---

---

04/02/2025 13:48

Fixing System Errors: New Tools that make software more secure

Dr. Jutta Witte Stabsstelle Hochschulkommunikation
Universität Stuttgart

Developing tools to improve the reliability and security of software systems: Professor Cristian Cadar from Imperial College London, winner of the Alexander von Humboldt Research Prize, will be visiting the University of Stuttgart for several months from April. As part of Professor Michael Pradel's team - Head of the Software Lab department and Managing Director of the Institute for Software Engineering (ISTE) - the computer scientist from London aims to explore new scientific frontiers.

"My goal in Stuttgart is to explore innovative approaches that further reduce the susceptibility of software systems to errors," says Cristian Cadar. The fact that computer programs are fundamentally vulnerable has to do with their complexity. Even simple apps comprise many thousands and sometimes even millions of lines of code - so it's easy for an error to creep in. All it takes is for programmers to overlook a small detail and the result is software errors known as “bugs”.

These in turn lead to security vulnerabilities that allow criminal attackers to hack into a computer system; for example, that of a private computer, a hospital or a company. The 2014 Heartbleed bug, one of the most notorious security vulnerabilities in computer history, remains a troubling memory. It appeared in the OpenSSL encryption library, which was responsible for secure communication on the Internet. When an error occurred during an OpenSSL update, hackers gained access to the passwords and private data of millions of users.

The fight against bugs

Cadar employs a specialized approach to combat bugs, a field in which he is a pioneer. It is called “symbolic execution”. Put simply, software is tested automatically and comprehensively for errors. “The basic idea is to collect mathematical constraints for each path in a computer program,” explains Cadar. This makes it easy to detect errors, such as buffer overflows.

These memory errors occur when a program writes more data to the memory than it can hold. This corruption of memory creates a security vulnerability that attackers can exploit to gain unauthorized access or inject malware into the system. The vulnerability to such bugs is often already inherent in the code. Cadar's work has already done much to prevent such bugs, and increase the reliability and security of software systems. First and foremost with the open source tool KLEE, which he and his team developed. Many universities, public authorities and industrial companies use this to search for errors and repair their programs.

ChatGPT in action

“I would like to thank the Humboldt Foundation for this prestigious award,” says Cadar. "This allows me to spend part of my sabbatical in Stuttgart, addressing critical challenges in software development." Cadar will be working at the Software Lab, led by director Michael Pradel, whom he has known and respected for many years. “I've always wanted to work with Michael and his research group. And now I finally can."

Host Michael Pradel is eager to welcome the visitor from London: “Cristian is a global leader in the field of symbolic execution.” Like Cadar, Pradel is dedicated to addressing software vulnerabilities, though he uses a different approach. Pradel and his team are world leaders in the field of neural software analysis. This uses neural networks and the currently ubiquitous large language models (LLMs) such as ChatGPT to search for and automatically correct software errors. Neural networks can do this very well because, with the help of LLMs designed for human use, they “understand” what the software developer originally meant when writing the code. They then compare the human intention behind the code with the actual written program code and thus find errors in the system.

The neurosymbolic approach

Cadar and Pradel have ambitious plans. In the coming months, they want to combine their two approaches to create a new neurosymbolic approach. "By combining our two approaches, we could be even more effective at identifying and fixing software errors than previous solutions," says Pradel. “We want to explore this potential during Cristian's visit.”

Software has a dual character, adds Cadar. It is intended for both humans and machines. “Human developers have to understand the code, machines have to execute it.” The approaches encompassed both areas: symbolic execution on the machine side and neural analysis on the human side. "I am confident that combining these two approaches will bring out the best of both worlds," especially with the recent advancements in LLMs. This makes work easier. The plan to merge neuronal analysis and symbolic execution therefore comes at just the right time.

About Cristian Cadar:

Cristian Cadar holds a PhD in Computer Science from Stanford University and a Master of Engineering from the Massachusetts Institute of Technology (MIT). He is now a professor in the Department of Computer Science at Imperial College London, where he heads the Software Reliability Group. He conducts research in software engineering, computer systems, and software security, with a particular focus on developing practical techniques to enhance the reliability and security of software systems. Cadar has received several awards for his work, including the IEEE New Directions Award 2022 and the BCS Roger Needham Award 2019.

---

Contact for scientific information:

Prof. Cristian Cadar, Department of Computing, Imperial College London, email: c.cadar@imperial.ac.uk

Prof. Michael Pradel, University of Stuttgart, Institute of Software Engineering (ISTE), Tel.: +49 711 685 88320, email: michael@binaervarianz.de

---

More information:

https://www.software-lab.org/

---

<
When it comes to fighting bugs, Cristian Cadar (left) is one of the pioneers in this field. Together ...
Sven Cichowicz
University of Stuttgart / Sven Cichowicz

<
Pradel and Cadar want to merge the human side and the machine side of software in a neurosymbolic ap ...
Sven Cichowicz
University of Stuttgart / Sven Cichowicz

---

Criteria of this press release:
Business and commerce, Journalists, Scientists and scholars
Information technology
transregional, national
Personnel announcements, Research projects
English

---