Jump to Content
Konstantin Serebryany

Konstantin Serebryany

Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a M.S. from msu.ru.
Authored Publications
Google Publications
Other Publications
Sort By
  • Title
  • Title, desc
  • Year
  • Year, desc
    Preview abstract CPUs are getting more complex with every generation, on both the logical and the physical levels. Unsurprisingly, this leads to more bugs and defects in CPUs being overlooked during testing, which causes data corruption or other undesirable effects when these CPUs are used in production. Some defects may also be caused by aging. If the RTL (“source code”) of a CPU is available, we could apply greybox fuzzing to the CPU model almost like any other software [Tri21]. However our targets are general purpose x86_64 CPUs produced by third parties, where we do not have the source, so in our case CPU implementations are opaque. Moreover, we are more interested in CPU defects (manufacturing problems that affect just one or several cores) as opposed to bugs (design problems that affect all cores of a given family of CPUs). In this paper we present SiliFuzz, a work-in-progress system that finds CPU defects by fuzzing proxies, like CPU simulators or disassemblers, and then executing the accumulated test vectors (“corpus”) on actual CPUs on a large scale. The major difference between this work and traditional software fuzzing is that a software bug fixed once will be fixed for all installations of this software, while with CPU defects we have to test every individual core repeatedly over its lifetime due to wear and tear. We also analyze four groups of CPU defects that SiliFuzz has uncovered and the patterns shared by other findings. View details
    Preview abstract Memory safety in C and C++ remains largely unresolved. A technique usually called “memory tagging” may dramatically improve the situation if implemented in hardware with reasonable overhead. This paper describes two existing implementations of memory tagging: one is the full hardware implementation in SPARC; the other is a partially hardware-assisted compiler-based tool for AArch64. We describe the basic idea, evaluate the two implementations, and explain how they improve memory safety. This paper is intended to initiate a wider discussion of memory tagging and to motivate the CPU and OS vendors to add support for it in the near future. View details
    MemorySanitizer: fast detector of uninitialized memory use in C++
    Proceedings of the 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO), CGO 2015, San Francisco, CA, USA, pp. 46-55
    Preview abstract This paper presents MemorySanitizer, a dynamic tool that detects uses of uninitialized memory in C and C++. The tool is based on compile time instrumentation and relies on bit-precise shadow memory at run-time. Shadow propagation technique is used to avoid false positive reports on copying of uninitialized memory. MemorySanitizer finds bugs at a modest cost of 2.5x in execution time and 2x in memory usage; the tool has an optional origin tracking mode that provides better reports with moderate extra overhead. The reports with origins are more detailed compared to reports from other similar tools; such reports contain names of local variables and the entire history of the uninitialized memory including intermediate stores. In this paper we share our experience in deploying the tool at a large scale and demonstrate the benefits of compile time instrumentation over dynamic binary instrumentation. View details
    Preview abstract Memory access bugs, including buffer overflows and uses of freed heap memory, remain a serious problem for programming languages like C and C++. Many memory error detectors exist, but most of them are either slow or detect a limited set of bugs, or both. This paper presents AddressSanitizer, a new memory error detector. Our tool finds out-of-bounds accesses to heap, stack, and global objects, as well as use-after-free bugs. It employs a specialized memory allocator and code instrumentation that is simple enough to be implemented in any compiler, binary translation system, or even in hardware. AddressSanitizer achieves efficiency without sacrificing comprehensiveness. Its average slowdown is just 73% yet it accurately detects bugs at the point of occurrence. It has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software. View details
    Preview abstract Data races are among the most difficult to detect and costly bugs. Race detection has been studied widely, but none of the existing tools satisfies the requirements of high speed, detailed reports and wide availability at the same time. We describe our attempt to create a tool that works fast, has detailed and understandable reports and is available on a variety of platforms. The race detector is based on our previous work, ThreadSanitizer, and the instrumentation is done using the LLVM compiler. We show that applying compiler instrumentation and sampling reduces the slowdown to less than 1.5x, fast enough for interactive use. View details
    ThreadSanitizer – data race detection in practice.
    Proceedings of the Workshop on Binary Instrumentation and Applications, WBIA'09 (http://www.dyninst.org/wbia09/cfp.html)., NYC, NY, U.S.A. (2009), pp. 62-71
    Preview
    AN OPTIMAL FLOATING-POINT EXPRESSION TRANSLATION METHOD BASED ON PATTERN MATCHING
    Optimal placement of fused multiply-add (FMA) instructions.
    Sixth Workshop on Explicitly Parallel Instruction Computing Architectures and Compiler Technology (EPIC-6), Sixth Workshop on Explicitly Parallel Instruction Computing Architectures and Compiler Technology (EPIC-6) (2007)
    High level loop optimizations.
    Ph.D. Thesis, MESI (2004)