My research is at the boundary of Programming Languages and Software Engineering, with particular focus on tools for improving software quality and programmer productivity. Below is an overview of some current projects.

Program Analysis for Asynchronous Software

Modern software needs to accommodate asynchrony in situations such as web-based user-interfaces, communicating with servers through HTTP requests, and non-blocking I/O. Event-based programming is the most popular approach for managing asynchrony, but is highly error-prone due to problems such as event races, inadequate support for error handling, and unintuitive, deeply nested control flow ("callback hell"). Other mechanisms for managing asynchrony such as promises/futures pose their own set of challenges to programmers. We are interested in developing static and dynamic program analysis techniques that are capable of reasoning precisely about asynchrony, and in the development of tools that assist programmers with detecting and repairing errors in asynchronous applications.
Related publications: [OOPSLA15] [ICSE16] [OOPSLA17a] [OOPSLA17b]

Crowdsourced Debugging and Fault Localization

Despite the best efforts of software engineers and testers, web applications still contain bugs and security vulnerabilities, causing applications to crash, produce incorrect results, or be vulnerable to attacks. Debugging such issues is challenging because it is often difficult to reproduce a problem in-house from the limited information in a traditional crash report (e.g., stack trace), particularly in the case of event-driven software. We are interested in developing feedback-directed techniques that repeatedly instrument applications in such a way that successively more precise fault localization information is computed each time that a user encounters a crash. To achieve acceptable run-time overhead, instrumentation overhead is distributed over a crowd of users.
Related publications: [IEEE TSE10] [IEEE TSE12] [ICSE16]

Feature Reduction for Dynamic Software

Applications that rely on third-party libraries often include significant amounts of code that they do not use. This is undesirable because security vulnerabilities may exist in included modules. There has been a long history of research on feature reduction based on static program analysis, in which call graph construction and pointer analysis are used to identify functions that are unreachable from a program's main routine so that they can be removed prior to deployment. Unfortunately, modern software has several characteristics that render such static analysis ineffective including dynamic features such as "eval", native functions for which the code is unavailable for analysis, and event-driven control flow and other mechanisms for asynchrony that cannot be analyzed precisely using current techniques. We are interested in developing techniques that use a combination of static and dynamic analysis to remove features that are definitely unused, and replace features that are likely to be unused with stubs that load and execute such code dynamically, subject to additional security checks as needed.
Related publications: [OOPSLA00] [ACM TOPLAS02] [SAS15] [ACM TOSEM15]