Research - Software Lab - Department of Computer Science - University of Stuttgart

Research

Our research focuses on tools and techniques for building reliable, efficient, and secure software. To this end, we work on testing and analysis of complex software systems. As part of our research, we have contributed to techniques that detected thousands of bugs and critical vulnerabilities in widely used software.

Machine Learning for Program Analysis

Manually developing a program analysis requires expertise and relies on carefully tuned heuristics. Instead, we automatically learn powerful analyses from large corpora of code.

DeepBugs (OOPSLA'18), video at ML4P, IDE plugins by JetBrains (JavaScript, Python)
NL2Type (ICSE'19) and TypeWriter (deployed at Facebook)

JavaScript and Web Applications

JavaScript has become ubiquitous in the web and beyond. We develop dynamic analyses, static analyses, and test generation techniques to detect bugs in JavaScript-based web applications.

Software Security

Most security incidents are caused by defects in software. We develop techniques to detect, understand, and fix vulnerabilities and malicious code.

Static Bug Detection

Static bug checking catches mistakes early and at low cost. We work on simple yet effective static analyses that reveal programming errors without requiring formal specifications.

Name-based bug detection (ICSE'16, TSE'13, ISSTA'11)
2000+ bugs found at Google (OOPSLA'17)

Actionable Performance Profiling

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

Test Generation

Many bugs are exposed only when running the program. We develop tools that generate inputs for automated and effective testing, both at the unit-level and the system-level.

Concurrency

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

API Protocol Mining and Checking

APIs often impose constraints on the order of method calls. We develop techniques to automatically infer and check such API protocols.

News and Events

1/2023: Our paper on bimodal taint analysis will be presented at ISSTA'23.

12/2022: Four papers accepted at ICSE'23. Congrats to everyone involved!

12/2022: Michael gets recognized as an ACM Distinguished Member.

11/2022: Our work on DiffSearch (paper, tool) will appear in IEEE TSE.

10/2022: Islem wins the ACM Student Research Competition at ASE'22 for his work on detecting inconsistencies in if-condition-raise statements.

10/2022: Our ASE'22 paper on CrystalBLEU has been selected for an ACM SIGSOFT Distinguished Paper Award.

10/2022: Our survey of code search techniques will appear in ACM CSUR.

10/2022: Huimin Hu is joining the group as a PhD student. Welcome!

9/2022: Our paper on type annotations in Python is receiving an ACM SIGSOFT Distinguished Paper Award at FSE'22.

9/2022: Michael will serve as PC Chair of ISSTA 2024.

7/2022: Our work on CrystalBLEU, a novel metric for measuring the similarity of code, will be presented at ASE'22. Congrats to Aryaz!

7/2022: Daniel successfully (with summa cum laude) defends his PhD on program analysis for WebAssembly. Congrats!

6/2022: Three papers accepted at FSE'22, on Python type annotations, on the first dynamic analysis framework for Python, and on neural code editing to generate vulnerabilities.

5/2022: Luca wins the 2nd prize in the ACM Student Research Competition at ICSE'22 for his work on DiffSearch. Congrats!

5/2022: Looking for particular kinds of code changes, e.g., to build a dataset? Check out DiffSearch, our scalable and precise search engine for code changes.

5/2022: Group retreat at Schloss Hornberg.

3/2022: Our paper on recovering precise types in WebAssembly binaries will appear at PLDI'22.

3/2022: Our paper on bugs in quantum computing platforms will appear at OOPSLA'22.

2/2022: Interview with Deutschlandfunk (one of three German national radio stations) on neural software analysis.

12/2021: Our papers on learning name-value inconsistencies from runtime behavior and on test generation for asynchronous JavaScript APIs will appear at ICSE'22.

11/2021: Our paper on obfuscating JavaScript by opportunistically translating it to WebAssembly has been accepted at S&P'22.

11/2021: Stuttgart is forming a new ELLIS unit, with Michael as one of its fellows.

10/2021: Two new papers on bugs in quantum computing platforms and fuzzing WebAssembly

9/2021: Islem is joining the group as a PhD student. Welcome!

7/2021: Distinguished Artifact Award for our ISSTA'21 paper on finding JSON schema-related bugs.

7/2021: Our paper on comparing neural models of code and developers has been accepted at ASE'21.

7/2021: Our SemSeed paper is receiving an ACM SIGSOFT Distinguished Paper Award at FSE'21.

6/2021: Our work on learning to make compiler optimizations more effective will be presented at MAPS'21.

5/2021: Our paper on semantic bug seeding will appear at FSE'21.

5/2021: Jibesh has successfully defended his PhD thesis on Analyzing Code Corpora to Improve the Correctness and Reliability of Programs.

5/2021: Our work on Mir, an RWX permission model for Node.js packages, has been accepted to CCS'21.

4/2021: Our papers on finding JSON schema-related bugs and on continuous test suite failure prediction have been accepted at ISSTA'21.

4/2021: Our article on neural software analysis is going to appear in the Communications of the ACM.

1/2021: Our work on WasmBench, a study and benchmark involving thousands of WebAssembly binaries, will be presented at The Web Conference (WWW) 2021.

12/2020: Organizing a Dagstuhl seminar on learning-based program analysis (together with Baishakhi, Eran, and Charles), to be held in January 2022.

12/2020: Our paper on IdBench, a benchmark for semantic representations of identifiers, will be presented at ICSE'21.

12/2020: Andrew successfully defends his PhD thesis on "Learning to Find Bugs in Programs and their Documentation"

12/2020: Matteo Paltenghi is joining the group as as PhD student. Welcome!

11/2020: New review article that gives an overview of neural software analysis.

11/2020: Check out our work on an RWX permission model for Node.js packages.

10/2020: New paper on application-level caching to appear in IEEE Software.

10/2020: Aryaz Eghbali is joining the group as a PhD student. Welcome!

9/2020: Martin Torp is joining as a visiting PhD student from Aarhus University. Welcome!

7/2020: Our study of string-related software bugs will appear at ASE 2020.

6/2020: Our work on WebAssembly (in)security will be presented at USENIX Security 2020.

5/2020: Our paper on TypeWriter will appear at FSE'20.

4/2020: Our paper on bug localization on millions of files will appear at ISSTA'20.

4/2020: From PhD to faculty: Cristian has accepted a tenure-track faculty position at CISPA. Congrats!

3/2020: Cristian has successfully defended his PhD thesis on JavaScript security and privacy. Congrats!

3/2020: JetBrains ships IDE plugins that implement DeepBugs for JavaScript and Python. Great to see our ideas used in the wild!