Martin Kellogg Lands $450K NSF Grant, Developing New Approach to Stop Bugs
NJIT Assistant Professor Martin Kellogg is a software exterminator, obsessed with inventing programs that squash bugs in other people's code, and now he's working on the elusive balance between usability vs. perfection.
Kellogg recently won a four-year, $450,000 National Science Foundation grant to advance his research, General and Scalable Pluggable Type Inference. His co-principal investigator, Manu Sridharan at University of California - Riverside, won the same amount. They are assisted by students at both institutions. There's even a teenager helping out from Pingry School, in Basking Ridge, through the summer research program here at New Jersey Institute of Technology.
The team's focus is on static code analysis, which means they use mathematical techniques to examine raw programming code for bugs before any real-world problems surface. That contrasts to dynamic testing, which means actually running the program and seeing how it responds to unexpected inputs.
"Static analysis offers the promise of giving you a proof that the program never behaves badly in some way," Kellogg explained. "Static analysis is best at preventing broad categories of errors, like general programming mistakes. Things like null pointer exceptions or array bounds violations, [and] things that are well defined, are definitely problems every time they occur."
Static analysis became mature in the last decade, evolving from decades of research in compilers, which is the software that translates programming languages into binary code for computer processors to understand. Previously, bug-testing software was often developed by software developers who didn't understand the math, or by mathematicians who didn't understand usability concerns, Kellogg observed. He aims to get both sides right. He also wants his open-source code to run quickly, behind-the-scenes and without human intervention. He knows that's a tall task, which is why he and Sridharan requested a four-year grant.
Mainstream programming languages such as Java and Rust use something called a type system, which determines which operations can be performed on any given command. A recent trend is pluggable type systems, which means they're expandable, so developers can customize the languages as needed. Rewriting old applications to be understood by a new bug-detector is too cumbersome, so Kellogg believes that a type expansion is the best compromise. He noted that Sridharan once worked at Uber, where a team of programmers stopped their own projects for two weeks just to make older code accommodate a static analysis method. Kellogg said he personally had similar experiences at Amazon Web Services.
Summer students and AI also have a role
One of Kellogg's summer students is Kevin Diggs, an Albert Dorman Honors College sophomore from Elizabeth, who is working on a related project that's not directly part of the NSF funding but remains important to software reliability. Diggs evaluates memory leaks in programs written with the stalwart C programming language.
"Kevin's work is one of the tools that will benefit if our NSF project is successful: applying it to the kernel once the tool itself is finished is going to be a lot of work," Kellogg explained. "We need research that's focused on new analyses targeting new problems, like Kevin's, and research that's focused on improving the analyses that we already have across the board, like the NSF grant."
Looking toward the future, Kellogg said static code analysis will become even more necessary as artificial intelligence is used to develop new applications. "These generative AI models are very good at writing code that looks correct but isn't," which makes it harder for inexperienced developers to notice, he said. Creative NJIT faculty are using such AI tools in their classrooms, where Kellogg's work might become a virtual devil's advocate.
"Writing a proof is not something that AI is good at," he continued. "If nothing else, if people start using generative AI models instead of writing programs themselves, which seems increasingly likely, they're going to need better static analysis to be able to find the problems that it will inevitably entail."
"My biggest critic would probably say that people don't care about correctness, and that's true in many cases," Kellogg added. Good-enough code is fine for your daily dose of kitten pictures, but perfection is vital for the code in an airplane or hospital. In summary, he stated, "We need tools that allow us to gain confidence in that code."