There's another researcher, Zhengyu Liu, who's been finding CPython crashes (mostly use-after-free) at breakneck speed (19 in 5 days!): https://github.com/python/cpython/issues?q=is%3Aissue%20author%3Ajackfromeast

Not sure about what technique they're using, but their site states they they favor "leveraging program analysis approaches to detect/exploit/patch vulnerabilities in real-world complex applications and systems".

Their reports are comprehensive, with great presentation and details.

https://jackfromeast.github.io/

#CPython #Python #Crash

There's a researcher, Jiang Yuancheng, who's doing a great work finding CPython crashes and memory leaks: https://github.com/python/cpython/issues?q=is%3Aissue%20author%3AYuanchengJiang

They've come up with a very clever idea for a new way of fuzzing, made a fine tool out of it, and are reaping great results.

Fuzzing can be a diminishing returns endeavor: you only have so many bugs to find. Their approach has shown itself to cover different areas and kinds of issues well, as shown by their track record.

#CPython #Python #Fuzzer #Fuzzing #fusil

niklas-heer/speed-comparison: A repo which compares the speed of different programming languages.
https://github.com/niklas-heer/speed-comparison

This projects tries to compare the speed of different #programming languages. It uses an implementation of the Leibniz formula for π to do the comparison.

Notably:
- #Julia is the only dynamically-typed languages amoung the top tier, only ~28ms slower from #Cpp (#Clang).
- #Rust got a huge boost with nightly compiler (it is said that hand-written SIMD is used?)
- #Go tops in 3rd tier (very crowded 0.8s~1s)
- #PyPy and #Haskell (#GHC) are very closed (~1s), preceding #Racket, beating #Python (#NumPy) by a lot (~1.2s)
- The slowest is #CPython (~86s)

#Math #ScientificComputing

🚀 Seu app Python "incha" a memória misteriosamente? Desvende o Garbage Collector do CPython: refcounting + GC geracional, ciclos traiçoeiros, tuning de thresholds que corta latência 20-50%!

Exemplos reais, benchmarks e gc.collect() na prática. Evite OOMs em prod AGORA! 💾🔥

👉 https://bolha.blog/riverfount/desvende-o-segredo-do-garbage-collector-do-python-evite-vazamentos-e-otimize

#Python #GarbageCollector #CPython #Memoria #DevOps #FastAPI

BREAKING: #CPython 3.13.10 and 3.14.1 changed the multiprocessing message format in patch release. As a result, programs using multiprocessing may break randomly if they are running while #Python is upgraded (i.e. need restarting).

But apparently it's not a big deal, since all the cool kids are running Python in containers, and nobody is using Python for system tools anymore. Everything has been RIIR-ed and Python is only omnipresent in some backwaters like #Gentoo.

https://github.com/python/cpython/issues/142206

🔒 #Python #security news:

We're going to start disabling the commit bit (aka write access) to the #CPython repo for inactive core team members.

https://discuss.python.org/t/regularly-disabling-unused-commit-access-to-the-cpython-repo/105010

I proposed this after a security discussion at last year's #LanguageSummit:

https://pyfound.blogspot.com/2024/06/python-language-summit-2024-python-security-model-after-xz.html

Disabling the commit bit has no impact on core team status, nor Steering Council voting status, and you can easily ask for it back again.

It turns out that, by running it on an interpreter with ASan enabled, I was the culprit of my fuzzer lafleur using way too much memory.

That even led to me buying some DDR5 to be able to fuzz a bit more comfortably. Running without ASan reduces memory usage to 1/15. So I guess now I'll have some spare RAM, and less money, going forward :)

I'll enhance the JIT fuzzer to run on a different interpreter than the fuzzing scripts, which benefit from ASan.

#lafleur #Python #CPython #fuzzer #fuzzing