Mira Mezini - Selected Publications#

1. Julian Haas, Ragnar Mogk, Elena Yanakieva, Annette Bieniusa, Mira Mezini.
LoRe: A Programming Model for Verifiably Safe Local-First Software.
ACM Transactions on Programming Language Systems. Accepted, Nov. 2023. https://doi.org/10.1145/3633769

Impact

Local-first software refers to a class of decentralized software systems that promotes more evenly placing computations between back-end clouds and front-end devices with a preference for the latter whenever possible. Moving computations closer to the front-end of the globally computing infrastructure is beneficial for several reasons, including data privacy, latence, avaliability, better usage of computing resources and more. This paper presents the first approach to verifiably safe local-first software. Verifiable safety is a prerequisite for making the local-first paradigm prime for safety-critical (business) software. ACM Trans. Program. Lang. Syst is the top-journal in the area of programming language and systems. The work presented in this paper, together with the work presented in another paper by the candidate and co-authors entitled "Algebraic Replicated Data Types" and published at ECOOP 2023, establish the methodological ground for productive and correct by-design development of general-purpose local-first software.

2. Matthias Eichholz, Eric H. Campbell, Matthias Krebs, Nate Foster, Mira Mezini.
Dependently-typed data plane programming.
Proceedings of the ACM on Programming Languages 6 (POPL): 1-28, 2022

Impact

This paper was presented at POPL, considered to be the most renown conference in theoretical aspects of programming languages, and published as a journal paper in the Proceedings of the ACM. It is the first to propose a dependent type system for modular verification of properties of data plane programs. Programmable data planes offer a range of benefits that enhance flexibility, efficiency, and innovation in networking and collectively contribute to more agile, efficient, and adaptable networks that can better meet the demands of modern applications and users. But for this potential to be exploited it is important to ensure safety and security of programmable data planes. The work presented in the paper together with a previous work presented at ECOOP 2021 by the same authors, are the first to make the benefits of type systems as a lightweight modular verification method available to network programming.

3. Joscha Drechsler, Ragnar Mogk, Guido Salvaneschi, Mira Mezini.
Thread-safe reactive programming.
Proceedings of the ACM on Programming Languages 2 (OOPSLA): 107:1-107:30, 2018

Impact

This paper was presented at one of the four flagship SIGPLAN conferences, and published as a journal paper in the Proceedings of the ACM on Programming Languages. Together with the work presented in the paper "A fault-tolerant programming model for distributed interactive applications" by the same authors, which appeared one year later in the Proceedings of the ACM on Programming Languages, 144:1-144:29, 2019, these works have been influential in making the concepts of the functional reactive programming available to programming distributed and concurrent software, with veriafiable correctness and fault-tolerance guarantees.

4. David Richter, David Kretzler, Pascal Weisenburger, Guido Salvaneschi, Sebastian Faust, Mira Mezini.
Prisma : A Tierless Language for Enforcing Contract-client Protocols in Decentralized Applications.
ACM Transactions on Programming Languages and Systems 45(3): 17:1-17:41, 2023

Impact

The paper was under the top papers submitted to ECOOP 2022 that were given the opportunity of a fast-track post-conference review process at the ACM Transaction on Programming Languages and Systems, the top journal in the area of programming languages, and was accepted for publication there. The paper presents pioneering work in secure compilation for smart contracts. Ensuring the security of smart contracts is crucial due to several significant reasons. In particular, smart contracts often handle financial transactions or valuable assets and any security breach could result in substantial financial losses or manipulation of assets, impacting users' trust in the platform or blockchain network, which has happened in the past. The work presented in this paper proposes a new tierless programming model for smart contracts and a secure compilation method to map the high-level concepts to concrete execution platforms, while enforcing control-flow integrity. In an ECOOP 2023 paper, entitled “A Direct-Style Effect Notation for Sequential and Parallel Programs„ the candidate and her team presented follow up work that generalizes the programming model to arbitrary effectful computations with both sequential and parallel execution models. This paper won both a best paper and best artifact award.

5. Dominik Helm, Florian Kübler, Michael Reif, Michael Eichberg, Mira Mezini.
Modular collaborative program analysis in OPAL.
ESEC/SIGSOFT FSE 2020: 184-196

Impact

This paper presents the core architecture of the OPAL static analysis platform developed at the candidate's lab in the last decade. OPAL is unique in its support for pipelined execution of modular static analyses, which enables developers to make systematic tradeoffs between soundness, precision and performance of static analyses. Moreover, OPAL is the only static analysis platform today with a modular theory of soundness, presented in a paper by the candidate and co-authors from her lab, which was just accepted for publication at the European Symposium on Programming, 2024. OPAL is made available as open source and has being used by other research teams and by startups.

6. Tobias Roth , Dominik Helm , Michael Reif, Mira Mezini:
CiFi: Versatile Analysis of Class and Field Immutability. ASE 2021: 979-990

Impact

This paper won both the best paper and best artifact award at the ACM Conference on Automated Software Engineering, 2021. It is representative for several papers by the candidate and co-authors proposing specific static analysis algorithms developed on top of OPAL, including call-graph, immutability, and purity analyses. Papers about these specific OPAL analyses have been published at top software engineering conferences, including such as FSE and ISSTA and have provided evidencethat OPAL analyses outperform the state-of-the-art in the respective area.

7. Sarah Nadi, Stefan Krüger, Mira Mezini, Eric Bodden:
Jumping through hoops: why do Java developers struggle with cryptography APIs?
ICSE 2016: 935-946

Impact

This paper accepted for publication at ICSE, the top conference on Software Engineering, presents seminal work on analyzing the reasons for the observed prevalent misuses of cryptographic APIs, which is one of the top sources of security vulnerabilities in todays software. As also evidenced by the high number of citations, the paper has been the point of reference for follow up work on studies of crypto misuses as well as on methods for detecting and avoiding such misuses by the candidate and others. The candidate and co-authors have followed up with studies of crypto API misuses, which either take a finer-grained view on such misuses, such as the one presented in a paper entitled “To Fix or Not to Fix: A Critical Study of Crypto-misuses in the Wild“, published at TrustCom 2022, or analyze the prevalence of such misuses in other languages, e.g., in a paper entitled “Python Crypto Misuses in the Wild”, published at ACM / IEEE International Symposium on Empirical Software Engineering and Measurement.
8. Stephan Krüger, Johannes Späth, Karim Ali, Eric Bodden, Mira Mezini.
"CrySL: An Extensible Approach to Validating the Correct Usage of Cryptographic APIs".
IEEE Transactions on Software Engineering 47(11): 2382-2400, 2021

Impact

This publication appeared in a top software engineering journal. It is representative of the highly impactful work of the candidate on methods for detecting and avoiding security vulnerabilities that are due to the misuse of cryptographic APIs. Concepts and methods for hardening the crypto API uses, presented in the above paper, have been implemented as part of the CogniCrypt platform, which was presented in an ASE 2017 paper entitled „CogniCrypt: supporting developers in using cryptography“ by the candidate and co-authors. CogniCrypt is available as open source software and tool integration is available for several integrated software development platforms. The work on CogniCrypt has pioneered the concept of "cryptography as a service".

9. Anna-Katharina Wickert, Clemens Damke, Lars Baumgärtner, Eyke Hüllermeier, Mira Mezini.
UnGoML: Automated Classification of unsafe Usages in Go.
ACM Conference on Mining Software Rrepositories: 309-321, 2023

Impact

The paper, which won a FOSS Impact Award at MSR 2023, is representative of the work of the candidate on methods and tools for addressing security vulnerabilities beyond those due to crypto API misuses. This paper addresses vulnerabilities due to the use of so-called unsafe APIs in languages that are considered safe such as Go or Rust. The unsafe package allows developers to bypass the usual safety mechanisms in Go, and perfom unsafe operations such as pointer arithmetic and direct memory manipulation. These features are provided and used for various reasons, but they can compromise the safety guarantees that Go normally provides, opening the door to bugs like memory corruption and undefined behavior. The paper is the first one to propose specifically trained ML models for not only detecting but also classifying the purpose of the usage of the unsafe API in Go. Another work focusing on supporting developers in uncovering security and privacy issues in software also used ML-based techniques to uncover obfuscated dataflows in repackaged apps. This latter work was published by the candidate and co-authors from her team in a FSE 2017 paper entitled “CodeMatch: obfuscation won't conceal your repackaged app“; a follow up paper entitled “Hidden in Plain Sight: Obfuscated Strings Threatening Your Privacy” published at AsiaCCS 2020 used the technique to perform a large-scale study of the state of data privacy in Android apps.

10. Marcel Bruch, Martin Monperrus, Mira Mezini.
Learning from examples to improve code completion systems.
ACM Symposium on Foundations of Software Engineering: 213-222, 2009

Impact

This paper is a representative of the the work of the candidate in the area of AI-based software development. The work presented in this paper and follow up work presented in the paper "Intelligent Code Completion with Bayesian Networks", published at ACM Trans. Softw. Eng. Methodol. 25(1): 3:1-3:31, 2015, have pioneered the use of machine learning to assist developers in generating code snippets and is considered to have paved the way for today's intelligent code assistance tools. The paper has a high number of citations and continues to be cited. The paper has just been selected as this year’s awardee for the ACM SIGSOFT Impact Paper Award. The candidate has recently revived this line of research to reflect the most recent developments in deep learning and large language models. A paper that outlines the vision underlying this current research agenda of the candidate, entitled "Towards Trustworthy AI Software Development Assistance" has been accepted for inclusion in ICSE NIER (New Ideas and Emerging Results) 2024.