About Me↑ up

I am a software engineer at Google, where I work on the V8 engine, specifically on WebAssembly. My interests are broadly in programming languages, software engineering, systems, and security. I want to make software development enjoyable, and would like the resulting programs to be correct, secure, and performant. I obtained a PhD (summa cum laude) in the amazing Software Lab group at University of Stuttgart, advised by Prof. Dr. Michael Pradel. In the PhD and before, I worked on static and dynamic program analysis (Wasabi, type prediction from binaries); compilers and programming languages (during internships at Oracle Labs and Google); software security (Wobfuscator project, internship at Google, bachelor thesis); fuzzing (internship at Microsoft Research, Fuzzm) and automated testing (finding bugs in debuggers, master thesis). I enjoy both research and practice, finding out new things and making sure they are useful to others.

All opinions expressed below are my own and not of my employer.

Research Interests and Projects↑ up

During my PhD, I applied several of the above topics to WebAssembly. I believe WebAssembly is well-suited for research due to its clean design and little accumulated cruft, while at the same time tremendously important in practice as a universal bytecode for the web and increasingly beyond. One of my research projects was the analysis of WebAssembly's binary security, that is, if and how memory vulnerabilities in source languages such as C can be exploited when compiled to a WebAssembly binary (USENIX Security 2020). During an internship at Google, I also looked into WebAssembly host security, that is, protecting the system from malicious WebAssembly binaries. In the internship, I implemented W^X in the WebAssembly compiler of V8. I am the main author of Wasabi, a dynamic analysis framework for WebAssembly (ASPLOS 2019, best paper award), for which I developed my own binary parser and static instrumenter. To aid reverse engineering of WebAssembly binaries, I employed neural networks for recovering high-level types from the low-level bytecode of functions. Together with Aaron Hilbig, we also collected WasmBench, large set of more than 8000 real-world WebAssembly binaries for analysis, as test inputs, and as training data for machine learning-based approaches. In several further projects with collaborators, I also worked on fuzzing and static analysis of WebAssembly binaries.

During internships and my studies, I also worked on other projects. In my master thesis and a follow-up project together with Sandro Tolksdorf, we developed automated testing of interactive debuggers, with which we found more than 25 bugs in the JavaScript debuggers of Firefox and Chrome. During an internship at Microsoft Research, I worked with Patrice Godefroid and Marina Polishchuk on RESTler, a fuzzer for REST APIs, which I augmented with differential regression testing (ISSTA 2020). At an internship at Oracle Labs, I worked on the compiler for a graph-processing language with the Spoofax language workbench. During my bachelor thesis, I worked together with Lucas Davi and Ahmad-Reza Sadeghi on return-oriented programming attacks against coarse-grained control-flow integrity (USENIX Security, BlackHat USA 2014).

Short CV↑ up

• Software Engineer at Google
  Since October 2022 · Munich, Germany (remote)
  Software Engineer working on V8, specifically on WebAssembly.
• PhD in Computer Science / Research Assistant
• at University of Stuttgart
  September 2019 – August 2022 · Stuttgart, Germany
  Dr. rer. nat. (≈PhD) in Computer Science, summa cum laude.
  Defended my thesis on Program Analysis of WebAssembly Binaries in July 2022.
  Continued the PhD in Stuttgart after the research group moved there from Darmstadt.
• at Technische Universität Darmstadt
  December 2017 – August 2019 · Darmstadt, Germany
  Part of the Software Lab research group, advised by Prof. Dr. Michael Pradel.
  Research topics: see above and publications.
• Internship at Google
  April 2021 – July 2021 · Munich, Germany (remote)
  Software Engineering Intern in the V8 team. Implementing and comparing different techniques for W^X in the WebAssembly compiler.
  Hosts: Clemens Backes and Jakob Kummerow
• Internship at Microsoft Research
  March 2019 – June 2019 · Redmond, WA, USA
  Research Intern, adding differential regression testing to RESTler, a fuzzer for automatic finding of bugs in REST APIs. The tool has since been open-sourced.
  Mentors: Patrice Godefroid and Marina Polishchuk
• M.Sc. in Computer Science and
  M.Sc. in IT Security at Technische Universität Darmstadt
  April 2014 – July 2017 · Darmstadt, Germany
  Master thesis on automated testing of interactive JavaScript debuggers, found >25 bugs in Firefox and Chromium, led to publications at ESEC/FSE 2018 and ISSTA 2019.
• Internship at Oracle Labs
  May 2016 – September 2016 · Redwood Shores, CA, USA
  Intern in the PGX team, working on a compiler for a domain-specific language for graph algorithms.
  Supervisors: Martin Sevenich and Sungpack Hong.
• B.Sc. in Computer Science at Technische Universität Darmstadt
  October 2010 – March 2014 · Darmstadt, Germany
  Bachelor thesis on return-oriented programming attacks against coarse-grained CFI, presented at Black Hat USA, led to a paper at USENIX Security 2014 and improvements to Microsoft's EMET.
• Visiting student at Indian Institute of Technology Delhi
  July 2012 – December 2012 · New Delhi, India

Code↑ up

Wasabi is my largest personal project, of which I am the main developer. It is a dynamic analysis framework for WebAssembly binaries. The website has more background, usage instructions, and even a little live demo. Wasabi is implemented in >5k lines of Rust and a bit of JavaScript. Feel free to contribute a pull request on GitHub. Wasabi builds on my own parser and static instrumentation library. Since WebAssembly uses LEB128-encoded integers throughout the binary format, I also wrote an LEB128 library in Rust. The existing libraries either did not support all integer widths or didn't do proper integer overflow checking.

I am a big fan of Rust, since it offers modern language features (algebraic data types, pattern matching, procedural macros, etc.) but still gives the user plenty of low-level control (over allocations, memory layout, explicit copying, static vs. dynamic dispatch, etc.). The language and ecosystem also try to avoid many of the issues that plague C and C++: Rust has proper modules, a standardized and easy package management and build system, great compiler errors, and good standard library and language defaults (move by default, fat pointers instead of NULL-delimited strings, UTF-8, hygenic macros, no implicit conversions, etc.). Rust's most unusual feature is of course the ownership and affine type system: this is great, not just for memory safety but especially for concurrent code. I have published a small utility library main_error on crates.io.

For research projects, I always try to make all code and data public. See publications for the respective repositories.

Peer-Reviewed Publications↑ up

Wasm-R3: Record-Reduce-Replay for Realistic and Standalone WebAssembly Benchmarks. 2024.
Doehyun Baek, Jakob Getz, Yusung Sim, Daniel Lehmann, Ben Titzer, Sukyoung Ryu, Michael Pradel.
In Proceedings of the ACM on Programming Languages: Object-Oriented Programming, Systems, Languages & Applications (OOPSLA '24).
[show bibtex] Copy to Clipboard@inproceedings{Baek2024Wasm-R3, title = {Wasm-R3: Record-Reduce-Replay for Realistic and Standalone WebAssembly Benchmarks}, author = {Baek, Doehyun and Getz, Jakob and Sim, Yusung and Lehmann, Daniel and Titzer, Ben and Ryu, Sukyoung and Pradel, Michael}, year = {2024}, booktitle = {Proceedings of the ACM on Programming Languages: Object-Oriented Programming, Systems, Languages \& Applications}, series = {OOPSLA '24}, }

That's a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly. 2023.
Daniel Lehmann, Michelle Thalakottur, Frank Tip, Michael Pradel.
In Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '23).
[paper] [dataset and code] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2023ToughCall, title = {That's a Tough Call: Studying the Challenges of Call Graph Construction for WebAssembly}, author = {Lehmann, Daniel and Thalakottur, Michelle and Tip, Frank and Pradel, Michael}, year = {2023}, booktitle = {Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '23}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {979-8-4007-0221-1}, url = {https://doi.org/10.1145/3597926.3598104}, doi = {10.1145/3597926.3598104}, }

Program Analysis of WebAssembly Binaries. 2022.
Daniel Lehmann.
PhD dissertation.
[dissertation] [university library] [DOI] [show bibtex] Copy to Clipboard@phdthesis{Lehmann2022Dissertation, title = {Program Analysis of WebAssembly Binaries}, author = {Lehmann, Daniel}, year = {2022}, url = {https://doi.org/10.18419/opus-12619}, doi = {10.18419/opus-12619}, }

Finding the Dwarf: Recovering Precise Types from WebAssembly Binaries. 2022.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation (PLDI '22).
[paper] [code and data] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2022SnowWhite, title = {Finding the Dwarf: Recovering Precise Types from WebAssembly Binaries}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2022}, month = {May}, booktitle = {Proceedings of the 43rd ACM SIGPLAN International Conference on Programming Language Design and Implementation}, series = {PLDI '22}, pages = {410--410}, numpages = {16}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45039265-5}, url = {https://doi.org/10.1145/3519939.3523449}, doi = {10.1145/3519939.3523449}, }

Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly. 2022.
Alan Romano, Daniel Lehmann, Michael Pradel, Weihang Wang.
In Proceedings of the 2022 IEEE Symposium on Security and Privacy (S&P 2022).
[paper] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Romano2022Wobfuscator, title = {Wobfuscator: Obfuscating JavaScript Malware via Opportunistic Translation to WebAssembly}, author = {Romano, Alan and Lehmann, Daniel and Pradel, Michael and Wang, Weihang}, year = {2022}, month = {May}, booktitle = {Proceedings of the 2022 IEEE Symposium on Security and Privacy}, series = {S\&P 2022}, pages = {1101--1101}, numpages = {16}, publisher = {IEEE Computer Society}, issn = {2375-1207}, url = {https://doi.org/10.1109/SP46214.2022.00064}, doi = {10.1109/SP46214.2022.00064}, }

An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases. 2021.
Aaron Hilbig, Daniel Lehmann, Michael Pradel.
In Proceedings of the Web Conference 2021 (WWW '21).
[paper] [dataset and code] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Hilbig2021WasmBench, title = {An Empirical Study of Real-World WebAssembly Binaries: Security, Languages, Use Cases}, author = {Hilbig, Aaron and Lehmann, Daniel and Pradel, Michael}, year = {2021}, month = {April}, booktitle = {Proceedings of the Web Conference 2021}, series = {WWW '21}, pages = {2696--2696}, numpages = {13}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45038312-7}, url = {https://doi.org/10.1145/3442381.3450138}, doi = {10.1145/3442381.3450138}, }

Everything Old is New Again: Binary Security of WebAssembly. 2020.
Daniel Lehmann, Johannes Kinder, Michael Pradel.
In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20).
[paper] [conference website] [video] [slides] [code and data] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2020WasmBinarySecurity, title = {Everything Old is New Again: Binary Security of WebAssembly}, author = {Lehmann, Daniel and Kinder, Johannes and Pradel, Michael}, year = {2020}, month = {August}, booktitle = {Proceedings of the 29th USENIX Security Symposium}, series = {USENIX Security 20}, pages = {217--217}, numpages = {18}, publisher = {USENIX Association}, isbn = {978-1-939133-17-5}, url = {https://www.usenix.org/conference/usenixsecurity20/presentation/lehmann}, }

Differential Regression Testing for REST APIs. 2020.
Patrice Godefroid, Daniel Lehmann, Marina Polishchuk.
In Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '20).
[paper] [Microsoft blog post] [tool source code] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Godefroid2020DifferentialRESTler, title = {Differential Regression Testing for REST APIs}, author = {Godefroid, Patrice and Lehmann, Daniel and Polishchuk, Marina}, year = {2020}, month = {July}, booktitle = {Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '20}, pages = {312--312}, numpages = {12}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45038008-9}, url = {https://doi.org/10.1145/3395363.3397374}, doi = {10.1145/3395363.3397374}, }

Interactive Metamorphic Testing of Debuggers. 2019.
Sandro Tolksdorf, Daniel Lehmann, Michael Pradel.
In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA '19).
[paper] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Tolksdorf2019MetamorphicDebuggerTesting, title = {Interactive Metamorphic Testing of Debuggers}, author = {Tolksdorf, Sandro and Lehmann, Daniel and Pradel, Michael}, year = {2019}, month = {July}, booktitle = {Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis}, series = {ISSTA '19}, location = {Beijing, China}, pages = {273--273}, numpages = {11}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45036224-5}, url = {https://doi.org/10.1145/3293882.3330567}, doi = {10.1145/3293882.3330567}, }

Wasabi: A Framework for Dynamically Analyzing WebAssembly. 2019.
Daniel Lehmann and Michael Pradel.
In Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS '19).
Won a best paper award.
[paper] [slides] [code] [project website] [short news in Linux Magazin] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2019Wasabi, title = {Wasabi: A Framework for Dynamically Analyzing WebAssembly}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2019}, month = {April}, booktitle = {Proceedings of the Twenty-Fourth International Conference on Architectural Support for Programming Languages and Operating Systems}, series = {ASPLOS '19}, location = {Providence, RI, USA}, pages = {1045--1045}, numpages = {14}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45036240-5}, url = {https://doi.org/10.1145/3297858.3304068}, doi = {10.1145/3297858.3304068}, }

Feedback-Directed Differential Testing of Interactive Debuggers. 2018.
Daniel Lehmann and Michael Pradel.
In Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2018).
[paper] [code] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2018DifferentialDebuggerTesting, title = {Feedback-Directed Differential Testing of Interactive Debuggers}, author = {Lehmann, Daniel and Pradel, Michael}, year = {2018}, month = {October}, booktitle = {Proceedings of the 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering}, series = {ESEC/FSE 2018}, location = {Lake Buena Vista, FL, USA}, pages = {610--610}, numpages = {11}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45035573-5}, url = {https://doi.org/10.1145/3236024.3236037}, doi = {10.1145/3236024.3236037}, }

Automatic Testing of Interactive JavaScript Debuggers. 2017.
Daniel Lehmann.
In Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity (SPLASH Companion 2017).
2^nd place in the ACM Student Research Competition, graduate category.
[poster] [DOI] [show bibtex] Copy to Clipboard@inproceedings{Lehmann2017AutomaticDebuggerTesting, title = {Automatic Testing of Interactive JavaScript Debuggers}, author = {Lehmann, Daniel}, year = {2017}, month = {October}, booktitle = {Proceedings Companion of the 2017 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity}, series = {SPLASH Companion 2017}, location = {Vancouver, BC, Canada}, pages = {24--24}, numpages = {3}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, isbn = {978-1-45035514-8}, url = {https://doi.org/10.1145/3135932.3135945}, doi = {10.1145/3135932.3135945}, }

Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. 2014.
Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, Fabian Monrose.
In Proceedings of the 23rd USENIX Security Symposium (USENIX Security 14).
[paper] [conference website] [Microsoft EMET 5.1 release notes] [show bibtex] Copy to Clipboard@inproceedings{Davi2014Stitching, title = {Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection}, author = {Davi, Lucas and Sadeghi, Ahmad-Reza and Lehmann, Daniel and Monrose, Fabian}, year = {2014}, month = {August}, booktitle = {Proceedings of the 23rd USENIX Security Symposium}, series = {USENIX Security 14}, pages = {401--401}, numpages = {16}, publisher = {USENIX Association}, isbn = {978-1-931971-15-7}, url = {https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/davi}, }

Technical Reports, Other Work↑ up

Fuzzm: Finding Memory Bugs through Binary-Only Instrumentation and Fuzzing of WebAssembly. 2021.
Daniel Lehmann, Martin Toldam Torp, Michael Pradel.
arXiv 2110.15433.
[paper] [tool source code]

Invited Talks, Tutorials, etc.↑ up

How Is The Sausage Made? A Whirlwind Tour of V8, Real-World JIT-Compilers, and Their Trade-Offs. Daniel Lehmann.
Invited talk / guest lecture at University of Mainz and University of Stuttgart. January and February 2024.

Everything Old is New Again: Binary Security of WebAssembly. Daniel Lehmann.
Longer technical talk about our USENIX Security 2020 paper. Given in slightly adapted versions at:

• Harvard University, in the PL seminar. March 2, 2022.
• Northeastern University. December 14, 2021.
• CISPA Helmholtz Center for Information Security. August 9, 2021.
• Igalia. February 9, 2021.
• Google Chrome Security team. December 16, 2020.
• OWASP Los Angeles meetup. November 25, 2020.
  A recording of this talk is available on YouTube.
• University of California, Santa Cruz, in the Languages, Systems, and Data (LSD) seminar. October 30, 2020.

Dynamically Analyzing WebAssembly with Wasabi. Daniel Lehmann and Michael Pradel.
Half-day tutorial session at PLDI 2019 on using our framework, e.g., for extracting a call graph or in reverse engineering. Phoenix, AZ, USA. June 23, 2019.
There is an accompanying website with materials (tasks, required setup, solutions) and slides.

Differential Testing of Interactive Debuggers. Daniel Lehmann.
Technical talk about our ESEC/FSE 2018 paper. Given at:

• University of Pennsylvania in the Distributed Systems Laboratory seminar. June 18, 2018.
• Dagstuhl Seminar 17502: Testing and Verification of Compilers. December 12, 2017.
  Dagstuhl report.

The Beast is in Your Memory: Return-Oriented Programming Attacks Against Modern Control-Flow Integrity Protection Techniques. Daniel Lehmann and Ahmad-Reza Sadeghi.
At Black Hat Briefings USA. August 6, 2014.
Talk and live demo of an exploit against Microsoft Enhanced Mitigation Experience Toolkit (EMET), which was subsequently fixed by Microsoft. Based on my bachelor thesis work.
Recording on YouTube.