Past research in the usability of static analysis tools has focused on usability issues encountered by software developers, and the causes of those issues in analysis tools. We adopt a user-centered approach, to understand how developers use analysis tools, which decisions they make, what they look for when making those decisions, and the motivations behind their strategies.

Static analysis tools perform complex reasoning to yield warnings. Explaining this reasoning to the users is a known issue for the tools. We present the concept of analysis automata and detail three applications that enhance explainability: (1) Warning understanding, (2) Warning classification, and (3) Detection of bad analysis patterns.

Swan is a semi-automated method for determining which methods of a given codebase or library can be involved in specific vulnerabilities.

Static analysis tools have well-documented usability issues. In this project, we explore how to build analysis tools that help code developers understand and fix complex bugs, and how to engage them with a comprehensive, user-friendly GUI.

VisuFlow is a debugging environment designed to support static analysis writers understand and debug an analysis. It is written as an Eclipse plugin, and supports static data-flow analyses written on top of the Soot analysis framework.

The Just-in-time analysis concept aims at making static analysis more usable to the end user, often the code developer. It allows analysis writers to encode prioritization properties into the analysis. At runtime, certain paths are analyzed before others, allowing important results to be returned first. Cheetah is an implementation of the Just-in-Time analysis concept for taint analysis for Android applications. It is integrated in the Eclipse IDE as a plugin.

ABM (automated benchmark management) is a methodology and a web application for automating the creation and maintenance of benchmark suites.

Boomerang is a demand-driven flow and context-sensitive pointer analysis for Java written in the IFDS framework.

• SOAP 2021, PC chair
• ISSTA & ECOOP 2021, publicity chair
• ECOOP 2020, artifact evaluation co-chair
• ECOOP 2019, posters chair
• ISSTA & ECOOP 2018, posters chair
• ECOOP 2017, doctoral symposium co-chair

• ISSTA 2022, doctoral symposium
• ICSE 2022, posters track
• ISSTA & ECOOP 2021, doctoral symposium
• ISSTA 2021, research track
• ASE 2020, research track
• ASE 2019, demonstrations track
• ISSTA 2019, artifact evaluation
• ECOOP 2019, artifact evaluation
• ECOOP 2019, doctoral symposium
• OOPSLA 2018, artifact evaluation
• ISSTA 2018, artifact evaluation
• ASE 2018, research track (sub-reviewer)
• OOPSLA 2017, artifact evaluation
• ESEC/FSE 2017, demonstrations track
• ECOOP 2017, artifact evaluation
• ESEC/FSE 2016, research track (sub-reviewer)

• IEEE Security & Privacy 2022
• Transactions on Software Engineering and Methodology 2019
• Transactions on Software Engineering 2019
• Journal of Systems and Software 2018
• Programming 2018

• ICSE 2017
• ECOOP 2016

• ASE 2020, panelist at the PhD advice panel
• Forum EPFL alumni mentoring program 2020, mentor
• ECOOP 2016 summer school, graduate mentor

• Seminar: secure systems engineering, Paderborn university (winter 2018). The seminar yielded three technical reports:
  • Security implications of compiler optimizations on cryptography — a review
  • Integration of the static analysis results interchange format in CogniCrypt
  • Object-capability as a means of permission and authority in software systems
• Designing code analyses for large software systems, Paderborn university (summers 2016-2019)
• Secure software development, TU Darmstadt (winter 2015)
• Designing code analyses for large software systems, TU Darmstadt (winter 2014)

• Designing code analyses for large software systems, Paderborn university (summer 2018)
• Designing code analyses for large software systems, Paderborn university (summer 2016)
• Secure software development, TU Darmstadt (winter 2015)

• A tool for prototyping static analysis graphical user interfaces. G. S. Varma. (MA)
• Automating builds for open source software. Thoren Grüttemeier. (BA)
• Omniscient debugging for static analysis. Marcus Nachtigall. (MA)
• Indexing open-source JavaScript repositories. Ankur Gupta. (MA)
• Supporting incremental changes in static analysis code. Kaarthik Radhakrishna. (MA)
• Aliasing in incremental static analysis with IDEal. Shashank Subramanya. (MA)

• Project group: Delphi – mining software ecosystems using static program analysis (2019 - 2020)
• Project group: automated benchmark management (2018 - 2019)
• Undergraduate Capstone open source projects: filtering module for the automated benchmark management platform (2018)
• Project group: secure integration of cryptographic software (2017 - 2018)
• Project group: visualising data flows in static code analyses (2016 - 2017)

• Filmfestival Mathematik Informatik. Heidelberg. (2019)

• 30th international origami convention. Erkner. (2018)
• Paper heroes. Tel Aviv. (2017)
• Convention for creators. Lyon. (2017)
• Origami USA annual convention. New York. (2016)
• 28th international origami convention. Erkner. (2016)
• Star Wars origami exhibition. Zaragoza. (2016)
• Ultimate Origami Convention. Lyon. (2015)
• Model-making event. Samoëns. (2014)

• Origami Deutschland creation contest. 1st place. (2016)
• Origami Deutschland creation contest. 2nd place. (2015)
• MFPP creation contest. (2015)
• 8th JOAS origami model competition. 1st place, public’s choice. (2015)
• MFPP creation contest. 1st place, audience award. (2014)

• Models with diagrams:
  • Black nightshade. Diagram in “Origami Deutschland 2016 convention book”. (Nov 2015)
  • Butterfly. Diagram in “Origami Deutschland 2018 convention book”. (Dec 2015)
  • Four-leaf clover. Diagram in “MFPP 2015 convention book”. (Dec 2014)
  • Goldfish. Diagram in “CDO 2018 convention book”. (Dec 2017)
  • Ivy leaf. Diagram in “Origami Deutschland 2015 convention book” and in MFPP 2015 convention book”. (May 2014)
  • Jar Jar Binks head. Diagram in “The Fold” 2016. (Nov 2015)
  • Leaf chopstick holder. Diagram in “The origami collection 2015” and in “Origami Deutschland 2015 convention book”. (May 2014)
  • Monkey mask. Diagram in “The Paper” 2018. (Jul 2015)
  • Oncidium. Diagram in “Origami Deutschland 2016 convention book”. (Oct 2014)
  • ORI_Q swan. Diagram in “The Fold” 2016. (Nov 2015)
  • Twin dolphins. Diagram in “The Fold” 2016. (Apr 2015)
  • Winged heart. Diagram in “The origami collection 2016”. (May 2015)
  • Yale-type cylinder lock key. Diagram in “The Fold” 2017. (Jan 2015)
• Models with crease patterns:
  • Alsatian girl. Diagram in “Le pli #134” 2014 and in “The Fold” 2016. (Apr 2014)
  • Mermaid. Diagram in “Le pli #138” 2015. (Apr 2015)
• Other models:
  • 13 tales. (Apr 2016)
  • 2018!. (Jan 2018)
  • Angelfish. (Dec 2015)
  • Ballerina. (May 2018)
  • Bride. (Apr 2015)
  • Brown bear. (Jul 2019)
  • Charon. (Dec 2012)
  • Cheetah head. (Jan 2017)
  • Chinese coin. (Dec 2014)
  • Cinderella. (Jan 2016)
  • Courting cranes. (Feb 2019)
  • Deer head. (Apr 2017)
  • Doe head. (Apr 2017)
  • Four mice. (Apr 2016)
  • Hop-o’-my-thumb. (Mar 2016)
  • Jar Jar Binks. (Nov 2015)
  • Lady. (May 2018)
  • Link. (Jun 2018)
  • Little red riding hood. (Feb 2016)
  • Lurking menace. (May 2016)
  • Magic mirror. (Apr 2016)
  • My little hero. (Aug 2017)
  • Princess Zelda. (Jun 2018)
  • Quetzalcoatl. (Jul 2014)
  • Sadako. (Aug 2017)
  • Sun Wukong. (Jul 2015)
  • The angel. (Mar 2016)
  • The beanstalk. (Apr 2016)
  • The mermaid and the frog prince. (Jan 2016)
  • The pied piper of Hamelin. (Jan 2016)
  • The winged victory of Samothrace. (May 2013)
  • The yellow dwarf. (Apr 2016)
  • Tinker bell. (Mar 2016)
  • Two (thousand) cranes. (May 2012)
  • Wedding bouquet. (Feb 2016)
  • Winged heart 2.0. (Oct 2015)