Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @dvyukov
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @dvyukov
-
Dmitry Vyukov Retweeted
99 smartphones are transported in a handcart to generate virtual traffic jam in Google Maps. Through this activity, it is possible to turn a green street red which has an impact in the physical world by navigating cars on another route!
#googlemapshacks http://www.simonweckert.com/googlemapshacks.html …pic.twitter.com/6KcMm1XgAF
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dmitry Vyukov Retweeted
We are working hard on the next edition
#kr2020. You can sponsor it and be part of our supporters. Have a look on the flyer! https://kernel-recipes.org/en/2019/2020-sponsorship/ …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dmitry Vyukov Retweeted
In the rare event where a manual fix wasn't already covered by Respectre, all such cases are investigated and the plugin's static analysis is improved to provide the necessary coverage
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dmitry Vyukov Retweeted
We expect to be already covered for most if not all of these Spectre v1/L1TF issues: https://lore.kernel.org/lkml/1580408442-23916-1-git-send-email-pbonzini@redhat.com/ … Part of the work we do involves comparing manual upstream fixes to our verbose Respectre instrumentation logs.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I want strange: C/C++ editor to revert func order on load&revert back on save so that I dont start with least important noise, scroll down and then read backwards You cant unsee how unnatural doing everything backwards once worked in lang with no "lets save 1 parsing pass" legacy
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Though, the code base is clean of compiler warnings and _some_ static analysis warnings. Which makes sense.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Interesting note re static analysis (SA): "SA hasn't been helpful in finding bugs in SQLite. SA has found a few bugs in SQLite, but those are the exceptions. More bugs have been introduced into SQLite while trying to get it to compile without warnings than have been found by SA"
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Measuring and knowing your test coverage +1 Lots of dynamic analysis +1 (though I am surprised to see Valgrind but not ASAN) Release checklists and tracking +1 (no "our release is all broken, but we did not even know")
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Their fault injection approach is similar to systematic fault injection we use in syzkaller for
#linux kernel: https://lore.kernel.org/patchwork/patch/774420/ … That's the way for testing error paths. Lots of different fuzzers +1 Just one is never enough. Also continuous fuzzing on OSS-Fuzz.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
4.1.4.third-party fuzzers 4.2.Malformed DB Files 4.3.Boundary Value Tests 5.Regression Testing 6.Automatic Resource Leak Detection 7.Test Coverage 7.6.Mutation testing 8.Dynamic Analysis 8.2.Valgrind 8.4.Mutex Asserts 8.6.Undefined Behavior Checks 10.Checklists 11.Static Analysis
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Just some excerpts: 2. Test Harnesses 3. Anomaly Testing 3.1. Out-Of-Memory 3.3. Crash Testing 4. Fuzz Testing 4.1. SQL Fuzz 4.1.1. AFL 4.1.2. OSS Fuzz 4.1.4. third-party fuzzers ...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I am impressed by
#SQLite testing approach, breadth, methodology and investment: https://www.sqlite.org/testing.html It's very important that there are OSS projects that set such examples. There is always something to improve, but I think nobody will object that that's good level of testingShow this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dmitry Vyukov Retweeted
Every developer: we need to implement an email alert system to notify us if production crashes Every developer after the first crash: how do we turn off these email alerts?
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Throw in with 692 more repros for
#linux kernel bugs: https://github.com/dvyukov/syzkaller-repros/commit/6a06992209c328a3115c89c020f45b844b103573 … Russian Roulette variation: you pick one of these, compile and run on your physical desktop/laptop; if it does not panic, your opponent picks one, and so on. (say, an out-of-bounds read may not crash)https://twitter.com/dvyukov/status/1186989280637456384 …Thanks. Twitter will use this to make your timeline better. UndoUndo -
This KCOV extension by Andrey allows syzkaller to collect coverage from background kernel threads e.g. parsing incoming USB packets and unambiguously associate it with one of multiple parallel test processes running. To some degree unique for fuzzing coverage. Moar bugs coming!https://twitter.com/andreyknvl/status/1221784089340121088 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Absence of context (no expand btn) in changes only exacerbates the problem. If you look at actual proposed change https://patchwork.kernel.org/patch/11256477/ No mention of rcu, so why would reviewer even start thinking about the potential problem? There are known solutions to this problem as well...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
That is no way to make it part of process and scale it. That would not just immediately prevent the bug, but prevent the whole class of bugs in all 20 MLOC with guarantees, cheaply and scalably. But that can't be bolted onto the project on the side, by few volunteers...
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Coverity detects these, Clang ThreadSafetyAnalysis too. But tools are smaller part of solution. Integration into process is more important. But again kernel doesn't have real notion of changes, no infra to run analysis, no way to make anybody use it, no way to block submit, etc..
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
What I'm thinking reading this sad story of crit remote vuln introduced into all
#linux LTS kernels and still unfixed (now in your kernel)- this "forgot to release lock" is mostly solved problem today with static analysis. Kernel absolutely needs it as part of the dev process 1/nhttps://twitter.com/grsecurity/status/1220351582405042176 …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dmitry Vyukov Retweeted
Nice talk about CFI in the Linux kernel by
@kees_cook Slides: https://outflux.net/slides/2020/lca/cfi.pdf … Video:https://www.youtube.com/watch?v=0Bj6W7qrOOI …Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.