Expanding the Reach of Fuzz Testing
Abstract:
Software bugs are pervasive in modern software. If they occur in the wrong software component, the consequences can be dire, both from a cost and security perspective (e.g. Cloudbleed, Heartbleed, Shellshock). Fuzzing refers to a set of techniques that automatically find bug-triggering inputs by sending many random-looking inputs to the program under test. In this talk, I will discuss the state-of-the-art in fuzzing techniques, their successes, and their limitations. I will discuss my research into overcoming these limitations: first, how I generalized coverage-guided fuzzing into feedback-directed fuzzing to find performance and resource consumption errors. Second, how I fine-tuned mutations towards preserving important structure in mutational fuzzing, enabling deeper program exploration. And third, how I made generator-based fuzzing adaptive to the program under test, and used similar techniques to tackle program synthesis. Finally, I will discuss the key research problems that must be tackled to make fuzzing readily-available and useful to all developers.
Biography:
Caroline Lemieux is a final-year PhD candidate at UC Berkeley, advised by Koushik Sen. Her research aims to help developers improve the correctness, security, and performance of software systems. She is particularly interested in developing methods that are applicable to large, existing software systems, ranging from complex open-source projects to industrial-scale software. Her current projects tackle these goals with a focus on fuzz testing and program synthesis. Her work on fuzz testing has been awarded an ACM SIGSOFT Distinguished Paper Award, Distinguished Artifact Award, Tool Demonstration Award, and Best Paper Award (Industry Track). Before Berkeley, she received her B.Sc. in Combined Honours Computer Science and Mathematics at the University of British Columbia, where she won the Governor General’s Silver Medal in Science, awarded to the undergraduate student with highest standing in the Faculty of Science. She is the recipient of a Berkeley Fellowship for Graduate Study and a Google PhD Fellowship in Programming Technologies and Software Engineering.