Software

Simian

Simian is a UI-level testing tool for collaborative web applications. It has found numerous bugs in Google Docs and similar systems. The implementation has been artifact-evaluated for PLDI'17.
Project page
Please cite our PLDI'17 paper if you would like to use or build upon this tool.

FuzzDroid

FuzzDroid helps analyzing malicious Android apps by generating an execution environment that exposes malicious behavior not obvious when running, e.g., in the Android emulator.
Project page
Please cite our ICSE'17 paper if you would like to use or build upon this tool.

ConTeGe, SpeedGun, and CovCon

ConTeGe (short for Concurrent Test Generator) is a framework for generating sequential and concurrent unit tests. It is a research platform to build tools for finding correctness and performance problems in sequential and concurrent Java classes. In particular, ConTeGe has detected various bugs in widely used thread-safe classes, e.g., classes in the JDK.
Source code of ConTeGe
Source code of SpeedGun
Source code of CovCon
If you would like to use or build upon these tools, please cite our PLDI'12 paper (for ConTeGe), our ISSTA'14 paper (for SpeedGun), and our ICSE'17 paper (for CovCon).

JavaScript Performance Issues

A data set of 98 reproduced and documented performance issues in 16 popular client-side and server-side JavaScript projects. We make these issues available to help developers to avoid common mistakes, to help researchers develop performance-related tools and techniques that address relevant problems, and to help developers of JavaScript engines to address prevalent bottleneck patterns.
GitHub page
Please cite our ICSE'16 paper if you would like to use this data set.

ArgumentAnalyzer

ArgumentAnalyzer detects incorrect or confusing method arguments by comparing identifier names of arguments and parameters with each other. The basic idea is simply but very effective. Our work has inspired Google to include argument analysis into their Error Prone code checker for Java.
Project page
Please cite our ISSTA'11 paper if you would like to use or build upon this tool.

MemoizeIt

MemoizeIt is a performance profiler to detects methods that would benefit from software caching (or memoization). The implementation has been artifact-evaluated at OOPSLA'15.
Project page
Please cite our OOPSLA'15 paper if you would like to use or build upon this tool.

JITProf

JITProf is a profiling tool for JavaScript. It detects "JIT-unfriendly" code locations, which prevent the just-in-time compiler from effectively optimizing the code. JITProf has inspired Mozilla to implement a similar idea as part of the Firefox browser.
Project page
Please cite our FSE'15 paper if you would like to use or build upon this tool.

DLint

DLint is the first dynamic lint-like tool. It detects bad coding practices in JavaScript. DLint has found various issues in popular web sites, such as the sites of IKEA, eBay, and the Hilton. Project page Please cite our ISSTA'15 paper if you would like to use or build upon this tool.

TypeDevil

TypeDevil is a dynamic analysis to detect type inconsistencies, which often correlate with bugs.
Project page
Please cite our ICSE'15 paper if you would like to use or build upon this tool.

EventBreak and WebAppWalker

EventBreak is a UI-level testing tool for web applications that detects situations where a web site becomes unresponsive. EventBreak is implemented within WebAppWalker, a general framework for UI-level testing of web applications.
Project page
Please cite our OOPSLA'14 paper if you would like to use or build upon this tool.

API Protocol Mining

Our work on API protocol mining resulted in 223 mined specification for the Java standard library and 32 manually specified reference specifications.
Please cite our ICSE'12 and our ICSM'10 paper to refer to these data sets.