I do software research. My students and I create tools and techniques that help developers build better software—by automatically testing, analyzing, and debugging its code and its development process.
Our approaches have proven quite influential in academia and industry. My Curriculum Vitae lists the most important achievements.
<script src="/assets/js/mastodon-timeline.js"></script>Our research projects involve generating software tests, automated debugging and repair, analyzing mobile systems, analyzing user interfaces, and more. Essentially, our research focuses on the following questions:
- How can we systematically test complex software systems?
- How can we accurately determine and characterize input formats?
- How can we explain causes and circumstances of software failures?
Our solutions typically apply and combine several techniques including dynamic analysis, static analysis, specification mining, test generation, natural language processing, machine learning, constraint solving, and formal languages:
- In 2023, I have received an ERC Advanced Grant of 2.5 million EUR for the project "Semantics of Software Systems" (S3) on massive generation of tests and oracles for software. Come work with me!
- Since 2022, most of our projects focus on semantic fuzzing and debugging, centered around our all-new ISLa specification language and input generator.
- Since 2021, my Debugging Book presents and implements techniques for automated debugging and repair, and The Fuzzing Book introduces test generation ("fuzzing") techniques. Both books are interactive – you can execute and edit the code right in your browser.
I am hiring PhDs and PostDocs who would like to work on these topics. Apply now!
My papers can be found on Google Scholar, in the ACM Digital Library, and in DBLP. For recent works and preprints, check out my CISPA publication list.
- In Winter 2023/24, we offer our advanced course on security testing, based on The Fuzzing Book.
- In Winter 2024/25, we will offer our advanced course on automated debugging, based on The Debugging Book.
Every semester, we also offer seminars and proseminars around automated testing and debugging.
Check out all our courses here.
At CISPA and Saarland University, I work with great students and Post-Docs from across the world on cutting-edge research:
- Dr. Rafael Dutra (Post-Doc)
- Dr. Jordan Samhi (Post-Doc)
- Dr. Dominic Steinhöfel (Post-Doc)
- Dr. Alexi Turcotte (Post-Doc)
- Leon Bettscheider (Ph.D. student)
- Max Eisele (Ph.D. student @ Bosch)
- Bernd Gruner (Ph.D. student @ DLR)
- Johannes Lampel (Ph.D. student @ Microsoft)
- Tural Mammadov (Ph.D. student)
- Marius Smytzek (Ph.D. student)
- José Antonio Zamudio Amaya (Ph.D. student)
- Fengmin "Paul" Zhu (Ph.D. student)
We are constantly looking out for great students and Postdocs. Our positions are well-paid and allow for highly productive research. If you are interested in a Ph.D. or Postdoc position, please apply at CISPA and state your specific interests.
Here is a list of former group members.
If you are a student of Saarland University and have fun with automated program analysis, testing, and debugging, you might want to do a thesis with us. Here are the details on how to do a thesis with us.
My blog has a mixture of various topics from academia and software development, often with a humorous touch. Here is a selection of popular posts:
-
{% for post in site.posts %}
{% if post.tags contains "popular" %}
- {{ post.title }} ({{ post.date | date: "%Y-%m-%d" }}) {% endif %} {% endfor %}
I am a frequent speaker at events. Here are two recorded talks I am particularly proud of.
In my 2020 CASA Distinguished Lecture "Learning the Language of Failure", I show some highlights of our current work:
- how to automatically learn circumstances of a given failure, expressed over features of input elements;
- how to automatically infer input languages as readable grammars, and how to use them for massive fuzzing; and
- how to systematically and precisely characterize the set of inputs that causes a given failure – the "language of failure".
Enjoy the show! Annotated slides are available, too.
These days, I also spend quite some time giving career advice. In my ICSE 2018 SIGSOFT Award keynote, I unfold three lessons on impact in software engineering research:
- Do relevant work
- Strive for simplicity
- Keep on innovating
Again, detailed slides and full manuscript are available.
Follow me on Mastodon to stay updated about current work and relevant events. You may also find me on other platforms (see links on the left), but Mastodon is where I post.
I do not collect any data from this site, but GitHub may do. See the GitHub Privacy Statement for details.