I'm a first year PhD student at University of Illinois Urbana-Champaign in the CS PL/FM/SE group co-advised by [Lingming Zhang](https://lingming.cs.illinois.edu/) and [Tianyin Xu](https://tianyin.github.io/). I am interested in software testing and programming languages. I obtained my bachelor's and master's degree in Computer Science at University of California San Diego where I worked with [Deian Stefan](https://cseweb.ucsd.edu/~dstefan/) and [Fraser Brown](https://mlfbrown.com/). You can check out my CV [here](./Zijie_CV.pdf). # Publications

WaVe: a verifiably secure WebAssembly sandboxing runtime

Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown IEEE S&P 2023

# Research Experience ### Wasix A differential fuzzing system for Wasm runtimes focusing on the WASI implementation. Tested popular Wasm runtimes including Wasmtime, Lucet, Wasmer, WAMR, WAVM. Found that Wastime's and Lucet's implementation of the `posix_fallocate` system call behaves differently on macOS than on Linux. It [has been confirmed](https://github.com/bytecodealliance/wasmtime/issues/2973) that `posix_fallocate` cannot be implemented correctly and should be removed from the specification all together. ### Lawful-evil Modified internal libraries in Firefox, LLVM, Z3, and Linux Kernel to abuse side effects. Found [CVE-2020-26960](https://bugzilla.mozilla.org/show_bug.cgi?id=1670358), an UAF bug in Firefox's Javascript Engine. Received $1k bounty for finding this bug. # Teaching Experience * UCSD [CSE 127: Intro to Computer Security](https://cseweb.ucsd.edu/~dstefan/cse127-fall21/) * UCSD CSE 21: Mathematics for Algorithms and Systems * UCSD CSE 12: Basic Data Structures and OOD * UCSD CSE 11: Introduction to Java # Misc * My first name can be hard to pronounce and remember, you can call me "ZJ" instead. If you are curious, here's [a video](https://www.youtube.com/watch?v=JUizAQbrrA8) for the Mandarin pronunciation.