TITLE: Expanding the Reach of Fuzzing
Software bugs are pervasive in modern software. As software is integrated into increasingly many aspects of our lives, these bugs have increasingly severe consequences, both from a security (e.g. Cloudbleed, Heartbleed, Shellshock) and cost standpoint. Fuzzing refers to a set of techniques that automatically find bug-triggering inputs by sending many random-looking inputs to the program under test. In this talk, I will discuss how, by identifying core under-generalized components of modern fuzzing algorithms, and building algorithms that generalize or tune these components, I have expanded the application domains of fuzzing. First, by building a general feedback-directed fuzzing algorithm, I enabled fuzzing to consistently find performance and resource consumption errors. Second, by developing techniques to maintain structure during mutation, I brought fuzzing exploration to “deeper” program states. Third, by decoupling the user-facing abstraction of random input generators from their sampling distributions, I built faster validity fuzzing and even tackled program synthesis. Finally, I will discuss the key research problems that must be tackled to make fuzzing readily-available and useful to all developers.
Caroline Lemieux is a final-year Ph.D. candidate at UC Berkeley, advised by Koushik Sen. Her research aims to help developers improve the correctness, security, and performance of large, existing software systems, ranging from complex open-source projects to industrial-scale software. Her current projects tackle these goals with a focus on fuzz testing and program synthesis. Her work on fuzz testing has been awarded an ACM SIGSOFT Distinguished Paper Award, ACM SIGSOFT Distinguished Artifact Award, ACM SIGSOFT Tool Demonstration Award, and Best Paper Award (Industry Track). Before Berkeley, she received her B.Sc. in combined honours computer science and mathematics at the University of British Columbia, where she won the Governor General’s Silver Medal in Science (highest standing in the Faculty of Science). She is the recipient of a Berkeley Fellowship for Graduate Study and a Google Ph.D. Fellowship in Programming Technologies and Software Engineering.