While very powerful, many current static analysis tools are misused or even abandoned because they are not written with the end-user in mind. My research focuses on improving the usability of analysis tools for code developers through different aspects that range from the analysis algorithm to the implementation of its framework to the usability of its interface. In particular, my research interests are scalable static analysis, usable tooling, and secure software engineering.


Below are a few projects I participated or am participating in, along with the artifacts generated during the projects.


VisuFlow is a debugging environment designed to support static analysis writers understand and debug an analysis. It is written as an Eclipse plugin, and supports static data-flow analyses written on top of the Soot analysis framework.

Just-in-Time Analysis

The Just-in-Time analysis concepts aims at making static analysis more usable to the end user, often the code developer. It allows analysis writers to encode prioritization properties into the analysis. At runtime, certain paths are analyzed before others, allowing important results to be returned first. CHEETAH is an implementation of the Just-in-Time analysis concept for taint analysis for Android applications. It is integrated in the Eclipse IDE as a plugin.

Automated Benchmark Management

When empirically testing one’s tools, one can either use well established benchmark suites, create one’s own micro-benchmark, or mine open-source repositories for real-life projects. In the first case, benchmark suites are often created by hand for one single purpose and remain unchanged for years, making them ill-adapted to the tool under test, and non-representative of real-life software. In the second case, tool authors also crafting the benchmark is often considered a threat to the validity of the evaluation. The Automated Benchmark Management methodology has been designed to semi-automatically build and maintain benchmark collections that correspond to a user specification. It mines GitHub for up-to-date projects, runs user-specified filters, and rules out those projecs that do not fit, nor are not buildable. The final collection is the source code and executables of buildable, current, and user-specific GitHub projects.


Pointer analysis is a building block of static analysis. Be it for building call graphs, or to guarantee the soundness of other analyses, points-to and alias information are important to provide. The format of points-to and alias analyses do not return all-alias information, meaning that in order to find all variables that alias to another, the user should iterate over all existing variables in the program, and query the analysis for each of them. Boomerang is the first analysis that provides all-alias sets. It is also an on-demand analysis, which allows it to return results quickly.