• Publications
  • Influence
Winnowing: local algorithms for document fingerprinting
The class of local document fingerprinting algorithms is introduced, which seems to capture an essential property of any finger-printing technique guaranteed to detect copies, and a novel lower bound on the performance of any local algorithm is proved.
Scalable statistical bug isolation
A statistical debugging algorithm that isolates bugs in programs containing multiple undiagnosed bugs and identifies predictors that are associated with individual bugs that reveal both the circumstances under which bugs occur as well as the frequencies of failure modes, making it easier to prioritize debugging efforts.
Legion: Expressing locality and independence with logical regions
A runtime system that dynamically extracts parallelism from Legion programs, using a distributed, parallel scheduling algorithm that identifies both independent tasks and nested parallelism.
Bug isolation via remote program sampling
A low-overhead sampling infrastructure for gathering information from the executions experienced by a program's user community is proposed and statistical modeling based on logistic regression allows us to identify program behaviors that are strongly correlated with failure and are therefore likely places to look for the error.
Effective static race detection for Java
We present a novel technique for static race detection in Java programs, comprised of a series of stages that employ a combination of static analyses to successively reduce the pairs of memory
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
The design and prototype of a new technique for finding potential buffer overrun vulnerabilities in security-critical C code are implemented and used to find new remotely-exploitable vulnerabilities in a large, widely deployed software package.
Static Detection of Security Vulnerabilities in Scripting Languages
A static analysis algorithm for detecting security vulnerabilities in PHP, a popular server-side scripting language for building web applications, is presented, finding 105 previously unknown security vulnerabilities, most of which it believes are remotely exploitable.
Secure Information Flow as a Safety Problem
The termination insensitive secure information flow problem can be reduced to solving a safety problem via a simple program transformation, and this paper generalizes the self-compositional approach with a form of information downgrading recently proposed by Li and Zdancewic.
Apposcopy: semantics-based detection of Android malware through static analysis
The signature matching algorithm of Apposcopy uses a combination of static taint analysis and a new form of program representation called Inter-Component Call Graph to efficiently detect Android applications that have certain control- and data-flow properties.
Titanium: A High-performance Java Dialect
This work discusses the main additions to Java are immutable classes, multidimensional arrays, an explicitly parallel SPMD model of computation with a global address space, and zone-based memory management, and reports on the development of Titanium.