Senior Software Engineer (Fuzzing Security Engineer)
MZ Canada (Mozilla) | Apr 2019 - Jan 2020
Built and deployed funfuzz running 24/7 on Windows / Linux / macOS locally, in the Amazon EC2 AWS Cloud, on x86 / x86-64 / ARM64 architectures; collated information from testcases including: stacktraces via gdb, reverse debugger traces via rr, rr trace submission via pernosco, Git/Mercurial revision, compilation information, runtime flags into the bug report; worked with developers to ensure the bugs’ reproduction on machines for debugging.
• Managed funfuzz, 10K+ public Python project on GitHub, while interacting with FuzzManager to identify SpiderMonkey security bugs, Mozilla’s JavaScript engine.
• Reduced several thousand-line (security-sensitive) JavaScript and WebAssembly (wasm) testcases to minimal forms using a line-based reducer, Lithium.
• Produced Autobisectjs, Python code aiming to bisect test cases back in time to identify when the issue first occurred or when the bug first surfaced. This also worked for identifying when an issue got fixed or got hidden by another patch.
• Reported >2,6K SpiderMonkey bugs via fuzzing, and >3,5K total across all Mozilla products.
• Reported 19 bugs in Google V8 JS Engine, and 4 bugs in Microsoft ChakraCore Engine.