Michael Vaughn on EXE: Automatically Generating Inputs of Death [PWL NYC]

We're please to present Michael Vaughn on EXE: Automatically Generating Inputs of Death (read the paper: https://web.stanford.edu/~engler/exe-ccs-06.pdf)

----
Papers We Love NYC would like to thank Datadog for making the NY Chapter events possible. Learn more about a career at Datadog: https://careers.datadoghq.com/
---

Autonomous testing complements conventional testing by leveraging cheap compute to explore software state spaces and uncover “unknown unknowns” beyond human-written tests. It spans a spectrum from random-input fuzzing, which is fast but struggles with complex conditions, to symbolic execution, which uses SAT solvers to systematically reach hard-to-hit paths—though these solvers can become prohibitively slow on complex constraints. Exe strikes a balance through concolic execution: it runs bare-metal code on concrete inputs while instrumenting paths with logical constraints, invoking a solver only when needed to explore alternate branches. This approach combines the speed of concrete execution with the path-finding power of symbolic methods, avoiding the full cost of traditional symbolic engines.

Michael Vaughn (he/him) has a PhD in computer science from the University of Wisconsin-Madison, and is a senior software engineer at Antithesis, working on their hypervisor and fuzzer. He spent the better part of a decade doing research at the intersection of operating systems and programming languages, somehow managing to write concerning amounts of x86 assembly, C, Scheme, Haskell, and LaTeX, often in the same day. He has also worked as a pub trivia host, and loves board games, hiking, and reading.