A wise and handsome guy.

Fan Long

MIT Computer Science and Artificial Intelligence Laboratory

The Stata Center, Building 32-G730
32 Vassar St, Cambridge, MA 02139
fanl at csail dot mit dot edu


I am a graduate student at MIT EECS and CSAIL. I work with Prof. Martin Rinard. My research interests are in program analysis, systems security, and software engineering.

Useful Links: Google Scholar page and Automatic Patch Generation project website.


  • Our new project website for automatic patch generation via learning is available now, with informations about Prophet, SRR, and more!

  • Our paper is accepted by ICSE'16. The paper analyzes search spaces of the state-of-art patch generation systems!

  • Prophet is accepted by POPL'16. It is a novel patch generation system that learns from past human patches!


My research focuses on techniques to make software systems reliable, secure, and dependable. I worked on automatic patch generation techniques that eliminate defects in the source code of software systems, input filtering and rectification techniques that protect vulnerable software systems from malicious inputs, and program recovery techniques that enable software systems to operate productively in the presence of errors.

Automatic Patch Generation

Patch Generation

Software defects are pervasive in software systems and can cause undesirable user experience, denial of service, or even security exploitation. Generating a patch for a defect is a tedious, time-consuming, and often repetitive process. Automatic patch generation techniques holds out the promise of automatically correcting software defects without the need for human developers to diagnose, understand, and correct these defects. To learn more, please visit our project website!

Prophet: Prophet is the state-of-art generate-and-validate patch generation system for C programs. It is the first system that uses machine learning techniques to learn from past successful human patches to recognize and predict correct patches for new errors.

SPR: SPR is the baseline system on which Prophet is built. It uses the condition synthesis technique to explore its search space up to two magnitude faster.

CodePhage: CodePhage systematically transfers useful security checks from a donor application to eliminate bugs and security vulnerabilities in a recipient application. It is the first system that transfers useful code across applications. It does not even require the source code of the donor application!

Input Filtering and Rectification

Input Filter and Rectification

What if we cannot change the source code of an application? Let's look at the inputs of the application. We can make sure that malicious input cannot reach the application, i.e., filter them or rectify them.

SIFT: SIFT is a sound input filter system with sophisticated program analysis techniques. It guarantees to filter out all malicious inputs that trigger critical integer overflow errors. In practice, it also has zero to negligible false positives.

SOAP: SOAP is the first automatic input rectification system. It enforces a set of inferred invariants on the inputs so that potentially malicious inputs are transformed to benign inputs.

Program Recovery

Program Recovery

What if an application crashes during its execution and we only have its binary? We can use our recovery shepherding technique to enable the application to survive the error triggering input unit and recovers its execution.

RCV: RCV is a lightweight program recovery tool with negligible overhead during normal execution. When a crash error (null-dereference and/or divide-by-zero) occurs, it systematically guides the application execution to survive the error triggering input unit. It also tracks how the error propagates in the application and waits until the error is flushed away after the program moves to the next input unit. Instead of crash and getting nothing, you can get part or all of your desired results.



  1. An Analysis of the Search Spaces for Generate and Validate Patch Generation Systems [pdf slides artifact]
    Fan Long and Martin Rinard
    ICSE 2016

  2. Automatic Patch Generation by Learning Correct Code [pdf slides artifact]
    Fan Long and Martin Rinard
    POPL 2016

  3. 2015

  4. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity [pdf slides]
    Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos
    CCS 2015

  5. Staged Program Repair with Condition Synthesis [pdf slides artifact]
    Fan Long and Martin Rinard
    ESEC-FSE 2015

  6. An Analysis of Patch Plausibility and Correctness for Generate-And-Validate Patch Generation Systems [pdf artifact]
    Zichao Qi, Fan Long, Sara Achour, and Martin Rinard
    ISSTA 2015

  7. Automatic Error Elimination by Multi-Application Code Transfer [pdf]
    Stelios Sidiroglou, Eric Lahtinen, Fan Long, and Martin Rinard
    PLDI 2015

  8. Automatic Integer Overflow Discovery Using Goal-Directed Conditional Branch Enforcement [pdf]
    Stelios Sidiroglou, Eric Lahtinen, Nathan Rittenhouse, Paolo Piselli, Fan Long, Doekhwan Kim, and Martin Rinard
    ASPLOS 2015

  9. Principled Sampling for Anomaly Detection [pdf]
    Brendan Juba, Christopher Musco, Fan Long, Stelios Sidiroglou, and Martin Rinard
    NDSS 2015

  10. 2014

  11. Automatic Runtime Error Repair and Containment via Recovery Shepherding [ pdf ] [slides]
    Fan Long, Stelios Sidiroglou, and Martin Rinard.
    PLDI 2014

  12. Sound Input Filter Generation for Integer Overflow Errors [ pdf slides]
    Fan Long, Stelios Sidiroglou, Deokhwan Kim, and Martin Rinard.
    POPL 2014

  13. 2013

  14. From Natural Language Specifications to Program Input Parsers [ pdf ]
    Tao Lei, Fan Long, Regina Barzilay, and Martin Rinard.
    ACL 2013

  15. 2012

  16. Automatic Input Rectification [ pdf ]
    Fan Long, Vijay Ganesh, Michael Carbin, Stelios Sidiroglou, and Martin Rinard.
    ICSE 2012

  17. 2011 - 2009

  18. G2: A Graph Processing System for Diagnosing Distributed Systems. [ pdf ]
    Zhenyu Guo, Dong Zhou, Haoxiang Lin, Mao Yang, Fan Long, Chaoqiang Deng, Changshu Liu, and Lidong Zhou.
    USENIX ATC 2011

  19. Language-based Replay via Data Flow Cut. [ pdf | slides ]
    Ming Wu, Fan Long, Xi Wang, Zhilei Xu, Haoxiang Lin, Xuezheng Liu, Zhenyu Guo, Huayang Guo, Lidong Zhou, and Zheng Zhang.
    FSE 2010

  20. API Hyperlinking via Structural Overlap. [ pdf | slides ]
    Fan Long, Xi Wang, and Yang Cai.
    ESEC-FSE 2009

  21. MODIST: Transparent Model Checking of Unmodified Distributed Systems. [ pdf ]
    Junfeng Yang, Tisheng Chen, Ming Wu, Zhilei Xu, Xuezheng Liu, Haoxiang Lin, Mao Yang, Fan Long, Lintao Zhang, and Lidong Zhou
    NSDI 2009