython's robustness.</p><p>I really like the results we got: the effort uncovered 52 unique crash-related issues. These reports approached 30% of all "type-crash" issues filed during that period. One of the crashes was classified as a Release Blocker, that was a nice result! :)</p><p>(1/5)</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a></p>
danzin<p>Do you maintain or contribute to a <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> package that includes a C extension? Would you like to run a fuzzer against it?</p><p>If so, let me know and I will run it, or help you to get it running. </p><p>The fuzzer is <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fusil</span></a>, which generates random code calling into your functions and methods. It's useful to check for crashes on invalid inputs or unexpected call patterns.</p><p>It has found about 50 crashes in <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CPython</span></a>, 20 in <a href="https://mastodon.social/tags/PyPy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PyPy</span></a>, 6 in <a href="https://mastodon.social/tags/Numpy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Numpy</span></a> etc.</p><p><a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/testing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>testing</span></a><br>See here:<br><a href="https://github.com/devdanzin/fusil/issues/37" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/devdanzin/fusil/iss</span><span class="invisible">ues/37</span></a></p>
VegansExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload