Finally, a recent picture!

Microsoft Research logo

Patrice Godefroid

Email: pg AT
Mail: Microsoft Research, One Microsoft Way, Redmond, WA 98052, USA

Welcome to my web-page! I am a Partner Researcher in the RiSE group at Microsoft Research.

My main area of research is software model checking, program analysis, testing, verification, security, and software engineering.

My main research topic during the last 30+ years has been software model checking in a broad sense. Specifically, my main research contribution has been the development of dynamic software model checking, a new approach to software model checking via systematic testing that combines program analysis, testing, model checking, and theorem proving. This approach is implemented in Microsoft tools like SAGE, PEX, and YOGI, and in many other tools outside Microsoft.

After 12 years at Bell Labs, I joined Microsoft in 2006, and for several years, my main project was SAGE, the first whitebox fuzzer for security testing. SAGE extends systematic dynamic test generation (introduced in DART) to handle large applications and is optimized for long symbolic executions at the x86 binary level. So far, SAGE has found many new expensive security bugs in many Windows applications, and is now used daily in various Microsoft groups. More information on the research behind SAGE can be found in the papers below. See also SAGE in one slide (old version) and SAGE for dummies (10min video). Our work on whitebox fuzzing and SAGE (first published in 2008) was credited to introducing the "fuzzing" problem to the program analysis, software engineering, and security academic-research communities.

For a quick introduction to fuzzing, see Fuzzing: Hack, Art, and Science (CACM'2020) and this (3min) video:

In 2015, I co-founded Project Springfield and served as its CTO. Springfield is the first commercial cloud fuzzing service. It was renamed Microsoft Security Risk Detection in May 2017, and helped companies like OSIsoft and Deschutes Brewery (video) and DocuSign (video). It then evolved into an open-source fuzzing platform called OneFuzz in 2020.

More recently, my main project has been RESTler, the first stateful REST API fuzzer. Given a REST API specification of a cloud service, RESTler automatically generates and executes tests that exercise the service through its REST API, with the goal of finding security and reliability bugs in the service. RESTler is now open-source on GitHub (press release).

Here is a very brief bio, a less brief bio, a recent CV, and a recent research overview summarizing most of my work during the last 30+ years. My h-index is growing faster than my age (but for how long?).

Here is my old Bell Labs web-page and my academic genealogy.

Over the last 30 years, I have been fortunate to work with great collaborators, including the co-authors of the papers listed below. I learned something from each of them and I thank them all.

Some On-line Talks:

Some Professional Activities: Member of the program committee for the conferences

Some Software:

Some Publications: in reverse chronological order; see also my Publications by Themes

Previous Publications (1990-1994)

Copyright Notice: The above material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Some Words of Wisdom (Quotes)