sapienza logo

Emilio Coppa

Sapienza University of Rome

[PhD course] Advanced techniques for finding bugs in real-world software


Emilio Coppa

Course description

The course will cover two advanced software testing techniques, fuzzing and symbolic execution, that can be used to automatically find bugs in real-world applications. Google, Microsoft, and several other major software companies are nowadays using these two approaches 24/7 to test their software stack, identifying thousands of critical vulnerabilities. The course will introduce the main ideas behind these techniques and ask students to play with state-of-the-art analysis frameworks.

The hands-on part of the course will cover these frameworks:


The first edition (2020/2021) of the course is part of the educational program of the PhD program in Engineering in Computer Science from Sapienza University of Rome.

Lectures are schedule from May 06 to June 10 (every Thursday 10.00-13.00 CET):
  • [06/05/21] Day 1: Introduction to state-of-the-art software testing techniques
  • [13/05/21] Day 2: Coverage-Guided Fuzzing: theory and practice
  • [20/05/21] Day 3: Symbolic Execution: theory and practice
  • [27/05/21] Day 4: Hybrid Fuzzing: theory and practice
  • [03/06/21] Day 5: Student presentations and project assignments
  • [10/06/21] Day 6: Student presentations and project assignments


The material (slides, code, papers) of the course can be found on Piazza.


  1. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and Automatic Generation of High-coverage Tests for Complex Systems Programs. Proceedings of the 8th USENIX Conference on Operating Systems Design and Implementation (OSDI 2008).
  2. R. Baldoni, E. Coppa, D.C. D'Elia, C. Demetrescu, and I. Finocchi. A Survey of Symbolic Execution Techniques. ACM Computer Surveys, 2018.
  3. I. Yun, S. Lee, M. Xu, Y. Jang, and T. Kim. QSYM: A practical concolic execution engine tailored for hybrid fuzzing. Proceedings of the 27th USENIX Conference on Security Symposium (USENIX Security 2018).
  4. A. Zeller, R. Gopinath, M. Böhme, G. Fraser, and C. Holler. The Fuzzing Book., 2019.
  5. C. Aschermann, S. Schumilo, T. Blazytko, R. Gawlik, and T. Holz. REDQUEEN: fuzzing with input-to-state correspondence. Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS 2019).
  6. V. Pham, M. Boehme, A. E. Santosa, A. R. Caciulescu, and A. Roychoudhury. Smart greybox fuzzing. IEEE Transactions on Software Engineering, 2019.
  7. S. Poeplau and A. Francillon. Symbolic execution with SymCC: Don’t interpret, compile!. Proceedings of the 29th USENIX Security Symposium (USENIX Security 2020).