Presenter: Thodoris Sotiropoulos, ETH
Date: 24 September 2025

I will present the research directions our team pursued during the academic year 2024--2025 in the areas of software reliability, analysis, and security. For software reliability, we developed new methods to validate (i.e., find bugs) critical software infrastructure, focusing on (1) static analyzers which are widely used throughout the software development pipeline and (2) Infrastructure as Code (IaC) programs, which are routinely used to automate the provisioning and management of entire of computing infrastructures and servers.

For software analysis and security, we investigated the security challenges of applications that combine high-level languages (e.g., Python, JavaScript) with low-level components (e.g., C, Rust). We introduced techniques to automatically identify and reason about the bridges between these languages. This enables powerful cross-language analyses such as vulnerability detection and reachability analysis in hybrid programs. Finally, we investigated an emerging domain: the effect of compiler optimizations on Zero-Knowledge Virtual Machines (zkVMs). zkVMs are becoming foundational in privacy-preserving and verifiable computation. Therefore, understanding the limitations of existing compiler infrastructures on zkVM performance opens new research directions, including the development of zkVM-specific passes, backends, and superoptimizers.