About Me

I am a Ph.D. candidate in Computer Science at the University of California, Berkeley, advised by Koushik Sen.

My research spans several areas including software engineering, programming languages, systems, and security. My papers have been published at top conferences such as ICSE, ASE, ISSTA, OOPSLA, SOSP, and USENIX Security.

I build tools that help improve software correctness, performance, and security. My recent projects use dynamic program analysis and coverage-guided fuzzing. These tools have been used to discover 50+ new bugs in widely used open-source software and have been adopted by various firms in industry.

I led the design of the ChocoPy programming language, which is used to teach undergraduate compilers courses at UC Berkeley.

I've completed summer internships at Microsoft Research, on detecting thousands of concurrency bugs at industry-scale, and at Samsung Research America, on fuzzing trusted execution environments. Before coming to Berkeley, I worked at IBM Research India, developing productivity tools using data mined from GitHub and other repositories. I also hold a Master's degree from IIT Bombay.

My academic ancestors include Newton, Galelio, Kepler, and Copernicus.

News

• 2019-10-29: Our SOSP'19 paper received the best paper award!
• 2019-10-25: Presented the FuzzFactory (Video), ChocoPy, and FailFast papers at SPLASH 2019 in Athens, Greece.
• 2019-09-16: JQF+Zest is now integrated into Fuzzit, a cloud-based continuous fuzzing service.
• 2019-09-13: ChocoPy is featured in an article on TechRepublic.
• 2019-09-12: Chocopy was #4 on the front-page of Hacker News!
• 2019-08-07: Wrote an article on producing good artifacts for evaluation in PL/SE/Systems conferences.
• 2019-07-19: Presented the Zest and JQF papers at ISSTA 2019 in Beijing, China. Both papers won awards.

Projects

• Star
  FuzzFactory: Generalizes coverage-guided fuzzing to domain-specific testing goals. OOPSLA 2019.
• Star
  JQF+Zest: Coverage-guided fuzzing for inputs with complex structure and semantics. ISSTA 2019.
  • Used to test Netflix's Message Security Layer.
  • Made commercially available by FuzzIt: continuous fuzzing as a service.
  • Used and endorsed by Pentagrid, a Swiss security firm.
• Star
  TSVD: Thread-Safety-Violation Detector for .NET applications. SOSP 2019.
  • Found 1000+ concurrency bugs in active projects within Microsoft.
• Star
  PerfFuzz: Automatic generation of worst-case inputs using fuzzing. ISSTA 2018.
• Star
  Travioli: Dynamic analysis of data-structure traversals in JavaScript programs. ICSE 2017.
• Star
  VASCO: Framework for inter-procedural data-flow analysis of Java programs. SOAP 2013.

Publications

1. New! PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
   Lee Harrison, Hayawardh Vjayakumar, Rohan Padhye, Koushik Sen, and Michael Grace
   USENIX Security 2020 (accepted | preprint PDF)
2. 
   Efficient and Scalable Thread-Safety-Violation Detection --- Finding thousands of concurrency bugs during testing
   Guangpu Li, Shan Lu, Madanlal Musuvathi, Suman Nath, and Rohan Padhye
   SOSP 2019 (DOI | PDF | GitHub) Best Paper Award
3. SAFFRON: Adaptive Grammar-based Fuzzing for Worst-Case Analysis
   Xuan Bach D. Le, Corina Pasareanu, Rohan Padhye, David Lo, Willem Visser, and Koushik Sen
   JPF 2019 (to appear)
4. ChocoPy: A Programming Language for Compilers Courses
   Rohan Padhye, Koushik Sen, and Paul N. Hilfinger
   SPLASH-E 2019 (DOI | Paper PDF | Slides PDF)
5. Efficient Fail-Fast Dynamic Subtype Checking
   Rohan Padhye and Koushik Sen
   VMIL 2019 (DOI | Paper PDF | Slides PDF)
6. 
   FuzzFactory: Domain-Specific Fuzzing with Waypoints
   Rohan Padhye, Caroline Lemieux, Koushik Sen, Laurent Simon, and Hayawardh Vijayakumar
   OOPSLA 2019 (DOI | Paper PDF | Slides PDF | Talk Video | GitHub)
7. 
   Semantic Fuzzing with Zest
   Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon
   ISSTA 2019 (DOI | Paper PDF | Slides PDF | GitHub) ACM SIGSOFT Distinguished Artifact Award
8. JQF: Coverage-Guided Property-Based Testing in Java
   Rohan Padhye, Caroline Lemieux, and Koushik Sen
   ISSTA-DEMO 2019 (DOI | PDF) ACM SIGSOFT Tool Demonstration Award
   
9. Validity Fuzzing and Parametric Generators for Effective Random Testing
   Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon
   ICSE-POSTER 2019 (Abstract DOI | Poster)
10. PerfFuzz: Automatically Generating Pathological Inputs
    Caroline Lemieux, Rohan Padhye, Koushik Sen, and Dawn Song
    ISSTA 2018 (DOI | PDF) ACM SIGSOFT Distinguished Paper Award
    
11. Travioli: A Dynamic Analysis for Detecting Data-Structure Traversals
    Rohan Padhye and Koushik Sen
    ICSE 2017 (DOI | PDF)
12. Mining API Expertise Profiles with Partial Program Analysis
    Senthil Mani, Rohan Padhye, and Vibha Singhal Sinha
    ISEC 2016 (DOI | PDF)
13. Detecting and Mitigating Secret-Key Leaks in Source Code Repositories
    Vibha Singhal Sinha, Diptikalyan Saha, Pankaj Dhoolia, Rohan Padhye, and Senthil Mani
    MSR 2015 (DOI)
    
14. The Synergy Between Voting and Acceptance of Answers on StackOverflow, or the Lack Thereof
    Neelamadhav Gantayat, Pankaj Dhoolia, Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
    MSR 2015 (DOI)
    
15. Smart Programming Playgrounds
    Rohan Padhye, Pankaj Dhoolia, Senthil Mani, and Vibha Singhal Sinha
    ICSE-NIER 2015 (DOI | PDF)
16. NeedFeed: Taming Change Notifications by Modeling Code Relevance
    Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
    ASE 2014 (DOI | PDF)
17. A Study of External Community Contribution to Open-Source Projects on GitHub
    Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
    MSR 2014 (DOI | PDF) Honorable Mention in the MSR Hall of Fame
    
18. API as a Social Glue
    Rohan Padhye, Debdoot Mukherjee, and Vibha Singhal Sinha
    ICSE-NIER 2014 (DOI | PDF) Award for Innovation and Potential Impact
    
19. Interprocedural Data Flow Analysis in Soot using Value Contexts
    Rohan Padhye and Uday P. Khedker
    SOAP 2013 (DOI | PDF)

Master's Thesis

• Interprocedural Heap Analysis using Access Graphs and Value Contexts
  Rohan Padhye
  Indian Institute of Technology Bombay
  (Advisor: Uday Khedker) (Dissertation | Slides)

Service

• IEEE TSE 2019 (Reviewer)
• IST 2019 (Reviewer)
• PLDI 2019 (AEC)
• PLDI 2018 (AEC)
• SPLASH 2017 (Student Volunteer)
• ISEC 2016, ISEC 2017, ISEC 2018 (PC)
• ASPLOS 2016, ISSTA 2016, PLDI 2017, ASPLOS 2018, PLDI 2018, CAV 2018 (Subreviewer)

Bug Trophy Case

Here are some issues in open-source software that were discovered using tools that I developed:

Performance Bugs

• Google Closure Compiler: #3173
• OpenJDK: CVE-2018-3214^[1]
• Apache Commons: CVE-2018-11771^[1]
• Apache Maven: #35
• Apache PDFBox: CVE-2018-8036^[1]
• Apache TIKA: CVE-2018-8017, CVE-2018-12418^[1]
• LibArchive: #1237
• D3.js: #44
• Express.js: #3065

Memory-Safety Bugs

• WavPack: #66, #67, #68
• LibArchive: #1165 (CVE-2019-11463)

Correctness Bugs

• Google Closure Compiler: #2842, #2843, #3220
• OpenJDK: JDK-8190332, JDK-8190511, JDK-8190512, JDK-8190997, JDK-8191023, JDK-8191076, JDK-8191109, JDK-8191174, JDK-8191073, JDK-8193444, JDK-8193877
• Apache Commons: LANG-1385, COMPRESS-424, COLLECTIONS-714
• Apache Ant: #62655
• Apache Maven: #34, #57
• Apache PDFBox: PDFBOX-4333^[2], PDFBOX-4338^[2], PDFBOX-4339^[2]
• Apache BCEL: BCEL-303, BCEL-307, BCEL-308, BCEL-309, BCEL-310, BCEL-311, BCEL-312, BCEL-313
• Mozilla Rhino: #405, #406, #407, #409, #410
• WavPack: #65
• Python: issue34939^[3]

Academic Genealogy

Thanks to the MGP, I've discovered two very exciting lines in my academic ancestry! Here is a visualization that I made, complete with era-appropriate flags: