Thodoris Sotiropoulos

44 posts

Thodoris Sotiropoulos

Thodoris Sotiropoulos

@theosotir

Postdoctoral researcher in the Advanced Software Technologies group, ETH Zurich.

Katılım Haziran 2022
114 Takip Edilen138 Takipçiler
Sabitlenmiş Tweet
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
Our paper “Best of Both Worlds: Effective Foreign Bridge Identification in V8 Embedders for Security Analysis”, co-authored with @grgalex42 , @zhendongsu , and @d1m1tr0 , has been accepted at the IEEE Symposium on Security and Privacy 2026 @IEEESSP !
English
10
5
22
1.2K
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
@grgalex42 @zhendongsu @d1m1tr0 @IEEESSP We believe that both researchers and practitioners can further benefit from GASKET, enabling improved vulnerability detection across language boundaries, and stronger guarantees for the safety of modern polyglot software ecosystems.
English
1
0
3
104
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
Our paper “Best of Both Worlds: Effective Foreign Bridge Identification in V8 Embedders for Security Analysis”, co-authored with @grgalex42 , @zhendongsu , and @d1m1tr0 , has been accepted at the IEEE Symposium on Security and Privacy 2026 @IEEESSP !
English
10
5
22
1.2K
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
The idea presented in this paper is REALLY cool! These insights are the essence: "#1: Once you import a binary extension in Python, all its callable objects are created in memory. " "#2: The memory layout of these callables carries pointers to the underlying native functions."
Georgios Alexopoulos@grgalex42

Our work (w/ @theosotir, @gousiosg, @zhendongsu, and @d1m1tr0) got accepted at @ICSEconf! We introduce a practical method for constructing cross-language call graphs of Python packages with native extensions. Preprint: grgalex.github.io/assets/pdf/pyx…

English
0
1
11
470
Thodoris Sotiropoulos retweetledi
Chengyu Zhang
Chengyu Zhang@chengyuzh·
I'm looking for PhD students starting Fall 2026! If you're interested in automated testing and trustworthy program verification, feel free to reach out via email or come chat with me at ISSTA/FSE next week!
Chengyu Zhang@chengyuzh

Excited to share that two of our papers will be presented next week: one at SIGMOD (Tuesday), and another at the FUZZING Workshop @ ISSTA (Saturday)! The student collaborators from @ECNUER will present the papers. I’ll be at ISSTA/FSE next week—come say hi! Looking forward to great conversations and feedback. 👋 The SIGMOD work is a collaboration with @RiggerManuel, @DengWenjin48334, and Qiuyang Mang. We propose a geometry-aware test generator for spatial databases and prove metamorphic relations under affine transformations. This helped us uncover 34 previously unknown bugs in mainstream spatial database systems. The FUZZING workshop paper revisits combining static analysis and symbolic execution for precise bug finding. We show that accurate error traces from static analysis can actually help symbolic execution, but inaccurate traces can mislead symbolic execution and potentially human users.

English
3
11
42
4.8K
Thodoris Sotiropoulos retweetledi
Dimitris Mitropoulos
Dimitris Mitropoulos@d1m1tr0·
Honored to receive the "Research Excellence Award 2024" from @uoaofficial! This recognition marks a significant milestone in my research journey and motivates me to continue pursuing research in software engineering and cybersecurity
Dimitris Mitropoulos tweet mediaDimitris Mitropoulos tweet media
English
2
4
16
959
Thodoris Sotiropoulos retweetledi
Chengyu Zhang
Chengyu Zhang@chengyuzh·
🔍 I am on the job market, seeking opportunities in software engineering, programming languages, and formal methods. If you are interested in chatting about my work or potential roles, let’s catch up at the conference or send me a message! 🤝 #SPLASH24
Chengyu Zhang@chengyuzh

🚀 Just touched down in Pasadena for #SPLASH24! Excited to present our work on generating effective test inputs from SMT formulas and getting oracles "for free" using SMT solvers. Catch our talk this Friday at OOPSLA! 🗓️📍 📄 Check out our paper: dl.acm.org/doi/10.1145/36…

English
0
16
66
10.4K
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
Our study demonstrates that research on IaC should focus on more system-aware testing techniques that, beyond diverse inputs, enable testing IaC programs under a variety of initial system states.
English
0
0
2
219
Thodoris Sotiropoulos
Thodoris Sotiropoulos@theosotir·
(3) More than half (52%) of the bugs depend on the target system’s initial state, with 37% of these bug-enabling states being recreated entirely through specific inputs to the IaC code under test.
English
1
0
2
244
Thodoris Sotiropoulos retweetledi
Diomidis Spinellis
Diomidis Spinellis@CoolSWEng·
Fine-grained analysis of 1,302 Python projects shows 50% of dependencies are bloated, yielding inefficiencies and hiding vulnerabilities. Developers are open to debloating accepting 83% of our PRs. FSE paper with @gdrosos_ @theosotir @d1m1tr0 (CC-BY): dl.acm.org/doi/10.1145/36…
Diomidis Spinellis tweet media
English
0
12
63
2.8K

Keşfet

@grgalex42 @zhendongsu @d1m1tr0 @IEEESSP @uoaofficial @ASE_conf @gdrosos_ @mchri5taki5