Sanitizing and fuzzing your C/C++ code for security and stability

Kostya Serebryany


The talk will give an overview of various dynamic testing tools for C and C++. The sanitizers (AddressSanitizer, etc) allow you to find memory corruption bugs, races, uses of uninitialized memory, leaks, and more. libFuzzer is a coverage-guided evolutionary fuzzing engine -- it finds inputs that touch the darkest corners of your code.

All these tools are opensource and are part of the LLVM compiler tool chain:


Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer, MemorySanitizer, ThreadSanitizer, and libFuzzer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from and a M.S. from

Time and Place

Wednesday, November 15, 4:15pm
Gates 392