About Me↑ up

I am a software engineer at Google, where I work on the V8 engine, specifically on WebAssembly. My interests are broadly in programming languages, software engineering, systems, and security. I want to make software development enjoyable, and would like the resulting programs to be correct, secure, and performant. I obtained a PhD (summa cum laude) in the amazing Software Lab group at University of Stuttgart, advised by Prof. Dr. Michael Pradel. In the PhD and before, I worked on static and dynamic program analysis (Wasabi, type prediction from binaries); compilers and programming languages (during internships at Oracle Labs and Google); software security (Wobfuscator project, internship at Google, bachelor thesis); fuzzing (internship at Microsoft Research, Fuzzm) and automated testing (finding bugs in debuggers, master thesis). I enjoy both research and practice, finding out new things and making sure they are useful to others.

All opinions expressed below are my own and not of my employer.

Research Interests and Projects↑ up

WebAssembly logo
WebAssembly, the
universal bytecode.

Memory layout schematic, showing static data, stack, and heap.
Buffer overflow in
Wasm linear memory.

During my PhD, I applied several of the above topics to WebAssembly. I believe WebAssembly is well-suited for research due to its clean design and little accumulated cruft, while at the same time tremendously important in practice as a universal bytecode for the web and increasingly beyond. One of my research projects was the analysis of WebAssembly's binary security, that is, if and how memory vulnerabilities in source languages such as C can be exploited when compiled to a WebAssembly binary (USENIX Security 2020). During an internship at Google, I also looked into WebAssembly host security, that is, protecting the system from malicious WebAssembly binaries. In the internship, I implemented W^X in the WebAssembly compiler of V8. I am the main author of Wasabi, a dynamic analysis framework for WebAssembly (ASPLOS 2019, best paper award), for which I developed my own binary parser and static instrumenter. To aid reverse engineering of WebAssembly binaries, I employed neural networks for recovering high-level types from the low-level bytecode of functions. Together with Aaron Hilbig, we also collected WasmBench, large set of more than 8000 real-world WebAssembly binaries for analysis, as test inputs, and as training data for machine learning-based approaches. In several further projects with collaborators, I also worked on fuzzing and static analysis of WebAssembly binaries.

Firefox debugger screenshot
A bug we found in the debugger of Firefox.

During internships and my studies, I also worked on other projects. In my master thesis and a follow-up project together with Sandro Tolksdorf, we developed automated testing of interactive debuggers, with which we found more than 25 bugs in the JavaScript debuggers of Firefox and Chrome. During an internship at Microsoft Research, I worked with Patrice Godefroid and Marina Polishchuk on RESTler, a fuzzer for REST APIs, which I augmented with differential regression testing (ISSTA 2020). At an internship at Oracle Labs, I worked on the compiler for a graph-processing language with the Spoofax language workbench. During my bachelor thesis, I worked together with Lucas Davi and Ahmad-Reza Sadeghi on return-oriented programming attacks against coarse-grained control-flow integrity (USENIX Security, BlackHat USA 2014).

Short CV↑ up

Code↑ up

Wasabi logo
Our dynamic
analysis framework.

Wasabi is my largest personal project, of which I am the main developer. It is a dynamic analysis framework for WebAssembly binaries. The website has more background, usage instructions, and even a little live demo. Wasabi is implemented in >5k lines of Rust and a bit of JavaScript. Feel free to contribute a pull request on GitHub. Wasabi builds on my own parser and static instrumentation library. Since WebAssembly uses LEB128-encoded integers throughout the binary format, I also wrote an LEB128 library in Rust. The existing libraries either did not support all integer widths or didn't do proper integer overflow checking.

I am a big fan of Rust, since it offers modern language features (algebraic data types, pattern matching, procedural macros, etc.) but still gives the user plenty of low-level control (over allocations, memory layout, explicit copying, static vs. dynamic dispatch, etc.). The language and ecosystem also try to avoid many of the issues that plague C and C++: Rust has proper modules, a standardized and easy package management and build system, great compiler errors, and good standard library and language defaults (move by default, fat pointers instead of NULL-delimited strings, UTF-8, hygenic macros, no implicit conversions, etc.). Rust's most unusual feature is of course the ownership and affine type system: this is great, not just for memory safety but especially for concurrent code. I have published a small utility library main_error on crates.io.

For research projects, I always try to make all code and data public. See publications for the respective repositories.

Peer-Reviewed Publications↑ up

That's a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly. 2023.
Daniel Lehmann, Michelle Thalakottur, Frank Tip, Michael Pradel.
In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '23).
[paper] [dataset and code] [DOI] [] Copy to Clipboard@inproceedings{Lehmann2023ToughCall, title = {That's a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly}, author = {Lehmann, Daniel and Thalakottur, Michelle and Tip, Frank and Pradel, Michael}, year = {2023}, booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '23}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {979-8-4007-0221-1}, url = {https://doi.org/10.1145/3597926.3598104}, doi = {10.1145/3597926.3598104}, }

Program Analysis of WebAssembly Binaries. 2022.
Daniel Lehmann.
PhD dissertation.
[dissertation] [university library] [DOI] [] Copy to Clipboard@phdthesis{Lehmann2022Dissertation, title = {Program Analysis of WebAssembly Binaries}, author = {Lehmann, Daniel}, year = {2022}, url = {https://doi.org/10.18419/opus-12619}, doi = {10.18419/opus-12619}, }

Finding the Dwarf: Recovering Precise Types from WebAssembly Binaries. 2022.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI '22).
[paper] [code and data] [DOI] [] Copy to Clipboard@inproceedings{Lehmann2022SnowWhite, title = {Finding the Dwarf: Recovering Precise Types from WebAssembly Binaries}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2022}, month = {May}, booktitle = {Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation}, series = {PLDI '22}, pages = {410--410}, numpages = {16}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45039265-5}, url = {https://doi.org/10.1145/3519939.3523449}, doi = {10.1145/3519939.3523449}, }

Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly. 2022.
Alan Romano, Daniel Lehmann, Michael Pradel, Weihang Wang.
In Proceedings of the 2022 IEEE Symposium on Security and Privacy (S&P 2022).
[paper] [DOI] [] Copy to Clipboard@inproceedings{Romano2022Wobfuscator, title = {Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly}, author = {Romano, Alan and Lehmann, Daniel and Pradel, Michael and Wang, Weihang}, year = {2022}, month = {May}, booktitle = {Proceedings of the 2022 IEEE Symposium on Security and Privacy}, series = {S\&P 2022}, pages = {1101--1101}, numpages = {16}, publisher = {IEEE Computer Society}, issn = {2375-1207}, url = {https://doi.org/10.1109/SP46214.2022.00064}, doi = {10.1109/SP46214.2022.00064}, }

An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases. 2021.
Aaron Hilbig, Daniel Lehmann, Michael Pradel.
In Proceedings of the Web Conference 2021 (WWW '21).
[paper] [dataset and code] [DOI] [] Copy to Clipboard@inproceedings{Hilbig2021WasmBench, title = {An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases}, author = {Hilbig, Aaron and Lehmann, Daniel and Pradel, Michael}, year = {2021}, month = {April}, booktitle = {Proceedings of the Web Conference 2021}, series = {WWW '21}, pages = {2696--2696}, numpages = {13}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45038312-7}, url = {https://doi.org/10.1145/3442381.3450138}, doi = {10.1145/3442381.3450138}, }

Everything Old is New Again: Binary Security of WebAssembly. 2020.
Daniel Lehmann, Johannes Kinder, Michael Pradel.
In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20).
[paper] [conference website] [video] [slides] [code and data] [] Copy to Clipboard@inproceedings{Lehmann2020WasmBinarySecurity, title = {Everything Old is New Again: Binary Security of WebAssembly}, author = {Lehmann, Daniel and Kinder, Johannes and Pradel, Michael}, year = {2020}, month = {August}, booktitle = {Proceedings of the 29th USENIX Security Symposium}, series = {USENIX Security 20}, pages = {217--217}, numpages = {18}, publisher = {USENIX Association}, isbn = {978-1-939133-17-5}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann}, }

Differential Regression Testing for REST APIs. 2020.
Patrice Godefroid, Daniel Lehmann, Marina Polishchuk.
In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '20).
[paper] [Microsoft blog post] [tool source code] [DOI] [] Copy to Clipboard@inproceedings{Godefroid2020DifferentialRESTler, title = {Differential Regression Testing for REST APIs}, author = {Godefroid, Patrice and Lehmann, Daniel and Polishchuk, Marina}, year = {2020}, month = {July}, booktitle = {Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '20}, pages = {312--312}, numpages = {12}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45038008-9}, url = {https://doi.org/10.1145/3395363.3397374}, doi = {10.1145/3395363.3397374}, }

Interactive Metamorphic Testing of Debuggers. 2019.
Sandro Tolksdorf, Daniel Lehmann, Michael Pradel.
In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '19).
[paper] [DOI] [] Copy to Clipboard@inproceedings{Tolksdorf2019MetamorphicDebuggerTesting, title = {Interactive Metamorphic Testing of Debuggers}, author = {Tolksdorf, Sandro and Lehmann, Daniel and Pradel, Michael}, year = {2019}, month = {July}, booktitle = {Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '19}, location = {Beijing, China}, pages = {273--273}, numpages = {11}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45036224-5}, url = {https://doi.org/10.1145/3293882.3330567}, doi = {10.1145/3293882.3330567}, }

Wasabi: A Framework for Dynamically Analyzing WebAssembly. 2019.
Daniel Lehmann and Michael Pradel.
In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19).
Won a best paper award.
[paper] [slides] [code] [project website] [short news in Linux Magazin] [DOI] [] Copy to Clipboard@inproceedings{Lehmann2019Wasabi, title = {Wasabi: A Framework for Dynamically Analyzing WebAssembly}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2019}, month = {April}, booktitle = {Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems}, series = {ASPLOS '19}, location = {Providence, RI, USA}, pages = {1045--1045}, numpages = {14}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45036240-5}, url = {https://doi.org/10.1145/3297858.3304068}, doi = {10.1145/3297858.3304068}, }

Feedback-Directed Differential Testing of Interactive Debuggers. 2018.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018).
[paper] [code] [DOI] [] Copy to Clipboard@inproceedings{Lehmann2018DifferentialDebuggerTesting, title = {Feedback-Directed Differential Testing of Interactive Debuggers}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2018}, month = {October}, booktitle = {Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, series = {ESEC/FSE 2018}, location = {Lake Buena Vista, FL, USA}, pages = {610--610}, numpages = {11}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45035573-5}, url = {https://doi.org/10.1145/3236024.3236037}, doi = {10.1145/3236024.3236037}, }

Automatic Testing of Interactive JavaScript Debuggers. 2017.
Daniel Lehmann.
In Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH Companion 2017).
2nd place in the ACM Student Research Competition, graduate category.
[poster] [DOI] [] Copy to Clipboard@inproceedings{Lehmann2017AutomaticDebuggerTesting, title = {Automatic Testing of Interactive JavaScript Debuggers}, author = {Lehmann, Daniel}, year = {2017}, month = {October}, booktitle = {Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity}, series = {SPLASH Companion 2017}, location = {Vancouver, BC, Canada}, pages = {24--24}, numpages = {3}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45035514-8}, url = {https://doi.org/10.1145/3135932.3135945}, doi = {10.1145/3135932.3135945}, }

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. 2014.
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose.
In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14).
[paper] [conference website] [Microsoft EMET 5.1 release notes] [] Copy to Clipboard@inproceedings{Davi2014Stitching, title = {Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection}, author = {Davi, Lucas and Sadeghi, Ahmad-Reza and Lehmann, Daniel and Monrose, Fabian}, year = {2014}, month = {August}, booktitle = {Proceedings of the 23rd USENIX Security Symposium}, series = {USENIX Security 14}, pages = {401--401}, numpages = {16}, publisher = {USENIX Association}, isbn = {978-1-931971-15-7}, url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/davi}, }

Technical Reports, Other Work↑ up

Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly. 2021.
Daniel Lehmann, Martin Toldam Torp, Michael Pradel.
arXiv 2110.15433.
[paper] [tool source code]

Invited Talks, Tutorials, etc.↑ up

Everything Old is New Again: Binary Security of WebAssembly. Daniel Lehmann.
Longer technical talk about our USENIX Security 2020 paper. Given in slightly adapted versions at:

Dynamically Analyzing WebAssembly with Wasabi. Daniel Lehmann and Michael Pradel.
Half-day tutorial session at PLDI 2019 on using our framework, e.g., for extracting a call graph or in reverse engineering. Phoenix, AZ, USA. June 23, 2019.
There is an accompanying website with materials (tasks, required setup, solutions) and slides.

Differential Testing of Interactive Debuggers. Daniel Lehmann.
Technical talk about our ESEC/FSE 2018 paper. Given at:

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques. Daniel Lehmann and Ahmad-Reza Sadeghi.
At Black Hat Briefings USA. August 6, 2014.
Talk and live demo of an exploit against Microsoft Enhanced Mitigation Experience Toolkit (EMET), which was subsequently fixed by Microsoft. Based on my bachelor thesis work.
Recording on YouTube.