Software bugs affect the security, performance, and reliability of critical systems that much of our society depends on. In practice, the predominant method of ensuring software quality is via extensive testing. Although software developers have considerable domain expertise, handcrafted tests often fail to catch corner cases. Automated testing techniques such as random fuzzing are a promising approach for discovering unexpected inputs that may cause programs to crash. However, by relying solely on hardcoded heuristics, their effectiveness as push-button tools is limited when the test program, the input format, or the testing objective becomes complex. Can we empower software developers to specialize automated testing tools using their domain expertise?
In this talk, I will describe new abstractions and algorithms that enable users to dramatically improve the effectiveness of random fuzzing by subtly transforming the search space. The corresponding research tools such as JQF+Zest, PerfFuzz, and FuzzFactory have unlocked the capability to easily discover new classes of software bugs from compiler optimization failures to algorithmic performance bottlenecks and memory consumption issues. My research tools have helped identify security vulnerabilities affecting billions of devices, have been adopted by firms such as Netflix and Samsung, and have been commercialized as services by multiple startups.
Rohan Padhye is a PhD candidate in Computer Science at UC Berkeley, advised by Koushik Sen. He previously worked at IBM Research India and holds a master’s degree from IIT Bombay. His current research focuses on dynamic program analysis and automatic test-input generation. Complementing his doctoral work, he interned at Microsoft Research and Samsung Research America, developing techniques to automatically find software bugs in large-scale production systems. He is the recipient of an ACM SIGSOFT Distinguished Paper Award, a Distinguished Artifact Award, a Tool Demonstration Award, and an SOSP Best Paper Award. He is also the lead designer of the ChocoPy programming language, which underpins the undergraduate compilers course at Berkeley.
Faculty Host: Grigore Rosu