Doctor rerum naturalium in Computer Science (Alma mater Lipsiensis -- University of Leipzig), Diplommathematiker (MSc Mathematics) (Alma mater Lipsiensis -- University of Leipzig)
My research interests are in the areas of software composition and evolution (API and contract evolution, semantic versioning) and program analysis (including static analysis, testing and fuzzing for bug and vulnerability detection). More details can be found on my private website
. Please contact me directly if you are interested in postgraduate studies in one of my areas of interest.
Recent / Current Research Contracts
- Novel Approaches to Input Generation for the Analysis of Java EE Applications -- Oracle Inc, USD 43k (2019-20)
- Closing the gaps in static program analysis -- NZ National Science Challenge SfTI, NZD 197k (2017-19)
- Static Analysis of JEE Applications -- Oracle Inc, USD 44k (2017-18)
Recent / Upcoming Publications
- S Rasheed, J Dietrich, A Rasheed: Laughter in the Wild: A Study into DoS Vulnerabilities in YAML Libraries. Accepted for TrustCom 2019.
- J Dietrich, D J Pearce, J Stringer, A Tahir, K Blincoe: Dependency Versioning in the Wild. MSR'19
- J Dietrich, M Luczak-Roesch, E Dalefield: Man vs Machine – a Study into Language Identification of Stack Overflow Code Snippets. MSR'19 (Mining Challenge Track).
- L Sui, J Dietrich, M Emery, S Rasheed, A Tahir: On the Soundness of Call Graph Construction in the Presence of Dynamic Language Features - A Benchmark and Tool Evaluation. APLAS'18.
- J Dietrich, F Gauthier, P Krishnan: Driver Generation for Java EE Web Applications. ASWEC'18.
- A Tahir, A Yamashita, S Licorish, J Dietrich, S Counsell: Can you tell me if it smells? A study on how developers discuss code smells and anti-patterns in Stack Overflow. EASE'18. Best Paper Award.
- T Bhagya, J Dietrich, H Guesgen, S Versteeg: GHTraffic: A Dataset for Reproducible Research in Service-Oriented Computing. ICWS'18.
Bugs and Vulnerabilities Recently Reported
(most of them are from work done with my PhD student Shawn Rasheed)
- DOS Vulnerability in js-yaml
- DOS Vulnerability in ghostscript
- DOS Vulnerability in Apache PDFBox
- Bug in the IBM J9 JVM Reflection API
- Bug: Broken Contract between Equals and Hashcode in .NET lIbraries
- New Billion-Laughs-style attack effecting memory in the Java Serialization
- EvilPickles -- code used in ECOOP17 paper on DOS attacks on the Java Serialization API
- Java Library Evolution Puzzlers -- scenarios showing problems with binary, source and behavioral compatibility and the impact this has on clients when Java programs evolve, see also related slides
- Guery -- a fast algorithm to detect patterns (motifs) in graphs, decribed here
- XCorpus -- an executable set of Java programs with high coverage and scripts, based on the Qualitas Corpus, and described here
- JEE Driver Generator -- a tool to generate a main class providing an unreflected entry point into JEE applications, to be used in static program analysis, described here
- teaching examples -- self-explanatory
- Giga -- a novel, very fast CFLR algorithms for static program analysis, described here
- Program Committee Member APLAS19
- Publicity Chair APLAS19
- Sponsorship Chair APLAS18
- Program Committee Member VISSOFT19
- build better semantic versioning calculators (actually using some program semantics)
- study the evolution of restful services
- using metrics to predict the code assessment in code reviews
- cross-version testing (taken for 2019)