Skip to main content
What types of page to search?

Popular pages: Undergraduate Postgraduate PhD Accommodation Research International students

Alternatively use our A-Z index.

Computer Science - Fuzzing the Python Interpreater

Supervisor: Dr Wanpeng Li

Supervisor bio: Dr. Wanpeng Li is a Lecturer in Cyber Security in the Department of Computer Science at the University of Liverpool. Prior to this, he held lecturer positions in the Department of Computing Science at the University of Aberdeen and in Computing and Mathematics at Manchester Metropolitan University. He also worked as a postdoctoral researcher in the School of Mathematics, Computer Science and Engineering at City, University of London, where he collaborated with Professor Tomas Chen on the EPSRC-funded SEEK project. His research interests focus on web security, identity management, system security, authentication, vulnerability detection using machine learning, and malware detection.

Email: wanpeng.li@liverpool.ac.uk

School: School of Computer Science and Informatics 

Department: Computer Science

Module code: COMP298

Suitable for students of Computer Science, Cybersecurity, Fuzzing, Vulnerability detection

Desirable experience/requirements: 

1. Programming Skills
Strong proficiency in Python.
Solid experience with C programming, as the CPython interpreter is largely implemented in C.

2. Systems and Low-Level Knowledge
Understanding of memory management, including concepts such as buffers, stacks/heaps, pointers, and memory corruption.
Basic familiarity with operating systems (processes, threads, system calls).

3. Security Foundations
Introductory knowledge of software security, especially memory-safety vulnerabilities (e.g., buffer overflows, use-after-free, integer overflows).
Awareness of common vulnerability classes and exploit principles (high-level understanding only).

4. Testing and Fuzzing
Prior exposure to software testing, particularly automated testing.
Experience with or willingness to learn fuzzing frameworks such as AFL++, libFuzzer, or OSS-Fuzz.

5. Tooling Familiarity
Comfortable working in Linux environments.
Basic skills with Git, build systems (e.g., Make, CMake), and debugging tools like gdb or sanitizers (ASan, UBSan).

Nice-to-Have (But Not Required)
Experience contributing to open-source projects.
Knowledge of compiler internals or interpreters.
Understanding of continuous integration or automated testing pipelines.

Places available: 2

Start date: 15th June 2026

Project length: 8 weeks 

Virtual option: Yes

Hybrid option: Yes

Project description: 

Python is one of the most widely used scripting languages in artificial intelligence, data science, and web development, powering everything from personal blogs to large-scale platforms. While most existing security research targets application-level vulnerabilities—such as code injection or unsafe library use—far less attention has been given to memory-related flaws within the Python interpreter itself. Because the interpreter relies heavily on a substantial C codebase, it remains susceptible to low-level memory errors that can seriously compromise the confidentiality, integrity, and availability of Python applications.
This project aims to uncover previously unknown vulnerabilities in the Python interpreter by applying state-of-the-art fuzzing techniques. Through systematic testing and automated input generation, the project will explore deep execution paths, trigger edge-case behaviours, and identify memory safety issues that traditional testing methods may miss.

Additional requirements: N/A