Rohan Padhye
@rohan.padhye.org
Computer Science professor at CMU. Doing research on automated software testing and bug finding. https://rohan.padhye.org
Reposted by Rohan Padhye
Gaetano's paper on Scaling Security Testing by Adressing the Reachability Gap has been accepted at #ICSE26!
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
November 3, 2025 at 6:24 PM
Gaetano's paper on Scaling Security Testing by Adressing the Reachability Gap has been accepted at #ICSE26!
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
📝 gpsapia.github.io/files/ICSE_2...
🧑💻 github.com/GPSapia/Reac...
How to scale automatic security testing to arbitrary systems?
Reposted by Rohan Padhye
#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
October 8, 2025 at 12:02 PM
#FUZZING'26 CALL FOR PAPERS
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
──────
✨ After 5 years, we will be again co-located with NDSS!
🔗 fuzzing-workshop.github.io
📅 11. Dec (Submission)
//cc @mboehme.bsky.social (MPI-SP), @ruijiemeng.bsky.social (CISPA), @rohan.padhye.org (CMU), László Szekeres (Google)
Podcast! Had a fun conversation with @cachemisses.bsky.social on an episode of *Disseminate*. Check it out!
🚨 "Fray: An Efficient General-Purpose Concurrency JVM Testing Platform" with Rohan Padhye (@rohan.padhye.org) & Ao Li (@aoli.al) is available now!
🎙️ Guest hosted by the brilliant Bogdan Stoica (@cachemisses.bsky.social)
🎧 Listen on YouTube ➡️ youtu.be/SDaTOOEDuto?...
🎙️ Guest hosted by the brilliant Bogdan Stoica (@cachemisses.bsky.social)
🎧 Listen on YouTube ➡️ youtu.be/SDaTOOEDuto?...
This Tool Finds Hidden Concurrency Bugs in Java Apps [OOPSLA 2025: Fray]
YouTube video by Disseminate: The Computer Science Research Podcast
youtu.be
October 6, 2025 at 10:43 AM
Podcast! Had a fun conversation with @cachemisses.bsky.social on an episode of *Disseminate*. Check it out!
Excited to announce that the Fray paper has been accepted to OOPSLA'25! Work led by @aoli.al with a full pastalab.org collaboration.
📄: rohan.padhye.org/files/fray-o...
💻: github.com/cmu-pasta/fray
🎥: www.youtube.com/watch?v=AX6P...
📄: rohan.padhye.org/files/fray-o...
💻: github.com/cmu-pasta/fray
🎥: www.youtube.com/watch?v=AX6P...
August 28, 2025 at 2:51 PM
Excited to announce that the Fray paper has been accepted to OOPSLA'25! Work led by @aoli.al with a full pastalab.org collaboration.
📄: rohan.padhye.org/files/fray-o...
💻: github.com/cmu-pasta/fray
🎥: www.youtube.com/watch?v=AX6P...
📄: rohan.padhye.org/files/fray-o...
💻: github.com/cmu-pasta/fray
🎥: www.youtube.com/watch?v=AX6P...
Debating whether we can add acks "We thank Reviewers A and C for their constructive feedback on our paper".
August 22, 2025 at 3:24 PM
Debating whether we can add acks "We thank Reviewers A and C for their constructive feedback on our paper".
Reposted by Rohan Padhye
🚨 Our amazing #FUZZING'25 keynotes are online!
"Constraining Fuzzing without Paying Too Much" by Miryung Kim
youtu.be/L90MBb6NLBE
"Are you sure you belong in academia?" by Will Wilson
youtu.be/qQGuQ_4V6WI
// @mboehme.bsky.social, László Szekeres, @rohan.padhye.org, @ruijiemeng.bsky.social
"Constraining Fuzzing without Paying Too Much" by Miryung Kim
youtu.be/L90MBb6NLBE
"Are you sure you belong in academia?" by Will Wilson
youtu.be/qQGuQ_4V6WI
// @mboehme.bsky.social, László Szekeres, @rohan.padhye.org, @ruijiemeng.bsky.social
We had two exciting keynotes:
* From academia: Miryung Kim (Prof @ UCLA)
* From industry: Will Wilson (CEO and Co-Founder of @AntithesisHQ.bsky.social).
Stay tuned for recordings!
* From academia: Miryung Kim (Prof @ UCLA)
* From industry: Will Wilson (CEO and Co-Founder of @AntithesisHQ.bsky.social).
Stay tuned for recordings!
June 29, 2025 at 7:35 AM
🚨 Our amazing #FUZZING'25 keynotes are online!
"Constraining Fuzzing without Paying Too Much" by Miryung Kim
youtu.be/L90MBb6NLBE
"Are you sure you belong in academia?" by Will Wilson
youtu.be/qQGuQ_4V6WI
// @mboehme.bsky.social, László Szekeres, @rohan.padhye.org, @ruijiemeng.bsky.social
"Constraining Fuzzing without Paying Too Much" by Miryung Kim
youtu.be/L90MBb6NLBE
"Are you sure you belong in academia?" by Will Wilson
youtu.be/qQGuQ_4V6WI
// @mboehme.bsky.social, László Szekeres, @rohan.padhye.org, @ruijiemeng.bsky.social
Very cool: @aoli.al uncovered a deadlock in OpenJDK that can be triggered with a tiny test case and Fray's deterministic concurrency testing & debugging support. Read his blog post here: aoli.al/blogs/jdk-bug/
If you write Java/Scala/Kotlin, try Fray yourself: github.com/cmu-pasta/fray
If you write Java/Scala/Kotlin, try Fray yourself: github.com/cmu-pasta/fray
Discovering a JDK Race Condition, and Debugging it in 30 Minutes with Fray
Discovering a JDK Race Condition, and Debugging it in 30 Minutes with Fray I’ve been adding more integration tests for Fray recently. To ensure Fray can handle different scenarios, I wrote many creati...
aoli.al
June 9, 2025 at 2:35 PM
Very cool: @aoli.al uncovered a deadlock in OpenJDK that can be triggered with a tiny test case and Fray's deterministic concurrency testing & debugging support. Read his blog post here: aoli.al/blogs/jdk-bug/
If you write Java/Scala/Kotlin, try Fray yourself: github.com/cmu-pasta/fray
If you write Java/Scala/Kotlin, try Fray yourself: github.com/cmu-pasta/fray
Just Accepted to ACM TOSEM!
The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.
📄 dl.acm.org/doi/pdf/10.1...
The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.
📄 dl.acm.org/doi/pdf/10.1...
June 6, 2025 at 7:02 PM
Just Accepted to ACM TOSEM!
The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.
📄 dl.acm.org/doi/pdf/10.1...
The "Havoc Paradox" is about the relationship between byte-level fuzzer mutations and their effect on the inputs produced by generators for structured strings (e.g. XML/SQL). Can disruptive mutations be controlled? Should they be? Find out.
📄 dl.acm.org/doi/pdf/10.1...
Reposted by Rohan Padhye
🖊️ Register here: ntnu.eventsair.com/fse2025-isst...
(FUZZING is a co-located workshop)
(FUZZING is a co-located workshop)
May 28, 2025 at 9:41 AM
🖊️ Register here: ntnu.eventsair.com/fse2025-isst...
(FUZZING is a co-located workshop)
(FUZZING is a co-located workshop)
We're excited to announce two keynote speakers for the #FUZZING'25 workshop (part of @issta_conf at Trondheim, Norway):
[*] Will Wilson, CEO and Co-Founder of Antithesis
[*] Miryung Kim, Professor and Vice Chair of Graduate Studies at UCLA
conf.researchr.org/home/issta-2...
[*] Will Wilson, CEO and Co-Founder of Antithesis
[*] Miryung Kim, Professor and Vice Chair of Graduate Studies at UCLA
conf.researchr.org/home/issta-2...
May 27, 2025 at 6:49 PM
We're excited to announce two keynote speakers for the #FUZZING'25 workshop (part of @issta_conf at Trondheim, Norway):
[*] Will Wilson, CEO and Co-Founder of Antithesis
[*] Miryung Kim, Professor and Vice Chair of Graduate Studies at UCLA
conf.researchr.org/home/issta-2...
[*] Will Wilson, CEO and Co-Founder of Antithesis
[*] Miryung Kim, Professor and Vice Chair of Graduate Studies at UCLA
conf.researchr.org/home/issta-2...
The JQF repo is now both popular enough (700+ stars) and contains enough buggy/vulnerable code as sample fuzz targets that we're getting occasionally spammed with crappy AI-generated patches.
I can't imagine what bigger OSS projects are dealing with right now.
I can't imagine what bigger OSS projects are dealing with right now.
May 27, 2025 at 5:21 PM
The JQF repo is now both popular enough (700+ stars) and contains enough buggy/vulnerable code as sample fuzz targets that we're getting occasionally spammed with crappy AI-generated patches.
I can't imagine what bigger OSS projects are dealing with right now.
I can't imagine what bigger OSS projects are dealing with right now.
Delighted to receive an ACM SIGSOFT Distinguished Award for this work... It's about time!
Proud of the PASTA Lab students, including our visiting undergrads :-)
Proud of the PASTA Lab students, including our visiting undergrads :-)
Happy Daylight Savings Time to everyone in the US! A few more weeks for European Summer Time.
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
April 29, 2025 at 7:51 PM
Delighted to receive an ACM SIGSOFT Distinguished Award for this work... It's about time!
Proud of the PASTA Lab students, including our visiting undergrads :-)
Proud of the PASTA Lab students, including our visiting undergrads :-)
Love this argument: prior work does not use our novel idea.
![Text highlighted from a research paper that says "To the best of our knowledge, there is no existing search-based testing approach for productiongrade AV software, including [20], [21], [41]–[55] that: (i) uses our novel gene representation"](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:nd3awjfrcf4gvvodwib7ydo4/bafkreiayhjtb5grftfpci2shhwzb7zuuw2lucvdn2okqxbar7g2di4xb4i@jpeg)
March 31, 2025 at 2:43 PM
Love this argument: prior work does not use our novel idea.
Submission deadline for the Fuzzing workshop is tonight (AoE)! Send us those nuggets and research ideas.
Rohan
Rohan
I'm super excited about this new track at the #FUZZING'25 workshop. It's the academic version of thoughtful blog posts, but with a paper and talk for wider reach!
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
*Fuzzing nuggets* (short papers) are evidence-backed position papers or experience reports on SOTA practices---a platform for researchers & practitioners to share substantiated opinions or reflections that are of interest to the community but not to be developed into full paper.
March 20, 2025 at 7:09 PM
Submission deadline for the Fuzzing workshop is tonight (AoE)! Send us those nuggets and research ideas.
Rohan
Rohan
Happy Daylight Savings Time to everyone in the US! A few more weeks for European Summer Time.
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
March 10, 2025 at 1:37 PM
Happy Daylight Savings Time to everyone in the US! A few more weeks for European Summer Time.
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
If you notice some of your apps glitching, don't be alarmed. Even ChatGPT can't write correct date/time code!!!
See more in our upcoming paper: rohan.padhye.org/files/dateti... (MSR'25 preprint)
I'm super excited about this new track at the #FUZZING'25 workshop. It's the academic version of thoughtful blog posts, but with a paper and talk for wider reach!
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
*Fuzzing nuggets* (short papers) are evidence-backed position papers or experience reports on SOTA practices---a platform for researchers & practitioners to share substantiated opinions or reflections that are of interest to the community but not to be developed into full paper.
February 17, 2025 at 7:00 PM
I'm super excited about this new track at the #FUZZING'25 workshop. It's the academic version of thoughtful blog posts, but with a paper and talk for wider reach!
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
Submission deadline is in a month (March 20th)!
fuzzingworkshop.github.io
Reposted by Rohan Padhye
#FUZZING'25 CALL FOR PAPERS
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
February 17, 2025 at 6:40 PM
#FUZZING'25 CALL FOR PAPERS
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
──────
✨ New OC members:
* Ruijie Meng (@ruijiemeng.bsky.social; NUS)
* Rohan Padhye (@rohan.padhye.org; CMU).
✨ New paper type: Fuzzing Nuggets (short papers).
🔗 fuzzingworkshop.github.io
📅 20.March (Submission)
📅 17.April (Notification)
📅 28.June (Workshop)
Back to basics: Concurrency testing in Java!
Our new tool *Fray* correctly solves a 25+ year old problem for real-world software. See this feature from Elastic Labs about Fray's contributions to Lucene.
📰: www.elastic.co/search-labs/...
🔧: github.com/cmu-pasta/fray
📝: arxiv.org/pdf/2501.12618
Our new tool *Fray* correctly solves a 25+ year old problem for real-world software. See this feature from Elastic Labs about Fray's contributions to Lucene.
📰: www.elastic.co/search-labs/...
🔧: github.com/cmu-pasta/fray
📝: arxiv.org/pdf/2501.12618
February 7, 2025 at 9:57 PM
Back to basics: Concurrency testing in Java!
Our new tool *Fray* correctly solves a 25+ year old problem for real-world software. See this feature from Elastic Labs about Fray's contributions to Lucene.
📰: www.elastic.co/search-labs/...
🔧: github.com/cmu-pasta/fray
📝: arxiv.org/pdf/2501.12618
Our new tool *Fray* correctly solves a 25+ year old problem for real-world software. See this feature from Elastic Labs about Fray's contributions to Lucene.
📰: www.elastic.co/search-labs/...
🔧: github.com/cmu-pasta/fray
📝: arxiv.org/pdf/2501.12618
How do you know whether random testing is working as expected?
[1/3] Long ago in JQF, we used `assumeTrue` to bias fuzzing towards *valid* inputs. This is powerful, but the abstraction is quite coarse if you have many properties.
(Refs: github.com/rohanpadhye/..., rohan.padhye.org/files/zest-i...)
[1/3] Long ago in JQF, we used `assumeTrue` to bias fuzzing towards *valid* inputs. This is powerful, but the abstraction is quite coarse if you have many properties.
(Refs: github.com/rohanpadhye/..., rohan.padhye.org/files/zest-i...)
December 13, 2024 at 4:38 PM
How do you know whether random testing is working as expected?
[1/3] Long ago in JQF, we used `assumeTrue` to bias fuzzing towards *valid* inputs. This is powerful, but the abstraction is quite coarse if you have many properties.
(Refs: github.com/rohanpadhye/..., rohan.padhye.org/files/zest-i...)
[1/3] Long ago in JQF, we used `assumeTrue` to bias fuzzing towards *valid* inputs. This is powerful, but the abstraction is quite coarse if you have many properties.
(Refs: github.com/rohanpadhye/..., rohan.padhye.org/files/zest-i...)
Reposted by Rohan Padhye
And now that we’re all here, some work!🚨 Are Large Language Models Memorizing Bug Benchmarks? 🚨
There’s growing concern that LLMs for SE are prone to data leakage, but no one has quantified it... until now. 🕵️♂️ 1/
There’s growing concern that LLMs for SE are prone to data leakage, but no one has quantified it... until now. 🕵️♂️ 1/
arxiv.org
November 26, 2024 at 4:06 PM
And now that we’re all here, some work!🚨 Are Large Language Models Memorizing Bug Benchmarks? 🚨
There’s growing concern that LLMs for SE are prone to data leakage, but no one has quantified it... until now. 🕵️♂️ 1/
There’s growing concern that LLMs for SE are prone to data leakage, but no one has quantified it... until now. 🕵️♂️ 1/