Research

Our research focuses on tools and techniques for building reliable, efficient, and secure software. To this end, we work on testing and analysis of complex software systems. As part of our research, we have contributed to techniques that detected thousands of bugs and critical vulnerabilities in widely used software.

JavaScript and Web Applications

JavaScript has become ubiquitous in the web and beyond. We develop dynamic analyses, static analyses, and test generation techniques to detect bugs in JavaScript-based web applications.

Machine Learning for Program Analysis

Manually developing a program analysis requires expertise and relies on carefully tuned heuristics. Instead, we automatically learn powerful analyses from large corpora of code.

Software Security

Most security incidents are caused by defects in software. We develop techniques to detect, understand, and fix vulnerabilities and malicious code.

Static Bug Detection

Static bug checking catches mistakes early and at low cost. We work on simple yet effective static analyses that reveal programming errors without requiring formal specifications.

Actionable Performance Profiling

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

Test Generation

Many bugs are exposed only when running the program. We develop tools that generate inputs for automated and effective testing, both at the unit-level and the system-level.

Concurrency

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

API Protocol Mining and Checking

APIs often impose constraints on the order of method calls. We develop techniques to automatically infer and check such API protocols.