Title: Fuzzing for Performance Bottlenecks and Semantic Bugs

Presented By: Rohan Padhye, University of California, Berkeley

Abstract:

Coverage-guided fuzz testing is a popular technique for randomly generating test inputs that cause programs to crash. Historically, fuzzing has been used to find security vulnerabilities such as buffer overflows in programs that process untrusted binary data. In this talk, I will describe how coverage-guided fuzzing can be adapted to achieve two other software testing objectives. First, I will present PerfFuzz, a technique for generating inputs that exercise worst-case behavior in programs. PerfFuzz has been used to identify algorithmic complexity bugs. Second, I will present Zest, a technique for finding semantic bugs in programs that process highly structured inputs. Zest biases QuickCheck-like input generators using code coverage and validity feedback. Zest has been used to find semantic bugs in Apache Ant, Mozilla Rhino, and the Google Closure Compiler. Finally, I’ll touch upon JQF, our Java-based fuzzing platform, which has been used to discover 42 new bugs in widely used software including OpenJDK and eight different Apache projects.

Biography:

Rohan Padhye is a PhD candidate at the University of California, Berkeley, where he is advised by Koushik Sen. Rohan’s primary research interests are in dynamic program analysis and automated test-input generation. Together with his collaborators, his work has received an ACM SIGSOFT Distinguished Paper Award and has helped identify more than a hundred new bugs across open-source projects as well as commercial software that runs on millions of devices. Rohan has previously worked with Microsoft Research, Samsung Research America, and IBM Research India. He holds a master’s degree from IIT Bombay.