Keynote Speakers
Baishakhi Ray
Baishakhi Ray
Columbia University, USA
Baishakhi Ray is an Associate Professor in the Department of Computer Science, Columbia University, NY, USA. Baishakhi's research interest is in the intersection of Software Engineering and Machine Learning. She has received the prestigious IEEE TCSE Rising star award and NSF CAREER award. Her research has been acknowledged by Distinguished Paper awards at ASE 2022, FASE 2020, FSE 2017, MSR 2017, IEEE Symposium on Security and Privacy (Oakland), 2014. Her research has also been published in CACM Research Highlights and has been widely covered in trade media.
Title: Programming Language Processing : How AI can Revolutionize Software Development?
Abstract The past decade has seen unprecedented growth in Software Engineering— developers spend enormous time and effort to create new products. With such enormous growth comes the responsibility of producing and maintaining quality nd robust software. However, developing such software is non-trivial— 50% of software developers’ valuable time is wasted on finding and fixing bugs, costing the global economy around USD$1.1 trillion. Today, I will discuss how AI can help in different stages of the software development life cycle for developing quality products. In particular, I will talk about Programming Language Processing (PLP), an emerging research field that can model different aspects of code (source, binary, execution, etc.) to automate diverse Software Engineering tasks, including code generation, bug finding, security analysis, etc.
David Lo
David Lo
Singapore Management University, Singapore
David Lo is a Professor of Computer Science and Director of the Information Systems and Technology Cluster at the School of Computing and Information Systems, Singapore Management University. For close to two decades, he has championed AI4SE, specifically demonstrating how AI – including data mining, machine learning, information retrieval, natural language processing, and search-based algorithms – can be used to transform passive software engineering data, stored in various software repositories, into automation and insights. He has published 400+ AI4SE papers that have gathered 20k+ citations. He has won 15+ international awards, including the IEEE TCSE Distinguished Service award, two Test-of-Time (or Most Influential Paper) awards, and six ACM Distinguished Paper awards. He is an IEEE Fellow (for contributions to synergizing software engineering and data mining), Fellow of Automated Software Engineering (for significant and sustained contributions to the automated software engineering community), ACM Distinguished Member, and NRF Investigator (2023-28). He served as a PC Co-Chair of ISEC’20 and is serving as a PC Co-Chair of ESEC/FSE’24 and ICSE’25. More information about him and his work can be found at: http://www.mysmu.edu/faculty/davidlo/.
Title: Human-Centered AI4SE: Requirements, Reflection, and Road Ahead
Abstract Since its inception in the 2000s, AI for Software Engineering (AI4SE) has grown rapidly. AI in its different forms,
e.g., data mining, information retrieval, machine learning, natural language processing, etc., has been demonstrated to be able to
produce good results for automating many tasks including specification mining, bug and vulnerability discovery, bug localization,
duplicate bug report identification, failure detection, program repair, technical question answering, code search, and many more.
AI4SE has much potential to improve software engineers' productivity and software quality. Due to its potential, it is currently
one of the most popular research areas in the software engineering field.
To advance AI4SE, this talk puts forward Human-Centered AI4SE. Without considering humans,
it is easy for AI-powered tools to hinder rather than help humans in their job, or introduce unwanted
and unacceptable side effects. Human-Centered AI4SE (HCAI4SE) puts humans (i.e., software practitioners)
at the forefront in the design of AI4SE tools, with the goal of augmenting and amplifying software practitioners'
capabilities. I will describe some requirements of HCAI4SE; specifically, among others, there is a need to
(i) listen to humans, (ii) learn from humans, and (iii) synergize with humans. For each requirement, I will present
a reflection on the progress that the AI4SE area has made over the years, including work done by our research group in
Singapore. At the end of this talk, I will describe the road ahead, specifically focusing on how AI4SE tools can be trustworthy,
which is an essential attribute to allow them to be widely used by practitioners.
Satish Chandra
Satish Chandra
Facebook USA
Satish Chandra is a researcher at Google, where he applies machine learning techniques to improve developer productivity. Prior to that, he has worked -- in reverse chronological order -- at Facebook, Samsung Research, IBM Research, and Bell Laboratories. His work has spanned many areas of programming languages and software engineering, including program analysis, type systems, software synthesis, bug finding and repair, software testing and test automation, and web technologies. His research has been widely published in leading conferences in his field, including POPL, PLDI, ICSE, FSE and OOPSLA. The projects he has led have had significant industrial impact: in addition to his work on developer productivity at Facebook, his work on bug finding tools shipped in IBM's Java static analysis product, his work on test automation was adopted in IBM's testing services offering, and his work on memory profiling of web apps was included in Samsung's Tizen IDE. Satish Chandra obtained a PhD from the University of Wisconsin-Madison, and a B.Tech from the Indian Institute of Technology-Kanpur, both in computer science. He is an ACM Distinguished Scientist and an elected member of WG 2.4.
Title: Machine Learning for Software Engineering
Abstract The availability of large code corpora has made it possible to build innovative software productivity tools that use machine learning, paving way for capabilities that were not possible with static analysis technology. In this talk, I will provide a quick overview of this area, and include some industry experiences.
Aseem Rastogi
Aseem Rastogi
Microsoft Research, India
Aseem Rastogi is a Principal Researcher at Microsoft Research India. His work spans the areas of language design, type systems, program verification, and software security. More specifically, he is interested in developing formal techniques for writing provably correct and secure software. He is one of the core designers and developers of F*, a language for program verification. In Project Everest, F* is used to build and deploy a verified HTTPS stack.
Title: Proof-oriented programming for high-assurance systems
AbstractProof-oriented programming is a paradigm where programs are designed and developed along with mathematical proofs of their correctness and security. In recent years, proof-oriented programming has reached a point where not only several high-assurance software components have been developed using it, but these components have also been deployed in production systems.
In this talk I will provide an overview of this paradigm in the context of F*, a proof-oriented programming language developed at Microsoft Research. I will briefly discuss several critical software components, developed from scratch in F*, such as low-level parsers and cryptographic algorithms. These components are already deployed in production systems such as Windows Hyper-V, the Linux kernel, Firefox, and mbedTLS.
As a complementary methodology for retrofitting strong, formal guarantees on existing legacy services (e.g., cloud services), I will present the Zeta framework. Zeta works by running a small, proven correct monitor in a trusted execution environment validating responses from the service. The key idea is that we only need to develop the monitor using proof-oriented programming once-and-for-all, while the large legacy service remains untrusted. I will illustrate Zeta by sketching an example of how we can make a concurrent, high-performance, key-value store "zero trust" and argue that this step incurs modest software engineering effort and modest runtime overheads.