James Davis, PhD

James Davis, PhD

Assistant Professor, ECE@Purdue

Publications

Here are the publications to which I have contributed. To see them organized approximately by project, see here.

Peer-reviewed conference papers, full and short

  1. PeaTMOSS: A Dataset and Initial Analysis of Pre-Trained Models in Open-Source Software.
    Jiang, Yasmin, Jones, Synovic, Kuo, Bielanski, Tian, Thiruvathukal, and Davis.
    Proceedings of the 21st Annual Conference on Mining Software Repositories (MSR’24) 2024.
  2. An Interview Study on Third-Party Cyber Threat Hunting Processes in the U.S. Department of Homeland Security.
    Maxam and Davis.
    Proceedings of the 33rd USENIX Security Symposium (SECURITY’24) 2024.
  3. An Exploratory Study on Upper-Level Computing Students’ Use of Large Language Models as Tools in a Semester-Long Project.
    Tanay, Arinze, Joshi, Davis, and Davis.
    Annual Conference of the American Society for Engineering Education (ASEE’24) 2024.
  4. Introducing Systems Thinking as a Framework for Teaching and Assessing Threat Modeling Competency.
    Joshi, Mukherjee, Davis, and Davis.
    Annual Conference of the American Society for Engineering Education (ASEE’24) 2024.
  5. Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors.
    Schorlemmer, Kalu, Chigges, Ko, Ishgair, Bagchi, Torres-Arias, and Davis.
    Proceedings of the 45th IEEE Symposium on Security and Privacy (S&P’24) 2024.
  6. On the Contents and Utility of IoT Cybersecurity Guidelines.
    Chen, Anandayuvaraj, Davis, and Rahaman.
    Proceedings of the ACM on Software Engineering (PACMSE), Issue FSE 2024 (FSE’24) 2024.
  7. Improving Developers’ Understanding of Regex Denial of Service Tools through Anti-Patterns and Fix Strategies.
    Hassan, Aamir, Lee, Davis, and Servant.
    Proceedings of the 44th IEEE Symposium on Security and Privacy (S&P’23) 2023.
  8. PTMTorrent: A Dataset for Mining Open-source Pre-trained Model Packages.
    Jiang, Synovic, Jajal, Schorlemmer, Tewari, Pareek, Thiruvathukal, and Davis.
    Proceedings of the 20th Annual Conference on Mining Software Repositories — Data and Tool Showcase Track (MSR-Data’23) 2023.
  9. An Empirical Study of Pre-Trained Model Reuse in the Hugging Face Deep Learning Model Registry.
    Jiang, Synovic, Hyatt, Schorlemmer, Sethi, Lu, Thiruvathukal, and Davis.
    Proceedings of the ACM/IEEE 45th International Conference on Sofjtware Engineering (ICSE) 2023.
  10. Towards Rehosting Embedded Applications as Linux Applications.
    Srinivasan, Tanksalkar, Amusuo, Davis, and Machiry.
    Proceedings of the 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks — Disrupt track (DSN-Disrupt) 2023.
  11. Towards Automated Identification of Layering Violations in Embedded Applications (WIP).
    Shen, Davis, and Machiry.
    Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems (LCTES) 2023.
  12. Reusing Deep Learning Models: Challenges and Directions in Software Engineering.
    Davis, Jajal, Jiang, Schorlemmer, Synovic, and Thiruvathukal.
    Proceedings of the IEEE John Vincent Atanasoff Symposium on Modern Computing (JVA’23) 2023.
  13. Systematically Detecting Packet Validation Vulnerabilities in Embedded Network Stacks.
    Amusuo, Méndez, Xu, Machiry, and Davis.
    Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE’23) 2023.
  14. Reflecting on the use of the Policy-Process-Product Theory in Empirical Software Engineering.
    Kalu, Schorlemmer, Chen, Robinson, Kocinare, and Davis.
    Proceedings of the 31st ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Ideas, Visions, and Reflections track (ESEC/FSE-IVR) 2023.
  15. Efficient Computer Vision on Edge Devices with Pipeline-Parallel Hierarchical Neural Network.
    Goel, Tung, Hu, Thiruvathukal, Davis, and Lu.
    Proceedings of the 27th Asia and South Pacific Design Automation Conference (ASP-DAC) 2022.
  16. Exploiting Input Sanitization for Regex Denial of Service.
    Barlas, Du, and Davis.
    Proceedings of the ACM/IEEE 44th International Conference on Software Engineering (ICSE) 2022.
  17. An Empirical Study on the Impact of Parameters on Mobile App Energy Usage.
    Xu, Davis, Hu, and Jindal.
    Proceedings of the 29th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) 2022.
  18. Directed Acyclic Graph-based Neural Networks for Tunable Low-Power Computer Vision.
    Goel, Tung, Eliopoulos, Hu, Thiruvathukal, Davis, and Lu.
    ACM/IEEE International Symposium on Low Power Electronics and Design (ISLPED) 2022.
  19. Reflecting on Recurring Failures in IoT Development.
    Anandayuvaraj and Davis.
    Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering: New Ideas and Emerging Results track (ASE-NIER) 2022.
  20. Discrepancies among Pre-trained Deep Neural Networks: A New Threat to Model Zoo Reliability.
    Montes, Peerapatanapokin, Schultz, Guo, Jiang, and Davis.
    Proceedings of the 30th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Ideas, Visions, and Reflections track (ESEC/FSE-IVR) 2022.
  21. Reflections on Software Failure Analysis.
    Amusuo, Sharma, Rao, Vincent, and Davis.
    Proceedings of the 30th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Ideas, Visions, and Reflections track (ESEC/FSE-IVR) 2022.
  22. Using Selective Memoization to Defeat Regular Expression Denial of Service (ReDoS).
    Davis, Servant, and Lee.
    IEEE Security & Privacy (S&P’21) 2021.
  23. Low-Power Multi-Camera Object Re-Identication using Hierarchical Neural Networks.
    Goel, Tung, Hu, Wang, Davis, Thiruvathukal, and Lu.
    ACM/IEEE International Symposium on Low Power Electronics and Design (ISLPED) 2021.
  24. A Principled Approach to GraphQL Query Cost Analysis.
    Cha, Wittern, Baudart, Davis, Mandel, and Laredo.
    Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020.
    Best Paper Award
  25. Improving Reproducibility of Data Science Pipelines through Transparent Provenance Capture.
    Rupprecht, Davis, Arnold, Gur, and Bhagwat.
    Proceedings of the 46th International Conference on Very Large Databases: Industry track (VLDB-Industry) 2020.
  26. EdgeWise: A Better Stream Processing Engine for the Edge.
    Fu, Ghaffar, Davis, and Lee.
    Proceedings of the 2019 USENIX Annual Technical Conference (USENIX ATC) 2019.
  27. Why Aren’t Regular Expressions a Lingua Franca? An Empirical Study on the Re-use and Portability of Regular Expressions.
    Davis, Michael, Coghlan, Servant, and Lee.
    Proceedings of the 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2019.
  28. An Empirical Study of GraphQL Schemas.
    Wittern, Cha, Davis, Baudart, and Mandel.
    Proceedings of the 17th International Conference on Service-Oriented Computing (ICSOC) 2019.
  29. Regexes are Hard: Decision-making, Difficulties, and Risks in Programming Regular Expressions.
    Michael, Donohue, Davis, Lee, and Servant.
    Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2019.
    Best Paper Award
  30. Testing Regex Generalizability And Its Implications: A Large-Scale Many-Language Measurement Study.
    Davis, Moyer, Kazerouni, and Lee.
    Proceedings of the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2019.
  31. A Sense of Time for JavaScript and Node.js: First-Class Timeouts as a Cure for Event Handler Poisoning.
    Davis, Williamson, and Lee.
    Proceedings of the 27th USENIX Security Symposium (SECURITY’18) 2018.
  32. The Impact of Regular Expression Denial of Service (REDOS) in Practice: an Empirical Study at the Ecosystem Scale.
    Davis, Coghlan, Servant, and Lee.
    Proceedings of the 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2018.
    Best Paper Award
  33. Node.fz: Fuzzing the server-side event-driven architecture.
    Davis, Thekumparampil, and Lee.
    Proceedings of the European Conference on Computer Systems (EuroSys) 2017.

Peer-reviewed journal papers

  1. Evolution of Winning Solutions in the 2021 Low-Power Computer Vision Challenge.
    Hu, Jiao, Kocher, Wu, Liu, Davis, Thiruvathukal, and Lu.
    IEEE Computer 2023.
  2. Tree-based Unidirectional Neural Networks for Low-Power Computer Vision.
    Goel, Tung, Eliopoulos, Wang, Davis, Thiruvathukal, and Lu.
    IEEE Design & Test 2022.
  3. Applying Experiential Learning Theory to Understand Study Abroad Leaders’ Experiences Using Real-Time Perspectives.
    Davis, Deters, Ozkan, Davis, and Murzi.
    Frontiers: The Interdisciplinary Journal of Study Abroad 2022.
  4. A Fine-grained Data Set and Analysis of Tangling in Bug Fixing Commits.
    Herbold, Trautsch, Ledel, Aghamohammadi, Ghaleb, Chahal, Bossenmaier, Nagaria, Makedonski, Nili Ahmadabadi, Szabados, Spieker, Madeja, Hoy, Lenarduzzi, Wang, Rodríguez-Pérez, Colomo-Palacios, Verdecchia, Singh, Qin, Chakroborti, Davis, Walunj, Wu, Marcilio, Alam, Aldaeej, Amit, Turhan, Eismann, Wickert, Malavolta, Sulír, Fard, Henley, Kourtzanidis, Tuzun, Treude, Shamasbi, Pashchenko, Wyrich, Davis, Serebrenik, Albrecht, Aktas, Strüber, and Erbel.
    Empirical Software Engineering (EMSE) (also presented at ICSE’22-JournalFirst) 2021.
  5. Fast and Accurate Incremental Feedback for Students’ Software Tests Using Selective Mutation Analysis.
    Kazerouni, Davis, Basak, Shaffer, Servant, and Edwards.
    Journal of Systems and Software (JSS) 2021.
  6. Expectations and Experiences of Short-Term Study Abroad Leadership Teams.
    Ozkan, Davis, Davis, James, Murzi, and Knight.
    Journal of International Engineering Education (JIEE) 2020.

Peer-reviewed workshop papers

  1. An Empirical Study on Using Large Language Models to Analyze Software Supply Chain Security Failures.
    Singla, Anandayuvaraj, Kalu, Schorlemmer, and Davis.
    Proceedings of the 2nd ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) 2023.
  2. Incorporating Failure Knowledge into Design Decisions for IoT Systems: A Controlled Experiment on Novices.
    Anandayuvaraj, Thulluri, Figueroa, Shandilya, and Davis.
    5th International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT 2023) 2023.
  3. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties.
    Okafor, Schorlemmer, Torres-Arias, and Davis.
    Proceedings of the 1st ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) 2022.
  4. An Empirical Study of Artifacts and Security Practices in the Pre-trained Model Supply Chain.
    Jiang, Synovic, Sethi, Indarapu, Hyatt, Schorlemmer, Thiruvathukal, and Davis.
    Proceedings of the 1st ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses (SCORED) 2022.
  5. Snapshot Metrics Are Not Enough: Analyzing Software Repositories with Longitudinal Metrics.
    Synovic, Hyatt, Sethi, Thota, Shilpika, Miller, Jiang, Pinderski, Läufer, Hayward, Klingensmith, Davis, and Thiruvathukal.
    Proceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering: Demonstrations track (ASE-Demonstrations) 2022.
  6. “If security is required”: Engineering and Security Practices for Machine Learning-based IoT Devices.
    Gopalakrishna, Anandayuvaraj, Detti, Bland, Rahaman, and Davis.
    Proceedings of the 4th International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT) 2022.
  7. Experience Paper: A First Offering of Software Engineering.
    Davis, Amusuo, and Bushagour.
    Proceedings of the 1st International Workshop on Designing and Running Project-Based Courses in Software Engineering Education (DREE) 2022.
  8. A Replication of ‘DeepBugs: A Learning Approach to Name-based Bug Detection’.
    Winkler, Agarwal, Tung, Ugalde, Jung, and Davis.
    Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering: Artifacts Track (ESEC/FSE-Artifacts) 2021.
  9. Ursprung: Provenance for Large-Scale Analytics Environments.
    Rupprecht, Davis, Lubbock, Tyson, and Bhagwat.
    Proceedings of the 2019 International Conference on Management of Data: Demonstrations track (SIGMOD-Demonstrations) 2019.
  10. The case of the poisoned event handler: Weaknesses in the Node.js event-driven architecture.
    Davis, Kildow, and Lee.
    Proceedings of the 10th European Workshop on Systems Security (EuroSec) 2017.

Technical reports

  1. Naming Practices of Pre-Trained Models in Hugging Face.
    Jiang, Cheung, Kim, Kim, Thiruvathukal, and Davis.
    arXiv 2024.
  2. Analysis of Failures and Risks in Deep Learning Model Converters: A Case Study in the ONNX Ecosystem.
    Jajal, Jiang, Tewari, Woo, Lu, Thiruvathukal, and Davis.
    arXiv 2024.
  3. Preventing Supply Chain Vulnerabilities in Java with a Fine-Grained Permission Manager.
    Amusuo, Robinson, Torres-Arias, Simon, and Davis.
    arXiv 2023.
  4. An Empirical Study on the Use of Static Analysis Tools in Open Source Embedded Software.
    Shen, Pillai, Yuan, Davis, and Machiry.
    arXiv 2023.
  5. An Exploratory Empirical Study of Trust & Safety Engineering in Open-Source Social Media Platforms.
    Cramer, Maxam, Li, and Davis.
    arXiv 2023.
  6. Challenges and Practices of Deep Learning Model Reengineering: A Case Study on Computer Vision.
    Jiang, Banna, Vivek, Goel, Synovic, Thiruvathukal, and Davis.
    arXiv 2023.
  7. An Experience Report on Machine Learning Reproducibility: Guidance for Practitioners and TensorFlow Model Garden Contributors.
    Banna, Chinnakotla, Yan, Vegesana, Vivek, Krishnappa, Jiang, Lu, Thiruvathukal, and Davis.
    arXiv 2021.

US patents

  1. Injection of simulated hardware failure(s) in a file system for establishing file system tolerance-to-storage-failure(s).
    Davis and Davis.
    US patent, held by IBM 2021.
  2. Performing hierarchical provenance collection.
    Davis, Rupprecht, Bhagwat, Arnold, and Sawdon.
    US patent, held by IBM 2021.
  3. Verification of the Integrity of Data Files Stored in Copy-on-Write (CoW) Based File System Snapshots.
    Davis and Davis.
    US patent, held by IBM 2021.
  4. Determining a validity of an event emitter based on a rule.
    Davis and Davis.
    US patent application 2021.
  5. Testing of lock managers in computing environments.
    Davis and Davis.
    US patent, held by IBM 2020.
  6. File metadata verification in a distributed file system.
    Davis and Davis.
    US patent, held by IBM 2020.
  7. Detection of file corruption in a distributed file system.
    Davis, Davis, and Knop.
    US patent, held by IBM 2018.

Posters

  1. A First Look at the General Data Protection Regulation (GDPR) in Open-Source Software.
    Franke, Liang, Brantly, Davis, and Brown.
    Proceedings of the ACM/IEEE 46th International Conference on Software Engineering – Poster Track (ICSE-Poster) 2024.
  2. Establishing Trust in Vehicle-to-Vehicle Coordination: A Sensor Fusion Approach.
    Veselsky, West, Ahlgren, Goel, Jiang, Lee, Kim, Davis, Thiruvathukal, and Klingensmith.
    Proceedings of the 23rd Annual International Workshop on Mobile Computing Systems and Application (HotMobile) 2022.
  3. An Intercultural Engineering Module for Software Engineers.
    Hornbrook and Davis.
    2021 Annual Colloquium for International Engineering Education (ACIEE) 2021.
  4. Exemplars for Machine Learning: Towards Software Engineering & Reproducibility.
    Vivek, Chinnakotla, Banna, Vegesana, Yan, Davis, Lu, and Thiruvathukal.
    SIAM Conference on Computational Science and Engineering (CSE) 2020.

Dissertations and theses

  1. A Quantitative Comparison of Pre-Trained Model Registries to Traditional Software Package Registries.
    Jones.
    MSc, Electrical & Computer Engineering, Purdue University 2024.
  2. Software Supply Chain Security: Attacks, Defenses, and the Adoption of Signatures.
    Schorlemmer.
    MSc, Electrical & Computer Engineering, Purdue University 2024.
  3. An Empirical Study of Trust & Safety Engineering in Open-Source Social Media Platforms.
    Cramer.
    MSc, Electrical & Computer Engineering, Purdue University 2023.
  4. Discovering U.S. Government Threat Hunting Processes and Improvements.
    Maxam.
    MSc, Electrical & Computer Engineering, Purdue University 2023.
  5. On the Impact and Defeat of Regular Expression Denial of Service.
    Davis.
    PhD, Computer Science, Virginia Tech 2020.