But only if we like the domain of your email address.

cut my heap into pieces, this is my crash report:
allocation, no alignment
don't give a fuck if it faults on assignment
this is fatal abort()

I love this. I've been using dwarf data for a while now (I think the design space of "you have source, but you'd rather do binary analysis with dwarf on debug builds"-tools is kinda under explored). But I never treated dwarf as a database format to safe results in.

Seems like Atropos does most of that too - i.e. automatically inferring some kind of "spec" in a way - it just doesn't use OpenAPI, I think? (except for also having coverage feedback & snapshot).

What's the delta between this and Atropos? Not limited to PHP?

Have been making the exact same experience - tried very hard to use perplexity pro for a couple of days, hardly ever found a problem easy enough for the AI to solve, with some outlandishly easy things failing even on claude etc.

Now, if someone combines this paper with www.usenix.org/conference/u... (which already some similar stuff) I would totally expect that fuzzing outperforms static analysis on web-app security issues just as harshly as we know it to outperform static analysis on the native side.

Next thing: a bunch of 'em go all "shocked pikatchu"over the realisation that there's a ton of ADHD and/or Autistic folks in CS 🤣

And those that aren't, are usually friends with quite a few of those that are ...

Check out ghostcell: plv.mpi-sws.org/rustbelt/gho... with the presentation: www.youtube.com/watch?v=jIbu... for a way to make 0 overhead, proven safe, cyclic datastructures with actual references in rust.

arxiv.org/abs/2502.12115 can't argue with the science on that one: LLM's are solving almost 60% of the manager tasks, but only 40% of SWE tasks :P