Practically all software has bugs, but finding them is difficult. We develop deep learning-based bug detectors that automatically spot unusual and likely wrong code.

• DeepBugs (OOPSLA'18)
• SemSeed (Distinguished Paper at FSE'21)
• Nalin (ICSE'22)
• CMI-Finder (ICSE'23, SRC winner at ASE'22)

Code written in dynamic languages, e.g., Python and JavaScript, often lacks type annotations. Our neural network-based type predictors automatically add missing annotations, which improves reliability and maintainability.

• NL2Type (ICSE'19)
• TypeWriter (FSE'20, deployed at Facebook/Meta)
• Study of type annotations (Distinguished Paper at FSE'22)

Quantum computing is an emerging paradigm, which requires a solid software stack. We develop automated testing techniques to improve the reliability of quantum computing platforms.

• Study of bugs (OOPSLA'22)
• MorphQ (ICSE'23)

WebAssembly powers various applications in the web and beyond. We develop program analyses for WebAssembly and study the WebAssembly ecosystem.

• Wasabi (Best paper at ASPLOS'19)
• Binary security (USENIX Security '20)
• WasmBench (TheWebConference'21)

Server-side JavaScript and the Node.js ecosystem have interesting security challenges. We

• Synode (NDSS '18)
• ReDoS in Node.js (USENIX Security '18)
• NPM study (USENIX Security '19)
• SecBench.js (ICSE'23)

Dynamic analysis is a powerful technique to understand and improve software, but can be tricky to implement. We develop general-purpose dynamic analysis frameworks that help develop analyses with little effort.

• Wasabi (Best paper at ASPLOS'19)
• DynaPyt (FSE'22)

JavaScript has become ubiquitous in the web and beyond. We develop dynamic analyses, static analyses, and test generation techniques to detect bugs in JavaScript-based web applications.

• ConflictJS (ICSE'18)
• DLint (ISSTA'15)
• TypeDevil (ICSE'15)

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

• PerfSyn (CGO'18)
• DecisionProf (ISSTA'17)
• Study of performance bugs (ICSE'16)
• SyncProf (ISSTA'16)
• JITProf (FSE'15)
• MemoizeIt (OOPSLA'15)

Many bugs are exposed only when running the program. We develop tools that generate inputs for automated and effective testing, both at the unit-level and the system-level.

• Nessie (ICSE'22)
• LambdaTester (OOPSLA'18)
• Monkey see, monkey do (ISSTA'16)

Inefficient software is annoying and costs money. We create actionable performance profilers that pinpoint specific optimization opportunities to help developers speed up their code.

• Simian (PLDI'17)
• CovCon (ICSE'17)
• SpeedGun (ISSTA'14)
• Bita (ASE'13)
• ConTeGe (PLDI'12)
• Ballerina (ICSE'12)

APIs often impose constraints on the order of method calls. We develop techniques to automatically infer and check such API protocols.

• Dynamic protocol checking (ICSE'12)
• Static protocol checking (ICSE'12)
• Evaluating specification miners (ICSM'10)
• Mining API protocols (ASE'09)