Faculty Recruiting Support CICS

Bending Fuzzers to One's Own Will

07 Apr
Tuesday, 04/07/2020 12:00pm to 1:00pm
Speaker: Rohan Padhye

To view this live event via Zoom, visit: 

A password is now required to attend this event; if you did not receive it by email, please contact Joyce Mazeski at jmazeski@cs.umass.edu.

Abstract: Software bugs affect the security, performance, and reliability of critical systems that much of our society depends on. In practice, the predominant method of ensuring software quality is via extensive testing. Although software developers have considerable domain expertise, handcrafted tests often fail to catch corner cases. Automated testing techniques such as random fuzzing are a promising approach for discovering unexpected inputs that may cause programs to crash. However, by relying solely on hardcoded heuristics, their effectiveness as push-button tools is limited when the test program, the input format, or the testing objective becomes complex. Can we empower software developers to specialize automated testing tools using their domain expertise?

In this talk, I will describe new abstractions and algorithms that enable users to dramatically improve the effectiveness of random fuzzing. The corresponding research tools such as JQF+Zest, PerfFuzz, and FuzzFactory have unlocked the capability to automatically discover new classes of software bugs such as compiler optimization failures, algorithmic performance bottlenecks, and memory consumption issues, with very little effort. My tools have helped identify security vulnerabilities affecting billions of devices, have been adopted by firms such as Netflix and Samsung, and have been commercialized as services by multiple startups.

Bio: Rohan Padhye is a PhD candidate in Computer Science at UC Berkeley, advised by Koushik Sen. He previously worked at IBM Research India and holds a master's degree from IIT Bombay. His current research focuses on dynamic program analysis and automatic test-input generation. Complementing his doctoral work, he interned at Microsoft Research and Samsung Research America, developing techniques to automatically find software bugs in large-scale production systems. He is the recipient of an ACM SIGSOFT Distinguished Paper Award, a Distinguished Artifact Award, a Tool Demonstration Award, and an SOSP Best Paper Award. He is also the lead designer of the ChocoPy programming language, which underpins the undergraduate compilers course at Berkeley.

Faculty Host