Dissertation Talk: Expanding the Reach of Fuzz Testing by Caroline Lemieux; Tuesday, April 27, 12 PM PST

April 27, 2021

Title: Expanding the Reach of Fuzz Testing

Speaker: Caroline Lemieux
Advisor: Koushik Sen
Date: Tuesday, April 27, 2021
Time: 12:00 – 1:00pm PT
Location (Zoom): https://berkeley.zoom.us/j/99666841072?pwd=ZFIyWmpYMzQ2bm04bVVaSm9YdzJVdz09
Meeting ID: 996 6684 1072
Zoom Passcode: 665063
Software bugs are pervasive in modern software. As software is integrated into increasingly many aspects of our lives, these bugs have increasingly severe consequences, both from a security (e.g. Cloudbleed, Heartbleed, Shellshock) and cost standpoint. Fuzz testing or simply fuzzing refers to a set of techniques that automatically find bug-triggering inputs by sending many random-looking inputs to the program under test. In this talk, I will discuss how, by identifying core under-generalized components of modern fuzzing algorithms, and building algorithms that generalize or tune these components, I have expanded the application domains of fuzzing. First, by building a general feedback-directed fuzzing algorithm, I enabled fuzzing to consistently find performance and resource consumption errors. Second, by developing techniques to maintain structure during mutation, I brought fuzzing exploration to “deeper” program states. Third, by decoupling the user-facing abstraction of random input generators from their sampling distributions, I built faster validity fuzzing and even tackled program synthesis. Finally, I will discuss the key research problems that must be tackled to make fuzzing readily-available and useful to all developers.