Faculty Candidate Seminar
Bending Fuzzers to One’s Own Will
This event is free and open to the publicAdd to Google Calendar
Abstract: Software bugs affect the security, performance, and reliability of critical systems that much of our society depends on. In practice, the predominant method of ensuring software quality is via extensive testing. Although software developers have considerable domain expertise, handcrafted tests often fail to catch corner cases. Automated testing techniques such as random fuzzing are a promising approach for discovering unexpected inputs that may cause programs to crash. However, by relying solely on hardcoded heuristics, their effectiveness as push-button tools is limited when the test program, the input format, or the testing objective becomes complex.
In this talk, I will describe novel techniques that make random fuzzing smarter by leveraging the domain knowledge of software developers. These techniques draw upon artifacts ranging from existing functional tests to explicitly provided specifications. The corresponding research tools such as JQF+Zest, PerfFuzz, and FuzzFactory have unlocked the capability to automatically discover new classes of software bugs such as compiler optimization failures, algorithmic performance bugs, and memory consumption issues. My tools have helped identify security vulnerabilities affecting billions of devices, have been adopted by firms such as Netflix and Samsung, and have been commercialized as services by multiple startups.
Bio: Rohan Padhye is a PhD candidate in Computer Science at UC Berkeley, advised by Koushik Sen. He previously worked at IBM Research India and holds a master’s degree from IIT Bombay. His current research focuses on dynamic program analysis and automatic test-input generation. Complementing his doctoral work, he interned at Microsoft Research and Samsung Research America, developing techniques to automatically find software bugs in large-scale production systems. He is the recipient of an ACM SIGSOFT Distinguished Paper Award, a Distinguished Artifact Award, a Tool Demonstration Award, and an SOSP Best Paper Award. He is also the lead designer of the ChocoPy programming language, which underpins the undergraduate compilers course at Berkeley.