Research - Software Lab - Department of Computer Science - University of Stuttgart

Research

Our research focuses on tools and techniques for building reliable, efficient, and secure software. To this end, we work on testing and analysis of complex software systems. As part of our research, we have contributed to techniques that detected thousands of bugs and critical vulnerabilities in widely used software.

Machine Learning for Program Analysis

Manually developing a program analysis requires expertise and relies on carefully tuned heuristics. Instead, we automatically learn powerful analyses from large corpora of code.

DeepBugs (OOPSLA'18), video at ML4P, IDE plugins by JetBrains (JavaScript, Python)
NL2Type (ICSE'19) and TypeWriter (deployed at Facebook)

JavaScript and Web Applications

JavaScript has become ubiquitous in the web and beyond. We develop dynamic analyses, static analyses, and test generation techniques to detect bugs in JavaScript-based web applications.

Software Security

Most security incidents are caused by defects in software. We develop techniques to detect, understand, and fix vulnerabilities and malicious code.

Static Bug Detection

Static bug checking catches mistakes early and at low cost. We work on simple yet effective static analyses that reveal programming errors without requiring formal specifications.

Name-based bug detection (ICSE'16, TSE'13, ISSTA'11)
2000+ bugs found at Google (OOPSLA'17)

Actionable Performance Profiling

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

Test Generation

Many bugs are exposed only when running the program. We develop tools that generate inputs for automated and effective testing, both at the unit-level and the system-level.

Concurrency

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

API Protocol Mining and Checking

APIs often impose constraints on the order of method calls. We develop techniques to automatically infer and check such API protocols.

News and Events

07/2021: Distinguished Artifact Award for our ISSTA'21 paper on finding JSON schema-related bugs.

07/2021: Our paper on comparing neural models of code and developers has been accepted at ASE'21.

07/2021: Our SemSeed paper is receiving an ACM SIGSOFT Distinguished Paper Award at FSE'21.

06/2021: Our work on learning to make compiler optimizations more effective will be presented at MAPS'21.

05/2021: Our paper on semantic bug seeding will appear at FSE'21.

05/2021: Jibesh has successfully defended his PhD thesis on "Analyzing Code Corpora to Improve the Correctness and Reliability of Programs".

05/2021: Our work on Mir, an RWX permission model for Node.js packages, has been accepted to CCS'21.

04/2021: Our papers on finding JSON schema-related bugs and on continuous test suite failure prediction have been accepted at ISSTA'21.

04/2021: Our article on neural software analysis is going to appear in the Communications of the ACM.

01/2021: Our work on WasmBench, a study and benchmark involving thousands of WebAssembly binaries, will be presented at The Web Conference (WWW) 2021.

12/2020: Organizing a Dagstuhl seminar on learning-based program analysis (together with Baishakhi, Eran, and Charles), to be held in January 2022.

12/2020: Our paper on IdBench, a benchmark for semantic representations of identifiers, will be presented at ICSE'21.

12/2020: Andrew successfully defends his PhD thesis on "Learning to Find Bugs in Programs and their Documentation"

12/2020: Matteo Paltenghi is joining the group as as PhD student. Welcome!

11/2020: New review article that gives an overview of neural software analysis.

11/2020: Check out our work on an RWX permission model for Node.js packages.

10/2020: New paper on application-level caching to appear in IEEE Software.

10/2020: Aryaz Eghbali is joining the group as a PhD student. Welcome!

9/2020: Martin Torp is joining as a visiting PhD student from Aarhus University. Welcome!

7/2020: Our study of string-related software bugs will appear at ASE 2020.

6/2020: Our work on WebAssembly (in)security will be presented at USENIX Security 2020.

5/2020: Our paper on TypeWriter will appear at FSE'20.

4/2020: Our paper on bug localization on millions of files will appear at ISSTA'20.

4/2020: From PhD to faculty: Cristian has accepted a tenure-track faculty position at CISPA. Congrats!

3/2020: Cristian has successfully defended his PhD thesis on JavaScript security and privacy. Congrats!

3/2020: JetBrains ships IDE plugins that implement DeepBugs for JavaScript and Python. Great to see our ideas used in the wild!

12/2019: Our paper on extracting taint specifications for JavaScript has been accepted at ICSE 2020.

12/2019: Paper on TypeWriter, our neural type prediction approach in collaboration with Facebook.

11/2019: New paper on JSON subschema checking.

10/2019: Checkout our new benchmark for evaluating semantic representations of source code.

09/2019: Happy to receive an ERC Starting Grant on "Learning to find bugs" (1.5 million Euro).

09/2019: Our survey of compiler testing will appear in ACM CSUR.

09/2019: Two new PhD students: Welcome to Luca Di Grazia and Moiz Rauf.

07/2019: Our paper on Getafix has been accepted at OOPSLA'19.

06/2019: New study on neural bug finding.

05/2019: Our paper on security risks in the npm ecosystem will appear at USENIX Security'19.

05/2019: Check out Getafix, the first industrially-deployed automated bug-fixing. tool that learns fix patterns automatically.

05/2019: New ISSTA'19 paper on metamorphic testing of debuggers.

04/2019: Best Paper Award at ASPLOS'19 for Wasabi, our dynamic analysis framework for WebAssembly.

03/2019: Our article on automated program repair will appear in the Communications of the ACM (CACM).

03/2019: Interested in JavaScript security? Checkout our study of security threats in npm.

03/2019: Daniel and Andrew are heading out for internships at MSR and IBM Research. Congrats!