Resarch Interests

  • Empirical Software Engineering
  • Mining Software Repositories
  • Highly configurable software & Software Product Lines
  • Code Recommender Systems
  • API misuses
  • Software maintenance and evolution

Current Research Projects

  • Variability-aware Analysis of C++ Systems

    This project is in collaboration with IBM CAS Canada. The goal is to enable analyzing certain aspects of a C++ system that might differ depending on the architecture the system is being built for. This is a new project so details to follow…

  • SPL Migration

    In this project, our goal is to collect and compare experiences of companies that have successfully migrated to an SPL or that are currently in the migration process. This will be done through interviews with architects and engineers from various companies. Our focus is on technical details of the migration, such as the identification of variability in existing products, including details on the diff-ing strategies of source code; the modeling of variability and identification of features; and what kind of refactoring is needed to migrate products to an integrated platform. Examples of other details we strive to analyze comprise version-control strategies and product-generation techniques. Read More…

  • API Misuse Detection

    When developers use Application Programming Interfaces (APIs), they often make mistakes that can lead to bugs, system crashes, or security vulnerabilities. We refer to such mistakes as misuses. One example of a misuse is forgetting to call close() after opening a FileInputStream and writing to it. There are various categories of API-misuses, and most of the current misuse detectors only find some of these categories. Read more...

  • Cryptography APIs

    Previous research has shown that many security vulnerabilities exist due to developer’s misuse of cryptography APIs. In other words, developers make mistakes while using the APIs and these mistakes can lead to serious security threats. In this project, we wanted to investigate the reasons for such mistakes and suggest reasons on how to improve the situation. Read more...


    Completed Research Projects

  • Code Recommender Systems

    One of the ways to avoid API misuse is to create code recommender systems that help developers write better code in the first place. A challenge here is to gather real-world data about how developers use these APIs and the available code recommender tools. We looked at code recommenders from different angles. Read more...

  • Reverse-engineering Configuration Constraints

    One of the challenges of developing and maintaining highly configurable software is reasoning about configuration constraints (aka feature dependencies). For example, some features do not work well together or some features require other features to be present. These constraints are essential for reasoning about valid configurations of the software, but unfortunately are not always documented. In this project, we develop a framework that analyzes the implementation of existing highly configurable software to identify configuration constraints. Read more...

  • CPP Usage In Practice

    The C preprocessor has received strong criticism in academia, among others regarding separation of concerns, error proneness, and code obfuscation, but is widely used in practice. Many (mostly academic) alternatives to the preprocessor exist, but have not been adopted in practice. Since developers continue to use the preprocessor despite all criticism and research, we ask how practitioners perceive the C preprocessor. We performed interviews with 40 developers, used grounded theory to analyze the data, and cross-validated the results with data from a survey among 202 developers, repository mining, and results from previous studies. We show that developers are aware of the criticism the C preprocessor receives, but use it nonetheless, mainly for portability and variability. Read more...

  • Analyzing Linux Kbuild to Detect Variability Anomalies

    Although build systems control what code gets compiled into the final built product, they are often overlooked when studying software variability. The Linux kernel is one of the biggest open source software systems supporting variability and contains over 10,000 configurable features described in its KCONFIG files. To understand the role of the build system in variability implementation, we use Linux as a case study. We study its build system, KBUILD, and extract the variability constraints in its Makefiles. Read more...

  • Identifying Causes and Fixes of Linux Variability Anomalies

    In order to prevent variability anomalies from occurring in the first place, we need to understand what causes them. In order to provide automated solutions for such anomalies, we need to understand how developers usually fix them. This project mines commit information from Linux’s git repository in order to identify causes and fixes of variability anomalies. Read more...

  • Root Cause Analysis & Change Impact Analysis using CMDBs

    Many IT systems use Configuration Management Databases (CMDBs) to keep track of which hardware and software is installed as well as any problems that occur over time. Thus, over time, CMDBs collect large amounts of valuable data that can be used for decision support. This project proposes mining historic data from a CMDB to detect common co-changes that can be used to support change impact analysis. Read more...