I am a Principal Scientist at GrammaTech, Inc: I lead the research area Big Code, which intersects static program analysis with statistical and machine learning. I live in the lovely finger lakes region in upstate NY.
At GrammaTech, I have worked on several cutting-edge research projects, some of which have been transitioned into products. Below are a selected few:
- A tool to identify embedded library components in binaries (i.e., binary software composition analysis to produce software bill of materials). Additionally, any n-day vulnerabilities in the identified components are reported. This tool uses a novel combination of light-weight program analysis and machine learning. I started this project as a Principal Investigator of a DARPA funded Small Business Innovation Research grant and a DoD CIO’s office funded Rapid Innovation Fund. This tool is now available as a commercial product.
- Static techniques to identify swapped argument errors at callsites using the natural language information available in program code. Our published research on this work won the IEEE TCSE Distinguished Paper Award in 2020.
- A tool to inject bugs into programs so that we can systematically evaluate static bug-finding tools. Our published research on this work won the IEEE TCSE Distinguished Paper Award in 2019.
- Using statistical and machine learning techniques to enhance the bug-finding capabilities of various static analysis tools across multiple programming languages (see here for a brief writeup). We have transitioned some of this work into the CodeSonar static analysis tool (see here).
I have had the good fortune of working with several amazing interns over the past few years: Lawton Nichols, Yanxin Lu, Kevin Leach, Prashast Srivastava, Sushant Dinesh, Charlie Murphy, Colin Unger, Avi Saven.
Previously, I was a graduate researcher at the Programming Languages Lab, University of California Santa Barbara. My PhD advisor was Ben Hardekopf. During the summers of 2011 and 2012, I was a research intern at Mozilla Research, working with Dave Herman. I worked for a couple of years at National Instruments R&D, Bangalore, right after my undergrad (and developed this LabVIEW feature).
- Programming Languages
- Static Analysis
- Software Engineering
- Applied Machine Learning
PhD in Computer Science, 2014
University of California Santa Barbara