Dominik Winterer: Home

Dominik Winterer

Incoming Lecturer (Assistant Professor)
Formal Methods Engineering Lab
Systems and Software Security Group
Department of Computer Science
University of Manchester, United Kingdom
Email: dominik.winterer@inf.ethz.ch
domwinterer@gmail.com

I am hiring! Looking for PhD students 👩‍🎓👨‍🎓, interns 👩‍💻👨‍💻, and visitors 🧳🧑‍🤝‍🧑 to join the Formal Methods Engineering Lab

About

I am an incoming Lecturer (Assistant Professor) at the University of Manchester starting September 2025, where I will lead the Formal Methods Engineering Lab. I completed my Ph.D. and PostDoc at ETH Zurich, and before that, my MSc at the University of Freiburg in Germany. I also did research internships at the Automated Reasoning Group at AWS and at IBM Research in the United States.

My research aims to establish Formal Methods Engineering—a new discipline focused on making Formal Methods, mathematically rigorous methods for bug prevention, more practical and widely adopted. As a first step, I led one of the largest academic bug-hunting campaigns to date, uncovering over 1,800 bugs and enabling more than 1,300 fixes in SMT solvers, which are foundational tools in Formal Methods.

News

May 2025 🎉 I am joining the University of Manchester as a Lecturer (Assistant Professor) in September. I’ll be leading the Formal Methods Engineering Lab. I’m hiring!
Mar 2025 Excited to be on the Program Committee of FUZZING ‘25!
Feb 2025 Excited to be on the Program Committee of ASE ‘25!
Jan 2025 Excited to be on the Program Committee of CAV ‘25!
Dec 2024 Excited to be co-organizing the SMT Competition ‘25!
Nov 2024 Started my PostDoc in the Automated Reasoning & Verification group headed by Prof. Michalis Kokologiannakis!
Oct 2024 Released enumerative testing tool ET v1.0.0!
Sep 2024 Invited to give a talk in the SI Seminar Series at USI Lugano on Feb 27, 2025

Dissertation

Solidifying Modern SMT Solvers

Satisfiability Modulo Theory (SMT) solvers are among the most powerful and mature formal methods. They are foundational in software research and industry—for example, AWS uses them to verify cloud services. SMT solvers solve NP-hard problems and build trust through proof, making correctness and performance crucial, especially in safety- and security-critical domains. Though long trusted, SMT solvers’ reliability had not been thoroughly tested. This thesis challenges that trust through five approaches to improve solver correctness and performance The first, Semantic Fusion, validates SMT solver correctness and revealed dozens of soundness bugs in Z3 and CVC4. Next, Type-Aware Operator Mutation, a simple but highly effective method, uncovered 1,254 bugs, including soundness bugs across nearly all theories. To improve upon this, Generative Type-Aware Mutation found 322 more bugs, including long-standing ones in CVC4. Janus targets incompleteness bugs, while Grammar-based Enumeration (ET) tackles correctness and performance. ET also helps track SMT solver evolution. Across five years, we found 1,825 unique bugs (483 soundness), with 1,333 fixed. This thesis has advanced the hardening of formal methods.

Research Projects

Project Yin-Yang for SMT Solver Testing

Satisfiability Modulo Theory (SMT) solvers are foundational tools for many subareas of computer science, including formal verification, programming languages, and software engineering. Their reliability and robustness are crucial, especially for the safety-critical domains. However, effectively validating SMT solvers has been a longstanding challenge. The goal of Project Yin-Yang is to develop novel, effective, practical methods and techniques to help make SMT solvers more reliable, powerful, and usable.

[Z3/CVC4/5 Bugs: 1,677 (total) / 1,244(fixed)]
[Reports: YinYang, OpFuzz,TypeFuzz, Janus]

Enumerative Testing

The enumerative testing framework ET exhaustively enumerates test cases based on a context-free grammar. It will generate small test cases first exploiting the small-scope hypothesis which states that “most bugs in software trigger on small inputs”. Testing with small test cases has many unique benefits: tiny bug triggers, bounded guarantees, the ability to measure the evolution of a software.

Selected Publications

Validating SMT Solvers for Correctness and Performance via Grammar-based Enumeration
Dominik Winterer, Zhendong Su
In Proceedings of SPLASH/OOPSLA 2024

⭐ Bounded Validation of the SMT Solvers Z3 and cvc5
Finding and Understanding Incompleteness Bugs in SMT Solvers
Mauro Bringolf, Dominik Winterer, Zhendong Su
In Proceedings of ASE 2022 [slides / tool]
Generative Type-Aware Mutation for Testing SMT Solvers
Jiwon Park^*, Dominik Winterer^*, Chengyu Zhang, Zhendong Su
In Proceedings of SPLASH/OOPSLA 2021 [slides / video abstract]
^* Both authors contributed equally.
On the Unusual Effectiveness of Type-Aware Mutations for Testing SMT Solvers
Dominik Winterer^*, Chengyu Zhang^*, Zhendong Su
In Proceedings of SPLASH/OOPSLA 2020 [slides / video abstract]
^* Both authors contributed equally.

⭐ 1,000+ bugs in the SMT Solvers Z3 and CVC4
Validating SMT Solvers via Semantic Fusion
Dominik Winterer^*, Chengyu Zhang^*, Zhendong Su
In Proceedings of PLDI 2020 [slides / video abstract]
^* Both authors contributed equally.

🏆 ACM Distinguished Paper Award
⭐ Invited to ACM TOPLAS Special Issue

Awards and Grants

Heidelberg Laureate Forum 2022
Amazon Research Award Fall 2021 (Co-PI)
Google Open Source Peers Bonus 2021 (for yinyang)
Invited to ACM TOPLAS Special Issue
ACM Distinguished Paper Award (PLDI '20)
IJCAI '16 Travel Grant Award

Supervised Students

Pasquale Jordan (MSc. thesis, completed)
Andrei Zhukov (Practical work, completed)
Thea Kjeldsmark (Intern, completed)
Lu Maltsis (BSc. thesis, completed)
Violet Szabo; (Intern, external thesis, completed)
- POPL '24 SRC paper
- first author on work on compilation hardness of PLs [preprint]
Marc Andriu Carigiet (BSc. thesis, completed)
Michael Mörschell (BSc. thesis, completed) → MSc. student @ETH Zurich
Jiwon Park (BSc. thesis + Internship, completed) → Ph.D. student @UC Berkeley
- 2nd place@FSE '21 SRC
- Co-first author of OOPSLA '21 paper
Mauro Bringolf (MSc. thesis, completed) → Software Engineer @ ~~University of St. Gallen~~ Digitec
- First author of ASE'22 paper
Dylan J Wolff (MSc. thesis, completed) → Ph.D. student @National University of Singapore
- POPL '21 SRC paper
Altin Alickaj (Practical work, completed) → Oracle labs

Invited Talks

Formal Methods Engineering: Toward Reliable Software Engineering
MPI-SP Sparkling Series, Apr 2025
USI Lugano Software Seminar Series, Feb 2025
Solidifying SMT Solvers through Automated Testing Techniques
Harvard PL Seminar, Mar 2024
UPenn, PLClub, Feb 2024
UC Berkeley, Programming Systems Seminar, Jan 2024
Directed Testing of a String Solver
Amazon Webservices, Feb 2024
Finding 1,700+ Bugs in the SMT Solvers Z3 and CVC5
UCSC LSD Seminar (virtual), Feb 2023
USC Software Seminar (virtual), Nov 2022
KIT Research Seminar Formal Methods, Sep 2022
Paderborn University, Jun 2022
CEA List at Paris Saclay (virtual), Feb 2021

Service

Artifact Evaluation Co-Chair: ISSTA 2024
Co-organizer of SMT-COMP (since 2025)
PC Member: CAV' 25, ASE '25, ICSE 2024 (Demo track), AAAI '20, AAAI '21, SYNASC '22, MET '23
Journal Reviewer: TOSEM '24, JAIR '17, TSE '21
Reviewer/Judge Student Research Competition: OOPSLA '21
Artifact Evaluation Committee Member: ISSTA '21, POPL '21, PLDI '22
SIGPLAN-M Longterm mentoring (since Oct 2021)

Teaching

@ETH Zurich

Algorithms and Data structures, Spring 2024
Formal Methods and Functional Programming, Spring 2022
Software Engineering, Spring 2021 (Head TA)
Data Modelling and Databases, Spring 2020, 2023
Research Topics in Software Engineering, Spring 2020, 2021, 2022, Fall 2020
Compiler Design, Fall 2019, 2020, 2021 (Head TA)

@University of Konstanz

Decision Procedures, Fall 2018
Software Engineering, Fall 2018

@University of Freiburg

Model Checking, Fall 2016
Theoretical Computer Science, Fall 2016