danzin<p>Another tidbit from the report I'm writing about <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fusil</span></a>:</p><p>The 52 issues filled correspond roughly to 30% of all the crashes (issues with "type-crash" label) and 2% of all issues (features requests, bugs and invalid issues) reported in the <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPython</span></a> issue tracker during the six months period covered by the report.</p><p>Hits and new issues don't appear at a steady pace. It seems that there are long periods of no or nearly no new issues, followed by rapid finding of new results.</p><p><a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a></p>
Recent searches
No recent searches
Search options
Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.
Administered by:
Server stats:
62active users
lingo.lol: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#fusil
0 posts · 0 participants · 0 posts today
danzin<p><a href="https://mastodon.social/tags/Fusil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fusil</span></a> works by generating source files with random calls, using interesting arguments, then monitoring their execution and output. It usually finds crashes resulting from the processing of invalid objects and unexpected call patterns.</p><p>Fusil was created by <span class="h-card" translate="no"><a href="https://mamot.fr/@vstinner" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vstinner</span></a></span>.</p><p>Features added by me include running generated code in parallel threads, testing class instances in addition to classes and functions, and using new interesting objects/values as inputs.</p><p><a href="https://github.com/issues/created?q=is%3Aissue%20author%3Adevdanzin%20-repo%3Adevdanzin%2Ffusil%20fusil%20%20sort%3Acreated-asc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/issues/created?q=is</span><span class="invisible">%3Aissue%20author%3Adevdanzin%20-repo%3Adevdanzin%2Ffusil%20fusil%20%20sort%3Acreated-asc</span></a></p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzing</span></a></p>
danzin<p>Writing about <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fusil</span></a>. Some bits:</p><p>Fuzzing <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPython</span></a> with fusil shows it to be a valuable tool for finding and fixing crashers. It started in October 2024 and is ongoing, using free tier cloud instances and personal computers.</p><p>Results:<br>- Fuzzing time: > 25.000 hours<br>- Fuzzing sessions: > 1.000.000 <br>- Hits: > 50.000<br>- Issues filled: 52</p><p>The original design of fusil makes it well-suited for fuzzing CPython, finding both deep, relevant bugs as well as shallow, low value crashes.</p><p><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzing</span></a></p>
danzin<p>Do you maintain or contribute to a <a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> package that includes a C extension? Would you like to run a fuzzer against it?</p><p>If so, let me know and I will run it, or help you to get it running. </p><p>The fuzzer is <a href="https://mastodon.social/tags/fusil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fusil</span></a>, which generates random code calling into your functions and methods. It's useful to check for crashes on invalid inputs or unexpected call patterns.</p><p>It has found about 50 crashes in <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPython</span></a>, 20 in <a href="https://mastodon.social/tags/PyPy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PyPy</span></a>, 6 in <a href="https://mastodon.social/tags/Numpy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Numpy</span></a> etc.</p><p><a href="https://mastodon.social/tags/fuzzing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzing</span></a> <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzer</span></a> <a href="https://mastodon.social/tags/testing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>testing</span></a><br>See here:<br><a href="https://github.com/devdanzin/fusil/issues/37" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/devdanzin/fusil/iss</span><span class="invisible">ues/37</span></a></p>
danzin<p>We're up to 30 <a href="https://mastodon.social/tags/CPython" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPython</span></a> crashers found using <a href="https://mastodon.social/tags/Fusil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fusil</span></a> this year, about 90% of them considered valid.</p><p>In 2008, I had reported 5 cases using the same <a href="https://mastodon.social/tags/fuzzer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuzzer</span></a>, 4 of which were release blockers.</p><p><span class="h-card" translate="no"><a href="https://mamot.fr/@vstinner" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vstinner</span></a></span>, Fusil's creator, also reported a bunch of issues with it.</p><p>After running for a while (on free AWS and Oracle cloud tiers), crash hits are getting harder to find.</p><p>We need new fuzzing inputs. Feel free to suggest improvements that could find new crashers.</p><p><a href="https://github.com/devdanzin/fusil" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/devdanzin/fusil</span><span class="invisible"></span></a><br><a href="https://mastodon.social/tags/Python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Python</span></a> <a href="https://mastodon.social/tags/Fuzzing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fuzzing</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload