Numerical optimization methods for automated bug finding in software

Research Project, 2026 – 2030

This project is about using numerical optimization to find bugs in software, especially the kind of tricky, corner-case bugs that are hard to find using today’s standard tools. The idea is to treat bug finding as a numerical problem: we instrument the program to produce a number that measures how close it is to something going wrong. This number then guides a numerical optimizer to generate better and better test cases, until one breaks the program.We’ve seen this work very well for hybrid systems, where software interacts with continuous physics. Now we want to see how far we can take the same idea for regular software, even when there’s nothing obviously numerical going on. We’ve already managed to find bugs in low-level C code, real-time systems, and even smart contracts written in Solidity; bugs that are tough or impossible for random, symbolic, or coverage-guided methods to find.The project starts with embedded and safety-critical systems, where inputs are flat and bugs are costly. We’ll develop a general “distance logic” for describing how far inputs or internal states are from a bad outcome, and use it first for manual instrumentation, then for automation. If successful, this could be a major step forward for testing, not just another variant of fuzzing, but a genuinely new way to think about and search for bugs.