Rohan Padhye

Assistant Professor
Software and Societal Systems Department (S3D)
School of Computer Science
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213
Office: TCS Hall 325
Email: rohanpadhyebots-gotta-get-smarter-than-this@its-really-not-that-hardcmu.edu
(My name is pronounced "row-hun paa-dhyae")

I am also affiliate faculty at CyLab.

GitHub | CV | DBLP | Google Scholar | PASTA Lab

About Me

I research techniques for automatically discovering software bugs. My work spans several areas including software engineering, programming languages, systems, and security. I've published at various venues in these fields including ICSE, ASE, ISSTA, MSR, OOPSLA, SOSP, SoCC, NSDI, and USENIX Security. My recent projects make use of dynamic program analysis and coverage-guided fuzz testing.

At CMU, I lead the Program Analysis, Software Testing, and Applications (PASTA) research group.

I completed my Ph.D. in Computer Science at UC Berkeley, where I was advised by Koushik Sen. My dissertation investigated techniques for specializing program analysis and automated testing tools using artifacts that incorporate the knowledge of domain experts. I've also worked with Amazon Web Services as a visiting academic in the database systems research group, with Microsoft Research as a research intern in the cloud systems group, with Samsung Research America as a security engineering intern in the KNOX group, and I spent two years at IBM Research India in the developer productivity group. I hold a Master's degree from IIT Bombay, where I did a thesis on static program analysis.

I am also the lead designer of the ChocoPy programming language, which is used to teach the undergraduate compilers courses at UC Berkeley (and several other universities across the world).

My academic ancestors include Newton, Galelio, Kepler, and Copernicus.

News

2025-06-30: Awarded an NSF grant as PI on Practical Controlled Concurrency Testing for Managed Code.
2025-06-24: Received a Distinguished Reviewer Award for PLDI'25.
2025-06-03: Received an Amazon Research Award for continuing work on property-based testing.
2025-05-25: Paper studying the havoc paradox in generator-based fuzzing accepted to ACM TOSEM.
2025-04-28: Received an ACM SIGSOFT Distinguished Paper Award for the study on date/time bugs.
2025-03-21: Joined the SPLASH/ISSTA 2026 organizing committee and the OOPSLA 2026 review committee.
2025-02-18: Joined the ASE 2025 program committee.
2025-01-12: Paper studying date/time bugs in open-source software accepted to MSR 2025.
2025-01-06: Awarded an NSF grant as PI on Strengthening Correctness of Date and Time Logic in Software Systems.
2024-10-24: Gave a talk on SE+AI for law at SPLASH 2024.
2024-10-15: Joined the PLDI 2025 program committee.
2024-09-10: Article published by MIT Computational Law.
2024-06-06: Position paper on software engineering for computational law accepted for presentation at Onward! 2024.
2023-12-07: Paper on ExChain accepted to NSDI 2024!
2023-10-30: Awarded second-round funding from the Future Enterprise Security Initiative at CyLab.
2023-10-23: Co-chairing the joint ECOOP/ISSTA 2024 Tool Demonstrations Track.
2023-07-18: Paper on Mu2 received an ACM SIGSOFT Distinguished Paper Award at ISSTA 2023.
more...
2023-05-16: Invited to the ISSTA 2024 program committee.
2023-03-31: Co-organized a Dagstuhl seminar on Software Bug Detection: Challenges and Synergies.
2023-03-16: Invited to the ISSTA 2023 tool demonstrations program committee.
2023-03-09: Quoted in an Information Week article: Stress-Test Your Software to Prevent a Southwest-Type Calamity.
2022-11-28: Awarded first-round funding from the Future Enterprise Security Initiative at CyLab.
2022-11-01: Teaching a new course at CMU in Spring'23: Fantastic Bugs and How to Find Them!
2022-07-19: Invited to the ICST 2023 Program Committee.
2022-07-18: Received an Amazon Research Award for continuing research on coverage-guided property-based testing.
2022-03-25: PASTA Lab member John Billos is awarded the prestigious Goldwater Scholarship.
2022-03-08: Paper on the naturalness of fuzzer-generated code is accepted to MSR'22.
2021-09-24: Launched the PASTA Lab website.
2021-08-31: Paper on Filibuster, service-level fault injection in cloud applications, is accepted to SoCC 2021.
2021-08-12: Invited to the ESEC/FSE 2022 Program Committee.
2021-07-29: Invited to the ISSTA 2022 Program Committee.
2021-07-14: Awarded an NSF grant as PI on Future-Proof Test Corpus Synthesis for Evolving Software.
2021-02-19: Awarded seed funding from CyLab for Secure Software Evolution.
2020-12-15: Paper on Bonsai Fuzzing is accepted to ICSE 2021.
2020-12-03: Invited to the ICSE 2022 Program Committee.
2020-11-15: Had an amazing time chatting with enthusiastic students at the PL Mentoring Workshop at SPLASH 2020.
2020-10-18: Gave a talk on the academic job market at the JOBS workshop co-located with MICRO 2020.
2020-07-30: Paper on BigFuzz, scaling JQF to Apache Spark applications, is accepted to ASE 2020.
2020-06-10: Invited to the ISSTA 2021 Program Committee.
2020-05-19: Joined the OOPSLA 2020 External Review Committee.
2020-04-27: Accepted a tenure-track faculty position at Carnegie Mellon University (Institute for Software Research).
2020-04-27: Gave my Ph.D. dissertation talk! (Video).
2020-04-20: Received the C.V. Ramamoorthy Distinguished Research Award.
2020-04-01: Received an Outstanding Graduate Student Instructor Award from UC Berkeley.
2019-12-08: Paper on RLCheck, boosting JQF with reinforcement learning, is accepted to ICSE 2020.
2019-10-29: SOSP 2019 paper received the best paper award!
2019-10-25: Presented the FuzzFactory (Video), ChocoPy, and FailFast papers at SPLASH 2019 in Athens, Greece.
2019-09-16: JQF+Zest is now integrated into Fuzzit, a cloud-based continuous fuzzing service.
2019-09-13: ChocoPy is featured in an article on TechRepublic.
2019-09-12: ChocoPy was #4 on the front-page of Hacker News!
2019-08-07: Wrote an article on producing good artifacts for evaluation in PL/SE/Systems conferences.
2019-07-19: Presented the Zest and JQF (Video) papers at ISSTA 2019 in Beijing, China. Both papers won awards.

Projects

Star
Fray: Concurrency Testing Platform for the JVM. New!
Star
Mu2: Mutation-based mutation-guided fuzz testing.
Star
Linux Kernel Enriched Corpus: Boosting syzkaller with a regression corpus.
Star
FuzzFactory: Generalizes coverage-guided fuzzing to domain-specific testing goals. OOPSLA 2019.
Star
JQF+Zest: Coverage-guided fuzzing for inputs with complex structure and semantics. ISSTA 2019.
Star
PerfFuzz: Automatic generation of worst-case inputs using fuzzing. ISSTA 2018.
Star
TSVD: Thread-Safety-Violation Detector for .NET applications. SOSP 2019.
Star
VASCO: Framework for inter-procedural data-flow analysis of Java programs. SOAP 2013.

Publications

The Havoc Paradox in Generator-Based Fuzzing
Ao Li*, Madonna Huang*, Vasudev Vikram*, Caroline Lemieux, and Rohan Padhye
ACM TOSEM (DOI | Paper PDF)
Fray: An Efficient General-Purpose Concurrency Testing Platform for the JVM
Ao Li, Byeongjee Kang, Vasudev Vikram, Isabella Laybourn, Samvid Dharanikota, Shrey Tiwari, Rohan Padhye
(arXiv Preprint | GitHub)
It's About Time: An Empirical Study of Date and Time Bugs in Open-Source Python Software
Shrey Tiwari, Serena Chen*, Alexander Joukov*, Peter Vandervelde*, Ao Li, Rohan Padhye
MSR 2025 (DOI | Paper PDF) [* = equal contribution] ACM SIGSOFT Distinguished Paper Award
SPIDER: Fuzzing for Stateful Performance Issues in the ONOS Software-Defined Network Controller
Ao Li, Rohan Padhye, Vyas Sekar
ICST 2025 (DOI | Paper PDF)
The Havoc Paradox in Generator-Based Fuzzing (Registered Report)
Ao Li, Madonna Huang, Caroline Lemieux, and Rohan Padhye
FUZZING 2024 (DOI | Paper PDF)
Software Engineering Methods For AI-Driven Deductive Legal Reasoning
Rohan Padhye
SPLASH Onward! 2024 (DOI | Paper PDF | Talk Video)
ExChain: Exception Dependency Analysis for Root Cause Diagnosis
Ao Li, Shan Lu, Suman Nath, Rohan Padhye, Vyas Sekar
NSDI 2024 (Publication | Paper PDF | GitHub)
Can Large Language Models Write Good Property-Based Tests? (Arxiv | Online playground)
Vasudev Vikram, Caroline Lemieux, Joshua Sunshine, Rohan Padhye
Guiding Greybox Fuzzing with Mutation Testing

Vasudev Vikram, Isabella Laybourn, Ao Li, Nicole Nair, Kelton OBrien, Rafaello Sanna, Rohan Padhye
ISSTA 2023 (DOI Link | Paper PDF | GitHub) ACM SIGSOFT Distinguished Paper Award
Fuzzing, Symbolic Execution, and Expert Guidance for Better Testing
Ismet Burak Kadron, Yannic Noller, Rohan Padhye, Tevfik Bultan, Corina S. Păsăreanu, Koushik Sen
IEEE Software (DOI Link)
Distributed Execution Indexing (Arxiv)
Christopher S. Meiklejohn, Rohan Padhye, Heather Miller
On the Naturalness of Fuzzer-Generated Code
Rajeswari Hita Kambhamettu*, John R Billos*, Tomi Oluwaseun-Apo*, Benjamin Gafford, Rohan Padhye, Vincent J Hellendoorn
MSR 2022 (DOI Link | Paper PDF) [* = equal contribution]
Service-Level Fault Injection Testing
Christopher S. Meiklejohn, Andrea Estrada, Yiwen Song, Heather Miller, Rohan Padhye
SoCC 2021 (DOI Link | Paper PDF | Talk Video | Project Website)
Growing a Test Corpus with Bonsai Fuzzing
Vasudev Vikram, Rohan Padhye, Koushik Sen
ICSE 2021 (DOI Link | Paper PDF | GitHub)
BigFuzz: Efficient Fuzz Testing for Data Analytics using Framework Abstraction
Qian Zhang, Jiyuan Wang, Muhammad Ali Gulzar, Rohan Padhye, Miryung Kim
ASE 2020 (DOI Link | Paper PDF | GitHub | ICSE'21 Tool Paper)
Quickly Generating Diverse Valid Test Inputs with Reinforcement Learning
Sameer Reddy, Caroline Lemieux, Rohan Padhye, Koushik Sen
ICSE 2020 (DOI Link | Paper PDF | Talk Video | GitHub)
PARTEMU: Enabling Dynamic Analysis of Real-World TrustZone Software Using Emulation
Lee Harrison, Hayawardh Vjayakumar, Rohan Padhye, Koushik Sen, and Michael Grace
USENIX Security 2020 (Paper PDF | Talk Video)
Efficient and Scalable Thread-Safety-Violation Detection --- Finding thousands of concurrency bugs during testing
Guangpu Li, Shan Lu, Madanlal Musuvathi, Suman Nath, and Rohan Padhye
SOSP 2019 (DOI Link | Paper PDF | Talk Video | GitHub) Best Paper Award
SAFFRON: Adaptive Grammar-based Fuzzing for Worst-Case Analysis
Xuan Bach D. Le, Corina Pasareanu, Rohan Padhye, David Lo, Willem Visser, and Koushik Sen
JPF 2019 (DOI Link)
ChocoPy: A Programming Language for Compilers Courses
Rohan Padhye, Koushik Sen, and Paul N. Hilfinger
SPLASH-E 2019 (DOI Link | Paper PDF | Slides PDF)
Efficient Fail-Fast Dynamic Subtype Checking
Rohan Padhye and Koushik Sen
VMIL 2019 (DOI Link | Paper PDF | Slides PDF)
FuzzFactory: Domain-Specific Fuzzing with Waypoints
Rohan Padhye, Caroline Lemieux, Koushik Sen, Laurent Simon, and Hayawardh Vijayakumar
OOPSLA 2019 (DOI Link | Paper PDF | Slides PDF | Talk Video | GitHub)
Semantic Fuzzing with Zest
Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon
ISSTA 2019 (DOI Link | Paper PDF | Slides PDF | GitHub) ACM SIGSOFT Distinguished Artifact Award
JQF: Coverage-Guided Property-Based Testing in Java
Rohan Padhye, Caroline Lemieux, and Koushik Sen
ISSTA 2019 Tool (DOI Link | Paper PDF | Talk Video) ACM SIGSOFT Tool Demonstration Award
Validity Fuzzing and Parametric Generators for Effective Random Testing
Rohan Padhye, Caroline Lemieux, Koushik Sen, Mike Papadakis, and Yves Le Traon
ICSE 2019 Poster (Abstract DOI Link | Poster)
PerfFuzz: Automatically Generating Pathological Inputs
Caroline Lemieux, Rohan Padhye, Koushik Sen, and Dawn Song
ISSTA 2018 (DOI Link | Paper PDF) ACM SIGSOFT Distinguished Paper Award
Travioli: A Dynamic Analysis for Detecting Data-Structure Traversals
Rohan Padhye and Koushik Sen
ICSE 2017 (DOI Link | Paper PDF)
Mining API Expertise Profiles with Partial Program Analysis
Senthil Mani, Rohan Padhye, and Vibha Singhal Sinha
ISEC 2016 (DOI Link | Paper PDF)
Detecting and Mitigating Secret-Key Leaks in Source Code Repositories
Vibha Singhal Sinha, Diptikalyan Saha, Pankaj Dhoolia, Rohan Padhye, and Senthil Mani
MSR 2015 (DOI Link)
The Synergy Between Voting and Acceptance of Answers on StackOverflow, or the Lack Thereof
Neelamadhav Gantayat, Pankaj Dhoolia, Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
MSR 2015 (DOI Link)
Smart Programming Playgrounds
Rohan Padhye, Pankaj Dhoolia, Senthil Mani, and Vibha Singhal Sinha
ICSE-NIER 2015 (DOI Link | Paper PDF)
NeedFeed: Taming Change Notifications by Modeling Code Relevance
Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
ASE 2014 (DOI Link | Paper PDF)
A Study of External Community Contribution to Open-Source Projects on GitHub
Rohan Padhye, Senthil Mani, and Vibha Singhal Sinha
MSR 2014 (DOI Link | Paper PDF) Honorable Mention in the MSR Hall of Fame
API as a Social Glue
Rohan Padhye, Debdoot Mukherjee, and Vibha Singhal Sinha
ICSE-NIER 2014 (DOI Link | Paper PDF) Award for Innovation and Potential Impact
Interprocedural Data Flow Analysis in Soot using Value Contexts
Rohan Padhye and Uday P. Khedker
SOAP 2013 (DOI Link | Paper PDF)

Dissertations

Abstractions and Algorithms for Specializing Dynmamic Program Analysis and Random Fuzz Testing
Rohan Padhye (advisor: Koushik Sen)
Ph.D. Thesis, UC Berkeley (PDF | Talk Video)
Interprocedural Heap Analysis using Access Graphs and Value Contexts
Rohan Padhye (advisor: Uday Khedker)
Master's Thesis, IIT Bombay (PDF | Talk Slides)

Service

Other

ISR@CMU DEI Committee
ASPLOS 2021, OSDI 2020 (Invited reviewer)
SPLASH 2020 (PLMW Mentor)
MICRO 2020 (Panelist at the JOBS workshop)
SPLASH 2017 (Student Volunteer)
ISSTA 2020, ICST 2020, PLDI 2018, CAV 2018, ASPLOS 2018, PLDI 2017, ASPLOS 2016, ISSTA 2016 (Subreviewer)

Teaching

CMU:

Fall 2025—17-355/17-665/17-819: Program Analysis
Spring 2025—17-712: Fantastic Bugs and How to Find Them
Fall 2024—17-313: Foundations of Software Engineering (with Michael Hilton)
Fall 2023—17-313: Foundations of Software Engineering (with Andrew Begel)
Spring 2023—17-712: Fantastic Bugs and How to Find Them
Fall 2022—17-313: Foundations of Software Engineering (with Michael Hilton, Chris Timperley, and Daye Nam)
Spring 2022—17-355/17-665/17-819: Program Analysis
Fall 2021—17-313: Foundations of Software Engineering (with Michael Hilton)
Spring 2021—17-355/17-665/17-819: Program Analysis (with Jonathan Aldrich)
Every Fall since 2020—17-808: Introduction to Software Engineering Research (with the core SE faculty)

UC Berkeley: (Graduate student instructor; OGSI)

Fall 2019—CS164: Programming Languages and Compilers (with Koushik Sen)
Fall 2018—CS164: Programming Languages and Compilers (with Koushik Sen)

IIT Bombay: (Teaching assistant)

Spring 2013—CS316: Implementation of Programming Languages (with Uday Khedker)
Fall 2012—CS699: Software Lab (with Supratim Biswas)
Spring 2012—CS152: Abstractions and Paradigms of Programming (with Amitabha Sanyal)

Research Group

I lead the PASTA Lab, which conducts research on Program Analysis, Software Testing, and Applications.

Academic Genealogy

Thanks to the MGP, I've discovered two very exciting lines in my academic ancestry! Here is a visualization that I made, complete with era-appropriate flags:

Bug Trophy Case

Here are some issues in open-source software that were discovered using tools that I developed:

Performance Bugs

Google Closure Compiler: #3173
OpenJDK: CVE-2018-3214^[1]
Apache Commons: CVE-2018-11771^[1]
Apache Maven: #35
Apache PDFBox: CVE-2018-8036^[1]
Apache TIKA: CVE-2018-8017, CVE-2018-12418^[1]
LibArchive: #1237
D3.js: #44
Express.js: #3065

Memory-Safety Bugs

WavPack: #66, #67, #68
LibArchive: #1165 (CVE-2019-11463)

Correctness Bugs

Google Closure Compiler: #2842, #2843, #3220
OpenJDK: JDK-8190332, JDK-8190511, JDK-8190512, JDK-8190997, JDK-8191023, JDK-8191076, JDK-8191109, JDK-8191174, JDK-8191073, JDK-8193444, JDK-8193877
Apache Commons: LANG-1385, COMPRESS-424, COLLECTIONS-714
Apache Ant: #62655
Apache Maven: #34, #57
Apache PDFBox: PDFBOX-4333^[2], PDFBOX-4338^[2], PDFBOX-4339^[2]
Apache BCEL: BCEL-303, BCEL-307, BCEL-308, BCEL-309, BCEL-310, BCEL-311, BCEL-312, BCEL-313
Mozilla Rhino: #405, #406, #407, #409, #410
WavPack: #65
Python: issue34939^[3]