Open research topics

by Martin Monperrus

Under my supervision, you can do cool research in software technology, here are our current hot topics.

Are you a KTH student? See Master's thesis / Bachelor's thesis guidelines and contact me by email

Are you a brilliant international student? Contact me by email


Category Program Repair
     Machine Learning for Program Repair
          Using generative AI to adapt software components
          Automatic translation of C to Rust with Language Models (or JS->Typescript or Java->Kotlin)
          Generating Equivalent Patches with Neural Networks
          Minimizing Code Diffs Using Code Language Models
          Automatic Repair with Large Language Models on Code
          Neural Repair of Compiler Warnings
     Code Analysis for program repair
          Self-supervised learning for proving program equivalence in LLVM
          Automatic Repair of Breaking Dependency Updates
          Automatic Program Repair of Code4Bench
          Automated Program Repair for Smart Contracts
Category Software Supply Chain (CHAINS)
          Air-gapped software builds
          Tamperproof compilation for Go and Go-Ethereum
          Dynamic Software Integrity Verification
          Embedding the software supply chain at runtime with Java classloaders
          Investigation of the Software Supply Chain of Password Managers
          Investigation of the Software Supply Chain of Crypto Wallets
Category Crypto & Smart Contracts
          AST Differencing for Solidity
          Invariant Generation for Smart Contracts
          Automated Program Repair for Smart Contracts
          On-chain code coverage
          Behavioral Hardening for Blockchain Nodes
          Automatic Exploit Synthesis for Smart Contracts
          Effective Mutation Testing for Solidity Smart Contracts
          Automatic Specification Inference for Smart Contracts with Language Models

Category Program Repair

Machine Learning for Program Repair

Using generative AI to adapt software components

Description: Software substitutability is a property which measures how readily a software component can be replaced by a different but equivalent component. In software supply chains, it is critical for faulty or vulnerable components to be replaced as quickly as possible [1,2]. However, software substitutes might not be immediately available. Generative AI tools like ChatGPT may be used to efficiently produce software substitutes in diverse programming languages and stacks. You will determine the feasibility of using generative AI tools to enhance substitutablity of components in software supply chains.

  1. AdaptivePaste: Code Adaptation through Learning Semantics-aware Variable Usage Representations

  2. Better Together? An Evaluation of AI-Supported Code Translation

  3. Formalization of Component Substitutability

Automatic translation of C to Rust with Language Models (or JS->Typescript or Java->Kotlin)

Description: The thesis aims to develop an automatic translation system for converting C language code to Rust language code, using state-of-the-art natural language processing techniques and deep learning models. The primary goal is to facilitate the migration of legacy C codebases to Rust, ensuring safer, more efficient, and more maintainable software systems. GPT4 version The same topic of automatic translation can be applied to JS->Typescript or Java->Kotlin or even Python->Typed-Python if you're excited about it).

  1. Concrat: An Automatic C-to-Rust Lock API Translator for Concurrent Programs

  2. Code translation with compiler representations 2023

  3. Unsupervised translation of programming languages 2020

Generating Equivalent Patches with Neural Networks

Description: Recently, neural networks (NN) have been trained on source code, with different purposes such as code completion and automated program repair (APR). In the latter case, an NN-based APR receives as input a buggy code and generates patched code. In this thesis, you will study another use case for neural networks: generation of equivalent patches [1,2], that is, generated code that is semantically equivalent but syntactically different to the patch given as input, using self-supervision [3] In the context of APR, generating a set of equivalent patches will help APR systems generate a bunch of diverse equivalent patches, and consequently, will let the developer choose the one she considers most appropriate to be integrated into her codebase.

  1. On the generalizability of Neural Program Models with respect to semantic-preserving program transformations

  2. Self-Supervised Learning to Prove Equivalence Between Programs via Semantics-Preserving Rewrite Rules

  3. SelfAPR: Self-supervised Program Repair with Test Execution Diagnostics

  4. NatGen: generative pre-training by “naturalizing” source code

Minimizing Code Diffs Using Code Language Models

Description: In a software development process based on code reviews, the visualization of the diff between the base and the target branch is of utmost importance. It is known that the spurious formatting changes pollute code reviews, and lead to unnecessary communication and code review work. Today, the only solution for minimizing the diff is one that ignores white spaces [1]. You will work on automatic minimization of pull-requests code language models, such as Codex [2]. The idea is to rewrite the target code such that the following two requirements are met. First, the new target code should have the same AST as the original target. Second, the number of diff lines detected Myers algorithm is minimized.

  1. Ignore white space in code review

  2. Evaluating Large Language Models Trained on Code

  3. Styler: learning formatting conventions to repair Checkstyle violations

Automatic Repair with Large Language Models on Code

Description: Recently, very large language models have been trained on code (OpenAI Codex, Github Copilot). There are preliminary results suggesting that they are useful for program repair. In this thesis, you will make an empirical investigation on using large language models for program repair with strong baselines and state of the art datasets.

  1. Codex: Evaluating Large Language Models Trained on Code

  2. Can OpenAI’s Codex Fix Bugs? An evaluation on QuixBugs

  3. Repair Is Nearly Generation: Multilingual Program Repair with LLMs

Neural Repair of Compiler Warnings

Description: It is a best practice to activate all warnings in a compiler. However, much work is needed to remediate the all. You will research in the area of machine learning for repairing compiler warnings. You will devise, implement and evaluate an approach based on sequence-to-sequence learning. The considered compilers are open and could be for example rust, go, clang, etc.

  1. Break-It-Fix-It: Unsupervised Learning for Program Repair (2021)

  2. The Unexplored Terrain of Compiler Warnings

  3. Master's thesis: Exploring the Usage of Neural Networks for Repairing Static Analysis Warnings

  4. MACER A Modular Framework for Accelerated Compilation Error Repair

Code Analysis for program repair

Self-supervised learning for proving program equivalence in LLVM

In recent years, self-supervised learning has emerged as a powerful technique for encoding high-level semantic properties in the absence of explicit supervision signals. The focus of this thesis is to explore the application of self-supervised learning methodologies towards proving program equivalence in LLVM bytecode. LLVM provides a structured format for representing program constructs at the intermediate level. Program equivalence is a fundamental problem in computer science, concerned with proving that two programs exhibit the same behavior under all possible inputs. By utilizing self-supervised learning techniques, we aim to develop a practical approach for efficient and accurate program equivalence verification in a mainstream binary format.

Automatic Repair of Breaking Dependency Updates

Description: This work aims at automatically proposing patches for breaking updates of software libraries. It is a best practice to keep all software dependencies to use the latest version. However, some dependency versions are not compatible with the previous version. In this case, automated dependency management (eg with DependaBot or Renovate) still involves some heavy manual work in order to adapt the code to the new version of the library. The student will design, implement and evaluate novel program analysis and program synthesis techniques to automatically repair breaking updates.

  1. Automatically repairing dependency-related build breakage

  2. APIfix: output-oriented program synthesis for combating breaking changes in libraries

Automatic Program Repair of Code4Bench

Description: The student will design design and perform a large scale experiment of program repair on the Code4Bench benchmark [1], with quantitative and qualitative analysis [2].

  1. Code4Bench: A multidimensional benchmark of Codeforces data for different program analysis techniques

  2. Empirical Review of Java Program Repair Tools: A Large-Scale Experiment on 2,141 Bugs and 23,551 Repair Attempts

  3. A Comprehensive Study of Automatic Program Repair on the QuixBugs Benchmark

Automated Program Repair for Smart Contracts

Description: Smart contracts are software, and hence, cannot be perfect. Smart contracts suffer from bugs, some of which putting high financial stakes at risk. There is a new line of research on automated patching of smart contract. You will devise, perform and analyze a comparative experiment to identify the successes, challenges and limitations of automated program repair for smart contracts.

  1. Elysium: Automagically Healing Vulnerable Smart Contracts Using Context-Aware Patching

  2. EVMPatch: Timely and automated patching of ethereum smart contracts

Category Software Supply Chain (CHAINS)

Work done as part of the https://chains.proj.kth.se/

Air-gapped software builds

Description: Air-gapped software development is done by the military and similar highly sensitive environment. Modern software builds typically require Internet connectivity, and a typical build involves thousands of network requests. How to reconcile those opposite requirements? In this thesis, you will design, implement and evaluate an infrastucture for air-gapped software builds.

  1. Software development challenges with air-gap isolation

  2. Building a virtually air-gapped secure environment in AWS: with principles of devops security program and secure software delivery

Tamperproof compilation for Go and Go-Ethereum

Description: Software supply chain attacks may happen through the compiler, a vector known as a "Trusting the trust" attack. To mitigate such attacks and have tamperproof builds, different techniques exists incl. reproducible builds, debootstrapped builds and diverse double compilation. You will apply and study those techniques in depth in the context of Go and Geth, the Go client for Ethereum. The work is done in collaboration with the core developers of Geth and the Ethereum foundation.

  1. Reproducible Builds: Increasing the Integrity of Software Supply Chains

  2. Countering trusting trust through diverse double-compiling

  3. Debootstrapping without Archeology: Stacked Implementations in Camlboot

Dynamic Software Integrity Verification

Description: In the life cycle of a software application, the final step is to ship binaries to the production environment, and to execute them. In the simplest case, the production application is one single binary file. While this simple case was the norm three decades ago, it does not fit the reality today. In modern software stacks, a software application executing in production is the result of an assembly of many different files. This poses a major problem: the stakeholders of the software application have virtually no way to state what code is actually being executed in production. This is known as the “integrity checking problem” [1]. You will design, implement and evaluate a system such that software applications can tell at runtime their bill of materials.

  1. Reflection as a mechanism for software integrity verification

Embedding the software supply chain at runtime with Java classloaders

Description: In Java, class loading refers to retrieving the binary form of a class or interface and constructing, from that binary form, a class object to represent the class or interface [1]. Today, different subclasses of the `ClassLoader` may implement different loading policies [2]. For example, a class loader may cache the binary representation of a class, prefetch it based on expected usage, or load a group of related classes together. These activities may not be completely transparent to a running application. In this context, determining the third-party suppliers of classes loaded at runtime allows for controlling and hardening the software supply chain of third-party components used during program execution. Monitoring the origins of the “actually” executed code is a critical task for building more reliable and secure systems. The student will design and implement a novel software tool to build a representation of the software supply chain at runtime.

  1. The Java® Virtual Machine Specification. Chapter 5. 01182103

  2. Sharing the runtime representation of classes across class loaders

Investigation of the Software Supply Chain of Password Managers

Description: Password managers are designed to securely store and manage users' login credentials, but they also have access to sensitive information, such as credit card details and personal data. The increasing use of password managers has led to growing concerns about the security risks associated with them. Therefore, the security and reliability of these tools are critical for protecting users' privacy and preventing data breaches. This work aims to investigate the software supply chain of password managers, including the risks associated with their development, distribution, and maintenance.

  1. The emperor's new password manager: Security analysis of web-based password managers (Usenix Security 2014)

  2. Password managers: Attacks and defenses (Usenix Security 2014)

      Investigation of the Software Supply Chain of Crypto Wallets

      Description: Software supply chain attacks compromise target applications from software dependencies. In the context of crypto, a successful attack results in the loss of funds for all users of a compromised wallets. For example, the Copay wallet and its users were victim of such an attack in 2018. In this thesis, you will perform an in-depth investigation of the major crypto wallets, in order to rank them wrt software supply chain security and propose actionable improvements.

      1. Security Aspects of Cryptocurrency Wallets-A Systematic Literature Review

      2. Software supply chain attacks on crypto

      3. Backstabber's knife collection: A review of open source software supply chain attacks

      Category Crypto & Smart Contracts

      AST Differencing for Solidity

      Description: Structured differencing, also called AST Differencing, means comparing two programs via their abstract syntax trees. It has a number of use cases in software maintenance, incl. software analytics, merging, code clone detection, automated labeling, etc. You will devise, implement and evaluate an AST diff tool for Solidity.

      1. Fine-grained and Accurate Source Code Differencing

      2. Pointers about parsers

      Invariant Generation for Smart Contracts

      Description: Invariant inference is useful for capturing the semantics of a program and detect deviations from normal behavior. While heavily studied in the context of mainstream languages [1], it is required to apply and evaluate invariant generation in the context of smart contracts [2]. You will devise, implement and evaluate an invariant generation tool for Solidity smart contracts.

      1. The Daikon system for dynamic detection of likely invariants

      2. InvCon: A Dynamic Invariant Detector for Ethereum Smart Contracts

      Automated Program Repair for Smart Contracts

      Description: Smart contracts are software, and hence, cannot be perfect. Smart contracts suffer from bugs, some of which putting high financial stakes at risk. There is a new line of research on automated patching of smart contract. You will devise, perform and analyze a comparative experiment to identify the successes, challenges and limitations of automated program repair for smart contracts.

      1. Elysium: Automagically Healing Vulnerable Smart Contracts Using Context-Aware Patching

      2. EVMPatch: Timely and automated patching of ethereum smart contracts

      On-chain code coverage

      Programs executed on the Ethereum blockchain are defined through smart contracts. Solidity is the de-facto programming language used to implement smart contracts. Since much is at stake, good test coverage is essential for Solidity programs [1]. Coverage in production gives additional information about field usage [2], and the blockchain is a fully reproducible production workload. You will design and perform experiments to study production coverage in the context of smart contracts specified in Solidity.

      1. solidity-coverage: https://github.com/sc-forks/solidity-coverage

      2. Behavioral execution comparison: Are tests representative of field behavior? 2017.

      Behavioral Hardening for Blockchain Nodes

      Description: An important concept in software security is to protect resources with whitelists. It has been implemented at different levels of the software stack (kernel, virtual machines, application frameworks). In Bitcoin Core, white lists of system calls can be used and enforced via Linux SecComp [1]. From a research perspective, the hard problem is to infer the whitelist of accessible resources via behavioral analysis [2,3]. You will design and perform an experiment to compare different behavior inference techniques for Bitcoin-Core.

      1. https://github.com/bitcoin/bitcoin/pull/20487

      2. A Sense of Self for UNIX Processes

      3. Shredder: Breaking Exploits through API Specialization

      Automatic Exploit Synthesis for Smart Contracts

      Smart contracts typically hold large stakes and consequently, they are under constant attack by malicious actors. As counter-measure, engineering smart contracts involves auditing and formal verification. Another option is automatic exploit synthesis In this thesis, you will evaluate the state of the art of exploit synthesis for smart contracts. You will then design, implement and evaluate a better system that improves upon the state of the art.

      1. ExGen: Cross-platform, Automated Exploit Generation for Smart Contract Vulnerabilities

      2. FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation

      3. Smart Contract and DeFi Security: Insights from Tool Evaluations and Practitioner Surveys

      Effective Mutation Testing for Solidity Smart Contracts

      Description: One of the problems with mutation testing is that the developers are overwhelmed by the number of mutants to kill with new tests. One way to approach this problem is to view it as a recommendation problem. The student will design, implement and evaluate a novel technique for automatically prioritizing mutants to be killed in Solidity smart contracts.

      1. Selecting fault revealing mutants (2020)

      2. A Comprehensive Study of Pseudo-tested Methods

      3. https://github.com/Certora/gambit/

      Automatic Specification Inference for Smart Contracts with Language Models

      Description: Recently, very large language models have been trained on code (OpenAI Codex, Github Copilot). There are preliminary results suggesting that they are useful for specification inference. In this thesis, you will make an empirical investigation on using large language models for specification inference on smart contracts with strong baselines and state of the art datasets.

      1. Codex: Evaluating Large Language Models Trained on Code

      2. Examining Zero-Shot Vulnerability Repair with Large Language Models

42? No: