GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Pierre H. (madcoder@infosec.exchange)'s status on Saturday, 18-Nov-2023 14:38:24 JST Pierre H. Pierre H.
    in reply to

    Quotes from the article around Apple platforms:

    Apple’s variant of GWP-ASan, named Probabilistic Guard Malloc (PGM), is implemented in the standard user space allocator. It was first deployed to customer populations with iOS 14.5 and macOS 11.3 (April 2021) and deployment gradually expanded to additional platforms, including watchOS and tvOS. PGM is enabled for all Apple-owned user space processes (including apps) and integrates with the existing crash reporting pipeline. Crash reports are augmented with additional information about the guarded allocation, most notably the allocation and deallocation stack traces.

    […]

    As of September 2023, a total of 3,748 PGM bugs have been filed of which 1,438 are marked fixed with an associated code change.

    […]

    In summary, PGM has been an effective tool for finding and diagnosing memory errors at Apple. On average, 2.1 new bugs have been found every day since it was first deployed at scale in April 2021. The additional information in PGM crash reports (most notably, allocation and deallocation stack traces) makes them actionable even without a reproducer, resulting in a high 99% fix rate. In a handful of cases, a single PGM crash report made the difference for diagnosing a known high-impact bug. PGM even found bugs (now fixed) in code that had remained unchanged for over 20 years.

    In conversation Saturday, 18-Nov-2023 14:38:24 JST from infosec.exchange permalink
    • Embed this notice
      Pierre H. (madcoder@infosec.exchange)'s status on Saturday, 18-Nov-2023 14:38:26 JST Pierre H. Pierre H.

      https://x.com/kayseesee/status/1725587747279380831

      For people not wanting to click Twitter links:

      > I am proud to present you the pre-print of our paper on GWP-ASan. 5+ years of work by four companies, spanning Server, Desktop, and Mobile, running on billions of devices. Finding and fixing thousands of bugs and potential vulnerabilities.

      https://arxiv.org/pdf/2311.09394.pdf

      In conversation Saturday, 18-Nov-2023 14:38:26 JST permalink

      Attachments


      Paul Cantrell repeated this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.